Local Verification of Global Invariants in Concurrent Programs

Cohen, Ernie; Moskal, Michał; Schulte, Wolfram; Tobies, Stephan

doi:10.1007/978-3-642-14295-6_42

Cited by 50 publications

(37 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…A different approach for modular verification of object invariants in concurrent programs is proposed by Cohen [6], implemented in VCC [5]. Each object is assigned a two-state invariant expressing the required relation between any two consecutive states of execution that has to be respected by every state update in the program.…”

Section: Related Workmentioning

confidence: 99%

Verifying Class Invariants in Concurrent Programs

Zaharieva-Stojanovski

Huisman

2014

Fundamental Approaches to Software Engineering

View full text Add to dashboard Cite

Abstract. Class invariants are a highly useful feature for the verification of object-oriented programs, because they can be used to capture all valid object states. In a sequential program setting, the validity of class invariants is typically described in terms of a visible state semantics, i.e., invariants only have to hold whenever a method begins or ends execution, and they may be broken inside a method body. However, in a concurrent setting, this restriction is no longer usable, because due to thread interleavings, any program state is potentially a visible state.In this paper we present a new approach for reasoning about class invariants in multithreaded programs. We allow a thread to explicitly break an invariant at specific program locations, while ensuring that no other thread can observe the broken invariant. We develop our technique in a permission-based separation logic environment. However, we deviate from separation logic's standard rules and allow a class invariant to express properties over shared memory locations (the invariant footprint), independently of the permissions on these locations. In this way, a thread may break or reestablish an invariant without holding permissions to all locations in its footprint. To enable modular verification, we adopt the restrictions of Müller's ownership-based type system.

show abstract

Section: Related Workmentioning

confidence: 99%

Verifying Class Invariants in Concurrent Programs

Zaharieva-Stojanovski

Huisman

2014

Fundamental Approaches to Software Engineering

View full text Add to dashboard Cite

show abstract

“…For concurrent programs, the inv/own discipline has been generalized by Locally Checked Invariants [24] which is implemented in the VCC tool [23]. In this case, ownership is complemented by non-hierarchical dependencies which are tracked in ghost state called "claims", generalizing the friendship discipline.…”

Section: Related Workmentioning

confidence: 99%

“…The original discipline is a core feature of the Spec# program verifier 1 for sequential C# programs [12] and our adaptations would not be difficult to implement. The original discipline has been adapted to concurrency and implemented as the core discipline for the VCC program verifier for multithreaded C programs [24].…”

Section: Introductionmentioning

confidence: 99%

State Based Encapsulation for Modular Reasoning about Behavior-Preserving Refactorings

Banerjee

Naumann

2013

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. A properly encapsulated data representation can be revised for refactoring or other purposes without affecting the correctness of client programs and extensions of a class. But encapsulation is difficult to achieve in object-oriented programs owing to heap based structures and reentrant callbacks. This chapter shows that it is achieved by a discipline using assertions and auxiliary fields to manage invariants and transferrable ownership. The main result is representation independence: a rule for modular proof of equivalence of class implementations.

show abstract

“…3 Tool Overview: VCC and Isabelle/HOL VCC [6,7,15] is an assertional, first-order deductive code verifier for full C code. To overcome the restrictions of first-order reasoning, ghost state and code are used, e.g., to maintain inductively defined information.…”

Section: Theoremmentioning

confidence: 99%

“…Specifying sums without using recursive functions is, however, a bit intricate. 7 Given a sum i<N expr(i), the usual trick is to define a (finite)…”

Section: Checkermentioning

confidence: 99%

Verification of Certifying Computations

Alkassar

Böhme

Mehlhorn

et al. 2011

Computer Aided Verification

View full text Add to dashboard Cite

Abstract. Formal verification of complex algorithms is challenging. Verifying their implementations goes beyond the state of the art of current verification tools and proving their correctness usually involves non-trivial mathematical theorems. Certifying algorithms compute in addition to each output a witness certifying that the output is correct. A checker for such a witness is usually much simpler than the original algorithm -yet it is all the user has to trust. Verification of checkers is feasible with current tools and leads to computations that can be completely trusted. In this paper we develop a framework to seamlessly verify certifying computations. The automatic verifier VCC is used for checking code correctness, and the interactive theorem prover Isabelle/HOL targets high-level mathematical properties of algorithms. We demonstrate the effectiveness of our approach by applying it to the verification of the algorithmic library LEDA.

show abstract

Local Verification of Global Invariants in Concurrent Programs

Cited by 50 publications

References 17 publications

Verifying Class Invariants in Concurrent Programs

Verifying Class Invariants in Concurrent Programs

State Based Encapsulation for Modular Reasoning about Behavior-Preserving Refactorings

Verification of Certifying Computations

Contact Info

Product

Resources

About