Formal Specifications for Java's Synchronisation Classes

Amighi, Afshin; Blom, Stefan; Huisman, Marieke; Mostowski, Wojciech; Zaharieva-Stojanovski, Marina

doi:10.1109/pdp.2014.31

Cited by 9 publications

(13 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Particular API instances of the Lock interface would have such distinction embedded in the implementation, like the ReentrantReadWriteLock that provides two sub-locks for the shared and exclusive access. A fully configurable specification that can be related to particular implementations of the lock, like presented in [3], would require further extensions of our specification shown here. Still, the example we presented here is a typical use case for model methods to provide generic, client independent specifications for the purpose of reasoning about data non-interference.…”

Section: Permission-based Reasoning With Model Methodsmentioning

confidence: 99%

Transactions on Modularity and Composition I

Chiba¹,

Leavens²,

Ziarek³

et al. 2016

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Dynamic method dispatch is a core feature of object-oriented programming by which the executed implementation for a polymorphic method is only chosen at runtime. In this paper, we present a specification and verification methodology which extends the concept of dynamic dispatch to design-by-contract specifications.The formal specification language JML has only rudimentary means for polymorphic abstraction in expressions. We promote these to fully flexible specification-only query methods called model methods that can, like ordinary methods, be overridden to give specifications a new semantics in subclasses in a transparent and modular fashion. Moreover, we allow them to refer to more than one program state which give us the possibility to fully abstract and encapsulate two-state specification contexts, i.e., history constraints and method postconditions. Finally, we provide an elegant and flexible mechanism to specify restrictions on specifications in subtypes. Thus behavioural subtyping can be enforced, yet it still allows for other specification paradigms.We provide the semantics for model methods by giving a translation into a first order logic and according proof obligations. We fully implemented this framework in the KeY program verifier and successfully verified relevant examples. We have also implemented an extension to KeY to support permission-based verification of concurrent Java programs. In this context model methods provide a modular specification method to treat code synchronisation through API methods.

show abstract

Section: Permission-based Reasoning With Model Methodsmentioning

confidence: 99%

Transactions on Modularity and Composition I

Chiba¹,

Leavens²,

Ziarek³

et al. 2016

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Instead, their semantics is given with a generic API specification, which is external to the concrete use case. By passing a suitably defined resource predicate one makes such a generic specification concrete [21].…”

Section: Modular Specifications For Synchronisersmentioning

confidence: 99%

“…In each such case a generic specification that would cover the typical usage scenarios is possible. Our Lock specification is not fully generic in this respect, in particular it does not cover Java re-entrant locks, but it can be extended to resemble the ones we developed before for Separation Logic [21] that cover all kinds of Java lock flavours. However, there will always be scenarios that would not fall within such a generic scheme.…”

Section: Modular Specifications For Synchronisersmentioning

confidence: 99%

Dynamic Frames Based Verification Method for Concurrent Java Programs

Mostowski

2016

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. In this paper we discuss a verification method for concurrent Java programs based on the concept of dynamic frames. We build on our earlier work that proposes a new, symbolic permission system for concurrent reasoning and we provide the following new contributions. First, we describe our approach for proving program specifications to be self-framed w.r.t. permissions, which is a necessary condition to maintain soundness in concurrent reasoning. Second, we show how we use predicates to provide modular and reusable specifications for program synchronisation points, like locks or forked threads. Our work primarily targets the KeY verification system with its specification language JML * and symbolic execution proving method. Hence, we also give the current status of the work on implementation and we discuss some examples that are verifiable with KeY.

show abstract

“…In essence, the problematic points are reasoning about rational fractions [3] and the necessity to provide concrete fractions (or relative amounts [13]) in specifications. Real programming languages bring further challenges, such as re-entrant locks and other complex synchronisation methods, like count-down latches [4] in Java. To provide an intuition how permissions can be treated symbolically, this section discusses two examples.…”

Section: Symbolic Permissions In a Nutshellmentioning

confidence: 99%

“…This relieves both the specifier and the verification tool of the need to, respectively, specify and reason about concrete fractions, which requires dedicated complex decision procedures in first-order reasoning [3]. To specify complex synchronisation scenarios such as Java threads with multi-join possibilities, and latches [4], the system tracks the permission originators in the permission expressions, which can be used to determine the permission return path. To handle all scenarios, under certain conditions, it is allowed to modify this return path.…”

Section: Introductionmentioning

confidence: 99%

A Symbolic Approach to Permission Accounting for Concurrent Reasoning

Huisman

Mostowski

2015

2015 14th International Symposium on Parallel and Distributed Computing

Self Cite

View full text Add to dashboard Cite

Abstract-Permission accounting is fundamental to modular, thread-local reasoning about concurrent programs. This paper presents a new, symbolic system for permission accounting. In existing systems, permissions are numeric value-based and refer to the current thread only. Our system is based on symbolic expressions that provide a view of permissions for all relevant threads in the scope of the permission originatorcurrent thread or a lock. This enables: (a) better understanding of permission tracking for the specifier, (b) more natural specification of complex permission transfer scenarios, and (c) more efficient reasoning for verification tools (in particular, no reasoning about rational numbers is required). Our system is based on symbolic permission slicing to divide permissions between multiple owners, and on tracking the history of permission transfers by means of "I-owe-you" chains of permission owners. We axiomatised our permission system in the KeY verifier as well as in PVS, and proved correct with both tools a list of vital properties about our permissions. KeY is an interactive verification tool for Java and our primary target to employ our permission system. First results with the verification of concurrent Java programs using our permission system in KeY are also reported.

show abstract

Formal Specifications for Java's Synchronisation Classes

Cited by 9 publications

References 25 publications

Transactions on Modularity and Composition I

Transactions on Modularity and Composition I

Dynamic Frames Based Verification Method for Concurrent Java Programs

A Symbolic Approach to Permission Accounting for Concurrent Reasoning

Contact Info

Product

Resources

About