Abstract
Specifications are a necessary reference point for correctness arguments. Top-down descriptions of concurrent programs require a way of recording information about the environment in which the component will be required to function. It was shown in the 1980s that adding rely and guarantee conditions to pre and post conditions could support formal specification and reasoning about a class of concurrent systems. More recent research has both widened the class of specifications to include progress requirements and facilitated mechanisation of proofs. This paper describes the algebraic underpinnings that have made this possible. Particular attention is paid to notions of atomicity.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
See for example the excellent review in [1].
- 2.
The program state may also include a heap but no further discussion of heap store is included below.
- 3.
Conditional “and” and “or” (
and || in C, Java, etc.) are handled by conditional expressions, which we do not consider here. - 4.
In our earlier papers we followed the sequential refinement calculus more closely and used, \(\mathop {\textsf{rely}} r \mathbin {\Cap }\mathop {\textsf{guar}} g \mathbin {\Cap }\{p\} \mathbin {;}\mathop {\textsf{post}} q \mathrel {\succcurlyeq }c\), but manipulating the sequential composition of the assertion \(\{p\}\) is more complicated than using the conjoined form in (13) because \(\mathbin {\Cap }\) is an associative, commutative and idempotent operator. Given that \(\{p\} \mathbin {;}\mathop {\textsf{post}} q = \mathop {\textsf{pre}} p \mathbin {\Cap }\mathop {\textsf{post}} q\), one can switch between the two as necessary. Note that \(\{p\}\) terminates immediately if p holds initially, whereas \(\mathop {\textsf{pre}} p\) allows any non-aborting behaviour if p holds initially. Both abort if p does not hold initially.
- 5.
Called strict conjunction there because it is abort strict, i.e. \(c \mathbin {\Cap }\textsf{abort}= \textsf{abort}\).
- 6.
The frame is a special form of guarantee that no variables outside X are modified.
- 7.
- 8.
Note that p is a predicate on a single state, whereas \(\mathop {\iota }p\) is an LTL predicate on a trace that holds if and only if p holds in the initial state of the trace. Formalisation in Isabelle/HOL requires an explicit operator, rather than using the type of p as done by Pnueli.
- 9.
The encoding used here is similar to that used in [12] for a trace semantics but here we encode true as \(\boldsymbol{\alpha }^\infty \) (rather than \(\textsf{abort}\)).
- 10.
Here, \(\textsf{fair}_{LTL}\) equals command \(\textsf{fair}\) (from Sect. 7) conjoined with \(\boldsymbol{\alpha }^\infty \) (our encoding of true in these LTL formula).
- 11.
Xu Qiwen tackled the same issues in [71] in a similar way.
and || in C, Java, etc.) are handled by conditional expressions, which we do not consider here.References
Apt, K.R., Olderog, E.R.: Fifty years of Hoare’s logic. Formal Aspects Comput. 31(6), 751–807 (2019)
Armstrong, A., Gomes, V.B.F., Struth, G.: Algebras for program correctness in Isabelle/HOL. In: Höfner, P., Jipsen, P., Kahl, W., Müller, M.E. (eds.) RAMICS 2014. LNCS, vol. 8428, pp. 49–64. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-06251-8_4
Ashcroft, E.A., Manna, Z.: Formalization of properties of parallel programs. In: Meltzer, B., Michie, D. (eds.) Machine Intelligence, vol. 6, pp. 17–41. Edinburgh University Press (1971)
