Verifying Concurrent Programs with Chalice

  • K. Rustan M. Leino
Conference paper

DOI: 10.1007/978-3-642-11319-2_2

Part of the Lecture Notes in Computer Science book series (LNCS, volume 5944)
Cite this paper as:
Leino K.R.M. (2010) Verifying Concurrent Programs with Chalice. In: Barthe G., Hermenegildo M. (eds) Verification, Model Checking, and Abstract Interpretation. VMCAI 2010. Lecture Notes in Computer Science, vol 5944. Springer, Berlin, Heidelberg


One of the problems in verifying concurrent programs is keeping track of which threads have access to which data at which times. The experimental language Chalice makes this explicit by requiring every data access to be justified with a sufficient set of permissions. Permissions can be transferred between threads and can be stored in the heap. The programming language includes specification constructs for describing data invariants and permission transfers. Chalice supports synchronization via shared memory and locks as well as via channels. The Chalice program verifier checks the correctness of programs with respect to their specifications and the rules for data access. Programs that have been proved correct compile to executable code for the .NET platform.

In this talk, I will give an overview and demo of the Chalice language and its permission model. I will describe the semantic model used to reason about programs and how this model is encoded in the Boogie intermediate verification language, from which first-order verification conditions are generated and fed to an SMT solver. I will also outline some remaining challenges in making the language and its specifications easy to use, in making the encoding efficient for SMT solvers, and in presenting verification errors to the user.

Joint work with Peter Müller and Jan Smans.

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • K. Rustan M. Leino
    • 1
  1. 1.Microsoft ResearchRedmondUSA

Personalised recommendations