Skip to main content
Springer Nature Link
Log in

The Role of Auxiliary Variables in the Formal Development of Concurrent Programs

  • Chapter
  • First Online:
Reflections on the Work of C.A.R. Hoare

  • 681 Accesses

Abstract

So called “auxiliary variables” are often used in reasoning about concurrent programs. They can be useful – but they can also be undesirable in that they can undermine the hard won property of “compositionality”. This paper explores the issue of auxiliary variables and tries to set concerns about overuse in a wider context; it concludes with an attempt to recommend constraints on their use.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    My view of the importance of Hoare’s paper led me to take [22] as the “fulcrum” for [39]; that discussion links the prior work of Floyd, Naur and van Wijngaarden (and remarks on the lack of what could have been an interesting link back to Turing’s work).

  2. 2.

    Both points were true not only in the early book on program development in VDM [34] but also the earlier IBM reports [32, 31].

  3. 3.

    In the rule,Pis a predicate of one state;Wa predicate of two that is well founded (thus establishing termination without the need for a “variant function”);W is the reflexive and transitive closure ofW. See [37] for the honest form of this rule which has an additional hypothesis on definedness – but this paper is not about partial functions.

  4. 4.

    Rely/guarantee conditions are quite capable of recording “no change” but Section 8.2.3 discusses how the read/write frames of VDM simplify such descriptions.

  5. 5.

    Colin Stirling was interested in meta results more than usability in applications.

  6. 6.

    There are those who argue that the root of the problem is, in fact, shared variable concurrency. Another of Tony Hoare’s major contributions is, of course, the development of CSP [26, 27]. Although the concept of communicating processes has yielded considerable insight into the nature of concurrency, it is by no means immune from interference. The interference just comes from communication. This is manifest in any process algebra in which shared variables can be simulated by a process that holds their current value.

  7. 7.

    Far too much of the Vienna Lab’s work was only published as technical reports.

  8. 8.

    The community was denied a journal version of this paper because it was rejected by JACM.

  9. 9.

    In the case that there is no such value, the program can either return an indicator or add a sentinel that does have the property.

  10. 10.

    VDM notation [37] is used; the only item that might be unfamiliar is the use of s for the initial (and undecorated s for the final) state in relational postconditions. Furthermore, the predicate { is}{ prime} should be obvious and the function mults delivers the set of multiples (by 2 and above) of its argument.

  11. 11.

    Some papers from the 2004 workshop appear in Journal of Universal Computing Science, Vol. 11, No.5; similarly (and in the same journal), Vol. 13, No. 8 for the 2006 workshop.

  12. 12.

    My valued friends working on Separation Logic [55, 28] for concurrency [56, 49, 10, 51, 52] should remember that this was back in the early 1990s.

  13. 13.

    This is the source of the difficulty in [50] in proving that two parallel instances of < xx + 1 > achieve the obvious result.

  14. 14.

    Amir was of course co-author of the first paper to apply rely/guarantee thinking to temporal logic [9].

References

  1. Abrial, J.-R.: The Event-B Book. Cambridge University Press, Cambridge, UK (2010)

    Google Scholar 

  2. Abrial J.-R., Cansell, D.: Development of a concurrent program, private communication (2008).

    Google Scholar 

  3. Aczel, P.: A note on program verification. (Private communication) Manuscript, Manchester (January 1982).

    Google Scholar 

  4. Ashcroft, E.A., Manna, Z.: Formalization of properties of parallel programs. In: Meltzer, B., Michie, D. (eds.), Machine Intelligence, 6, pp. 17–41. Edinburgh University Press (1971).

    Google Scholar 

  5. America, P.: Issues in the design of a parallel object-oriented language. Formal Aspects Comput. 1(4), 366–411 (1989).

    Article  MATH  Google Scholar 

  6. Anon. SETL: main page, Oct 2009. www.setl-lang.org.

    Google Scholar 

  7. Bornat, R., Amjad, H.: Inter-process buffers in separation logic with rely-guarantee, 2008. (private communication) Submitted to Formal Aspects Comput doi:10.1007/s00165-009-0141-8.

    Google Scholar 

  8. Bicarregui, J.: Intra-Modular Structuring in Model-Oriented Specification: Expressing Non-Interference with Read/Write Frames. PhD thesis, Manchester University (1995).

