Cosmo: a concurrent separation logic for multicore OCaml
Multicore OCaml extends OCaml with support for shared-memory concurrency. It is equipped with a weak memory model, for which an operational semantics has been published. This begs the question: what reasoning rules can one rely upon while writing or verifying Multicore OCaml code? To answer it, we i...
Gespeichert in:
| Veröffentlicht in: | Proceedings of ACM on programming languages Jg. 4; H. ICFP; S. 1 - 29 |
|---|---|
| Hauptverfasser: | , , |
| Format: | Journal Article |
| Sprache: | Englisch |
| Veröffentlicht: |
ACM
02.08.2020
|
| Schlagworte: | |
| ISSN: | 2475-1421, 2475-1421 |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| Abstract | Multicore OCaml extends OCaml with support for shared-memory concurrency. It is equipped with a weak memory model, for which an operational semantics has been published. This begs the question: what reasoning rules can one rely upon while writing or verifying Multicore OCaml code? To answer it, we instantiate Iris, a modern descendant of Concurrent Separation Logic, for Multicore OCaml. This yields a low-level program logic whose reasoning rules expose the details of the memory model. On top of it, we build a higher-level logic, Cosmo, which trades off some expressive power in return for a simple set of reasoning rules that allow accessing nonatomic locations in a data-race-free manner, exploiting the sequentially-consistent behavior of atomic locations, and exploiting the release/acquire behavior of atomic locations. Cosmo allows both low-level reasoning, where the details of the Multicore OCaml memory model are apparent, and high-level reasoning, which is independent of this memory model. We illustrate this claim via a number of case studies: we verify several implementations of locks with respect to a classic, memory-model-independent specification. Thus, a coarse-grained application that uses locks as the sole means of synchronization can be verified in the Concurrent-Separation-Logic fragment of Cosmo, without any knowledge of the weak memory model. |
|---|---|
| AbstractList | Multicore OCaml extends OCaml with support for shared-memory concurrency. It is equipped with a weak memory model, for which an operational semantics has been published. This begs the question: what reasoning rules can one rely upon while writing or verifying Multicore OCaml code? To answer it, we instantiate Iris, a modern descendant of Concurrent Separation Logic, for Multicore OCaml. This yields a low-level program logic whose reasoning rules expose the details of the memory model. On top of it, we build a higher-level logic, Cosmo, which trades off some expressive power in return for a simple set of reasoning rules that allow accessing nonatomic locations in a data-race-free manner, exploiting the sequentially-consistent behavior of atomic locations, and exploiting the release/acquire behavior of atomic locations. Cosmo allows both low-level reasoning, where the details of the Multicore OCaml memory model are apparent, and high-level reasoning, which is independent of this memory model. We illustrate this claim via a number of case studies: we verify several implementations of locks with respect to a classic, memory-model-independent specification. Thus, a coarse-grained application that uses locks as the sole means of synchronization can be verified in the Concurrent-Separation-Logic fragment of Cosmo, without any knowledge of the weak memory model. |
| Author | Mével, Glen Pottier, François Jourdan, Jacques-Henri |
