Safe Concurrency for Aggregate Objects with Invariants: Soundness Proof

Developing safe multithreaded software systems is difficult due to the potential unwanted interference among concurrent threads. This paper presents a flexible methodology for object-oriented programs that protects object structures against inconsistency due to race conditions. It is based on a recent methodology for single-threaded programs where developers define aggregate object structures using an ownership system and declare invariants over them. The methodology is supported by a set of language elements and by both a sound modular static verification method and run-time checking support. The paper reports on preliminary experience with a prototype implementation.

[1]  Doug Lea,et al.  Concurrent Programming In Java , 1996 .

[2]  Cormac Flanagan,et al.  A type and effect system for atomicity , 2003, PLDI.

[3]  C. A. R. Hoare,et al.  Monitors: an operating system structuring concept , 1974, CACM.

[4]  Stephen N. Freund,et al.  Atomizer: a dynamic atomicity checker for multithreaded programs , 2004, 18th International Parallel and Distributed Processing Symposium, 2004. Proceedings..

[5]  K. Rustan M. Leino,et al.  Extended static checking , 1998, PROCOMET.

[6]  Jan Vitek,et al.  Flexible Alias Protection , 1998, ECOOP.

[7]  William Pugh Fixing the Java memory model , 1999, JAVA '99.

[8]  K. Rustan M. Leino,et al.  Object Invariants in Dynamic Contexts , 2004, ECOOP.

[9]  K. Rustan M. Leino,et al.  Verification of Object-Oriented Programs with Invariants , 2003, J. Object Technol..

[10]  Guy L. Steele,et al.  The Java Language Specification , 1996 .

[11]  Jeremy Manson,et al.  The Java memory model , 2005, POPL '05.

[12]  Michael Burrows,et al.  Eraser: a dynamic data race detector for multithreaded programs , 1997, TOCS.

[13]  Robert DeLine,et al.  Enforcing high-level protocols in low-level software , 2001, PLDI '01.

[14]  Jakob Rehof,et al.  Summarizing procedures in concurrent programs , 2004, POPL.

[15]  Martin C. Rinard,et al.  ACM Conference on Object-Oriented Programming, Systems, Languages and Applications (OOPSLA), November 2002 Ownership Types for Safe Programming: Preventing Data Races and Deadlocks , 2022 .

[16]  T LeavensGary Modular Specification and Verification of Object-Oriented Programs , 1991 .

[17]  K. Rustan M. Leino,et al.  Modular verification of global module invariants in object-oriented programs , 2004 .

[18]  Michael Barnett,et al.  Friends Need a Bit More: Maintaining Invariants Over Shared State , 2004, MPC.

[19]  Frank S. de Boer,et al.  Verification for Java's Reentrant Multithreading Concept , 2002, FoSSaCS.

[20]  Gary T. Leavens Modular specification and verification of object-oriented programs , 1991, IEEE Software.

[21]  Stephen N. Freund,et al.  Checking Concise Specifications for Multithreaded Software , 2004, J. Object Technol..

[22]  Mark D. Hill,et al.  Weak ordering—a new definition , 1998, ISCA '98.

[23]  K. Rustan M. Leino,et al.  The Spec# Programming System: An Overview , 2004, CASSIS.

[24]  Susan Owicki,et al.  An axiomatic proof technique for parallel programs I , 1976, Acta Informatica.

[25]  V AdveSarita,et al.  Weak orderinga new definition , 1990 .

[26]  Michael Burrows,et al.  Eraser: a dynamic data race detector for multi-threaded programs , 1997, TOCS.

[27]  Matthew B. Dwyer,et al.  Extending JML for Modular Specification and Verification of Multi-threaded Programs , 2005, ECOOP.

[28]  James Gosling,et al.  The Java Language Specification, 3rd Edition , 2005 .

[29]  Suresh Jagannathan,et al.  Transactional Monitors for Concurrent Objects , 2004, ECOOP.

[30]  Mark Lillibridge,et al.  Extended static checking for Java , 2002, PLDI '02.

[31]  Frank Piessens,et al.  Safe concurrency for aggregate objects with invariants , 2005, Third IEEE International Conference on Software Engineering and Formal Methods (SEFM'05).

[32]  Wolfram Schulte,et al.  Verification of Multithreaded Object-Oriented Programs with Invariants , 2004 .