Advertisement

Verification of Concurrent Programs with Chalice

  • K. Rustan M. Leino
  • Peter Müller
  • Jan Smans
Chapter
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5705)

Abstract

A program verifier is a tool that allows developers to prove that their code satisfies its specification for every possible input and every thread schedule. These lecture notes describe a verifier for concurrent programs called Chalice.

Chalice’s verification methodology centers around permissions and permission transfer. In particular, a memory location may be accessed by a thread only if that thread has permission to do so. Proper use of permissions allows Chalice to deduce upper bounds on the set of locations modifiable by a method and guarantees the absence of data races for concurrent programs. The lecture notes informally explain how Chalice works through various examples.

Keywords

Memory Location Activation Record Concurrent Program Java Modeling Language Data Race 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Arslan, V., Eugster, P.T., Nienaltowski, P., Vaucouleur, S.: SCOOP – concurrency made easy. In: Kohlas, J., Meyer, B., Schiper, A. (eds.) Dependable Systems: Software, Computing, Networks. LNCS, vol. 4028, pp. 82–102. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  2. 2.
    Banerjee, A., Naumann, D.A., Rosenberg, S.: Regional logic for local reasoning about global invariants. In: Vitek, J. (ed.) ECOOP 2008. LNCS, vol. 5142, pp. 387–411. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  3. 3.
    Barnett, M., Chang, B.-Y.E., DeLine, R., Jacobs, B., Leino, K.R.M.: Boogie: A modular reusable verifier for object-oriented programs. In: de Boer, F.S., Bonsangue, M.M., Graf, S., de Roever, W.-P. (eds.) FMCO 2005. LNCS, vol. 4111, pp. 364–387. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  4. 4.
    Barnett, M., Leino, K.R.M., Schulte, W.: The Spec# programming system: An overview. In: Barthe, G., Burdy, L., Huisman, M., Lanet, J.-L., Muntean, T. (eds.) CASSIS 2004. LNCS, vol. 3362, pp. 49–69. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  5. 5.
    Berdine, J., Calcagno, C., O’Hearn, P.W.: Smallfoot: Modular automatic assertion checking with separation logic. In: de Boer, F.S., Bonsangue, M.M., Graf, S., de Roever, W.-P. (eds.) FMCO 2005. LNCS, vol. 4111, pp. 115–137. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  6. 6.
    Boyapati, C., Lee, R., Rinard, M.: Ownership types for safe programming: Preventing data races and deadlocks. In: Proceedings of the 2002 ACM SIGPLAN Conference on Object-Oriented Programming Systems, Languages and Applications, OOPSLA 2002, pp. 211–230. ACM, New York (2002)Google Scholar
  7. 7.
    Boyland, J.: Checking interference with fractional permissions. In: Cousot, R. (ed.) SAS 2003. LNCS, vol. 2694, pp. 55–72. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  8. 8.
    Burdy, L., Cheon, Y., Cok, D.R., Ernst, M.D., Kiniry, J.R., Leavens, G.T., Leino, K.R.M., Poll, E.: An overview of JML tools and applications. International Journal on Software Tools for Technology Transfer 7(3), 212–232 (2005)CrossRefGoogle Scholar
  9. 9.
    Cohen, E., Dahlweid, M., Hillebrand, M., Leinenbach, D., Moskał, M., Santen, T., Schulte, W., Tobies, S.: VCC: A practical system for verifying concurrent C. In: Berghofer, S., Nipkow, T., Urban, C., Wenzel, M. (eds.) TPHOLs 2009. LNCS, vol. 5674, pp. 23–42. Springer, Heidelberg (2009)Google Scholar
  10. 10.
    Cunningham, D., Drossopoulou, S., Eisenbach, S.: Universe types for race safety. In: Proceedings of the 1st Workshop on Verification and Analysis of Multi-threaded Java-like Programs (VAMP), number ICIS-R07021 in Technical Report, pp. 20–51. Radboud University Nijmegen (September 2007)Google Scholar