Ashcroft, E.A.: Proving assertions about parallel programs. J. Comput. Syst. Sci. 10(1), 110–135 (1975)
Barringer, H., Kuiper, R.: Hierarchical development of concurrent systems in a temporal logic framework. In: Brookes, S.D., Roscoe, A.W., Winskel, G. (eds.) CONCURRENCY 1984. LNCS, vol. 197, pp. 35–61. Springer, Heidelberg (1985). https://doi.org/10.1007/3-540-15670-4_2
Barringer, H., Kuiper, R., Pnueli, A.: Now you may compose temporal logic specifications. In: Proceedings of the Sixteenth Annual ACM Symposium on Theory of Computing, STOC 1984, pp. 51–63. Association for Computing Machinery, New York (1984). https://doi.org/10.1145/800057.808665
Bernstein, A.J.: Analysis of programs for parallel processing. IEEE Trans. Electron. Comput. EC-15(5), 757–763 (1966). https://doi.org/10.1109/PGEC.1966.264565
Bornat, R., Amjad, H.: Explanation of two non-blocking shared-variable communication algorithms. Formal Aspects Comput. 25(6), 893–931 (2013). https://doi.org/10.1007/s00165-011-0213-4
Bornat, R., Amjad, H.: Inter-process buffers in separation logic with rely-guarantee. Formal Aspects Comput. 22(6), 735–772 (2010)
Aczel, P.H.G.: On an inference rule for parallel composition (1983). Private communication to Cliff Jones http://homepages.cs.ncl.ac.uk/cliff.jones/publications/MSs/PHGA-traces.pdf
Coleman, J.W., Jones, C.B.: A structural proof of the soundness of rely/guarantee rules. J. Log. Comput. 17(4), 807–841 (2007). https://doi.org/10.1093/logcom/exm030
Colvin, R.J., Hayes, I.J., Meinicke, L.A.: Designing a semantic model for a wide-spectrum language with concurrency. Formal Aspects Comput. 29(5), 853–875 (2017). https://doi.org/10.1007/s00165-017-0416-4
Combi, C., Leucker, M., Wolter, F. (eds.): Eighteenth International Symposium on Temporal Representation and Reasoning, TIME 2011, Lübeck, Germany, 12–14 September 2011. IEEE (2011)
Coughlin, N., Winter, K., Smith, G.: Rely/guarantee reasoning for multicopy atomic weak memory models. In: Huisman, M., Păsăreanu, C., Zhan, N. (eds.) FM 2021. LNCS, vol. 13047, pp. 292–310. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-90870-6_16
Dijkstra, E.: Cooperating sequential processes. In: Genuys, F. (ed.) Programming Languages, pp. 43–112. Academic Press (1968)
Dingel, J.: A refinement calculus for shared-variable parallel and distributed programming. Formal Aspects Comput. 14(2), 123–197 (2002). https://doi.org/10.1007/s001650200032
Dodds, M., Feng, X., Parkinson, M., Vafeiadis, V.: Deny-guarantee reasoning. In: Castagna, G. (ed.) ESOP 2009. LNCS, vol. 5502, pp. 363–377. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-00590-9_26
Fell, J., Hayes, I.J., Velykis, A.: Concurrent refinement algebra and rely quotients. Archive of Formal Proofs (2016). http://isa-afp.org/entries/Concurrent_Ref_Alg.shtml. Formal proof development
Feng, X.: Local rely-guarantee reasoning. In: Proceedings of the 36th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2009, pp. 315–327. ACM, New York (2009). https://doi.org/10.1145/1480881.1480922
Feng, X., Ferreira, R., Shao, Z.: On the relationship between concurrent separation logic and assume-guarantee reasoning. In: De Nicola, R. (ed.) ESOP 2007. LNCS, vol. 4421, pp. 173–188. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-71316-6_13
Floyd, R.W.: Assigning meanings to programs. In: Proceedings of Symposia in Applied Mathematics: Mathematics Aspects of Computer Science, vol. 19, pp. 19–32 (1967). https://doi.org/10.1090/psapm/019/0235771
