Verifying properties of parallel programs: an axiomatic approach
Communications of the ACM
Separation Logic: A Logic for Shared Mutable Data Structures
LICS '02 Proceedings of the 17th Annual IEEE Symposium on Logic in Computer Science
On the Semantics of Fair Parallelism
Proceedings of the Abstract Software Specifications, 1979 Copenhagen Winter School
Permission accounting in separation logic
Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Variables as Resource for Shared-Memory Programs: Semantics and Soundness
Electronic Notes in Theoretical Computer Science (ENTCS)
Checking interference with fractional permissions
SAS'03 Proceedings of the 10th international conference on Static analysis
Syntactic control of interference for separation logic
POPL '12 Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Syntactic Control of Interference and Concurrent Separation Logic
Electronic Notes in Theoretical Computer Science (ENTCS)
Hi-index | 0.00 |
Concurrent Separation Logic is a resource-sensitive logic for fault-free partial correctness of concurrent programs with shared mutable state, combining separation logic with Owicki-Gries inference rules, in a manner proposed by Peter O@?Hearn. The Owicki-Gries rules and O@?Hearn@?s original logic lacked compositionality, being limited to programs with a rigid parallel structure, because of a crucial constraint that ''no other process modifies''certain variables, imposed as a side condition in the inference rule for conditional critical regions. In prior work we proposed a more general formulation of a concurrent separation logic using resource contexts, and we offered a soundness proof based on a trace semantics. Recently Ian Wehrman and Josh Berdine discovered an example showing that this soundness proof relies on a hidden assumption, tantamount to ''no concurrent modification'', so that the proposed logic also suffices only for rigid programs. Here we show that, with a natural and simple adjustment we can avoid this problem. The key idea is to augment each assertion with a ''rely set'' of variables, assumed to be unmodified by other processes, and adjust the inference rules to validate and take advantage of these assumptions. This revised concurrent separation logic is compositional, allowing rigid and non-rigid programs, and the extra constraints imposed by rely set requirements ensure soundness. At the same time, we relax the Owicki-Gries constraints on the use of critical variables, allowing variables to be protected by multiple resources and building into the logic a simpler, yet more general, protection discipline. In the revised logic, a process wanting to write to a shared variable must acquire all resources that protect it, while a process wishing to read a shared variable need only acquire one such resource. This generalization brings concurrent separation logic closer in spirit to permission-based logics, in which processes may be allowed to perform concurrent reads.