Shared Boxes: Rely-Guarantee Reasoning in VeriFast
نویسندگان
چکیده
VeriFast is a verifier for single-threaded and multithreaded C and Java programs. It takes a C or Java program annotated with preconditions and postconditions in a separation logic notation, and verifies statically that these preconditions and postconditions hold, using symbolic execution. In plain separation logic, a thread either has full ownership of a memory location and knows the value at the location, or it has no ownership and no knowledge of the value of the location. Existing work proposes a marriage of rely-guarantee reasoning and separation logic to address this. In this document, we describe the shared boxes mechanism, which marries separation logic and rely-guarantee reasoning in VeriFast. We introduce and motivate the shared boxes mechanism using a minimalistic example and a realistic example. The minimalistic example is a counter program where one thread continuously increments a counter and other threads check that the counter does not decrease. For the realistic example, we verify functional correctness of the Michael-Scott queue, a lock-free concurrent data structure. We define the syntax and semantics of a simple C-like programming language, and we define a separation logic with shared boxes and prove its soundness. We discuss the implementation in VeriFast and the examples we verified using our VeriFast implementation. Shared Boxes: Rely-Guarantee Reasoning in
منابع مشابه
Rely-Guarantee References for Refinement Types
Reasoning about side effects and aliasing is the heart of verifyingimperative programs. Unrestricted side effects through one refer-ence can invalidate assumptions about an alias. We present a newtype system approach to reasoning about safe assumptions in thepresence of aliasing and side effects, unifying ideas from referenceimmutability type systems and rely-guarantee progr...
متن کاملLocal Rely-Guarantee Conditions for Linearizability and Lock-Freedom
Rely-guarantee reasoning specifications typically consider all components of a concurrent system. For the important case where components operate on a shared data object, we derive a local instance of rely-guarantee reasoning, which permits specifications to examine a single pair of representative components only. Based on this instance, we define local proof obligations for linearizability and...
متن کاملRely-Guarantee Protocols
The use of shared mutable state, commonly seen in object-oriented systems, is often problematic due to the potential conflicting interactions between aliases to the same state. We present a substructural type system outfitted with a novel lightweight interference control mechanism, rely-guarantee protocols, that enables controlled aliasing of shared resources. By assigning each alias separate r...
متن کاملGlobal and Local Monitors to Enforce Noninterference in Concurrent Programs
Controlling confidential information in concurrentsystems is difficult, due to covert channels resulting from inter-action between threads. This problem is exacerbated if threadsshare resources at fine granularity.In this work, we propose a novel monitoring framework toenforce strong information security in concurrent programs. Ourmonitors are hybrid, combining dynamic a...
متن کاملAn Algebra of Synchronous Atomic Steps
This research started with an algebra for reasoning about rely/guarantee concurrency for a shared memory model. The approach taken led to a more abstract algebra of atomic steps, in which atomic steps synchronise (rather than interleave) when composed in parallel. The algebra of rely/guarantee concurrency then becomes an interpretation of the more abstract algebra. Many of the core properties n...
متن کامل