research-article

Public Access

Certified concurrent abstraction layers

Authors:
Ronghui Gu

Yale University, USA

Yale University, USA
View Profile

,
Zhong Shao

Yale University, USA

Yale University, USA
View Profile

,
Jieung Kim

Yale University, USA

Yale University, USA
View Profile

,
Xiongnan (Newman) Wu

Yale University, USA

Yale University, USA
View Profile

,
Jérémie Koenig

Yale University, USA

Yale University, USA
View Profile

,
Vilhelm Sjöberg

Yale University, USA

Yale University, USA
View Profile

,
Hao Chen

Yale University, USA

Yale University, USA
View Profile

,
David Costanzo

Yale University, USA

Yale University, USA
View Profile

,
Tahina Ramananandro

Microsoft Research, USA

Microsoft Research, USA
View Profile

PLDI 2018: Proceedings of the 39th ACM SIGPLAN Conference on Programming Language Design and ImplementationJune 2018Pages 646–661https://doi.org/10.1145/3192366.3192381

Published:11 June 2018Publication History

PLDI 2018: Proceedings of the 39th ACM SIGPLAN Conference on Programming Language Design and Implementation

Pages 646–661

ABSTRACT

Concurrent abstraction layers are ubiquitous in modern computer systems because of the pervasiveness of multithreaded programming and multicore hardware. Abstraction layers are used to hide the implementation details (e.g., fine-grained synchronization) and reduce the complex dependencies among components at different levels of abstraction. Despite their obvious importance, concurrent abstraction layers have not been treated formally. This severely limits the applicability of layer-based techniques and makes it difficult to scale verification across multiple concurrent layers.

In this paper, we present CCAL---a fully mechanized programming toolkit developed under the CertiKOS project---for specifying, composing, compiling, and linking certified concurrent abstraction layers. CCAL consists of three technical novelties: a new game-theoretical, strategy-based compositional semantic model for concurrency (and its associated program verifiers), a set of formal linking theorems for composing multithreaded and multicore concurrent layers, and a new CompCertX compiler that supports certified thread-safe compilation and linking. The CCAL toolkit is implemented in Coq and supports layered concurrent programming in both C and assembly. It has been successfully applied to build a fully certified concurrent OS kernel with fine-grained locking.

