[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
research-article
Open access

Persistent Owicki-Gries reasoning: a program logic for reasoning about persistent programs on Intel-x86

Published: 13 November 2020 Publication History

Abstract

The advent of non-volatile memory (NVM) technologies is expected to transform how software systems are structured fundamentally, making the task of correct programming significantly harder. This is because ensuring that memory stores persist in the correct order is challenging, and requires low-level programming to flush the cache at appropriate points. This has in turn resulted in a noticeable verification gap.
To address this, we study the verification of NVM programs, and present Persistent Owicki-Gries (POG), the first program logic for reasoning about such programs. We prove the soundness of POG over the recent Intel-x86 model, which formalises the out-of-order persistence of memory stores and the semantics of the Intel cache line flush instructions. We then use POG to verify several programs that interact with NVM.

Supplementary Material

Auxiliary Presentation Video (oopsla20main-p93-p-video.mp4)
The advent of non-volatile memory (NVM) technologies is expected to transform how software systems are structured fundamentally, making the task of correct programming significantly harder. This is because ensuring that memory stores persist in the correct order is challenging, and requires low-level programming to flush the cache at appropriate points. This has in turn resulted in a noticeable verification gap. To address this, we study the verification of NVM programs, and present Persistent Owicki-Gries (POG), the first program logic for reasoning about such programs. We prove the soundness of POG over the recent Intel-x86 model, which formalises the out-of-order persistence of memory stores and the semantics of the Intel cache line flush instructions. We then use POG to verify several programs that interact with NVM.

