tackling real life relaxed concurrency with fsl
play

Tackling Real-Life Relaxed Concurrency with FSL++ Marko Doko - PowerPoint PPT Presentation

Tackling Real-Life Relaxed Concurrency with FSL++ Marko Doko Viktor Vafeiadis Max Planck Institute for Software Systems (MPI-SWS) ESOP 2017-04-26 Weak memory memory models weaker than sequential consistency (SC) gives us better performance


  1. Tackling Real-Life Relaxed Concurrency with FSL++ Marko Doko Viktor Vafeiadis Max Planck Institute for Software Systems (MPI-SWS) ESOP 2017-04-26

  2. Weak memory memory models weaker than sequential consistency (SC) gives us better performance Logics for weak memory iCAP-TSO, OGRA, GPS, RSL, FSL Current state of verification simplified algorithms & toy examples In this talk first verification of a non-simplified real-world algorithm 1

  3. Atomic Reference Counter (ARC) part of the Rust standard library allows concurrent reads of a shared resource uses advanced weak memory primitives 2

  4. How is ARC used? ♥❡✇✭ v ✮ ❝❧♦♥❡✭✮ ❞r♦♣✭✮ ❝❧♦♥❡✭✮ ❞r♦♣✭✮ ❞r♦♣✭✮ 3

  5. How is ARC used? ♥❡✇✭ v ✮ ❝❧♦♥❡✭✮ ❞r♦♣✭✮ ❝❧♦♥❡✭✮ ❞r♦♣✭✮ ❞r♦♣✭✮ 3

  6. How is ARC used? ♥❡✇✭ v ✮ ❝❧♦♥❡✭✮ ❞r♦♣✭✮ ❝❧♦♥❡✭✮ ❞r♦♣✭✮ ❞r♦♣✭✮ 3

  7. How is ARC used? ♥❡✇✭ v ✮ ❝❧♦♥❡✭✮ ❞r♦♣✭✮ ❝❧♦♥❡✭✮ ❞r♦♣✭✮ ❞r♦♣✭✮ 3

  8. How is ARC used? ♥❡✇✭ v ✮ ❝❧♦♥❡✭✮ ❞r♦♣✭✮ ❝❧♦♥❡✭✮ ❞r♦♣✭✮ ❞r♦♣✭✮ 3

  9. How is ARC used? ♥❡✇✭ v ✮ ❝❧♦♥❡✭✮ ❞r♦♣✭✮ ❝❧♦♥❡✭✮ ❞r♦♣✭✮ ❞r♦♣✭✮ 3

  10. How is ARC used? ♥❡✇✭ v ✮ ❝❧♦♥❡✭✮ ❞r♦♣✭✮ ❝❧♦♥❡✭✮ ❞r♦♣✭✮ ❞r♦♣✭✮ 3

  11. How is ARC used? ♥❡✇✭ v ✮ ❝❧♦♥❡✭✮ ❞r♦♣✭✮ ❝❧♦♥❡✭✮ ❞r♦♣✭✮ ❞r♦♣✭✮ 3

  12. ♥❡✇✭✈✮④ ❝❧♦♥❡✭❛✮④ ❛ ❂ ❛❧❧♦❝✭✮❀ ❋❆❉❉✭❛✳❝♦✉♥t✱ ✰✶✮❀ ❛✳❞❛t❛ ❂ ✈❀ ⑥ ❛✳❝♦✉♥t ❂ ✶❀ ❞r♦♣✭❛✮④ r❡t✉r♥ ❛❀ t ❂ ❋❆❉❉✭❛✳❝♦✉♥t✱ ✲✶✮❀ ⑥ ✐❢✭t ❂❂ ✶✮④ r❡❛❞✭❛✮④ ❢r❡❡✭❛✮❀ r❡t✉r♥ ❛✳❞❛t❛❀ ⑥ ⑥ ⑥ ❋❆❉❉ ❂ ❢❡t❝❤❴❛♥❞❴❛❞❞ � � � � ARC ( a, v ) emp a ❂ ♥❡✇✭ v ✮ � � � � ARC ( a, v ) y ❂ r❡❛❞✭ a ✮ y = v ∧ ARC ( a, v ) � � � � ARC ( a, v ) ARC ( a, v ) ∗ ARC ( a, v ) ❝❧♦♥❡✭ a ✮ � � � � ARC ( a, v ) ❞r♦♣✭ a ✮ emp 4