| Author_xml | – sequence: 1 givenname: Glen surname: Mével fullname: Mével, Glen organization: Inria, France / University of Paris-Saclay, France / CNRS, France / LRI, France – sequence: 2 givenname: Jacques-Henri surname: Jourdan fullname: Jourdan, Jacques-Henri organization: University of Paris-Saclay, France / CNRS, France / LRI, France – sequence: 3 givenname: François surname: Pottier fullname: Pottier, François organization: Inria, France |
| BackLink | https://hal.science/hal-02929998$$DView record in HAL |
| BookMark | eNpdkE9Lw0AQxRepYK3Fr5CbeIjuvyS73kpQKwR60fMyne7qSpItu6ngtze1FaSnGYbfe495l2TSh94Scs3oHWOyuBeSKl2pMzLlsipyJjmb_NsvyDylT0op00IqoadE1SF14SGDDEOPuxhtP2TJbiHC4EOfteHdY-ZCzLpdO3gM0WarGrr2ipw7aJOdH-eMvD09vtbLvFk9v9SLJkeu-ZCvoWSggIsNs-CwLFiFcuPKtXaqELrkDtAKtCg5CAejBnBduYo5cJQjihm5Pfh-QGu20XcQv00Ab5aLxuxvdNRordUXG9n8wGIMKUXrDPrh948hgm8No2bfkjm2NPI3J_xfwCn5A3RZZ4o |
| CitedBy_id | crossref_primary_10_1145_3622827 crossref_primary_10_1145_3656384 crossref_primary_10_1145_3622823 crossref_primary_10_1145_3632853 crossref_primary_10_1145_3729246 crossref_primary_10_1145_3473571 crossref_primary_10_1145_3729311 |
| Cites_doi | 10.1007/978-3-662-54434-1_17 10.1145/3158154 10.1007/978-3-662-46669-8_30 10.1007/978-3-642-32027-9 10.1145/3371102 10.1145/3211968 dx.10.1007/978-3-540-76637-7_3 10.1145/3140587.3062352 10.1006/inco.1994.1093 10.1145/2254064.2254084 10.1017/S0956796818000151 10.1145/3360568 10.1016/j.tcs.2006.12.024 10.1145/1190216.1190261 10.1007/978-3-319-63387-9_2 |
| ContentType | Journal Article |
| Copyright | Distributed under a Creative Commons Attribution 4.0 International License |
| Copyright_xml | – notice: Distributed under a Creative Commons Attribution 4.0 International License |
| DBID | AAYXX CITATION 1XC VOOES |
| DOI | 10.1145/3408978 |
| DatabaseName | CrossRef Hyper Article en Ligne (HAL) Hyper Article en Ligne (HAL) (Open Access) |
| DatabaseTitle | CrossRef |
| DatabaseTitleList | CrossRef |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Computer Science |
| EISSN | 2475-1421 |
| EndPage | 29 |
| ExternalDocumentID | oai:HAL:hal-02929998v1 10_1145_3408978 |
| GroupedDBID | AAKMM AAYFX AAYXX ACM AEFXT AEJOY AIKLT AKRVB ALMA_UNASSIGNED_HOLDINGS CITATION GUFHI LHSKQ M~E OK1 ROL 1XC VOOES |
| ID | FETCH-LOGICAL-c292t-ba61a8a23d1eafc6517c4df6b9f853962face3cec42a3fa292acb7f71faf02cc3 |
| ISICitedReferencesCount | 11 |
| ISICitedReferencesURI | http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=000685203700010&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| ISSN | 2475-1421 |
| IngestDate | Tue Oct 14 20:48:14 EDT 2025 Tue Nov 18 22:25:52 EST 2025 Sat Nov 29 07:48:19 EST 2025 |
| IsDoiOpenAccess | true |
| IsOpenAccess | true |
| IsPeerReviewed | true |
| IsScholarly | true |
| Issue | ICFP |
| Keywords | Weak memory Separation logic Concurrency Program verification |
| Language | English |
| License | Distributed under a Creative Commons Attribution 4.0 International License: http://creativecommons.org/licenses/by/4.0 |
| LinkModel | OpenURL |
| MeetingName | ICFP 2020 - 25th ACM SIGPLAN International Conference on Functional Programming |
| MergedId | FETCHMERGED-LOGICAL-c292t-ba61a8a23d1eafc6517c4df6b9f853962face3cec42a3fa292acb7f71faf02cc3 |
| ORCID | 0000-0002-9781-7097 0000-0002-1816-7605 0000-0002-4069-1235 |
| OpenAccessLink | https://hal.science/hal-02929998 |
| PageCount | 29 |
| ParticipantIDs | hal_primary_oai_HAL_hal_02929998v1 crossref_citationtrail_10_1145_3408978 crossref_primary_10_1145_3408978 |
| PublicationCentury | 2000 |
| PublicationDate | 2020-08-02 |
| PublicationDateYYYYMMDD | 2020-08-02 |
| PublicationDate_xml | – month: 08 year: 2020 text: 2020-08-02 day: 02 |