Supplemental Material

p646-gu.webm

webm

98.4 MB

Download

References

Samson Abramsky and Paul-Andre Mellies. 1999. Concurrent Games and Full Completeness. In Proc. 14th IEEE Symposium on Logic in Computer Science (LICS'99). 431s442. Google ScholarDigital Library
Thomas Anderson and Michael Dahlin. 2011. Operating Systems Principles and Practice. Recursive Books.Google Scholar
Carliss Y. Baldwin and Kim B. Clark. 2000. Design Rules: Volume 1, The Power of Modularity. MIT Press.Google ScholarDigital Library
Michael Barnett, Bor-Yuh Evan Chang, Robert DeLine, Bart Jacobs, and K. Rustan M. Leino. 2005. Boogie: A Modular Reusable Verifier for Object-Oriented Programs. In Proc. 4th Symposium on Formal Methods for Components and Objects (FMCO'05). 364-387. Google ScholarDigital Library
Stephen Brookes. 2004. A Semantics for Concurrent Separation Logic. In Proc. 15th International Conference on Concurrency Theory (CONCUR' 04). 16-34.Google ScholarCross Ref
Stephen Chong, Joshua Guttman, Anupam Datta, Andrew Myers, Benjamin Pierce, Patrick Schaumont, Tim Sherwood, and Nickolai Zeldovich. 2016. Report on the NSF Workshop on Formal Methods for Security. people.csail.mit.edu/nickolai/papers/chong-nsf-sfm.pdf. (2016). Google ScholarDigital Library
Xinyu Feng. 2009. Local Rely-Guarantee Reasoning. In Proc. 36th ACM Symposium on Principles of Programming Languages (POPL'09). 315-327. Google ScholarDigital Library
Xinyu Feng, Rodrigo Ferreira, and Zhong Shao. 2007. On the Relationship Between Concurrent Separation Logic and Assume-Guarantee Reasoning. In Proc. 16th European Symposium on Programming (ESOP'07). 173-188. Google ScholarDigital Library
Xinyu Feng, Zhong Shao, Yuan Dong, and Yu Guo. 2008. Certifying Low-Level Programs with Hardware Interrupts and Preemptive Threads. In Proc. 2008 ACM Conference on Programming Language Design and Implementation (PLDI'08). 170-182. Google ScholarDigital Library
Ivana Filipovic, Peter W. O'Hearn, Noam Rinetzky, and Hongseok Yang. 2010. Abstraction for Concurrent Objects. Theor. Comput. Sci. 411, 51-52 (2010), 4379-4398. Google ScholarDigital Library
Ming Fu, Yong Li, Xinyu Feng, Zhong Shao, and Yu Zhang. 2010. Reasoning about Optimistic Concurrency Using a Program Logic for History. In Proc. 21st International Conference on Concurrency Theory (CONCUR'10). 388-402. Google ScholarDigital Library
Dan R. Ghica and Andrzej S. Murawski. 2008. Angelic Semantics of Fine-Grained Concurrency. Annals of Pure and Applied Logic 151, 2-3 (2008), 89-114.Google ScholarCross Ref
Alexey Gotsman, Noam Rinetzky, and Hongseok Yang. 2013. Verifying Concurrent Memory Reclamation Algorithms with Grace. In Proc. 22nd European Symposium on Programming (ESOP'13). 249s269. Google ScholarDigital Library
Alexey Gotsman and Hongseok Yang. 2012. Linearizability with Ownership Transfer. In Proc. 23rd International Conference on Concurrency Theory (CONCUR'12). 256-271. Google ScholarDigital Library
Ronghui Gu, Jeremie Koenig, Tahina Ramananandro, Zhong Shao, Xiongnan(Newman) Wu, Shu-Chun Weng, Haozhong Zhang, and Yu Guo. 2015. Deep Specifications and Certified Abstraction Layers. In Proc. 42nd ACM Symposium on Principles of Programming Languages (POPL'15). 595-608. Google ScholarDigital Library
Ronghui Gu, Zhong Shao, Hao Chen, Xiongnan (Newman) Wu, Jieung Kim, Vilhelm Sjoberg, and David Costanzo. 2016. CertiKOS: An Extensible Architecture for Building Certified Concurrent OS Kernels. In Proc. 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI'16). 653-669. Google ScholarDigital Library
Chris Hawblitzel, Jon Howell, Jacob R. Lorch, Arjun Narayan, Bryan Parno, Danfeng Zhang, and Brian Zill. 2014. Ironclad Apps: End-to-End Security via Automated Full-System Verification. In Proc. 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI'14). 165-181. Google ScholarDigital Library
Chris Hawblitzel, Erez Petrank, Shaz Qadeer, and Serar Tasiran. 2015. Automated and Modular Refinement Reasoning for Concurrent Programs. In Proc. 27th International Conference on Computer Aided Verification (CAV'15). 449-465.Google ScholarCross Ref
Maurice Herlihy and Nir Shavit. 2008. The Art of Multiprocessor Programming. Morgan Kaufmann. Google ScholarDigital Library
