Monitors constitute one of the common techniques to synchronize threads in multithreaded programs, where calling a wait command on a condition variable suspends the caller thread and notifying a condition variable causes the threads waiting for that condition variable to resume their execution. One potential problem with these programs is that a waiting thread might be suspended forever leading to deadlock, a state where each thread of the program is waiting for a condition variable or a lock. In this paper, a modular verification approach for deadlockfreedom of such programs is presented, ensuring that in any state of the execution of the program if there are some threads suspended then there exists at least one thread running. The main idea behind this approach is to make sure that for any condition variable v for which a thread is waiting there exists a thread obliged to fulfil an obligation for v that only waits for a waitable object whose wait level, an arbitrary number associated with each waitable object, is less than the wait level of v. The relaxed precedence relation introduced in this paper, aiming to avoid cycles, can also benefit some other verification approaches, verifying deadlock-freedom of other synchronization constructs such as channels and semaphores, enabling them to accept a wider range of deadlock-free programs. We encoded the proposed proof rules in the VeriFast program verifier and by defining some appropriate invariants for the locks associated with some condition variables succeeded in verifying some popular use cases of monitors including unbounded/bounded buffer, sleeping barber, barrier, and readers-writers locks. A soundness proof for the presented approach is provided; some of the trickiest lemmas in this proof have been machine-checked with Coq.
Monitors are a synchronization construct which allows to keep a thread waiting until a specific resource for that thread is available. One potential problem with these constructs is starvation; a situation where a thread, competing for a resource, infinitely waits for that resource because other threads, that started competing for that resource later, get it earlier infinitely often. In this paper a modular approach to verify starvation-freedom of monitors is presented, ensuring that each time that a resource is released and its associated condition variable is notified each waiting thread approaches the front of the waiting queue; more specifically, the loop in which the wait command is executed (that checks the waiting condition) has a loop variant. To this end, we introduce notions of publishable resources and publishable obligations, which are published from the thread notifying a condition variable to all of the threads waiting for that condition variable. The publishable resources ensure the waiting threads that they are approaching the front of the waiting queue, by allowing to define an appropriate loop variant for the related loop. The publishable obligations ensure that for any thread waiting for a condition variable v there is another thread obliged to notify v, which only waits for waitable objects whose levels, some arbitrary numbers associated with each waitable object, are lower than the level of v (preventing circular dependencies). We encoded the proposed separation logic-based proof rules in the VeriFast program verifier and succeeded in verifying deadlock-freedom and starvation-freedom of two monitors, having no scheduling policy, which implement two common queue locking algorithms, namely ticket lock and CLH lock.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.