Concurrent Featherweight VeriFast Formalization and Soundness Proof Bart Jacobs May 4, 2015 Bart Jacobs Concurrent Featherweight VeriFast Formalization and Soundness
Contents The Programming Language 1 Concrete Execution 2 Small Step Semantics Mutator Semantics Relationship Semiconcrete Execution 3 Definition Soundness Bart Jacobs Concurrent Featherweight VeriFast Formalization and Soundness
Contents The Programming Language 1 Concrete Execution 2 Small Step Semantics Mutator Semantics Relationship Semiconcrete Execution 3 Definition Soundness Bart Jacobs Concurrent Featherweight VeriFast Formalization and Soundness
The Programming Language z ∈ Z x ∈ Vars z | x | e + e | e − e e ::= b ::= e = e | e < e | ¬ b c ::= x := e | ( c ; c ) | if b then c else c | while b do c | r ( e ) | x := malloc ( e ) | x := [ e ] | [ e ] := e | free ( e ) | fork ( c ) | acquire ( e ) | release ( e ) rdef ::= routine r ( x ) = c Bart Jacobs Concurrent Featherweight VeriFast Formalization and Soundness
Example Program routine produce(b) = routine consume(b) = while 0 = 0 do ( while 0 = 0 do ( x := malloc (0); x := 0; while ¬ (x = 0) do ( while x = 0 do ( acquire (b); acquire (b); e := [b + 1]; x := [b + 1]; if e = 0 then ( [b + 1] := 0; [b + 1] := x; x := 0 release (b) ) else x := x; ); release (b) free (x) ) ) ) b := malloc (2); [b + 1] := 0; [b] := 0; fork (produce(b)); consume(b) Bart Jacobs Concurrent Featherweight VeriFast Formalization and Soundness
Contents The Programming Language 1 Concrete Execution 2 Small Step Semantics Mutator Semantics Relationship Semiconcrete Execution 3 Definition Soundness Bart Jacobs Concurrent Featherweight VeriFast Formalization and Soundness
Contents The Programming Language 1 Concrete Execution 2 Small Step Semantics Mutator Semantics Relationship Semiconcrete Execution 3 Definition Soundness Bart Jacobs Concurrent Featherweight VeriFast Formalization and Soundness
Example Concrete Execution // γ = ( 0 , { [( 0 , pair := · · · ; fork ( · · · ); [pair + 1] := 24; done )] } ) pair := malloc (2); // γ = ( { [mb(33 , 2) , 33 �→ 1 , 34 �→ − 1] } , { [( 0 [pair := 33] , fork ( · · · ); [pair + 1] := 24; done )] } ) fork ([pair] := 42); γ = ( { [mb(33 , 2) , 33 �→ 1 , 34 �→ − 1] } , // { [( 0 [pair := 33] , [pair + 1] := 24; done ) , ( 0 [pair := 33] , [pair] := 42; done )] } ) [pair + 1] := 24 // γ = ( { [mb(33 , 2) , 33 �→ 1 , 34 �→ 24] } , { [( 0 [pair := 33] , [pair] := 42; done )] } ) fork ([pair] := 42 // γ = ( { [mb(33 , 2) , 33 �→ 42 , 34 �→ 24] } , 0 ) Bart Jacobs Concurrent Featherweight VeriFast Formalization and Soundness
