an asynchronous soundness...
Post on 24-Oct-2020
38 Views
Preview:
TRANSCRIPT
An Asynchronous Soundness Theorem for
Concurrent Separation Logic
Paul-André Melliès Léo Stefanesco
IRIF, CNRS & Université Paris Diderot
Séminaire Gallium 4 juin 2018
Summary• The imperative concurrent language and its semantics
• Concurrent separation Logic and its semantics
• Soundness theorems: relating those semantics
!2
Summary• The imperative concurrent language and its semantics
• Concurrent separation Logic and its semantics
• Soundness theorems: relating those semantics
!2
Asynchronous Graphs
!3
Topological Intuition
!4
v
u
u´
v ´
Asynchronous Morphisms
!5
u
v
v,
u,
F
F F
Fu
v
v,
u,
It’s a graph homomorphism, such that:
Asynchronous Graphs with Environment
!6
m1 m1
m2
m3
A Simple Concurrent Language
“Assembly language”
Source language
State transitions
is the memory and is the set of held lockswhere!8
A Simple Concurrent Language
Asynchronous Transition System
Machine model
!9
Code-acyclic asynchronous graph
Asynchronous Transition System
Machine model
!9
Code-acyclic asynchronous graph
Two semantics:
Asynchronous Transition System
Machine model
!9
Code-acyclic asynchronous graph
is an Environment 1-fibration = “the Environment can always execute every instructions”
Two semantics:
Machine Models for the Code
Code-acyclic asynchronous graph
Machine modelAsynchronous graph of machine states
Nodes:
Edges:
is a tile when:
Asynchronous graph of locks
Nodes:
is a tile when:
!10
Edges:
Semantics of leaves
such that:
There is a tile wheneverthe footprints are independent
!11
m2 m2
m1
x y
Graphical representation
Non terminating executions
!12
Sequential Composition
C C’
!13
Conditionals
B
¬ B
B
C
C’nop
nop
!14
Parallel Product:Nodes: such that
Parallel Product:Nodes: such that
Edges: an edge is a pair of edges
andin in
Parallel Product:Nodes: such that
Edges: an edge is a pair of edges
andin in
Parallel Product:Nodes: such that
Edges: an edge is a pair of edges
and
Tiles:
if
!15
in in
Morphism between the two semantics
Morphisms for leaves
They are preserved by the constructions
!16
Separation LogicHoare triples:
are predicates on Logical States
!17
Semantics:
A few concurrent separation logics
Iris 2.0 (2016)
Iris 3.0 (2017)
Owicki-Gries (1976)
CSL (2004)Rely-Guarantee (1983)
SAGL (2007)RGSep (2007)
Deny-Guarantee (2009)
CAP (2010)
Liang-Feng (2013)
LRG (2009)
SCSL (2013)HOCAP (2013)
iCAP (2014)
Iris (2015)
CaReSL (2013)
FCSL (2014)
TaDA (2014)
CoLoSL (2015)
Gotsman-al (2007)
HLRG (2010)
Bornat-al (2005)
RGSim (2012)
GPS (2014)Total-TaDA (2016)
FTCSL (2015)
Jacobs-Piessens (2011)
RSL (2013)
LiLi (2016)
Bell-al (2010)Hobor-al (2008)
FSL (2016)
Hobor-Gherghina (2011)
FSL++ (2017)
Disel (2018)
by Ilya Sergey !18
A few concurrent separation logics
Iris 2.0 (2016)
Iris 3.0 (2017)
Owicki-Gries (1976)
CSL (2004)Rely-Guarantee (1983)
SAGL (2007)RGSep (2007)
Deny-Guarantee (2009)
CAP (2010)
Liang-Feng (2013)
LRG (2009)
SCSL (2013)HOCAP (2013)
iCAP (2014)
Iris (2015)
CaReSL (2013)
FCSL (2014)
TaDA (2014)
CoLoSL (2015)
Gotsman-al (2007)
HLRG (2010)
Bornat-al (2005)
RGSim (2012)
GPS (2014)Total-TaDA (2016)
FTCSL (2015)
Jacobs-Piessens (2011)
RSL (2013)
LiLi (2016)
Bell-al (2010)Hobor-al (2008)
FSL (2016)
Hobor-Gherghina (2011)
FSL++ (2017)
Disel (2018)
by Ilya Sergey !18
Concurrent Separation Logic (CSL)
!19
Separated States
σC
σ(r2)
σ(r1)
σFThe Code The Environment
The Shared Resources
!20
Separated States
σCσ(r2)
σ(r1)
σFThe Code The Environment
The Shared Resources
!20
Separated States
σC
σ(r2)
σ(r1)
σFThe Code The Environment
The Shared Resources
!20
Semantics of derivation trees
The semantics of a derivation tree
is an Asynchronous Transition System over separated states
• The initial states are all the separated states that satisfy P
• The final states all satisfy Q
• Each of the M satisfies G
• The edges/moves are of the form:!21
Machine Model of Separated States
!22
Two kinds of transitions:
States: separated states
Tiles: so that they correspond to tiles in
Asynchronous Graph Morphism
There is an asynchronous graph morphism
with
!23
Soundness theorems
• “A well specified program does not go wrong”
• Memory safety, etc…
• Data-race freedom
• Precondition, postcondition
!24
1-soundnessTheorem 1
is an op-fibration on Code transitions.
!25
2-soundnessTheorem 2
is a 2-fibration.
!26
The End
top related