Deductive Verification of Parallel Programs Using Why3

The Message Passing Interface specification (MPI) defines a portable message-passing API used to program parallel computers. MPI programs manifest a number of challenges on what concerns correctness: sent and expected values in communications may not match, resulting in incorrect computations possibly leading to crashes; and programs may deadlock resulting in wasted resources. Existing tools are not completely satisfactory: model-checking does not scale with the number of processes; testing techniques wastes resources and are highly dependent on the quality of the test set. As an alternative, we present a prototype for a type-based approach to programming and verifying MPI like programs against protocols. Protocols are written in a dependent type language designed so as to capture the most common primitives in MPI, incorporating, in addition, a form of primitive recursion and collective choice. Protocols are then translated into Why3, a deductive software verification tool. Source code, in turn, is written in WhyML, the language of the Why3 platform, and checked against the protocol. Programs that pass verification are guaranteed to be communication safe and free from deadlocks. We verified several parallel programs from textbooks using our approach, and report on the outcome.Comment: In Proceedings ICE 2015, arXiv:1508.0459

Inferring types for parallel programs

The Message Passing Interface (MPI) framework is widely used in implementing imperative pro- grams that exhibit a high degree of parallelism. The PARTYPES approach proposes a behavioural type discipline for MPI-like programs in which a type describes the communication protocol followed by the entire program. Well-typed programs are guaranteed to be exempt from deadlocks. In this paper we describe a type inference algorithm for a subset of the original system; the algorithm allows to statically extract a type for an MPI program from its source code.Comment: In Proceedings PLACES 2017, arXiv:1704.0241

A process-calculus approach to typed concurrent objects

. I propose an untyped name-passing calculus and a series of decidable type systems assigning types to names in terms. The calculus, designed according to the modern trends in name-passing calculi, is intended to capture the basic concepts of concurrent objects. The type systems, developed along the lines of those for -calculi, provide for partial-specification in the form of communication protocols for programs, and for partial-correctness wherein typable terms are assured not to run into errors at execution time. Terms are built from names and labels by means of five constructors, the innovations being guarded labelled-sums describing objects composed of labelled methods and asynchronous labelled messages selecting a method in the target object. The remaining constructors are fairly standard in name-passing calculi and comprise concurrent composition, local name creation (or scope restriction), and replication. The type systems assign types to names, and typings (that is, sets of nam..

Trace Semantics for Concurrent Objects

The theory of traces (the theory of free partial commutative monoids) is used to describe the behavior of systems of concurrent objects. A composition operation on systems and a synchronization operation on behaviors are presented: they allow to derive the behavior of complex systems from the behavior of its components. To address fundamental issues of concurrent semantics for objects in general, we concentrate on a simple model where objects communicate via asynchronous message passing and are only capable of sending messages, creating more objects and changing the way they react to incoming messages. The semantics is built from two simple concepts: a set of events representing the reception of messages by objects, and a binary symmetric and irreflexive relation on events---independence---representing permissible concurrency. Causality, the dual notion of concurrency, is expressed by the dependence relation---the complement of independence. Executions of systems are described by a tra..

An operational semantics and a typing system for ABCL/1 based on a calculus for objects

The present report presents an operational semantics and a typing system for ABCL/1 programs, based on a name-passing calculus. The particular calculus we use, T yCO, features asynchronous labelled message passing, explicit objects composed of labelled methods, and operators to compose objects and messages concurrently, and to generate new names. The calculus is only implicitly typed in that no type information is presented in programs, but else inferred through a typing assignment system. The operational semantics is obtained by a systematic translation of the constructors present in the ABCL/1 language into T yCO processes. The type assignment system is derived from this encoding and from T yCO type inference rules. The encoding provides a very fine grain semantics that makes explicit the order of evaluation in methods, and highlights the most complex features present in ABCL/1, namely wait-for forms and express-messages. The typing system provides a means to statically separate "saf..

Unification of Kinded Infinite Trees

We study the problem of unifying infinite trees with variables subject to constraints on the trees they may be substituted for. The constraints are given by mappings from variables to trees, called kindings. In particular, we show that if a set of equations over a given kinding is unifiable, it has a most general unifier using only a subset of the variables in the set of equations and in the kinding. We present an efficient algorithm to extract the most general unifier of a regular (having a finite number of subtrees) and unifiable set of equations over a given kinding. The results extend those of Huet on unification of regular trees, and those of Ohori on unification of kinded finite trees. 1 The Problem We follow Courcelle on infinite trees [2]. Assume F to be a ranked alphabet, and V a set of variables, such that F " V = ;. Variables in V are considered symbols of rank 0. A tree over a ranked alphabet F [ V is a partial mapping, u : N + ! F [ V , from the set N + of strings ..