An Array Abstraction to Amortize Reasoning About Parallel Client Code

Data abstraction is important for enabling the automated modular verification of a large class of parallel programs even in the presence of manifest sharing during parallel execution. Though sharing is difficult to avoid when parallel execution is used to gain performance improvements, formal verification of such code still must be modular. The Open image in new window abstraction introduced in this paper supports modular verification by allowing frame conditions to be dispatched only once and then be reused by multiple clients, thus amortizing the verification cost. The approach achieves this objective by introducing a non-interference contract that enables the preservation of desirable performance characteristics of traditional arrays such as constant-time access to elements. Illustrative divide-and-conquer client code using this abstraction is contrasted with similar client code that uses a traditional array. The utility of the Open image in new window in a language with clean semantics is demonstrated by comparing the two clients in terms of the feasibility and tractability of modular verification. The repeated verification of software is expensive, so it should be avoided. Modularization (such as by introducing additional data abstractions) makes it possible to avoid expensive re-verification of entire client programs when only minor changes are made.

[1]  Gary T. Leavens,et al.  Specification and verification challenges for sequential object-oriented programs , 2007, Formal Aspects of Computing.

[2]  Bertrand Meyer,et al.  Usable Verification of Object-Oriented Programs by Combining Static and Dynamic Techniques , 2011, SEFM.

[3]  Stephen D. Brookes,et al.  A Semantics for Concurrent Separation Logic , 2004, CONCUR.

[4]  John C. Reynolds,et al.  Separation logic: a logic for shared mutable data structures , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[5]  Stephen N. Freund,et al.  FastTrack: efficient and precise dynamic race detection , 2009, PLDI '09.

[6]  Stephen N. Freund,et al.  FastTrack: efficient and precise dynamic race detection , 2009, PLDI '09.

[7]  Viktor Kuncak,et al.  Using First-Order Theorem Provers in the Jahob Data Structure Verification System , 2007, VMCAI.

[8]  Murali Sitaraman,et al.  Enabling Modular Verification with Abstract Interference Specifications for a Concurrent Queue , 2016, VSTTE.

[9]  Stephen N. Freund,et al.  Checking Concise Specifications for Multithreaded Software , 2004, J. Object Technol..

[10]  Assaf Schuster,et al.  Efficient on-the-fly data race detection in multithreaded C++ programs , 2003, PPoPP '03.

[11]  Ruzica Piskac,et al.  Automating Separation Logic Using SMT , 2013, CAV.

[12]  Ruzica Piskac,et al.  Automating Separation Logic with Trees and Data , 2014, CAV.

[13]  Jeffrey Overbey,et al.  A type and effect system for deterministic parallel Java , 2009, OOPSLA 2009.

[14]  Assaf Schuster,et al.  MultiRace: efficient on-the-fly data race detection in multithreaded C++ programs: Research Articles , 2007 .

[15]  Murali Sitaraman,et al.  Building a push-button RESOLVE verifier: Progress and challenges , 2011, Formal Aspects of Computing.

[16]  Cormac Flanagan,et al.  A type and effect system for atomicity , 2003, PLDI '03.

[17]  Frank Piessens,et al.  A Quick Tour of the VeriFast Program Verifier , 2010, APLAS.

[18]  François Bobot,et al.  Separation Predicates: A Taste of Separation Logic in First-Order Logic , 2012, ICFEM.

[19]  Bruce W. Weide,et al.  Copying and Swapping: Influences on the Design of Reusable Software Components , 1991, IEEE Trans. Software Eng..

[20]  Ranjit Jhala,et al.  Deterministic parallelism via liquid effects , 2012, PLDI '12.

[21]  Frank Piessens,et al.  Verifying the Composite pattern using separation logic , 2008 .

[22]  Alexander Aiken,et al.  Effective static race detection for Java , 2006, PLDI.

[23]  Wolfram Schulte,et al.  Separation Logic Verification of C Programs with an SMT Solver , 2009, Electron. Notes Theor. Comput. Sci..

[24]  Gregory Kulczycki,et al.  Direct reasoning , 2004 .

[25]  Adam Chlipala,et al.  Using Crash Hoare logic for certifying the FSCQ file system , 2015, USENIX Annual Technical Conference.

[26]  Michael Burrows,et al.  Eraser: a dynamic data race detector for multi-threaded programs , 1997, TOCS.

[27]  Alexander Aiken,et al.  Conditional must not aliasing for static race detection , 2007, ACM-SIGACT Symposium on Principles of Programming Languages.

[28]  Adam Chlipala,et al.  Effective interactive proofs for higher-order imperative programs , 2009, ICFP.

[29]  Ranjit Jhala,et al.  Deterministic parallelism via liquid effects , 2012, PLDI.

[30]  S. Tucker Taft Tutorial: multicore programming using divide-and-conquer and work stealing , 2012 .

[31]  Bernd Eckert,et al.  ERASER. , 2019, Stroke.

[32]  Lars Birkedal,et al.  The Essence of Higher-Order Concurrent Separation Logic , 2017, ESOP.

[33]  Assaf Schuster,et al.  MultiRace: efficient on‐the‐fly data race detection in multithreaded C++ programs , 2007, Concurr. Comput. Pract. Exp..

[34]  Dawson R. Engler,et al.  RacerX: effective, static detection of race conditions and deadlocks , 2003, SOSP '03.

[35]  Gregory Kulczycki,et al.  A Language for Building Verified Software Components , 2013, ICSR.