van Glabbeek, R., Höfner, P.: Progress, justness, and fairness. ACM Comput. Surv. 52(4), 1–38 (2019). https://doi.org/10.1145/3329125
Hayes, I.J.: Generalised rely-guarantee concurrency: an algebraic foundation. Formal Aspects Comput. 28(6), 1057–1078 (2016). https://doi.org/10.1007/s00165-016-0384-0
Hayes, I.J., Jones, C.B., Colvin, R.J.: Refining rely-guarantee thinking. Technical report CS-TR-1334, Newcastle University (2012)
Hayes, I.J., Jones, C.B., Colvin, R.J.: Laws and semantics for rely-guarantee refinement. Technical report CS-TR-1425, Newcastle University (2014)
Hayes, I.J., Meinicke, L.A.: Encoding fairness in a synchronous concurrent program algebra. In: Havelund, K., Peleska, J., Roscoe, B., de Vink, E. (eds.) FM 2018. LNCS, vol. 10951, pp. 222–239. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-95582-7_13
Hayes, I.J., Meinicke, L.A.: Encoding fairness in a synchronous concurrent program algebra: extended version with proofs (2018). arXiv:1805.01681 [cs.LO]
Hayes, I.J., Meinicke, L.A., Meiring, P.A.: Deriving laws for developing concurrent programs in a rely-guarantee style (2021). https://doi.org/10.48550/ARXIV.2103.15292, https://arxiv.org/abs/2103.15292
Hoare, C.A.R.: An axiomatic basis for computer programming. Communications of the ACM 12(10), 576–580, 583 (1969). https://doi.org/10.1145/363235.363259
Hoare, C.A.R., et al.: Laws of programming. Commun. ACM 30(8), 672–686 (1987). Corrigenda: CACM 30(9):770
Hoare, C.A.R., He, J.: Unifying Theories of Programming. Series in Computer Science, Prentice Hall, London (1998)
Hoare, C.A.R., Möller, B., Struth, G., Wehrman, I.: Concurrent Kleene algebra. In: Bravetti, M., Zavattaro, G. (eds.) CONCUR 2009. LNCS, vol. 5710, pp. 399–414. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04081-8_27
Hoare, C.A.R., Möller, B., Struth, G., Wehrman, I.: Concurrent Kleene algebra and its foundations. J. Log. Algebr. Program. 80(6), 266–296 (2011). https://doi.org/10.1016/j.jlap.2011.04.005
Jones, C.B.: Development methods for computer programs including a notion of interference. Ph.D. thesis, Oxford University (1981). Available as: Oxford University Computing Laboratory (now Computer Science) Technical Monograph PRG-25
Jones, C.B.: Specification and design of (parallel) programs. In: Proceedings of IFIP 1983, pp. 321–332. North-Holland (1983)
Jones, C.B.: Tentative steps toward a development method for interfering programs. ACM ToPLaS 5(4), 596–619 (1983). https://doi.org/10.1145/69575.69577
Jones, C.B.: Splitting atoms safely. Theoret. Comput. Sci. 375(1–3), 109–119 (2007). https://doi.org/10.1016/j.tcs.2006.12.029
Jones, C.B.: Three early formal approaches to the verification of concurrent programs. Mind. Mach. (2023). https://doi.org/10.1007/s11023-023-09621-5
Jones, C.B., Hayes, I.J.: Possible values: exploring a concept for concurrency. J. Log. Algebraic Methods Program. 85(5, Part 2), 972–984 (2016). https://doi.org/10.1016/j.jlamp.2016.01.002
Jones, C.B., Yatapanage, N.: Reasoning about separation using abstraction and reification. In: Calinescu, R., Rumpe, B. (eds.) SEFM 2015. LNCS, vol. 9276, pp. 3–19. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-22969-0_1
Jones, C.B., Yatapanage, N.: Investigating the limits of rely/guarantee relations based on a concurrent garbage collector example. Formal Aspects Comput. 31(3), 353–374 (2019). https://doi.org/10.1007/s00165-019-00482-3