Maurice Herlihy and Jeannette M. Wing. 1990. Linearizability: A Correctness Condition for Concurrent Objects. ACM Trans. Program. Lang. Syst. 12, 3 (1990), 463-492. Google ScholarDigital Library
C. A. R. Hoare. 1969. An Axiomatic Basis for Computer Programming. Commun. ACM 12, 10 (Oct. 1969), 576-580. Google ScholarDigital Library
Bart Jacobs and Frank Piessens. 2011. Expressive Modular Fine-grained Concurrency Specification. In Proc. 38th ACM Symposium on Principles of Programming Languages (POPL'11). 133-146. Google ScholarDigital Library
Ralf Jung, David Swasey, Filip Sieczkowski, Ksper Svendsen, Aaron Turon, Lars Birkedal, and Derek Dreyer. 2015. Iris: Monoids and Invariants as an Orthogonal Basis for Concurrent Reasoning. In Proc. 42nd ACM Symposium on Principles of Programming Languages (POPL'15). 637-650. Google ScholarDigital Library
Gerwin Klein, June Andronick, Kevin Elphinstone, Toby Murray, Thomas Sewell, Rafal Kolanski, and Gernot Heiser. 2014. Comprehensive Formal Verification of an OS Microkernel. ACM Transactions on Computer Systems 32, 1 (Feb. 2014), 2:1-2:70. Google ScholarDigital Library
G. Klein, K. Elphinstone, G. Heiser, J. Andronick, D. Cock, P. Derrin, D. Elkaduwe, K. Engelhardt, et al. 2009. seL4: Formal Verification of an OS Kernel. In Proc. 22nd ACM Symposium on Operating System Principles (SOSP'09). 207-220. Google ScholarDigital Library
Xavier Leroy. 2005-2018. The CompCert verified compiler. http://compcert.inria.fr/. (2005-2018).Google Scholar
Xavier Leroy. 2009. Formal verification of a realistic compiler. Commun. ACM 52, 7 (2009), 107-115. Google ScholarDigital Library
Xavier Leroy and Sandrine Blazy. 2008. Formal verification of a C-like memory model and its uses for verifying program transformations. Journal of Automated Reasoning 41, 1 (2008), 1-31. Google ScholarDigital Library
Ruy Ley-Wild and Aleksandar Nanevski. 2013. Subjective Auxiliary State for Coarse-Grained Concurrency. In Proc. 40th ACM Symposium on Principles of Programming Languages (POPL'13). 561-574. Google ScholarDigital Library
Hongjin Liang and Xinyu Feng. 2016. A Program Logic for Concurrent Objects under Fair Scheduling. In Proc. 43rd ACM Symposium on Principles of Programming Languages (POPL'16). 385-399. Google ScholarDigital Library
Hongjin Liang, Xinyu Feng, and Ming Fu. 2012. A Rely-Guarantee-Based Simulation for Verifying Concurrent Program Transformations. In Proc. 39th ACM Symposium on Principles of Programming Languages (POPL'12). 455-468. Google ScholarDigital Library
Hongjin Liang, Xinyu Feng, and Zhong Shao. 2014. Compositional Verification of Termination-Preserving Refinement of Concurrent Programs. In Proc. Joint Meeting of the 23rd EACSL Annual Conference on Computer Science Logic and 29th IEEE Symposium on Logic in Computer Science (CSL-LICS'14). 65:1-65:10. Google ScholarDigital Library
Hongjin Liang, Jan Hoffmann, Xinyu Feng, and Zhong Shao. 2013. Characterizing Progress Properties of Concurrent Objects via Contextual Refinements. In Proc. 24th International Conference on Concurrency Theory (CONCUR'13). 227-241. Google ScholarDigital Library
Nancy A. Lynch. 1996. Distributed Algorithms. Morgan Kaufmann Publishers, Inc. Google ScholarDigital Library
Nancy A. Lynch and Frits W. Vaandrager. 1995. Forward and Backward Simulations: I. Untimed Systems. Inf. Comput. 121, 2 (1995), 214-233. Google ScholarDigital Library
John M. Mellor-Crummey and Michael L. Scott. 1991. Algorithms for Scalable Synchronization on Shared-Memory Multiprocessors. ACM Transactions on Computer Systems 9, 1 (Feb. 1991), 21-65. Google ScholarDigital Library
Robin Milner. 1971. An Algebraic Definition of Simulation Between Programs. In Proc. 2nd International Joint Conference on Artificial Intelligence (IJCAI'71). 481-489. Google ScholarDigital Library
Andrzej S. Murawski and Nikos Tzevelekos. 2016. An invitation to game semantics. ACM SIGLOG News 3, 2 (2016), 56-67. Google ScholarDigital Library
Aleksandar Nanevski, Ruy Ley-Wild, Ilya Sergey, and German Andres Delbianco. 2014. Communicating State Transition Systems for Fine-Grained Concurrent Resources. In Proc. 23rd European Symposium on Programming (ESOP'14). 290-310. Google ScholarDigital Library
Aleksandar Nanevski, Greg Morrisett, and Lars Birkedal. 2006. Polymorphism and Separation in Hoare Type Theory. In Proc. 2006 ACM SIGPLAN International Conference on Functional Programming (ICFP'06). 62-73. Google ScholarDigital Library
