skip to main content

The anchor verifier for blocking and non-blocking concurrent software

Published:13 November 2020Publication History
Skip Abstract Section

Abstract

Verifying the correctness of concurrent software with subtle synchronization is notoriously challenging. We present the Anchor verifier, which is based on a new formalism for specifying synchronization disciplines that describes both (1) what memory accesses are permitted, and (2) how each permitted access commutes with concurrent operations of other threads (to facilitate reduction proofs). Anchor supports the verification of both lock-based blocking and cas-based non-blocking algorithms. Experiments on a variety concurrent data structures and algorithms show that Anchor significantly reduces the burden of concurrent verification.

Skip Supplemental Material Section

Supplemental Material

Auxiliary Presentation Video

This is the conference presentation accompanying the paper "The Anchor Verifier for Blocking and Non-Blocking Concurrent Software" published at OOPSLA 2020.

References

  1. Ralph-Johan Back. 1989. A Method for Refining Atomicity in Parallel Algorithms. In PARLE '89: Parallel Architectures and Languages Europe, Volume II: Parallel Languages. 199-216.Google ScholarGoogle ScholarCross RefCross Ref
  2. Michael Barnett, Bor-Yuh Evan Chang, Robert DeLine, Bart Jacobs, and K. Rustan M. Leino. 2005. Boogie: A Modular Reusable Verifier for Object-Oriented Programs. In Formal Methods for Components and Objects (FMCO). 364-387.Google ScholarGoogle Scholar
  3. Rudolf Bayer and Mario Schkolnick. 1977. Concurrency of Operations on B-Trees. Acta Inf. 9 ( 1977 ), 1-21.Google ScholarGoogle Scholar
  4. Stefan Blom, Saeed Darabi, Marieke Huisman, and Wytse Oortwijn. 2017. The VerCors Tool Set: Verification of Parallel and Concurrent Software. In IFM (Lecture Notes in Computer Science), Vol. 10510. Springer, 102-110. https://link.springer. com/chapter/10.1007/978-3-319-66845-1_7Google ScholarGoogle Scholar
  5. Stephen Brookes. 2007. A semantics for concurrent separation logic. TCS 375, 1-3 ( 2007 ), 227-270.Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Tej Chajed, M. Frans Kaashoek, Butler W. Lampson, and Nickolai Zeldovich. 2018. Verifying concurrent software using movers in CSPEC. In OSDI. 306-322.Google ScholarGoogle Scholar
  7. A. T. Chamillard, Lori A. Clarke, and George S. Avrunin. 1996. An Empirical Comparison of Static Concurrency Analysis Techniques. Technical Report 96-084. Department of Computer Science, University of Massachusetts at Amherst.Google ScholarGoogle Scholar
  8. David G. Clarke, John Potter, and James Noble. 1998. Ownership Types for Flexible Alias Protection. In OOPSLA. 48-64.Google ScholarGoogle Scholar
  9. Ernie Cohen, Markus Dahlweid, Mark A. Hillebrand, Dirk Leinenbach, Michal Moskal, Thomas Santen, Wolfram Schulte, and Stephan Tobies. 2009. VCC: A Practical System for Verifying Concurrent C. In Theorem Proving in Higher Order Logics (TPHOLs). 23-42.Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Ernie Cohen and Leslie Lamport. 1998. Reduction in TLA. In CONCUR (Lecture Notes in Computer Science), Davide Sangiorgi and Robert de Simone (Eds.), Vol. 1466. Springer, 317-331.Google ScholarGoogle Scholar
  11. Coq 2019. The Coq Proof Assistant. https://coq.inria.fr/Google ScholarGoogle Scholar
  12. Leonardo Mendonça de Moura and Nikolaj Bjørner. 2008. Z3: An Eficient SMT Solver. In TACAS. 337-340.Google ScholarGoogle Scholar
  13. Tayfun Elmas. 2010. QED: a proof system based on reduction and abstraction for the static verification of concurrent software. In ICSE. 507-508.Google ScholarGoogle Scholar
  14. Azadeh Farzan and Anthony Vandikas. 2020. Reductions for safety proofs. Proc. ACM Program. Lang. 4, POPL ( 2020 ), 13 : 1-13 : 28.Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Xinyu Feng. 2009. Local rely-guarantee reasoning. In POPL. 315-327.Google ScholarGoogle Scholar
  16. Cormac Flanagan and Stephen N. Freund. 2010. FastTrack: eficient and precise dynamic race detection. Commun. ACM 53, 11 ( 2010 ), 93-101.Google ScholarGoogle Scholar
  17. Cormac Flanagan and Stephen N. Freund. 2020. Software Artifact for Article “The Anchor Verifier for Blocking and Non-Blocking Concurrent Software". https://doi.org/10.5281/zenodo.4032624 Google ScholarGoogle ScholarCross RefCross Ref
