Permission-Based Separation Logic for Multithreaded Java Programs

This paper presents a program logic for reasoning about multithreaded Java-like programs with concurrency primitives such as dynamic thread creation, thread joining and reentrant object monitors. The logic is based on concurrent separation logic. It is the first detailed adaptation of concurrent separation logic to a multithreaded Java-like language. The program logic associates a unique static access permission with each heap location, ensuring exclusive write accesses and ruling out data races. Concurrent reads are supported through fractional permissions. Permissions can be transferred between threads upon thread starting, thread joining, initial monitor entrancies and final monitor exits. In order to distinguish between initial monitor entrancies and monitor reentrancies, auxiliary variables keep track of multisets of currently held monitors. Data abstraction and behavioral subtyping are facilitated through abstract predicates, which are also used to represent monitor invariants, preconditions for thread starting and postconditions for thread joining. Value-parametrized types allow to conveniently capture common strong global invariants, like static object ownership relations. The program logic is presented for a model language with Java-like classes and interfaces, the soundness of the program logic is proven, and a number of illustrative examples are presented.

[1]  Nancy Oestreich Lurie,et al.  University of Wisconsin-Milwaukee , 1968, The Grants Register 2022.

[2]  Andrew W. Appel,et al.  Oracle Semantics for Concurrent Separation Logic , 2008, ESOP.

[3]  P ? ? ? ? ? ? ? % ? ? ? ? , 1991 .

[4]  Peter Müller,et al.  Modular Specification and Verification of Object-Oriented Programs , 2002, Lecture Notes in Computer Science.

[5]  Frank Piessens,et al.  Implicit Dynamic Frames: Combining Dynamic Frames and Separation Logic , 2009, ECOOP.

[6]  Viktor Vafeiadis,et al.  A Marriage of Rely/Guarantee and Separation Logic , 2007, CONCUR.

[7]  Matthew J. Parkinson,et al.  Explicit Stabilisation for Modular Rely-Guarantee Reasoning , 2010, ESOP.

[8]  Sam Houston Department of Computer Science , 2010 .

[9]  Cormac Flanagan,et al.  A type and effect system for atomicity , 2003, PLDI.

[10]  Charles Antony Richard Hoare Towards a theory of parallel programming , 2002 .

[11]  Peter W. O'Hearn,et al.  Permission accounting in separation logic , 2005, POPL '05.

[12]  Frank Piessens,et al.  A Statically Verifiable Programming Model for Concurrent Object-Oriented Programs , 2006, ICFEM.

[13]  C. A. R. Hoare,et al.  Monitors: an operating system structuring concept , 1974, CACM.

[14]  Martín Abadi,et al.  Types for safe locking: Static race detection for Java , 2006, TOPL.

[15]  Gavin M. Bierman,et al.  Separation logic, abstraction and inheritance , 2008, POPL '08.

[16]  Cliff B. Jones,et al.  Tentative steps toward a development method for interfering programs , 1983, TOPL.

[17]  David Walker,et al.  Typed memory management in a calculus of capabilities , 1999, POPL '99.

[18]  Marieke Huisman,et al.  A History of BlockingQueues , 2012, FLACOS.

[19]  Susan Owicki,et al.  An axiomatic proof technique for parallel programs I , 1976, Acta Informatica.

[20]  Alexander Aiken,et al.  Effective static race detection for Java , 2006, PLDI '06.

[21]  Greg Nelson,et al.  Extended static checking for Java , 2002, PLDI '02.

[22]  Gregory R. Andrews,et al.  Concurrent programming - principles and practice , 1991 .

[23]  John Tang Boyland,et al.  Checking Interference with Fractional Permissions , 2003, SAS.

[24]  Frank Piessens,et al.  Heap-Dependent Expressions in Separation Logic , 2010, FMOODS/FORTE.

[25]  Robert DeLine,et al.  Enforcing high-level protocols in low-level software , 2001, PLDI '01.

[26]  Frank S. de Boer,et al.  A Tool-Supported Proof System for Multithreaded Java , 2002, FMCO.

[27]  Christian Haack,et al.  Resource Usage Protocols for Iterators , 2009, J. Object Technol..

[28]  Peter W. O'Hearn,et al.  BI as an assertion language for mutable data structures , 2001, POPL '01.

[29]  David Walker,et al.  ILC: A Foundation for Automated Reasoning About Pointer Programs , 2006, ESOP.

[30]  Viktor Vafeiadis,et al.  Concurrent Abstract Predicates , 2010, ECOOP.

[31]  Klaus Havelund,et al.  Model Checking Programs , 2004, Automated Software Engineering.

[32]  Marieke Huisman,et al.  Witnessing the elimination of magic wands , 2013, International Journal on Software Tools for Technology Transfer.

