Future-based Static Analysis of Message Passing Programs

TL;DR

This paper introduces a modular static analysis method for message passing programs, combining separation logic and process algebra to verify correctness of distributed Java applications, demonstrated on a leader election protocol.

Contribution

It presents a novel approach that uses futures to abstract communication protocols, linking static code analysis with model checking for verifying message passing correctness.

Findings

Successfully verified a leader election protocol

Established a formal link between futures and program code

Demonstrated effectiveness on real-world MPI programs

Abstract

Message passing is widely used in industry to develop programs consisting of several distributed communicating components. Developing functionally correct message passing software is very challenging due to the concurrent nature of message exchanges. Nonetheless, many safety-critical applications rely on the message passing paradigm, including air traffic control systems and emergency services, which makes proving their correctness crucial. We focus on the modular verification of MPI programs by statically verifying concrete Java code. We use separation logic to reason about local correctness and define abstractions of the communication protocol in the process algebra used by mCRL2. We call these abstractions futures as they predict how components will interact during program execution. We establish a provable link between futures and program code and analyse the abstract futures via model checking to prove global correctness. Finally, we verify a leader election protocol to demonstrate our approach.