A Mechanically Checked Proof of a Multiprocessor Result via a Uniprocessor View

We describe a mechanically checked correctness proof for a system of n processes, each running a simple, non-blocking counter algorithm. We prove that if the system runs longer than 5n steps, the counter is increased. The theorem is formalized in applicative Common Lisp and proved with the ACL2 theorem prover. The value of this paper lies not so much in the trivial algorithm addressed as in the method used to prove it correct. The method allows one to reason accurately about the behavior of a concurrent, multiprocess system by reasoning about the sequential computation carried out by a selected process, against a memory that is changed externally. Indeed, we prove general lemmas that allow shifting between the multiprocess and uniprocess views. We prove a safety property using a multiprocess view, project the property to a uniprocess view, and then prove a global progress property via a local, sequential computation argument. Our uniprocessor view is a formal compositional semantics for a shared memory system.

[1]  Wim H. Hesselink,et al.  Programming Concepts and Methods , 1998 .

[2]  Robert S. Boyer,et al.  A computational logic handbook , 1979, Perspectives in computing.

[3]  David M. Russinoff A Mechanically Checked Proof of IEEE Compliance of the Floating Point Multiplication, Division and Square Root Algorithms of the AMD-K7™ Processor , 1998, LMS J. Comput. Math..

[4]  Bishop Brock,et al.  ACL2 Theorems About Commercial Microprocessors , 1996, FMCAD.

[5]  Mark Moir Fast, Long-Lived Renaming Improved and Simplified , 1998, Sci. Comput. Program..

[6]  Leslie Lamport,et al.  Concurrent reading and writing , 1977, Commun. ACM.

[7]  Maurice Herlihy,et al.  Wait-free synchronization , 1991, TOPL.

[8]  J. Strother Moore,et al.  An Industrial Strength Theorem Prover for a Logic Based on Common Lisp , 1997, IEEE Trans. Software Eng..

[9]  Matthew Wilding,et al.  Transforming the Theorem Prover into a Digital Design Tool: From Concept Car to Off-Road Vehicle , 1998, CAV.

[10]  Jun Sawada,et al.  Processor Verification with Precise Exeptions and Speculative Execution , 1998, CAV.

[11]  K. Mani Chandy,et al.  Parallel program design - a foundation , 1988 .

[12]  David M. Russinoff A Mechanically Checked Proof of Correctness of the AMD K5 Floating Point Square Root Microcode , 1999, Formal Methods Syst. Des..

[13]  J. Strother Moore,et al.  A Mechanically Checked Proof of the AMD5K86TM Floating Point Division Program , 1998, IEEE Trans. Computers.

[14]  Leslie Lamport,et al.  The temporal logic of actions , 1994, TOPL.

[15]  Robert S. Boyer,et al.  A computational logic handbook, Second Edition , 1998, Academic Press international series in formal methods.

[16]  J. S. Moore,et al.  A Mechanically Checked Proof of the Correctness of the Kernel of the Amd5 K 86 Tm Floating-point Division Algorithm , 1996 .

[17]  Robert S. Boyer,et al.  Functional Instantiation in First-Order Logic , 1991, Artificial and Mathematical Theory of Computation.

[18]  Robert S. Boyer,et al.  Computational Logic , 1990, ESPRIT Basic Research Series.

[19]  Jr. Guy L. Steele,et al.  Common LISP: the language (2nd ed.) , 1990 .