Abstract
Distributed systems are notoriously difficult to develop correctly, due to the concurrency in their communicating subsystems. Several techniques are available to help developers to improve the reliability of message passing software, including deductive verification and model checking. Both these techniques have advantages as well as limitations, which are complementary in nature. This paper contributes a novel verification technique that combines the strengths of deductive and algorithmic verification to reason elegantly about message passing concurrent programs, thereby reducing their limitations. Our approach allows to verify data-centric properties of message passing programs using concurrent separation logic (CSL), and allows to specify their communication behaviour as a process-algebraic model. The key novelty of the approach is that it formally bridges the typical abstraction gap between programs and their models, by extending CSL with logical primitives for proving deductively that a program refines its process-algebraic model. These models can then be analysed via model checking, using mCRL2, to reason indirectly about the program’s communication behaviour. Our verification approach is compositional, comes with a mechanised correctness proof in Coq, and is implemented as an encoding in Viper.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Supplementary material for the paper. https://github.com/utwente-fmt/iFM19-MessagePassingAbstr
Ahrendt, W., Beckert, B., Bubel, R., Hähnle, R., Schmitt, P., Ulbrich, M.: Deductive Software Verification - The KeY Book. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-319-49812-6
Ahrendt, W., Chimento, J., Pace, G., Schneider, G.: Verifying data- and control-oriented properties combining static and runtime verification: theory and tools. FMSD 51(1), 200–265 (2017). https://doi.org/10.1007/s10703-017-0274-y
Baeten, J.: Process Algebra with Explicit Termination. Eindhoven University of Technology, Department of Mathematics and Computing Science (2000)
Boyland, J.: Checking interference with fractional permissions. In: Cousot, R. (ed.) SAS 2003. LNCS, vol. 2694, pp. 55–72. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-44898-5_4
Brookes, S.: A semantics for concurrent separation logic. Theoret. Comput. Sci. 375(1–3), 227–270 (2007). https://doi.org/10.1016/j.tcs.2006.12.034
Brookes, S., O’Hearn, P.: Concurrent separation logic. ACM SIGLOG News 3(3), 47–65 (2016). https://doi.org/10.1145/2984450.2984457
Bunte, O., et al.: The mCRL2 toolset for analysing concurrent systems. In: Vojnar, T., Zhang, L. (eds.) TACAS 2019. LNCS, vol. 11428, pp. 21–39. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17465-1_2
Dinsdale-Young, T., Dodds, M., Gardner, P., Parkinson, M.J., Vafeiadis, V.: Concurrent abstract predicates. In: D’Hondt, T. (ed.) ECOOP 2010. LNCS, vol. 6183, pp. 504–528. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14107-2_24
Fokkink, W., Zantema, H.: Basic process algebra with iteration: completeness of its equational axioms. Comput. J. 37(4), 259–267 (1994). https://doi.org/10.1093/comjnl/37.4.259
Francalanza, A., Rathke, J., Sassone, V.: Permission-based separation logic for message-passing concurrency. Log. Methods Comput. Sci. 7, 1–47 (2011). https://doi.org/10.2168/lmcs-7(3:7)2011
de Gouw, S., Rot, J., de Boer, F.S., Bubel, R., Hähnle, R.: OpenJDK’s Java.utils.Collection.sort() is broken: the good, the bad and the worst case. In: Kroening, D., Păsăreanu, C.S. (eds.) CAV 2015. LNCS, vol. 9206, pp. 273–289. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-21690-4_16
Groote, J.F., Mousavi, M.R.: Modeling and Analysis of Communicating Systems. MIT Press, Cambridge (2014)
Grumberg, O., Veith, H. (eds.): 25 Years of Model Checking: History, Achievements, Perspectives. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-69850-0
Honda, K., et al.: Structuring communication with session types. In: Agha, G., et al. (eds.) Concurrent Objects and Beyond. LNCS, vol. 8665, pp. 105–127. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44471-9_5
Honda, K., Vasconcelos, V.T., Kubo, M.: Language primitives and type discipline for structured communication-based programming. In: Hankin, C. (ed.) ESOP 1998. LNCS, vol. 1381, pp. 122–138. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0053567
Hur, C., Dreyer, D., Vafeiadis, V.: Separation logic in the presence of garbage collection. In: LICS, pp. 247–256 (2011). https://doi.org/10.1109/LICS.2011.46
Lei, J., Qiu, Z.: Modular reasoning for message-passing programs. In: Ciobanu, G., Méry, D. (eds.) ICTAC 2014. LNCS, vol. 8687, pp. 277–294. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-10882-7_17