  11. 11.
    de Roever, W.-P., de Boer, F., Hanneman, U., Hooman, J., Lakhnech, Y., Zwiers, J.: Concurrency Verification. Cambridge University Press, Cambridge (2001)zbMATHGoogle Scholar
  12. 12.
    Dietl, W., Drossopoulou, S., Müller, P.: Generic universe types. In: Ernst, E. (ed.) ECOOP 2007. LNCS, vol. 4609, pp. 28–53. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  13. 13.
    Dijkstra, E.W.: Hierarchical ordering of sequential processes. Acta Informatica 1, 115–138 (1971)MathSciNetCrossRefGoogle Scholar
  14. 14.
    Distefano, D., Parkinson, M.J.: jStar: Towards practical verification of Java. In: Harris, G.E. (ed.) Object-Oriented Programming Systems, Languages and Applications (OOPSLA). SIGPLAN Notices, vol. 37(11), pp. 213–226. ACM, New York (2008)Google Scholar
  15. 15.
    Feng, X.: Local rely-guarantee reasoning. In: Proceedings of the 36th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2009, pp. 315–327. ACM, New York (2009)Google Scholar
  16. 16.
    Flanagan, C., Leino, K.R.M., Lillibridge, M., Nelson, G., Saxe, J.B., Stata, R.: Extended static checking for Java. In: Proceedings of the 2002 ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), pp. 234–245. ACM, New York (2002)CrossRefGoogle Scholar
  17. 17.
    Gotsman, A., Berdine, J., Cook, B., Rinetzky, N., Sagiv, M.: Local reasoning for storable locks and threads. In: Shao, Z. (ed.) APLAS 2007. LNCS, vol. 4807, pp. 19–37. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  18. 18.
    Haack, C., Huisman, M., Hurlin, C.: Reasoning about java’s reentrant locks. In: Ramalingam, G. (ed.) APLAS 2008. LNCS, vol. 5356, pp. 171–187. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  19. 19.
    Haack, C., Hurlin, C.: Separation logic contracts for a Java-like language with fork/Join. In: Meseguer, J., Roşu, G. (eds.) AMAST 2008. LNCS, vol. 5140, pp. 199–215. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  20. 20.
    Hoare, C.A.R.: Monitors: An operating system structuring concept. Communications of the ACM 17(10), 549–557 (1974)CrossRefzbMATHGoogle Scholar
  21. 21.
    Hobor, A., Appel, A.W., Nardelli, F.Z.: Oracle semantics for concurrent separation logic. In: Drossopoulou, S. (ed.) ESOP 2008. LNCS, vol. 4960, pp. 353–367. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  22. 22.
    Jacobs, B., Leino, K.R.M., Piessens, F., Schulte, W., Smans, J.: A programming model for concurrent object-oriented programs. ACM Transactions on Programming Languages and Systems 31(1) (December 2008)Google Scholar
  23. 23.
    Jacobs, B., Piessens, F.: The VeriFast program verifier. Technical Report CW-520, Department of Computer Science, Katholieke Universiteit Leuven (August 2008)Google Scholar
  24. 24.
    Jones, C.B.: Specification and design of (parallel) programs. In: Proceedings of IFIP 1983, pp. 321–332. North-Holland, Amsterdam (1983)Google Scholar
  25. 25.
    Kassios, I.T.: Dynamic frames: Support for framing, dependencies and sharing without restrictions. In: Misra, J., Nipkow, T., Sekerinski, E. (eds.) FM 2006. LNCS, vol. 4085, pp. 268–283. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  26. 26.
    Leavens, G.T., Baker, A.L., Ruby, C.: JML: A notation for detailed design. In: Kilov, H., Rumpe, B., Simmonds, I. (eds.) Behavioral Specifications of Businesses and Systems, pp. 175–188. Kluwer Academic Publishers, Dordrecht (1999)CrossRefGoogle Scholar
  27. 27.
    Leino, K.R.M.: Toward Reliable Modular Programs. PhD thesis, California Institute of Technology, Technical Report Caltech-CS-TR-95-03 (1995)Google Scholar
  28. 28.
