Weak memory models implemented on modern multicore processors are known to affect the correctness of concurrent code. They can also affect whether or not the concurrent code is secure. This is particularly the case in programs where the security levels of variables are value-dependent, i.e., depend on the values of other variables. In this paper, we illustrate how instruction reordering allowed by ARM and POWER multicore processors leads to vulnerabilities in such programs, and present a compositional, flow-sensitive information-flow logic which can be used to detect such vulnerabilities. The logic allows step-local reasoning (one instruction at a time) about a thread’s security by tracking information about dependencies between instructions which guarantee their order of occurrence. Program security can then be established from individual thread security using rely/guarantee reasoning. The logic has been proved sound with respect to existing operational semantics using Isabelle/HOL, and implemented in an automatic symbolic execution tool.

众所周知，在现代多核处理器上实现的弱内存模型会影响并发代码的正确性。它们还会影响并发代码是否安全。在变量的安全级别取决于值的程序中尤其如此，即取决于其他变量的值。在本文中，我们说明了 ARM 和 POWER 多核处理器允许的指令重新排序如何导致此类程序中的漏洞，并提出可用于检测此类漏洞的组合式、流敏感信息流逻辑。该逻辑通过跟踪有关保证它们出现顺序的指令之间的依赖关系的信息，允许对线程的安全性进行局部推理（一次一条指令）。然后可以使用依赖/保证推理从单个线程安全性建立程序安全性。使用 Isabelle/HOL 的现有操作语义已证明该逻辑是合​​理的，并在自动符号执行工具中实现。