Starvation-Free Monitors

  • Jafar HaminEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11884)


Monitors are a synchronization construct which allows to keep a thread waiting until a specific resource for that thread is available. One potential problem with these constructs is starvation; a situation where a thread, competing for a resource, infinitely waits for that resource because other threads, that started competing for that resource later, get it earlier infinitely often. In this paper a modular approach to verify starvation-freedom of monitors is presented, ensuring that each time that a resource is released and its associated condition variable is notified each waiting thread approaches the front of the waiting queue; more specifically, the loop in which the wait command is executed (that checks the waiting condition) has a loop variant. To this end, we introduce notions of publishable resources and publishable obligations, which are published from the thread notifying a condition variable to all of the threads waiting for that condition variable. The publishable resources ensure the waiting threads that they are approaching the front of the waiting queue, by allowing to define an appropriate loop variant for the related loop. The publishable obligations ensure that for any thread waiting for a condition variable v there is another thread obliged to notify v, which only waits for waitable objects whose levels, some arbitrary numbers associated with each waitable object, are lower than the level of v (preventing circular dependencies). We encoded the proposed separation logic-based proof rules in the VeriFast program verifier and succeeded in verifying deadlock-freedom and starvation-freedom of two monitors, having no scheduling policy, which implement two common queue locking algorithms, namely ticket lock and CLH lock.


Starvation-freedom Monitors Condition variables Modular verification Separation logic Hoare logic 


