Rely/Guarantee Reasoning for Asynchronous Programs

Asynchronous programming has become ubiquitous in smartphone and web application development, as well as in the development of server-side and system applications. Many of the uses of asynchrony can be modeled by extending programming languages with asynchronous procedure calls - procedures not executed immediately, but stored and selected for execution at a later point by a non-deterministic scheduler. Asynchronous calls induce a flow of control that is difficult to reason about, which in turn makes formal verification of asynchronous programs challenging. In response, we take a rely/guarantee approach: Each asynchronous procedure is verified separately with respect to its rely and guarantee predicates; the correctness of the whole program then follows from the natural conditions the rely/guarantee predicates have to satisfy. In this way, the verification of asynchronous programs is modularly decomposed into the more usual verification of sequential programs with synchronous calls. For the sequential program verification we use Hoare-style deductive reasoning, which we demonstrate on several simplified examples. These examples were inspired from programs written in C using the popular Libevent library; they are manually annotated and verified within the state-of-the-art Frama-C platform.

[1]  Rupak Majumdar,et al.  Algorithmic verification of asynchronous programs , 2010, TOPL.

[2]  Rupak Majumdar,et al.  Tasks: language support for event-driven programming , 2007, PEPM '07.

[3]  Nikolai Kosmatov,et al.  Frama-C - A Software Analysis Perspective , 2012, SEFM.

[4]  Cliff B. Jones,et al.  Tentative steps toward a development method for interfering programs , 1983, TOPL.

[5]  Daniel Kroening,et al.  Efficient Coverability Analysis by Proof Minimization , 2012, CONCUR.

[6]  Mahesh Viswanathan,et al.  Model Checking Multithreaded Programs with Asynchronous Atomic Methods , 2006, CAV.

[7]  Roger M. Needham,et al.  On the duality of operating system structures , 1979, OPSR.

[8]  Martín Abadi,et al.  Conjoining specifications , 1995, TOPL.

[9]  J. Filliâtre,et al.  ACSL: ANSI/ISO C Specification Language , 2008 .

[10]  Andrey Rybalchenko,et al.  Synthesizing software verifiers from proof rules , 2012, PLDI.

[11]  C.-H. Luke Ong,et al.  Automatic Verification of Erlang-Style Concurrency , 2013, SAS.

[12]  Rupak Majumdar,et al.  An SMT-Based Approach to Coverability Analysis , 2014, CAV.

[13]  Rupak Majumdar,et al.  Interprocedural analysis of asynchronous programs , 2007, POPL '07.

[14]  Martín Abadi,et al.  Composing Specifications , 1989, REX Workshop.

[15]  Ashutosh Gupta,et al.  Predicate abstraction and refinement for verifying multi-threaded programs , 2011, POPL '11.

[16]  Stephen N. Freund,et al.  Thread-Modular Verification for Shared-Memory Programs , 2002, ESOP.

[17]  Thomas A. Henzinger,et al.  Race checking by context inference , 2004, PLDI '04.

[18]  Bor-Yuh Evan Chang,et al.  Boogie: A Modular Reusable Verifier for Object-Oriented Programs , 2005, FMCO.