Ori Lahav

Ori Lahav
Tel Aviv University | TAU

PhD

About

69
Publications
2,453
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
1,372
Citations
Citations since 2017
38 Research Items
1225 Citations
20172018201920202021202220230100200300
20172018201920202021202220230100200300
20172018201920202021202220230100200300
20172018201920202021202220230100200300

Publications

Publications (69)
Chapter
Full-text available
A four-valued semantics for the modal logic K is introduced. Possible worlds are replaced by a hierarchy of four-valued valuations, where the valuations of the first level correspond to valuations that are legal w.r.t. a basic non-deterministic matrix, and each level further restricts its set of valuations. The semantics is proven to be effective,...
Article
While causal consistency is one of the most fundamental consistency models weaker than sequential consistency, the decidability of safety verification for (finite-state) concurrent programs running under causally consistent shared memories is still unclear. In this article, we establish the decidability of this problem for two standard and well-stu...
Chapter
Full-text available
We study abstraction for crash-resilient concurrent objects using non-volatile memory (NVM). We develop a library-correctness criterion that is sound for ensuring contextual refinement in this setting, thus allowing clients to reason about library behaviors in terms of their abstract specifications, and library developers to verify their implementa...
Preprint
Full-text available
The rise of persistent memory is disrupting computing to its core. Our work aims to help programmers navigate this brave new world by providing a program logic for reasoning about x86 code that uses low-level operations such as memory accesses and fences, as well as persistency primitives such as flushes. Our logic, Pierogi, benefits from a simple...
Chapter
Full-text available
The rise of persistent memory is disrupting computing to its core. Our work aims to help programmers navigate this brave new world by providing a program logic for reasoning about x86 code that uses low-level operations such as memory accesses and fences, as well as persistency primitives such as flushes. Our logic, Pierogi , benefits from a simple...
Preprint
We study abstraction for crash-resilient concurrent objects using non-volatile memory (NVM). We develop a library correctness criterion that is sound for ensuring contextual refinement in this setting, thus allowing clients to reason about library behaviors in terms of their abstract specifications, and library developers to verify their implementa...
Article
Liveness properties, such as termination, of even the simplest shared-memory concurrent programs under sequential consistency typically require some fairness assumptions about the scheduler. Under weak memory models, we observe that the standard notions of thread fairness are insufficient, and an additional fairness property, which we call memory f...
Article
We study the problem of verifying the robustness of concurrent programs against a C11-style memory model that includes relaxed accesses and release/acquire accesses and fences, and show that this verification problem can be reduced to a standard reachability problem under sequential consistency. We further observe that existing robustness notions d...
Article
We study the formal semantics of non-volatile memory in the x86-TSO architecture. We show that while the explicit persist operations in the recent model of Raad et al. from POPL'20 only enforce order between writes to the non-volatile memory, it is equivalent, in terms of reachable states, to a model whose explicit persist operations mandate that p...
Preprint
Full-text available
We observe that the standard notion of thread fairness is insufficient for guaranteeing termination of even the simplest shared-memory programs under weak memory models. Guaranteeing termination requires additional model-specific fairness constraints, which we call memory fairness. In the case of acyclic declarative memory models, such as TSO and R...
Article
The advent of non-volatile memory (NVM) technologies is expected to transform how software systems are structured fundamentally, making the task of correct programming significantly harder. This is because ensuring that memory stores persist in the correct order is challenging, and requires low-level programming to flush the cache at appropriate po...
Preprint
We study the formal semantics of non-volatile memory in the x86-TSO architecture. We show that while the explicit persist operations in the recent model of Raad et al. from POPL'20 only enforce order between writes to the non-volatile memory, it is equivalent, in terms of reachable states, to a model whose explicit persist operations mandate that p...
Preprint
Weakestmo is a recently proposed memory consistency model that uses event structures to resolve the infamous "out-of-thin-air" problem. Although it has been shown to have important benefits over other memory models, its established compilation schemes are suboptimal in that they add more fences than necessary. In this paper, we prove the correctnes...
Conference Paper
We present an algorithm for automatically checking robustness of concurrent programs against C/C++11 release/acquire semantics, namely verifying that all program behaviors under release/acquire are allowed by sequential consistency. Our approach reduces robustness verification to a reachability problem under (instrumented) sequential consistency. W...
Article
Analyticity, also known as the subformula property, typically guarantees decidability of derivability in propositional sequent calculi. To utilize this fact, two substantial gaps have to be addressed: (i) What makes a sequent calculus analytic? and (ii) How do we obtain an efficient decision procedure for derivability in an analytic calculus? In th...
Article
We consider concurrent programs interacting with causally consistent shared memory. After describing the semantics of such programs, we outline several verification problems and survey some existing solutions.
