Verifying Correctness of Persistent Concurrent Data Structures

Derrick, John; Doherty, Simon; Dongol, Brijesh; Schellhorn, Gerhard; Wehrheim, Heike

doi:10.1007/978-3-030-30942-8_12

Cited by 11 publications

(7 citation statements)

References 26 publications

(51 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For instance, Abdulla et al [1] have proven that state-reachability for persistent x86 is decidable, thus opening the door to automatic verification of persistent programs, and Gorjiara et al [18] and Kokologiannakis et al [25] have developed model checkers for finding bugs in persistent programs. Recent works have considered durable atomic objects such as concurrent data structures [17] and transactional memory [3] and their verification [3,14,15], which have been designed to satisfy conditions such as durable linearizability [20,24] and durable opacity [3]. These proofs assume persistency under SC; our work provides foundations for extending these proofs to persistent x86-TSO.…”

Section: Related Workmentioning

confidence: 99%

View-Based Owicki–Gries Reasoning for Persistent x86-TSO

Bila

Dongol

Lahav

et al. 2022

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

The rise of persistent memory is disrupting computing to its core. Our work aims to help programmers navigate this brave new world by providing a program logic for reasoning about x86 code that uses low-level operations such as memory accesses and fences, as well as persistency primitives such as flushes. Our logic, Pierogi, benefits from a simple underlying operational semantics based on views, is able to handle optimised flush operations, and is mechanised in the Isabelle/HOL proof assistant. We detail the proof rules of Pierogi and prove them sound. We also show how Pierogi can be used to reason about a range of challenging single- and multi-threaded persistent programs.

show abstract

Section: Related Workmentioning

confidence: 99%

View-Based Owicki–Gries Reasoning for Persistent x86-TSO

Bila

Dongol

Lahav

et al. 2022

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

show abstract

“…Both [Friedman et al 2018;Zuriel et al 2019] argue that their implementations are correct by providing an informal argument at the level of program traces. Derrick et al [2019] provided a formal correctness proof of the queue implementation by Friedman et al [2018]; this proof is also at the level of program traces. Moreover, all three of [Derrick et al 2019;Friedman et al 2018;Zuriel et al 2019] assume that the underlying memory model is sequential consistency (SC) [Lamport 1979], rather than Intel x86-TSO.…”

Section: Caveats Of Reordering Flush Opt After Later Instructions (Transformation Step 1)mentioning

confidence: 99%

“…Derrick et al [2019] provided a formal correctness proof of the queue implementation by Friedman et al [2018]; this proof is also at the level of program traces. Moreover, all three of [Derrick et al 2019;Friedman et al 2018;Zuriel et al 2019] assume that the underlying memory model is sequential consistency (SC) [Lamport 1979], rather than Intel x86-TSO. recently developed a persistent transactional library on top of the ARM architecture; they later adapted this implementation to the Px86 sim architecture.…”

Section: Caveats Of Reordering Flush Opt After Later Instructions (Transformation Step 1)mentioning

confidence: 99%

Persistent Owicki-Gries reasoning: a program logic for reasoning about persistent programs on Intel-x86

Raad

Lahav

Vafeiadis

2020

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

The advent of non-volatile memory (NVM) technologies is expected to transform how software systems are structured fundamentally, making the task of correct programming significantly harder. This is because ensuring that memory stores persist in the correct order is challenging, and requires low-level programming to flush the cache at appropriate points. This has in turn resulted in a noticeable verification gap.To address this, we study the verification of NVM programs, and present Persistent Owicki-Gries (POG), the first program logic for reasoning about such programs. We prove the soundness of POG over the recent Intel-x86 model, which formalises the out-of-order persistence of memory stores and the semantics of the Intel cache line flush instructions. We then use POG to verify several programs that interact with NVM.CCS Concepts: • Theory of computation → Concurrency; Semantics and reasoning; • Software and its engineering → General programming languages.

show abstract

“…Another line of work focuses on proving the linearizability of fine-grained concurrent data-structures subject to wholesystem crash [16,19]. Durable linearizability requires that upon a crash, only completed operations are guaranteed to remain visible.…”

Section: Applicationsmentioning

confidence: 99%

Intermittent Computing with Peripherals, Formally Verified

Berthou

Dagand²,

Demange

et al. 2020

The 21st ACM SIGPLAN/SIGBED Conference on Languages, Compilers, and Tools for Embedded Systems

View full text Add to dashboard Cite

Transiently-powered systems featuring non-volatile memory as well as external peripherals enable the development of new low-power sensor applications. However, as programmers, we are ill-equipped to reason about systems where power failures are the norm rather than the exception. A first challenge consists in being able to capture all the volatile state of the application -external peripherals includedto ensure progress. A second, more fundamental, challenge consists in specifying how power failures may interact with peripheral operations. In this paper, we propose a formal specification of intermittent computing with peripherals, an axiomatic model of interrupt-based checkpointing as well as its proof of correctness, machine-checked in the Coq proof assistant. We also illustrate our model with several systems proposed in the literature.

show abstract

Verifying Correctness of Persistent Concurrent Data Structures

Cited by 11 publications

References 26 publications

View-Based Owicki–Gries Reasoning for Persistent x86-TSO

View-Based Owicki–Gries Reasoning for Persistent x86-TSO

Persistent Owicki-Gries reasoning: a program logic for reasoning about persistent programs on Intel-x86

Intermittent Computing with Peripherals, Formally Verified

Contact Info

Product

Resources

About