Integrating Owicki–Gries for C11-Style Memory Models into Isabelle/HOL

Weak memory presents a new challenge for program verification and has resulted in the development of a variety of specialised logics. For C11-style memory models, our previous work has shown that it is possible to extend Hoare logic and Owicki-Gries reasoning to verify correctness of weak memory programs. The technique introduces a set of high-level assertions over C11 states together with a set of basic Hoare-style axioms over atomic weak memory statements (e.g., reads/writes), but retains all other standard proof obligations for compound statements. This paper takes this line of work further by showing Nipkow and Nieto's encoding of Owicki-Gries in the Isabelle theorem prover can be extended to handle C11-style weak memory models in a straightforward manner. We exemplify our techniques over several litmus tests from the literature and a non-trivial example: Peterson's algorithm adapted for C11. For the examples we consider, the proof outlines can be automatically discharged using the existing Isabelle tactics developed by Nipkow and Nieto. The benefit here is that programs can be written using a familiar pseudocode syntax with assertions embedded directly into the program.

[1]  Ori Lahav,et al.  Owicki-Gries Reasoning for Weak Memory Models , 2015, ICALP.

[2]  Ori Lahav,et al.  Strong Logic for Weak Memory: Reasoning About Release-Acquire Consistency in Iris , 2017, ECOOP.

[3]  Daniel Kroening,et al.  Partial Orders for Efficient Bounded Model Checking of Concurrent Software , 2013, CAV.

[4]  Eran Yahav,et al.  Effective Abstractions for Verification under Relaxed Memory Models , 2015, VMCAI.

[5]  Viktor Vafeiadis,et al.  Tackling Real-Life Relaxed Concurrency with FSL++ , 2017, ESOP.

[6]  Jozef Hooman,et al.  Concurrency Verification: Introduction to Compositional and Noncompositional Methods , 2001, Cambridge Tracts in Theoretical Computer Science.

[7]  Peter Müller,et al.  Viper: A Verification Infrastructure for Permission-Based Reasoning , 2016, VMCAI.

[8]  Lauretta O. Osho,et al.  Axiomatic Basis for Computer Programming , 2013 .

[9]  Leslie Lamport,et al.  How to Make a Multiprocessor Computer That Correctly Executes Multiprocess Programs , 2016, IEEE Transactions on Computers.

[10]  Ori Lahav,et al.  Verification under causally consistent shared memory , 2019, SIGL.

[11]  John Derrick,et al.  Verifying C11 programs operationally , 2018, PPoPP.

[12]  Oleg Travkin,et al.  SPIN as a Linearizability Checker under Weak Memory Models , 2013, Haifa Verification Conference.

[13]  Bertrand Jeannet,et al.  Relational interprocedural verification of concurrent programs , 2009, 2009 Seventh IEEE International Conference on Software Engineering and Formal Methods.

[14]  Brijesh Dongol,et al.  Owicki-Gries Reasoning for C11 RAR , 2020, ECOOP.

[15]  Viktor Vafeiadis,et al.  GPS: navigating weak memory with ghosts, protocols, and separation , 2014, OOPSLA.

[16]  Jeehoon Kang,et al.  A promising semantics for relaxed-memory concurrency , 2017, POPL.

[17]  Ori Lahav,et al.  A Separation Logic for a Promising Semantics , 2018, ESOP.

[18]  Tobias Nipkow,et al.  Owicki/Gries in Isabelle/HOL , 1999, FASE.

[19]  Roland Meyer,et al.  BMC with Memory Models as Modules , 2018, 2018 Formal Methods in Computer Aided Design (FMCAD).

[20]  Viktor Vafeiadis,et al.  Model checking for weakly consistent libraries , 2019, PLDI.

[21]  Peter Sewell,et al.  Mathematizing C++ concurrency , 2011, POPL '11.

[22]  Jeehoon Kang,et al.  Repairing sequential consistency in C/C++11 , 2017, PLDI.

[23]  Frank S. de Boer,et al.  Verification of Sequential and Concurrent Programs , 1997, Texts and Monographs in Computer Science.

[24]  Patrick Cousot,et al.  Ogre and Pythia: an invariance proof method for weak consistency models , 2017, POPL.

[25]  Lawrence C. Paulson,et al.  Isabelle - A Generic Theorem Prover (with a contribution by T. Nipkow) , 1994, Lecture Notes in Computer Science.

[26]  Roland Meyer,et al.  BMC for Weak Memory Models: Relation Analysis for Compact SMT Encodings , 2019, CAV.

[27]  Susan Owicki,et al.  An axiomatic proof technique for parallel programs I , 1976, Acta Informatica.

[28]  Brijesh Dongol,et al.  Towards deductive verification of C11 programs with Event-B and ProB , 2019, FTfJP@ECOOP.

[29]  Anil Madhavapeddy,et al.  Bounding data races in space and time , 2018, PLDI.

[30]  Ori Lahav,et al.  Effective stateless model checking for C/C++ concurrency , 2017, Proc. ACM Program. Lang..

[31]  Tobias Nipkow,et al.  Sledgehammer: Judgement Day , 2010, IJCAR.

[32]  Anton Podkopaev,et al.  Operational Aspects of C/C++ Concurrency , 2016, ArXiv.

[33]  Peter Müller,et al.  Automating Deductive Verification for Weak-Memory Programs , 2018, TACAS.

[34]  Viktor Vafeiadis,et al.  A Program Logic for C11 Memory Fences , 2016, VMCAI.

[35]  Parosh Aziz Abdulla,et al.  Stateless model checking for TSO and PSO , 2015, Acta Informatica.

[36]  Daniel Kroening,et al.  Software Verification for Weak Memory via Program Transformation , 2012, ESOP.

[37]  Viktor Vafeiadis,et al.  Relaxed separation logic: a program logic for C11 concurrency , 2013, OOPSLA.