Article
Full-text available
In the original publication, the corresponding author was indicated incorrectly. The correct corresponding author of the article should be Ori Lahav. The original article has been updated accordingly. © 2017 Springer International Publishing AG, part of Springer Nature
Chapter
Snapshot isolation (SI) is a standard transactional consistency model used in databases, distributed systems and software transactional memory (STM). Its semantics is formally defined both declaratively as an acyclicity axiom, and operationally as a concurrent algorithm with memory bearing timestamps.
Article
Full-text available
Concurrent libraries are the building blocks for concurrency. They encompass a range of abstractions (locks, exchangers, stacks, queues, sets) built in a layered fashion: more advanced libraries are built out of simpler ones. While there has been a lot of work on verifying such libraries in a sequentially consistent (SC) environment, little is know...
Article
Full-text available
We develop a new intermediate weak memory model, IMM, as a way of modularizing the proofs of correctness of compilation from concurrent programming languages with weak memory consistency semantics to mainstream multi-core architectures, such as POWER and ARM. We use IMM to prove the correctness of compilation from the promising semantics of Kang et...
Article
While the subformula property is usually a trivial consequence of cut-admissibility in sequent calculi, it is unclear in which cases the subformula property implies cut-admissibility. In this paper, we identify two wide families of propositional sequent calculi for which this is the case: the (generalized) subformula property is equivalent to cut-a...
Preprint
We develop a new intermediate weak memory model, IMM, as a way of modularizing the proofs of correctness of compilation from concurrent programming languages with weak memory consistency semantics to mainstream multi-core architectures, such as POWER and ARM. We use IMM to prove the correctness of compilation from the promising semantics of Kang et...
Preprint
Full-text available
Snapshot isolation (SI) is a standard transactional consistency model used in databases, distributed systems and software transactional memory (STM). It is formally defined both declaratively as an acyclicity axiom, and operationally as a concurrent algorithm with memory bearing timestamps. In this paper, we develop two simpler equivalent operation...
Chapter
Full-text available
We present SLR, the first expressive program logic for reasoning about concurrent programs under a weak memory model addressing the out-of-thin-air problem. Our logic includes the standard features from existing logics, such as RSL and GPS, that were previously known to be sound only under stronger memory models: (1) separation, (2) per-location in...
Chapter
Full-text available
Parallel snapshot isolation (PSI) is a standard transactional consistency model used in databases and distributed systems. We argue that PSI is also a useful formal model for software transactional memory (STM) as it has certain advantages over other consistency models. However, the formal PSI definition is given declaratively by acyclicity axioms,...
Conference Paper
Full-text available
Parallel snapshot isolation (PSI) is a standard transactional consistency model used in databases and distributed systems. We argue that PSI is also a useful formal model for software transactional memory (STM) as it has certain advantages over other consistency models. However, the formal PSI definition is given declaratively by acyclicity axioms,...
Article
Full-text available
We present a stateless model checking algorithm for verifying concurrent programs running under RC11, a repaired version of the C/C++11 memory model without dependency cycles. Unlike most previous approaches, which enumerate thread interleavings up to some partial order reduction improvements, our approach works directly on execution graphs and (in...
Article
Full-text available
Non-classical negations may fail to be contradictory-forming operators in more than one way, and they often fail also to respect fundamental meta-logical properties such as the replacement property. Such drawbacks are witnessed by intricate semantics and proof systems, whose philosophical interpretations and computational properties are found wanti...
Conference Paper
We identify two wide families of propositional sequent calculi for which cut-admissibility is a corollary of the subformula property. While the subformula property is often a simple consequence of cut-admissibility, our results shed light on the converse direction, and may be used to simplify cut-admissibility proofs in various propositional sequen...
Conference Paper
The C/C++11 memory model defines the semantics of concurrent memory accesses in C/C++, and in particular supports racy "atomic" accesses at a range of different consistency levels, from very weak consistency ("relaxed") to strong, sequential consistency ("SC"). Unfortunately, as we observe in this paper, the semantics of SC atomic accesses in C/C++...
Article
The C/C++11 memory model defines the semantics of concurrent memory accesses in C/C++, and in particular supports racy "atomic" accesses at a range of different consistency levels, from very weak consistency ("relaxed") to strong, sequential consistency ("SC"). Unfortunately, as we observe in this paper, the semantics of SC atomic accesses in C/C++...
Article
Despite many years of research, it has proven very difficult to develop a memory model for concurrent programming languages that adequately balances the conflicting desiderata of programmers, compilers, and hardware. In this paper, we propose the first relaxed memory model that (1) accounts for a broad spectrum of features from the C++11 concurrenc...
Conference Paper