Liang, H., Feng, X.: A program logic for concurrent objects under fair scheduling. In: Proceedings of the 43rd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2016, pp. 385–399. ACM, New York (2016). https://doi.org/10.1145/2837614.2837635
Liang, H., Feng, X.: Progress of concurrent objects with partial methods. Proc. ACM Program. Lang. 2(POPL), 20:1–20:31 (2018). https://doi.org/10.1145/3158108
Liang, H., Feng, X., Fu, M.: Rely-guarantee-based simulation for compositional verification of concurrent program transformations. ACM Trans. Program. Lang. Syst. 36(1), 3:1–3:55 (2014)
Meinicke, L.A., Hayes, I.J.: Using cylindric algebra to support local variables in rely/guarantee concurrency. In: 2023 IEEE/ACM 11th International Conference on Formal Methods in Software Engineering (FormaliSE), 108–119 (2023). IEEE
Morgan, C.C.: The specification statement. ACM Trans. Prog. Lang. Syst. 10(3), 403–419 (1988). https://doi.org/10.1145/44501.44503
Morgan, C.C.: Programming from Specifications, 2nd edn. Prentice Hall, London (1994)
Moszkowski, B.C.: Executing Temporal Logic Programs. Cambridge University Press, Cambridge (1986)
Moszkowski, B.: Executing temporal logic programs. In: Brookes, S.D., Roscoe, A.W., Winskel, G. (eds.) CONCURRENCY 1984. LNCS, vol. 197, pp. 111–130. Springer, Heidelberg (1985). https://doi.org/10.1007/3-540-15670-4_6
O’Hearn, P.W.: Resources, concurrency and local reasoning. Theoret. Comput. Sci. 375(1–3), 271–307 (2007). https://doi.org/10.1016/j.tcs.2006.12.035
Owicki, S.: Axiomatic proof techniques for parallel programs. Ph.D. thesis, Department of Computer Science, Cornell University (1975)
Owicki, S.S., Gries, D.: An axiomatic proof technique for parallel programs I. Acta Inform. 6(4), 319–340 (1976). https://doi.org/10.1007/BF00268134
Park, D.: On the semantics of fair parallelism. In: Bjøorner, D. (ed.) Abstract Software Specifications. LNCS, vol. 86, pp. 504–526. Springer, Heidelberg (1980). https://doi.org/10.1007/3-540-10007-5_47
Pnueli, A.: The temporal logic of programs. In: 18th Annual Symposium on Foundations of Computer Science, pp. 46–57. IEEE (1977)
Prensa Nieto, L.: Verification of parallel programs with the Owicki-Gries and rely-guarantee methods in Isabelle/HOL. Ph.D. thesis, Institut für Informatic der Technischen Universitaet München (2001)
Nieto, L.P.: The rely-guarantee method in Isabelle/HOL. In: Degano, P. (ed.) ESOP 2003. LNCS, vol. 2618, pp. 348–362. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36575-3_24
Sanan, D., Zhao, Y., Lin, S.W., Yang, L.: CSim\(^2\): compositional top-down verification of concurrent systems using rely-guarantee. ACM Trans. Program. Lang. Syst. 43(1), 1–46 (2021)
Schellhorn, G., Tofan, B., Ernst, G., Pfähler, J., Reif, W.: RGITL: a temporal logic framework for compositional reasoning about interleaved programs. Ann. Math. Artif. Intell. 71(1–3), 131–174 (2014). https://doi.org/10.1007/s10472-013-9389-z
Schellhorn, G., Tofan, B., Ernst, G., Reif, W.: Interleaved programs and rely-guarantee reasoning with ITL. In: Combi et al. [13], pp. 99–106 (2011). https://doi.org/10.1109/TIME.2011.12
Schellhorn, G.: Extending ITL with interleaved programs for interactive verification. In: Combi et al. [13] (2011). https://doi.org/10.1109/TIME.2011.31
Schellhorn, G., Travkin, O., Wehrheim, H.: Towards a thread-local proof technique for starvation freedom. In: Ábrahám, E., Huisman, M. (eds.) IFM 2016. LNCS, vol. 9681, pp. 193–209. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-33693-0_13
