Verified compilation of linearizable data structures: mechanizing rely guarantee for semantic refinement

Compiling concurrent and managed languages involves implementing sophisticated interactions between client code and the runtime system. An emblematic runtime service, whose implementation is particularly error-prone, is concurrent garbage collection. In a recent work [31], we implement an on-the-fly concurrent garbage collector, and formally prove its functional correctness in the Coq proof assistant. The garbage collector is implemented in a compiler intermediate representation featuring abstract concurrent data structures. The present paper extends this work by considering the concrete implementation of some of these abstract concurrent data structures. We formalize, in the Coq proof assistant, a theorem establishing the semantic correctness of a compiling pass which translates abstract, atomic data structures into their concrete, fine-grained concurrent implementations. At the crux of the proof lies a generic result establishing once and for all a simulation relation, starting from a carefully crafted rely-guarantee specification. Inspired by the work of Vafeiadis [28], implementations are annotated with linearization points. Semantically, this instrumentation reflects the behavior of abstract data structures.

[1]  D. M. Hutton,et al.  The Art of Multiprocessor Programming , 2008 .

[2]  Serdar Tasiran,et al.  Automated and Modular Refinement Reasoning for Concurrent Programs , 2015, CAV.

[3]  Erez Petrank,et al.  Automated verification of practical garbage collectors , 2009, POPL '09.

[4]  Xinyu Feng,et al.  On the Relationship Between Concurrent Separation Logic and Assume-Guarantee Reasoning , 2007, ESOP.

[5]  Jan Vitek,et al.  Accurate garbage collection in uncooperative environments revisited , 2009, Concurr. Comput. Pract. Exp..

[6]  Klaus Havelund Mechanical Verification of a Garbage Collector , 1999, IPPS/SPDP Workshops.

[7]  Xinyu Feng,et al.  Rely-Guarantee-Based Simulation for Compositional Verification of Concurrent Program Transformations , 2014, ACM Trans. Program. Lang. Syst..

[8]  David Cachera,et al.  Compilation of Linearizable Data Structures , 2017 .

[9]  David M. Russinoff A mechanically verified incremental garbage collector , 1994, Formal Aspects of Computing.

[10]  Peter W. O'Hearn,et al.  Abstraction for concurrent objects , 2009, Theor. Comput. Sci..

[11]  Jan Vitek,et al.  Verifying a Concurrent Garbage Collector Using a Rely-Guarantee Methodology , 2017, ITP.

[12]  Viktor Vafeiadis,et al.  A Marriage of Rely/Guarantee and Separation Logic , 2007, CONCUR.

[13]  Jan Vitek,et al.  Atomicity Refinement for Verified Compilation , 2014, ACM Trans. Program. Lang. Syst..

[14]  Xavier Leroy,et al.  Closing the Gap – The Formally Verified Optimizing Compiler CompCert , 2017 .

[15]  Nir Shavit,et al.  A scalable lock-free stack algorithm , 2004, SPAA '04.

[16]  John Derrick,et al.  Verifying Linearisability , 2015, ACM Comput. Surv..

[17]  Kai Engelhardt,et al.  Relaxing safely: verified on-the-fly garbage collection for x86-TSO , 2015, PLDI.

[18]  Maurice Herlihy,et al.  Linearizability: a correctness condition for concurrent objects , 1990, TOPL.

[19]  Natarajan Shankar,et al.  A Mechanized Refinement Proof for a Garbage Collector , 1997 .

[20]  Xinyu Feng,et al.  Modular verification of linearizability with non-fixed linearization points , 2013, PLDI 2013.

[21]  Cliff B. Jones,et al.  Specification and Design of (Parallel) Programs , 1983, IFIP Congress.

[22]  Ilya Sergey,et al.  Mechanized verification of fine-grained concurrent programs , 2015, PLDI.

[23]  Fergus Henderson Accurate garbage collection in an uncooperative environment , 2002, ISMM '02.

[24]  Georges Gonthier Verifying the Safety of a Practical Concurrent Garbage Collector , 1996, CAV.

[25]  Erez Petrank,et al.  Implementing an on-the-fly garbage collector for Java , 2000, ISMM '00.

[26]  Peter W. O'Hearn,et al.  Resources, Concurrency and Local Reasoning , 2004, CONCUR.

[27]  Viktor Vafeiadis,et al.  Modular fine-grained concurrency verification , 2008 .

[28]  Xavier Leroy,et al.  A Formally Verified Compiler Back-end , 2009, Journal of Automated Reasoning.

[29]  John Derrick,et al.  Mechanically verified proof obligations for linearizability , 2011, TOPL.

[30]  Lars Birkedal,et al.  Iris: Monoids and Invariants as an Orthogonal Basis for Concurrent Reasoning , 2015, POPL.