[33]  Clément Hurlin,et al.  Specification and Verification of Multithreaded Object-Oriented Programs with Separation Logic , 2009 .

[34]  Gavin M. Bierman,et al.  Separation Logic for Object-Oriented Programming , 2013, Aliasing in Object-Oriented Programming.

[35]  Peter W. O'Hearn,et al.  Smallfoot: Modular Automatic Assertion Checking with Separation Logic , 2005, FMCO.

[36]  Marieke Huisman,et al.  Verification of Concurrent Systems with VerCors , 2014, SFM.

[37]  Peter W. O'Hearn,et al.  Resources, Concurrency and Local Reasoning , 2004, CONCUR.

[38]  Marieke Huisman,et al.  Reasoning about Java programs in higher order logic using PVS and Isabelle , 2001 .

[39]  Philip Wadler,et al.  Featherweight Java: a minimal core calculus for Java and GJ , 2001, TOPL.

[40]  Frank Piessens,et al.  An Automatic Verifier for Java-Like Programs Based on Dynamic Frames , 2008, FASE.

[41]  James Noble,et al.  Ownership types for flexible alias protection , 1998, OOPSLA '98.

[42]  Matthew J. Parkinson,et al.  Local reasoning for Java , 2005 .

[43]  Sophia Drossopoulou,et al.  Ownership, encapsulation and the disjointness of type and effect , 2002, OOPSLA '02.

[44]  Marieke Huisman,et al.  Reasoning about Java's Reentrant Locks , 2008, APLAS.

[45]  Frank Piessens,et al.  Expressive modular fine-grained concurrency specification , 2011, POPL '11.

[46]  Thomas Tuerk,et al.  A Formalisation of Smallfoot in HOL , 2009, TPHOLs.

[47]  Peter W. O'Hearn,et al.  The Logic of Bunched Implications , 1999, Bulletin of Symbolic Logic.

[48]  Alexey Gotsman,et al.  Precision and the Conjunction Rule in Concurrent Separation Logic , 2011, MFPS.

[49]  K. Rustan M. Leino,et al.  Verification of Object-Oriented Programs with Invariants , 2003, J. Object Technol..

[50]  David Walker,et al.  Alias Types , 2000, ESOP.

[51]  Xinyu Feng,et al.  Deny-Guarantee Reasoning , 2009, ESOP.

[52]  Peter W. O'Hearn,et al.  Local Reasoning about Programs that Alter Data Structures , 2001, CSL.

[53]  John Boyland,et al.  Concurrency analysis based on fractional permissions , 2007 .

[54]  Suresh Jagannathan,et al.  Modular reasoning for deterministic parallelism , 2011, POPL '11.

[55]  Matthew J. Parkinson,et al.  jStar: towards practical verification for java , 2008, OOPSLA.

[56]  Gary T. Leavens Modular specification and verification of object-oriented programs , 1991, IEEE Software.

[57]  Shengchao Qin,et al.  Enhancing modular OO verification with separation logic , 2008, POPL '08.

[58]  Mooly Sagiv,et al.  Proceedings of the 38th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages , 2011, POPL 2011.

[59]  John Tang Boyland Semantics of fractional permissions with nesting , 2010, TOPL.

[60]  Bernhard Beckert,et al.  Verification of Object-Oriented Software. The KeY Approach - Foreword by K. Rustan M. Leino , 2007, The KeY Approach.

[61]  Stephen D. Brookes,et al.  A Semantics for Concurrent Separation Logic , 2004, CONCUR.

[62]  Frank S. de Boer A Sound and Complete Shared-Variable Concurrency Model for Multi-threaded Java Programs , 2007, FMOODS.

[63]  Marieke Huisman,et al.  The VerCors project: setting up basecamp , 2012, PLPV '12.

[64]  Alexey Gotsman,et al.  Local Reasoning for Storable Locks and Threads , 2007, APLAS.

[65]  Philip Wadler,et al.  A Taste of Linear Logic , 1993, MFCS.

[66]  John C. Reynolds,et al.  Separation logic: a logic for shared mutable data structures , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[67]  K. Rustan M. Leino,et al.  A Basis for Verifying Multi-threaded Programs , 2009, ESOP.

[68]  Gavin M. Bierman,et al.  Separation logic and abstraction , 2005, POPL '05.

[69]  Hongseok Yang,et al.  Variables as Resource in Separation Logic , 2005, MFPS.

[70]  David Gay,et al.  Effective static deadlock detection , 2009, 2009 IEEE 31st International Conference on Software Engineering.

[71]  Christian Haack,et al.  Separation Logic Contracts for a Java-Like Language with Fork/Join , 2008, AMAST.