Presentation is loading. Please wait.

Presentation is loading. Please wait.

Rustan Leino RiSE, Microsoft Research, Redmond MIT 5 June 2009 Joint work with: Peter Müller, ETH Zurich Jan Smans, KU Leuven.

Published byAlfred Powers Modified over 9 years ago

Similar presentations

Presentation on theme: "Rustan Leino RiSE, Microsoft Research, Redmond MIT 5 June 2009 Joint work with: Peter Müller, ETH Zurich Jan Smans, KU Leuven."— Presentation transcript:

1 Rustan Leino RiSE, Microsoft Research, Redmond MIT 5 June 2009 Joint work with: Peter Müller, ETH Zurich Jan Smans, KU Leuven

2 Atomicity Sequential reasoning within atomic sections Monitor invariants Assumed when monitor is acquired Checked when monitor is released Locking order Deadlock prevention Rely-guarantee reasoning Thread interference class Cell { int val; invariant val > 0; void Set( int v ) { lock( this ) { val := v; } } void Swap( Cell c ) { lock( this ) { lock( c ) { int t := val; val := c.val; c.val := t; } } }

3 Client-side locking One monitor protects lots of state Fine-grained locking One field protected by several monitors Thread-local and shared objects Transitions in both directions Dynamic changes of locking order class Node { int val; Node next; invariant next  null  val  next.val; … } class List { Node head; void Reverse( ) { … } … }

4 Experimental language with focus on: Share-memory concurrency Static verification Key features Memory access governed by a model of permissions Sharing via locks with monitor invariants Deadlock checking, dynamic lock re-ordering Other features Classes; Mutual exclusion and readers/writers locks; Fractional permissions;Two-state monitor invariants; Asynchronous method calls; Memory leak checking; Logic predicates and functions; Ghost and prophecy variables

5 Every memory location has an associated permission A memory location is an (object, field) pair Permissions can be held by activation records An activation record is a particular invocation of a method Permissions can be transferred dynamically Exhale Inhale

6 Objects can be shared thread local shared, available shared, locked newshareacquire release unshare free

7 An available object can hold permissions A monitor invariant describes the state of an available object thread local shared, available shared, locked newshareacquire release unshare free monitor invariant is checked here

8 Every shared object o is associated with a value o.mu in the locking order The locking order is a dense lattice, where << denotes its strict partial order Locks have to be acquired in ascending order o.mu is set by the share statement o.mu can be changed by the reorder statement

9 Fork/join provide asynchronous calls Roughly: call o.M() Exhale Pre; Inhale Post fork o.M() Exhale Pre join o.M() Inhale Post

10 Predicates provide abstraction Predicates can also hold permissions Predicates are opened and closed, usually automatically

11 Owicki-Gries example solution due to Bart Jacobs

12 :List:List :Node:Node:Node:Node:Node:Node:Node:Node head tail current

13 Chalice has many features for shared-memory concurrency Verification via Boogie Permissions are flexible, but hard to debug with current interface

Download ppt "Rustan Leino RiSE, Microsoft Research, Redmond MIT 5 June 2009 Joint work with: Peter Müller, ETH Zurich Jan Smans, KU Leuven."

Similar presentations

1 Lecture 5 Towards a Verifying Compiler: Multithreading Wolfram Schulte Microsoft Research Formal Methods 2006 Race Conditions, Locks, Deadlocks, Invariants,

1 Lecture 5 Towards a Verifying Compiler: Multithreading Wolfram Schulte Microsoft Research Formal Methods 2006 Race Conditions, Locks, Deadlocks, Invariants,
A Framework for describing recursive data structures Kenneth Roe Scott Smith.

A Framework for describing recursive data structures Kenneth Roe Scott Smith.
Verification of object-oriented programs with invariants Mike Barnett, Robert DeLine, Manuel Fahndrich, K. Rustan M. Leino, Wolfram Schulte Formal techniques.

Verification of object-oriented programs with invariants Mike Barnett, Robert DeLine, Manuel Fahndrich, K. Rustan M. Leino, Wolfram Schulte Formal techniques.
Advanced programming tools at Microsoft

Advanced programming tools at Microsoft
Operating Systems Semaphores II

Operating Systems Semaphores II
Joint work with Mike Barnett, Robert DeLine, Manuel Fahndrich, and Wolfram Schulte Verifying invariants in object-oriented programs K. Rustan M. Leino.