| PublicationDecade | 2020 |
| PublicationTitle | Proceedings of ACM on programming languages |
| PublicationYear | 2020 |
| Publisher | ACM |
| Publisher_xml | – name: ACM |
| References | e_1_2_2_25_1 e_1_2_2_24_1 Buisse Alexandre (e_1_2_2_6_1) 2011 e_1_2_2_7_1 e_1_2_2_21_1 e_1_2_2_2_1 e_1_2_2_3_1 Bornat Richard (e_1_2_2_4_1) 2005 Doko Marko (e_1_2_2_8_1) Vafeiadis Viktor (e_1_2_2_33_1) 2013 Lochbihler Andreas (e_1_2_2_22_1) 2012; 7211 Turon Aaron (e_1_2_2_30_1) 2012 e_1_2_2_9_1 e_1_2_2_29_1 Turon Aaron (e_1_2_2_31_1) 2014 Lamport Leslie (e_1_2_2_20_1) 1979; 28 e_1_2_2_28_1 e_1_2_2_27_1 e_1_2_2_26_1 Hobor Aquinas (e_1_2_2_13_1) 2008; 4960 e_1_2_2_12_1 e_1_2_2_10_1 Jung Ralf (e_1_2_2_14_1) 2019 Manson Jeremy (e_1_2_2_23_1) 2005 e_1_2_2_19_1 e_1_2_2_32_1 Kaiser Jan-Oliver (e_1_2_2_18_1) 2017 e_1_2_2_34_1 e_1_2_2_16_1 e_1_2_2_15_1 Jung Ralf (e_1_2_2_17_1) 2015 Batty Mark (e_1_2_2_1_1) 2011 Dolan Stephen (e_1_2_2_11_1) 2018 Boyland John (e_1_2_2_5_1) 2003; 2694 |
| References_xml | – volume-title: Iris Workshop. https://people.mpi-sws.org/ ~jung/iris/logatom-talk-2019 year: 2019 ident: e_1_2_2_14_1 – volume: 7211 start-page: 497 volume-title: Machine-Checked Formalisation. In European Symposium on Programming (ESOP) (Lecture Notes in Computer Science year: 2012 ident: e_1_2_2_22_1 – ident: e_1_2_2_9_1 doi: 10.1007/978-3-662-54434-1_17 – start-page: 242 year: 2018 ident: e_1_2_2_11_1 article-title: Bounding data races in space and time publication-title: Programming Language Design and Implementation (PLDI). – ident: e_1_2_2_15_1 doi: 10.1145/3158154 – ident: e_1_2_2_29_1 doi: 10.1007/978-3-662-46669-8_30 – ident: e_1_2_2_28_1 doi: 10.1007/978-3-642-32027-9 – start-page: 867 year: 2013 ident: e_1_2_2_33_1 article-title: Relaxed separation logic: a program logic for C11 concurrency. In ObjectOriented Programming publication-title: Systems, Languages, and Applications (OOPSLA). – ident: e_1_2_2_7_1 doi: 10.1145/3371102 – volume-title: Verification, Model Checking and Abstract Interpretation (VMCAI) (Lecture Notes in Computer Science ident: e_1_2_2_8_1 – ident: e_1_2_2_26_1 doi: 10.1145/3211968 – volume: 4960 start-page: 353 volume-title: Oracle Semantics for Concurrent Separation Logic. In European Symposium on Programming (ESOP) (Lecture Notes in Computer Science year: 2008 ident: e_1_2_2_13_1 – ident: e_1_2_2_12_1 doi: dx.10.1007/978-3-540-76637-7_3 – volume-title: Strong Logic for Weak Memory: Reasoning About Release-Acquire Consistency in Iris. In European Conference on Object-Oriented Programming (ECOOP). 17 : 1-17 : 29 year: 2017 ident: e_1_2_2_18_1 – ident: e_1_2_2_19_1 doi: 10.1145/3140587.3062352 – volume-title: A Step-Indexed Kripke Model of Separation Logic for Storable Locks. Electronic Notes in Theoretical Computer Science 276 ( year: 2011 ident: e_1_2_2_6_1 – start-page: 691 year: 2014 ident: e_1_2_2_31_1 article-title: GPS: navigating weak memory with ghosts, protocols, and separation. In Object-Oriented Programming publication-title: Systems, Languages, and Applications (OOPSLA). – ident: e_1_2_2_3_1 – start-page: 259 year: 2005 ident: e_1_2_2_4_1 article-title: Permission accounting in separation logic publication-title: Principles of Programming Languages (POPL). – ident: e_1_2_2_34_1 doi: 10.1006/inco.1994.1093 – start-page: 157 year: 2012 ident: e_1_2_2_30_1 article-title: Reagents: expressing and composing fine-grained concurrency publication-title: Programming Language Design and Implementation (PLDI). doi: 10.1145/2254064.2254084 – start-page: 637 year: 2015 ident: e_1_2_2_17_1 article-title: Iris: monoids and invariants as an orthogonal basis for concurrent reasoning