References

[1]
Parosh Aziz Abdulla, Stavros Aronis, Mohamed Faouzi Atig, Bengt Jonsson, Carl Leonardsson, and Konstantinos Sagonas. 2015. Stateless Model Checking for TSO and PSO. In Tools and Algorithms for the Construction and Analysis of Systems, Christel Baier and Cesare Tinelli (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 353-367.
[2]
Arm. 2018. ARM Architecture Reference Manual ARMv8, for ARMv8-A architecture profile (DDI 0487D.a). https: //static.docs.arm.com/ddi0487/da/DDI0487D_a_armv8_arm.pdf
[3]
Haogang Chen, Daniel Ziegler, Tej Chajed, Adam Chlipala, M. Frans Kaashoek, and Nickolai Zeldovich. 2015. Using Crash Hoare Logic for Certifying the FSCQ File System. In Proceedings of the 25th Symposium on Operating Systems Principles (Monterey, California) ( SOSP '15). ACM, New York, NY, USA, 18-37. https://doi.org/10.1145/2815400.2815402
[4]
Edmund Clarke, Daniel Kroening, and Flavio Lerda. 2004. A Tool for Checking ANSI-C Programs. In Tools and Algorithms for the Construction and Analysis of Systems, Kurt Jensen and Andreas Podelski (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 168-176.
[5]
Jeremy Condit, Edmund B. Nightingale, Christopher Frost, Engin Ipek, Benjamin Lee, Doug Burger, and Derrick Coetzee. 2009. Better I/O Through Byte-addressable, Persistent Memory. In Proceedings of the ACM SIGOPS 22Nd Symposium on Operating Systems Principles (Big Sky, Montana, USA) ( SOSP '09). ACM, New York, NY, USA, 133-146. https: //doi.org/10.1145/1629575.1629589
[6]
John Derrick, Simon Doherty, Brijesh Dongol, Gerhard Schellhorn, and Heike Wehrheim. 2019. Verifying Correctness of Persistent Concurrent Data Structures. In Formal Methods-The Next 30 Years, Maurice H. ter Beek, Annabelle McIver, and José N. Oliveira (Eds.). Springer International Publishing, Cham, 179-195.
[7]
Thomas Dinsdale-Young, Lars Birkedal, Philippa Gardner, Matthew Parkinson, and Hongseok Yang. 2013. Views: Compositional Reasoning for Concurrent Programs. In Proceedings of the 40th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (Rome, Italy) (POPL '13). ACM, New York, NY, USA, 287-300. https: //doi.org/10.1145/2429069.2429104
[8]
Thomas Dinsdale-Young, Mike Dodds, Philippa Gardner, Matthew J. Parkinson, and Viktor Vafeiadis. 2010. Concurrent Abstract Predicates. In ECOOP 2010-Object-Oriented Programming, Theo D'Hondt (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 504-528.
[9]
Michal Friedman, Maurice Herlihy, Virendra Marathe, and Erez Petrank. 2018. A Persistent Lock-free Queue for Non-volatile Memory. In Proceedings of the 23rd ACM SIGPLAN Symposium on Principles and Practice of Parallel Programming (Vienna, Austria) ( PPoPP '18). ACM, New York, NY, USA, 28-40. https://doi.org/10.1145/3178487.3178490
[10]
Vaibhav Gogte, Stephan Diestelhorst, William Wang, Satish Narayanasamy, Peter M. Chen, and Thomas F. Wenisch. 2018. Persistency for Synchronization-free Regions. In Proceedings of the 39th ACM SIGPLAN Conference on Programming Language Design and Implementation (Philadelphia, PA, USA) ( PLDI 2018). ACM, New York, NY, USA, 46-61. https: //doi.org/10.1145/3192366.3192367
[11]
V. Gogte, W. Wang, S. Diestelhorst, P. M. Chen, S. Narayanasamy, and T. F. Wenisch. 2020. Relaxed Persist Ordering Using Strand Persistency. In 2020 ACM/IEEE 47th Annual International Symposium on Computer Architecture (ISCA). 652-665.
[12]
Shiyou Huang and Jef Huang. 2016. Maximal Causality Reduction for TSO and PSO. In Proceedings of the 2016 ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and Applications (Amsterdam, Netherlands) ( OOPSLA 2016). ACM, New York, NY, USA, 447-461. https://doi.org/10.1145/2983990.2984025
[13]
Intel. 2015. Persistent Memory Programming. http://pmem.io/
[14]
Intel. 2019. 3D XPoint. https://www.intel.com/content/www/us/en/architecture-and-technology/intel-optane-technology. html
[15]
Intel. 2019. Intel 64 and IA-32 Architectures Software Developer's Manual (Combined Volumes). https://software.intel.com/ sites/default/files/managed/39/c5/325462-sdm-vol-1-2abcd-3abcd.pdf Order Number: 325462-069US.
[16]