Joint work with Mike Barnett, Robert DeLine, Manuel Fahndrich, and Wolfram Schulte Verifying invariants in object-oriented programs K. Rustan M. Leino.
The Spec# programming system K. Rustan M. Leino Microsoft Research, Redmond, WA, USA Lunch seminar, Praxis Bath, UK 6 Dec 2005 joint work with Mike Barnett,

The Spec# programming system K. Rustan M. Leino Microsoft Research, Redmond, WA, USA Lunch seminar, Praxis Bath, UK 6 Dec 2005 joint work with Mike Barnett,
Object Invariants in Specification and Verification K. Rustan M. Leino Microsoft Research, Redmond, WA Joint work with: Mike Barnett, Ádám Darvas, Manuel.

Object Invariants in Specification and Verification K. Rustan M. Leino Microsoft Research, Redmond, WA Joint work with: Mike Barnett, Ádám Darvas, Manuel.
Writing specifications for object-oriented programs K. Rustan M. Leino Microsoft Research, Redmond, WA, USA 21 Jan 2005 Invited talk, AIOOL 2005 Paris,

Writing specifications for object-oriented programs K. Rustan M. Leino Microsoft Research, Redmond, WA, USA 21 Jan 2005 Invited talk, AIOOL 2005 Paris,
1 Towards a Verifying Compiler: The Spec# Approach Wolfram Schulte Microsoft Research Formal Methods 2006 Joint work with Rustan Leino, Mike Barnett, Manuel.

1 Towards a Verifying Compiler: The Spec# Approach Wolfram Schulte Microsoft Research Formal Methods 2006 Joint work with Rustan Leino, Mike Barnett, Manuel.
Spec# K. Rustan M. Leino Senior Researcher Programming Languages and Methods Microsoft Research, Redmond, WA, USA Microsoft Research faculty summit, Redmond,

Spec# K. Rustan M. Leino Senior Researcher Programming Languages and Methods Microsoft Research, Redmond, WA, USA Microsoft Research faculty summit, Redmond,
Lecture 4 Towards a Verifying Compiler: Data Abstraction Wolfram Schulte Microsoft Research Formal Methods 2006 Purity, Model fields, Inconsistency _____________.

Lecture 4 Towards a Verifying Compiler: Data Abstraction Wolfram Schulte Microsoft Research Formal Methods 2006 Purity, Model fields, Inconsistency _____________.
Challenges in increasing tool support for programming K. Rustan M. Leino Microsoft Research, Redmond, WA, USA 23 Sep 2004 ICTAC Guiyang, Guizhou, PRC joint.

Challenges in increasing tool support for programming K. Rustan M. Leino Microsoft Research, Redmond, WA, USA 23 Sep 2004 ICTAC Guiyang, Guizhou, PRC joint.
K. Rustan M. Leino Peter Müller IFIP WG 2.3 meeting 49 10 June 2009 Boston, MA.

K. Rustan M. Leino Peter Müller IFIP WG 2.3 meeting June 2009 Boston, MA.
The Spec# programming system K. Rustan M. Leino Microsoft Research, Redmond, WA, USA Distinguished Lecture Series Max Planck Institute for Software Systems.

The Spec# programming system K. Rustan M. Leino Microsoft Research, Redmond, WA, USA Distinguished Lecture Series Max Planck Institute for Software Systems.
Automated Verification with HIP and SLEEK Asankhaya Sharma.

Automated Verification with HIP and SLEEK Asankhaya Sharma.
Reduction, abstraction, and atomicity: How much can we prove about concurrent programs using them? Serdar Tasiran Koç University Istanbul, Turkey Tayfun.

Reduction, abstraction, and atomicity: How much can we prove about concurrent programs using them? Serdar Tasiran Koç University Istanbul, Turkey Tayfun.
Automated Software Verification with a Permission-Based Logic 20 th June 2014, Zürich Malte Schwerhoff, ETH Zürich.

Automated Software Verification with a Permission-Based Logic 20 th June 2014, Zürich Malte Schwerhoff, ETH Zürich.
Goldilocks: Efficiently Computing the Happens-Before Relation Using Locksets Tayfun Elmas 1, Shaz Qadeer 2, Serdar Tasiran 1 1 Koç University, İstanbul,

Goldilocks: Efficiently Computing the Happens-Before Relation Using Locksets Tayfun Elmas 1, Shaz Qadeer 2, Serdar Tasiran 1 1 Koç University, İstanbul,
Verification of Multithreaded Object- Oriented Programs with Invariants Bart Jacobs, K. Rustan M. Leino, Wolfram Schulte.

Verification of Multithreaded Object- Oriented Programs with Invariants Bart Jacobs, K. Rustan M. Leino, Wolfram Schulte.

Similar presentations

Ads by Google