Concrete Execution States (Small Step) k ∈ CContinuations ::= done | c ; k | ret ( s , k ) p ∈ CPredicates = {�→ , mb } { p ( ℓ, v ) | p ∈ CPredicates , ℓ, v ∈ Z } CChunks = h ∈ CHeaps = CChunks → N Vars → Z s ∈ CStores = θ ∈ CThreads = CStores × CContinuations CThreads → N T ∈ CThreadTables = γ ∈ CConfigurations = CHeaps × CThreadTables ℓ �→ v is alternative syntax for �→ ( ℓ, v ) Bart Jacobs Concurrent Featherweight VeriFast Formalization and Soundness
Step Rules (Small Step) � s , h | x := e ; k � � t � s [ x := s ( e )] , h | k � � s , h | ( c ; c ′ ); k � � t � s , h | c ; ( c ′ ; k ) � routine r ( x ) = c � s , h | r ( e ); k � � t � 0 [ x := s ( e )] , h | c ; ret ( s , k ) � � s , h | ret ( s ′ , k ) � � t � s ′ , h | k � Bart Jacobs Concurrent Featherweight VeriFast Formalization and Soundness
Step Rules (Small Step) s ( b ) = true � s , h | if b then c else c ′ ; k � � t � s , h | c ; k � s ( b ) = false � s , h | if b then c else c ′ ; k � � t � s , h | c ′ ; k � s ( b ) = true � s , h | while b do c ; k � � t � s , h | c ; ( while b do c ; k ) � s ( b ) = false � s , h | while b do c ; k � � t � s , h | k � Bart Jacobs Concurrent Featherweight VeriFast Formalization and Soundness
Step Rules (Small Step) s ( e ) = n 0 ≤ n h ′ = { [mb( ℓ, n ) , ℓ �→ v 1 , . . . , v n ] } dom( h ) ∩ dom( h ′ ) = ∅ � s , h | x := malloc ( e ); k � � t � s [ x := ℓ ] , h ⊎ h ′ | k � h ′ = { [mb( ℓ, n ) , ℓ �→ v 1 , . . . , v n ] } s ( e ) = ℓ � s , h ⊎ h ′ | free ( e ); k � � t � s , h | k � ¬∃ ℓ, n , v 1 , . . . , v n . s ( e ) = ℓ ∧ { [mb( ℓ, n ) , ℓ �→ v 1 , . . . , v n ] } ≤ h � s , h | free ( e ); k � � t failure Bart Jacobs Concurrent Featherweight VeriFast Formalization and Soundness
Step Rules (Small Step) � s , h ⊎ { [ s ( e ) �→ v ] } | x := [ e ]; k � � t � s [ x := v ] , h ⊎ { [ s ( e ) �→ v ] } | k � ¬∃ v . { [ s ( e ) �→ v ] } ≤ h � s , h | x := [ e ]; k � � t failure } | [ e ] := e ′ ; k � � t � s , h ⊎ { [ s ( e ) �→ s ( e ′ )] � s , h ⊎ { [ s ( e ) �→ v ] } | k � ¬∃ v . { [ s ( e ) �→ v ] } ≤ h � s , h | [ e ] := e ′ ; k � � t failure Bart Jacobs Concurrent Featherweight VeriFast Formalization and Soundness
Step Rules (Small Step) � s , h ⊎ { [ s ( e ) �→ 0] } | acquire ( e ); k � � t � s , h ⊎ { [ s ( e ) �→ 1] } | k � ¬∃ v . { [ s ( e ) �→ v ] } ≤ h � s , h | acquire ( e ); k � � t failure � s , h ⊎ { [ s ( e ) �→ 1] } | release ( e ); k � � t � s , h ⊎ { [ s ( e ) �→ 0] } | k � { [ s ( e ) �→ 1] } � h � s , h | release ( e ); k � � t failure Bart Jacobs Concurrent Featherweight VeriFast Formalization and Soundness
Step Rules (Small Step) � s , h | k � � t � s ′ , h ′ | k ′ � } ) � ( h ′ , T ⊎ { [( s ′ , k ′ )] ( h , T ⊎ { [( s , k )] } ) � s , h | k � � t failure ( h , T ⊎ { [( s , k )] } ) � failure ( h , T ⊎ { } ) � ( h , T ⊎ { } ) [( s , fork ( c ); k )] [( s , k ) , ( s , c ; done )] ( h , T ⊎ { } ) � ( h , T ) [( s , done )] Bart Jacobs Concurrent Featherweight VeriFast Formalization and Soundness
