Permission-Based Separation Logic for Message-Passing Concurrency

Francalanza, Adrian; Rathke, Julian; Sassone, Vladimiro

doi:10.2168/lmcs-7(3:7)2011

Cited by 9 publications

(14 citation statements)

References 41 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Francalanza, Rathke and Sassone [14] introduced a separation logic for a process algebra close to CCS. Their separation logic ensures that provable processes are confluent, due to a form of linearity in the usage of channels.…”

Section: Confluence and Completenessmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

“…However, imposing that endpoints are used linearly reduces the scope of these techniques, as many useful paradigms require some form of endpoint sharing between processes. Moreover, this restriction enforces some form of determinism on programs, which excludes the encoding of standard synchronisation primitives such as locks and semaphores [14].This work presents a program logic for message-passing programs that may share channel endpoints, while giving meaningful protocols to their interactions. The program logic achieves two goals: on the one hand, checking that the exchange of messages on the channels used by programs obeys protocols defined by channel contracts, a particular representation of protocols as communicating finite state machines; on the other hand, ensuring the absence of data races and resource leakage.…”

mentioning

confidence: 99%

See 2 more Smart Citations

Shared contract-obedient channels

Lozes

Villard

2015

Science of Computer Programming

View full text Add to dashboard Cite

Recent advances in the formal verification of message-passing programs are based on proving that programs correctly implement a given protocol. Many existing verification techniques for message-passing programs assume that at most one thread may attempt to send or receive on a channel endpoint at any given point in time, and expressly forbid endpoint sharing. Approaches that do allow such sharing often do not prove that channels obey their protocols. In this paper, we identify two principles that can guarantee obedience to a communication protocol even in the presence of endpoint sharing. Firstly, threads may concurrently use an endpoint in any way that does not advance the state of the protocol. Secondly, threads may compete for receiving on an endpoint provided that the successful reception of the message grants them ownership of that endpoint retrospectively. We develop a program logic based on separation logic that unifies these principles and allows fine-grained reasoning about endpoint-sharing programs. We demonstrate its applicability on a number of examples. The program logic is shown sound against an operational semantics of programs, and proved programs are guaranteed to follow the given protocols and to be free of data races, memory leaks, and communication errors. © 2014 Published by Elsevier B.V. IntroductionMessage-passing idioms appear everywhere in today's software: from the Message Passing Interface (MPI) used in highperformance computing, to the inter-process communication layer in Android apps, and to Web services. As for other forms of concurrency, naively checking the correctness of a message-passing system is severely impaired by the combinatorial explosion of the number of possible interactions between the components of the system. One way to tackle this issue is to develop formal verification techniques for message-passing programs, such that reasoning about a system is tantamount to reasoning about each component in isolation. A promising avenue in this respect is to separate the study of programs from the study of the protocols they are meant to implement, i.e. prove that a program correctly implements a protocol on the one hand, and reason about that protocol independently of its implementation on the other hand. In this context, protocols act both as specifications of what a program is allowed to do and as descriptions of the actions that programs must expect from the environment. Two main approaches coexist for describing such protocols: session types on the one hand [30], used to police interactions in programs expressed either in the π -calculus [20] or in a message-passing variant of Java [21], and channel contracts on the other hand [7], used for instance to describe the protocols in the Sing programming language [13] developed for the Singularity operating system [22]. High-level protocol descriptions such as these allow the program verification effort to be split between checking properties at the level of the protocol itself on the one hand, and checking obedience of each threa...

show abstract

Section: Confluence and Completenessmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

mentioning

confidence: 99%

See 1 more Smart Citation

Shared contract-obedient channels

Lozes

Villard

2015

Science of Computer Programming

View full text Add to dashboard Cite

show abstract

“…doml(Γ ′ ) 12 The condition that d dom(Γ) is required since we do not state whether the triple Γ ⊳ M ⊲ P is a configuration; otherwise, it is redundant -see comments succeeding Definition 4.1. 13 Cost Definability cannot be defined wrt. the first environment only in the case of action alloc, since it nondeterministically allocates a fresh channel name and adds it to the residual environment -see lAllE in Figure 5.…”

Section: Lemma 512 (Transitions and Renamingmentioning

confidence: 99%

Compositional Reasoning for Explicit Resource Management in Channel-Based Concurrency

Francalanza¹,

DeVries²,

Hennessy³

2014

Logical Methods in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. We define a π-calculus variant with a costed semantics where channels are treated as resources that must explicitly be allocated before they are used and can be deallocated when no longer required. We use a substructural type system tracking permission transfer to construct coinductive proof techniques for comparing behaviour and resource usage efficiency of concurrent processes. We establish full abstraction results between our coinductive definitions and a contextual behavioural preorder describing a notion of process efficiency wrt. its management of resources. We also justify these definitions and respective proof techniques through numerous examples and a case study comparing two concurrent implementations of an extensible buffer.

show abstract

“…This limitation prevents some programs from being proven. For instance, such linear channel communications are known to enforce a form of determinism [8] that excludes standard synchronisation primitives such as locks and semaphores. Almost none of the verification techniques supporting shared channels is able to give meaningful protocols to them.…”

Section: Introductionmentioning

confidence: 99%

Shared Contract-Obedient Endpoints

Lozes

Villard

2012

Electron. Proc. Theor. Comput. Sci.

View full text Add to dashboard Cite

Most of the existing verification techniques for message-passing programs suppose either that channel endpoints are used in a linear fashion, where at most one thread may send or receive from an endpoint at any given time, or that endpoints may be used arbitrarily by any number of threads. The former approach usually forbids the sharing of channels while the latter limits what is provable about programs. In this paper we propose a midpoint between these techniques by extending a proof system based on separation logic to allow sharing of endpoints. We identify two independent mechanisms for supporting sharing: an extension of fractional shares to endpoints, and a new technique based on what we call reflexive ownership transfer. We demonstrate on a number of examples that a linear treatment of sharing is possible

show abstract

Permission-Based Separation Logic for Message-Passing Concurrency

Cited by 9 publications

References 41 publications

Shared contract-obedient channels

Shared contract-obedient channels

Compositional Reasoning for Explicit Resource Management in Channel-Based Concurrency

Shared Contract-Obedient Endpoints

Contact Info

Product

Resources

About