Verifying Atomicity Preservation and Deadlock Freedom of a Generic Shared Variable Mechanism Used in Model-To-Code Transformations

A challenging aspect of model-to-code transformations is to ensure that the semantic behavior of the input model is preserved in the output code. When constructing concurrent systems, this is mainly difficult due to the non-deterministic potential interaction between threads. In this paper, we consider this issue for a framework that implements a transformation chain from models expressed in the state machine based domain specific language SLCO to Java. In particular, we provide a fine-grained generic mechanism to preserve atomicity of SLCO statements in the Java implementation. We give its generic specification based on separation logic and verify it using the verification tool VeriFast. The solution can be regarded as a reusable module to safely implement atomic operations in concurrent systems. Moreover, we also prove with VeriFast that our mechanism does not introduce deadlocks. The specification formally ensures that the locks are not reentrant which simplifies the formal treatment of the Java locks.

[1]  Anton Wijs,et al.  Verifying a Verifier: On the Formal Correctness of an LTS Transformation Verification Technique , 2016, FASE.

[2]  Dragan Bosnacki,et al.  Towards Modular Verification of Threaded Concurrent Executable Code Generated from DSL Models , 2015, FACS.

[3]  Jon Whittle,et al.  A survey of approaches for verifying model transformations , 2013, Software & Systems Modeling.

[4]  John C. Reynolds,et al.  Separation logic: a logic for shared mutable data structures , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[5]  Felix Naumann,et al.  Data fusion , 2009, CSUR.

[6]  Alex Groce,et al.  Modular verification of software components in C , 2003, 25th International Conference on Software Engineering, 2003. Proceedings..

[7]  Thomas Tuerk,et al.  A Formalisation of Smallfoot in HOL , 2009, TPHOLs.

[8]  Dragan Bosnacki,et al.  Verification of atomicity preservation in model-to-code transformations using generic Java code , 2016, 2016 4th International Conference on Model-Driven Engineering and Software Development (MODELSWARD).

[9]  Dawson R. Engler,et al.  RacerX: effective, static detection of race conditions and deadlocks , 2003, SOSP '03.

[10]  Peter W. O'Hearn,et al.  Local Reasoning about Programs that Alter Data Structures , 2001, CSL.

[11]  James W. Havender Avoiding Deadlock in Multitasking Systems , 1968, IBM Syst. J..

[12]  Frank Piessens,et al.  VeriFast: A Powerful, Sound, Predictable, Fast Verifier for C and Java , 2011, NASA Formal Methods.

[13]  Klaus Havelund,et al.  Model Checking Programs , 2004, Automated Software Engineering.

[14]  Azadeh Farzan,et al.  Causal Atomicity , 2006, CAV.

[15]  Cormac Flanagan,et al.  A type and effect system for atomicity , 2003, PLDI.

[16]  Rupak Majumdar,et al.  Software model checking , 2009, CSUR.

[17]  Jong-Deok Choi,et al.  Efficient and precise datarace detection for multithreaded object-oriented programs , 2002, PLDI '02.

[18]  Jan Smans,et al.  Deadlock-Free Channels and Locks , 2010, ESOP.

[19]  Anton Wijs,et al.  Define, Verify, Refine: Correct Composition and Transformation of Concurrent System Semantics , 2013, FACS.

[20]  Kurt Stenzel,et al.  Formal Verification of QVT Transformations for Code Generation , 2011, MoDELS.

[21]  Anton Wijs,et al.  REFINER: Towards Formal Verification of Model Transformations , 2014, NASA Formal Methods.

[22]  Martín Abadi,et al.  Types for safe locking: Static race detection for Java , 2006, TOPL.

[23]  Swarnendu Biswas,et al.  DoubleChecker: efficient sound and precise atomicity checking , 2014, PLDI.

[24]  Dragan Bosnacki,et al.  Towards Verified Java Code Generation from Concurrent State Machines , 2014, AMT@MoDELS.

[25]  Anneke Kleppe,et al.  MDA explained - the Model Driven Architecture: practice and promise , 2003, Addison Wesley object technology series.

[26]  Dragan Bošnački,et al.  Modular termination verification: extended version , 2015 .

[27]  Anton Wijs,et al.  Efficient Property Preservation Checking of Model Refinements , 2013, TACAS.