Joseph Izraelevitz, Hammurabi Mendes, and Michael L. Scott. 2016. Linearizability of Persistent Memory Objects Under a Full-System-Crash Failure Model. In Distributed Computing, Cyril Gavoille and David Ilcinkas (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 313-327.
[17]
Joseph Izraelevitz, Jian Yang, Lu Zhang, Juno Kim, Xiao Liu, Amirsaman Memaripour, Yun Joon Soh, Zixuan Wang, Yi Xu, Subramanya R. Dulloor, Jishen Zhao, and Steven Swanson. 2019. Basic Performance Measurements of the Intel Optane DC Persistent Memory Module. arXiv: 1903. 05714 [cs.DC]
[18]
Bart Jacobs and Frank Piessens. 2011. Expressive Modular Fine-Grained Concurrency Specification. SIGPLAN Not. 46, 1 (Jan. 2011 ), 271-282. https://doi.org/10.1145/1925844.1926417
[19]
C. B. Jones. 1983. Tentative Steps Toward a Development Method for Interfering Programs. ACM Trans. Program. Lang. Syst. 5, 4 (Oct. 1983 ), 596-619. https://doi.org/10.1145/69575.69577
[20]
Arpit Joshi, Vijay Nagarajan, Marcelo Cintra, and Stratis Viglas. 2015. Eficient Persist Barriers for Multicores. In Proceedings of the 48th International Symposium on Microarchitecture (Waikiki, Hawaii) (MICRO-48). ACM, New York, NY, USA, 660-671. https://doi.org/10.1145/2830772.2830805
[21]
Ralf Jung, David Swasey, Filip Sieczkowski, Kasper Svendsen, Aaron Turon, Lars Birkedal, and Derek Dreyer. 2015. Iris: Monoids and Invariants as an Orthogonal Basis for Concurrent Reasoning. In Proceedings of the 42nd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (Mumbai, India) (POPL '15). Association for Computing Machinery, New York, NY, USA, 637-650. https://doi.org/10.1145/2676726.2676980
[22]
J. Kaiser, Hoang-Hai Dang, D. Dreyer, O. Lahav, and Viktor Vafeiadis. 2017. Strong Logic for Weak Memory: Reasoning About Release-Acquire Consistency in Iris. In ECOOP.
[23]
T. Kawahara, K. Ito, R. Takemura, and H. Ohno. 2012. Spin-transfer torque RAM technology: Review and prospect. Microelectronics Reliability 52, 4 ( 2012 ), 613-627. https://doi.org/10.1016/j.microrel. 2011. 09. 028 Advances in non-volatile memory technology.
[24]
Michalis Kokologiannakis, Azalea Raad, and Viktor Vafeiadis. 2019a. Efective Lock Handling in Stateless Model Checking. Proc. ACM Program. Lang. 3, OOPSLA, Article 173 (Oct. 2019 ), 26 pages. https://doi.org/10.1145/3360599
[25]
Michalis Kokologiannakis, Azalea Raad, and Viktor Vafeiadis. 2019b. Model Checking for Weakly Consistent Libraries. In Proceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation (Phoenix, AZ, USA) ( PLDI 2019). ACM, New York, NY, USA, 96-110. https://doi.org/10.1145/3314221.3314609
[26]
Aasheesh Kolli, Vaibhav Gogte, Ali Saidi, Stephan Diestelhorst, Peter M. Chen, Satish Narayanasamy, and Thomas F. Wenisch. 2017. Language-level Persistency. In Proceedings of the 44th Annual International Symposium on Computer Architecture (Toronto, ON, Canada) ( ISCA '17). ACM, New York, NY, USA, 481-493. https://doi.org/10.1145/3079856.3080229
[27]
Aasheesh Kolli, Jef Rosen, Stephan Diestelhorst, Ali Saidi, Steven Pelley, Sihang Liu, Peter M. Chen, and Thomas F. Wenisch. 2016. Delegated Persist Ordering. In The 49th Annual IEEE/ACM International Symposium on Microarchitecture (Taipei, Taiwan) (MICRO-49). IEEE Press, Piscataway, NJ, USA, Article 58, 13 pages. http://dl.acm.org/citation.cfm?id= 3195638. 3195709
[28]
Ori Lahav and Viktor Vafeiadis. 2015. Owicki-Gries Reasoning for Weak Memory Models. In Automata, Languages, and Programming, Magnús M. Halldórsson, Kazuo Iwama, Naoki Kobayashi, and Bettina Speckmann (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 311-323.
[29]
Ori Lahav, Viktor Vafeiadis, Jeehoon Kang, Chung-Kil Hur, and Derek Dreyer. 2017. Repairing Sequential Consistency in C/C++11. In Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation (Barcelona, Spain) ( PLDI 2017). ACM, New York, NY, USA, 618-632. https://doi.org/10.1145/3062341.3062352
[30]
Leslie Lamport. 1979. How to Make a Multiprocessor Computer That Correctly Executes Multiprocess Programs. IEEE Trans. Computers 28, 9 (Sept. 1979 ), 690-691. https://doi.org/10.1109/TC. 1979.1675439
[31]
