Abstract
Ensuring the reliability of multithreaded software systems is difficult due to the interaction between threads. This paper describes the design and implementation of a static checker for such systems. To avoid considering all possible thread interleavings, the checker uses assumeguarantee reasoning, and relies on the programmer to specify an environment assumption that constrains the interaction between threads. Using this environment assumption, the checker reduces the verification of the original multithreaded program to the verification of several sequential programs, one for each thread. These sequential programs are subsequently analyzed using extended static checking techniques (based on verification conditions and automatic theorem proving). Experience indicates that the checker is capable of handling a range of synchronization disciplines. In addition, the required environment assumptions are simple and intuitive for common synchronization idioms.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
K. Arnold and J. Gosling. The Java Programming Language. Addison-Wesley, 1996.
R. Alur and T.A. Henzinger. Reactive modules. In Proceedings of the 11th Annual Symposium on Logic in Computer Science, pages 207–218. IEEE Computer Society Press, 1996.
R. Alur, T.A. Henzinger, F.Y.C. Mang, S. Qadeer, S.K. Rajamani, and S. Tasiran. Mocha: Modularity in model checking. In A. Hu and M. Vardi, editors, CAV 98: Computer Aided Verification, LNCS 1427, pages 521–525. Springer-Verlag, 1998.
M. Abadi and L. Lamport. Conjoining specifications. ACM Transactions on Programming Languages and Systems, 17(3):507–534, 1995.
E. Abraham-Mumm and F. S. de Boer. Proof-outlines for threads in java. In CONCUR 2000: Theories of Concurrency, 2000.
E.A. Ashcroft. Proving assertions about parallel programs. Journal of Computer and System Sciences, 10:110–135, January 1975.
H. Barringer, R. Kuiper, and A. Pnueli. Now you may compose temporallogic specifications. In Proceedings of the 16th Annual Symposium on Theory of Computing, pages 51–63. ACM Press, 1984.
P. Collette and E. Knapp. Logical foundations for compositional verification and development of concurrent programs in Unity. In Algebraic Methodology and Software Technology, LNCS 936, pages 353–367. Springer-Verlag, 1995.
K.M. Chandy and J. Misra. Parallel Program Design: A Foundation. Addison-Wesley Publishing Company, 1988.
M. Dwyer, J. Hatcli., R. Joehanes, S. Laubach, C. Pasareanu, Robby, W. Visser, and H. Zheng. Tool-supported program abstraction for finitestate verification. In Proceedings of the 23rd International Conference on Software Engineering, 2001.
E.W. Dijkstra. Guarded commands, nondeterminacy, and formal derivation of programs. Communications of the ACM, 18(8):453–457, 1975.
D. L. Detlefs, K. R. M. Leino, C. G. Nelson, and J. B. Saxe. Extended static checking. Research Report 159, Compaq Systems Research Center, December 1998.
C. Flanagan and M. Abadi. Types for safe locking. In Proceedings of European Symposium on Programming, pages 91–108, March 1999.
C. Flanagan and S.N. Freund. Type-based race detection for Java. In Proceedings of the SIGPLAN Conference on Programming Language Design and Implementation, pages 219–232, 2000.
C. Flanagan and S.N. Freund. Detecting race conditions in large programs. In Workshop on Program Analysis for Software Tools and Engineering, pages 90–96, June 2001.
C. Flanagan, K.R.M. Leino, M. Lillibridge, C.G. Nelson, J.B. Saxe, and R. Stata. Extended static checking for Java. Research Report 178, Compaq Systems Research Center, February 2002.
C. Flanagan, S. Qadeer, and S. Seshia. A modular checker for multithreaded programs. Technical Note 02-001, Compaq Systems Research Center, 2002.
C. Flanagan and J.B. Saxe. Avoiding exponential explosion: Generating compact verification conditions. In Conference Record of the 28th Annual ACM Symposium on Principles of Programming Languages, pages 193–205. ACM, January 2001.
C. B. Jones. Tentative steps toward a development method for interfering programs. ACM Transactions on Programming Languages and Systems, 5(4):596–619, 1983.
