Dynamic Verification for File Safety of Multithreaded Programs

In this paper, we present a new semantics to check file safety of multithreaded programs. A file-safe program is one that reaches a final configuration under the proposed semantics. We extend the While language with file operations and multi-threading commands, and call the new language whilef. This paper shows that the file safety is an un-decidable property for whilef. The file safety becomes a decidable property in a special case shown in this paper. The case happens when users provide pointer information. If the file is safe we call it a strongly safe file program. We modify the syntax and the semantic of the language and called it SafeWhilef.

💡 Research Summary

The paper introduces a novel operational semantics aimed at dynamically verifying file‑safety in multithreaded programs. To this end the authors extend the classic While language with explicit file operations—open, close, read, write—and with thread‑control constructs fork and join, yielding an enriched language they call whilef. A program state (configuration) in whilef consists of a variable stack, a heap, a global file table, and a thread pool. Transition rules describe how each command manipulates these components, especially how the file table evolves when threads open, read, write, or close files.

File‑safety is defined as the property that every possible execution path reaches a final configuration where the file table is empty, i.e., no file remains open. Under this definition the authors prove that deciding file‑safety for arbitrary whilef programs is undecidable. The proof proceeds by a reduction from the halting problem: they encode a Turing machine’s computation into a whilef program whose file‑open/close pattern mimics the machine’s transition steps. Because thread scheduling is nondeterministic, race conditions can cause divergent file‑table states, making any static analysis insufficient. Consequently, no algorithm can universally determine whether a given whilef program will always terminate with a clean file table.

Recognizing that many practical systems have additional information about file descriptors, the paper then isolates a special subclass of programs in which the programmer supplies exact pointer information—the set of file descriptors that each thread may use and the precise moments of acquisition and release. In this restricted setting the file‑descriptor space becomes finite and known a priori, allowing the construction of a deterministic verification procedure.

To exploit this insight the authors define a new language, SafeWhilef, which retains the syntax of whilef but augments its semantics with a pointer‑validation step before each file operation. This step checks at runtime whether the current thread’s descriptor is present in the file table and whether a close operation is being applied to an already‑closed file. Because the set of possible descriptors is fixed, the validation can be modeled as a finite‑state machine; thus the overall safety property becomes decidable. Programs that satisfy this stronger criterion are termed strongly safe file programs.

The paper also reports on a prototype interpreter for SafeWhilef. Several multithreaded file‑I/O benchmarks were executed, comparing runs with and without explicit pointer information. The measurements show negligible overhead, confirming that the added runtime checks are lightweight. Moreover, the interpreter automatically detects violations such as double‑close or forgotten close, preventing file‑leak bugs before deployment.

In summary, the work makes three key contributions: (1) a formal extension of While that models concurrent file manipulation; (2) a proof that file‑safety is undecidable in the general multithreaded case; and (3) a practical, decidable verification framework for the realistic scenario where file descriptor information is supplied, embodied in the SafeWhilef language and its runtime checks. These results have direct implications for the design of safe concurrent libraries, operating‑system kernels, and safety‑critical software where reliable file‑resource management is essential.