Laws and Semantics for Rely-Guarantee Refinement

Interference is the essence of concurrency and it is what makes reasoning about concurrent programs difficult. The fundamental insight of rely-guarantee thinking is that stepwise design of concurrent programs can only be compositional in development methods that offer ways to record and reason about interference. In this way of thinking, a rely relation records assumptions about the behaviour of the environment, and a guarantee relation records commitments about the behaviour of the process. The standard application of these ideas is in the extension of Hoare-like inference rules to quintuples that accommodate rely and guarantee conditions. In contrast, in this paper, we embed rely-guarantee thinking into a refinement calculus for concurrent programs, in which programs are developed in (small) steps from an abstract specification. As is usual, we extend the implementation language with specification constructs (the extended language is sometimes called a wide-spectrum language), in this case adding two new commands: a guarantee command (guar g.c) whose valid behaviours are in accord with the command c but all of whose atomic steps also satisfy the relation g, and a rely command (rely r.c) whose behaviours are like c provided any interference steps from the environment satisfy the relation r. The theory of concurrent program refinement is based on a theory of atomic program steps and more powerful refinement laws, most notably, a law for decomposing a specification into a parallel composition, are developed from a small set of more primitive lemmas, which are proved sound with respect to an operational semantics. © 2014 Newcastle University. Printed and published by Newcastle University, Computing Science, Claremont Tower, Claremont Road, Newcastle upon Tyne, NE1 7RU, England. Bibliographical details HAYES, I, J., JONES, C, B., COLVIN, R, J. Laws and semantics for rely-guarantee refinement [By] I. J. Hayes, C.B. Jones, and R. J. Colvin Newcastle upon Tyne: Newcastle University: Computing Science, 2014. (Newcastle University, Computing Science, Technical Report Series, No. CS-TR-1425)

[1]  Tony Hoare,et al.  The Weakest Prespecification II , 1986 .

[2]  Cliff B. Jones,et al.  Program specification and verification in VDM , 1987 .

[3]  Jozef Hooman,et al.  Concurrency Verification: Introduction to Compositional and Noncompositional Methods , 2001, Cambridge Tracts in Theoretical Computer Science.

[4]  Ralph-Johan Back,et al.  Refinement Calculus: A Systematic Introduction , 1998 .

[5]  Cliff B. Jones,et al.  Elucidating concurrent algorithms via layers of abstraction and reification , 2011, Formal Aspects of Computing.

[6]  Peter D. Mosses,et al.  Modular structural operational semantics , 2004, J. Log. Algebraic Methods Program..

[7]  Ian J. Hayes,et al.  Supporting Contexts in Program Refinement , 1997, Sci. Comput. Program..

[8]  Cliff B. Jones,et al.  Enhancing the tractability of rely/guarantee specifications in the development of interfering operations , 2000, Proof, Language, and Interaction.

[9]  Robert W. Floyd,et al.  Assigning meaning to programs , 1967 .

[10]  Carroll Morgan,et al.  The specification statement , 1988, TOPL.

[11]  Juergen Dingel Systematic Parallel Programming , 2000 .

[12]  Cliff B. Jones,et al.  Balancing expressiveness in formal approaches to concurrency , 2015, Formal Aspects of Computing.

[13]  Cliff B. Jones,et al.  Splitting atoms safely , 2007, Theor. Comput. Sci..

[14]  Carroll Morgan,et al.  Programming from specifications , 1990, Prentice Hall International Series in computer science.

[15]  Ralph-Johan Back,et al.  Refinement Calculus , 1998, Graduate Texts in Computer Science.

[16]  Cliff B. Jones,et al.  Tentative steps toward a development method for interfering programs , 1983, TOPL.

[17]  Joey W. Coleman,et al.  Constructing a tractable reasoning framework upon a fine-grained structural operational semantics , 2008 .

[18]  Joseph M. Morris,et al.  A Theoretical Basis for Stepwise Refinement and the Programming Calculus , 1987, Sci. Comput. Program..

[19]  Peter W. O'Hearn,et al.  Separation and information hiding , 2004, POPL.

[20]  Jürgen Dingel,et al.  A Refinement Calculus for Shared-Variable Parallel and Distributed Programming , 2002, Formal Aspects of Computing.

[21]  C Sterling,et al.  A compositional reformulation of Owicki-Grier's partial correctness logic for a concurrent while language , 1986 .

[22]  Brijesh Dongol,et al.  Compositional Action System Derivation Using Enforced Properties , 2010, MPC.

[23]  John Derrick,et al.  Mechanically verified proof obligations for linearizability , 2011, TOPL.

[24]  Gordon D. Plotkin,et al.  A structural approach to operational semantics , 2004, J. Log. Algebraic Methods Program..

[25]  Cliff B. Jones,et al.  Operational semantics: Concepts and their expression , 2003, Inf. Process. Lett..

[26]  Maurice Herlihy,et al.  Linearizability: a correctness condition for concurrent objects , 1990, TOPL.

[27]  C. A. R. Hoare,et al.  The Weakest Prespecification , 1987, Information Processing Letters.

[28]  Xinyu Feng,et al.  On the Relationship Between Concurrent Separation Logic and Assume-Guarantee Reasoning , 2007, ESOP.

[29]  Robin Milner,et al.  Communication and concurrency , 1989, PHI Series in computer science.

[30]  Cliff B. Jones,et al.  Accommodating interference in the formal design of concurrent object-based programs , 1996, Formal Methods Syst. Des..

[31]  Cliff B. Jones,et al.  Splitting Atoms with Rely/Guarantee Conditions Coupled with Data Reification , 2008, ABZ.

[32]  Ralph-Johan Back,et al.  On Correct Refinement of Programs , 1981, J. Comput. Syst. Sci..

[33]  Cliff B. Jones,et al.  A Structural Proof of the Soundness of Rely/guarantee Rules , 2007, J. Log. Comput..

[34]  Aaron Turon,et al.  A separation logic for refining concurrent objects , 2011, POPL '11.

[35]  Robert Colvin,et al.  Trace-based derivation of a scalable lock-free stack algorithm , 2008, Formal Aspects of Computing.

[36]  John C. Reynolds,et al.  Separation logic: a logic for shared mutable data structures , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[37]  Cliff B. Jones,et al.  The Early Search for Tractable Ways of Reasoning about Programs , 2003, IEEE Ann. Hist. Comput..

[38]  Cliff B. Jones,et al.  Developing methods for computer programs including a notion of interference , 1981 .

[39]  Frank S. de Boer,et al.  Formal Justification of the Rely-Guarantee Paradigm for Shared-Variable Concurrency: A Semantic Approach , 1999, World Congress on Formal Methods.

[40]  Peter W. O'Hearn,et al.  BI as an assertion language for mutable data structures , 2001, POPL '01.

[41]  Colin Stirling A Compositional Reformulation of Owicki-Gries's Partial Correctness Logic for a Concurrent While Language , 1986, ICALP.

[42]  Leonor Prensa Nieto Verification of parallel programs with the Owicki-Gries and Rely-Guarantee methods in Isabelle, HOL , 2002 .

[43]  Lauretta O. Osho,et al.  Axiomatic Basis for Computer Programming , 2013 .

[44]  Viktor Vafeiadis,et al.  A Marriage of Rely/Guarantee and Separation Logic , 2007, CONCUR.

[45]  Matthew J. Parkinson,et al.  Explicit Stabilisation for Modular Rely-Guarantee Reasoning , 2010, ESOP.

[46]  Carroll Morgan,et al.  Types and Invariants in the Refinement Calculus , 1989, Sci. Comput. Program..

[47]  Zhou Chaochen Weakest environment of communicating processes , 1899 .

[48]  Leonor Prensa Nieto The Rely-Guarantee Method in Isabelle/HOL , 2003, ESOP.

[49]  Joakim von Wright,et al.  Towards a refinement algebra , 2004, Sci. Comput. Program..

[50]  Peter D. Mosses Exploiting labels in Structural Operational Semantics , 2004, SAC '04.

[51]  Susan S. Owicki,et al.  Axiomatic Proof Techniques for Parallel Programs , 1975, Outstanding Dissertations in the Computer Sciences.

[52]  Manfred Broy,et al.  Logic of Programming and Calculi of Discrete Design , 1987, NATO ASI Series.

[53]  Alan Burns,et al.  Comparing Degrees of Non-Determinism in Expression Evaluation , 2013, Comput. J..

[54]  Cliff B. Jones,et al.  Abstraction as a Unifying Link for Formal Approaches to Concurrency , 2012, SEFM.

[55]  Stephen D. Brookes,et al.  A Semantics for Concurrent Separation Logic , 2004, CONCUR.