Permission-Based Separation Logic for Multithreaded Java Programs

Abstract

This paper presents a program logic for reasoning about multithreadedJava-like programs with dynamic thread creation, thread joining and reentrantobject monitors. The logic is based on concurrent separation logic. It is thefirst detailed adaptation of concurrent separation logic to a multithreadedJava-like language. The program logic associates a unique static accesspermission with each heap location, ensuring exclusive write accesses andruling out data races. Concurrent reads are supported through fractionalpermissions. Permissions can be transferred between threads upon threadstarting, thread joining, initial monitor entrancies and final monitor exits.In order to distinguish between initial monitor entrancies and monitorreentrancies, auxiliary variables keep track of multisets of currently heldmonitors. Data abstraction and behavioral subtyping are facilitated throughabstract predicates, which are also used to represent monitor invariants,preconditions for thread starting and postconditions for thread joining.Value-parametrized types allow to conveniently capture common strong globalinvariants, like static object ownership relations. The program logic ispresented for a model language with Java-like classes and interfaces, thesoundness of the program logic is proven, and a number of illustrative examplesare presented