research-article

A rely-guarantee-based simulation for verifying concurrent program transformations

Authors:
Hongjin Liang

University of Science and Technology of China, Hefei, China

University of Science and Technology of China, Hefei, China
View Profile

,
Xinyu Feng

University of Science and Technology of China, Hefei, China

University of Science and Technology of China, Hefei, China
View Profile

,
Ming Fu

University of Science and Technology of China, Hefei, China

University of Science and Technology of China, Hefei, China
View Profile

POPL '12: Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languagesJanuary 2012Pages 455–468https://doi.org/10.1145/2103656.2103711

Published:25 January 2012Publication History

POPL '12: Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages

Pages 455–468

ABSTRACT

Verifying program transformations usually requires proving that the resulting program (the target) refines or is equivalent to the original one (the source). However, the refinement relation between individual sequential threads cannot be preserved in general with the presence of parallel compositions, due to instruction reordering and the different granularities of atomic operations at the source and the target. On the other hand, the refinement relation defined based on fully abstract semantics of concurrent programs assumes arbitrary parallel environments, which is too strong and cannot be satisfied by many well-known transformations. In this paper, we propose a Rely-Guarantee-based Simulation (RGSim) to verify concurrent program transformations. The relation is parametrized with constraints of the environments that the source and the target programs may compose with. It considers the interference between threads and their environments, thus is less permissive than relations over sequential programs. It is compositional w.r.t. parallel compositions as long as the constraints are satisfied. Also, RGSim does not require semantics preservation under all environments, and can incorporate the assumptions about environments made by specific program transformations in the form of rely/guarantee conditions. We use RGSim to reason about optimizations and prove atomicity of concurrent objects. We also propose a general garbage collector verification framework based on RGSim, and verify the Boehm et al. concurrent mark-sweep GC.

