On the Verification of SCOOP Programs

TL;DR

This paper develops a semantic framework and tools for verifying SCOOP programs, focusing on alias analysis and deadlock detection, leveraging Maude's model-checking capabilities to handle real concurrency complexities.

Contribution

It introduces an integrated alias analyzer and deadlock detector within a formal RL-based SCOOP semantics, enabling practical verification with Maude.

Findings

Successfully integrated alias analysis and deadlock detection tools.

Addressed state explosion issues in model-checking SCOOP.

Extended alias calculus to handle infinite executions with sound over-approximation.

Abstract

In this paper we focus on the development of a toolbox for the verification of programs in the context of SCOOP -- an elegant concurrency model, recently formalized based on Rewriting Logic (RL) and Maude. SCOOP is implemented in Eiffel and its applicability is demonstrated also from a practical perspective, in the area of robotics programming. Our contribution consists in devising and integrating an alias analyzer and a Coffman deadlock detector under the roof of the same RL-based semantic framework of SCOOP. This enables using the Maude rewriting engine and its LTL model-checker "for free", in order to perform the analyses of interest. We discuss the limitations of our approach for model-checking deadlocks and provide solutions to the state explosion problem. The latter is mainly caused by the size of the SCOOP formalization which incorporates all the aspects of a real concurrency model. On the aliasing side, we propose an extension of a previously introduced alias calculus based on program expressions, to the setting of unbounded program executions such as infinite loops and recursive calls. Moreover, we devise a corresponding executable specification easily implementable on top of the SCOOP formalization. An important property of our extension is that, in non-concurrent settings, the corresponding alias expressions can be over-approximated in terms of a notion of regular expressions. This further enables us to derive an algorithm that always stops and provides a sound over-approximation of the "may aliasing" information, where soundness stands for the lack of false negatives.