Verification of parallel programs with the Owicki-Gries and Rely-Guarantee methods in Isabelle, HOL

This thesis presents the first formalization of the Owicki-Gries method and its compositional version, the rely-guarantee method, in a theorem prover. These methods are widely used for correctness proofs of parallel imperative programs with shared variables. We define syntax, semantics and proof rules in Isabelle/HOL, which is the instantiation of higher-order logic in the theorem prover Isabelle. The proof rules also provide for programs parameterized in the number of parallel components. Their correctness w.r.t. the semantics is proven mechanically and the completeness proofs for both methods are extended to the new case of parameterized programs. For the automatic generation of verification conditions we define a tactic based on the proof rules. Using this tactic we verify several non-trivial examples for parameterized and non-parameterized programs.

[1]  Colin Stirling,et al.  A Generalization of Owicki-Gries's Hoare Logic for a Concurrent while Language , 1988, Theor. Comput. Sci..

[2]  Albert John Camilleri Mechanizing CSP Trace Theory in Higher Order Logic , 1990, IEEE Trans. Software Eng..

[3]  Bengt Jonsson,et al.  Deciding Bisimulation Equivalences for a Class of Non-Finite-State Programs , 1989, Inf. Comput..

[4]  Leslie Lamport,et al.  On-the-fly garbage collection: an exercise in cooperation , 1975, CACM.

[5]  Krzysztof R. Apt,et al.  Ten Years of Hoare's Logic: A Survey—Part I , 1981, TOPL.

[6]  Willem P. de Roever,et al.  A Proof System for Communicating Sequential Processes , 1980, ACM Trans. Program. Lang. Syst..

[7]  Steve A. Schneider,et al.  Using a PVS Embedding of CSP to Verify Authentication Protocols , 1997, TPHOLs.

[8]  Javier Esparza Petri Nets, Commutative Context-Free Grammars, and Basic Parallel Processes , 1995, FCT.

[9]  Cliff B. Jones,et al.  Developing methods for computer programs including a notion of interference , 1981 .

[10]  Cliff B. Jones,et al.  Tentative steps toward a development method for interfering programs , 1983, TOPL.

[11]  Kim Dam Petersen,et al.  Program Verification using HOL-UNITY , 1993, HUG.

[12]  Michael J. C. Gordon,et al.  The Denotational Description of Programming Languages , 1979, Springer New York.

[13]  Barbara Heyd,et al.  Formal Verification of Concurrent Programs in LP and in COQ: A Comparative Analysis , 1997, TPHOLs.

[14]  G. Winskel The formal semantics of programming languages , 1993 .

[15]  Susan S. Owicki,et al.  Axiomatic Proof Techniques for Parallel Programs , 1975, Outstanding Dissertations in the Computer Sciences.

[16]  David Gries An exercise in proving parallel programs correct , 1977, CACM.

[17]  Frank S. de Boer,et al.  Hoare-Style Compositional Proof Systems for Reactive Shared Variable Concurency , 1997, FSTTCS.

[18]  James L. Peterson,et al.  Petri Nets , 1977, CSUR.

[19]  Monica Nesi Value-Passing CCS in HOL , 1993, HUG.

[20]  Krzysztof R. Apt,et al.  Limits for Automatic Verification of Finite-State Concurrent Systems , 1986, Inf. Process. Lett..

[21]  Gordon D. Plotkin,et al.  A structural approach to operational semantics , 2004, J. Log. Algebraic Methods Program..

[22]  Eike Best,et al.  Semantics of sequential and parallel programs , 1996, Prentice Hall International series in computer science.

[23]  J. Meigs,et al.  WHO Technical Report , 1954, The Yale Journal of Biology and Medicine.

[24]  Markus Wenzel,et al.  Isabelle, Isar - a versatile environment for human readable formal proof documents , 2002 .

