Rustan Leino RiSE, Microsoft Research, Redmond MIT 5 June 2009 Joint work with: Peter Müller, ETH Zurich Jan Smans, KU Leuven.

Slides:



Advertisements
Similar presentations
1 Lecture 5 Towards a Verifying Compiler: Multithreading Wolfram Schulte Microsoft Research Formal Methods 2006 Race Conditions, Locks, Deadlocks, Invariants,
Advertisements

A Framework for describing recursive data structures Kenneth Roe Scott Smith.
Verification of object-oriented programs with invariants Mike Barnett, Robert DeLine, Manuel Fahndrich, K. Rustan M. Leino, Wolfram Schulte Formal techniques.
Advanced programming tools at Microsoft
Operating Systems Semaphores II
Joint work with Mike Barnett, Robert DeLine, Manuel Fahndrich, and Wolfram Schulte Verifying invariants in object-oriented programs K. Rustan M. Leino.
The Spec# programming system K. Rustan M. Leino Microsoft Research, Redmond, WA, USA Lunch seminar, Praxis Bath, UK 6 Dec 2005 joint work with Mike Barnett,
Object Invariants in Specification and Verification K. Rustan M. Leino Microsoft Research, Redmond, WA Joint work with: Mike Barnett, Ádám Darvas, Manuel.
Writing specifications for object-oriented programs K. Rustan M. Leino Microsoft Research, Redmond, WA, USA 21 Jan 2005 Invited talk, AIOOL 2005 Paris,
1 Towards a Verifying Compiler: The Spec# Approach Wolfram Schulte Microsoft Research Formal Methods 2006 Joint work with Rustan Leino, Mike Barnett, Manuel.
Spec# K. Rustan M. Leino Senior Researcher Programming Languages and Methods Microsoft Research, Redmond, WA, USA Microsoft Research faculty summit, Redmond,
Lecture 4 Towards a Verifying Compiler: Data Abstraction Wolfram Schulte Microsoft Research Formal Methods 2006 Purity, Model fields, Inconsistency _____________.
Challenges in increasing tool support for programming K. Rustan M. Leino Microsoft Research, Redmond, WA, USA 23 Sep 2004 ICTAC Guiyang, Guizhou, PRC joint.
K. Rustan M. Leino Peter Müller IFIP WG 2.3 meeting June 2009 Boston, MA.
The Spec# programming system K. Rustan M. Leino Microsoft Research, Redmond, WA, USA Distinguished Lecture Series Max Planck Institute for Software Systems.
Automated Verification with HIP and SLEEK Asankhaya Sharma.
Reduction, abstraction, and atomicity: How much can we prove about concurrent programs using them? Serdar Tasiran Koç University Istanbul, Turkey Tayfun.
Automated Software Verification with a Permission-Based Logic 20 th June 2014, Zürich Malte Schwerhoff, ETH Zürich.
Goldilocks: Efficiently Computing the Happens-Before Relation Using Locksets Tayfun Elmas 1, Shaz Qadeer 2, Serdar Tasiran 1 1 Koç University, İstanbul,
Verification of Multithreaded Object- Oriented Programs with Invariants Bart Jacobs, K. Rustan M. Leino, Wolfram Schulte.
A simple sequential reasoning approach for sound modular verification of mainstream multithreaded programs Wolfram Schulte & Bart Jacobs Microsoft Research.
K. Rustan M. Leino Microsoft Research Peter Müller ETH Zurich Angela Wallenburg Chalmers University.
Concurrency 101 Shared state. Part 1: General Concepts 2.
K. Rustan M. Leino Research in Software Engineering (RiSE) Microsoft Research, Redmond, WA, USA 3 December 2008 U. Lugano Lugano, Switzerland.
Fractional Permissions without the Fractions Alex Summers ETH Zurich Joint work with: Stefan Heule, Rustan Leino, Peter Müller ETH Zurich MSR Redmond ETH.
Lecture 2 Towards a Verifying Compiler: Logic of Object oriented Programs Wolfram Schulte Microsoft Research Formal Methods 2006 Objects, references, heaps,
Using and Building an Automatic Program Verifier K. Rustan M. Leino Research in Software Engineering (RiSE) Microsoft Research, Redmond Lecture 1 LASER.
K. Rustan M. Leino RiSE, Microsoft Research Typing, Analysis and Verification of Heap-Manipulating Programs Dagstuhl, Germany 20 July 2009.
Concurrency CS 510: Programming Languages David Walker.
Building a program verifier K. Rustan M. Leino Microsoft Research, Redmond, WA 10 May 2006 Guest lecture, Shaz Qadeer’s cse599f, Formal Verification of.
K. Rustan M. Leino Microsoft Research, Redmond, WA, USA with Mike Barnett, Robert DeLine, Manuel Fahndrich, and Wolfram Schulte Toward enforceable contracts.
Synchronization in Java Fawzi Emad Chau-Wen Tseng Department of Computer Science University of Maryland, College Park.