publication-title: Principles of Programming Languages (POPL). – start-page: 55 year: 2011 ident: e_1_2_2_1_1 article-title: Mathematizing C+ + concurrency publication-title: Principles of Programming Languages (POPL). – volume: 2694 start-page: 55 volume-title: Checking Interference with Fractional Permissions. In Static Analysis Symposium (SAS) (Lecture Notes in Computer Science year: 2003 ident: e_1_2_2_5_1 – ident: e_1_2_2_16_1 doi: 10.1017/S0956796818000151 – start-page: 378 year: 2005 ident: e_1_2_2_23_1 article-title: The Java memory model publication-title: Principles of Programming Languages (POPL). – ident: e_1_2_2_24_1 – ident: e_1_2_2_2_1 doi: 10.1145/3360568 – volume: 28 year: 1979 ident: e_1_2_2_20_1 article-title: How to Make a Multiprocessor Computer That Correctly Executes Multiprocess Programs publication-title: IEEE Trans. Computers – ident: e_1_2_2_25_1 doi: 10.1016/j.tcs.2006.12.024 – ident: e_1_2_2_21_1 – ident: e_1_2_2_27_1 doi: 10.1145/1190216.1190261 – ident: e_1_2_2_10_1 – ident: e_1_2_2_32_1 doi: 10.1007/978-3-319-63387-9_2 |
| SSID | ssj0001934839 |
| Score | 2.201237 |
| Snippet | Multicore OCaml extends OCaml with support for shared-memory concurrency. It is equipped with a weak memory model, for which an operational semantics has been... |
| SourceID | hal crossref |
| SourceType | Open Access Repository Enrichment Source Index Database |
| StartPage | 1 |
| SubjectTerms | Computer Science Logic in Computer Science Programming Languages |
| Title | Cosmo: a concurrent separation logic for multicore OCaml |
| URI | https://hal.science/hal-02929998 |
| Volume | 4 |
| WOSCitedRecordID | wos000685203700010&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| journalDatabaseRights | – providerCode: PRVHPJ databaseName: ROAD: Directory of Open Access Scholarly Resources (ISSN International Center) customDbUrl: eissn: 2475-1421 dateEnd: 99991231 omitProxy: false ssIdentifier: ssj0001934839 issn: 2475-1421 databaseCode: M~E dateStart: 20170101 isFulltext: true titleUrlDefault: https://road.issn.org providerName: ISSN International Centre |
| link | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwtV1Lj9MwELbKwoELb7TLSxZCXFCgcZwm5hYFShfaUmkXaW-R64e2UpqsuqXaE_x1xo88KvawHLhYleNGrufreDyebwahN7AnUDnSPCCWkqMpAz2oVBAtAVBgjiyZsEThaTKfp2dnbDEY_G64MLsyqar06opd_FdRQx8I21Bn_0Hc7UuhAz6D0KEFsUN7I8Hn9eW6bgjnlfD5l06US_Jd2yq9K2HDCy371uSxfPc95-uyb6gu2o3Nxnpk-cxcK_horrXxLzSeztYon7lL95279_9SdiQzY_VK52n9yoXZiQJDjli1erk29ySbxpC270nq1Z5LgriAONID0azTYoQmcRBSR4N-r67p82qY9tB2nI8X1-t3alJhRHSYMlf5Zz-D9iQ7KRafxsX0eP5t_2kv7HCSTaE95yXMGYxDOG_u4Ph8myQxM2px9qvnpGMRTW01unbKjnhtJvLBT2PPorl13jjkrYFy-gDd8ycLnDlEPEQDVT1C95uqHdgr8ccotQD5iDPcwQN38MAWHhjggVt4YAuPJ-jH-PNpPgl8_YxAwA_bBks-CnnKSSRDxbUYxWEiqNTw_9NgpLER0VyoSChBCY80h-9wsUx0Emquh0SI6Ck6qOpKHSIMZi6L1VBLySQlQnIaahpLSmUSgYWXHqG3zRoUwieXNzVOysIR3-PCL9YRwu3AC5dP5e8hr2ER26cm_zmIrDB9ncCe3WTQc3S3g-cLdLDd_FQv0R2x264uN6-sqP8AzTtxvg |
| linkProvider | ISSN International Centre |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Cosmo%3A+A+Concurrent+Separation+Logic+for+Multicore+OCaml&rft.jtitle=Proceedings+of+ACM+on+programming+languages&rft.au=M%C3%A9vel%2C+Glen&rft.au=Jourdan%2C+Jacques-Henri&rft.au=Pottier%2C+Fran%C3%A7ois&rft.date=2020-08-02&rft.pub=ACM&rft.issn=2475-1421&rft.eissn=2475-1421&rft.volume=4&rft.issue=ICFP&rft_id=info:doi/10.1145%2F3408978&rft.externalDBID=HAS_PDF_LINK&rft.externalDocID=oai%3AHAL%3Ahal-02929998v1 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=2475-1421&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=2475-1421&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=2475-1421&client=summon |