Journal of Automated Reasoning

, Volume 63, Issue 2, pp 489–515 | Cite as

Verifying a Concurrent Garbage Collector with a Rely-Guarantee Methodology

  • Yannick ZakowskiEmail author
  • David Cachera
  • Delphine Demange
  • Gustavo Petri
  • David Pichardie
  • Suresh Jagannathan
  • Jan Vitek


Concurrent garbage collection algorithms are a challenge for program verification. In this paper, we address this problem by proposing a mechanized proof methodology based on the Rely-Guarantee proof technique. We design a compiler intermediate representation with strong type guarantees, dedicated support for abstract concurrent data structures, and high-level iterators on runtime internals. In addition, we define an Rely-Guarantee program logic supporting an incremental proof methodology where annotations and invariants can be progressively enriched. We formalize the intermediate representation, the proof system, and prove the soundness of the methodology in the Coq proof assistant. Equipped with this, we prove a fully concurrent garbage collector where mutators never have to wait for the collector.


Verified garbage collection Concurrency Coq Rely-guarantee 



We thank the anonymous reviewers and Peter Gammie for their thorough comments and suggestions on how to improve the final version of the paper. We also thank Vincent Laporte for his work earlier in this project, and his help on implementing parts of the garbage collector presented here. Our work is supported by the National Science Foundation under Grants CCF-1544542, CCF-1318227, CCF-1618732, ONR Award 503353, the Agence Nationale de la Recherche (ANR) under Grant 14-CE28-0004, and the European Research Council (ERC) under the European Union’s Horizon 2020 research and innovation program (Grant Agreement 695412).


