Scaling Up Relaxed Memory Verification with Separation Logics
Hoang-Hai Dang
Max Planck Institute for Software Systems
10 Sep 2024, 3:00 pm - 4:00 pm
Saarbrücken building E1 5, room 005
SWS Student Defense Talks - Thesis Defense
Reasoning about concurrency in a realistic, non-toy language like C/C++
or Rust, which encompasses many interweaving complex features, is very
hard. Yet, realistic concurrency involves relaxed memory models, which
are significantly harder to reason about than the simple, traditional
concurrency model that is sequential consistency. To scale up
verifications to realistic concurrency, we need a few ingredients:
(1) strong but abstract reasoning principles so that we can avoid the
too tedious details of the underlying concurrency model; ...
Reasoning about concurrency in a realistic, non-toy language like C/C++
or Rust, which encompasses many interweaving complex features, is very
hard. Yet, realistic concurrency involves relaxed memory models, which
are significantly harder to reason about than the simple, traditional
concurrency model that is sequential consistency. To scale up
verifications to realistic concurrency, we need a few ingredients:
(1) strong but abstract reasoning principles so that we can avoid the
too tedious details of the underlying concurrency model;
(2) modular reasoning so that we can compose smaller verification
results into larger ones;
(3) reasoning extensibility so that we can derive new reasoning
principles for both complex language features and algorithms without
rebuilding our logic from scratch; and
(4) machine-checked proofs so that we do not miss potential unsoundness
in our verifications. With these ingredients in hand, a logic designer
can flexibly accommodate the intricacy of relaxed memory features and
the ingenuity of programmers who exploit those features.
In this dissertation, I present how to develop strong, abstract,
modular, extensible, and machine-checked separation logics for realistic
relaxed memory concurrency in the Iris framework, using multiple layers
of abstractions.
I report two main applications of such logics:
(i) the verification of the Rust type system with a relaxed memory
model, where relaxed memory effects are encapsulated behind the safe
interface of libraries and thus are not visible to clients, and
(ii) the compositional specification and verification of relaxed memory
libraries, in which relaxed memory effects are exposed to clients.
Read more