Subjective auxiliary state for coarse-grained concurrency

From Owicki-Gries' Resource Invariants and Jones' Rely/Guarantee to modern variants based on Separation Logic, axiomatic logics for concurrency require auxiliary state to explicitly relate the effect of all threads to the global invariant on the shared resource. Unfortunately, auxiliary state gives the proof of an individual thread access to the auxiliaries of all other threads. This makes proofs sensitive to the global context, which prevents local reasoning and compositionality. To tame this historical difficulty of auxiliary state, we propose subjective auxiliary state, whereby each thread is verified using a self view (i.e., the thread's effect on the shared resource) and an other view (i.e., the collective effect of all the other threads). Subjectivity generalizes auxiliary state from stacks and heaps to user-chosen partial commutative monoids, which can eliminate the dependence on the global thread structure. We employ subjectivity to formulate Subjective Concurrent Separation Logic as a combination of subjective auxiliary state and Concurrent Separation Logic. The logic yields simple, compositional proofs of coarse-grained concurrent programs that use auxiliary state, and scales to support higher-order recursive procedures that can themselves fork new threads. We prove the soundness of the logic with a novel denotational semantics of action trees and a definition of safety using rely/guarantee transitions over a large subjective footprint. We have mechanized the denotational semantics, logic, metatheory, and a number of examples by a shallow embedding in Coq.

[1]  Philippa Gardner,et al.  A simple abstraction for complex concurrent indexes , 2011, OOPSLA '11.

[2]  Cliff B. Jones,et al.  Specification and Design of (Parallel) Programs , 1983, IFIP Congress.

[3]  Hongseok Yang,et al.  Variables as Resource in Separation Logic , 2005, MFPS.

[4]  Gavin M. Bierman,et al.  Separation logic and abstraction , 2005, POPL '05.

[5]  John C. Reynolds,et al.  Syntactic control of interference for separation logic , 2012, POPL '12.

[6]  Stephen Brookes A semantics for concurrent separation logic , 2007, Theor. Comput. Sci..

[7]  Viktor Vafeiadis,et al.  Concurrent Abstract Predicates , 2010, ECOOP.

[8]  Derek Dreyer,et al.  Superficially substructural types , 2012, ICFP '12.

[9]  Xinyu Feng,et al.  On the Relationship Between Concurrent Separation Logic and Assume-Guarantee Reasoning , 2007, ESOP.

[10]  Xinyu Feng Local rely-guarantee reasoning , 2009, POPL '09.

[11]  Richard Bornat,et al.  Variables as Resource in Hoare Logics , 2006, 21st Annual IEEE Symposium on Logic in Computer Science (LICS'06).

[12]  Peter W. O'Hearn,et al.  Local Action and Abstract Separation Logic , 2007, 22nd Annual IEEE Symposium on Logic in Computer Science (LICS 2007).

[13]  Yu Zhang,et al.  Reasoning about Optimistic Concurrency Using a Program Logic for History , 2010, CONCUR.

[14]  Peter W. O'Hearn,et al.  Resources, Concurrency and Local Reasoning , 2004, CONCUR.

[15]  P. Martin-Löf Hauptsatz for the Intuitionistic Theory of Iterated Inductive Definitions , 1971 .

[16]  Susan S. Owicki,et al.  Axiomatic Proof Techniques for Parallel Programs , 1975, Outstanding Dissertations in the Computer Sciences.

[17]  Thomas Kleymann,et al.  Hoare Logic and Auxiliary Variables , 1999, Formal Aspects of Computing.

[18]  Viktor Vafeiadis Concurrent Separation Logic and Operational Semantics , 2011, MFPS.

[19]  Cliff B. Jones,et al.  The Role of Auxiliary Variables in the Formal Development of Concurrent Programs , 2010, Reflections on the Work of C. A. R. Hoare.

[20]  T. Schlick,et al.  Supporting Material , 2006 .

[21]  Viktor Vafeiadis,et al.  A Marriage of Rely/Guarantee and Separation Logic , 2007, CONCUR.

[22]  Peter W. O'Hearn,et al.  Permission accounting in separation logic , 2005, POPL '05.

[23]  Frank Piessens,et al.  Expressive modular fine-grained concurrency specification , 2011, POPL '11.

[24]  Xinyu Feng,et al.  Deny-Guarantee Reasoning , 2009, ESOP.