QED

 Main Page

The  QED Project  



Concurrency-related bugs are notoriously difficult to discover by code review and testing. By doing a formal proof on the program text, one can statically verify that no execution of the program leads to an error. The effectiveness of the proof depends on the proper choice of the manual inputs such as code annotations. Deriving these annotations for a concurrent program requires complicated reasoning. The main reason behind this is the interaction between threads over the shared memory. While writing the proof, at every point, one has to consider the possible interleavings of conflicting operations. Existing proof methods including Owicki-Gries, rely/guarantee and concurrent separation logic are applied at the finest level of concurrency. Analyzing the program at this level requires complex annotations and invariants, along with many auxiliary variables.

QED is a new proof method that simplifies verifying assertions in concurrent programs. The key feature of our method is the use of atomicity as the main proof tool. A proof is done by rewriting the program with larger atomic blocks in a number of steps. In order to reach the desired level of atomicity, we alternate proof steps that apply abstraction and reduction, each of which improves the outcome of the other in a following step. Then, we check assertions sequentially within the atomic blocks of the resulting program. We declare the original program correct when we discharge all the assertions. Our proof style provides separation of concerns: At each step, we either use facts about a concurrency protocol to enlarge atomic blocks, or check data properties sequentially.

TOOL

We developed a software tool, called QED, that mechanizes proofs using the Z3 SMT solver to check preconditions of the proof steps.
QED is an open-source project under the Microsoft Public Licence, and can be downloaded from the following site: http://qed.codeplex.com

PEOPLE

Tayfun Elmas
Shaz Qadeer
Serdar Tasiran
Ali Sezgin
Omer Subasi
Kivanc Muslu

PAPERS
  • [Paper] [Technical report]
    Tayfun Elmas, Shaz Qadeer, Ali Sezgin, Omer Subasi, Serdar Tasiran.
    Simplifying Linearizability Proofs with Reduction and Abstraction.
    To appear in ETAPS 2010 Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS).
    Paphos, Cyprus. March 20-28, 2010.

  • [Paper]
    Shaz Qadeer, Ali Sezgin and Serdar Tasiran.
    Back and Forth: Prophecy Variables for Static Verification of Concurrent Programs.
    Microsoft Research Technical Report, MSR-TR-2009-142, 2009.

  • [Full paper] [BibTex]
    Tayfun Elmas, Ali Sezgin, Serdar Tasiran,     Shaz Qadeer.
    An Annotation Assistan for Interactive Debugging of Programs with Common Synchronization Idioms.
    In ACM 2009 Workshop on Parallel and Distributed Systems: Testing, Analysis and Debugging (PADTAD)
    Chicago, Illionis, USA, July 19-20, 2009.

  • [Full paper] [Technical report] [BibTex]
     Tayfun Elmas, Shaz Qadeer, Serdar Tasiran.
    A Calculus of Atomic Actions.
    In     ACM SIGPLAN-SIGACT 2009 Symposium on Principles of Programming Languages (POPL).
    Savannah, Georgia, USA, January 21-23, 2009.

  • [Full paper ] [ BibTex] [Benchmarks]
     Tayfun Elmas, Shaz Qadeer, Serdar Tasiran.
    A Calculus of Atomic Actions.
    Technical Report MSR-TR-2008-99. Microsoft Research. July 2008.
TALKS
  • By Serdar Tasiran [PPT]
    Verifying Optimistic Concurrency: Prophecy Variables and Backwards Reasonings
    In Dagstuhl 2009

  • By Tayfun Elmas [PPT]
    A Calculus of Atomic Actions
    In Dagstuhl 2009

  • By Tayfun Elmas [PPT]
    A Calculus of Atomic Actions
    In PADTAD 2009

  • By Serdar Tasiran [PPT]
    A Calculus of Atomic Actions
    EPFL, Nov. 2008

  • By Tayfun Elmas [PPT]
    A Calculus of Atomic Actions
    At Microsoft Research and UW-WASP meeting

  • By Tayfun Elmas [PPT]
    A Calculus of Atomic Actions
    In POPL 2009