  13. � � � � ARC ( a, v ) emp a ❂ ♥❡✇✭ v ✮ � � � � ARC ( a, v ) y ❂ r❡❛❞✭ a ✮ y = v ∧ ARC ( a, v ) � � � � ARC ( a, v ) ARC ( a, v ) ∗ ARC ( a, v ) ❝❧♦♥❡✭ a ✮ � � � � ARC ( a, v ) ❞r♦♣✭ a ✮ emp ♥❡✇✭✈✮④ ❝❧♦♥❡✭❛✮④ ❛ ❂ ❛❧❧♦❝✭✮❀ ❋❆❉❉✭❛✳❝♦✉♥t✱ ✰✶✮❀ ❛✳❞❛t❛ ❂ ✈❀ ⑥ ❛✳❝♦✉♥t ❂ ✶❀ ❞r♦♣✭❛✮④ r❡t✉r♥ ❛❀ t ❂ ❋❆❉❉✭❛✳❝♦✉♥t✱ ✲✶✮❀ ⑥ ✐❢✭t ❂❂ ✶✮④ r❡❛❞✭❛✮④ ❢r❡❡✭❛✮❀ r❡t✉r♥ ❛✳❞❛t❛❀ ⑥ ⑥ ⑥ ❋❆❉❉ ❂ ❢❡t❝❤❴❛♥❞❴❛❞❞ 4

  14. � � � � ARC ( a, v ) emp a ❂ ♥❡✇✭ v ✮ � � � � ARC ( a, v ) y ❂ r❡❛❞✭ a ✮ y = v ∧ ARC ( a, v ) � � � � ARC ( a, v ) ARC ( a, v ) ∗ ARC ( a, v ) ❝❧♦♥❡✭ a ✮ � � � � ARC ( a, v ) ❞r♦♣✭ a ✮ emp ♥❡✇✭✈✮④ ❝❧♦♥❡✭❛✮④ ❛ ❂ ❛❧❧♦❝✭✮❀ ❋❆❉❉ rlx ✭❛✳❝♦✉♥t✱ ✰✶✮❀ ❛✳❞❛t❛ ❂ ✈❀ ⑥ ❛✳❝♦✉♥t rlx ❂ ✶❀ ❞r♦♣✭❛✮④ r❡t✉r♥ ❛❀ t ❂ ❋❆❉❉ rel ✭❛✳❝♦✉♥t✱ ✲✶✮❀ ⑥ ✐❢✭t ❂❂ ✶✮④ r❡❛❞✭❛✮④ ❢❡♥❝❡ acq ❀ r❡t✉r♥ ❛✳❞❛t❛❀ ❢r❡❡✭❛✮❀ ⑥ ⑥ ⑥ ❋❆❉❉ ❂ ❢❡t❝❤❴❛♥❞❴❛❞❞ 4

  15. FSL (Fenced Separation Logic) [VMCAI ’16] ✓ supports rel , acq , and rlx accesses ✓ supports memory fences Too weak to verify ARC ✗ concurrent plain (non-atomic) reads SOLUTION : partial permissions ✗ ❢❡t❝❤❴❛♥❞❴❛❞❞ instructions SOLUTION : new rules ✗ not expressive enough SOLUTION : ghost state 5

  16. ❋❆❉❉ ❋❆❉❉ � � � � ❋❆❉❉ acq _ rel ( x, t ) 6

  17. ❋❆❉❉ ❋❆❉❉ � � � � U ( x, Q ) ∗ P ❋❆❉❉ acq _ rel ( x, t ) 6

  18. ❋❆❉❉ ❋❆❉❉ � � � � U ( x, Q ) ∗ P ❋❆❉❉ acq _ rel ( x, t ) Q : Val → Assn is invariant for x : x has value c ⇒ the invariant owns Q ( c ) 6