  18. Cormac Flanagan, Stephen N. Freund, Marina Lifshin, and Shaz Qadeer. 2008. Types for atomicity: Static checking and inference for Java. ACM Trans. Program. Lang. Syst. 30, 4 ( 2008 ), 20 : 1-20 : 53.Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Cormac Flanagan, Stephen N. Freund, and Shaz Qadeer. 2002. Thread-Modular Verification for Shared-Memory Programs. In ESOP. 262-277.Google ScholarGoogle Scholar
  20. Cormac Flanagan, Stephen N. Freund, Shaz Qadeer, and Sanjit A. Seshia. 2005. Modular verification of multithreaded programs. TCS 338, 1-3 ( 2005 ), 153-183.Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Cormac Flanagan, Stephen N. Freund, and James R. Wilcox. 2018. VerifiedFT CIVL Implementation. https://github.com/ boogie-org/boogie/blob/3b7fc31f4ef3f8efc70c812e374c01384509b7f2/Test/civl/verified-ft.bplGoogle ScholarGoogle Scholar
  22. Cormac Flanagan, Amr Sabry, Bruce F. Duba, and Matthias Felleisen. 1993. The Essence of Compiling with Continuations. In PLDI. 237-247.Google ScholarGoogle Scholar
  23. Stephen N. Freund and Shaz Qadeer. 2004. Checking Concise Specifications for Multithreaded Software. Journal of Object Technology 3, 6 ( 2004 ), 81-101.Google ScholarGoogle ScholarCross RefCross Ref
  24. Patrice Godefroid. 1997. Model Checking for Programming Languages using Verisoft. In POPL. 174-186.Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Patrice Godefroid and Pierre Wolper. 1991. A Partial Approach to Model Checking. In LICS. 406-415.Google ScholarGoogle Scholar
  26. Ronghui Gu, Zhong Shao, Jieung Kim, Xiongnan (Newman) Wu, Jérémie Koenig, Vilhelm Sjöberg, Hao Chen, David Costanzo, and Tahina Ramananandro. 2018. Certified concurrent abstraction layers. In PLDI. 646-661.Google ScholarGoogle Scholar
  27. Timothy L. Harris. 2001. A Pragmatic Implementation of Non-blocking Linked-Lists. In DISC. 300-314.Google ScholarGoogle Scholar
  28. Chris Hawblitzel, Erez Petrank, Shaz Qadeer, and Serdar Tasiran. 2015. Automated and Modular Refinement Reasoning for Concurrent Programs. In CAV. 449-465.Google ScholarGoogle Scholar
  29. Steve Heller, Maurice Herlihy, Victor Luchangco, Mark Moir, William N. Scherer III, and Nir Shavit. 2005. A Lazy Concurrent List-Based Set Algorithm. In Principles of Distributed Systems. 3-16.Google ScholarGoogle Scholar
  30. Maurice Herlihy and Nir Shavit. 2008. The art of multiprocessor programming. Morgan Kaufmann.Google ScholarGoogle Scholar
  31. C. A. R. Hoare. 1974. Monitors: An Operating System Structuring Concept. CACM 17, 10 ( 1974 ), 549-557.Google ScholarGoogle Scholar
  32. Clif B. Jones. 1983. Tentative Steps Toward a Development Method for Interfering Programs. ACM Trans. Program. Lang. Syst. 5, 4 ( 1983 ), 596-619.Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Thomas W. Doeppner Jr. 1977. Parallel Program Correctness Through Refinement. In POPL. 155-169.Google ScholarGoogle Scholar
  34. Ralf Jung, Robbert Krebbers, Jacques-Henri Jourdan, Ales Bizjak, Lars Birkedal, and Derek Dreyer. 2018. Iris from the ground up: A modular foundation for higher-order concurrent separation logic. J. Funct. Program. 28 ( 2018 ), e20. https://doi.org/10.1017/S0956796818000151 Google ScholarGoogle ScholarCross RefCross Ref
  35. Ralf Jung, David Swasey, Filip Sieczkowski, Kasper Svendsen, Aaron Turon, Lars Birkedal, and Derek Dreyer. 2015. Iris: Monoids and Invariants as an Orthogonal Basis for Concurrent Reasoning. In POPL. 637-650.Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. Leslie Lamport. 1983. Specifying Concurrent Program Modules. ACM Trans. Program. Lang. Syst. 5, 2 ( 1983 ), 190-222.Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. Leslie Lamport and Fred B. Schneider. 1989. Pretending Atomicity. Research Report 44. DEC Systems Research Center.Google ScholarGoogle Scholar
  38. Claire Le Goues, K. Rustan M. Leino, and Michal Moskal. 2011. The Boogie Verification Debugger (Tool Paper). In Software Engineering and Formal Methods (SEFM). 407-414.Google ScholarGoogle Scholar
  39. Doug Lea. 2019. Concurrency JSR-166. http://gee.cs.oswego.edu/dl/concurrency-interest/index.htmlGoogle ScholarGoogle Scholar
  40. K. Rustan M. Leino. 2010. Dafny: An Automatic Program Verifier for Functional Correctness. In LPAR (Dakar) (Lecture Notes in Computer Science), Vol. 6355. Springer, 348-370.Google ScholarGoogle Scholar
  41. K. Rustan M. Leino, Peter Müller, and Jan Smans. 2009. Verification of Concurrent Programs with Chalice. In Foundations of Security Analysis and Design V, FOSAD 2007 / 2008 /2009 Tutorial Lectures. 195-222.Google ScholarGoogle Scholar