Supplemental Material

popl_7a_3.mp4

mp4

140.8 MB

Download

References

M. Abadi and G. Plotkin. A model of cooperative threads. In Proc. 36th ACM Symp. on Principles of Prog. Lang. (POPL'09), pages 29--40. ACM Press, January 2009. Google ScholarDigital Library
K. Barabash, O. Ben-Yitzhak, I. Goft, E. K. Kolodner, V. Leikehman, Y. Ossia, A. Owshanko, and E. Petrank. A parallel, incremental, mostly concurrent garbage collector for servers. ACM Trans. Program. Lang. Syst., 27 (6): 1097--1146, 2005. Google ScholarDigital Library
N. Benton. Simple relational correctness proofs for static analyses and program transformations. In Proc. 31th ACM Symp. on Principles of Prog. Lang. (POPL'04), pages 14--25. ACM Press, January 2004. Google ScholarDigital Library
N. Benton and C.-K. Hur. Biorthogonality, step-indexing and compiler correctness. In Proc. 14th ACM Int'l Conf. on Functional Prog. (ICFP'09), pages 97--108. ACM Press, September 2009. Google ScholarDigital Library
H.-J. Boehm. Threads cannot be implemented as a library. In Proc. 2005 ACM Conf. on Prog. Lang. Design and Impl. (PLDI'05), pages 261--268. ACM Press, June 2005. Google ScholarDigital Library
H.-J. Boehm and S. V. Adve. Foundations of the C+ concurrency memory model. In Proc. 2008 ACM Conf. on Prog. Lang. Design and Impl. (PLDI'08), pages 68--78. ACM Press, June 2008. Google ScholarDigital Library
H.-J. Boehm, A. J. Demers, and S. Shenker. Mostly parallel garbage collection. In Proc. 1991 ACM Conf. on Prog. Lang. Design and Impl. (PLDI'91), pages 157--164. ACM Press, June 1991. Google ScholarDigital Library
S. D. Brookes. Full abstraction for a shared-variable parallel language. Inf. Comput., 127 (2): 145--163, 1996.Google ScholarCross Ref
S. Burckhardt, M. Musuvathi, and V. Singh. Verifying local transformations on relaxed memory models. In Proc. 19th Int'l Conf. on Compiler Construction (CC'10), volume 6011 of Lecture Notes in Computer Science, pages 104--123. Springer, March 2010. Google ScholarDigital Library
Coq Development Team. The Coq proof assistant reference manual. The Coq release v8.3, October 2010.Google Scholar
D. Dice, O. Shalev, and N. Shavit. Transactional locking II. In Proc. 20th Int'l Symp. on Distributed Computing (DISC'06), volume 4167 of Lecture Notes in Computer Science, pages 194--208. Springer, September 2006. Google ScholarDigital Library
T. Elmas, S. Qadeer, A. Sezgin, O. Subasi, and S. Tasiran. Simplifying linearizability proofs with reduction and abstraction. In Proc. 16th Int'l Conf. on Tools and Algorithms for the Construction and Analysis of Systems (TACAS'10), volume 6015 of Lecture Notes in Computer Science, pages 296--311. Springer, March 2010. Google ScholarDigital Library
I. Filipović, P. O'Hearn, N. Rinetzky, and H. Yang. Abstraction for concurrent objects. In Proc. 18th European Symp. on Prog. (ESOP'09), volume 5502 of Lecture Notes in Computer Science, pages 252--266. Springer, March 2009. Google ScholarDigital Library
D. S. Gladstein and M. Wand. Compiler correctness for concurrent languages. In Proc. 1st Int'l Conf. on Coordination Languages and Models (COORDINATION'96), volume 1061 of Lecture Notes in Computer Science, pages 231--248. Springer, April 1996. Google ScholarDigital Library
M. Herlihy and N. Shavit. The Art of Multiprocessor Programming. Morgan Kaufmann, April 2008. Google ScholarDigital Library
C.-K. Hur and D. Dreyer. A Kripke logical relation between ML and assembly. In Proc. 38th ACM Symp. on Principles of Prog. Lang. (POPL'11), pages 133--146. ACM Press, January 2011. Google ScholarDigital Library
C. B. Jones. Tentative steps toward a development method for interfering programs. ACM Trans. Program. Lang. Syst., 5 (4): 596--619, 1983. Google ScholarDigital Library
K. Kapoor, K. Lodaya, and U. Reddy. Fine-grained concurrency with separation logic. J. Philosophical Logic, 40 (5): 583--632, 2011.Google ScholarCross Ref
X. Leroy. A formally verified compiler back-end. J. Autom. Reason., 43 (4): 363--446, December 2009. Google ScholarDigital Library
H. Liang, X. Feng, and M. Fu. A rely-guarantee-based simulation for verifying concurrent program transformations. Technical report (with Coq implementation), University of Science and Technology of China, October 2011. http://kyhcs.ustcsz.edu.cn/relconcur/rgsim.Google Scholar
A. Lochbihler. Verifying a compiler for java threads. In Proc. 20th European Symp. on Prog. (ESOP'10), volume 6012 of Lecture Notes in Computer Science, pages 427--447. Springer, March 2010. Google ScholarDigital Library
A. McCreight, Z. Shao, C. Lin, and L. Li. A general framework for certifying garbage collectors and their mutators. In Proc. 2007 ACM Conf. on Prog. Lang. Design and Impl. (PLDI'07), pages 468--479. ACM Press, June 2007. Google ScholarDigital Library
M. Parkinson, R. Bornat, and C. Calcagno. Variables as resource in Hoare logics. In Proc. 21th IEEE Symp. on Logic In Computer Science (LICS'06), pages 137--146. IEEE Computer Society, August 2006. Google ScholarDigital Library
D. Pavlovic, P. Pepper, and D. R. Smith. Formal derivation of concurrent garbage collectors. In Proc. 10th Int'l Conf. on Mathematics of Program Construction (MPC'10), volume 6120 of Lecture Notes in Computer Science, pages 353--376. Springer, June 2010. Google ScholarDigital Library
J. Sevcík, V. Vafeiadis, F. Z. Nardelli, S. Jagannathan, and P. Sewell. Relaxed-memory concurrency and verified compilation. In Proc. 38th ACM Symp. on Principles of Prog. Lang. (POPL'11), pages 43--54. ACM Press, January 2011. Google ScholarDigital Library
R. K. Treiber. System programming: coping with parallelism. Technical Report RJ 5118, IBM Almaden Research Center, 1986.Google Scholar
A. Turon and M. Wand. A separation logic for refining concurrent objects. In Proc. 38th ACM Symp. on Principles of Prog. Lang. (POPL'11), pages 247--258. ACM Press, January 2011. Google ScholarDigital Library
V. Vafeiadis. Modular fine-grained concurrency verification. Technical Report UCAM-CL-TR-726, University of Cambridge, Computer Laboratory, July 2008.Google Scholar
V. Vafeiadis and M. J. Parkinson. A marriage of rely/guarantee and separation logic. In Proc. 18th Int'l Conf. on Concurrency Theory (CONCUR'07), volume 4703, pages 256--271. Springer, 2007. Google ScholarDigital Library
M. T. Vechev, E. Yahav, and D. F. Bacon. Correctness-preserving derivation of concurrent garbage collection algorithms. In Proc. 2006 ACM Conf. on Prog. Lang. Design and Impl. (PLDI'06), pages 341--353. ACM Press, June 2006. Google ScholarDigital Library
M. Wand. Compiler correctness for parallel languages. In Proc. Conf. on Functional Prog. Lang. and Computer Architecture (FPCA'95), pages 120--134. ACM Press, June 1995. Google ScholarDigital Library
H. Yang. Relational separation logic. Theoretical Computer Science, 375 (1--3): 308--334, 2007. Google ScholarDigital Library

