Alexey Gotsman, Josh Berdine, and Byron Cook
Concurrent separation logic is a Hoare logic for modular reasoning about concurrent heap-manipulating programs synchronising via locks. It achieves modular reasoning by partitioning the program state into thread-local and lock-protected parts, and assigning resource invariants to the latter. Surprisingly, the logic is unsound unless resource invariants are precise, i.e., unambiguously carve out an area of the heap. The counterexample showing the unsoundness involves the conjunction rule. However, to date it has been an open question whether concurrent separation logic without the conjunction rule is sound when the restriction on resource invariants is dropped: all the published proofs have the precision restriction baked in. In this paper we present a single proof that shows the soundness of the logic with imprecise resource invariants, but without the conjunction rule, as well as its classical version, where resource invariants are required to be precise and the conjunction rule is included. Our proof yields a precise and direct formulation of O'Hearn's Separation Property and provides a semantic analysis of the logic that is much more elementary than previous proofs.
|Published in||27th Conference on the Mathematical Foundations of Programming Semantics, MFPS 27, Pittsburgh, PA, USA, May 25–28, 2011. Electr. Notes Theor. Comput. Sci.|