  42. LibLFDS 2019. LFDS 7.11 queue implementation. https://github.com/liblfds/liblfds7.1.1/tree/master/liblfds7.1.1/liblfds711/ src/lfds711_queue_bounded_singleproducer_singleconsumerGoogle ScholarGoogle Scholar
  43. Richard J. Lipton. 1975. Reduction: A Method of Proving Properties of Parallel Programs. Commun. ACM 18, 12 ( 1975 ), 717-721.Google ScholarGoogle Scholar
  44. Jacob R. Lorch, Yixuan Chen, Manos Kapritsos, Bryan Parno, Shaz Qadeer, Upamanyu Sharma, James R. Wilcox, and Xueyuan Zhao. 2020a. Armada: low-efort verification of high-performance concurrent programs. In PLDI. ACM, 197-210.Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. Jacob R. Lorch, Yixuan Chen, Manos Kapritsos, Bryan Parno, Shaz Qadeer, Upamanyu Sharma, James R. Wilcox, and Xueyuan Zhao. 2020b. Replication Package for Article "Armada: Low-Efort Verification of High-Performance Concurrent Programs". https://doi.org/10.1145/3395653 Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. Maged M. Michael. 2002. High performance dynamic lock-free hash tables and list-based sets. In SPAA. 73-82.Google ScholarGoogle Scholar
  47. Maged M. Michael. 2004. Hazard Pointers: Safe Memory Reclamation for Lock-Free Objects. IEEE Trans. Parallel Distrib. Syst. 15, 6 ( 2004 ), 491-504.Google ScholarGoogle ScholarDigital LibraryDigital Library
  48. Maged M. Michael and Michael L. Scott. 1996. Simple, Fast, and Practical Non-Blocking and Blocking Concurrent Queue Algorithms. In PODC. 267-275.Google ScholarGoogle Scholar
  49. Jayadev Misra. 2001. A Discipline of Multiprogramming-Programming Theory for Distributed Applications. Springer.Google ScholarGoogle ScholarDigital LibraryDigital Library
  50. Peter Müller, Malte Schwerhof, and Alexander J. Summers. 2016. Viper: A Verification Infrastructure for Permission-Based Reasoning. In Verification, Model Checking, and Abstract Interpretation, Barbara Jobstmann and K. Rustan M. Leino (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 41-62.Google ScholarGoogle Scholar
  51. Madanlal Musuvathi, Shaz Qadeer, Thomas Ball, Gerard Basler, Piramanayagam Arumuga Nainar, and Iulian Neamtiu. 2008. Finding and Reproducing Heisenbugs in Concurrent Programs. In OSDI.Google ScholarGoogle ScholarDigital LibraryDigital Library
  52. Peter W. O'Hearn. 2004. Resources, Concurrency and Local Reasoning. In CONCUR. 49-67.Google ScholarGoogle Scholar
  53. Doron A. Peled. 1994. Combining Partial Order Reductions with On-the-fly Model-Checking. In CAV. 377-390.Google ScholarGoogle Scholar
  54. Amr Sabry and Matthias Felleisen. 1992. Reasoning About Programs in Continuation-Passing Style. In LISP and Functional Programming. ACM, 288-298.Google ScholarGoogle Scholar
  55. R. K. Treiber. 1986. Systems Programming: Coping With Parallelism. Technical Report RJ 5118. IBM Almaden.Google ScholarGoogle Scholar
  56. Liqiang Wang and Scott D. Stoller. 2005. Static analysis of atomicity for programs with non-blocking synchronization. In PPOPP. 61-71.Google ScholarGoogle Scholar
  57. James R. Wilcox, Cormac Flanagan, and Stephen N. Freund. 2018. VerifiedFT: a verified, high-performance precise dynamic race detector. In PPOPP. 354-367.Google ScholarGoogle Scholar
  58. Fengwei Xu, Ming Fu, Xinyu Feng, Xiaoran Zhang, Hui Zhang, and Zhaohui Li. 2016. A Practical Verification Framework for Preemptive OS Kernels. In CAV. 59-79.Google ScholarGoogle Scholar
  59. Eran Yahav. 2001. Verifying Safety Properties of Concurrent Java Programs using 3-valued Logic. In POPL. 27-40.Google ScholarGoogle Scholar
  60. Jaeheon Yi, Tim Disney, Stephen N. Freund, and Cormac Flanagan. 2012. Cooperative types for controlling thread interference in Java. In ISSTA. 232-242.Google ScholarGoogle Scholar

Index Terms

  1. The anchor verifier for blocking and non-blocking concurrent software

          Recommendations

          Comments

          Login options

          Check if you have access through your login credentials or your institution to get full access on this article.

          Sign in

          Full Access

          PDF Format

          View or Download as a PDF file.

          PDF

          eReader

          View online with eReader.

          eReader
          About Cookies On This Site

          We use cookies to ensure that we give you the best experience on our website.

          Learn more

          Got it!