Specifying multithreaded Java semantics for program verification

Proceedings of the 24th International Conference on Software Engineering. ICSE 2002 Pub Date : 2002-05-19 DOI:10.1145/581396.581399

Abhik Roychoudhury, T. Mitra

{"title":"Specifying multithreaded Java semantics for program verification","authors":"Abhik Roychoudhury, T. Mitra","doi":"10.1145/581396.581399","DOIUrl":null,"url":null,"abstract":"Most current work on multithreaded Java program verification assumes a model of execution that is based on interleaving of the operations of the individual threads. However, the Java language specification supports a weaker model of execution, called the Java Memory Model (JMM). The JMM allows certain reordering of operations within a thread and thus permits more behaviors than the interleaving based execution model. Therefore, programs verified by assuming interleaved thread execution may not behave correctly for certain Java multithreading implementations. The main difficulty with the JMM is that it is informally described in an abstract rule-based declarative style, which is unsuitable for formal verification. We develop an equivalent formal executable specification of the JMM. Our specification is operational and uses guarded commands. We then use this executable model to verify popular software construction idioms for multithreaded Java. Our prototype verifier tool detects a bug in the widely used \"Double Checked Locking\" idiom, which verifiers based on interleaving execution model cannot possibly detect.","PeriodicalId":186061,"journal":{"name":"Proceedings of the 24th International Conference on Software Engineering. ICSE 2002","volume":"59 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2002-05-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"35","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 24th International Conference on Software Engineering. ICSE 2002","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/581396.581399","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 35

Abstract

Most current work on multithreaded Java program verification assumes a model of execution that is based on interleaving of the operations of the individual threads. However, the Java language specification supports a weaker model of execution, called the Java Memory Model (JMM). The JMM allows certain reordering of operations within a thread and thus permits more behaviors than the interleaving based execution model. Therefore, programs verified by assuming interleaved thread execution may not behave correctly for certain Java multithreading implementations. The main difficulty with the JMM is that it is informally described in an abstract rule-based declarative style, which is unsuitable for formal verification. We develop an equivalent formal executable specification of the JMM. Our specification is operational and uses guarded commands. We then use this executable model to verify popular software construction idioms for multithreaded Java. Our prototype verifier tool detects a bug in the widely used "Double Checked Locking" idiom, which verifiers based on interleaving execution model cannot possibly detect.

查看原文本刊更多论文

为程序验证指定多线程Java语义

当前大多数关于多线程Java程序验证的工作都假定了一种基于各个线程的交错操作的执行模型。然而，Java语言规范支持一种较弱的执行模型，称为Java内存模型(Java Memory model, JMM)。JMM允许线程内操作的某些重新排序，因此比基于交错的执行模型允许更多的行为。因此，对于某些Java多线程实现，通过假设交错线程执行来验证的程序可能行为不正确。JMM的主要困难在于，它是以一种抽象的基于规则的声明式风格进行非正式描述的，这种风格不适合正式验证。我们开发了一个等价的JMM的正式可执行规范。我们的规范是可操作的，并使用受保护的命令。然后，我们使用这个可执行模型来验证多线程Java的流行软件构造习惯。我们的原型验证器工具可以检测到广泛使用的“双重检查锁定”习语中的错误，而基于交错执行模型的验证器不可能检测到这个错误。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 24th International Conference on Software Engineering. ICSE 2002

自引率

0.00%

发文量