Susumu Nishimura. 2013. A Fully Abstract Game Semantics for Parallelism with Non-Blocking Synchronization on Shared Variables. In CSL 2013. 578-596.Google Scholar
Peter W. O'Hearn. 2004. Resources, Concurrency and Local Reasoning. In Proc. 15th International Conference on Concurrency Theory (CONCUR' 04). 49-67.Google Scholar
David Michael Ritchie Park. 1981. Concurrency and Automata on Infinite Sequences. In Theoretical Computer Science, 5th GI-Conference, Karlsruhe, Germany, March 23-25, 1981, Proceedings. 167-183. Google ScholarDigital Library
Pedro Da Rocha Pinto, Thomas Dinsdale-Young, and Philippa Gardner. 2014. TaDA: A Logic for Time and Data Abstraction. In Proc. 28th European Conference on Object-Oriented Programming (ECOOP'14). 207-231. Google ScholarDigital Library
Pedro Da Rocha Pinto, Thomas Dinsdale-Young, Philippa Gardner, and Julian Sutherland. 2016. Modular Termination Verification for Non-blocking Concurrency. In Proc. 25th European Symposium on Programming (ESOP'16). 176-201. Google ScholarDigital Library
John C. Reynolds. 2002. Separation Logic: A Logic for Shared Mutable Data Structures. In Proc. 17th IEEE Symposium on Logic in Computer Science (LICS'02). 55-74. Google ScholarDigital Library
Silvin Rideau and Glynn Winskel. 2011. Concurrent Strategies. In Proc. 26th IEEE Symposium on Logic in Computer Science (LICS'11). 409-418. Google ScholarDigital Library
Jerome H. Saltzer and M. Frans Kaashoek. 2009. Principles of Computer System Design. Morgan Kaufmann. Google ScholarDigital Library
Davide Sangiorgi and David Walker. 2003. The Pi-Calculus: A Theory of Mobile Processes. Cambridge University Press, Cambridge, England. Google ScholarDigital Library
Ilya Sergey, Aleksandar Nanevski, and Anindya Banerjee. 2015. Mechanized Verification of Fine-grained Concurrent Programs. In Proc. 2015 ACM Conference on Programming Language Design and Implementation (PLDI'15). 77-87. Google ScholarDigital Library
Ilya Sergey, Aleksandar Nanevski, and Anindya Banerjee. 2015. Specifying and Verifying Concurrent Algorithms with Histories and Subjectivity. In Proc. 24th European Symposium on Programming (ESOP'15). 333-358. Google ScholarDigital Library
Peter Sewell, Susmit Sarkar, Scott Owens, Francesco Zappa Nardelli, and Magnus O. Myreen. 2010. x86-TSO: A Rigorous and Usable Programmer's Model for x86 Multiprocessors. Commun. ACM 53, 7 (2010), 89-97. Google ScholarDigital Library
Vilhelm Sjoberg, Jieung Kim, Ronghui Gu, and Zhong Shao. 2017. Safety and Liveness of MCS LockDLayer by Layer. In Proc. 15th Asian Symposium on Programming Languages and Systems (APLAS'17). 273-297.Google Scholar
Gordon Stewart, Lennart Beringer, Santiago Cuellar, and Andrew W. Appel. 2015. Compositional CompCert. In Proc. 42nd ACM Symposium on Principles of Programming Languages (POPL'15). 275-287. Google ScholarDigital Library
The Coq development team. 1999-2018. The Coq proof assistant. http://coq.inria.fr. (1999-2018).Google Scholar
Aaron Turon, Derek Dreyer, and Lars Birkedal. 2013. Unifying Refinement and Hoare-style Reasoning in a Logic for Higher-Order Concurrency. In Proc. 2013 ACM SIGPLAN International Conference on Functional Programming (ICFP'13). 377-390. Google ScholarDigital Library
Aaron Turon, Jacob Thamsborg, Amal Ahmed, Lars Birkedal, and Derek Dreyer. 2013. Logical Relations for Fine-Grained Concurrency. In Proc. 40th ACM Symposium on Principles of Programming Languages (POPL'13). 343-356. Google ScholarDigital Library
Viktor Vafeiadis and Matthew Parkinson. 2007. A Marriage of Rely/ Guarantee and Separation Logic. In Proc. 18th International Conference on Concurrency Theory (CONCUR'07). 256-271. Google ScholarDigital Library
Fengwei Xu, Ming Fu, Xinyu Feng, Xiaoran Zhang, Hui Zhang, and Zhaohui Li. 2016. A Practical Verification Framework for Preemptive OS Kernels. In Proc. 28th International Conference on Computer Aided Verification (CAV'16), Part II. 59-79.Google ScholarCross Ref
Jean Yang and Chris Hawblitzel. 2010. Safe to the Last Instruction: Automated Verification of a Type-Safe Operating System. In Proc. 2010 ACM Conference on Programming Language Design and Implementation (PLDI'10). 99-110. Google ScholarDigital Library

