Compositional Proofs of Concurrent Programs

Project GR/M75440/01, funded by the Engineering and Physical Sciences Research Council (EPSRC), was undertaken to provide a better understanding of compositional reasoning, that is, how to verify systems built from components. It is a continuation of project GR/K57381, Mechanising Temporal Reasoning. A fundamental issue is the representation of program states. The choices are between stronglyand weakly-typed representations and between formalizing a single, universal state representation or giving each component an individual state representation. Sidi Ehmety and I have investigated two strongly-typed approaches: local, polymorphic records [6] and abstract states [4]. We have produced a weakly-typed proof environment for UNITY based on ZF set theory and used it to formalize most of the proofs in Charpentier and Chandy [1]. We have formalized other compositional theories, such as existential and universal properties [2, 3]. Our findings here are positive: the proofs for both papers are simple. In one case five pages of informal proofs are reduced to a few lines of Isabelle/HOL proof script [5]. We have mechanized another theory of compositional reasoning: the progress sets of Meier and Sanders. A critical evaluation of the theories we investigated is now available [7]. UNITY’s simplicity makes it ideal for the fundamental research undertaken here. UNITY proofs are traditionally carried out on paper, and a continuing theme of this research is the surprises that occur when these proofs are attempted using computer assistance. Although UNITY is too simple to apply to large-scale industrial verification, this is our ultimate aim. Large concurrent systems can only be verified with machine assistance. Formal methods researchers are divided between those who perform proofs on paper and those who advocate computer-based verification tools. Many of the people in the first group wish to use tools, provided their traditional proof style is respected. Part of the tool builder’s job is to understand which aspects of their proof style are essential. Some of the obstacles to mechanization originate in the conventions, notations and implicit assumptions of the pencil-and-paper community. This project has investigated most of the proposals for compositional reasoning in the UNITY literature. It has shown that while temporal reasoning about program components remains difficult, compositional reasoning is not as hard as was previously thought.