88 research outputs found
A semantics for concurrent separation logic
AbstractWe present a trace semantics for a language of parallel programs which share access to mutable data. We introduce a resource-sensitive logic for partial correctness, based on a recent proposal of O’Hearn, adapting separation logic to the concurrent setting. The logic allows proofs of parallel programs in which “ownership” of critical data, such as the right to access, update or deallocate a pointer, is transferred dynamically between concurrent processes. We prove soundness of the logic, using a novel “local” interpretation of traces which allows accurate reasoning about ownership. We show that every provable program is race-free
Permission-Based Separation Logic for Multithreaded Java Programs
This paper motivates and presents a program logic for reasoning about multithreaded Java-like programs with concurrency primitives such as dynamic thread creation, thread joining and reentrant object monitors. The logic is based on concurrent separation logic. It is the first detailed adaptation of concurrent separation logic to a multithreaded Java-like language. The program logic associates a unique static access permission with each heap location, ensuring exclusive write accesses and ruling out data races. Concurrent reads are supported through fractional permissions. Permissions can be transferred between threads upon thread starting, thread joining, initial monitor entrancies and final monitor exits.\ud
This paper presents the basic principles to reason about thread creation and thread joining. It finishes with an outlook how this logic will evolve into a full-fledged verification technique for Java (and possibly other multithreaded languages)
Some Challenges of Specifying Concurrent Program Components
The purpose of this paper is to address some of the challenges of formally
specifying components of shared-memory concurrent programs. The focus is to
provide an abstract specification of a component that is suitable for use both
by clients of the component and as a starting point for refinement to an
implementation of the component. We present some approaches to devising
specifications, investigating different forms suitable for different contexts.
We examine handling atomicity of access to data structures, blocking operations
and progress properties, and transactional operations that may fail and need to
be retried.Comment: In Proceedings Refine 2018, arXiv:1810.0873
SteelCore: An extensible concurrent separation logic for effectful dependently typed programs
Much recent research has been devoted to modeling effects within type theory. Building on this work, we observe that effectful type theories can provide a foundation on which to build semantics for more complex programming constructs and program logics, extending the reasoning principles that apply within the host effectful type theory itself. Concretely, our main contribution is a semantics for concurrent separation logic (CSL) within the F* proof assistant in a manner that enables dependently typed, effectful F* programs to make use of concurrency and to be specified and verified using a full-featured, extensible CSL. In contrast to prior approaches, we directly derive the partial-correctness Hoare rules for CSL from the denotation of computations in the effectful semantics of non-deterministically interleaved atomic actions. Demonstrating the flexibility of our semantics, we build generic, verified libraries that support various concurrency constructs, ranging from dynamically allocated, storable spin locks, to protocol-indexed channels. We conclude that our effectful semantics provides a simple yet expressive basis on which to layer domain-specific languages and logics for verified, concurrent programming.Fil: Swamy, Nikhil. Microsoft Research; Estados UnidosFil: Rastogi, Aseem. Microsoft Research; IndiaFil: Fromherz, Aymeric. University of Carnegie Mellon; Estados UnidosFil: Merigoux, Denis. Institut National de Recherche en Informatique et en Automatique; FranciaFil: Ahman, Danel. University of Ljubljana; EsloveniaFil: MartĂnez, Guido. Consejo Nacional de Investigaciones CientĂficas y TĂ©cnicas. Centro CientĂfico TecnolĂłgico Conicet - Rosario. Centro Internacional Franco Argentino de Ciencias de la InformaciĂłn y de Sistemas. Universidad Nacional de Rosario. Centro Internacional Franco Argentino de Ciencias de la InformaciĂłn y de Sistemas; Argentin
Recommended from our members
Certified Web Services in Ynot
In this paper we demonstrate that it is possible to implement certi ed web systems in a way not much di erent from writing
Standard ML or Haskell code, including use of imperative features like pointers, les, and socket I/O. We present a web-based course gradebook application developed with Ynot, a Coq library for certi ed imperative programming.We add a dialog-based I/O system to Ynot, and we extend Ynot's underlying Hoare logic with event traces to reason about I/O be- havior. Expressive abstractions allow the modular certi cation of both high level speci cations like privacy guarantees and low level properties like memory safety and correct parsing.Engineering and Applied Science
Completeness for a First-order Abstract Separation Logic
Existing work on theorem proving for the assertion language of separation
logic (SL) either focuses on abstract semantics which are not readily available
in most applications of program verification, or on concrete models for which
completeness is not possible. An important element in concrete SL is the
points-to predicate which denotes a singleton heap. SL with the points-to
predicate has been shown to be non-recursively enumerable. In this paper, we
develop a first-order SL, called FOASL, with an abstracted version of the
points-to predicate. We prove that FOASL is sound and complete with respect to
an abstract semantics, of which the standard SL semantics is an instance. We
also show that some reasoning principles involving the points-to predicate can
be approximated as FOASL theories, thus allowing our logic to be used for
reasoning about concrete program verification problems. We give some example
theories that are sound with respect to different variants of separation logics
from the literature, including those that are incompatible with Reynolds's
semantics. In the experiment we demonstrate our FOASL based theorem prover
which is able to handle a large fragment of separation logic with heap
semantics as well as non-standard semantics.Comment: This is an extended version of the APLAS 2016 paper with the same
titl
Footprints in Local Reasoning
Local reasoning about programs exploits the natural local behaviour common in
programs by focussing on the footprint - that part of the resource accessed by
the program. We address the problem of formally characterising and analysing
the footprint notion for abstract local functions introduced by Calcagno, O
Hearn and Yang. With our definition, we prove that the footprints are the only
essential elements required for a complete specification of a local function.
We formalise the notion of small specifications in local reasoning and show
that for well-founded resource models, a smallest specification always exists
that only includes the footprints, and also present results for the
non-well-founded case. Finally, we use this theory of footprints to investigate
the conditions under which the footprints correspond to the smallest safe
states. We present a new model of RAM in which, unlike the standard model, the
footprints of every program correspond to the smallest safe states, and we also
identify a general condition on the primitive commands of a programming
language which guarantees this property for arbitrary models.Comment: LMCS 2009 (FOSSACS 2008 special issue
Independence and concurrent separation logic
A compositional Petri net-based semantics is given to a simple language
allowing pointer manipulation and parallelism. The model is then applied to
give a notion of validity to the judgements made by concurrent separation logic
that emphasizes the process-environment duality inherent in such rely-guarantee
reasoning. Soundness of the rules of concurrent separation logic with respect
to this definition of validity is shown. The independence information retained
by the Petri net model is then exploited to characterize the independence of
parallel processes enforced by the logic. This is shown to permit a refinement
operation capable of changing the granularity of atomic actions
- …