1 Sharing Objects – Ch. 3 Visibility What is the source of the issue? Volatile Dekker’s algorithm Publication and Escape Thread Confinement Immutability.
Well-cooked Spaghetti: Weakest-Precondition of Unstructured Programs Mike Barnett and Rustan Leino Microsoft Research Redmond, WA, USA.
CS510 Concurrent Systems Class 5 Threads Cannot Be Implemented As a Library.
Using and Building an Automatic Program Verifier K. Rustan M. Leino Research in Software Engineering (RiSE) Microsoft Research, Redmond Lecture 3 LASER.
K. Rustan M. Leino Research in Software Engineering (RiSE) Microsoft Research, Redmond Caltech Pasadena, CA 12 November 2009.
K. Rustan M. Leino RiSE, Microsoft Research, Redmond joint work with Peter Müller and Jan Smans Lecture 0 1 September 2009 FOSAD 2009, Bertinoro, Italy.
K. Rustan M. Leino RiSE, Joint work with: Peter Müller (ETH Zurich) Jan Smans (KU Leuven) Special thanks to Mike Barnett VMCAI, Madrid, Spain, 18 January.
OSE 2013 – synchronization (lec3) 1 Operating Systems Engineering Locking & Synchronization [chapter #4] By Dan Tsafrir,
Refinement, reusable libraries, instantiable classes K. Rustan M. Leino Research in Software Engineering (RiSE) Microsoft Research, Redmond Joint work.
CS510 Concurrent Systems Introduction to Concurrency.
K. Rustan M. Leino RiSE, Microsoft Research 1 Dec 2008 Invited talk, working group meeting COST Action IC0701, Formal Verification of Object-Oriented Software.
Viper A Verification Infrastructure for Permission-Based Reasoning 1 st March 2015, ECOOP’15 PC Meeting, Zurich Uri Juhasz, Ioannis Kassios, Peter Müller,
Program Verification K. Rustan M. Leino Research in Software Engineering (RiSE) Microsoft Research, Redmond University of Washington CSE P January.
Viper A Verification Infrastructure for Permission-Based Reasoning 24 th March 2015, JML Workshop, Leiden Uri Juhasz, Ioannis Kassios, Peter Müller, Milos.
CSC321 Concurrent Programming: §5 Monitors 1 Section 5 Monitors.
K. Rustan M. Leino RiSE, Microsoft Research 17 July 2009 JML seminar Dagstuhl, Germany.
K. Rustan M. Leino Microsoft Research, Redmond, WA, USA with Mike Barnett, Robert DeLine, Manuel Fahndrich, and Wolfram Schulte Spec# Writing and checking.
Using and Building an Automatic Program Verifier K. Rustan M. Leino Research in Software Engineering (RiSE) Microsoft Research, Redmond Lecture 0 Marktoberdorf.
K. Rustan M. Leino and Wolfram Schulte Microsoft Research, Redmond ESOP 2007 Braga, Portugal 28 March 2007.
Specifying and verifying programs in Spec# K. Rustan M. Leino Microsoft Research, Redmond, WA, USA Invited talk, PSI 2006 Novosibirsk, Russia 27 June 2006.
K. Rustan M. Leino Research in Software Engineering (RiSE) Microsoft Research, Redmond, WA part 2 International Summer School Marktoberdorf Marktoberdorf,
An Introduction to Automated Program Verification with Permission Logics 15 th May 2015, Systems Group, ETH Zurich Uri Juhasz, Ioannis Kassios, Peter Müller,
K. Rustan M. Leino RiSE, Microsoft Research, Redmond joint work with Peter Müller and Jan Smans Lecture 1 2 September 2009 FOSAD 2009, Bertinoro, Italy.
VSTTE’12 29 th January 2012, Philadelphia Comparing Verification Condition Generation with Symbolic Execution Malte Schwerhoff, ETH Zurich Joint work with.
Spec# John Lefor Program Manager Developer Division, Microsoft.
A Calculus of Atomic Actions Tayfun Elmas, Shaz Qadeer and Serdar Tasiran POPL ‘ – Seminar in Distributed Algorithms Cynthia Disenfeld 27/05/2013.
ESOP 2010, Paphos, Cyprus, 22 March 2010 K. Rustan M. Leino (RiSE group, Microsoft Research) Peter Müller (ETH Zurich) Jan Smans (KU Leuven)
CS510 Concurrent Systems Jonathan Walpole. Introduction to Concurrency.
Specification techniques for verifying object-oriented software
Deductive Verification Tools Tutorial for Dagstuhl Seminar 16201
Transaction Management
A Verification Infrastructure for Permission-based Reasoning
The Relationship Between Separation Logic and Implicit Dynamic Frames
Critical sections, locking, monitors, etc.
Verification of concurrent object-oriented programs
Spec# Writing and checking contracts in a .NET language
Conditions for Deadlock
CSE 332: Concurrency and Locks
Presentation transcript:

Rustan Leino RiSE, Microsoft Research, Redmond MIT 5 June 2009 Joint work with: Peter Müller, ETH Zurich Jan Smans, KU Leuven

Atomicity Sequential reasoning within atomic sections Monitor invariants Assumed when monitor is acquired Checked when monitor is released Locking order Deadlock prevention Rely-guarantee reasoning Thread interference class Cell { int val; invariant val > 0; void Set( int v ) { lock( this ) { val := v; } } void Swap( Cell c ) { lock( this ) { lock( c ) { int t := val; val := c.val; c.val := t; } } }

Client-side locking One monitor protects lots of state Fine-grained locking One field protected by several monitors Thread-local and shared objects Transitions in both directions Dynamic changes of locking order class Node { int val; Node next; invariant next  null  val  next.val; … } class List { Node head; void Reverse( ) { … } … }

Experimental language with focus on: Share-memory concurrency Static verification Key features Memory access governed by a model of permissions Sharing via locks with monitor invariants Deadlock checking, dynamic lock re-ordering Other features Classes; Mutual exclusion and readers/writers locks; Fractional permissions;Two-state monitor invariants; Asynchronous method calls; Memory leak checking; Logic predicates and functions; Ghost and prophecy variables

Every memory location has an associated permission A memory location is an (object, field) pair Permissions can be held by activation records An activation record is a particular invocation of a method Permissions can be transferred dynamically Exhale Inhale

Objects can be shared thread local shared, available shared, locked newshareacquire release unshare free

An available object can hold permissions A monitor invariant describes the state of an available object thread local shared, available shared, locked newshareacquire release unshare free monitor invariant is checked here

Every shared object o is associated with a value o.mu in the locking order The locking order is a dense lattice, where << denotes its strict partial order Locks have to be acquired in ascending order o.mu is set by the share statement o.mu can be changed by the reorder statement

Fork/join provide asynchronous calls Roughly: call o.M() Exhale Pre; Inhale Post fork o.M() Exhale Pre join o.M() Inhale Post

Predicates provide abstraction Predicates can also hold permissions Predicates are opened and closed, usually automatically

Owicki-Gries example solution due to Bart Jacobs

:List:List :Node:Node:Node:Node:Node:Node:Node:Node head tail current

Chalice has many features for shared-memory concurrency Verification via Boogie Permissions are flexible, but hard to debug with current interface

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.