research-article

Mechanized verification of fine-grained concurrent programs

Authors:
Ilya Sergey

IMDEA Software Institute, Spain

IMDEA Software Institute, Spain
View Profile

,
Aleksandar Nanevski

IMDEA Software Institute, Spain

IMDEA Software Institute, Spain
View Profile

,
Anindya Banerjee

IMDEA Software Institute, Spain

IMDEA Software Institute, Spain
View Profile

PLDI '15: Proceedings of the 36th ACM SIGPLAN Conference on Programming Language Design and ImplementationJune 2015Pages 77–87https://doi.org/10.1145/2737924.2737964

Published:03 June 2015Publication History

PLDI '15: Proceedings of the 36th ACM SIGPLAN Conference on Programming Language Design and Implementation

Pages 77–87

ABSTRACT

Efficient concurrent programs and data structures rarely employ coarse-grained synchronization mechanisms (i.e., locks); instead, they implement custom synchronization patterns via fine-grained primitives, such as compare-and-swap. Due to sophisticated interference scenarios between threads, reasoning about such programs is challenging and error-prone, and can benefit from mechanization. In this paper, we present the first completely formalized framework for mechanized verification of full functional correctness of fine-grained concurrent programs. Our tool is based on the recently proposed program logic FCSL. It is implemented as an embedded DSL in the dependently-typed language of the Coq proof assistant, and is powerful enough to reason about programming features such as higher-order functions and local thread spawning. By incorporating a uniform concurrency model, based on state-transition systems and partial commutative monoids, FCSL makes it possible to build proofs about concurrent libraries in a thread-local, compositional way, thus facilitating scalability and reuse: libraries are verified just once, and their specifications are used ubiquitously in client-side reasoning. We illustrate the proof layout in FCSL by example, outline its infrastructure, and report on our experience of using FCSL to verify a number of concurrent algorithms and data structures.

