Verifying Read-Copy Update Under RC11.

Read-Copy Update (RCU) is a key lock-free synchronisation mechanism that is used extensively in the Linux kernel. One use of RCU is safe memory reclamation in languages such as C/C++ that do not support garbage collection. Correctness of RCU is, however, difficult to verify, even when assuming sequentially consistent (SC) memory. In this paper, we develop and verify an RCU implementation under RC11 (a restricted version of C11 weak memory model, which includes relaxed and release-acquire accesses), increasing the verification challenge. Our proof technique is based on a notion of ownership, which we use to systematically track each thread’s read/write capabilities to each memory location. In our proof, we extend a recent Owicki-Gries logic for RC11, which we combine with our ownership model to show correctness. All our proofs have been mechanised in the Isabelle/HOL theorem prover.