Deductive Verification of Parallel Programs Using Why3

TL;DR

This paper introduces a deductive verification method for MPI-like parallel programs using dependent types and Why3, ensuring communication safety and deadlock freedom, demonstrated on textbook examples.

Contribution

It presents a novel type-based verification approach translating protocols into Why3, enabling scalable correctness proofs for parallel MPI programs.

Findings

Verified several textbook parallel programs successfully.

Guarantees communication safety and deadlock freedom.

Demonstrates scalability over existing model-checking and testing methods.

Abstract

The Message Passing Interface specification (MPI) defines a portable message-passing API used to program parallel computers. MPI programs manifest a number of challenges on what concerns correctness: sent and expected values in communications may not match, resulting in incorrect computations possibly leading to crashes; and programs may deadlock resulting in wasted resources. Existing tools are not completely satisfactory: model-checking does not scale with the number of processes; testing techniques wastes resources and are highly dependent on the quality of the test set. As an alternative, we present a prototype for a type-based approach to programming and verifying MPI like programs against protocols. Protocols are written in a dependent type language designed so as to capture the most common primitives in MPI, incorporating, in addition, a form of primitive recursion and collective choice. Protocols are then translated into Why3, a deductive software verification tool. Source code, in turn, is written in WhyML, the language of the Why3 platform, and checked against the protocol. Programs that pass verification are guaranteed to be communication safe and free from deadlocks. We verified several parallel programs from textbooks using our approach, and report on the outcome.