Deadlock-Free Monitors

Hamin, Jafar; Jacobs, Bart

doi:10.1007/978-3-319-89884-1_15

Cited by 12 publications

(19 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Hamin et al [6,7,9] introduced a modular approach for verifying absence of deadlock in programs synchronized using condition variables (CVs), where executing a command wait(v, l) on a CV v, which is associated with a lock l, releases l and suspends the running thread, and executing commands notify (v) or notifyAll (v) wake up one or all thread(s) waiting for CV v at which point they will try to reacquire l. This approach ensures absence of deadlock by making sure that for any CV v for which a thread is waiting there is a thread obliged to fulfill an obligation for v which only waits for waitable objects whose levels are lower than the level of v. In this approach when a thread acquires a lock l, the total number of waiting threads, and the total number of obligations of any CV v associated with l, denoted by Wt (v) and Ot(v) respectively, can be mentioned in the proof of that thread. Wt and Ot are actually two bags 4 which keep track of the total number of the waiting threads and the total number of the obligations of the condition variables associated with a lock, respectively.…”

Section: Deadlock-free Monitorsmentioning

confidence: 99%

“…To verify deadlock-freedom of the program shown in Figure 1 it is necessary to transfer an obligation of v from the thread running leave to the thread whose ticket number equals to the new value of active, if there exists such a thread. However, it is impossible to verify deadlock-freedom of this program using the proof system introduced by Hamin et al [6,9] due to the following reasons: 1) this approach does not allow obligations to be transferred through broadcasts, because it is not clear which of the waiting threads should receive the transferred obligations, and 2) (even if such a transfer is possible) this approach allows obligations to be transferred through notifications only if there is a thread waiting for that condition variable (0 < Wt(v)), because it ensures that a thread will immediately receive the transferred obligations. Note that in this program there might be a situation where the thread whose ticket number equals the new value of active is not waiting for v but has been already awoken (by a broadcast issued beforehand) and is waiting to reacquire the lock associated with v.…”

Section: Publishable Obligationsmentioning

confidence: 99%

“…Recently, Hamin et al [6,7] introduced a modular approach to verify absence of deadlock in monitors. This approach ensures that in any state of the execution there is a thread running, not waiting for a lock or condition variable, until the program terminates.…”

Section: Introductionmentioning

confidence: 99%

“…This information must ensure the awoken threads that they are approaching the front of the waiting queue (for example, in Figure 1 this information implies that the now serving ticket number has been increased ). Although the approach presented in [6] allows permissions to be transferred through notifyAll, it considers permissions as linear resources, which cannot be in possession of more than one thread at the same time. Consequently, in that approach a notifying thread can transfer a permission p to n number of waiting threads only if it owns n instances of p. Fig.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Starvation-Free Monitors

Hamin

2019

Theoretical Aspects of Computing – ICTAC 2019

Self Cite

View full text Add to dashboard Cite

Monitors are a synchronization construct which allows to keep a thread waiting until a specific resource for that thread is available. One potential problem with these constructs is starvation; a situation where a thread, competing for a resource, infinitely waits for that resource because other threads, that started competing for that resource later, get it earlier infinitely often. In this paper a modular approach to verify starvation-freedom of monitors is presented, ensuring that each time that a resource is released and its associated condition variable is notified each waiting thread approaches the front of the waiting queue; more specifically, the loop in which the wait command is executed (that checks the waiting condition) has a loop variant. To this end, we introduce notions of publishable resources and publishable obligations, which are published from the thread notifying a condition variable to all of the threads waiting for that condition variable. The publishable resources ensure the waiting threads that they are approaching the front of the waiting queue, by allowing to define an appropriate loop variant for the related loop. The publishable obligations ensure that for any thread waiting for a condition variable v there is another thread obliged to notify v, which only waits for waitable objects whose levels, some arbitrary numbers associated with each waitable object, are lower than the level of v (preventing circular dependencies). We encoded the proposed separation logic-based proof rules in the VeriFast program verifier and succeeded in verifying deadlock-freedom and starvation-freedom of two monitors, having no scheduling policy, which implement two common queue locking algorithms, namely ticket lock and CLH lock.

show abstract

Section: Deadlock-free Monitorsmentioning

confidence: 99%

Section: Publishable Obligationsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Starvation-Free Monitors

Hamin

2019

Theoretical Aspects of Computing – ICTAC 2019

Self Cite

View full text Add to dashboard Cite

show abstract

“…We start by introducing the programming language in Section 2 and continue in Section 3 with presenting the separation logic and so-called obligations and credits [3,4,11,12], which we use to reason about termination of busywaiting. In Section 4 we present our verification approach in the form of a set of proof rules and illustrate their application.…”

Section: Introductionmentioning

confidence: 99%

A separation logic to verify termination of busy-waiting for abrupt program exit

Reinhard

Timany

Jacobs

2020

Proceedings of the 22nd ACM SIGPLAN International Workshop on Formal Techniques for Java-Like Programs

Self Cite

View full text Add to dashboard Cite

Programs for multiprocessor machines commonly perform busy-waiting for synchronisation. In this paper, we make a first step towards proving termination of such programs. We approximate (i) arbitrary waitable events by abrupt program termination and (ii) busy-waiting for events by busy-waiting to be abruptly terminated. We propose a separation logic for modularly verifying termination (under fair scheduling) of programs where some threads eventually abruptly terminate the program, and other threads busy-wait for this to happen.

show abstract

Deadlock Analysis of Wait-Notify Coordination

Laneve

Padovani

2019

The Art of Modelling Computational Systems: A Journey From Logic and Concurrency to Security and Privacy

View full text Add to dashboard Cite

Deadlock analysis of concurrent programs that contain coordination primitives (wait, notify and notifyAll) is notoriously challenging. Not only these primitives affect the scheduling of processes, but also notifications unmatched by a corresponding wait are silently lost. We design a behavioral type system for a core calculus featuring shared objects and Java-like coordination primitives. The type system is based on a simple language of object protocols -called usages -to determine whether objects are used reliably, so as to guarantee deadlock freedom.

show abstract

Deadlock-Free Monitors

Cited by 12 publications

References 21 publications

Starvation-Free Monitors

Starvation-Free Monitors

A separation logic to verify termination of busy-waiting for abrupt program exit

Deadlock Analysis of Wait-Notify Coordination

Contact Info

Product

Resources

About