Luo, Z., Zheng, M., Siegel, S.: Verification of MPI programs using CIVL. In: EuroMPI. ACM (2017). https://doi.org/10.1145/3127024.3127032
MPI: A Message-Passing Interface standard. http://www.mpi-forum.org/docs. Accessed Apr 2019
Milner, R.: Communication and Concurrency. Prentice-Hall Inc., Upper Saddle River (1989)
Müller, P., Schwerhoff, M., Summers, A.J.: Viper: a verification infrastructure for permission-based reasoning. In: Jobstmann, B., Leino, K.R.M. (eds.) VMCAI 2016. LNCS, vol. 9583, pp. 41–62. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49122-5_2
Nanevski, A., Ley-Wild, R., Sergey, I., Delbianco, G.A.: Communicating state transition systems for fine-grained concurrent resources. In: Shao, Z. (ed.) ESOP 2014. LNCS, vol. 8410, pp. 290–310. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-54833-8_16
Neele, T., Willemse, T.A.C., Groote, J.F.: Solving parameterised Boolean equation systems with infinite data through quotienting. In: Bae, K., Ölveczky, P.C. (eds.) FACS 2018. LNCS, vol. 11222, pp. 216–236. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-02146-7_11
O’Hearn, P.: Resources, concurrency and local reasoning. Theoret. Comput. Sci. 375(1–3), 271–307 (2007). https://doi.org/10.1007/978-3-540-28644-8_4
Oortwijn, W., Blom, S., Gurov, D., Huisman, M., Zaharieva-Stojanovski, M.: An abstraction technique for describing concurrent program behaviour. In: Paskevich, A., Wies, T. (eds.) VSTTE 2017. LNCS, vol. 10712, pp. 191–209. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-72308-2_12
Oortwijn, W., Blom, S., Huisman, M.: Future-based static analysis of message passing programs. In: PLACES, pp. 65–72 (2016). https://doi.org/10.4204/EPTCS.211.7
Peled, D., Gries, D., Schneider, F. (eds.): Software Reliability Methods. Springer, New York (2001). https://doi.org/10.1007/978-1-4757-3540-6
da Rocha Pinto, P., Dinsdale-Young, T., Gardner, P.: TaDA: a logic for time and data abstraction. In: Jones, R. (ed.) ECOOP 2014. LNCS, vol. 8586, pp. 207–231. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44202-9_9
de Roever, W., et al.: Concurrency Verification: Introduction to Compositional and Noncompositional Methods. Cambridge University Press, Cambridge (2001)
Sergey, I., Wilcox, J., Tatlock, Z.: Programming and proving with distributed protocols. In: POPL, vol. 2 (2017). https://doi.org/10.1145/3158116
Shankar, N.: Combining model checking and deduction. Handbook of Model Checking, pp. 651–684. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-10575-8_20
Svendsen, K., Birkedal, L., Parkinson, M.: Modular reasoning about separation of concurrent data structures. In: Felleisen, M., Gardner, P. (eds.) ESOP 2013. LNCS, vol. 7792, pp. 169–188. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-37036-6_11
Uribe, T.E.: Combinations of model checking and theorem proving. In: Kirchner, H., Ringeissen, C. (eds.) FroCoS 2000. LNCS (LNAI), vol. 1794, pp. 151–170. Springer, Heidelberg (2000). https://doi.org/10.1007/10720084_11
Vafeiadis, V.: Concurrent separation logic and operational semantics. MFPS, ENTCS 276, 335–351 (2011). https://doi.org/10.1016/j.entcs.2011.09.029
Vafeiadis, V., Parkinson, M.: A marriage of rely/guarantee and separation logic. In: Caires, L., Vasconcelos, V.T. (eds.) CONCUR 2007. LNCS, vol. 4703, pp. 256–271. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74407-8_18
Villard, J., Lozes, É., Calcagno, C.: Proving copyless message passing. In: Hu, Z. (ed.) APLAS 2009. LNCS, vol. 5904, pp. 194–209. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-10672-9_15
Wolper, P., Lovinfosse, V.: Verifying properties of large sets of processes with network invariants. In: Sifakis, J. (ed.) CAV 1989. LNCS, vol. 407, pp. 68–80. Springer, Heidelberg (1990). https://doi.org/10.1007/3-540-52148-8_6
Acknowledgements
This work is partially supported by the NWO VICI 639.023.710 Mercedes project and by the NWO TOP 612.001.403 VerDi project.
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Oortwijn, W., Huisman, M. (2019). Practical Abstractions for Automated Verification of Message Passing Concurrency. In: Ahrendt, W., Tapia Tarifa, S. (eds) Integrated Formal Methods. IFM 2019. Lecture Notes in Computer Science(), vol 11918. Springer, Cham. https://doi.org/10.1007/978-3-030-34968-4_22
Download citation
DOI: https://doi.org/10.1007/978-3-030-34968-4_22
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-34967-7
Online ISBN: 978-3-030-34968-4
eBook Packages: Computer ScienceComputer Science (R0)