36,167 research outputs found
Linearizability with Ownership Transfer
Linearizability is a commonly accepted notion of correctness for libraries of
concurrent algorithms. Unfortunately, it assumes a complete isolation between a
library and its client, with interactions limited to passing values of a given
data type. This is inappropriate for common programming languages, where
libraries and their clients can communicate via the heap, transferring the
ownership of data structures, and can even run in a shared address space
without any memory protection. In this paper, we present the first definition
of linearizability that lifts this limitation and establish an Abstraction
Theorem: while proving a property of a client of a concurrent library, we can
soundly replace the library by its abstract implementation related to the
original one by our generalisation of linearizability. This allows abstracting
from the details of the library implementation while reasoning about the
client. We also prove that linearizability with ownership transfer can be
derived from the classical one if the library does not access some of data
structures transferred to it by the client
Computer-Assisted Program Reasoning Based on a Relational Semantics of Programs
We present an approach to program reasoning which inserts between a program
and its verification conditions an additional layer, the denotation of the
program expressed in a declarative form. The program is first translated into
its denotation from which subsequently the verification conditions are
generated. However, even before (and independently of) any verification
attempt, one may investigate the denotation itself to get insight into the
"semantic essence" of the program, in particular to see whether the denotation
indeed gives reason to believe that the program has the expected behavior.
Errors in the program and in the meta-information may thus be detected and
fixed prior to actually performing the formal verification. More concretely,
following the relational approach to program semantics, we model the effect of
a program as a binary relation on program states. A formal calculus is devised
to derive from a program a logic formula that describes this relation and is
subject for inspection and manipulation. We have implemented this idea in a
comprehensive form in the RISC ProgramExplorer, a new program reasoning
environment for educational purposes which encompasses the previously developed
RISC ProofNavigator as an interactive proving assistant.Comment: In Proceedings THedu'11, arXiv:1202.453
Permission-Based Separation Logic for Multithreaded Java Programs
This paper presents a program logic for reasoning about multithreaded
Java-like programs with dynamic thread creation, thread joining and reentrant
object monitors. The logic is based on concurrent separation logic. It is the
first detailed adaptation of concurrent separation logic to a multithreaded
Java-like language. The program logic associates a unique static access
permission with each heap location, ensuring exclusive write accesses and
ruling out data races. Concurrent reads are supported through fractional
permissions. Permissions can be transferred between threads upon thread
starting, thread joining, initial monitor entrancies and final monitor exits.
In order to distinguish between initial monitor entrancies and monitor
reentrancies, auxiliary variables keep track of multisets of currently held
monitors. Data abstraction and behavioral subtyping are facilitated through
abstract predicates, which are also used to represent monitor invariants,
preconditions for thread starting and postconditions for thread joining.
Value-parametrized types allow to conveniently capture common strong global
invariants, like static object ownership relations. The program logic is
presented for a model language with Java-like classes and interfaces, the
soundness of the program logic is proven, and a number of illustrative examples
are presented
Procedure-modular specification and verification of temporal safety properties
This paper describes ProMoVer, a tool for fully automated procedure-modular verification of Java programs equipped with method-local and global assertions that specify safety properties of sequences of method invocations. Modularity at the procedure-level is a natural instantiation of the modular verification paradigm, where correctness of global properties is relativized on the local properties of the methods rather than on their implementations. Here, it is based on the construction of maximal models for a program model that abstracts away from program data. This approach allows global properties to be verified in the presence of code evolution, multiple method implementations (as arising from software product lines), or even unknown method implementations (as in mobile code for open platforms). ProMoVer automates a typical verification scenario for a previously developed tool set for compositional verification of control flow safety properties, and provides appropriate pre- and post-processing. Both linear-time temporal logic and finite automata are supported as formalisms for expressing local and global safety properties, allowing the user to choose a suitable format for the property at hand. Modularity is exploited by a mechanism for proof reuse that detects and minimizes the verification tasks resulting from changes in the code and the specifications. The verification task is relatively light-weight due to support for abstraction from private methods and automatic extraction of candidate specifications from method implementations. We evaluate the tool on a number of applications from the domains of Java Card and web-based application
Specifying Reusable Components
Reusable software components need expressive specifications. This paper
outlines a rigorous foundation to model-based contracts, a method to equip
classes with strong contracts that support accurate design, implementation, and
formal verification of reusable components. Model-based contracts
conservatively extend the classic Design by Contract with a notion of model,
which underpins the precise definitions of such concepts as abstract
equivalence and specification completeness. Experiments applying model-based
contracts to libraries of data structures suggest that the method enables
accurate specification of practical software
- ā¦