Benjamin C. Lee, Engin Ipek, Onur Mutlu, and Doug Burger. 2009. Architecting Phase Change Memory As a Scalable Dram Alternative. In Proceedings of the 36th Annual International Symposium on Computer Architecture (Austin, TX, USA) ( ISCA '09). ACM, New York, NY, USA, 2-13. https://doi.org/10.1145/1555754.1555758
[32]
Aleksandar Nanevski, Ruy Ley-Wild, Ilya Sergey, and Germán Andrés Delbianco. 2014. Communicating State Transition Systems for Fine-Grained Concurrent Resources. In Programming Languages and Systems, Zhong Shao (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 290-310.
[33]
Faisal Nawab, Joseph Izraelevitz, Terence Kelly, Charles B. Morrey, Dhruva R. Chakrabarti, and Michael James Scott. 2017. Dalí: A Periodically Persistent Hash Map. In DISC.
[34]
Gian Ntzik, Pedro da Rocha Pinto, and Philippa Gardner. 2015. Fault-Tolerant Resource Reasoning. In Programming Languages and Systems, Xinyu Feng and Sungwoo Park (Eds.). Springer International Publishing, Cham, 169-188.
[35]
Susan Owicki and David Gries. 1976. An axiomatic proof technique for parallel programs I. Acta Informatica 6, 4 ( 01 Dec 1976 ), 319-340. https://doi.org/10.1007/BF00268134
[36]
Steven Pelley, Peter M. Chen, and Thomas F. Wenisch. 2014. Memory Persistency. In Proceeding of the 41st Annual International Symposium on Computer Architecuture (Minneapolis, Minnesota, USA) ( ISCA '14). IEEE Press, Piscataway, NJ, USA, 265-276. http://dl.acm.org/citation.cfm?id= 2665671. 2665712
[37]
Azalea Raad and Viktor Vafeiadis. 2018. Persistence Semantics for Weak Memory: Integrating Epoch Persistency with the TSO Memory Model. Proc. ACM Program. Lang. 2, OOPSLA, Article 137 (Oct. 2018 ), 27 pages. https://doi.org/10.1145/3276507
[38]
Azalea Raad, Jules Villard, and Philippa Gardner. 2015. CoLoSL: Concurrent Local Subjective Logic. In Proceedings of the 24th European Symposium on Programming (ESOP'15) (Lecture Notes in Computer Science), Jan Vitek (Ed.), Vol. 9032. Springer, 710-735.
[39]
Azalea Raad, John Wickerson, Gil Neiger, and Viktor Vafeiadis. 2020. Persistency Semantics of the Intel-x86 Architecture. Proc. ACM Program. Lang. 4, POPL, Article 11 ( Jan. 2020 ), 31 pages. https://doi.org/10.1145/3371079
[40]
Azalea Raad, John Wickerson, and Viktor Vafeiadis. 2019. Weak Persistency Semantics from the Ground Up: Formalising the Persistency Semantics of ARMv8 and Transactional Models. Proc. ACM Program. Lang. 3, OOPSLA, Article 135 (Oct. 2019 ), 27 pages. https://doi.org/10.1145/3360561
[41]
Peter Sewell, Susmit Sarkar, Scott Owens, Francesco Zappa Nardelli, and Magnus O. Myreen. 2010. X86-TSO: A Rigorous and Usable Programmer's Model for x86 Multiprocessors. Commun. ACM 53, 7 ( July 2010 ), 89-97. https://doi.org/10. 1145/1785414.1785443
[42]
Filip Sieczkowski, Kasper Svendsen, Lars Birkedal, and Jean Pichon-Pharabod. 2015. A Separation Logic for Fictional Sequential Consistency. In Programming Languages and Systems, Jan Vitek (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 736-761.
[43]
D. B. Strukov, G. S. Snider, D. R. Stewart, and R. S. Williams. 2008. The missing memristor found. Nature 453 ( 2008 ), 80-83.
[44]
Kasper Svendsen, Jean Pichon-Pharabod, Marko Doko, Ori Lahav, and Viktor Vafeiadis. 2018. A Separation Logic for a Promising Semantics. In Programming Languages and Systems, Amal Ahmed (Ed.). Springer International Publishing, Cham, 357-384.
[45]
Aaron Turon, Viktor Vafeiadis, and Derek Dreyer. 2014. GPS: Navigating Weak Memory with Ghosts, Protocols, and Separation. In Proceedings of the 2014 ACM International Conference on Object Oriented Programming Systems Languages & Applications (Portland, Oregon, USA) ( OOPSLA '14). ACM, New York, NY, USA, 691-707. https://doi.org/10.1145/ 2660193.2660243
[46]
Viktor Vafeiadis and Chinmay Narayan. 2013. Relaxed Separation Logic: A Program Logic for C11 Concurrency. In Proceedings of the 2013 ACM SIGPLAN International Conference on Object Oriented Programming Systems Languages & Applications. 867-884.
[47]
Yoav Zuriel, Michal Friedman, Gali Shefi, Nachshon Cohen, and Erez Petrank. 2019. Eficient Lock-free Durable Sets. Proc. ACM Program. Lang. 3, OOPSLA, Article 128 (Oct. 2019 ), 26 pages. https://doi.org/10.1145/3360554

