A Basis for Verifying Multi-threaded Programs

  • K. Rustan M. Leino
  • Peter Müller
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5502)

Abstract

Advanced multi-threaded programs apply concurrency concepts in sophisticated ways. For instance, they use fine-grained locking to increase parallelism and change locking orders dynamically when data structures are being reorganized. This paper presents a sound and modular verification methodology that can handle advanced concurrency patterns in multi-threaded, object-based programs. The methodology is based on implicit dynamic frames and uses fractional permissions to support fine-grained locking. It supports concepts such as multi-object monitor invariants, thread-local and shared objects, thread pre- and postconditions, and deadlock prevention with a dynamically changeable locking order. The paper prescribes the generation of verification conditions in first-order logic, well-suited for scrutiny by off-the-shelf SMT solvers. A verifier for the methodology has been implemented for an experimental language, and has been used to verify several challenging examples including hand-over-hand locking for linked lists and a lock re-ordering algorithm.

Keywords

Concurrent Program Proof Obligation Symbolic Execution Shared Object Separation Logic 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Barnett, M., Chang, B.-Y.E., DeLine, R., Jacobs, B., Leino, K.R.M.: Boogie: A modular reusable verifier for object-oriented programs. In: de Boer, F.S., Bonsangue, M.M., Graf, S., de Roever, W.-P. (eds.) FMCO 2005. LNCS, vol. 4111, pp. 364–387. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  2. 2.
    Berdine, J., Calcagno, C., O’Hearn, P.W.: Smallfoot: Modular automatic assertion checking with separation logic. In: de Boer, F.S., Bonsangue, M.M., Graf, S., de Roever, W.-P. (eds.) FMCO 2005. LNCS, vol. 4111, pp. 115–137. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  3. 3.
    Bornat, R., Calcagno, C., O’Hearn, P., Parkinson, M.: Permission accounting in separation logic. In: POPL 2005, pp. 259–270. ACM, New York (2005)Google Scholar
  4. 4.
    Boyapati, C., Lee, R., Rinard, M.C.: Ownership types for safe programming: Preventing data races and deadlocks. In: OOPSLA 2002, pp. 211–230. ACM, New York (2002)Google Scholar
  5. 5.
    Boyland, J.: Checking interference with fractional permissions. In: Cousot, R. (ed.) SAS 2003. LNCS, vol. 2694, pp. 55–72. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  6. 6.
    Brinch Hansen, P.: Operating systems principles. Prentice-Hall, Englewood Cliffs (1973)MATHGoogle Scholar
  7. 7.
    de Moura, L., Bjørner, N.: Z3: An efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  8. 8.
    Distefano, D., Parkinson, M.J.: jStar: Towards practical verification of Java. In: OOPSLA 2008, pp. 213–226. ACM, New York (2008)Google Scholar
  9. 9.
    Gotsman, A., Berdine, J., Cook, B., Rinetzky, N., Sagiv, M.: Local reasoning for storable locks and threads. In: Shao, Z. (ed.) APLAS 2007. LNCS, vol. 4807, pp. 19–37. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  10. 10.
    Herlihy, M., Shavit, N.: The Art of Multiprocessor Programming. Morgan Kaufmann, San Francisco (2008)Google Scholar
  11. 11.
    Hoare, C.A.R.: Monitors: an operating system structuring concept. Commun. ACM 17(10), 549–557 (1974)CrossRefMATHGoogle Scholar
  12. 12.
    Hobor, A., Appel, A.W., Nardelli, F.Z.: Oracle semantics for concurrent separation logic. In: Drossopoulou, S. (ed.) ESOP 2008. LNCS, vol. 4960, pp. 353–367. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  13. 13.
    Jacobs, B., Piessens, F.: The VeriFast program verifier. Technical Report CW520, Katholieke Universiteit Leuven (August 2008)Google Scholar
  14. 14.
    Jacobs, B., Smans, J., Piessens, F., Schulte, W.: A statically verifiable programming model for concurrent object-oriented programs. In: Liu, Z., He, J. (eds.) ICFEM 2006. LNCS, vol. 4260, pp. 420–439. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  15. 15.
    Jones, C.B.: Specification and design of (parallel) programs. In: IFIP Congress, pp. 321–332. North-Holland, Amsterdam (1983)Google Scholar
  16. 16.
    Kassios, I.T.: Dynamic frames: Support for framing, dependencies and sharing without restrictions. In: Misra, J., Nipkow, T., Sekerinski, E. (eds.) FM 2006. LNCS, vol. 4085, pp. 268–283. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  17. 17.
    Lea, D.: Concurrent Programming in Java: Design Principles and Patterns. Addison-Wesley, Reading (1999)MATHGoogle Scholar
  18. 18.
    O’Hearn, P.W.: Resources, concurrency, and local reasoning. TCS 375(1–3), 271–307 (2007)MathSciNetCrossRefMATHGoogle Scholar
  19. 19.
    Smans, J., Jacobs, B., Piessens, F.: Implicit dynamic frames. FTfJP 2008, Technical Report ICIS-R08013, Radboud University, pp. 1–12 (2008)Google Scholar
  20. 20.
    Walker, D., Crary, K., Morrisett, G.: Typed memory management via static capabilities. ACM TOPLAS 22(4), 701–771 (2000)CrossRefGoogle Scholar
  21. 21.
    Xu, Q., de Roever, W.-P., He, J.: The rely-guarantee method for verifying shared variable concurrent programs. Formal Aspects of Computing 9(2), 149–174 (1997)CrossRefMATHGoogle Scholar
  22. 22.
    Zhao, Y.: Concurrency Analysis based on Fractional Permission System. PhD thesis, The University of Wisconsin–Milwaukee (2007)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • K. Rustan M. Leino
    • 1
  • Peter Müller
    • 2
  1. 1.Microsoft ResearchRedmondUSA
  2. 2.ETH ZurichSwitzerland

Personalised recommendations