Abstract
From Owicki-Gries' Resource Invariants and Jones' Rely/Guarantee to modern variants based on Separation Logic, axiomatic logics for concurrency require auxiliary state to explicitly relate the effect of all threads to the global invariant on the shared resource. Unfortunately, auxiliary state gives the proof of an individual thread access to the auxiliaries of all other threads. This makes proofs sensitive to the global context, which prevents local reasoning and compositionality.
To tame this historical difficulty of auxiliary state, we propose subjective auxiliary state, whereby each thread is verified using a self view (i.e., the thread's effect on the shared resource) and an other view (i.e., the collective effect of all the other threads). Subjectivity generalizes auxiliary state from stacks and heaps to user-chosen partial commutative monoids, which can eliminate the dependence on the global thread structure.
We employ subjectivity to formulate Subjective Concurrent Separation Logic as a combination of subjective auxiliary state and Concurrent Separation Logic. The logic yields simple, compositional proofs of coarse-grained concurrent programs that use auxiliary state, and scales to support higher-order recursive procedures that can themselves fork new threads. We prove the soundness of the logic with a novel denotational semantics of action trees and a definition of safety using rely/guarantee transitions over a large subjective footprint. We have mechanized the denotational semantics, logic, metatheory, and a number of examples by a shallow embedding in Coq.
Supplemental Material
- Richard Bornat, Cristiano Calcagno, PeterW. O'Hearn, and Matthew J. Parkinson. Permission accounting in separation logic. In POPL, 2005. Google Scholar
Digital Library
- Richard Bornat, Cristiano Calcagno, and Hongseok Yang. Variables as resource in separation logic. ENTCS, 155, 2006. Google Scholar
Digital Library
- Stephen Brookes. A semantics for concurrent separation logic. Theor. Comput. Sci., 375(1-3), 2007. Google Scholar
Digital Library
- Cristiano Calcagno, Peter W. O'Hearn, and Hongseok Yang. Local action and abstract separation logic. In LICS, 2007. Google Scholar
Digital Library
- Pedro da Rocha Pinto, Thomas Dinsdale-Young, Mike Dodds, Philippa Gardner, and Mark J. Wheelhouse. A simple abstraction for complex concurrent indexes. In OOPSLA, 2011. Google Scholar
Digital Library
- Thomas Dinsdale-Young, Mike Dodds, Philippa Gardner, Matthew J. Parkinson, and Viktor Vafeiadis. Concurrent abstract predicates. In ECOOP, 2010. Google Scholar
Digital Library
- Mike Dodds, Xinyu Feng, Matthew J. Parkinson, and Viktor Vafeiadis. Deny-guarantee reasoning. In ESOP, 2009. Google Scholar
Digital Library
- Xinyu Feng. Local rely-guarantee reasoning. In POPL, 2009. Google Scholar
Digital Library
- Xinyu Feng, Rodrigo Ferreira, and Zhong Shao. On the relationship between concurrent separation logic and assume-guarantee reasoning. In ESOP, 2007. Google Scholar
Digital Library
- Ming Fu, Yong Li, Xinyu Feng, Zhong Shao, and Yu Zhang. Reasoning about optimistic concurrency using a program logic for history. In CONCUR, 2010. Google Scholar
Digital Library
- Bart Jacobs and Frank Piessens. Expressive modular fine-grained concurrency specification. In POPL, 2011. Google Scholar
Digital Library
- Cliff B. Jones. Specification and design of (parallel) programs. In IFIP Congress, 1983.Google Scholar
- Cliff B. Jones. The role of auxiliary variables in the formal development of concurrent programs. Technical Report CS-TR-1179, University of Newcastle upon Tyne, Computing Science, 2009.Google Scholar
- Thomas Kleymann. Hoare logic and auxiliary variables. Formal Aspects of Computing, 11, 1999.Google Scholar
- Neelakantan R. Krishnaswami, Aaron Turon, Derek Dreyer, and Deepak Garg. Superficially substructural types. In ICFP, 2012. Google Scholar
Digital Library
- Ruy Ley-Wild and Aleksandar Nanevski. Supporting Material. https://software.imdea.org/Üaleks/scsl/, July 2012.Google Scholar
- Per Martin-L¨of. Haupstatz for the intuitionistic theory of iterated inductive definitions. In Scandinavian Logic Symposium, 1971.Google Scholar
Cross Ref
- The Coq development team. The Coq proof assistant reference manual. LogiCal Project, 2004. Version 8.0.Google Scholar
- Peter W. O'Hearn. Resources, concurrency, and local reasoning. Theor. Comput. Sci., 375(1-3), 2007. Google Scholar
Digital Library
- Susan S. Owicki. Axiomatic Proof Techniques for Parallel Programs. PhD thesis, Cornell University, 1975. Google Scholar
Digital Library
- Susan S. Owicki and David Gries. Verifying properties of parallel programs: An axiomatic approach. Commun. ACM, 19(5), 1976. Google Scholar
Digital Library
- Matthew J. Parkinson and Gavin M. Bierman. Separation logic and abstraction. In POPL, 2005. Google Scholar
Digital Library
- Matthew J. Parkinson, Richard Bornat, and Cristiano Calcagno. Variables as resource in Hoare logics. In LICS, 2006. Google Scholar
Digital Library
- Uday S. Reddy and John C. Reynolds. Syntactic control of interference for separation logic. In POPL, 2012. Google Scholar
Digital Library
- Viktor Vafeiadis. Concurrent separation logic and operational semantics. ENTCS, 276, 2011. Google Scholar
Digital Library
- Viktor Vafeiadis and Matthew J. Parkinson. A marriage of rely/guarantee and separation logic. In CONCUR, 2007. Google Scholar
Digital Library
Index Terms
Subjective auxiliary state for coarse-grained concurrency
Recommendations
Subjective auxiliary state for coarse-grained concurrency
POPL '13: Proceedings of the 40th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languagesFrom Owicki-Gries' Resource Invariants and Jones' Rely/Guarantee to modern variants based on Separation Logic, axiomatic logics for concurrency require auxiliary state to explicitly relate the effect of all threads to the global invariant on the shared ...
Coarse-grained transactions
POPL '10: Proceedings of the 37th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languagesTraditional transactional memory systems suffer from overly conservative conflict detection, yielding so-called false conflicts, because they are based on fine-grained, low-level read/write conflicts. In response, the recent trend has been toward ...
Sequential verification of serializability
POPL '10Serializability is a commonly used correctness condition in concurrent programming. When a concurrent module is serializable, certain other properties of the module can be verified by considering only its sequential executions. In many cases, concurrent ...







Comments