Message passing is widely used in industry to develop programs consisting of
several distributed communicating components. Developing functionally correct
message passing software is very challenging due to the concurrent nature of
message exchanges. Nonetheless, many safety-critical applications rely on the
message passing paradigm, including air traffic control systems and emergency
services, which makes proving their correctness crucial. We focus on the
modular verification of MPI programs by statically verifying concrete Java
code. We use separation logic to reason about local correctness and define
abstractions of the communication protocol in the process algebra used by
mCRL2. We call these abstractions futures as they predict how components will
interact during program execution. We establish a provable link between futures
and program code and analyse the abstract futures via model checking to prove
global correctness. Finally, we verify a leader election protocol to
demonstrate our approach.Comment: In Proceedings PLACES 2016, arXiv:1606.0540