Index Terms

Certified concurrent abstraction layers
1. Software and its engineering
  1. Software notations and tools
    1. General programming languages
      1. Language types
        Concurrent programming languages
  2. Software organization and properties
    1. Software functional properties
      1. Correctness
        Functionality
      2. Formal methods
        Software verification
2. Theory of computation
  1. Logic
    1. Abstraction
    2. Logic and verification

Recommendations

Deep Specifications and Certified Abstraction Layers
POPL '15: Proceedings of the 42nd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages

Modern computer systems consist of a multitude of abstraction layers (e.g., OS kernels, hypervisors, device drivers, network protocols), each of which defines an interface that hides the implementation details of a particular set of functionality. ...
Read More
Certified concurrent abstraction layers
PLDI '18

Concurrent abstraction layers are ubiquitous in modern computer systems because of the pervasiveness of multithreaded programming and multicore hardware. Abstraction layers are used to hide the implementation details (e.g., fine-grained synchronization) ...
Read More
Towards certified separate compilation for concurrent programs
PLDI 2019: Proceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation

Certified separate compilation is important for establishing end-to-end guarantees for certified systems consisting of multiple program modules. There has been much work building certified compilers for sequential programs. In this paper, we propose a ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
PLDI 2018: Proceedings of the 39th ACM SIGPLAN Conference on Programming Language Design and Implementation
June 2018
825 pages
ISBN:9781450356985
DOI:10.1145/3192366
General Chair:
Jeffrey S. Foster
University of Maryland at College Park, USA
,
Program Chair:
Dan Grossman
University of Washington, USA
ACM SIGPLAN Notices Volume 53, Issue 4
PLDI '18
April 2018
834 pages
ISSN:0362-1340
EISSN:1558-1160
DOI:10.1145/3296979
Editor:
Matthew Fluet
Rodchester Institude of Technology
Issue’s Table of Contents
Copyright © 2018 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 11 June 2018
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Badges
- Artifacts Evaluated & Functional
Author Tags
abstraction layer
certified OS kernels
certified compilers
concurrency
modularity
verification
Qualifiers
- research-article
Conference

Acceptance Rates
Overall Acceptance Rate406of2,067submissions,20%
Upcoming Conference
PLDI '24

Sponsor:

sigplan

ACM SIGPLAN Conference on Programming Language Design and Implementation

June 24 - 28, 2024

Copenhagen , Denmark
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 58
  Total Citations
  View Citations
- 845
  Total Downloads
- Downloads (Last 12 months)161
- Downloads (Last 6 weeks)40
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Certified concurrent abstraction layers

PLDI 2018: Proceedings of the 39th ACM SIGPLAN Conference on Programming Language Design and Implementation

ABSTRACT

Supplemental Material

References

Cited By

Index Terms

Recommendations

Deep Specifications and Certified Abstraction Layers

Certified concurrent abstraction layers

Towards certified separate compilation for concurrent programs