  1. 1.
    Brookes, S.: A semantics for concurrent separation logic. Theor. Comput. Sci. 375(1–3), 227–270 (2007)MathSciNetCrossRefzbMATHGoogle Scholar
  2. 2.
    Davis, J., Myreen, M.O.: The reflective Milawa theorem prover is sound (down to the machine code that runs it). J. Autom. Reason. 55(2), 117–183 (2015)MathSciNetCrossRefzbMATHGoogle Scholar
  3. 3.
    De Moura, L., Bjørner, N.: Z3: an efficient SMT solver. In: Proceedings of the Theory and Practice of Software (TACAS) (2008)Google Scholar
  4. 4.
    Demange, D., Laporte, V., Zhao, L., Jagannathan, S., Pichardie, D., Vitek, J.: Plan B: a buffered memory model for Java. In: Symposium on Principles of Programming Languages (POPL) (2013)Google Scholar
  5. 5.
    Dijkstra, E.W., Lamport, L., Martin, A.J., Scholten, C.S., Steffens, E.F.M.: On-the-fly garbage collection: an exercise in cooperation. Commun. ACM 21(11), 966–975 (1978)CrossRefzbMATHGoogle Scholar
  6. 6.
    Doligez, D., Gonthier, G.: Portable, unobtrusive garbage collection for multiprocessor systems. In: Symposium on Principles of Programming Languages (POPL) (1994)Google Scholar
  7. 7.
    Doligez, D., Leroy, X.: A concurrent, generational garbage collector for a multithreaded implementation of ML. In: Symposium on Principles of Programming Languages (POPL) (1993)Google Scholar
  8. 8.
    Domani, T., Kolodner, E.K., Lewis, E., Salant, E.E., Barabash, K., Lahan, I., Levanoni, Y., Petrank, E., Yanover, I.: Implementing an on-the-fly garbage collector for Java. In: International Symposium on Memory Management (ISMM) (2000)Google Scholar
  9. 9.
    Elmas, T., Qadeer, S., Tasiran, S.: A calculus of atomic actions. In: Symposium on Principles of Programming Languages (POPL) (2009)Google Scholar
  10. 10.
    Gammie, P., Hosking, A.L., Engelhardt, K.: Relaxing safely: verified on-the-fly garbage collection for x86-TSO. In: Programming Language Design and Implementation (PLDI) (2015)Google Scholar
  11. 11.
    Gonthier, G.: Verifying the safety of a practical concurrent garbage collector. In: International Conference on Computer Aided Verification (CAV) (1996)Google Scholar
  12. 12.
    Havelund, K.: Mechanical verification of a garbage collector. In: International Parallel Processing Symposium and Symposium on Parallel and Distributed Processing (IPPS/SPDP) (1999)Google Scholar
  13. 13.
    Hawblitzel, C., Howell, J., Lorch, J.R., Narayan, A., Parno, B., Zhang, D., Zill, B.: Ironclad apps: end-to-end security via automated full-system verification. In: Conference on Operating Systems Design and Implementation (OSDI) (2014)Google Scholar
  14. 14.
    Hawblitzel, C., Petrank, E.: Automated verification of practical garbage collectors. In: Symposium on Principles of Programming Languages (POPL) (2009)Google Scholar
  15. 15.
    Hawblitzel, C., Petrank, E., Qadeer, S., Tasiran, S.: Automated and modular refinement reasoning for concurrent programs. In: International Conference on Computer Aided Verification (CAV) (2015)Google Scholar
  16. 16.
    Herlihy, M., Wing, J.M.: Linearizability: a correctness condition for concurrent objects. Trans. Program. Lang. Syst. (TOPLAS) 12(3), 463–492 (1990)CrossRefGoogle Scholar
  17. 17.
    Jagannathan, S., Laporte, V., Petri, G., Pichardie, D., Vitek, J.: Atomicity refinement for verified compilation. Trans. Program. Lang. Syst. (TOPLAS) 36(2), 6 (2014)Google Scholar
  18. 18.
    Jones, C.B.: Tentative steps toward a development method for interfering programs. Trans. Program. Lang. Syst. (TOPLAS) 5(4), 596–619 (1983)CrossRefzbMATHGoogle Scholar
  19. 19.
    Jones, R., Hosking, A., Moss, E.: The Garbage Collection Handbook. Chapman & Hall, London (2011)CrossRefGoogle Scholar
  20. 20.
  21. 21.
    Liang, H., Feng, X., Fu, M.: A rely-guarantee-based simulation for verifying concurrent program transformations. In: Symposium on Principles of Programming Languages (POPL) (2012)Google Scholar
  22. 22.
    Liang, H., Feng, X., Fu, M.: Rely-guarantee-based simulation for compositional verification of concurrent program transformations. Trans. Program. Lang. Syst. (TOPLAS) 36(1), 3 (2014)Google Scholar
  23. 23.
    McCreight, A., Chevalier, T., Tolmach, A.: A certified framework for compiling and executing garbage-collected languages. In: International Conference on Functional Programming (ICFP) (2010)Google Scholar
  24. 24.
    McCreight, A., Shao, Z., Lin, C., Li, L.: A general framework for certifying garbage collectors and their mutators. In: Programming Language Design and Implementation (PLDI) (2007)Google Scholar
  25. 25.
    Michael, M.M., Scott, M.L.: Simple, fast, and practical non-blocking and blocking concurrent queue algorithms. In: Symposium on Principles of Distributed Computing (PODC) (1996)Google Scholar
  26. 26.
    Myreen, M.O.: Reusable verification of a copying collector. In: Conference on Verified Software: Theories, Tools, Experiments (VSTTE) (2010)Google Scholar
  27. 27.
    O’Hearn, P.W.: Separation logic and concurrent resource management. In: International Symposium on Memory Management (ISMM) (2007)Google Scholar
  28. 28.
    Owicki, S., Gries, D.: An axiomatic proof technique for parallel programs I. Acta Inform. 6(4), 319–340 (1976)MathSciNetCrossRefzbMATHGoogle Scholar
  29. 29.
    Pavlovic, D., Pepper, P., Smith, D.R.: Formal derivation of concurrent garbage collectors. In: International Conference on Mathematics of Program Construction (MPC) (2010)Google Scholar
  30. 30.
    Pfenning, F., Elliott, C.: Higher-order abstract syntax. In: Programming Language Design and Implementation (PLDI) (1988)Google Scholar
  31. 31.
    Pizlo, F., Ziarek, L., Maj, P., Hosking, A.L., Blanton, E., Vitek, J.: Schism: fragmentation-tolerant real-time garbage collection. In: Programming Language Design and Implementation (PLDI) (2010)Google Scholar
  32. 32.
    Prensa Nieto, L.: the rely-guarantee method in Isabelle/HOL. In: European Conference on Programming (ESOP) (2003)Google Scholar
  33. 33.
    Reynolds, J.C.: Separation logic: a logic for shared mutable data structures. In: Symposium on Logic in Computer Science (LICS) (2002)Google Scholar
  34. 34.
    Sandberg Ericsson, A., Myreen, M.O., Åman Pohjola, J.: A verified generational garbage collector for CakeML. In: Ayala-Rincón, M., Muñoz, C. (eds.) Interactive Theorem Proving, pp. 444–461. Springer, Cham (2017)CrossRefGoogle Scholar
  35. 35.
    Sergey, I., Nanevski, A., Banerjee, A.: Mechanized verification of fine-grained concurrent programs. In: Programming Language Design and Implementation (PLDI) (2015)Google Scholar
  36. 36.
    Ševčík, J., Vafeiadis, V., Nardelli, F.Z., Jagannathan, S., Sewell, P.: CompcertTSO: a verified compiler for relaxed-memory concurrency. J. ACM 60(3), 22 (2013)MathSciNetzbMATHGoogle Scholar
  37. 37.
    Torp-Smith, N., Birkedal, L., Reynolds, J.C.: Local reasoning about a copying garbage collector. Trans. Program. Lang. Syst. (TOPLAS) 30(4), 24 (2008)zbMATHGoogle Scholar
  38. 38.
    Treiber, R.K.: Systems programming: coping with parallelism. Technical report, IBM Almaden Research Center (1986)Google Scholar
  39. 39.
    Vafeiadis, V.: Concurrent separation logic and operational semantics. Electron. Notes Theor. Comput. Sci. 276, 335–351 (2011)MathSciNetCrossRefzbMATHGoogle Scholar
  40. 40.
    Vafeiadis, V., Parkinson, M.J.: A marriage of rely/guarantee and separation logic. In: International Conference on Concurrency Theory (CONCUR) (2007)Google Scholar
  41. 41.
    Yang, J., Hawblitzel, C.: Safe to the last instruction: automated verification of a type-safe operating system. In: Programming Language Design and Implementation (PLDI) (2010)Google Scholar
  42. 42.
    Zakowski, Y., Cachera, D., Demange, D., Petri, G., Pichardie, D., Jagannathan, S., Vitek, J.: Verifying a concurrent garbage collector using a rely-guarantee methodology—companion website (2017). Accessed 31 Oct 2018
  43. 43.
    Zakowski, Y., Cachera, D., Demange, D., Pichardie, D.: Compilation of linearizable data structures—a mechanised RG logic for semantic refinement. In: Symposium on Applied Computing (SAC) (2018)Google Scholar

Copyright information

© Springer Nature B.V. 2018

Authors and Affiliations

  1. 1.Inria, CNRS, IRISAUniv RennesRennesFrance
  2. 2.IRIFUniversité Paris DiderotParisFrance
  3. 3.Purdue UniversityWest LafayetteUSA
  4. 4.Northeastern UniversityBostonUSA
  5. 5.Czech Technical UniversityPragueCzech Republic

Personalised recommendations