skip to main content
10.1145/1480881.1480885acmconferencesArticle/Chapter ViewAbstractPublication PagespoplConference Proceedingsconference-collections
research-article

A calculus of atomic actions

Published:21 January 2009Publication History

ABSTRACT

We present a proof calculus and method for the static verification of assertions and procedure specifications in shared-memory concurrent programs. The key idea in our approach is to use atomicity as a proof tool and to simplify the verification of assertions by rewriting programs to consist of larger atomic actions. We propose a novel, iterative proof style in which alternating use of abstraction and reduction is exploited to compute larger atomic code blocks in a sound manner. This makes possible the verification of assertions in the transformed program by simple sequential reasoning within atomic blocks, or significantly simplified application of existing concurrent program verification techniques such as the Owicki-Gries or rely-guarantee methods. Our method facilitates a clean separation of concerns where at each phase of the proof, the user worries only about only either the sequential properties or the concurrency control mechanisms in the program. We implemented our method in a tool called QED. We demonstrate the simplicity and effectiveness of our approach on a number of benchmarks including ones with intricate concurrency protocols.

References

  1. E. A. Ashcroft. Proving assertions about parallel programs. J. Comput. Syst. Sci., 10(1):110--135, 1975.Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. M. Barnett, B.-Y. E. Chang, R. DeLine, B. Jacobs, and K. R. M. Leino. Boogie: A modular reusable verifier for object-oriented programs. FMCO '05: 4th International Symposium on Formal Methods for Components and Objects, pages 364--387, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. S. Brookes. A semantics for concurrent separation logic. Theor. Comput. Sci., 375(1-3):227--270, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. J. W. Coleman and C. B. Jones. Guaranteeing the soundness of rely/guarantee rules. Journal of Logic and Computation, 17(4):807--841, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. F. S. de Boer, U. Hannemann, and W.-P. de Roever. A compositional proof system for shared variable concurrency. In FME'97: 4th International Symposium of Formal Methods Europe, volume 1313, pages 515--532. Springer-Verlag, 1997. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. L. M. de Moura and N. Björner. Z3: An efficient SMT solver. In TACAS '08: Proceedings of the 14th International Conference on Tools and Algorithms for the Construction and Analysis of Systems, volume 4963 of Lecture Notes in Computer Science, pages 337--340. Springer, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. E. W. Dijkstra. A Discipline of Programming. Prentice Hall PTR, Upper Saddle River, NJ, USA, 1997. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. T. Elmas, S. Qadeer, and S. Tasiran. A calculus of atomic actions. Technical Report MSR-TR-2008-99, Microsoft Research, 2008.Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. T. Elmas, S. Tasiran, and S. Qadeer. VYRD: Verifying concurrent programs by runtime refinement-violation detection. In PLDI '05: Proceedings of the 2005 ACM SIGPLAN conference on Programming Language Design and Implementation, pages 27--37, New York, NY, USA, 2005. ACM Press. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. C. Flanagan, S. N. Freund, and S. Qadeer. Exploiting purity for atomicity. IEEE Trans. Softw. Eng., 31(4):275--291, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. C. Flanagan, K. R. M. Leino, M. Lillibridge, G. Nelson, J. B. Saxe, and R. Stata. Extended static checking for Java. In PLDI '02: Proceedings of the ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation, pages 234--245, New York, NY, USA, 2002. ACM Press. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. C. Flanagan and S. Qadeer. Types for atomicity. In TLDI '03: Proceedings of the 2003 ACM SIGPLAN International Workshop on Types in Language Design and Implementation, pages 1--12, New York, NY, USA, 2003. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. S. Freund and S. Qadeer. Checking concise specifications for multithreaded software. Journal of Object Technology, 3(6):81--101, 2004.Google ScholarGoogle ScholarCross RefCross Ref
  14. M. Herlihy, V. Luchangco, and M. Moir. Obstruction-free synchronization: Double-ended queues as an example. In ICDCS '03: Proceedings of the 23rd International Conference on Distributed Computing Systems, pages 522--529, Washington, DC, USA, 2003. IEEE Computer Society. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. B. Jacobs, J. Smans, F. Piessens, and W. Schulte. A simple sequential reasoning approach for sound modular verification of mainstream multithreaded programs. Electron. Notes Theor. Comput. Sci., 174(9):23--47, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. C. B. Jones. Development Methods for Computer Programs including a Notion of Interference. PhD thesis, Oxford University, June 1981.Google ScholarGoogle Scholar
  17. L. Lamport. A new solution of Dijkstra's concurrent programming problem. Commun. ACM, 17(8):453--455, 1974. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. R. J. Lipton. Reduction: a method of proving properties of parallel programs. Commun. ACM, 18(12):717--721, 1975. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. M. M. Michael. Hazard pointers: Safe memory reclamation for lock-free objects. IEEE Trans. Parallel Distrib. Syst., 15(6):491--504, 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. P. W. O'Hearn, H. Yang, and J. C. Reynolds. Separation and information hiding. In POPL '04: Proceedings of the 31st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pages 268--280, New York, NY, USA, 2004. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. S. Owicki and D. Gries. Verifying properties of parallel programs: an axiomatic approach. Commun. ACM, 19(5):279--285, 1976. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. M. Parkinson, R. Bornat, and P. O'Hearn. Modular verification of a non-blocking stack. SIGPLAN Not., 42(1):297--302, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. L. Wang and S. D. Stoller. Static analysis for programs with non-blocking synchronization. In PPoPP '05: Proceedings of the ACM SIGPLAN 2005 Symposium on Principles and Practice of Parallel Programming, pages 61--71. ACM Press, June 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. L. Wang and S. D. Stoller. Runtime analysis of atomicity for multi-threaded programs. IEEE Transactions on Software Engineering, 32:93--110, Feb. 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Q. Xu, W. P. de Roever, and J. He. The rely-guarantee method for verifying shared variable concurrent programs. Formal Aspects of Computing, 9(2):149--174, 1997.Google ScholarGoogle ScholarCross RefCross Ref