    Google Scholar 

  9. Barringer, H., Kuiper, R., Pnueli, A.: Now you can compose temporal logic specification. In: Proceedings of 16th ACM STOC, Washington (May 1984).

    Google Scholar 

  10. Brookes, S.D.: A semantics of concurrent separation logic. Theoret. Comput. Sci. (Reynolds Festschrift) 375(1–3), 227–270 (2007). (Preliminary version appeared in CONCUR’04, LNCS 3170, pp. 16–34.)

    MATH  MathSciNet  Google Scholar 

  11. Collette, P., Jones, C.B.: Enhancing the tractability of rely/guarantee specifications in the development of interfering operations. In: Plotkin, G., Stirling, C., Toft, M., (eds.), Proof, Language and Interaction, chapter 10, pp. 277–307. MIT (2000).

    Google Scholar 

  12. Coleman, J.W., Jones, C.B.: A structural proof of the soundness of rely/guarantee rules. J. Logic Comput. 17(4), 807–841 (2007).

    Article  MATH  MathSciNet  Google Scholar 

  13. Coleman, J.W.: Constructing a Tractable Reasoning Framework upon a Fine-Grained Structural Operational Semantics. PhD thesis, Newcastle University (January 2008).

    Google Scholar 

  14. Dijkstra, E.W.: Go to statement considered harmful. Commun. ACM 11(3), 147–148 (1968).

    Article  MathSciNet  Google Scholar 

  15. Dijkstra, E.W.: A Discipline of Programming. Prentice-Hall, Englewood Cliffs, NJ, USA (1976).

    MATH  Google Scholar 

  16. Dijkstra, E.W., Scholten, C.S.: Predicate Calculus and Program Semantics. Springer, New York, NY, USA (1990). ISBN 0-387-96957-8, 3-540-96957-8.

    Book  MATH  Google Scholar 

  17. Floyd, R.W.: Assigning meanings to programs. In: Proc. Symp. in Applied Mathematics, vol. 19: Mathematical Aspects of Computer Science, pp. 19–32. American Mathematical Society (1967).

    Book  Google Scholar 

  18. Hayes, I., (ed.), Specification Case Studies, 2nd edn. Prentice Hall International, Englewood Cliffs, NJ, USA (1993).

    MATH  Google Scholar 

  19. Henderson, N.: Formal Modelling and Analysis of an Asynchronous Communication Mechanism. PhD thesis, University of Newcastle upon Tyne (2004).

    Google Scholar 

  20. Hoare, C.A.R., Hayes, I.J., He, J., Morgan, C., Roscoe, A.W., Sanders, J.W., Sørensen, I.H., Spivey, J.M., Sufrin, B.A.: The laws of programming. Commun. ACM 30, 672–687 (1987). See Corrigenda in ibid 30:770.

    Google Scholar 

  21. Hoare, C.A.R., Jones, C. B.: Essays in Computing Science. Prentice Hall International, Hemel Hempstead, UK (1989).

    MATH  Google Scholar 

  22. Hoare, C.A.R.: An axiomatic basis for computer programming. Commun. ACM 12 (10) 576–580, 583 (October 1969).

    Google Scholar 

  23. Hoare, C.A.R.: Proof of a program: FIND. Commun. ACM 14, 39–45 (January 1971).

    Article  MATH  MathSciNet  Google Scholar 

  24. Hoare, C.A.R.: Proof of correctness of data representations. Acta Inform. 1 271–281 (1972).

    Article  MATH  Google Scholar 

  25. Hoare, C.A.R.: Parallel programming: An axiomatic approach. Comput. Lang., 1(2) 151–160 (June 1975).

    Article  MATH  MathSciNet  Google Scholar 

  26. Hoare, C.A.R.: Communicating sequential processes. Commun. ACM 21, 666–677 (August 1978).

    Article  MATH  Google Scholar 

  27. Hoare, C.A.R.: Communicating Sequential Processes. Prentice-Hall, Hemel Hempstead, UK (1985).

    MATH  Google Scholar 

  28. Isthiaq, S., O’Hearn, P.W.: BI as an assertion language for mutable data structures. In: 28th POPL, pp. 36–49 (2001).

