Formal Analysis of Concurrent Programs

In this thesis, extensions of Kleene algebras are used to develop algebras for rely-guarantee style reasoning about concurrent programs. In addition to these algebras, detailed denotational models are implemented in the interactive theorem prover Isabelle/HOL. Formal soundness proofs link the algebras to their models. This follows a general algebraic approach for developing correct by construction verification tools within Isabelle. In this approach, algebras provide inference rules and abstract principles for reasoning about the control flow of programs, while the concrete models provide laws for reasoning about data flow. This yields a rapid, lightweight approach for the construction of verification and refinement tools. These tools are used to construct a popular example from the literature, via refinement, within the context of a general-purpose interactive theorem proving environment

Partial Orders for Efficient BMC of Concurrent Software

This version previously deposited at arXiv:1301.1629v1 [cs.LO]The vast number of interleavings that a concurrent program can have is typically identified as the root cause of the difficulty of automatic analysis of concurrent software. Weak memory is generally believed to make this problem even harder. We address both issues by modelling programs' executions with partial orders rather than the interleaving semantics (SC). We implemented a software analysis tool based on these ideas. It scales to programs of sufficient size to achieve first-time formal verification of non-trivial concurrent systems code over a wide range of models, including SC, Intel x86 and IBM Power

A technique for detecting wait-notify deadlocks in Java

Deadlock analysis of object-oriented programs that dynamically create threads and objects is complex, because these programs may have an infinite number of states. In this thesis, I analyze the correctness of wait - notify patterns (e.g. deadlock freedom) by using a newly introduced technique that consists in an analysis model that is a basic concurrent language with a formal semantic. I detect deadlocks by associating a Petri Net graph to each process of the input program. This model allows to check if a deadlock occur by analysing the reachability tree. The technique presented is a basic step of a more complex and complete project, since in my work I only consider programs with one object

A Mechanized Theory of Communication Analysis in CML

For this master\u27s thesis, I have developed a formal semantics of a language with concurrent processes (or threads), an initial formal analysis, along with related theorems and formal proofs. The language under analysis is a very simplified version of Concurrent ML. The formal analysis recasts an analysis with informal proofs developed by Reppy and Xiao. It categorizes communication described by programs into simple topologies. One description of topologies is static; that is, it describes all static topologies of a program in a finite number of steps. Another description is dynamic; that is, it describes topologies in terms of running a program for an arbitrary number of steps. The main formal theorem states that the static analysis is sound with respect to the dynamic analysis. Two versions of the static analysis have been developed so far; one with lower precision, and one with higher precision. The higher precision analysis is closer to the work by Reppy and Xiao, but contains many more details making it more challenging to prove formally than the lower precision analysis. The proofs for the soundness theorems of the lower precision analysis have been mechanically verified using Isabelle/HOL, while the higher precision analysis is currently under development. Indeed, one of the motivations for implementing the analysis in a mechanical setting is to enable gradual extension of analysis and language without introducing uncaught bugs in the definitions or proofs. The definitions used in this formal theory differ significantly from that of Reppy and Xiao, in order to aid formal reasoning. Thus, recasting Reppy and Xiao\u27s work was far more nuanced than a straightforward syntactic transliteration. Although the definitions are structurally quite different, their philosophical equivalence is hopefully apparent. In this formal theory, the dynamic semantics of Concurrent ML consists of a CEK machine. The static semantics consists of a control flow analysis (0CFA), defined in terms of constraints

A proof system for lock-free concurrency

Dissertação para obtenção do Grau de Mestre em Engenharia InformáticaSoftware has become widespread, being used and relied upon on nearly every domain. Furthermore, as this globalization of software took place and multi-core architectures became the norm, several programs are now expected to run on a given device at the same time in a timely fashion. Attending this need, concurrent and distributed systems are a well known way of dealing with performance and scalability of computation. Although several such systems exist in the devices and services we depend on, it is frequent for those systems to be exploited or go wrong. Because most complex programs are built in modules and lack a formal specification of what they do, it is hard to prevent the emerging system from failing or being exploited. Therefore, one of the most sought after results by software industry is a way of reasoning about programs that prevents undesired behavior. Formal methods contribute to a rigorous specification, analysis, and verification of programs, having proven to be quite effective in this regard. Program logics,in particular, are able to verify validity of user-specified formulas and are the solution we propose to tackle this issue. Regarding concurrent programs, locks are a mechanism that make reasoning easier by serializing access to shared resources, taming concurrency. Since lock-free programs offer a better way of taking advantage of concurrency, we are especially interested in them. In this context, the LL/SC pair of primitives have proven to be more expressive than their widely used CAS counterpart. The goal of our work is then to develop a proof system capable of proving correctness of lock-free programs based on LL/SC primitives. In this dissertation we present a new program logic, based on those of concurrent separation logic and RGSep, which establishes a solid theoretical basis for reasoning about such programs

Automated Verification of Specifications with Typestates and Access Permissions

We propose an approach to formally verify Plural specifications  of concurrent programs based on access permissions and  typestates, by model-checking automatically generated abstract  state-machines. Our approach captures all possible relevant  behaviors of abstract concurrent programs implementing the  specification. We describe the formal methodology employed in  our technique and provide an example as proof of concept for the  state-machine construction rules.  We implemented the fully automated algorithm to generate and  verify models as a freely available plug-in of the Plural tool,  called Pulse.  We tested Pulse on the full specification of a  Multi Threaded Task Server commercial application and showed  that this approach scales well and is efficient in finding  errors in specifications that could not be previously detected  with the Data Flow Analysis (DFA) capabilities of Plural

Static Analysis of a Concurrent Programming Language by Abstract Interpretation

Static analysis is an approach to determine information about the program without actually executing it. There has been much research in the static analysis of concurrent programs. However, very little academic research has been done on the formal analysis of message passing or process-oriented languages. We currently miss formal analysis tools and techniques for concurrent process-oriented languages such as Erasmus . In this dissertation, we focus on the problem of static analysis of large Erasmus programs. This can help us toward building more reliable Erasmus software systems. Reasoning about non-deterministic large Erasmus program using static analyzer is hard. These kinds of programs can quickly exhaust the computational and memory resources of the static analyzer tool. We use Abstract Interpretation to reason about Erasmus programs. To use the Abstract Interpretation theory, we introduce a lattice for Erasmus communications and an Event Order Predictor algorithm to statically determine the order that events happen in an Erasmus program. By using fixed-point theory of lattice, we compute a safe approximation of reachable states of an Erasmus programs. We also offer a Resettable Event order Vector for Erasmus processes to realistically implement our vector for large Erasmus programs using bounded space. We believe that our formal approach is also applicable to other types of process-oriented programs and MPI programs