148 research outputs found
The VerCors tool for verification of concurrent programs
The VerCors tool implements thread-modular static verification of concurrent programs, annotated with functional properties and heap access permissions. The tool supports both generic multithreaded and vector-based programming models. In particular, it can verify multithreaded programs written in Java, specified with JML extended with separation logic. It can also verify parallelizable programs written in a toy language that supports the characteristic features of OpenCL. The tool verifies programs by first encoding the specified program into a much simpler programming language and then applying the Chalice verifier to the simplified program. In this paper we discuss both the implementation of the tool and the features of its specification language
Verification of Shared-Reading Synchronisers
Synchronisation classes are an important building block for shared memory
concurrent programs. Thus to reason about such programs, it is important to be
able to verify the implementation of these synchronisation classes, considering
atomic operations as the synchronisation primitives on which the
implementations are built. For synchronisation classes controlling exclusive
access to a shared resource, such as locks, a technique has been proposed to
reason about their behaviour. This paper proposes a technique to verify
implementations of both exclusive access and shared-reading synchronisers. We
use permission-based Separation Logic to describe the behaviour of the main
atomic operations, and the basis for our technique is formed by a specification
for class AtomicInteger, which is commonly used to implement synchronisation
classes in java.util.concurrent. To demonstrate the applicability of our
approach, we mechanically verify the implementation of various synchronisation
classes like Semaphore, CountDownLatch and Lock.Comment: In Proceedings MeTRiD 2018, arXiv:1806.0933
Future-based Static Analysis of Message Passing Programs
Message passing is widely used in industry to develop programs consisting of
several distributed communicating components. Developing functionally correct
message passing software is very challenging due to the concurrent nature of
message exchanges. Nonetheless, many safety-critical applications rely on the
message passing paradigm, including air traffic control systems and emergency
services, which makes proving their correctness crucial. We focus on the
modular verification of MPI programs by statically verifying concrete Java
code. We use separation logic to reason about local correctness and define
abstractions of the communication protocol in the process algebra used by
mCRL2. We call these abstractions futures as they predict how components will
interact during program execution. We establish a provable link between futures
and program code and analyse the abstract futures via model checking to prove
global correctness. Finally, we verify a leader election protocol to
demonstrate our approach.Comment: In Proceedings PLACES 2016, arXiv:1606.0540
A History of BlockingQueues
This paper describes a way to formally specify the behaviour of concurrent
data structures. When specifying concurrent data structures, the main challenge
is to make specifications stable, i.e., to ensure that they cannot be
invalidated by other threads. To this end, we propose to use history-based
specifications: instead of describing method behaviour in terms of the object's
state, we specify it in terms of the object's state history. A history is
defined as a list of state updates, which at all points can be related to the
actual object's state.
We illustrate the approach on the BlockingQueue hierarchy from the
java.util.concurrent library. We show how the behaviour of the interface
BlockingQueue is specified, leaving a few decisions open to descendant classes.
The classes implementing the interface correctly inherit the specifications. As
a specification language, we use a combination of JML and permission-based
separation logic, including abstract predicates. This results in an abstract,
modular and natural way to specify the behaviour of concurrent queues. The
specifications can be used to derive high-level properties about queues, for
example to show that the order of elements is preserved. Moreover, the approach
can be easily adapted to other concurrent data structures.Comment: In Proceedings FLACOS 2012, arXiv:1209.169
Permission-Based Separation Logic for Multithreaded Java Programs
This paper motivates and presents a program logic for reasoning about multithreaded Java-like programs with concurrency primitives such as dynamic thread creation, thread joining and reentrant object monitors. The logic is based on concurrent separation logic. It is the first detailed adaptation of concurrent separation logic to a multithreaded Java-like language. The program logic associates a unique static access permission with each heap location, ensuring exclusive write accesses and ruling out data races. Concurrent reads are supported through fractional permissions. Permissions can be transferred between threads upon thread starting, thread joining, initial monitor entrancies and final monitor exits.\ud
This paper presents the basic principles to reason about thread creation and thread joining. It finishes with an outlook how this logic will evolve into a full-fledged verification technique for Java (and possibly other multithreaded languages)
- âŠ