Verifying Concurrent Programs with Chalice

* Final gross prices may vary according to local VAT.

Get Access

Abstract

One of the problems in verifying concurrent programs is keeping track of which threads have access to which data at which times. The experimental language Chalice makes this explicit by requiring every data access to be justified with a sufficient set of permissions. Permissions can be transferred between threads and can be stored in the heap. The programming language includes specification constructs for describing data invariants and permission transfers. Chalice supports synchronization via shared memory and locks as well as via channels. The Chalice program verifier checks the correctness of programs with respect to their specifications and the rules for data access. Programs that have been proved correct compile to executable code for the .NET platform.

In this talk, I will give an overview and demo of the Chalice language and its permission model. I will describe the semantic model used to reason about programs and how this model is encoded in the Boogie intermediate verification language, from which first-order verification conditions are generated and fed to an SMT solver. I will also outline some remaining challenges in making the language and its specifications easy to use, in making the encoding efficient for SMT solvers, and in presenting verification errors to the user.

Joint work with Peter Müller and Jan Smans.