A framework for automated concurrency verification

Reasoning systems based on Concurrent Separation Logic make verifying complex concurrent algorithms readily possible. Such algorithms contain subtle protocols of permission and resource transfer between threads; to cope with these intricacies, modern concurrent separation logics contain many moving parts and integrate many bespoke logical components. Verifying concurrent algorithms by hand consumes much time, effort, and expertise. As a result, computer-assisted verification is a fertile research topic, and fully automated verification is a popular research goal. Unfortunately, the complexity of modern concurrent separation logics makes them hard to automate, and the proliferation and fast turnover of such logics causes a downward pressure against building tools for new logics. As a result, many such logics lack tooling. This dissertation proposes Starling: a scheme for creating concurrent program logics that are automatable by construction. Starling adapts the existing Concurrent Views Framework for sound concurrent reasoning systems, overlaying a framework for reducing concurrent proof outlines to verification conditions in existing theories (such as those accepted by off-the-shelf sequential solvers). This dissertation describes Starling in a bottom-up, modular manner. First, it shows the derivation of a series of general concurrency proof rules from the Views framework. Next, it shows how one such rule leads to the Starling framework itself. From there, it outlines a series of increasingly elaborate frontends: ways of decomposing individual Hoare triples over atomic actions into verification conditions suitable for encoding into backend theories. Each frontend leads to a concurrent program logic. Finally, the dissertation presents a tool for verifying C-style concurrent proof outlines, based on one of the above frontends. It gives examples of such outlines, covering a variety of algorithms, backend solvers, and proof techniques.

[1]  Charles Antony Richard Hoare Towards a theory of parallel programming , 2002 .

[2]  Peter W. O'Hearn,et al.  Local Action and Abstract Separation Logic , 2007, 22nd Annual IEEE Symposium on Logic in Computer Science (LICS 2007).

[3]  Maurice Herlihy,et al.  Linearizability: a correctness condition for concurrent objects , 1990, TOPL.

[4]  Hongseok Yang,et al.  Views: compositional reasoning for concurrent programs , 2013, POPL.

[5]  Mordechai Ben-Ari,et al.  Principles of concurrent programming , 1982 .

[6]  C. A. R. Hoare,et al.  In praise of algebra , 2012, Formal Aspects of Computing.

[7]  Sanjit A. Seshia,et al.  Modular verification of multithreaded programs , 2005, Theor. Comput. Sci..

[8]  Adam Chlipala,et al.  Mostly-automated verification of low-level programs in computational separation logic , 2011, PLDI '11.

[9]  Andrew William Roscoe,et al.  The Theory and Practice of Concurrency , 1997 .

[10]  Christoph M. Kirsch,et al.  A Scalable, Correct Time-Stamped Stack , 2015, POPL.

[11]  Andrey Rybalchenko,et al.  Synthesizing software verifiers from proof rules , 2012, PLDI.

[12]  Cliff B. Jones,et al.  Specification and Design of (Parallel) Programs , 1983, IFIP Congress.

[13]  Ashutosh Gupta,et al.  Threader: A Constraint-Based Verifier for Multi-threaded Programs , 2011, CAV.

[14]  Leslie Lamport Solved problems, unsolved problems and non-problems in concurrency , 1985, OPSR.

[15]  Edmund M. Clarke,et al.  Formal Methods: State of the Art and Future Directions Working Group Members , 1996 .

[16]  Brian Huffman Formal verification of monad transformers , 2012, ICFP '12.

[17]  Adam Chlipala,et al.  Certified Programming with Dependent Types - A Pragmatic Introduction to the Coq Proof Assistant , 2013 .

[18]  Zohar Manna,et al.  Axiomatic approach to total correctness of programs , 1973, Acta Informatica.

[19]  Nancy G. Leveson,et al.  An investigation of the Therac-25 accidents , 1993, Computer.

[20]  Graham Hutton,et al.  A tutorial on the universality and expressiveness of fold , 1999, Journal of Functional Programming.

[21]  Lars Birkedal,et al.  Iris from the ground up: A modular foundation for higher-order concurrent separation logic , 2018, Journal of Functional Programming.

[22]  Bor-Yuh Evan Chang,et al.  Boogie: A Modular Reusable Verifier for Object-Oriented Programs , 2005, FMCO.

[23]  Herb Sutter,et al.  The Free Lunch Is Over A Fundamental Turn Toward Concurrency in Software , 2013 .

[24]  Edsger W. Dijkstra,et al.  A constructive approach to the problem of program correctness , 1968 .

[25]  John Tang Boyland,et al.  Checking Interference with Fractional Permissions , 2003, SAS.

[26]  Andrew W. Appel,et al.  Program Logics for Certified Compilers , 2014 .

[27]  Alfons Laarman,et al.  Boosting multi-core reachability performance with shared hash tables , 2010, Formal Methods in Computer Aided Design.

[28]  Viktor Vafeiadis,et al.  Relaxed separation logic: a program logic for C11 concurrency , 2013, OOPSLA.

