Abstract
Weaving a concurrency control protocol into a program is difficult and error-prone. One way to alleviate this burden is deterministic parallelism. In this well-studied approach to parallelisation, a sequential program is annotated with sections that can execute concurrently, with automatically injected control constructs used to ensure observable behaviour consistent with the original program.
This paper examines the formal specification and verification of these constructs. Our high-level specification defines the conditions necessary for correct execution; these conditions reflect program dependencies necessary to ensure deterministic behaviour. We connect the high-level specification used by clients of the library with the low-level library implementation, to prove that a client's requirements for determinism are enforced. Significantly, we can reason about program and library correctness without breaking abstraction boundaries.
To achieve this, we use concurrent abstract predicates, based on separation logic, to encapsulate racy behaviour in the library's implementation. To allow generic specifications of libraries that can be instantiated by client programs, we extend the logic with higher-order parameters and quantification. We show that our high-level specification abstracts the details of deterministic parallelism by verifying two different low-level implementations of the library.
Supplemental Material
- C. J. Bell, A. Appel, and D. Walker. Concurrent separation logic for pipelined parallelization. In SAS, 2009. Google Scholar
Digital Library
- E. D. Berger, T. Yang, T. Liu, and G. Novark.Grace: Safe multithreaded programming for C/C++. In OOPSLA, 2010. Google Scholar
Digital Library
- B. Biering, L. Birkedal, and N. Torp-Smith. BI-hyperdoctrines, higher-order separation logic, and abstraction. TOPLAS, 29(5), 2007. Google Scholar
Digital Library
- R. L. Bocchino, Jr., V. S. Adve, D. Dig, S. V. Adve, S. Heumann, R. Komuravelli, J. Overbey, P. Simmons, H. Sung, and M. Vakilian. A type and effect system for deterministic parallel Java. In OOPSLA '09, pages 97--116. ACM, 2009. Google Scholar
Digital Library
- J. Boyland. Checking interference with fractional permissions. In SAS, 2003. Google Scholar
Digital Library
- T. Dinsdale-Young, M. Dodds, P. Gardner, M. Parkinson, and V. Vafeiadis. Concurrent abstract predicates. In ECOOP, 2010. Google Scholar
Digital Library
- T. Dinsdale-Young, P. Gardner, and M. Wheelhouse. Abstraction and refinement for local reasoning. In VSTTE, 2010. Google Scholar
Digital Library
- M. Dodds, X. Feng, M. Parkinson, and V. Vafeiadis. Deny-guarantee reasoning. In ESOP, 2009. Google Scholar
Digital Library
- M. Dodds, S. Jagannathan, and M. J. Parkinson. Modular reasoning for deterministic parallelism. Computer laboratory technical report, University of Cambridge, 2010.Google Scholar
- X. Feng, R. Ferreira, and Z. Shao. On the relationship between concurrent separation logic and assume-guarantee reasoning. In ESOP, 2007. Google Scholar
Digital Library
- A. Gotsman, J. Berdine, B. Cook, N. Rinetzky, and M. Sagiv. Local reasoning for storable locks and threads. In APLAS, 2007. Google Scholar
Digital Library
- C. Haack, M. Huisman, and C. Hurlin. Reasoning about Java's Reentrant Locks. In APLAS, pages 171--187, 2008. Google Scholar
Digital Library
- C. A. R. Hoare and P. W. O'Hearn. Separation logic semantics for communicating processes. ENTCS, 212:3--25, 2008. Google Scholar
Digital Library
- A. Hobor, A. W. Appel, and F. Zappa Nardelli. Oracle semantics for concurrent separation logic. In ESOP, 2008. Google Scholar
Digital Library
- B. Jacobs and F. Piessens. Modular full functional specification and verification of lock-free data structures. Technical Report CW 551, Katholieke Universiteit Leuven, Dept. of Computer Science, 2009.Google Scholar
- C. B. Jones. Tentative steps toward a development method for interfering programs. TOPLAS, 5(4):596--619, 1983. Google Scholar
Digital Library
- N. R. Krishnaswami, L. Birkedal, and J. Aldrich. Verifying event-driven programs using ramified frame properties. In TLDI, 2010. Google Scholar
Digital Library
- K. R. M. Leino, P. Müller, and J. Smans. Deadlock-free channels and locks. In ESOP, 2010. Google Scholar
Digital Library
- A. Navabi, X. Zhang, and S. Jagannathan. Quasi-static Scheduling for Safe Futures. In PPoPP, pages 23--32. ACM, 2008. Google Scholar
Digital Library
- P. W. O'Hearn. Resources, concurrency and local reasoning. TCS, 2007. Google Scholar
Digital Library
- M. J. Parkinson and G. M. Bierman. Separation logic and abstraction. In POPL, pages 247--258, 2005. Google Scholar
Digital Library
- M. C. Rinard and M. S. Lam. Semantic Foundations of Jade. In POPL, pages 105--118. ACM, 1992. Google Scholar
Digital Library
- V. Vafeiadis. Modular Fine-Grained Concurrency Verification. PhD thesis, University of Cambridge, July 2007.Google Scholar
- J.Villard, É. Lozes,and C. Calcagno. Tracking heaps that hop with heap-hop. In TACAS, pages 275--279, 2010. Google Scholar
Digital Library
- A. Welc, S. Jagannathan, and A. Hosking. Safe Futures for Java. In OOPSLA, pages 439--435, 2005. Google Scholar
Digital Library
Index Terms
Modular reasoning for deterministic parallelism
Recommendations
Modular reasoning for deterministic parallelism
POPL '11: Proceedings of the 38th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languagesWeaving a concurrency control protocol into a program is difficult and error-prone. One way to alleviate this burden is deterministic parallelism. In this well-studied approach to parallelisation, a sequential program is annotated with sections that can ...
Verifying Custom Synchronization Constructs Using Higher-Order Separation Logic
Synchronization constructs lie at the heart of any reliable concurrent program. Many such constructs are standard (e.g., locks, queues, stacks, and hash-tables). However, many concurrent applications require custom synchronization constructs with ...
Variables as Resource for Shared-Memory Programs: Semantics and Soundness
Parkinson, Bornat, and Calcagno recently introduced a logic for partial correctness in which program variables are treated as resource, generalizing earlier work based on separation logic and permissions. An advantage of their approach is that it yields ...







Comments