[25]  Ketil Stølen,et al.  A Method for the Development of Totally Correct Shared-State Parallel Programs , 1991, CONCUR.

[26]  K. Mani Chandy,et al.  Proofs of Networks of Processes , 1981, IEEE Transactions on Software Engineering.

[27]  Michael J. C. Gordon,et al.  The denotational description of programming languages - an introduction , 1979 .

[28]  Olaf Müller,et al.  A verification environment for I-O-automata based on formalized meta-theory , 1998 .

[29]  Natarajan Shankar,et al.  Formal Verification for Fault-Tolerant Architectures: Prolegomena to the Design of PVS , 1995, IEEE Trans. Software Eng..

[30]  Burkhart Wolff,et al.  A Corrected Failure Divergence Model for CSP in Isabelle/HOL , 1997, FME.

[31]  Joakim von Wright,et al.  Refining Reactive Systems in HOL Using Action Systems , 1997, TPHOLs.

[32]  Peter V. Homeier,et al.  Mechanical Verification of Mutually Recursive Procedures , 1996, CADE.

[33]  Lawrence C. Paulson Mechanizing a theory of program composition for UNITY , 2001, TOPL.

[34]  Paul R. Wilson,et al.  Uniprocessor Garbage Collection Techniques , 1992, IWMM.

[35]  Neelam Soundararajan,et al.  A proof technique for parallel programs , 1984, Theor. Comput. Sci..

[36]  Barbara Heyd,et al.  A Modular Coding of UNITY in COQ , 1996, TPHOLs.

[37]  Leslie Lamport,et al.  Proving the Correctness of Multiprocess Programs , 1977, IEEE Transactions on Software Engineering.

[38]  John M. Rushby,et al.  Theorem Proving for Verification , 2000, MOVEP.

[39]  Edsger W. Dijkstra,et al.  A Discipline of Programming , 1976 .

[40]  David M. Goldschlag,et al.  Mechanically Verifying Concurrent Programs with the Boyer-Moore Prover , 1990, IEEE Trans. Software Eng..

[41]  A. J. M. van Gasteren,et al.  On a Method of Multiprogramming , 2010, Monographs in Computer Science.

[42]  Jan L. A. van de Snepscheut "Algorithms for On-the-Fly Garbage Collection" Revisited , 1987, Inf. Process. Lett..

[43]  Tobias Nipkow,et al.  Isabelle HOL - The Tutorial , 2000 .

[44]  David Gries,et al.  A proof technique for communicating sequential processes , 1981, Acta Informatica.

[45]  Shirley Dex,et al.  JR 旅客販売総合システム(マルス)における運用及び管理について , 1991 .

[46]  L. Prensa-Nieto Completeness of the owicki-gries system for parameterized parallel programs , 2001, Proceedings 15th International Parallel and Distributed Processing Symposium. IPDPS 2001.

[47]  David L. Dill,et al.  Experience with Predicate Abstraction , 1999, CAV.

[48]  Glenn Bruns,et al.  Distributed systems analysis with CCS , 1997 .

[49]  Markus M. Wenzel Miscellaneous Isabelle/Isar examples for Higher-Order Logic , 1999 .

[50]  Natarajan Shankar,et al.  PVS: Combining Specification, Proof Checking, and Model Checking , 1996, FMCAD.

[51]  Somesh Jha,et al.  Veryfying Parameterized Networks using Abstraction and Regular Languages , 1995, CONCUR.

[52]  Edsger W. Dijkstra,et al.  Cooperating sequential processes , 2002 .

[53]  I. G. BONNER CLAPPISON Editor , 1960, The Electric Power Engineering Handbook - Five Volume Set.

[54]  Jozef Hooman Developing Proof Rules for Distributed Real-Time Systems with PVS , 1998 .

[55]  Amir Pnueli,et al.  Compositionality: The Significant Difference , 1999, Lecture Notes in Computer Science.