[29]  Alexey Gotsman,et al.  A Generic Logic for Proving Linearizability , 2016, FM.

[30]  Lauretta O. Osho,et al.  Axiomatic Basis for Computer Programming , 2013 .

[31]  Viktor Vafeiadis,et al.  GPS: navigating weak memory with ghosts, protocols, and separation , 2014, OOPSLA.

[32]  Peter W. O'Hearn,et al.  Graphical models of separation logic , 2009, Inf. Process. Lett..

[33]  Leslie Lamport,et al.  The temporal logic of actions , 1994, TOPL.

[34]  Traviss. Craig,et al.  Building FIFO and Priority-Queuing Spin Locks from Atomic Swap , 1993 .

[35]  Robert W. Floyd,et al.  Assigning Meanings to Programs , 1993 .

[36]  K. Rustan M. Leino,et al.  Dafny: An Automatic Program Verifier for Functional Correctness , 2010, LPAR.

[37]  Simon L. Peyton Jones,et al.  A monad for deterministic parallelism , 2012, Haskell '11.

[38]  John C. Reynolds,et al.  Separation logic: a logic for shared mutable data structures , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[39]  Michael L. Scott,et al.  Algorithms for scalable synchronization on shared-memory multiprocessors , 1991, TOCS.

[40]  Cliff B. Jones,et al.  Developing methods for computer programs including a notion of interference , 1981 .

[41]  Lars Birkedal,et al.  Impredicative Concurrent Abstract Predicates , 2014, ESOP.

[42]  Andrew W. Appel,et al.  Proof Pearl: Magic Wand as Frame , 2019, ArXiv.

[43]  Matthew J. Parkinson,et al.  Starling: Lightweight Concurrency Verification with Views , 2017, CAV.

[44]  Nikolaj Bjørner,et al.  Horn Clause Solvers for Program Verification , 2015, Fields of Logic and Computation II.

[45]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[46]  Xinyu Feng,et al.  Deny-Guarantee Reasoning , 2009, ESOP.

[47]  Viktor Vafeiadis,et al.  Concurrent Abstract Predicates , 2010, ECOOP.

[48]  C. A. R. Hoare,et al.  ViewpointRetrospective: an axiomatic basis for computer programming , 2009, CACM.

[49]  Hans-J. Boehm,et al.  Position paper: nondeterminism is unavoidable, but data races are pure evil , 2012, RACES '12.

[50]  Andris Padegs,et al.  Architecture of the IBM system/370 , 1978, CACM.

[51]  Gérard P. Huet,et al.  The Zipper , 1997, Journal of Functional Programming.

[52]  Lars Birkedal,et al.  Caper - Automatic Verification for Fine-Grained Concurrency , 2017, ESOP.

[53]  Jozef Hooman,et al.  Concurrency Verification: Introduction to Compositional and Noncompositional Methods , 2001, Cambridge Tracts in Theoretical Computer Science.

[54]  Edsger W. Dijkstra,et al.  On the cruelty of really teaching computing science , 2018 .

[55]  Matthew J. Parkinson The Next 700 Separation Logics - (Invited Paper) , 2010, VSTTE.

[56]  Jochen Hoenicke,et al.  Thread modularity at many levels: a pearl in compositional verification , 2017, POPL.

[57]  Ori Lahav,et al.  Owicki-Gries Reasoning for Weak Memory Models , 2015, ICALP.

[58]  Ori Lahav,et al.  Strong Logic for Weak Memory: Reasoning About Release-Acquire Consistency in Iris , 2017, ECOOP.

[59]  Ilya Sergey,et al.  Mechanized verification of fine-grained concurrent programs , 2015, PLDI.

[60]  Maurice Herlihy,et al.  The Art of Multiprocessor Programming, Revised Reprint , 2012 .

[61]  Clark W. Barrett,et al.  The SMT-LIB Standard Version 2.0 , 2010 .

[62]  Gary L. Peterson,et al.  Myths About the Mutual Exclusion Problem , 1981, Inf. Process. Lett..

[63]  C. B. Jones,et al.  Reasoning about concurrent programs: Refining rely-guarantee thinking , 2013 .

[64]  Erik Hagersten,et al.  Queue locks on cache coherent multiprocessors , 1994, Proceedings of 8th International Parallel Processing Symposium.

[65]  Susan Owicki,et al.  An axiomatic proof technique for parallel programs I , 1976, Acta Informatica.

[66]  Thomas A. Henzinger,et al.  Aspect-Oriented Linearizability Proofs , 2013, CONCUR.

[67]  Cliff B. Jones,et al.  Balancing expressiveness in formal approaches to concurrency , 2015, Formal Aspects of Computing.

[68]  Frank Piessens,et al.  The VeriFast program verifier , 2008 .

[69]  Ruzica Piskac,et al.  GRASShopper - Complete Heap Verification with Mixed Specifications , 2014, TACAS.

[70]  Takeo Kanade,et al.  Unifying Theories of Programming , 2010, Lecture Notes in Computer Science.