C.B. Jones. Specification and design of (parallel) programs. In R. Mason, editor, Information Processing, pages 321–332. Elsevier Science Publishers B. V. (North-Holland), 1983.
B. Jonsson. On decomposing and refining specifications of distributed systems. In J.W. de Bakker, W.-P. de Roever, and G. Rozenberg, editors, Stepwise Refinement of Distributed Systems: Models, Formalisms, Correctness, Lecture Notes in Computer Science 430, pages 361–385. Springer-Verlag, 1989.
L. Lamport. Proving the correctness of multiprocess programs. IEEE Transactions on Software Engineering, SE-3(2):125–143, 1977.
L. Lamport. Control predicates are better than dummy variables. ACM Transactions on Programming Languages and Systems, 10(2):267–281, April 1988.
L. Lamport. The Temporal Logic of Actions. ACM Transactions on Programming Languages and Systems, 16(3):872–923, 1994.
T. Lev-Ami and M. Sagiv. TVLA: A system for implementing static analyses. In Proceedings of the Static Analysis Symposium, pages 280–301, 2000.
K. R. M. Leino, J. B. Saxe, and R. Stata. Checking Java programs via guarded commands. In Bart Jacobs, Gary T. Leavens, Peter Müller, and Arnd Poetzsch-Heffter, editors, Formal Techniques for Java Programs, Technical Report 251. Fernuniversität Hagen, May 1999.
J. Misra and K.M. Chandy. Proofs of networks of processes. IEEE Transactions on Software Engineering, SE-7(4):417–426, 1981.
K.L. McMillan. A compositional rule for hardware design refinement. In O. Grumberg, editor, CAV 97: Computer Aided Verification, Lecture Notes in Computer Science 1254, pages 24–35. Springer-Verlag, 1997.
A. Mokkedem and D. Mery. On using a composition principle to design parallel programs. In Algebraic Methodology and Software Technology, pages 315–324, 1993.
Z. Manna and A. Pnueli. Temporal Verification of Reactive Systems: Safety. Springer-Verlag, 1995.
C. G. Nelson. Techniques for program verification. Technical Report CSL-81-10, Xerox Palo Alto Research Center, 1981.
S. Owicki and D. Gries. An axiomatic proof technique for parallel programs. Acta Informatica, 6(4):319–340, 1976.
C.S. Păsăreanu, M.B. Dwyer, and M. Huth. Assume-guarantee model checking of software: A comparative case study. In Theoretical and Practical Aspects of SPIN Model Checking, Lecture Notes in Computer Science 1680, 1999.
S. Savage, M. Burrows, C.G. Nelson, P. Sobalvarro, and T.A. Anderson. Eraser: A dynamic data race detector for multithreaded programs. ACM Transactions on Computer Systems, 15(4):391–411, 1997.
M. Sagiv, T. Reps, and R. Wilhelm. Parametric shape analysis via 3-valued logic. In Conference Record of the Twenty-Sixth ACM Symposium on Principles of Programming Languages, pages 105–118, 1999.
E.W. Stark. A proof technique for rely/guarantee properties. In Proceedings of the 5th Conference on Foundations of Software Technology and Theoretical Computer Science, Lecture Notes in Computer Science 206, pages 369–391. Springer-Verlag, 1985.
N. Sterling. WARLOCK — a static data race analysis tool. In USENIX Technical Conference Proceedings, pages 97–106, Winter 1993.
C.A. Thekkath, T. Mann, and E.K. Lee. Frangipani: A scalable distributed file system. In Proceedings of the 16th ACM Symposium on Operating Systems Principles, pages 224–237, October 1997.
E. Yahav. Verifying safety properties of concurrent Java programs using 3-valued logic. In Proceedings of the 28th Symposium on Principles of Programming Languages, pages 27–40, January 2001.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Flanagan, C., Freund, S.N., Qadeer, S. (2002). Thread-Modular Verification for Shared-Memory Programs. In: Le Métayer, D. (eds) Programming Languages and Systems. ESOP 2002. Lecture Notes in Computer Science, vol 2305. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45927-8_19
Download citation
DOI: https://doi.org/10.1007/3-540-45927-8_19
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-43363-7
Online ISBN: 978-3-540-45927-9
eBook Packages: Springer Book Archive