A perspective on specifying and verifying concurrent modules

Abstract The specification of a concurrent program module, and the verification of implementations and clients with respect to such a specification, are difficult problems. A specification should be general enough that any reasonable implementation satisfies it, yet precise enough that it can be used by any reasonable client. We survey a range of techniques for specifying concurrent modules, using the example of a counter module to illustrate the benefits and limitations of each. In particular, we highlight four key concepts underpinning these techniques: auxiliary state, interference abstraction, resource ownership and atomicity. We demonstrate how these concepts can be combined to achieve two powerful approaches for specifying concurrent modules and verifying implementations and clients, which remove the limitations highlighted by the counter example.

[1]  Hongseok Yang,et al.  Views: compositional reasoning for concurrent programs , 2013, POPL.

[2]  Aleksandar Nanevski,et al.  Subjective auxiliary state for coarse-grained concurrency , 2013, POPL.

[3]  Peter W. O'Hearn,et al.  BI as an assertion language for mutable data structures , 2001, POPL '01.

[4]  Viktor Vafeiadis,et al.  Concurrent Abstract Predicates , 2010, ECOOP.

[5]  Lars Birkedal,et al.  Iris: Monoids and Invariants as an Orthogonal Basis for Concurrent Reasoning , 2015, POPL.

[6]  Peter W. O'Hearn,et al.  BI as an assertion language for mutable data structures , 2001, POPL '01.

[7]  Peter W. O'Hearn,et al.  The Logic of Bunched Implications , 1999, Bulletin of Symbolic Logic.

[8]  Peter W. O'Hearn,et al.  Abstraction for concurrent objects , 2009, Theor. Comput. Sci..

[9]  John C. Reynolds,et al.  Separation logic: a logic for shared mutable data structures , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[10]  Michael L. Scott,et al.  Algorithms for scalable synchronization on shared-memory multiprocessors , 1991, TOCS.

[11]  Cliff B. Jones,et al.  Specification and Design of (Parallel) Programs , 1983, IFIP Congress.

[12]  Peter W. O'Hearn,et al.  Resources, Concurrency and Local Reasoning , 2004, CONCUR.

[13]  Frank Piessens,et al.  Expressive modular fine-grained concurrency specification , 2011, POPL '11.

[14]  Stephen D. Brookes,et al.  A Semantics for Concurrent Separation Logic , 2004, CONCUR.

[15]  Xinyu Feng,et al.  Deny-Guarantee Reasoning , 2009, ESOP.

[16]  Peter W. O'Hearn,et al.  Local Action and Abstract Separation Logic , 2007, 22nd Annual IEEE Symposium on Logic in Computer Science (LICS 2007).

[17]  Maurice Herlihy,et al.  Linearizability: a correctness condition for concurrent objects , 1990, TOPL.

[18]  Xinyu Feng Local rely-guarantee reasoning , 2009, POPL '09.

[19]  Gavin M. Bierman,et al.  Separation logic and abstraction , 2005, POPL '05.

[20]  John Tang Boyland,et al.  Checking Interference with Fractional Permissions , 2003, SAS.

[21]  Viktor Vafeiadis,et al.  Modular fine-grained concurrency verification , 2008 .

[22]  Lars Birkedal,et al.  Modular Reasoning about Separation of Concurrent Data Structures , 2013, ESOP.

[23]  Pedro da Rocha Pinto Reasoning with time and data abstractions , 2016 .

[24]  Andrew W. Appel,et al.  A Fresh Look at Separation Algebras and Share Accounting , 2009, APLAS.

[25]  Lars Birkedal,et al.  Impredicative Concurrent Abstract Predicates , 2014, ESOP.

[26]  Philippa Gardner,et al.  TaDA: A Logic for Time and Data Abstraction , 2014, ECOOP.

[27]  Gian Ntzik,et al.  Reasoning about POSIX file systems , 2016 .

[28]  Peter W. O'Hearn,et al.  Permission accounting in separation logic , 2005, POPL '05.

[29]  Lars Birkedal,et al.  Caper - Automatic Verification for Fine-Grained Concurrency , 2017, ESOP.

[30]  Philippa Gardner,et al.  CoLoSL: Concurrent Local Subjective Logic , 2015, ESOP.

[31]  Lauretta O. Osho,et al.  Axiomatic Basis for Computer Programming , 2013 .

[32]  P ? ? ? ? ? ? ? % ? ? ? ? , 1991 .

[33]  Philippa Gardner,et al.  A simple abstraction for complex concurrent indexes , 2011, OOPSLA '11.

[34]  Philippa Gardner,et al.  Modular Termination Verification for Non-blocking Concurrency , 2016, ESOP.

[35]  Lars Birkedal,et al.  Unifying refinement and hoare-style reasoning in a logic for higher-order concurrency , 2013, ICFP.

[36]  Ilya Sergey,et al.  Communicating State Transition Systems for Fine-Grained Concurrent Resources , 2014, ESOP.

[37]  Wolfram Schulte,et al.  VCC: Contract-based modular verification of concurrent C , 2009, 2009 31st International Conference on Software Engineering - Companion Volume.

[38]  Hongseok Yang,et al.  Linearizability with Ownership Transfer , 2012, CONCUR.

[39]  Ilya Sergey,et al.  Specifying and Verifying Concurrent Algorithms with Histories and Subjectivity , 2014, ESOP.