Jean Pichon-Pharabod's research while affiliated with Aarhus University and other places
What is this page?
This page lists the scientific contributions of an author, who either does not have a ResearchGate profile, or has not yet added these contributions to their profile.
It was automatically created by ResearchGate to create a record of this author's body of work. We create such pages to advance our goal of creating and maintaining the most comprehensive scientific repository possible. In doing so, we process publicly available (personal) data relating to the author as a member of the scientific community.
If you're a ResearchGate member, you can follow this page to keep up with this author's work.
If you are this author, and you don't want us to display this page anymore, please let us know.
It was automatically created by ResearchGate to create a record of this author's body of work. We create such pages to advance our goal of creating and maintaining the most comprehensive scientific repository possible. In doing so, we process publicly available (personal) data relating to the author as a member of the scientific community.
If you're a ResearchGate member, you can follow this page to keep up with this author's work.
If you are this author, and you don't want us to display this page anymore, please let us know.
Publications (15)
Virtual memory is an essential mechanism for enforcing security boundaries, but its relaxed-memory concurrency semantics has not previously been investigated in detail. The concurrent systems code managing virtual memory has been left on an entirely informal basis, and OS and hypervisor verification has had to make major simplifying assumptions. We...
Virtual memory is an essential mechanism for enforcing security boundaries, but its relaxed-memory concurrency semantics has not previously been investigated in detail. The concurrent systems code managing virtual memory has been left on an entirely informal basis, and OS and hypervisor verification has had to make major simplifying assumptions.
We...
WebAssembly (Wasm) is a new bytecode language supported by all major Web browsers, designed primarily to be an efficient compilation target for low-level languages such as C/C++ and Rust. It is unusual in that it is officially specified through a formal semantics. An initial draft specification was published in 2017 [14], with an associated mechani...
Modern JavaScript includes the SharedArrayBuffer feature, which provides access to true shared memory concurrency. SharedArrayBuffers are simple linear buffers of bytes, and the JavaScript specification defines an axiomatic relaxed memory model to describe their behaviour. While this model is heavily based on the C/C++11 model, it diverges in some...
Computing relies on architecture specifications to decouple hardware and software development. Historically these have been prose documents, with all the problems that entails, but research over the last ten years has developed rigorous and executable-as-test-oracle specifications of mainstream architecture instruction sets and “user-mode” concurre...
WebAssembly (Wasm) is a safe, portable virtual instruction set that can be hosted in a wide range of environments, such as a Web browser. It is a low-level language whose instructions are intended to compile directly to bare hardware. While the initial version of Wasm focussed on single-threaded computation, a recent proposal extends it with low-le...
C remains central to our infrastructure, making verification of C code an essential and much-researched topic, but the semantics of C is remarkably complex, and important aspects of it are still unsettled, leaving programmers and verification tool builders on shaky ground. This paper describes a tool, Cerberus-BMC, that for the first time provides...
We present SLR, the first expressive program logic for reasoning about concurrent programs under a weak memory model addressing the out-of-thin-air problem. Our logic includes the standard features from existing logics, such as RSL and GPS, that were previously known to be sound only under stronger memory models: (1) separation, (2) per-location in...
Despite much research on concurrent programming languages, especially for Java and C/C++, we still do not have a satisfactory definition of their semantics, one that admits all common optimisations without also admitting undesired behaviour. Especially problematic are the "thin-Air" examples involving high-performance concurrent accesses, such as C...
Despite much research on concurrent programming languages, especially for Java and C/C++, we still do not have a satisfactory definition of their semantics, one that admits all common optimisations without also admitting undesired behaviour. Especially problematic are the ``thin-air'' examples involving high-performance concurrent accesses, such as...
Despite decades of research, we do not have a satisfactory concurrency semantics for any general-purpose programming language that aims to support concurrent systems code. The Java Memory Model has been shown to be unsound with respect to standard compiler optimisations, while the C/C++11 model is too weak, admitting undesirable thin-air executions...
To improve performance, modern multiprocessors and programming languages typically implement relaxed memory models that do not require all processors/threads to observe memory operations in the same order. To relieve programmers from having to reason directly about these relaxed behaviors, languages often provide efficient synchronization primitive...
Citations
... An interesting and short-term one would be to extend FM-JIT with the speculation insertion of CoreJIT [Barrière et al. 2021], now that speculative instruction compilation is provably feasible. Another direction for future work is to extend our JIT to a more realistic input language, such as WebAssembly [Watt et al. 2021] which already has a semantics mechanized in Coq. ...
![[object Object]](https://i1.rgstatic.net/ii/profile.image/832765549355008-1575558187178_Q64/Martin-Bodin.jpg)
... Operational semantics furthermore can be divided into those following a microarchitectural style (providing formalizations of the actual hardware architecture) and those trying to abstract from architectures. Most notably, view-based semantics [14,21,31] avoid modelling specific hardware components and instead define the semantics in terms of views of thread on the shared state. Promises [22,24] are employed in operational semantics as a way of capturing out-of-order writes while still executing operations in thread order. ...
... There has been much work on developing axiomatic (declarative) models for memory consistency in parallel systems, at the ISA level [2], [36], [37], the microarchitectural level [12], [16], [38], and the programming language level [19], [39], [40], [41], [42]. There has also been work on constructing equivalent operationalizations for these models, e.g., for Power [2], ARMv8 [10], RA [8], C++ [7], and TSO [18], [9]. ...
... Several works have aimed at improving the security of WebAssembly [4], [9], [13], [14], [15]. CT-wasm [9] proposes a type system to check the constant-time policy. ...
... We note that the difficulties that arise in the attempt to formalise the C memory model stem from the tension between well-established compiler transformations as well as the need to support a multitude of hardware-level memory models seamlessly versus the well-known intricacies of programming correct shared-variable algorithms [48]. This will be an ongoing balancing act that involves many competing factors, especially and including efficiency, and, increasingly, safety and security [50]; if we were to take a position, it would be that sections of code -hopefully, relatively small and localised -can be protected from arbitrary transformations from compiler theory and practice. ...
![[object Object]](https://i1.rgstatic.net/ii/profile.image/272773029298199-1442045566647_Q64/Victor-Gomes-7.jpg)
... Owicki-Grieslike proof calculi have been proposed by a number of researchers [11,12,23,41], and have also recently been given for non-volatile memory [3,33]. Svendsen et al. [37] have developed a separation logic for promises for the C11 memory model. Wright et al. [41] have developed an Owicki-Gries proof system for out-of-order writes (as allowed by promises), but rely on pre-processing via the denotational MRD framework [30]. ...
![[object Object]](https://i1.rgstatic.net/ii/profile.image/11431281114570287-1674574295546_Q64/Marko-Doko.jpg)
![[object Object]](https://i1.rgstatic.net/ii/profile.image/277073131261953-1443070790231_Q64/Viktor-Vafeiadis.jpg)
... Architectures [2,3,39,42] exhibit weak memory concurrency behaviors due to various architectural features such as memory hierarchy, interconnect and so on for performance reason. To gain performance from these architectures, the high level programming languages also introduce primitives and a number of programming models for weak memory concurrency are defined [5,6,11,20,21,25,27,33,34,41,48]. In this paper we follow the C/C++ concurrency model [5,31,34]. ...
... Event structures is a mathematical formalism introduced by Winskel [1] as a semantic domain of concurrent programs. In recent years there has been renewed interest in event structures, with the applications of the theory ranging from relaxed memory models [2][3][4] to model-based mutation testing [5]. The main advantage of event structures compared to traditional interleaving semantics is that they give a more compact and concise representation of programs' behaviors. ...
... 5 The rmw1 and rmw2 constraints are needed for ensuring the right behavior of RMWs including their atomicity. The po-rf constraint is an addition of RC11 on top of C11, which is a conservative solution to the łout-of-thin-air" problem that arises if po ∪ rf-cycles are allowed [Batty et al. 2015;. ...
... -We provide a modular solution to the count down mechanism by supporting a thread-local abstraction on top of the usual global view on its shared counter. While this can be viewed as an instance of fictional separation logic [31], our use of thread-local abstraction goes beyond that by allowing the interference effects of parallel threads to be modularly and precisely aggregated. -We provide interpretations for our abstract predicates. ...
Reference: Automated Verification of CountDownLatch