Simpson, H.R.: Four-slot fully asynchronous communication mechanism. Comput. Digit. Tech. IEE Proc. E 137(1), 17–30 (1990)
Simpson, H.R.: New algorithms for asynchronous communication. IEE Proc. Comput. Digit. Technol. 144(4), 227–231 (1997)
Stølen, K.: Development of parallel programs on shared data-structures. Ph.D. thesis, Manchester University (1990). Available as UMCS-91-1-1 or revised version as https://breibakk.no/kst/PhD-thesis.htm
Stølen, K.: A method for the development of totally correct shared-state parallel programs. In: Baeten, J.C.M., Groote, J.F. (eds.) CONCUR 1991. LNCS, vol. 527, pp. 510–525. Springer, Heidelberg (1991). https://doi.org/10.1007/3-540-54430-5_110
Stølen, K.: Shared-state design modulo weak and strong process fairness. In: Diaz, M., Groz, R. (eds.) Formal Description Techniques, V, Proceedings of the IFIP TC6/WG6.1 Fifth International Conference on Formal Description Techniques for Distributed Systems and Communication Protocols, FORTE 1992, Perros-Guirec, France, 13–16 October 1992. IFIP Transactions, vol. C-10, pp. 479–498. North-Holland (1992)
Tofan, B., Schellhorn, G., Ernst, G., Pfähler, J., Reif, W.: Compositional verification of a lock-free stack with RGITL. In: Proceedings of International Workshop on Automated Verification of Critical Systems, Electronic Communications of EASST, vol. 66, pp. 1–15 (2013)
Vafeiadis, V.: Modular fine-grained concurrency verification. Ph.D. thesis, University of Cambridge (2007)
Vafeiadis, V., Parkinson, M.: A Marriage of rely/guarantee and separation logic. In: Caires, L., Vasconcelos, V.T. (eds.) CONCUR 2007. LNCS, vol. 4703, pp. 256–271. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74407-8_18
Wickerson, J., Dodds, M., Parkinson, M.: Explicit stabilisation for modular rely-guarantee reasoning. In: Gordon, A.D. (ed.) ESOP 2010. LNCS, vol. 6012, pp. 610–629. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-11957-6_32
Xu, Q.: A theory of state-based parallel programming. Ph.D. thesis, Oxford University (1992)
Xu, Q., de Roever, W.P., He, J.: The rely-guarantee method for verifying concurrent programs. Formal Aspects Comput. 9, 149–174 (1997)
Acknowledgements
Thanks are due to Joakim von Wright for introducing us to program algebra, and Callum Bannister, Emily Bennett, Robert Colvin, Diego Machado Dias, Chelsea Edmonds, Julian Fell, Matthys Grobbelaar, Oliver Jeaffreson, Patrick Meiring, Tom Manderson, Joshua Morris, Dan Nathan, Katie Deakin-Sharpe, Kim Solin, Andrius Velykis, Kirsten Winter, and our anonymous reviewers for feedback on ideas presented in this paper and/or contributions to the supporting Isabelle/HOL theories. This work is supported by the Australian Research Council https://www.arc.gov.au under their Discovery Program Grant No. DP190102142 and a grant (RPG-2019-020) from the Leverhulme Trust.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Hayes, I.J., Jones, C.B., Meinicke, L.A. (2023). Specifying and Reasoning About Shared-Variable Concurrency. In: Bowen, J.P., Li, Q., Xu, Q. (eds) Theories of Programming and Formal Methods. Lecture Notes in Computer Science, vol 14080. Springer, Cham. https://doi.org/10.1007/978-3-031-40436-8_5
Download citation
DOI: https://doi.org/10.1007/978-3-031-40436-8_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-40435-1
Online ISBN: 978-3-031-40436-8
eBook Packages: Computer ScienceComputer Science (R0)