Atomicity Refinement for Verified Compilation

We consider the verified compilation of high-level managed languages like Java or C# whose intermediate representations provide support for shared-memory synchronization and automatic memory management. Our development is framed in the context of the Total Store Order relaxed memory model. Ensuring complier correctness is challenging because high-level actions are translated into sequences of nonatomic actions with compiler-injected snippets of racy code; the behavior of this code depends not only on the actions of other threads but also on out-of-order executions performed by the processor. A naïve proof of correctness would require reasoning over all possible thread interleavings. In this article, we propose a refinement-based proof methodology that precisely relates concurrent code expressed at different abstraction levels, cognizant throughout of the relaxed memory semantics of the underlying processor. Our technique allows the compiler writer to reason compositionally about the atomicity of low-level concurrent code used to implement managed services. We illustrate our approach with examples taken from the verification of a concurrent garbage collector.

[1]  Lauretta O. Osho,et al.  Axiomatic Basis for Computer Programming , 2013 .

[2]  Maurice Herlihy,et al.  Linearizability: a correctness condition for concurrent objects , 1990, TOPL.

[3]  Serdar Tasiran,et al.  A calculus of atomic actions , 2009, POPL '09.

[4]  Cliff B. Jones,et al.  Tentative steps toward a development method for interfering programs , 1983, TOPL.

[5]  Jade Alglave,et al.  Understanding POWER multiprocessors , 2011, PLDI '11.

[6]  Viktor Vafeiadis,et al.  A Marriage of Rely/Guarantee and Separation Logic , 2007, CONCUR.

[7]  Stephen D. Brookes,et al.  Full abstraction for a shared variable parallel language , 1993, [1993] Proceedings Eighth Annual IEEE Symposium on Logic in Computer Science.

[8]  Andreas Lochbihler,et al.  Verifying a Compiler for Java Threads , 2010, ESOP.

[9]  Andrew McCreight,et al.  A certified framework for compiling and executing garbage-collected languages , 2010, ICFP '10.

[10]  Xavier Leroy,et al.  A Formally Verified Compiler Back-end , 2009, Journal of Automated Reasoning.

[11]  Sebastian Burckhardt,et al.  Concurrent Library Correctness on the TSO Memory Model , 2012, ESOP.

[12]  Daniel Kroening,et al.  Software Verification for Weak Memory via Program Transformation , 2012, ESOP.

[13]  Erez Petrank,et al.  Implementing an on-the-fly garbage collector for Java , 2000, ISMM '00.

[14]  Damien Doligez,et al.  A concurrent, generational garbage collector for a multithreaded implementation of ML , 1993, POPL '93.

[15]  Xinyu Feng,et al.  Deny-Guarantee Reasoning , 2009, ESOP.

[16]  Damien Doligez,et al.  Portable, unobtrusive garbage collection for multiprocessor systems , 1994, POPL '94.

[17]  Andrew W. Appel,et al.  Oracle Semantics for Concurrent Separation Logic , 2008, ESOP.

[18]  Peter Sewell,et al.  A Better x86 Memory Model: x86-TSO , 2009, TPHOLs.

[19]  Xinyu Feng Local rely-guarantee reasoning , 2009, POPL '09.

[20]  Peter Sewell,et al.  Mathematizing C++ concurrency , 2011, POPL '11.

[21]  Xinyu Feng,et al.  A rely-guarantee-based simulation for verifying concurrent program transformations , 2012, POPL '12.

[22]  Aaron Turon,et al.  A separation logic for refining concurrent objects , 2011, POPL '11.

[23]  David L Weaver,et al.  The SPARC architecture manual : version 9 , 1994 .

[24]  Xavier Leroy,et al.  The CompCert Memory Model, Version 2 , 2012 .

[25]  M. Hill,et al.  Weak ordering-a new definition , 1990, [1990] Proceedings. The 17th Annual International Symposium on Computer Architecture.

[26]  Tom Ridge,et al.  A Rely-Guarantee Proof System for x86-TSO , 2010, VSTTE.

[27]  Roland Meyer,et al.  Checking and Enforcing Robustness against TSO , 2013, ESOP.

[28]  Omer Subasi,et al.  Simplifying Linearizability Proofs with Reduction and Abstraction , 2010, TACAS.

[29]  Daniel Kroening,et al.  Partial Orders for Efficient Bounded Model Checking of Concurrent Software , 2013, CAV.

[30]  Suresh Jagannathan,et al.  Relaxed-memory concurrency and verified compilation , 2011, POPL '11.

[31]  Suresh Jagannathan,et al.  CompCertTSO: A Verified Compiler for Relaxed-Memory Concurrency , 2013, JACM.