Formal Specifications for Java's Synchronisation Classes

This paper discusses formal specification and verification of the synchronisation classes of the Java API. In many verification systems for concurrent programs, synchronisation is treated as a primitive operation. As a result, verification rules for synchronisation are hard-coded in the logic, and not verified. These rules describe the concrete semantics of the given synchronisation primitive, and manage how resources are protected by synchronisation. In contrast, this paper describes several synchronisation primitives at the specification level, by specifying the behaviour of synchronisation routines from the Java API at method level using permission-based Separation Logic. This gives a generalised, high-level, and easily extendable approach to formalisation of arbitrary synchronisation mechanisms, which allows for modular treatment of synchronisation in verification. Notably, our approach does not only apply to locks, but also to other synchronisation mechanisms such as semaphores and latches that we also discuss. Finally, we used the verification tool that we are developing and successfully verified (so far simplified) implementations of all presented synchronisers, the paper discusses the verification of one of them.

[1]  K. Rustan M. Leino,et al.  Abstract Read Permissions: Fractional Permissions without the Fractions , 2013, VMCAI 2013.

[2]  Andrew W. Appel,et al.  A Fresh Look at Separation Algebras and Share Accounting , 2009, APLAS.

[3]  Doug Lea,et al.  A Java fork/join framework , 2000, JAVA '00.

[4]  Marieke Huisman,et al.  Permission-Based Separation Logic for Multithreaded Java Programs , 2014, Log. Methods Comput. Sci..

[5]  Peter W. O'Hearn,et al.  Permission accounting in separation logic , 2005, POPL '05.

[6]  Aquinas Hobor,et al.  Barriers in Concurrent Separation Logic , 2011, ESOP.

[7]  Matthew J. Parkinson,et al.  The Relationship between Separation Logic and Implicit Dynamic Frames , 2011, ESOP.

[8]  Marieke Huisman,et al.  Resource Protection Using Atomics - Patterns and Verification , 2014, APLAS.

[9]  Frank Piessens,et al.  VeriFast: A Powerful, Sound, Predictable, Fast Verifier for C and Java , 2011, NASA Formal Methods.

[10]  Gavin M. Bierman,et al.  Separation logic, abstraction and inheritance , 2008, POPL '08.

[11]  John Tang Boyland,et al.  Checking Interference with Fractional Permissions , 2003, SAS.

[12]  Jan Smans,et al.  Verification of Concurrent Programs with Chalice , 2009, FOSAD.

[13]  John C. Reynolds,et al.  Separation logic: a logic for shared mutable data structures , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[14]  Doug Lea,et al.  The java.util.concurrent synchronizer framework , 2005, Sci. Comput. Program..

[15]  Marieke Huisman,et al.  Reasoning about Java's Reentrant Locks , 2008, APLAS.

[16]  Michael D. Ernst,et al.  An overview of JML tools and applications , 2003, Electron. Notes Theor. Comput. Sci..

[17]  Jing Li,et al.  The Qualitas Corpus: A Curated Collection of Java Code for Empirical Studies , 2010, 2010 Asia Pacific Software Engineering Conference.

[18]  Christian Haack,et al.  Separation Logic Contracts for a Java-Like Language with Fork/Join , 2008, AMAST.

[19]  Peter W. O'Hearn,et al.  Resources, concurrency, and local reasoning , 2007 .

[20]  Marieke Huisman,et al.  How Do Developers Use APIs? A Case Study in Concurrency , 2013, 2013 18th International Conference on Engineering of Complex Computer Systems.

[21]  Mark A. Hillebrand,et al.  VCC: A Practical System for Verifying Concurrent C , 2009, TPHOLs.

[22]  Marieke Huisman,et al.  The VerCors project: setting up basecamp , 2012, PLPV '12.

[23]  Alexey Gotsman,et al.  Local Reasoning for Storable Locks and Threads , 2007, APLAS.