    Leino, K.R.M.: Specification and verification of object-oriented software. In: Engineering Methods and Tools for Software Safety and Security. NATO Security Through Science Series; Sub-Series D, vol. 22, pp. 231–266. IOS Press, Amsterdam (2009)Google Scholar
  29. 29.
    Leino, K.R.M., Middelkoop, R.: Proving consistency of pure methods and model fields. In: Chechik, M., Wirsing, M. (eds.) FASE 2009. LNCS, vol. 5503, pp. 231–245. Springer, Heidelberg (2009)Google Scholar
  30. 30.
    Leino, K.R.M., Müller, P.: Object invariants in dynamic contexts. In: Odersky, M. (ed.) ECOOP 2004. LNCS, vol. 3086, pp. 491–515. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  31. 31.
    Leino, K.R.M., Müller, P.: A basis for verifying multi-threaded programs. In: Castagna, G. (ed.) ESOP 2009. LNCS, vol. 5502, pp. 378–393. Springer, Heidelberg (2009)Google Scholar
  32. 32.
    Leino, K.R.M., Nelson, G.: Data abstraction and information hiding. ACM Transactions on Programming Languages and Systems 24(5), 491–553 (2002)CrossRefGoogle Scholar
  33. 33.
    Musuvathi, M., Qadeer, S., Ball, T., Basler, G., Nainar, P.A., Neamtiu, I.: Finding and reproducing Heisenbugs in concurrent programs. In: Draves, R., van Renesse, R. (eds.) 8th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2008, December 2008, pp. 267–280. USENIX Association (2008)Google Scholar
  34. 34.
    O’Hearn, P.W.: Resources, concurrency, and local reasoning. Theoretical Computer Science 375(1-3), 271–307 (2007)MathSciNetCrossRefzbMATHGoogle Scholar
  35. 35.
    Owicki, S., Gries, D.: Verifying properties of parallel programs: An axiomatic approach. Communications of the ACM 19(5), 279–285 (1976)MathSciNetCrossRefzbMATHGoogle Scholar
  36. 36.
    Parkinson, M.J., Bierman, G.M.: Separation logic and abstraction. In: Palsberg, J., Abadi, M. (eds.) Proceedings of the 32nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2005, pp. 247–258. ACM, New York (2005)Google Scholar
  37. 37.
    Parkinson, M.J.: Local Reasoning for Java. PhD thesis. University of Cambridge (2005)Google Scholar
  38. 38.
    Reynolds, J.C.: Separation logic: A logic for shared mutable data structures. In: 17th IEEE Symposium on Logic in Computer Science (LICS 2002), pp. 55–74. IEEE, Los Alamitos (2002)Google Scholar
  39. 39.
    Rudich, A., Darvas, Á., Müller, P.: Checking well-formedness of pure-method specifications. In: Cuellar, J., Maibaum, T., Sere, K. (eds.) FM 2008. LNCS, vol. 5014, pp. 68–83. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  40. 40.
    Smans, J., Jacobs, B., Piessens, F.: Implicit dynamic frames: Combining dynamic frames and separation logic. In: Drossopoulou, S. (ed.) ECOOP 2009. LNCS, vol. 5653, pp. 148–172. Springer, Heidelberg (2009)Google Scholar
  41. 41.
    Smans, J., Jacobs, B., Piessens, F., Schulte, W.: An automatic verifier for java-like programs based on dynamic frames. In: Fiadeiro, J.L., Inverardi, P. (eds.) FASE 2008. LNCS, vol. 4961, pp. 261–275. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  42. 42.
    Vafeiadis, V., Parkinson, M.: A marriage of rely/Guarantee and separation logic. In: Caires, L., Vasconcelos, V.T. (eds.) CONCUR 2007. LNCS, vol. 4703, pp. 256–271. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  43. 43.
    Zee, K., Kuncak, V., Rinard, M.C.: Full functional verification of linked data structures. In: Gupta, R., Amarasinghe, S.P. (eds.) Proceedings of the ACM SIGPLAN 2008 Conference on Programming Language Design and Implementation, pp. 349–361. ACM, New York (2008)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • K. Rustan M. Leino
    • 1
  • Peter Müller
    • 2
  • Jan Smans
    • 3
  1. 1.Microsoft ResearchRedmondUSA
  2. 2.ETH ZurichSwitzerland
  3. 3.KU LeuvenBelgium

Personalised recommendations