Abstract
This paper gives a self-contained presentation of the temporal logic Rely-Guarantee Interval Temporal Logic (RGITL). The logic is based on interval temporal logic (ITL) and higher-order logic. It extends ITL with explicit interleaved programs and recursive procedures. Deduction is based on the principles of symbolic execution and induction, known from the verification of sequential programs, which are transferred to a concurrent setting with temporal logic. We include an interleaving operator with compositional semantics. As a consequence, the calculus permits proving decomposition theorems which reduce reasoning about an interleaved program to reasoning about individual threads. A central instance of such theorems are rely-guarantee (RG) rules, which decompose global safety properties. We show how the correctness of such rules can be formally derived in the calculus. Decomposition theorems for other global properties are also derivable, as we show for the important progress property of lock-freedom. RGITL is implemented in the interactive verification environment KIV. It has been used to mechanize various proofs of concurrent algorithms, mainly in the area oflinearizable and lock-free algorithms.
Similar content being viewed by others
References
Abadi, M., Lamport, L.: Composing specifications. In: de Bakker, J.W., de Roever, W.P., Rozenberg, G. (eds.) Stepwise Refinement of Distributed Systems - Models, Formalisms, Correctness, vol. 430, pp. 1–41. Springer LNCS, Berlin (1989)
Abadi, M., Lamport, L.: Conjoining Specifications. ACM Transactions on Programming Languages and Systems, pp. 507–534 (1995)
Adve, S.V., Gharachorloo, K.: Shared memory consistency models: a tutorial. IEEE Comput. 29, 66–76 (1995)
Apt, K.R., de Boer, F., Olderog, E.R.: Verification of Sequential and Concurrent Programs, 3rd edn. Springer (2009)
Bäumler, S., Balser, M., Nafz, F., Reif, W., Schellhorn, G.: Interactive verification of concurrent systems using symbolic execution. AI Commun. 23(2, 3), 285–307 (2010)
Bäumler, S., Schellhorn, G., Tofan, B., Reif, W.: Proving linearizability with temporal logic. FAC J. 23(1), 91–112 (2011)
Bjørner, N., Manna, Z., Sipma, H., Uribe, T.: Deductive verification of real-time systems using STeP. Theor. Comput. Sci. 253(1) (2001)
Börger, E., Stärk, R.F.: Abstract State Machines — A Method for High-Level System Design and Analysis. Springer (2003)
Brookes, S.: A semantics for concurrent separation logic. Theor. Comput. Sci. 375(1–3), 227–270 (2007)
Burstall, R.M.: Program proving as hand simulation with a little induction. Inf. Process. 74, 309–312 (1974)
Cau, A., Moszkowski, B.: Using PVS for Interval Temporal Logic proofs. Part 1: The syntactic and semantic encoding. Tech. rep., De Montfort University (1996)
Cau, A., Moszkowski, B.: ITL – Interval Temporal Logic. Software Technology Research Laboratory. De Montfort University, UK. www.tech.dmu.ac.uk/STRL/ITL (2013). Accessed 1 July 2013
Coleman, J.W., Jones, C.B.: A structural proof of the soundness of rely/guarantee rules. J. Log. Comput. 17, 807–841 (2007)
Doherty, S., Groves, L., Luchangco, V., Moir, M.: Formal verification of a practical lock-free queue algorithm. In: FORTE 2004, LNCS, vol. 3235, pp. 97–114 (2004)
Dongol, B., Derrick, J., Hayes, I.J.: Fractional permissions and non-deterministic evaluators in interval temporal logic. ECEASST 53 (2012)
Floyd, R.W.: Assigning meanings to programs. In: Schwartz, J.T. (ed.) Proceedings of the Symposium on Applied Mathematics, vol. 19, pp. 19–32. American Mathematical Society (1967)
Gotsman, A., Cook, B., Parkinson, M., Vafeiadis, V.: Proving that nonblocking algorithms don’t block. In: POPL, pp. 16–28. ACM (2009)
Groves, L.: Verifying michael and scott’s lock-free queue algorithm using trace reduction. In: Proceedings on CATS ’08, pp. 133–142. Australian Computer Society Inc (2008)
Guelev, D.P., Van Hung, D.: Prefix and projection onto state in duration calculus. Electr. Notes Theor. Comput. Sci. 65(6), 101–119 (2002)
Harel, D., Kozen, D., Tiuryn, J.: Dynamic Logic. MIT Press (2000)
Herlihy, M., Wing, J.: Linearizability: a correctness condition for concurrent objects. ACM Trans. Prog. Lang. Syst. 12(3), 463–492 (1990)
Holzmann, G.: The Spin Model Checker: Primer and Reference Manual. Addison Wesley (2003)
Jacobs, B., Piessens, F.: The VeriFast Program Verifier. Technical Report CW-520. KU Leuven (2008)
Jones, C.B.: Development Methods for Computer Programs Including a Notion of Interference. Ph.D. thesis, Oxford University. Available as Programming Research Group Technical Monograph 25 (1981)
Jones, C.B.: Specification and design of (parallel) programs. In: Proceedings of IFIP’83, pp. 321–332. North-Holland (1983)
King, J.C.: A Program Verifier. Ph.D. Thesis. Carnegie Mellon University (1970)
KIV Download: http://www.informatik.uni-augsburg.de/lehrstuehle/swt/se/kiv (2012). Accessed 1 September 2013
KIV: Presentation of a higher-order specifications of RGITL. http://www.informatik.uni-augsburg.de/swt/projects/RGITL.html (2012). Accessed 1 September 2013
