Independence and concurrent separation logic
📝 Abstract
A compositional Petri net-based semantics is given to a simple language allowing pointer manipulation and parallelism. The model is then applied to give a notion of validity to the judgements made by concurrent separation logic that emphasizes the process-environment duality inherent in such rely-guarantee reasoning. Soundness of the rules of concurrent separation logic with respect to this definition of validity is shown. The independence information retained by the Petri net model is then exploited to characterize the independence of parallel processes enforced by the logic. This is shown to permit a refinement operation capable of changing the granularity of atomic actions.
💡 Analysis
A compositional Petri net-based semantics is given to a simple language allowing pointer manipulation and parallelism. The model is then applied to give a notion of validity to the judgements made by concurrent separation logic that emphasizes the process-environment duality inherent in such rely-guarantee reasoning. Soundness of the rules of concurrent separation logic with respect to this definition of validity is shown. The independence information retained by the Petri net model is then exploited to characterize the independence of parallel processes enforced by the logic. This is shown to permit a refinement operation capable of changing the granularity of atomic actions.
📄 Content
Logical Methods in Computer Science Vol. 4 (1:6) 2008, pp. 1–68 www.lmcs-online.org Submitted Apr. 10, 2007 Published Mar. 19, 2008 INDEPENDENCE AND CONCURRENT SEPARATION LOGIC ∗ JONATHAN HAYMAN AND GLYNN WINSKEL Computer Laboratory, University of Cambridge, William Gates Building, 15 JJ Thomson Avenue, Cambridge CB 0FD, United Kingdom e-mail address: {jonathan.hayman,glynn.winskel}@cl.cam.ac.uk Abstract. A compositional Petri net-based semantics is given to a simple language al- lowing pointer manipulation and parallelism. The model is then applied to give a notion of validity to the judgements made by concurrent separation logic that emphasizes the process-environment duality inherent in such rely-guarantee reasoning. Soundness of the rules of concurrent separation logic with respect to this definition of validity is shown. The independence information retained by the Petri net model is then exploited to characterize the independence of parallel processes enforced by the logic. This is shown to permit a refinement operation capable of changing the granularity of atomic actions.
- Introduction The foundational work of Hoare on parallel programming [Hoa72] identified the fact that attributing an interleaved semantics to parallel languages is problematic. Three areas of difficulty were isolated, quoted directly: • That of defining a ‘unit of action’. • That of implementing the interleaving on genuinely parallel hardware. • That of designing programs to control the fantastic number of combinations involved in arbitrary interleaving. The significance of these problems increases with developments in hardware, such as multiple-core processors, that allow primitive machine actions to occur at the same time. As Hoare went on to explain, a feature of concurrent systems in the physical world is that they are often spatially separated, operating on completely different resources and not interacting. When this is so, the systems are independent of each other, and therefore it is unnecessary to consider how they interact. This perspective can be extended by regarding computer processes as spatially separated if they operate on different memory locations. The problems above are resolved if the occurrence of non-independent parallel actions is prohibited except in rare cases where atomicity may be assumed, as might be enforced using the constructs proposed in [Dij68, Bri72]. 1998 ACM Subject Classification: F.3.2, F.3.1, D.3.1, F.1.2. Key words and phrases: separation logic, Petri nets, independence models, refinement, granularity. ∗Extended version of [HW06]. LOGICAL METHODS l IN COMPUTER SCIENCE DOI:10.2168/LMCS-4 (1:6) 2008 c ⃝ J. Hayman and G. Winskel CC ⃝ Creative Commons 2 J. HAYMAN AND G. WINSKEL Independence models for concurrency allow semantics to be given to parallel languages in a way that can tackle the problems associated with an interleaved semantics. The common core of independence models is that they record when actions are independent, and that independent actions can be run in either order or even concurrently with no consequence on their effect. This mitigates the increase in the state space since unnecessary interleavings of independent actions need not be considered (see e.g. [CGMP99] for applications to model checking). Independence models also permit easier notions of refinement which allow the assumed atomicity of actions to be changed. It is surprising that, to our knowledge, there has been no comprehensive study of the semantics of programming languages inside an independence model. The first component of our work gives such a semantics in terms of a well-known independence model, namely Petri nets. Our model isolates the specification of the control flow of programs from their effect on the shared state. It indicates what appears to be a general method (an alternative to Plotkin’s structural operational semantics) for giving a structural Petri net semantics to a variety of languages — see the Conclusion, Section 7. The language that we consider is motivated by the emergence of concurrent separation logic [O’H07], the rules of which form a partial correctness judgement about the execution of pointer-manipulating concurrent programs. Reasoning about such programs has tradi- tionally proved difficult due to the problem of variable aliasing. For instance, Owicki and Gries’ system for proving properties of parallel programs that do not manipulate pointers [OG76] essentially requires that the programs operate on disjoint collections of variables, thereby allowing judgements to be composed. In the presence of pointers, the same syntac- tic condition cannot be imposed to yield a sound logic since distinct variables may point to the same memory location, thereby allowing arbitrary interaction between the processes. To give a specific example, Owicki and Gries’ system would allow a judgement of the form {x 7→0 ∧y 7→0} x := 1 ∥y := 2 {x 7→1 ∧y 7→2}, indicating that the result of assigning 1 to the program variable x concur
This content is AI-processed based on ArXiv data.