  1. 1.
    de Carvalho Gomes, P., Gurov, D., Huisman, M.: Specification and verification of synchronization with condition variables. In: Artho, C., Ölveczky, P.C. (eds.) FTSCS 2016. CCIS, vol. 694, pp. 3–19. Springer, Cham (2017). Scholar
  2. 2.
    Craig, T.: Building fifo and priorityqueuing spin locks from atomic swap. Technical Report TR 93-02-02, University of Washington, February 1993. (ftp tr/1993 \(\ldots \) (1993)Google Scholar
  3. 3.
    D’Osualdo, E., Farzan, A., Gardner, P., Sutherland, J.: Tada live: compositional reasoning for termination of fine-grained concurrent programs. arXiv preprint arXiv:1901.05750 (2019)
  4. 4.
    Gomes, P.d.C., Gurov, D., Huisman, M., Artho, C.: Specification and verification of synchronization with condition variables. Sci. Comput. Program. 163, 174–189 (2018)Google Scholar
  5. 5.
    Hamin, J., Jacobs, B.: Modular verification of termination and execution time bounds using separation logic. In: 2016 IEEE 17th International Conference on Information Reuse and Integration (IRI), pp. 110–117. IEEE (2016)Google Scholar
  6. 6.
    Hamin, J., Jacobs, B.: Deadlock-free monitors. In: Ahmed, A. (ed.) ESOP 2018. LNCS, vol. 10801, pp. 415–441. Springer, Cham (2018). Scholar
  7. 7.
    Hamin, J., Jacobs, B.: Deadlock-free monitors: extended version. TR CW712, Department of Computer Science, KU Leuven, Belgium (2018). Full version
  8. 8.
    Hamin, J., Jacobs, B.: Deadlock-free monitors and channels, June 2019.
  9. 9.
    Hamin, J., Jacobs, B.: Transferring obligations through synchronizations. In: Donaldson, A.F. (ed.) 33rd European Conference on Object-Oriented Programming (ECOOP 2019). Leibniz International Proceedings in Informatics (LIPIcs), vol. 134, pp. 19:1–19:58. Schloss Dagstuhl-Leibniz-Zentrum fuer Informatik, Dagstuhl, Germany (2019).,
  10. 10.
    Hoffmann, J., Marmar, M., Shao, Z.: Quantitative reasoning for proving lock-freedom. In: 2013 28th Annual IEEE/ACM Symposium on Logic in Computer Science (LICS), pp. 124–133. IEEE (2013)Google Scholar
  11. 11.
    Jacobs, B.: Provably live exception handling. In: Proceedings of the 17th Workshop on Formal Techniques for Java-like Programs, p. 7. ACM (2015)Google Scholar
  12. 12.
    Jacobs, B.: Verifast 18.02. zenodo (2018).
  13. 13.
    Jacobs, B., Bosnacki, D., Kuiper, R.: Modular termination verification of single-threaded and multithreaded programs. ACM Trans. Program. Lang. Syst. (TOPLAS) 40(3), 12 (2018)CrossRefGoogle Scholar
  14. 14.
    Jacobs, B., Smans, J., Philippaerts, P., Vogels, F., Penninckx, W., Piessens, F.: Verifast: a powerful, sound, predictable, fast verifier for C and Java. NASA Form. Methods 6617, 41–55 (2011)CrossRefGoogle Scholar
  15. 15.
    Jacobs, B., Smans, J., Piessens, F.: A quick tour of the verifast program verifier. In: Ueda, K. (ed.) APLAS 2010. LNCS, vol. 6461, pp. 304–311. Springer, Heidelberg (2010). Scholar
  16. 16.
    Jung, R., et al.: Iris: monoids and invariants as an orthogonal basis for concurrent reasoning. ACM SIGPLAN Not. 50(1), 637–650 (2015)CrossRefGoogle Scholar
  17. 17.
    Kavi, K.M., Moshtaghi, A., Chen, D.J.: Modeling multithreaded applications using Petri nets. Int. J. Parallel Program. 30(5), 353–371 (2002)CrossRefGoogle Scholar
  18. 18.
    Kobayashi, N.: A type system for lock-free processes. Inf. Comput. 177(2), 122–159 (2002)MathSciNetCrossRefGoogle Scholar
  19. 19.
    Kobayashi, N.: A new type system for deadlock-free processes. In: Baier, C., Hermanns, H. (eds.) CONCUR 2006. LNCS, vol. 4137, pp. 233–247. Springer, Heidelberg (2006). Scholar
  20. 20.
    Leino, K.R.M., Müller, P., Smans, J.: Deadlock-free channels and locks. In: Gordon, A.D. (ed.) ESOP 2010. LNCS, vol. 6012, pp. 407–426. Springer, Heidelberg (2010). Scholar
  21. 21.
    Liang, H., Feng, X., Shao, Z.: Compositional verification of termination-preserving refinement of concurrent programs. In: Proceedings of the Joint Meeting of the Twenty-Third EACSL Annual Conference on Computer Science Logic (CSL) and the Twenty-Ninth Annual ACM/IEEE Symposium on Logic in Computer Science (LICS), p. 65. ACM (2014)Google Scholar
  22. 22.
    Mokhov, A.: United monoids (2019).
  23. 23.
    Nanevski, A., Ley-Wild, R., Sergey, I., Delbianco, G.A.: Communicating state transition systems for fine-grained concurrent resources. In: Shao, Z. (ed.) ESOP 2014. LNCS, vol. 8410, pp. 290–310. Springer, Heidelberg (2014). Scholar
  24. 24.
    Popeea, C., Rybalchenko, A.: Compositional termination proofs for multi-threaded programs. In: Flanagan, C., König, B. (eds.) TACAS 2012. LNCS, vol. 7214, pp. 237–251. Springer, Heidelberg (2012). Scholar
  25. 25.
    Raad, A., Villard, J., Gardner, P.: CoLoSL: concurrent local subjective logic. In: Vitek, J. (ed.) ESOP 2015. LNCS, vol. 9032, pp. 710–735. Springer, Heidelberg (2015). Scholar
  26. 26.
    Reynolds, J.C.: Separation logic: a logic for shared mutable data structures. In: Proceedings of the 17th Annual IEEE Symposium on Logic in Computer Science, 2002, pp. 55–74. IEEE (2002)Google Scholar
  27. 27.
    da Rocha Pinto, P., Dinsdale-Young, T., Gardner, P., Sutherland, J.: Modular termination verification for non-blocking concurrency. In: Thiemann, P. (ed.) ESOP 2016. LNCS, vol. 9632, pp. 176–201. Springer, Heidelberg (2016). Scholar
  28. 28.
    Rowe, R.N., Brotherston, J.: Automatic cyclic termination proofs for recursive procedures in separation logic. In: Proceedings of the 6th ACM SIGPLAN Conference on Certified Programs and Proofs, pp. 53–65. ACM (2017)Google Scholar
  29. 29.
    Smans, J., Jacobs, B., Piessens, F.: Implicit dynamic frames. In: Proceedings of the 10th ECOOP Workshop on Formal Techniques for Java-like Programs, pp. 1–12 (2008)Google Scholar
  30. 30.
    Smans, J., Jacobs, B., Piessens, F.: Implicit dynamic frames: combining dynamic frames and separation logic. In: Drossopoulou, S. (ed.) ECOOP 2009. LNCS, vol. 5653, pp. 148–172. Springer, Heidelberg (2009). Scholar
  31. 31.
    Smans, J., Jacobs, B., Piessens, F.: Implicit dynamic frames. ACM Trans. Program. Lang. Syst. (TOPLAS) 34(1), 2 (2012)CrossRefGoogle Scholar
  32. 32.
    Microsoft; API Specification: Sleepconditionvariablecs function (2019).
  33. 33.
    Oracle; API Specification: Using condition variables (2019).
  34. 34.
    The Single UNIX; API Specification: Wait on a condition (2019).
  35. 35.
    Wang, C., Hoang, K.: Precisely deciding control state reachability in concurrent traces with limited observability. In: McMillan, K.L., Rival, X. (eds.) VMCAI 2014. LNCS, vol. 8318, pp. 376–394. Springer, Heidelberg (2014). Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.imec-DistriNet, Department of Computer ScienceKU LeuvenLeuvenBelgium

Personalised recommendations