Step Rules (Small Step): Data Races s ( e ) = s ′ ( e ′ ) [( s , x := [ e ]; k ) , ( s ′ , [ e ′ ] := e ′′ ; k ′ )] ( h , T ⊎ { } ) � failure s ( e ) = s ′ ( e ′ ) ( h , T ⊎ { [( s , [ e ] := e ′′ ; k ) , ( s ′ , [ e ′ ] := e ′′′ ; k ′ )] } ) � failure Bart Jacobs Concurrent Featherweight VeriFast Formalization and Soundness
Small Step Semantics γ � ∗ γ ′ γ ′ � γ ′′ γ � ∗ γ γ � ∗ γ ′′ Definition (Safe Program) } ) � � ∗ failure ⇔ ( 0 , { safe program ss ( c ) [( 0 , c ; done )] Bart Jacobs Concurrent Featherweight VeriFast Formalization and Soundness
Contents The Programming Language 1 Concrete Execution 2 Small Step Semantics Mutator Semantics Relationship Semiconcrete Execution 3 Definition Soundness Bart Jacobs Concurrent Featherweight VeriFast Formalization and Soundness
Behaviors Single-threaded: exec( c ) ∈ CStates → Outcomes ( CStates ) Multithreaded: CFracHeaps = CChunks → Q + { [ p ( v )] } = 0 [ p ( v ) := 1] where π ∈ Q + { } = 0 [ p ( v ) := π ] [[ π ] p ( v )] 0 ℓ π �→ v = [ π ] �→ ( ℓ, v ) exec( c ) ∈ CStores → Outcomes ( Behaviors ( CStores , CFracHeaps )) β ∈ Behaviors ( L , S ) ::= return( ℓ, f ) | step( S ) where ℓ ∈ L f ∈ Outcomes ( Behaviors ( ∅ , S )) S ∈ S → Outcomes ( S × Outcomes ( Behaviors ( L , S ))) Bart Jacobs Concurrent Featherweight VeriFast Formalization and Soundness
Behaviors: Parallel Composition OBs ( L , S ) = Outcomes ( Behaviors ( L , S )) · || · : OBs ( L , S ) → OBs ( ∅ , S ) → OBs ( L , S ) o || o ′ = � � return( ℓ, o ′′ || o ′ ) � if β = return( ℓ, o ′′ ) o ; λβ. � step( λ h . S ( h ); λ ( h ′ , o ′′ ) . � ( h ′ , o ′′ || o ′ ) � ) � if β = step( S ) ⊗ o ′ ; λ step( S ) . � step( λ h . S ( h ); λ ( h ′ , o ′′ ) . � ( h ′ , o || o ′′ ) � ) � Bart Jacobs Concurrent Featherweight VeriFast Formalization and Soundness
Behaviors: Sequential Composition · � · : OBs ( L , S ) → ( L → OBs ( L ′ , S )) → OBs ( L ′ , S ) o � B = � B ( ℓ ) || o ′ if β = return( ℓ, o ′ ) o ; λβ. � step( λ h . S ( h ); λ ( h ′ , o ′ ) . � ( h ′ , o ′ � B ) � ) � if β = step( S ) Bart Jacobs Concurrent Featherweight VeriFast Formalization and Soundness
Some Auxiliary Definitions dom( h ) = { p ( ℓ ) | ∃ v . p ( ℓ, v ) ∈ h } � s , a � = � return(( s , a ) , ⊤ ) � � s � = � return( s , ⊤ ) � assume( b ) = λ s . � � b � s = true . � s � store = λ s . � s , s � store := s ′ = λ s . � s ′ � with( s ′ , C ) = s ← store � store := s ′ � C � , store := s eval( e ) = λ s . � s , � e � s � x := v = λ s . � s [ x := v ] � C 0 = noop C n +1 = C � C n C ∗ = � n ∈ N . C n cconsume( h ′ ) = λ s . � step( λ h . � h ′ ≤ h . � h − h ′ , � s �� ) � cproduce( h ′ ) = λ s . � step( λ h . � dom( h ) ∩ dom( h ′ ) = ∅ . � h ⊎ h ′ , � s �� ) � Bart Jacobs Concurrent Featherweight VeriFast Formalization and Soundness
Recommend
More recommend
