Oracle Semantics for Concurrent Separation Logic

Опубликовано 8 сентября 2016, 18:59

We define (with machine-checked proofs in Coq) a modular operational semantics for Concurrent C minorΓÇöa language with shared memory, spawnable threads, and first-class locks. By modular we mean that one can reason about sequential control and data-flow knowing almost nothing about concurrency, and one can reason about concurrency knowing almost nothing about sequential control and data-flow constructs. We present a concurrent Separation Logic with first-class locks and threads, and prove its soundness with respect to the operational semantics. Using our modularity principle, we proved the sequential C.S.L. rules (those inherited from sequential Separation Logic) simply by adapting Appel & BlazyΓÇÖs machine-checked soundness proofs. Our Concurrent C minor operational semantics is designed to connect to LeroyΓÇÖs optimizing (sequential) C minor compiler; we propose our modular semantics as a way to adapt LeroyΓÇÖs compiler-correctness proofs to the concurrent setting. Thus we will obtain end-to-end proofs: the properties you prove in Concurrent Separation Logic will be true of the program that actually executes on the machine.