KIV: Presentation of proofs for concurrent algorithms in RGITL. http://www.informatik.uni-augsburg.de/swt/projects/lock-free.html (2013). Accessed 1 September 2013
Lamport, L.: The temporal logic of actions. ACM Trans. Program. Lang. Syst. 16(3), 872–923 (1994). doi:10.1145/177492.177726
Manna, Z., Pnueli, A.: Temporal Verification of Reactive Systems – Safety. Springer (1995)
Manna, Z., Pnuelli, A.: Temporal verification diagrams. In: Hagiya, M., Mitchell, J. (eds.) International Symposium on Theoretical Aspects of Computer Software, vol. 789, pp. 726–765. Springer Verlag (1994)
Massalin, H., Pu, C.: A Lock-Free Multiprocessor OS Kernel. Tech. Rep. CUCS-005-91. Columbia University (1991)
Michael, M.M.: Hazard pointers: safe memory reclamation for lock-free objects. IEEE Trans. Parallel Distrib. Syst 15(6), 491–504 (2004)
Michael, M.M., Scott, M.L.: Simple, fast, and practical non-blocking and blocking concurrent queue algorithms. In: Proceedings of the 15th ACM Symposium on Principles of Distributed Computing, pp. 267–275 (1996)
Misra, J., Chandy, K.M.: Proofs of networks of processes. IEEE Trans. Softw. Eng. 7, 417–426 (1981)
Moore, J.S.: A mechanically checked proof of a multiprocessor result via a uniprocessor view. Form. Methods Syst. Des. 14, 213–228 (1999)
Moszkowski, B.: A temporal logic for multilevel reasoning about hardware. IEEE Comput. 18(2), 10–19 (1985)
Moszkowski, B.: Executing Temporal Logic Programs. Cambridge University Press, Cambridge (1986)
Moszkowski, B.: Compositional reasoning about projected and infinite time. In: Proceedings of the 1st ICECCS, pp. 238–245. IEEE Computer Society (1995)
Moszkowski, B.: An automata-theoretic completeness proof for interval temporal logic. In: ICALP ’00: Proceedings of the 27th International Colloquium on Automata, Languages and Programming, pp. 223–234. Springer-Verlag, London (2000)
Moszkowski, B.: Interconnections between classes of sequentially compositional temporal formulas. Inf. Process. Lett. 113(9), 350–353 (2013)
Nafz, F., Seebach, H., Steghöfer, J.P., Bäumler, S., Reif, W.: A formal framework for compositional verification of organic computing systems. In: Proceedings of the 7th International Conference on Autonomic and Trusted Computing (ATC 2010), pp. 17–31. Springer, LNCS (2010)
Peterson, G.L.: Myths about the mutual exclusion problem. Inf. Process. Lett. 12(3), 115–116 (1981)
Pnueli, A.: The temporal logic of programs. In: Proceedings of the 18th Annual IEEE Symposium on the Foundation of Computer Science (FOCS), pp. 46–57. IEEE Computer Society Press (1977)
Reif, W., Schellhorn, G., Stenzel, K., Balser, M.: Structured specifications and interactive proofs with KIV. In: Bibel, W., Schmitt, P. (eds.) Automated Deduction—A Basis for Applications, vol. II, pp. 13–39. Kluwer, Dordrecht (1998)
de Roever, W.P., de Boer, F., Hannemann, U., Hooman, J., Lakhnech, Y., Poel, M., Zwiers, J.: Concurrency Verification: Introduction to Compositional and Noncompositional Methods. No. 54 in Cambridge Tracts in Theoretical Computer Science. Cambridge University Press (2001)
Schellhorn, G., Tofan, B., Ernst, G., Reif, W.: Interleaved programs and rely-guarantee reasoning with ITL. In: Proceedings of the 18th International Symposium on Temporal Representation and Reasoning (TIME), pp. 99–106. IEEE Computer Society Press (2011)
Stølen, K.: A method for the development of totally correct shared-state parallel programs. In: CONCUR’91, vol. 527, pp. 510–525. Springer LNCS (1991)
Tofan, B., Bäumler, S., Schellhorn, G., Reif, W.: Temporal logic verification of lock-freedom. In: Proceedings of MPC 2010, pp. 377–396. Springer LNCS 6120 (2010)
Tofan, B., Schellhorn, G., Ernst, G., Pfähler, J., Reif, W.: Compositional Verification of a Lock-Free Stack with RGITL. In: Proceedings of International Workshop on Automated Verification of Critical Systems (to appear in ECEASST) (2013)
Tofan, B., Schellhorn, G., Reif, W.: Formal verification of a lock-free stack with hazard pointers. In: Proceedings ICTAC, pp. 239–255. Springer LNCS 6916 (2011)
Vafeiadis, V., Parkinson, M.J.: A marriage of rely/guarantee and separation logic. In: CONCUR, vol. 4703, pp. 256–271. Springer LNCS (2007)
Xu, Q., de Roever, W.P., He, J.: The rely-guarantee method for verifying shared variable concurrent programs. FAC J. 9(2), 149–174 (1997)
Xu, Q., Swarup, M.: Compositional reasoning using the assumption-commitment paradigm. Lect. Notes Comput. Sci. 1536, 565–583 (1998)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Schellhorn, G., Tofan, B., Ernst, G. et al. RGITL: A temporal logic framework for compositional reasoning about interleaved programs. Ann Math Artif Intell 71, 131–174 (2014). https://doi.org/10.1007/s10472-013-9389-z
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10472-013-9389-z
Keywords
- Interval temporal logic
- Program verification
- Compositional reasoning
- Concurrency
- Rely-Guarantee reasoning
- Lock-Freedom