Despite many years of research, it has proven very difficult to develop a memory model for concurrent programming languages that adequately balances the conflicting desiderata of programmers, compilers, and hardware. In this paper, we propose the first relaxed memory model that (1) accounts for a broad spectrum of features from the C++11 concurrenc...
Article
Full-text available
Concurrent programs have behaviors, which cannot be explained by interleaving execution of their threads on a single processing unit due to optimizations, which are performed by modern compilers and CPUs. How to correctly and completely define a semantics of a programming language, which accounts for the behaviors, is an open research problem. Ther...
Conference Paper
Weak memory models determine the behavior of concurrent programs. While they are often understood in terms of reorderings that the hardware or the compiler may perform, their formal definitions are typically given in a very different style—either axiomatic or operational. In this paper, we investigate to what extent weak behaviors of existing memor...
Article
Full-text available
Recent work has made great progress in verifying the forwarding correctness of networks . However, these approaches cannot be used to verify networks containing middleboxes, such as caches and firewalls, whose forwarding behavior depends on previously observed traffic. We explore how to verify reachability properties for networks that include such...
Chapter
Full-text available
We look at non-classical negations and their corresponding adjustment connectives from a modal viewpoint, over complete distributive lattices, and apply a very general mechanism in order to offer adequate analytic proof systems to logics that are based on them. Defining non-classical negations within usual modal semantics automatically allows one t...
Article
We introduce a strengthening of the release-Acquire fragment of the C11 memory model that (i) forbids dubious behaviors that are not observed in any implementation; (ii) supports fence instructions that restore sequential consistency; and (iii) admits an equivalent intuitive operational semantics based on point-to-point communication. This strength...
Article
We introduce a strengthening of the release-acquire fragment of the C11 memory model that (i) forbids dubious behaviors that are not observed in any implementation; (ii) supports fence instructions that restore sequential consistency; and (iii) admits an equivalent intuitive operational semantics based on point-to-point communication. This strength...
Conference Paper
We show that even in the absence of auxiliary variables, the well-known Owicki-Gries method for verifying concurrent programs is unsound for weak memory models. By strengthening its non-interference check, however, we obtain OGRA, a program logic that is sound for reasoning about programs in the release-acquire fragment of the C11 memory model. We...
Article
We prove that the extension of the known hypersequent calculus for standard first-order Gödel logic with usual rules for second-order quantifiers is sound and (cut-free) complete for Henkin-style semantics for second-order Gödel logic. The proof is semantic, and it is similar in nature to Schütte and Tait's proof of Takeuti's conjecture.
Conference Paper
Full-text available
Software-defined networking (SDN) is a new paradigm for operating and managing computer networks. SDN enables logically-centralized control over network devices through a "controller" --- software that operates independently of the network hardware. Network operators can run both in-house and third-party SDN programs on top of the controller, e.g.,...
Article
We develop a fully algorithmic approach to "taming" logics expressed Hilbert style, that is, reformulating them in terms of analytic sequent calculi and useful semantics. Our approach applies to Hilbert calculi extending the positive fragment of propositional classical logic with axioms of a certain general form that contain new unary connectives....
Article
Full-text available
Great progress has been made recently in verifying the correctness of router forwarding tables. However, these approaches do not work for networks containing middleboxes such as caches and firewalls whose forwarding behavior depends on previously observed traffic. We explore how to verify isolation properties in networks that include such "dynamic...
Conference Paper
Full-text available
Primal infon logic was proposed by Gurevich and Neeman as an efficient yet expressive logic for policy and trust management. It is a propositional multimodal subintuitionistic logic decidable in linear time. However in that logic the principle of the replacement of equivalents fails. For example, x∧y→z does not entail y∧x→z, and similarly w→x∧y∧z d...
Conference Paper
We study the question of when a given set of derivable rules in some basic analytic propositional sequent calculus forms itself an analytic calculus. First, a general syntactic criterion for analyticity in the family of pure sequent calculi is presented. Next, given a basic calculus admitting this criterion, we provide a method to construct weaker...
Conference Paper
We identify a wide family of analytic sequent calculi for propositional non-classical logics whose derivability problem can be uniformly reduced to SAT. The proposed reduction is based on interpreting these calculi using non-deterministic semantics. Its time complexity is polynomial, and, in fact, linear for a useful subfamily. We further study an...
Article
First order logic with transitive closure, and separation logic enable elegant interactive verification of heap-manipulating programs. However, undecidabilty results and high asymptotic complexity of checking validity preclude complete automatic verification of such programs, even when loop invariants and procedure contracts are specified as formul...
Conference Paper
First order logic with transitive closure, and separation logic enable elegant interactive verification of heap-manipulating programs. However, undecidabilty results and high asymptotic complexity of checking validity preclude complete automatic verification of such programs, even when loop invariants and procedure contracts are specified as formul...
