Abstract
Synchronization constructs lie at the heart of any reliable concurrent program. Many such constructs are standard (e.g., locks, queues, stacks, and hash-tables). However, many concurrent applications require custom synchronization constructs with special-purpose behavior. These constructs present a significant challenge for verification. Like standard constructs, they rely on subtle racy behavior, but unlike standard constructs, they may not have well-understood abstract interfaces. As they are custom built, such constructs are also far more likely to be unreliable.
This article examines the formal specification and verification of custom synchronization constructs. Our target is a library of channels used in automated parallelization to enforce sequential behavior between program statements. Our high-level specification captures the conditions necessary for correct execution; these conditions reflect program dependencies necessary to ensure sequential behavior. We connect the high-level specification with the low-level library implementation to prove that a client’s requirements are satisfied. Significantly, we can reason about program and library correctness without breaking abstraction boundaries.
To achieve this, we use a program logic called iCAP (impredicative Concurrent Abstract Predicates) based on separation logic. iCAP supports both high-level abstraction and low-level reasoning about races. We use this to show that our high-level channel specification abstracts three different, increasingly complex low-level implementations of the library. iCAP’s support for higher-order reasoning lets us prove that sequential dependencies are respected, while iCAP’s next-generation semantic model lets us avoid ugly problems with cyclic dependencies.
- C. J. Bell, A. Appel, and D. Walker. 2009. Concurrent separation logic for pipelined parallelization. In SAS. Google Scholar
Digital Library
- E. D. Berger, T. Yang, T. Liu, and G. Novark. 2010. Grace: Safe multithreaded programming for C/C++. In OOPSLA. Google Scholar
Digital Library
- L. Birkedal, R. E. Møgelberg, J. Schwinghammer, and K. Støvring. 2012. First steps in synthetic guarded domain theory: Step-indexing in the topos of trees. Logical Methods in Computer Science 8, 4 (2012).Google Scholar
- R. L. Bocchino Jr., V. S. Adve, D. Dig, S. V. Adve, S. Heumann, R. Komuravelli, J. Overbey, P. Simmons, H. Sung, and M. Vakilian. 2009. A type and effect system for deterministic parallel Java. In OOPSLA. Google Scholar
Digital Library
- R. Bornat, C. Calcagno, P. O’Hearn, and M. Parkinson. 2005. Permission accounting in separation logic. In POPL. Google Scholar
Digital Library
- M. Botinčan, M. Dodds, and S. Jagannathan. 2013. Resource-sensitive synchronization inference by abduction. TOPLAS 32, 2 (2013).Google Scholar
- P. da Rocha Pinto, T. Dinsdale-Young, M. Dodds, P. Gardner, and M. Wheelhouse. 2011. A simple abstraction for complex concurrent indexes. In OOPSLA. Google Scholar
Digital Library
- P. da Rocha Pinto, T. Dinsdale-Young, and P. Gardner. 2014. TaDA: A logic for time and data abstraction. In ECOOP.Google Scholar
- T. Dinsdale-Young, M. Dodds, P. Gardner, M. J. Parkinson, and V. Vafeiadis. 2010. Concurrent abstract predicates. In ECOOP. Google Scholar
Digital Library
- M. Dodds, X. Feng, M. J. Parkinson, and V. Vafeiadis. 2009. Deny-guarantee reasoning. In ESOP. Google Scholar
Digital Library
- M. Dodds, S. Jagannathan, and M. J. Parkinson. 2011. Modular reasoning for deterministic parallelism. In POPL. Google Scholar
Digital Library
- X. Feng, R. Ferreira, and Z. Shao. 2007. On the relationship between concurrent separation logic and assume-guarantee reasoning. In ESOP. Google Scholar
Digital Library
- A. Gotsman, J. Berdine, B. Cook, N. Rinetzky, and M. Sagiv. 2007. Local reasoning for storable locks and threads. In APLAS. Google Scholar
Digital Library
- C. Haack, M. Huisman, and C. Hurlin. 2008. Reasoning about Java’s reentrant locks. In APLAS. Google Scholar
Digital Library