Cited By

View all
  • (2024)Semantics of Remote Direct Memory Access: Operational and Declarative Models of RDMA on TSO ArchitecturesProceedings of the ACM on Programming Languages10.1145/36897818:OOPSLA2(1982-2009)Online publication date: 8-Oct-2024
  • (2024)Constraint Based Program Repair for Persistent Memory BugsProceedings of the IEEE/ACM 46th International Conference on Software Engineering10.1145/3597503.3639204(1-12)Online publication date: 20-May-2024
  • (2024)A verified durable transactional mutex lock for persistent x86-TSOFormal Methods in System Design10.1007/s10703-024-00462-1Online publication date: 31-Jul-2024
  • Show More Cited By

Index Terms

  1. Persistent Owicki-Gries reasoning: a program logic for reasoning about persistent programs on Intel-x86

        Recommendations

        Comments

        Please enable JavaScript to view thecomments powered by Disqus.

        Information & Contributors

        Information

        Published In

        cover image Proceedings of the ACM on Programming Languages
        Proceedings of the ACM on Programming Languages  Volume 4, Issue OOPSLA
        November 2020
        3108 pages
        EISSN:2475-1421
        DOI:10.1145/3436718
        Issue’s Table of Contents
        This work is licensed under a Creative Commons Attribution International 4.0 License.

        Publisher

        Association for Computing Machinery

        New York, NY, United States

        Publication History

        Published: 13 November 2020
        Published in PACMPL Volume 4, Issue OOPSLA

        Permissions

        Request permissions for this article.

        Check for updates

        Author Tags

        1. consistency
        2. non-volatile memory
        3. persistency
        4. program logic
        5. x86-TSO

        Qualifiers

        • Research-article

        Funding Sources

        • ERC

        Contributors

        Other Metrics

        Bibliometrics & Citations

        Bibliometrics

        Article Metrics

        • Downloads (Last 12 months)268
        • Downloads (Last 6 weeks)34
        Reflects downloads up to 21 Dec 2024

        Other Metrics

        Citations

        Cited By

        View all
        • (2024)Semantics of Remote Direct Memory Access: Operational and Declarative Models of RDMA on TSO ArchitecturesProceedings of the ACM on Programming Languages10.1145/36897818:OOPSLA2(1982-2009)Online publication date: 8-Oct-2024
        • (2024)Constraint Based Program Repair for Persistent Memory BugsProceedings of the IEEE/ACM 46th International Conference on Software Engineering10.1145/3597503.3639204(1-12)Online publication date: 20-May-2024
        • (2024)A verified durable transactional mutex lock for persistent x86-TSOFormal Methods in System Design10.1007/s10703-024-00462-1Online publication date: 31-Jul-2024
        • (2024)Specifying and Verifying Persistent LibrariesProgramming Languages and Systems10.1007/978-3-031-57267-8_8(185-211)Online publication date: 6-Apr-2024
        • (2024)Intel PMDK Transactions: Specification, Validation and ConcurrencyProgramming Languages and Systems10.1007/978-3-031-57267-8_6(150-179)Online publication date: 6-Apr-2024
        • (2023)Spirea: A Mechanized Concurrent Separation Logic for Weak Persistent MemoryProceedings of the ACM on Programming Languages10.1145/36228207:OOPSLA2(632-657)Online publication date: 16-Oct-2023
        • (2023)Rely-Guarantee Reasoning for Causally Consistent Shared MemoryComputer Aided Verification10.1007/978-3-031-37706-8_11(206-229)Online publication date: 17-Jul-2023
        • (2023)Reasoning About Promises in Weak Memory Models with Event StructuresFormal Methods10.1007/978-3-031-27481-7_17(282-300)Online publication date: 3-Mar-2023
        • (2022)Extending Intel-x86 consistency and persistency: formalising the semantics of Intel-x86 memory types and non-temporal storesProceedings of the ACM on Programming Languages10.1145/34986836:POPL(1-31)Online publication date: 12-Jan-2022
        • (2022)View-Based Owicki–Gries Reasoning for Persistent x86-TSOProgramming Languages and Systems10.1007/978-3-030-99336-8_9(234-261)Online publication date: 29-Mar-2022
        • Show More Cited By

        View Options

        View options

        PDF

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader

        Login options

        Full Access

        Media

        Figures

        Other

        Tables

        Share

        Share

        Share this Publication link

        Share on social media