A verified durable transactional mutex lock for persistent x86-TSO

IF 0.7 4区计算机科学 Q3 COMPUTER SCIENCE, THEORY & METHODS Formal Methods in System Design Pub Date : 2024-07-31 DOI:10.1007/s10703-024-00462-1

Eleni Vafeiadi Bila, Brijesh Dongol

{"title":"A verified durable transactional mutex lock for persistent x86-TSO","authors":"Eleni Vafeiadi Bila, Brijesh Dongol","doi":"10.1007/s10703-024-00462-1","DOIUrl":null,"url":null,"abstract":"The advent of non-volatile memory technologies has spurred intensive research interest in correctness and programmability. This paper addresses both by developing and verifying a durable (aka persistent) transactional memory (TM) algorithm, \\(\\text {dTML}_{\\text {Px86}}\\). Correctness of \\(\\text {dTML}_{\\text {Px86}}\\) is judged in terms of durable opacity, which ensures both failure atomicity (ensuring memory consistency after a crash) and opacity (ensuring thread safety). We assume a realistic execution model, Px86, which represents Intel’s persistent memory model and extends the Total Store Order memory model with instructions that control persistency. Our TM algorithm, \\(\\text {dTML}_{\\text {Px86}}\\), is an adaptation of an existing software transactional mutex lock, but with additional synchronisation mechanisms to cope with Px86. Our correctness proof is operational and comprises two distinct types of proofs: (1) proofs of invariants of \\(\\text {dTML}_{\\text {Px86}}\\) and (2) a proof of refinement against an operational specification that guarantees durable opacity. To achieve (1), we build on recent Owicki–Gries logics for Px86, and for (2) we use a simulation-based proof technique, which, as far as we are aware, is the first application of simulation-based proofs for Px86 programs. Our entire development has been mechanised in the Isabelle/HOL proof assistant.","PeriodicalId":12430,"journal":{"name":"Formal Methods in System Design","volume":"86 1","pages":""},"PeriodicalIF":0.7000,"publicationDate":"2024-07-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Formal Methods in System Design","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1007/s10703-024-00462-1","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}

引用次数: 0

Abstract

The advent of non-volatile memory technologies has spurred intensive research interest in correctness and programmability. This paper addresses both by developing and verifying a durable (aka persistent) transactional memory (TM) algorithm, \(\text {dTML}_{\text {Px86}}\). Correctness of \(\text {dTML}_{\text {Px86}}\) is judged in terms of durable opacity, which ensures both failure atomicity (ensuring memory consistency after a crash) and opacity (ensuring thread safety). We assume a realistic execution model, Px86, which represents Intel’s persistent memory model and extends the Total Store Order memory model with instructions that control persistency. Our TM algorithm, \(\text {dTML}_{\text {Px86}}\), is an adaptation of an existing software transactional mutex lock, but with additional synchronisation mechanisms to cope with Px86. Our correctness proof is operational and comprises two distinct types of proofs: (1) proofs of invariants of \(\text {dTML}_{\text {Px86}}\) and (2) a proof of refinement against an operational specification that guarantees durable opacity. To achieve (1), we build on recent Owicki–Gries logics for Px86, and for (2) we use a simulation-based proof technique, which, as far as we are aware, is the first application of simulation-based proofs for Px86 programs. Our entire development has been mechanised in the Isabelle/HOL proof assistant.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

用于持久 x86-TSO 的可验证持久事务互斥锁

非易失性内存技术的出现激发了人们对正确性和可编程性的浓厚研究兴趣。本文通过开发和验证一种耐用（又称持久）事务内存（TM）算法--\(\text {dTML}_{text {Px86}}\)来解决这两个问题。\(\text {dTML}_{text\{Px86}}\) 的正确性是根据持久不透明性来判断的，它同时确保了故障原子性（确保崩溃后内存的一致性）和不透明性（确保线程安全）。我们假设了一个现实的执行模型 Px86，它代表了英特尔的持久内存模型，并通过控制持久性的指令扩展了总存储顺序内存模型。我们的 TM 算法（\(text {dTML}_{\text {Px86}}/\）是对现有软件事务互斥锁的改编，但增加了额外的同步机制，以应对 Px86。我们的正确性证明是可操作的，包括两种不同类型的证明：（1）\(\text {dTML}_{\text {Px86}}\) 的不变量证明；（2）针对可操作规范的细化证明，该规范可保证持久不透明。为了实现(1)，我们以最近的 Px86 Owicki-Gries 逻辑为基础；为了实现(2)，我们使用了基于模拟的证明技术，据我们所知，这是首次将基于模拟的证明应用于 Px86 程序。我们的整个开发过程都在 Isabelle/HOL 证明助手中实现了机械化。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Formal Methods in System Design 工程技术-计算机：理论方法

CiteScore

2.00

自引率

12.50%

发文量

审稿时长

>12 weeks

期刊介绍： The focus of this journal is on formal methods for designing, implementing, and validating the correctness of hardware (VLSI) and software systems. The stimulus for starting a journal with this goal came from both academia and industry. In both areas, interest in the use of formal methods has increased rapidly during the past few years. The enormous cost and time required to validate new designs has led to the realization that more powerful techniques must be developed. A number of techniques and tools are currently being devised for improving the reliability, and robustness of complex hardware and software systems. While the boundary between the (sub)components of a system that are cast in hardware, firmware, or software continues to blur, the relevant design disciplines and formal methods are maturing rapidly. Consequently, an important (and useful) collection of commonly applicable formal methods are expected to emerge that will strongly influence future design environments and design methods.

期刊最新文献

Abstraction Modulo Stability PAC statistical model checking of mean payoff in discrete- and continuous-time MDP A verified durable transactional mutex lock for persistent x86-TSO Formally understanding Rust’s ownership and borrowing system at the memory level The hexatope and octatope abstract domains for neural network verification