Article
We define a general family of canonical labelled calculi, of which many previously studied sequent and labelled calculi are particular instances. We then provide a uniform and modular method to obtain finite-valued semantics for every canonical labelled calculus by introducing the notion of partial non-deterministic matrices. The semantics is appli...
Article
We identify a large family of fully structural propositional sequent systems, which we call basic systems. We present a general uniform method for providing (potentially, nondeterministic) strongly sound and complete Kripke-style semantics, which is applicable for every system of this family. In addition, this method can also be applied when: (i) s...
Article
We define a general family of hypersequent systems with well-behaved logical rules, of which the known hypersequent calculus for (propositional) Gödel logic, is a particular instance. We present a method to obtain (possibly, non-deterministic) many-valued semantics for every system of this family. The detailed semantic analysis provides simple char...
Conference Paper
We provide a general method for generating cutfree and/or analytic hypersequent Gentzen-type calculi for a variety of normal modal logics. The method applies to all modal logics characterized by Kripke frames, transitive Kripke frames, or symmetric Kripke frames satisfying some properties, given by first-order formulas of a certain simple form. Thi...
Article
We provide a constructive direct semantic proof of the completeness of the cut-free part of the hypersequent calculus HIF for the standard first-order Gödel logic (thereby proving both completeness of the calculus for its standard semantics, and the admissibility of the cut rule in the full calculus). The results also apply to derivations from assu...
Conference Paper
We automate the construction of analytic sequent calculi and effective semantics for a large class of logics formulated as Hilbert calculi. Our method applies to infinitely many logics, which include the family of paraconsistent C-systems, as well as to other logics for which neither analytic calculi nor suitable semantics have so far been availabl...
Article
We consider a family of sequent systems with "well-behaved" logical rules in which the cut rule and/or the identity-axiom are not present. We provide a semantic characterization of the logics induced by these systems in the form of non-deterministic three-valued or four-valued matrices. The semantics is used to study some important proof-theoretic...
Conference Paper
We provide a systematic and modular method to define non-deterministic finite-valued semantics for a natural and very general family of canonical labelled calculi, of which many previously studied sequent and labelled calculi are particular instances. This semantics is effective, in the sense that it naturally leads to a decision procedure for thes...
Article
Full-text available
We use non-deterministic finite-valued matrices to provide uniform effective semantics for a large family of logics, emerging from "well-behaved" sequent systems in which the cut rule and/or the identity-axiom are not present. We exploit this semantics to obtain important proof-theoretic properties of systems of this kind, such as cut-admissibility...
Article
Full-text available
We define the notion of a canonical Gödel system in the framework of single-conclusion hypersequent calculi. A corresponding general (nondeterministic) Gödel valuation semantics is developed, as well as a (nondeterministic) linear intuitionistic Kripke-frames semantics. We show that every canonical Gödel system induces a class of Gödel valuations (...
Conference Paper
Full-text available
We present a general method for providing Kripke semantics for the family of fully-structural multiple-conclusion propositional sequent systems. In particular, many well-known Kripke semantics for a variety of logics are easily obtained as special cases. This semantics is then used to obtain semantic characterizations of analytic sequent systems of...
Conference Paper
Full-text available
(Non-)deterministic Kripke-style semantics is used to characterize two syntactic properties of single-conclusion canonical sequent calculi: invertibility of rules and axiom-expansion. An alternative matrix-based formulation of such semantics is introduced, which provides an algorithm for checking these properties, and also new insights into basic c...
Conference Paper
Full-text available
We present a multiple-conclusion hypersequent system for the standard first-order Gödel logic. We provide a constructive, direct, and simple proof of the completeness of the cut-free part of this system, thereby proving both completeness for its standard semantics, and the admissibility of the cut rule in the full system. The results also apply to...
Article
Full-text available
Canonical inference rules and canonical systems are defined in the framework of non-strict single-conclusion sequent systems, in which the succeedents of sequents can be empty. Important properties of this framework are investigated, and a general non-deterministic Kripke-style semantics is provided. This general semantics is then used to provide a...
Conference Paper
Full-text available
We define the notions of a canonical inference rule and a canonical constructive system in the framework of strict single-conclusion Gentzen-type systems (or, equivalently, natural deduction systems), and develop a corresponding general non-deterministic Kripke-style semantics. We show that every strict constructive canonical system induces a class...
Conference Paper
Full-text available
We define the notions of a canonical inference rule and a canonical constructive system in the framework of strict single-conclusion Gentzen-type systems (or, equivalently, natural deduction systems), and develop a corresponding general non-deterministic Kripke-style semantics. We show that every constructive canonical system induces a class of non...

Network

Cited By