Index Terms

  1. A calculus of atomic actions

                        Recommendations

                        Reviews

                        Ramesh S

                        Verification of partial correctness of shared-variable parallel programs is a very old subject. Nearly 35 years ago, Owicki and Gries proposed the first axiomatization of partial verification of parallel programs, using Hoare-style logic [1]. This and subsequent proposals to prove parallel program correctness brought out the complexity involved in proving parallel programs. All these proposals show that the correctness proofs require not only proof of correctness of sequential threads, but also proof of noninterference of the assertions used in the sequential proofs or the use of global invariants. Noninterference freedom proofs and global invariants are more difficult, which is probably why parallel program correctness is an academic exercise, restricted to a small class of interesting and well-known parallel programs. With the recent significant advances in constraint solving and the emergence of powerful satisfiability modulo theories (SMT) solvers, this paper attempts to automate the age-old problem of partial correctness of multithreaded programs. The authors propose a new proof technique that cleverly combines the classical strategy of reduction with a relatively new abstraction technique. This technique can be iteratively applied to convert a fine-grained concurrent program into an almost sequential program that can then be easily proved. The proof technique is implemented in a tool called QED; QED provides a number of handy tactics for reducing the parallel programs to a set of constraints that are then solved using the state-of-the-art SMT solver Z3. The authors evaluated the tool on a number of small- to medium-sized multithreaded programs. The paper is well written, has an illustrative introduction to the proposed methodology, and uses an interesting and nontrivial program. Examples are also given to explain the proposed method in further detail. The proof rules and tactic-based proof method are also explained well. In spite of the rich set of examples, the paper is so dense with technical material that beginners will initially have difficulty understanding it. It is interesting to note that the verification technique proposed in this paper is in direct contrast to the correct-by-construction approach suggested several years ago for developing correct parallel programs; in the correct-by-construction approach, parallel programs are derived from coarse-grained programs, in a number of well-defined steps, using a set of correctness-preserving refinement rules. Online Computing Reviews Service

                        Access critical reviews of Computing literature here

                        Become a reviewer for Computing Reviews.

                        Comments

                        Login options

                        Check if you have access through your login credentials or your institution to get full access on this article.

                        Sign in

                        PDF Format

                        View or Download as a PDF file.

                        PDF

                        eReader

                        View online with eReader.

                        eReader
                        About Cookies On This Site

                        We use cookies to ensure that we give you the best experience on our website.

                        Learn more

                        Got it!