Software Analysis and Verification Group Viktor Vafeiadis Mustafa - - PowerPoint PPT Presentation

Software Analysis and Verification Group

Viktor Vafeiadis Mustafa Zengin (Tenure-track faculty) (Masters student) Soham Chakraborty Marko Doko (PhD, started Oct’13) (PhD, started Oct’13)

Research direction Verify full functional correctness:

Come up with the specification Prove the code matches the specification

Develop “the right tools” for doing so:

Program logics (e.g., separation logic) Interactive theorem provers (e.g., Coq)

Main application domains:

Concurrent libraries ❀ spec: linearizability Compilers ❀ spec: ∀prg. compile(prg) = prg

Viktor Vafeiadis Software Analysis and Verification Group 2/8

Research output Concurrency

Relaxed separation logic (OOPSLA’13) Aspect-oriented linearizability [IST] (CONCUR’13) Fault-tolerant parallelism (TASE’13,poster)

Compilers

CompCertTSO [Cantab,INRIA] (SAS’11,JACM) Parametric bisimulations [DD] (POPL’12,poster)

Interactive theorem proving

Adjustable references : representing state (ITP’13) Mtac : typed language for tactics [DD] (ICFP’13,poster) Paco : parametrized coinduction [DD] (POPL’12)

Viktor Vafeiadis Software Analysis and Verification Group 3/8

The C11 memory model Two types of locations: ordinary and atomic Races on ordinary accesses ❀ error A spectrum of atomic accesses: Relaxed ❀ no fence Release writes ❀ no fence (x86); lwsync (Power) Acquire reads ❀ no fence (x86); isync (Power)

• Seq. consistent ❀ full memory fence

Goal: Explain acquire/release accesses.

Viktor Vafeiadis Software Analysis and Verification Group 4/8

Relaxed separation logic You must own a non-atomic location to access it: {ℓ → v} [ℓ]na := v ′ {ℓ → v ′} {ℓ → v} x := [ℓ]na {ℓ → v ∧ x = v} Atomic allocation ❀ pick location invariant Q {true} x := alloc() {Rel(x, Q) ∗ Acq(x, Q)} Release write ❀ give away ownership {Q(v) ∗ Rel(ℓ, Q)} [ℓ]rel := v {true} Acquire read ❀ gain ownership {Acq(ℓ, Q)} x := [ℓ]acq {Q(x)}

Viktor Vafeiadis Software Analysis and Verification Group 5/8

Technical challenges No operational semantics

= ⇒ Use the axiomatic semantics

Wna(x, 0)

sb asw

• Wna(a, 7)

sb rf

• Wrel(x, 1) sb

rf

• Racq(x, 1)

sb Rna(a, 7) sb

No (global) notions of state and time

= ⇒ Define a logical local notion of state = ⇒ Annotate happens-before edges with logical state

{P} C {Q} Soundness proof in Coq

Viktor Vafeiadis Software Analysis and Verification Group 6/8

Extensions Take more advanced program logics

(rely-guarantee, RGSep, deny-guarantee, . . . )

and adapt them to C11 concurrency Handle more advanced C11 constructs: memory fences & consume atomics Build a tool & verify real programs

Viktor Vafeiadis Software Analysis and Verification Group 7/8

Research output Concurrency

Relaxed separation logic (OOPSLA’13) Aspect-oriented linearizability [IST] (CONCUR’13) Fault-tolerant parallelism (TASE’13,poster)

Compilers

CompCertTSO [Cantab,INRIA] (SAS’11,JACM) Parametric bisimulations [DD] (POPL’12,poster)

Interactive theorem proving

Adjustable references : representing state (ITP’13) Mtac : typed language for tactics [DD] (ICFP’13,poster) Paco : parametrized coinduction [DD] (POPL’12)

Viktor Vafeiadis Software Analysis and Verification Group 8/8