- C. A. R. Hoare and P. W. O’Hearn. 2008. Separation logic semantics for communicating processes. ENTCS 212 (2008), 3--25. Google Scholar
Digital Library
- A. Hobor, A. W. Appel, and F. Z. Nardelli. 2008. Oracle semantics for concurrent separation logic. In ESOP. Google Scholar
Digital Library
- B. Jacobs and F. Piessens. 2009. Modular Full Functional Specification and Verification of Lock-Free Data Structures. Technical Report CW 551. Katholieke Universiteit Leuven, Dept. of Computer Science.Google Scholar
- C. B. Jones. 1983. Tentative steps toward a development method for interfering programs. TOPLAS 5, 4 (1983). Google Scholar
Digital Library
- N. R. Krishnaswami, L. Birkedal, and J. Aldrich. 2010. Verifying event-driven programs using ramified frame properties. In TLDI. Google Scholar
Digital Library
- K. R. M. Leino, P. Müller, and J. Smans. 2010. Deadlock-free channels and locks. In ESOP. Google Scholar
Digital Library
- A. Nanevski, R. Ley-Wild, I. Sergey, and G. A. Delbianco. 2014. Communicating state transition systems for fine-grained concurrent resources. In ESOP.Google Scholar
- A. Navabi, X. Zhang, and S. Jagannathan. 2008. Quasi-static scheduling for safe futures. In PPoPP. Google Scholar
Digital Library
- P. W. O’Hearn. 2007. Resources, concurrency and local reasoning. TCS 375, 1--3 (2007). Google Scholar
Digital Library
- M. J. Parkinson and G. M. Bierman. 2005. Separation logic and abstraction. In POPL. Google Scholar
Digital Library
- M. C. Rinard and M. S. Lam. 1992. Semantic foundations of Jade. In POPL. Google Scholar
Digital Library
- K. Svendsen and L. Birkedal. 2014a. Impredicative concurrent abstract predicates. In ESOP.Google Scholar
- K. Svendsen and L. Birkedal. 2014b. Impredicative Concurrent Abstract Predicates. Technical Report. Aarhus University. Retrieved from https://bitbucket.org/logsem/public/src/master/icap/esop2014-tr.pdf.Google Scholar
- K. Svendsen, L. Birkedal, and M. J. Parkinson. 2013. Joins: A case study in modular specification of a concurrent reentrant higher-order library. In ECOOP. Google Scholar
Digital Library
- A. Turon, D. Dreyer, and L. Birkedal. 2013. Unifying refinement and hoare-style reasoning in a logic for higher-order concurrency. In ICFP. Google Scholar
Digital Library
- V. Vafeiadis. 2007. Modular Fine-Grained Concurrency Verification. Ph.D. Dissertation. University of Cambridge.Google Scholar
- V. Vafeiadis and M. J. Parkinson. 2007. A marriage of rely/guarantee and separation logic. In CONCUR. Google Scholar
Digital Library
- J. Villard, É. Lozes, and C. Calcagno. 2010. Tracking heaps that hop with heap-hop. In TACAS. Google Scholar
Digital Library
- A. Welc, S. Jagannathan, and A. Hosking. 2005. Safe futures for Java. In OOPSLA. Google Scholar
Digital Library
- J. Wickerson, M. Dodds, and M. Parkinson. 2010. Explicit stabilisation for modular rely-guarantee reasoning. In ESOP. Google Scholar
Digital Library
Index Terms
Verifying Custom Synchronization Constructs Using Higher-Order Separation Logic
Recommendations
Iron: managing obligations in higher-order concurrent separation logic
Precise management of resources and the obligations they impose, such as the need to dispose of memory, close locks, and release file handles, is hard---especially in the presence of concurrency, when some resources are shared, and different threads ...
Interactive proofs in higher-order concurrent separation logic
POPL '17: Proceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming LanguagesWhen using a proof assistant to reason in an embedded logic -- like separation logic -- one cannot benefit from the proof contexts and basic tactics of the proof assistant. This results in proofs that are at a too low level of abstraction because they ...
Interactive proofs in higher-order concurrent separation logic
POPL '17When using a proof assistant to reason in an embedded logic -- like separation logic -- one cannot benefit from the proof contexts and basic tactics of the proof assistant. This results in proofs that are at a too low level of abstraction because they ...






Comments