Transferring Obligations Through Synchronizations

One common approach for verifying safety properties of multithreaded programs is assigning appropriate permissions, such as ownership of a heap location, and obligations, such as an obligation to send a message on a channel, to each thread and making sure that each thread only performs the actions for which it has permissions and it also fulfills all of its obligations before it terminates. Although permissions can be transferred through synchronizations from a sender thread, where for example a message is sent or a condition variable is notified, to a receiver thread, where that message or that notification is received, in existing approaches obligations can only be transferred when a thread is forked. In this paper we introduce two mechanisms, one for channels and the other for condition variables, that allow obligations, along with permissions, to be transferred from the sender to the receiver, while ensuring that there is no state where the transferred obligations are lost, i.e. where they are discharged from the sender thread but not loaded onto the receiver thread yet. We show how these mechanisms can be used to modularly verify deadlock-freedom of a number of interesting programs, such as some variations of client-server programs, fair readers-writers locks, and dining philosophers, which cannot be modularly verified without such transfer. We also encoded the proposed separation logic-based proof rules in the VeriFast program verifier and succeeded in verifying the mentioned programs.

[1]  Kohei Suenaga Type-Based Deadlock-Freedom Verification for Non-Block-Structured Lock Primitives and Mutable References , 2008, APLAS.

[2]  Pontus Boström,et al.  Modular Verification of Finite Blocking in Non-terminating Programs , 2015, ECOOP 2015.

[3]  Jan Smans,et al.  Deadlock-Free Channels and Locks , 2010, ESOP.

[4]  Bart Jacobs,et al.  Modular Verification of Termination and Execution Time Bounds Using Separation Logic , 2016, 2016 IEEE 17th International Conference on Information Reuse and Integration (IRI).

[5]  Cosimo Laneve,et al.  Deadlock Analysis of Unbounded Process Networks , 2014, CONCUR.

[6]  Xinyu Feng Local rely-guarantee reasoning , 2009, POPL '09.

[7]  Frank Piessens,et al.  A Quick Tour of the VeriFast Program Verifier , 2010, APLAS.

[8]  Philippa Gardner,et al.  CoLoSL: Concurrent Local Subjective Logic , 2015, ESOP.

[9]  Peter W. O'Hearn,et al.  Separation Logic Semantics for Communicating Processes , 2008, FICS.

[10]  Lars Birkedal,et al.  Iron: managing obligations in higher-order concurrent separation logic , 2019, Proc. ACM Program. Lang..

[11]  Dragan Bosnacki,et al.  Modular Termination Verification of Single-Threaded and Multithreaded Programs , 2018, ACM Trans. Program. Lang. Syst..

[12]  Andrey Rybalchenko,et al.  Compositional Termination Proofs for Multi-threaded Programs , 2012, TACAS.

[13]  Bart Jacobs Provably live exception handling , 2015, FTfJP@ECOOP.

[14]  Christian Haack,et al.  Separation Logic Contracts for a Java-Like Language with Fork/Join , 2008, AMAST.

[15]  Ornela Dardha,et al.  A New Linear Logic for Deadlock-Free Session-Typed Processes , 2018, FoSSaCS.

[16]  Marieke Huisman,et al.  Specification and Verification of Synchronization with Condition Variables , 2016, FTSCS.

[17]  Krishna M. Kavi,et al.  Modeling Multithreaded Applications Using Petri Nets , 2002, International Journal of Parallel Programming.

[18]  Wei-Ngan Chin,et al.  An Expressive Framework for Verifying Deadlock Freedom , 2013, ATVA.

[19]  Bart Jacobs,et al.  Deadlock-free monitors: Extended version , 2018 .

[20]  Viktor Vafeiadis,et al.  A Marriage of Rely/Guarantee and Separation Logic , 2007, CONCUR.

[21]  Andrew W. Appel,et al.  Oracle Semantics for Concurrent Separation Logic , 2008, ESOP.

[22]  Frank Piessens,et al.  Implicit dynamic frames , 2008, TOPL.

[23]  Dragan Bosnacki,et al.  Modular Termination Verification , 2015, ECOOP.

[24]  Sophia Drossopoulou,et al.  Session Types for Object-Oriented Languages , 2006, ECOOP.

[25]  Chao Wang,et al.  Precisely Deciding Control State Reachability in Concurrent Traces with Limited Observability , 2014, VMCAI.

[26]  Zhong Shao,et al.  Quantitative Reasoning for Proving Lock-Freedom , 2013, 2013 28th Annual ACM/IEEE Symposium on Logic in Computer Science.

[27]  Luca Padovani Type-Based Analysis of Linear Communications , 2017 .

[28]  Bart Jacobs,et al.  Deadlock-Free Monitors , 2018, ESOP.

[29]  Lars Birkedal,et al.  Iris: Monoids and Invariants as an Orthogonal Basis for Concurrent Reasoning , 2015, POPL.

[30]  Alexey Gotsman,et al.  Local Reasoning for Storable Locks and Threads , 2007, APLAS.

[31]  David J. Pym,et al.  A Calculus and logic of resources and processes , 2006, Formal Aspects of Computing.

[32]  Naoki Kobayashi,et al.  A Type System for Lock-Free Processes , 2002, Inf. Comput..

[33]  Philippa Gardner,et al.  Modular Termination Verification for Non-blocking Concurrency , 2016, ESOP.

[34]  Frank Piessens,et al.  VeriFast: A Powerful, Sound, Predictable, Fast Verifier for C and Java , 2011, NASA Formal Methods.

[35]  John Tang Boyland,et al.  Checking Interference with Fractional Permissions , 2003, SAS.

[36]  Naoki Kobayashi,et al.  A New Type System for Deadlock-Free Processes , 2006, CONCUR.

[37]  Xinyu Feng,et al.  Progress of concurrent objects with partial methods , 2018, Proc. ACM Program. Lang..