ABSTRACT
We present a proof calculus and method for the static verification of assertions and procedure specifications in shared-memory concurrent programs. The key idea in our approach is to use atomicity as a proof tool and to simplify the verification of assertions by rewriting programs to consist of larger atomic actions. We propose a novel, iterative proof style in which alternating use of abstraction and reduction is exploited to compute larger atomic code blocks in a sound manner. This makes possible the verification of assertions in the transformed program by simple sequential reasoning within atomic blocks, or significantly simplified application of existing concurrent program verification techniques such as the Owicki-Gries or rely-guarantee methods. Our method facilitates a clean separation of concerns where at each phase of the proof, the user worries only about only either the sequential properties or the concurrency control mechanisms in the program. We implemented our method in a tool called QED. We demonstrate the simplicity and effectiveness of our approach on a number of benchmarks including ones with intricate concurrency protocols.
- E. A. Ashcroft. Proving assertions about parallel programs. J. Comput. Syst. Sci., 10(1):110--135, 1975.Google Scholar
Digital Library
- M. Barnett, B.-Y. E. Chang, R. DeLine, B. Jacobs, and K. R. M. Leino. Boogie: A modular reusable verifier for object-oriented programs. FMCO '05: 4th International Symposium on Formal Methods for Components and Objects, pages 364--387, 2005. Google Scholar
Digital Library
- S. Brookes. A semantics for concurrent separation logic. Theor. Comput. Sci., 375(1-3):227--270, 2007. Google Scholar
Digital Library
- J. W. Coleman and C. B. Jones. Guaranteeing the soundness of rely/guarantee rules. Journal of Logic and Computation, 17(4):807--841, 2007. Google Scholar
Digital Library
- F. S. de Boer, U. Hannemann, and W.-P. de Roever. A compositional proof system for shared variable concurrency. In FME'97: 4th International Symposium of Formal Methods Europe, volume 1313, pages 515--532. Springer-Verlag, 1997. Google Scholar
Digital Library
- L. M. de Moura and N. Björner. Z3: An efficient SMT solver. In TACAS '08: Proceedings of the 14th International Conference on Tools and Algorithms for the Construction and Analysis of Systems, volume 4963 of Lecture Notes in Computer Science, pages 337--340. Springer, 2008. Google Scholar
Digital Library
- E. W. Dijkstra. A Discipline of Programming. Prentice Hall PTR, Upper Saddle River, NJ, USA, 1997. Google Scholar
Digital Library
- T. Elmas, S. Qadeer, and S. Tasiran. A calculus of atomic actions. Technical Report MSR-TR-2008-99, Microsoft Research, 2008.Google Scholar
Digital Library
- T. Elmas, S. Tasiran, and S. Qadeer. VYRD: Verifying concurrent programs by runtime refinement-violation detection. In PLDI '05: Proceedings of the 2005 ACM SIGPLAN conference on Programming Language Design and Implementation, pages 27--37, New York, NY, USA, 2005. ACM Press. Google Scholar
Digital Library
- C. Flanagan, S. N. Freund, and S. Qadeer. Exploiting purity for atomicity. IEEE Trans. Softw. Eng., 31(4):275--291, 2005. Google Scholar
Digital Library
- C. Flanagan, K. R. M. Leino, M. Lillibridge, G. Nelson, J. B. Saxe, and R. Stata. Extended static checking for Java. In PLDI '02: Proceedings of the ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation, pages 234--245, New York, NY, USA, 2002. ACM Press. Google Scholar
Digital Library
- C. Flanagan and S. Qadeer. Types for atomicity. In TLDI '03: Proceedings of the 2003 ACM SIGPLAN International Workshop on Types in Language Design and Implementation, pages 1--12, New York, NY, USA, 2003. ACM. Google Scholar
Digital Library
- S. Freund and S. Qadeer. Checking concise specifications for multithreaded software. Journal of Object Technology, 3(6):81--101, 2004.Google Scholar
Cross Ref
- M. Herlihy, V. Luchangco, and M. Moir. Obstruction-free synchronization: Double-ended queues as an example. In ICDCS '03: Proceedings of the 23rd International Conference on Distributed Computing Systems, pages 522--529, Washington, DC, USA, 2003. IEEE Computer Society. Google Scholar
Digital Library
- B. Jacobs, J. Smans, F. Piessens, and W. Schulte. A simple sequential reasoning approach for sound modular verification of mainstream multithreaded programs. Electron. Notes Theor. Comput. Sci., 174(9):23--47, 2007. Google Scholar
Digital Library
- C. B. Jones. Development Methods for Computer Programs including a Notion of Interference. PhD thesis, Oxford University, June 1981.Google Scholar
- L. Lamport. A new solution of Dijkstra's concurrent programming problem. Commun. ACM, 17(8):453--455, 1974. Google Scholar
Digital Library
- R. J. Lipton. Reduction: a method of proving properties of parallel programs. Commun. ACM, 18(12):717--721, 1975. Google Scholar
Digital Library
- M. M. Michael. Hazard pointers: Safe memory reclamation for lock-free objects. IEEE Trans. Parallel Distrib. Syst., 15(6):491--504, 2004. Google Scholar
Digital Library
- P. W. O'Hearn, H. Yang, and J. C. Reynolds. Separation and information hiding. In POPL '04: Proceedings of the 31st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pages 268--280, New York, NY, USA, 2004. ACM. Google Scholar
Digital Library
- S. Owicki and D. Gries. Verifying properties of parallel programs: an axiomatic approach. Commun. ACM, 19(5):279--285, 1976. Google Scholar
Digital Library
- M. Parkinson, R. Bornat, and P. O'Hearn. Modular verification of a non-blocking stack. SIGPLAN Not., 42(1):297--302, 2007. Google Scholar
Digital Library
- L. Wang and S. D. Stoller. Static analysis for programs with non-blocking synchronization. In PPoPP '05: Proceedings of the ACM SIGPLAN 2005 Symposium on Principles and Practice of Parallel Programming, pages 61--71. ACM Press, June 2005. Google Scholar
Digital Library
- L. Wang and S. D. Stoller. Runtime analysis of atomicity for multi-threaded programs. IEEE Transactions on Software Engineering, 32:93--110, Feb. 2006. Google Scholar
Digital Library
- Q. Xu, W. P. de Roever, and J. He. The rely-guarantee method for verifying shared variable concurrent programs. Formal Aspects of Computing, 9(2):149--174, 1997.Google Scholar
Cross Ref
Index Terms
A calculus of atomic actions
Recommendations
A calculus of atomic actions
POPL '09We present a proof calculus and method for the static verification of assertions and procedure specifications in shared-memory concurrent programs. The key idea in our approach is to use atomicity as a proof tool and to simplify the verification of ...
QED: a proof system based on reduction and abstraction for the static verification of concurrent software
ICSE '10: Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 2We present a proof system and supporting tool, QED, for the static verification of concurrent software. Our key idea is to simplify the verification of a program by rewriting it with larger atomic actions. We demonstrated the simplicity and ...
Exploiting purity for atomicity
The notion that certain procedures are atomic is a fundamental correctness property of many multithreaded software systems. A procedure is atomic if for every execution there is an equivalent serial execution in which the actions performed by any thread ...









Comments