References

A. W. Appel, R. Dockins, A. Hobor, L. Beringer, J. Dodds, G. Stewart, S. Blazy, and X. Leroy. Program Logics for Certified Compilers. Cambridge University Press, 2014. Google ScholarCross Ref
Y. Bertot and P. Castéran. Interactive Theorem Proving and Program Development. Coq’Art: The Calculus of Inductive Constructions. Texts in Theoretical Computer Science. Springer Verlag, 2004. Google ScholarDigital Library
R. Bornat, C. Calcagno, P. W. O’Hearn, and M. J. Parkinson. Permission accounting in separation logic. In POPL, pages 259–270. ACM, 2005. Google ScholarDigital Library
S. Brookes. A semantics for concurrent separation logic. Th. Comp. Sci., 375(1-3), 2007. Google ScholarDigital Library
C. Calcagno, M. J. Parkinson, and V. Vafeiadis. Modular safety checking for fine-grained concurrency. In SAS, volume 4634 of LNCS, pages 233–248. Springer, 2007. Google ScholarDigital Library
A. Chlipala. Mostly-automated verification of low-level programs in computational separation logic. In PLDI, pages 234–245. ACM, 2011. Google ScholarDigital Library
A. Chlipala. Certified Programming with Dependent Types. The MIT Press, 2013. Available from http://adam.chlipala.net/cpdt. Google ScholarDigital Library
E. Cohen, M. Dahlweid, M. A. Hillebrand, D. Leinenbach, M. Moskal, T. Santen, W. Schulte, and S. Tobies. VCC: A practical system for verifying concurrent C. In TPHOLs, volume 5674 of LNCS, pages 23–42. Springer, 2009. Google ScholarDigital Library
E. Cohen, W. J. Paul, and S. Schmaltz. Theory of multi core hypervisor verification. In SOFSEM, volume 7741 of LNCS, pages 1–27. Springer, 2013.Google Scholar
Coq Development Team. The Coq Proof Assistant Reference Manual - Version V8.4, 2014. http://coq.inria.fr/.Google Scholar
P. da Rocha Pinto, T. Dinsdale-Young, and P. Gardner. TaDA: A Logic for Time and Data Abstraction. In ECOOP, volume 8586 of LNCS, pages 207–231. Springer, 2014.Google Scholar
E. W. Dijkstra. Guarded commands, nondeterminacy and formal derivation of programs. Commun. ACM, 18(8):453–457, Aug. 1975. Google ScholarDigital Library
T. Dinsdale-Young, L. Birkedal, P. Gardner, M. J. Parkinson, and H. Yang. Views: compositional reasoning for concurrent programs. In POPL, pages 287–300. ACM, 2013. Google ScholarDigital Library
T. Dinsdale-Young, M. Dodds, P. Gardner, M. J. Parkinson, and V. Vafeiadis. Concurrent Abstract Predicates. In ECOOP, volume 6183 of LNCS, pages 504–528. Springer, 2010. Google ScholarDigital Library
X. Feng. Local rely-guarantee reasoning. In POPL, pages 315–327. ACM, 2009. Google ScholarDigital Library
X. Feng, R. Ferreira, and Z. Shao. On the relationship between concurrent separation logic and assume-guarantee reasoning. In ESOP, volume 4421 of LNCS, pages 173–188. Springer, 2007. Google ScholarDigital Library
G. Gonthier, A. Mahboubi, and E. Tassi. A Small Scale Reflection Extension for the Coq system. Technical Report 6455, Microsoft Research – Inria Joint Centre, 2009.Google Scholar
G. Gonthier, B. Ziliani, A. Nanevski, and D. Dreyer. How to make ad hoc proof automation less ad hoc. In ICFP, pages 163–175. ACM, 2011. Google ScholarDigital Library
C. S. Gordon. Verifying Concurrent Programs by Controlling Alias Interference. PhD thesis, University of Washington, 2014.Google Scholar
D. Hendler, I. Incze, N. Shavit, and M. Tzafrir. Flat combining and the synchronization-parallelism tradeoff. In SPAA, pages 355–364, 2010. Google ScholarDigital Library
M. Herlihy and J. M. Wing. Linearizability: A correctness condition for concurrent objects. ACM Trans. Prog. Lang. Syst., 12(3):463–492, 1990. Google ScholarDigital Library
A. Hobor and J. Villard. The ramifications of sharing in data structures. In POPL, pages 523–536. ACM, 2013. Google ScholarDigital Library
B. Jacobs and F. Piessens. Expressive modular fine-grained concurrency specification. In POPL, pages 271–282. ACM, 2011. Google ScholarDigital Library
B. Jacobs, J. Smans, P. Philippaerts, F. Vogels, W. Penninckx, and F. Piessens. VeriFast: A Powerful, Sound, Predictable, Fast Verifier for C and Java. In NASA Formal Methods, volume 6617 of LNCS, pages 41–55. Springer, 2011. Google ScholarDigital Library
J. B. Jensen, N. Benton, and A. Kennedy. High-level separation logic for low-level code. In POPL, pages 301–314. ACM, 2013. Google ScholarDigital Library
C. B. Jones. Tentative steps toward a development method for interfering programs. ACM Trans. Prog. Lang. Syst., 5(4):596–619, 1983. Google ScholarDigital Library
C. B. Jones. The role of auxiliary variables in the formal development of concurrent programs. In Reflections on the Work of C.A.R. Hoare, pages 167–187. Springer London, 2010.Google Scholar