  19. ❋❆❉❉ ❋❆❉❉ ∀ c. Q ( c ) ⇒ R ∀ c. P ⇒ Q ( c + t ) � � � � U ( x, Q ) ∗ P ❋❆❉❉ acq _ rel ( x, t ) U ( x, Q ) ∗ R Q : Val → Assn is invariant for x : x has value c ⇒ the invariant owns Q ( c ) Updating the value of x from c to c + t : (1) get Q ( c ) out of the invariant (2) put Q ( c + t ) back into the invariant 6

  20. ❋❆❉❉ ❋❆❉❉ ∀ c. Q ( c ) ⇒ R ∗ T ∀ c. T ∗ P ⇒ Q ( c + t ) � � � � U ( x, Q ) ∗ P ❋❆❉❉ acq _ rel ( x, t ) U ( x, Q ) ∗ R Q : Val → Assn is invariant for x : x has value c ⇒ the invariant owns Q ( c ) Updating the value of x from c to c + t : (1) get Q ( c ) out of the invariant (2) put Q ( c + t ) back into the invariant 6

  21. ❋❆❉❉ ∀ c. Q ( c ) ⇒ R ∗ T ∀ c. T ∗ P ⇒ Q ( c + t ) � � � � U ( x, Q ) ∗ P ❋❆❉❉ acq _ rel ( x, t ) U ( x, Q ) ∗ R � � � � ❋❆❉❉ rel ( x, t ) ❞r♦♣✭❛✮④ t ❂ ❋❆❉❉ rel ✭❛✳❝♦✉♥t✱ ✲✶✮❀ ✐❢✭t ❂❂ ✶✮④ ❢❡♥❝❡ acq ❀ ❢r❡❡✭❛✮❀ ⑥ ⑥ 6

  22. ❋❆❉❉ ∀ c. Q ( c ) ⇒ R ∗ T ∀ c. T ∗ P ⇒ Q ( c + t ) � � � � U ( x, Q ) ∗ P ❋❆❉❉ acq _ rel ( x, t ) U ( x, Q ) ∗ R U ( x, Q ) ∗ ▽ R � � � � U ( x, Q ) ∗ P ❋❆❉❉ rel ( x, t ) ❞r♦♣✭❛✮④ t ❂ ❋❆❉❉ rel ✭❛✳❝♦✉♥t✱ ✲✶✮❀ ✐❢✭t ❂❂ ✶✮④ ❢❡♥❝❡ acq ❀ ❢r❡❡✭❛✮❀ ⑥ ⑥ 6

  23. ❋❆❉❉ ∀ c. Q ( c ) ⇒ R ∗ T ∀ c. T ∗ P ⇒ Q ( c + t ) � � � � U ( x, Q ) ∗ P ❋❆❉❉ acq _ rel ( x, t ) U ( x, Q ) ∗ R U ( x, Q ) ∗ ▽ R � � � � U ( x, Q ) ∗ P ❋❆❉❉ rel ( x, t ) � ▽ P � � � ❢❡♥❝❡ acq P ❞r♦♣✭❛✮④ t ❂ ❋❆❉❉ rel ✭❛✳❝♦✉♥t✱ ✲✶✮❀ ✐❢✭t ❂❂ ✶✮④ ❢❡♥❝❡ acq ❀ ❢r❡❡✭❛✮❀ ⑥ ⑥ 6