    Google Scholar 

  29. Jones, C.B., Lomet, D., Romanovsky, A., Weikum, G.: The atomic manifesto. J. Universal Comput. Sci. 11(5), 636–650 (2005).

    Google Scholar 

  30. Jones, C.B.: A technique for showing that two functions preserve a relation between their domains. Technical Report LR 25.3.067, IBM Laboratory, Vienna (April 1970).

    Google Scholar 

  31. Jones, C.B.: Formal development of correct algorithms: an example based on Earley’s recogniser. In: SIGPLAN Notices, vol. 7, Number 1, pp. 150–169. ACM (January 1972).

    Google Scholar 

  32. Jones, C.B.: Operations and formal development. Technical Report TN 9004, IBM Laboratory, Hursley (September 1972).

    Google Scholar 

  33. Jones, C.B.: Implementation bias in constructive specification of abstract objects typescript (September 1977).

    Google Scholar 

  34. Jones, C.B.: Software Development: A Rigorous Approach. Prentice Hall International, Englewood Cliffs, NJ, USA (1980).

    MATH  Google Scholar 

  35. Jones, C.B.: Development Methods for Computer Programs including a Notion of Interference. PhD thesis, Oxford University, June 1981. Printed as: Programming Research Group, Technical Monograph 25.

    Google Scholar 

  36. Jones, C.B.: Computer-aided formal reasoning for software design, March 1989. talk at: TAPSOFT’89, Barcelona.

    Google Scholar 

  37. Jones, C.B.: Systematic Software Development Using VDM 2nd edn., Prentice Hall International, (1990).

    Google Scholar 

  38. Jones, C.B.: Accommodating interference in the formal design of concurrent object-based programs. Formal Methods System Design 8(2), 105–122 (March 1996).

    Article  Google Scholar 

  39. Jones, C.B.: The early search for tractable ways of reasoning about programs. IEEE, Ann. History Comput. 25(2), 26–49 (2003).

    Google Scholar 

  40. Jones, C.B.: Splitting atoms safely. Theoret. Comput. Sci. 357, 109–119 (2007).

    Article  Google Scholar 

  41. Jones, C.B.: Annotated bibliography on rely/guarantee conditions (Oct 2009). http://homepages.cs.ncl.ac.uk/cliff.jones/ftp-stuff/rg-hist.pdf.

    Google Scholar 

  42. Jones, C.B., Pierce, K.G.: Splitting atoms with rely/guarantee conditions coupled with data reification. In: ABZ2008, vol. LNCS 5238, pp. 360–377 (2008).

    Google Scholar 

  43. Jones, C.B., Pierce, K.G.: Elucidating concurrent algorithms via layers of abstraction and reification. Technical Report CS-TR-1166, School of Computing Science, Newcastle University (2009).

    Google Scholar 

  44. King, J.C.: A Program Verifier. PhD thesis, Department of Computer Science Carnegie-Mellon University (1969).

    Google Scholar 

  45. Lucas, P.: Two constructive realizations of the block concept and their equivalence. Technical Report TR 25.085, IBM Laboratory Vienna (June 1968).

    Google Scholar 

  46. Milner, R.: An algebraic definition of simulation between programs. Technical Report CS-205, Computer Science Dept, Stanford University (February 1971).

    Google Scholar 

  47. Nipkow, T.: Non-deterministic data types: Models and implementations. Acta Inform. 22, 629–661 (1986).

    Article  MATH  MathSciNet  Google Scholar 

  48. Nipkow, T.: Behavioural Implementation Concepts for Nondeterministic Data Types. PhD thesis, University of Manchester (May 1987).

    Google Scholar 

  49. O’Hearn, P.W.: Resources, concurrency and local reasoning. Theoret. Comput. Science (Reynolds Festschrift) 375 (1–3), 271–307 (May 2007). Preliminary version appeared in CONCUR’04, LNCS 3170, 49–67.

    Google Scholar 

  50. Owicki, S.: Axiomatic Proof Techniques for Parallel Programs. PhD thesis, Department of Computer Science, Cornell University (1975).

    Google Scholar 

  51. O’Hearn, P.W., Yang, H., Reynolds, J. C.: Separation and information hiding. ACM TOPLAS 31 (3) (April 2009). Preliminary version appeared in 31st POPL, pp. 268–280 (2004).

