• Publications
  • Influence
Concurrent Abstract Predicates
Abstraction is key to understanding and reasoning about large computer systems. Abstraction is simple to achieve if the relevant data structures are disjoint, but rather difficult when they areExpand
  • 236
  • 29
Modular fine-grained concurrency verification
Traditionally, concurrent data structures are protected by a single mutual exclusion lock so that only one thread may access the data structure at any time. This coarse-grained approach makes itExpand
  • 185
  • 29
A Marriage of Rely/Guarantee and Separation Logic
In the quest for tractable methods for reasoning about concurrent algorithms both rely/guarantee logic and separation logic have made great advances. They both seek to tame, or control, theExpand
  • 321
  • 25
Repairing sequential consistency in C/C++11
The C/C++11 memory model defines the semantics of concurrent memory accesses in C/C++, and in particular supports racy "atomic" accesses at a range of different consistency levels, from very weakExpand
  • 85
  • 16
A promising semantics for relaxed-memory concurrency
Despite many years of research, it has proven very difficult to develop a memory model for concurrent programming languages that adequately balances the conflicting desiderata of programmers,Expand
  • 75
  • 14
Concurrent Separation Logic and Operational Semantics
This paper presents a new soundness proof for concurrent separation logic (CSL) in terms of a standard operational semantics. The proof gives a direct meaning to CSL judgments, which can easily beExpand
  • 68
  • 12
Lightweight verification of separate compilation
Major compiler verification efforts, such as the CompCert project, have traditionally simplified the verification problem by restricting attention to the correctness of whole-program compilation,Expand
  • 34
  • 12
Relaxed separation logic: a program logic for C11 concurrency
We introduce relaxed separation logic (RSL), the first program logic for reasoning about concurrent programs running under the C11 relaxed memory model. From a user's perspective, RSL is an extensionExpand
  • 99
  • 11
Pilsner: a compositionally verified compiler for a higher-order imperative language
Compiler verification is essential for the construction of fully verified software, but most prior work (such as CompCert) has focused on verifying whole-program compilers. To support separateExpand
  • 60
  • 10
Taming release-acquire consistency
We introduce a strengthening of the release-acquire fragment of the C11 memory model that (i) forbids dubious behaviors that are not observed in any implementation; (ii) supports fence instructionsExpand
  • 56
  • 9