  24. ∀ c. Q ( c ) ⇒ R ∗ T ∀ c. T ∗ P ⇒ Q ( c + t ) � � � � U ( x, Q ) ∗ P ❋❆❉❉ acq _ rel ( x, t ) U ( x, Q ) ∗ R U ( x, Q ) ∗ ▽ R � � � � U ( x, Q ) ∗ P ❋❆❉❉ rel ( x, t ) � � � � ❋❆❉❉ rlx ( x, t ) ❞r♦♣✭❛✮④ ❝❧♦♥❡✭❛✮④ t ❂ ❋❆❉❉ rel ✭❛✳❝♦✉♥t✱ ✲✶✮❀ ❋❆❉❉ rlx ✭❛✳❝♦✉♥t✱ ✰✶✮❀ ✐❢✭t ❂❂ ✶✮④ ⑥ ❢❡♥❝❡ acq ❀ ❢r❡❡✭❛✮❀ ⑥ ⑥ 6

  25. ∀ c. Q ( c ) ⇒ R ∗ T ∀ c. T ∗ P ⇒ Q ( c + t ) � � � � U ( x, Q ) ∗ P ❋❆❉❉ acq _ rel ( x, t ) U ( x, Q ) ∗ R U ( x, Q ) ∗ ▽ R � � � � U ( x, Q ) ∗ P ❋❆❉❉ rel ( x, t ) U ( x, Q ) ∗ ▽ R � � � � ❋❆❉❉ rlx ( x, t ) � ▽ P � � � ❢❡♥❝❡ acq P ❞r♦♣✭❛✮④ ❝❧♦♥❡✭❛✮④ t ❂ ❋❆❉❉ rel ✭❛✳❝♦✉♥t✱ ✲✶✮❀ ❋❆❉❉ rlx ✭❛✳❝♦✉♥t✱ ✰✶✮❀ ✐❢✭t ❂❂ ✶✮④ ⑥ ❢❡♥❝❡ acq ❀ ❢r❡❡✭❛✮❀ ⑥ ⑥ 6

  26. ∀ c. Q ( c ) ⇒ R ∗ T ∀ c. T ∗ P ⇒ Q ( c + t ) � � � � U ( x, Q ) ∗ P ❋❆❉❉ acq _ rel ( x, t ) U ( x, Q ) ∗ R U ( x, Q ) ∗ ▽ R � � � � U ( x, Q ) ∗ P ❋❆❉❉ rel ( x, t ) U ( x, Q ) ∗ ▽ R � � � � U ( x, Q ) ∗ △ P ❋❆❉❉ rlx ( x, t ) � ▽ P � � � � � � � P ❢❡♥❝❡ rel △ P ❢❡♥❝❡ acq P ❞r♦♣✭❛✮④ ❝❧♦♥❡✭❛✮④ t ❂ ❋❆❉❉ rel ✭❛✳❝♦✉♥t✱ ✲✶✮❀ ❋❆❉❉ rlx ✭❛✳❝♦✉♥t✱ ✰✶✮❀ ✐❢✭t ❂❂ ✶✮④ ⑥ ❢❡♥❝❡ acq ❀ ❢r❡❡✭❛✮❀ ⑥ ⑥ 6

  27. ∀ c. Q ( c ) ⇒ R ∗ T ∀ c. T ∗ P ⇒ Q ( c + t ) � U ( x, Q ) ∗ P � � U ( x, Q ) ∗ ▽ R � ❋❆❉❉ rel ( x, t ) U ( x, Q ) ∗ ▽ R � U ( x, Q ) ∗ △ P � � � ❋❆❉❉ rlx ( x, t ) What is ARC ( a, v ) ? Which invariant to choose for the counter a. ❝♦✉♥t ? { ARC ( a, v ) } { ARC ( a, v ) } ❞r♦♣✭❛✮④ ❝❧♦♥❡✭❛✮④ t ❂ ❋❆❉❉ rel ✭❛✳❝♦✉♥t✱ ✲✶✮❀ ❋❆❉❉ rlx ✭❛✳❝♦✉♥t✱ ✰✶✮❀ ✐❢✭t ❂❂ ✶✮④ ⑥ { ARC ( a, v ) ∗ ARC ( a, v ) } ❢❡♥❝❡ acq ❀ ❢r❡❡✭❛✮❀ ⑥⑥ { emp } 7

Recommend


More recommend