Index Terms

A rely-guarantee-based simulation for verifying concurrent program transformations
1. Software and its engineering
  1. Software creation and management
    1. Software verification and validation
      1. Formal software verification
  2. Software organization and properties
    1. Software functional properties
      1. Correctness
      2. Formal methods
2. Theory of computation
  1. Logic
    1. Proof theory
  2. Semantics and reasoning
    1. Program reasoning

Recommendations

Rely-Guarantee-Based Simulation for Compositional Verification of Concurrent Program Transformations

Verifying program transformations usually requires proving that the resulting program (the target) refines or is equivalent to the original one (the source). However, the refinement relation between individual sequential threads cannot be preserved in ...
Read More
Compositional verification of termination-preserving refinement of concurrent programs
CSL-LICS '14: Proceedings of the Joint Meeting of the Twenty-Third EACSL Annual Conference on Computer Science Logic (CSL) and the Twenty-Ninth Annual ACM/IEEE Symposium on Logic in Computer Science (LICS)

Many verification problems can be reduced to refinement verification. However, existing work on verifying refinement of concurrent programs either fails to prove the preservation of termination, allowing a diverging program to trivially refine any ...
Read More
A program logic for concurrent objects under fair scheduling
POPL '16: Proceedings of the 43rd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages

Existing work on verifying concurrent objects is mostly concerned with safety only, e.g., partial correctness or linearizability. Although there has been recent work verifying lock-freedom of non-blocking objects, much less efforts are focused on ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
POPL '12: Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
January 2012
602 pages
ISBN:9781450310833
DOI:10.1145/2103656
General Chair:
John Field
Google, USA
,
Program Chair:
Michael Hicks
University of Maryland, College Park, USA
ACM SIGPLAN Notices Volume 47, Issue 1
POPL '12
January 2012
569 pages
ISSN:0362-1340
EISSN:1558-1160
DOI:10.1145/2103621
Issue’s Table of Contents
Copyright © 2012 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 25 January 2012
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
concurrency
program transformation
rely-guarantee reasoning
simulation
Qualifiers
- research-article
Conference

Acceptance Rates
Overall Acceptance Rate824of4,130submissions,20%
Upcoming Conference
POPL '25

Sponsor:

sigplan

The 52nd Annual ACM SIGPLAN Symposium on Principles of Programming Languages

January 19 - 25, 2025

Denver , CO , USA
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 54
  Total Citations
  View Citations
- 671
  Total Downloads
- Downloads (Last 12 months)33
- Downloads (Last 6 weeks)1
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

A rely-guarantee-based simulation for verifying concurrent program transformations

POPL '12: Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages

ABSTRACT

Supplemental Material

References

Cited By

Index Terms

Recommendations

Rely-Guarantee-Based Simulation for Compositional Verification of Concurrent Program Transformations

Compositional verification of termination-preserving refinement of concurrent programs

A program logic for concurrent objects under fair scheduling