R. Jung, D. Swasey, F. Sieczkowski, K. Svendsen, A. Turon, L. Birkedal, and D. Dreyer. Iris: Monoids and invariants as an orthogonal basis for concurrent reasoning. In POPL, pages 637–650. ACM, 2015. Google ScholarDigital Library
K. R. M. Leino and P. Müller. A basis for verifying multi-threaded programs. In ESOP, volume 5502 of LNCS, pages 378–393. Springer, 2009. Google ScholarDigital Library
K. R. M. Leino, P. Müller, and J. Smans. Verification of Concurrent Programs with Chalice. In FOSAD, volume 5705 of LNCS, pages 195–222. Springer, 2009. Google ScholarDigital Library
X. Leroy. Formal certification of a compiler back-end or: programming a compiler with a proof assistant. In POPL, pages 42–54, 2006. Google ScholarDigital Library
P. Letouzey. Extraction in Coq: An Overview. In Computability in Europe, volume 5028 of LNCS, pages 359–369. Springer, 2008. Google ScholarDigital Library
R. Ley-Wild and A. Nanevski. Subjective auxiliary state for coarsegrained concurrency. In POPL, pages 561–574. ACM, 2013. Google ScholarDigital Library
H. Liang and X. Feng. Modular verification of linearizability with non-fixed linearization points. In PLDI, pages 459–470. ACM, 2013. Google ScholarDigital Library
P. Lucas. Two constructive realizations of the block concept and their equivalence. Technical Report 25.085, IBM Laboratory Vienna, 1968.Google Scholar
A. Mahboubi and E. Tassi. Canonical structures for the working Coq user. In ITP, volume 7998 of LNCS, pages 19–34. Springer, 2013. Google ScholarDigital Library
A. Nanevski, R. Ley-Wild, I. Sergey, and G. A. Delbianco. Communicating State Transition Systems for Fine-Grained Concurrent Resources. In ESOP, volume 8410 of LNCS, pages 290–310. Springer, 2014. Extended version is available at http://software.imdea. org/fcsl/papers/concurroids-extended.pdf.Google Scholar
A. Nanevski, G. Morrisett, and L. Birkedal. Polymorphism and separation in Hoare Type Theory. In ICFP, pages 62–73. ACM, 2006. Google ScholarDigital Library
A. Nanevski, G. Morrisett, A. Shinnar, P. Govereau, and L. Birkedal. Ynot: Dependent types for imperative programs. In ICFP, pages 229– 240. ACM Press, 2008. Google ScholarDigital Library
A. Nanevski, V. Vafeiadis, and J. Berdine. Structuring the verification of heap-manipulating programs. In POPL, pages 261–274. ACM, 2010. Google ScholarDigital Library
P. W. O’Hearn. Resources, concurrency, and local reasoning. Th. Comp. Sci., 375(1-3):271–307, 2007. Google ScholarDigital Library
S. S. Owicki and D. Gries. Verifying properties of parallel programs: An axiomatic approach. Commun. ACM, 19(5):279–285, 1976. Google ScholarDigital Library
S. Qadeer, A. Sezgin, and S. Tasiran. Back and forth: Prophecy variables for static verification of concurrent programs. Technical Report MSR-TR-2009-142, Microsoft Research, 2009.Google Scholar
A. Raad, J. Villard, and P. Gardner. CoLoSL: Concurrent Local Subjective Logic. In ESOP, volume 9032 of LNCS, pages 710–735. Springer, 2015.Google Scholar
J. C. Reynolds. Separation Logic: A Logic for Shared Mutable Data Structures. In LICS, pages 55–74. IEEE Computer Society, 2002. Google ScholarDigital Library
I. Sergey, A. Nanevski, and A. Banerjee. Mechanized verification of fine-grained concurrent programs. Accompanying code and tutorial. Available from http://software.imdea.org/fcsl. Google ScholarDigital Library
I. Sergey, A. Nanevski, and A. Banerjee. Specifying and verifying concurrent algorithms with histories and subjectivity. In ESOP, volume 9032 of LNCS, pages 333–358. Springer, 2015. Google ScholarDigital Library
Z. Shao. Certified software. Commun. ACM, 53(12):56–66, 2010.Google ScholarDigital Library
J. Smans, D. Vanoverberghe, D. Devriese, B. Jacobs, and F. Piessens. Shared boxes: Rely-Guarantee reasoning in VeriFast. CW Reports CW662, KU Leuven, May 2014.Google Scholar
M. Sozeau and N. Tabareau. Universe polymorphism in Coq. In ITP, volume 8558 of LNCS, pages 499–514. Springer, 2014.Google Scholar
K. Svendsen and L. Birkedal. Impredicative Concurrent Abstract Predicates. In ESOP, volume 8410 of LNCS, pages 149–168. Springer, 2014.Google Scholar
R. K. Treiber. Systems programming: coping with parallelism. Technical Report RJ 5118, IBM Almaden Research Center, 1986.Google Scholar
A. Turon, D. Dreyer, and L. Birkedal. Unifying refinement and Hoarestyle reasoning in a logic for higher-order concurrency. In ICFP, pages 377–390. ACM, 2013. Google ScholarDigital Library
V. Vafeiadis. RGSep Action Inference. In VMCAI, volume 5944 of LNCS, pages 345–361. Springer-Verlag, 2010. Google ScholarDigital Library
V. Vafeiadis and M. J. Parkinson. A marriage of rely/guarantee and separation logic. In CONCUR, volume 4703 of LNCS, pages 256– 271. Springer, 2007. Google ScholarDigital Library
F. Vogels. Formalisation and Soundness of Static Verification Algorithms for Imperative Programs. PhD thesis, KU Leuven, 2012.Google Scholar

Index Terms

Mechanized verification of fine-grained concurrent programs
1. Software and its engineering
  1. Software notations and tools
    1. Formal language definitions
2. Theory of computation

Recommendations

Mechanized verification of fine-grained concurrent programs
PLDI '15

Efficient concurrent programs and data structures rarely employ coarse-grained synchronization mechanisms (i.e., locks); instead, they implement custom synchronization patterns via fine-grained primitives, such as compare-and-swap. Due to sophisticated ...
Read More
Variables as Resource for Shared-Memory Programs: Semantics and Soundness

Parkinson, Bornat, and Calcagno recently introduced a logic for partial correctness in which program variables are treated as resource, generalizing earlier work based on separation logic and permissions. An advantage of their approach is that it yields ...
Read More
Compositional verification of termination-preserving refinement of concurrent programs
CSL-LICS '14: Proceedings of the Joint Meeting of the Twenty-Third EACSL Annual Conference on Computer Science Logic (CSL) and the Twenty-Ninth Annual ACM/IEEE Symposium on Logic in Computer Science (LICS)

Many verification problems can be reduced to refinement verification. However, existing work on verifying refinement of concurrent programs either fails to prove the preservation of termination, allowing a diverging program to trivially refine any ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
PLDI '15: Proceedings of the 36th ACM SIGPLAN Conference on Programming Language Design and Implementation
June 2015
630 pages
ISBN:9781450334686
DOI:10.1145/2737924
General Chair:
David Grove
IBM Research, USA
,
Program Chair:
Steve Blackburn
Australian National University, Australia
ACM SIGPLAN Notices Volume 50, Issue 6
PLDI '15
June 2015
630 pages
ISSN:0362-1340
EISSN:1558-1160
DOI:10.1145/2813885
Editor:
Andy Gill
University of Kansas, Lawrence, KS
Issue’s Table of Contents
Copyright © 2015 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 3 June 2015
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Compositional program verification
concurrency
dependent types
mechanized proofs
separation logic
Qualifiers
- research-article
Conference

Acceptance Rates
Overall Acceptance Rate406of2,067submissions,20%
Upcoming Conference
PLDI '24

Sponsor:

sigplan

ACM SIGPLAN Conference on Programming Language Design and Implementation

June 24 - 28, 2024

Copenhagen , Denmark
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 83
  Total Citations
  View Citations
- 451
  Total Downloads
- Downloads (Last 12 months)41
- Downloads (Last 6 weeks)2
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Mechanized verification of fine-grained concurrent programs

PLDI '15: Proceedings of the 36th ACM SIGPLAN Conference on Programming Language Design and Implementation

ABSTRACT

References

Cited By

Index Terms

Recommendations

Mechanized verification of fine-grained concurrent programs

Variables as Resource for Shared-Memory Programs: Semantics and Soundness

Compositional verification of termination-preserving refinement of concurrent programs