Reasoning About Concurrency in High-Assurance, High-Performance Software Systems

  title={Reasoning About Concurrency in High-Assurance, High-Performance Software Systems},
  author={June Andronick},
We describe our work in the Trustworthy Systems group at Data61 (formerly NICTA) in reasoning about concurrency in high-assurance, high-performance software systems, in which concurrency may come from three different sources: multiple cores, interrupts and application-level interleaving. 


A Verification Environment for Sequential Imperative Programs in Isabelle/HOL
A general language model for sequential imperative programs together with a Hoare logic is developed and integrated into Isabelle/HOL to gain a usable and sound verification environment.
Proof of OS Scheduling Behavior in the Presence of Interrupt-Induced Concurrency
We present a simple yet scalable framework for formal reasoning and machine-assisted proof of interrupt-driven concurrency in operating-system code, and use it to prove the principal scheduling
Controlled Owicki-Gries Concurrency: Reasoning about the Preemptible eChronos Embedded Operating System
We introduce a controlled concurrency framework, derived from the Owicki-Gries method, for describing a hardware interface in detail sufficient to suppor t the modelling and verification of small,
Types, bytes, and separation logic
A formal model of memory is presented that both captures the low-level features of C's pointers and memory, and forms the basis for an expressive implementation of separation logic that is applicable to real, security- and safety-critical code by formally verifying the memory allocator of the L4 microkernel.
Resources, Concurrency, and Local Reasoning (Abstract)
In the 1960s Dijkstra suggested that, in order to limit the complexity of po-tential process interactions, concurrent programs should be designed so that different processes behave independently,
Complx: a verification framework for concurrent imperative programs
This work defines the Complx language, a generic imperative language embedded in Isabelle/HOL, allowing formal reasoning on C programs, and defines an OG logic, which is proved sound w.r.t. the semantics, and a verification condition generator, both supporting involved low-level imperative constructs such as function calls and abrupt termination.
An axiomatic proof technique for parallel programs I
Hoare's deductive system for proving partial correctness of sequential programs is extended to include the parallelism described by the language, and the proof method lends insight into how one should understand and present parallel programs.
Tentative steps toward a development method for interfering programs
Extensions to the specification method based on postconditions that are predicates of two states and the development methods of operation decomposition and data refinement are proposed for the rigorous development of interfering programs.
CertiKOS: An Extensible Architecture for Building Certified Concurrent OS Kernels
This work has successfully developed a practical concurrent OS kernel and verified its (contextual) functional correctness in Coq, and is the first proof of functional correctness of a complete, general-purpose concurrent OS kernels with fine-grained locking.