    Google Scholar 

  52. Parkinson, M., Bierman, G.: Separation logic and abstraction. In: POPL ’05: Proceedings of the 32nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 247–258, New York, NY, USA (2005). ACM.

    Google Scholar 

  53. Ken Pierce: Enhancing the Usability of Rely-Guaranteee Conditions for Atomicity Refinement. PhD thesis, University of Newcastle upon Tyne. (2009).

    Google Scholar 

  54. Prensa Nieto, L.: Verification of Parallel Programs with the Owicki-Gries and Rely-Guarantee Methods in Isabelle/HOL. PhD thesis, Institut für Informatic der Technischen Universitaet München (2001).

    Google Scholar 

  55. Reynolds, J.C.: Intuitionistic reasoning about shared mutable data structure. In: Davies, J. Roscoe, B. and Woodcock, J. (eds.) Millennial Perspectives in Computer Science, pp. 303–321, Palgrave, Houndsmill, Hampshire (2000).

    Google Scholar 

  56. Reynolds, J.C.: Separation logic: A logic for shared mutable data structures. In: Proceedings of 17th LICS, pp. 55–74. IEEE (2002).

    Google Scholar 

  57. Simpson, H.R.: New algorithms for asynchronous communication. IEE, Proc. of Comput. Digital Technol. 144 (4), 227–231 (1997).

    Google Scholar 

  58. Stirling, C.: A compositional reformulation of Owicki-Gries’ partial correctness logic for a concurrent while language. In: ICALP’86. Springer (1986). LNCS 226.

    Google Scholar 

  59. Stølen, K.: Development of Parallel Programs on Shared Data-Structures. PhD thesis, Manchester University (1990). Available as UMCS-91-1-1.

    Google Scholar 

Download references

Acknowledgements

I have had the pleasure of knowing Tony Hoare since the 1960s and my DPhilresearch was done under his supervision in 1979–1981. The process of editing“Essays” [21] enhanced our collaboration after I left Oxford. As was said(repeatedly) at the Cambridge meeting in April, 2009 Tony has inspired andsupported many of us over decades.

This paper was not actually presented at the Cambridge meeting to markTony’s birthday because Bill Roscoe and I had held ours as “makeweights” in caseany speakers could not get there. The material was actually presented at the PSYworkshop at CAV Grenoble (June 2009).

I am grateful for comments on drafts of this paper from Joey Coleman, LinasLaibinis, Thai Son Hoang and Bill Roscoe; and to my ever-patient proof readerMs. Allison. This is also a nice opportunity to give belated thanks to SchloßDagstuhl for (among other pleasurable visits) the two on “Atomicty”. The staff inDagstuhl, the environment and the stimulating participants always make tripsthere rewarding and refreshing.

My research is currently funded by the EU “Deploy” project, the (UK) EPSRC “TrAmS” platform grant and the ARC project (that brings together Ian Hayes, Keith Clark, Alan Burns and myself) “Time Bands for Teleo-Reactive Programs”.

Author information

Authors and Affiliations

  1. School of Computing Science, Newcastle University, Newcastle, UK

    C. B. Jones

Authors
  1. C. B. Jones
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to C. B. Jones .

Editor information

Editors and Affiliations

  1. Oxford University Computing Laboratory, Parks Road, Oxford, OX13QD, United Kingdom

    A.W. Roscoe

  2. Dept. Computing Science, University of Newcastle upon Tyne, Newcastle upon Tyne, NE17RU, United Kingdom

    Cliff B. Jones

  3. Microsoft Research Ltd., J. J. Thomson Avenue 7, Cambridge, CB30FB, United Kingdom

    Kenneth R. Wood

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer London

About this chapter

Cite this chapter

Jones, C.B. (2010). The Role of Auxiliary Variables in the Formal Development of Concurrent Programs. In: Roscoe, A., Jones, C., Wood, K. (eds) Reflections on the Work of C.A.R. Hoare. Springer, London. https://doi.org/10.1007/978-1-84882-912-1_8

Download citation

  • DOI: https://doi.org/10.1007/978-1-84882-912-1_8

  • Published:

  • Publisher Name: Springer, London

  • Print ISBN: 978-1-84882-911-4

  • Online ISBN: 978-1-84882-912-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics