Modular Verification of Finite Blocking in Non-terminating Programs

Most multi-threaded programs synchronize threads via blocking operations such as acquiring locks or joining other threads. An important correctness property of such programs is for each thread to make progress, that is, not to be blocked forever. For programs in which all threads terminate, progress essentially follows from deadlock freedom. However, for the common case that a program contains non-terminating threads such as servers or actors, deadlock freedom is not sucient. For instance, a thread may be blocked forever by a non-terminating thread if it attempts to join that thread or to acquire a lock held by that thread. In this paper, we present a verification technique for finite blocking in non-terminating programs. The key idea is to track explicitly whether a thread has an obligation to perform an operation that unblocks another thread, for instance, an obligation to release a lock or to terminate. Each obligation is associated with a measure to ensure that it is fulfilled within finitely many steps. Obligations may be used in specifications, which makes verification modular. We formalize our technique via an encoding into Boogie, which treats dierent kinds of obligations uniformly. It subsumes termination checking as a special case. 1998 ACM Subject Classification D.2.4, D.1.3

[1]  Kohei Suenaga Type-Based Deadlock-Freedom Verification for Non-Block-Structured Lock Primitives and Mutable References , 2008, APLAS.

[2]  Bor-Yuh Evan Chang,et al.  Boogie: A Modular Reusable Verifier for Object-Oriented Programs , 2005, FMCO.

[3]  Wei-Ngan Chin,et al.  An Expressive Framework for Verifying Deadlock Freedom , 2013, ATVA.

[4]  Wei-Ngan Chin,et al.  A Resource-Based Logic for Termination and Non-termination Proofs , 2014, ICFEM.

[5]  Gerard J. Holzmann,et al.  The SPIN Model Checker - primer and reference manual , 2003 .

[6]  Naoki Kobayashi,et al.  A New Type System for Deadlock-Free Processes , 2006, CONCUR.

[7]  Frank Piessens,et al.  Implicit Dynamic Frames: Combining Dynamic Frames and Separation Logic , 2009, ECOOP.

[8]  Michael D. Ernst,et al.  Static lock capabilities for deadlock freedom , 2012, TLDI '12.

[9]  Zohar Manna,et al.  Verification of parameterized programs , 1995, Specification and validation methods.

[10]  Madan Musuvathi,et al.  Iterative context bounding for systematic testing of multithreaded programs , 2007, PLDI '07.

[11]  Matthew J. Parkinson,et al.  The Relationship between Separation Logic and Implicit Dynamic Frames , 2011, ESOP.

[12]  Andreas Podelski,et al.  Proving program termination , 2011, Commun. ACM.

[13]  Zohar Manna,et al.  Completing the Temporal Picture , 1989, Theor. Comput. Sci..

[14]  Viktor Vafeiadis,et al.  Proving that non-blocking algorithms don't block , 2009, POPL '09.

[15]  Jan Smans,et al.  Deadlock-Free Channels and Locks , 2010, ESOP.

[16]  Andreas Podelski,et al.  Proving thread termination , 2007, PLDI '07.

[17]  Andreas Podelski,et al.  Proving that programs eventually do something good , 2007, POPL '07.

[18]  Pierre Ganty,et al.  Proving Termination Starting from the End , 2013, CAV.

[19]  John C. Reynolds,et al.  Separation logic: a logic for shared mutable data structures , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[20]  K. Rustan M. Leino,et al.  A Basis for Verifying Multi-threaded Programs , 2009, ESOP.

[21]  Sophia Drossopoulou,et al.  Session Types for Object-Oriented Languages , 2006, ECOOP.

[22]  Gavin M. Bierman,et al.  Separation logic and abstraction , 2005, POPL '05.

[23]  K. Rustan M. Leino,et al.  Dafny: An Automatic Program Verifier for Functional Correctness , 2010, LPAR.