[56]  Thomas Kleymann,et al.  Hoare logic and VDM : machine-checked soundness and completeness proofs , 1998 .

[57]  Christopher Strachey,et al.  Toward a mathematical semantics for computer languages , 1971 .

[58]  Natarajan Shankar,et al.  A Mechanized Refinement Proof for a Garbage Collector , 1997 .

[59]  M. Gordon,et al.  Introduction to HOL: a theorem proving environment for higher order logic , 1993 .

[60]  N. Shankar,et al.  Machine-assisted verification using theorem proving and model checking , 1997 .

[61]  Lawrence C. Paulson Mechanizing UNITY in Isabelle , 2000, TOCL.

[62]  Sara Kalvala,et al.  A Formulation of TLA in Isabelle , 1995, TPHOLs.

[63]  John Harrison,et al.  Formalizing Dijkstra , 1998, TPHOLs.

[64]  A. Prasad Sistla,et al.  Reasoning about systems with many processes , 1992, JACM.

[65]  Lawrence Charles Paulson,et al.  Isabelle: A Generic Theorem Prover , 1994 .

[66]  Gary L. Peterson,et al.  Myths About the Mutual Exclusion Problem , 1981, Inf. Process. Lett..

[67]  Krzysztof R. Apt,et al.  Recursive assertions and parallel programs , 1981, Acta Informatica.

[68]  Joakim von Wright,et al.  Using a Theorem Prover for Reasoning about Concurrent Algorithms , 1992, CAV.

[69]  Susan Owicki,et al.  An axiomatic proof technique for parallel programs I , 1976, Acta Informatica.

[70]  Tobias Nipkow,et al.  Traces of I/O-Automata in Isabelle/HOLCF , 1997, TAPSOFT.

[71]  Jozef Hooman Verifying Part of the ACCESS.bus Protocol Using PVS , 1995, FSTTCS.

[72]  David von Oheimb Analyzing Java in Isabelle-HOL: formalization, type safety and Hoare logic , 2001 .

[73]  Joakim von Wright,et al.  Mechanizing some advanced refinement concepts , 1992, Formal Methods Syst. Des..

[74]  Mordechai Ben-Ari Algorithms for on-the-fly garbage collection , 1984, TOPL.

[75]  Tobias Nipkow Winskel is (Almost) Right: Towards a Mechanized Semantics Textbook , 1996, FSTTCS.

[76]  Michael Rodeh,et al.  Achieving Distributed Termination without Freezing , 1982, IEEE Transactions on Software Engineering.

[77]  Javier Esparza,et al.  Verifying Single and Multi-mutator Garbage Collectors with Owicki-Gries in Isabelle/HOL , 2000, MFCS.

[78]  Tobias Nipkow,et al.  Owicki/Gries in Isabelle/HOL , 1999, FASE.

[79]  Paul B. Jackson Verifying a Garbage Collection Algorithm , 1998, TPHOLs.

[80]  D. C. Cooper,et al.  Theory of Recursive Functions and Effective Computability , 1969, The Mathematical Gazette.

[81]  J. C. Filliatre Preuve de programmes imperatifs en theorie des types , 1999 .

[82]  Klaus Havelund Mechanical Verification of a Garbage Collector , 1999, IPPS/SPDP Workshops.

[83]  Rajeev Alur,et al.  A Theory of Timed Automata , 1994, Theor. Comput. Sci..

[84]  Michael J. C. Gordon,et al.  Mechanizing programming logics in higher order logic , 1989 .

[85]  Nancy A. Lynch,et al.  Computer-Assisted Simulation Proofs , 1993, CAV.

[86]  Leslie Lamport,et al.  Mechanical Verification of Concurrent Systems with TLA , 1992, Larch.

[87]  Thomas A. Henzinger,et al.  Hybrid Automata with Finite Bisimulatioins , 1995, ICALP.

[88]  Jozef Hooman,et al.  Process Algebra in PVS , 1999, TACAS.