Abstract. We present a denotational semantics based on action traces, for parallel programs which share mutable data and synchronize using resources and conditional critical regions. We introduce a resource-sensitive logic for partial correctness, adapting separation logic to the concurrent setting, as proposed by O’Hearn. The logic allows program proofs in which “ownership ” of a piece of state is deemed to transfer dynamically between processes and resources. We prove soundness of this logic, using a novel “local ” interpretation of traces, and we show that every provable program is race-free. 1

This paper traces the important steps in the history --up to around 1990-- of research on reasoning about programs. The main focus is on sequential imperative programs but some comments are made on concurrency. Initially, researchers focussed on ways of verifying that a program satisfies its specification (or that two programs were equivalent). Over time it became clear that post facto verification is only practical for small programs and attention turned to verification methods which support the development of programs; for larger programs it is necessary to exploit a notation of compositionality. Coping with concurrent algorithms is much more challenging -- this and other extensions are considered briefly. The main thesis of this paper is that the idea of reasoning about programs has been around since they were first written; the search has been to find tractable methods.

This paper traces the important steps in the history --up to around 1990-- of research on reasoning about programs. The main focus is on sequential imperative programs but some comments are made on concurrency. Initially, researchers focussed on ways of verifying that a program satifies its specification (or that two programs were equivalent). Over time it has become clear that post facto verification is only practical for small programs and attention turned to verification methods which support the development of programs; for larger programs it is necesary to exploit a notion of composability.

The concept of “process ” has come to play a central role in many efforts to master the complexity of large computer systems. The purpose of this paper is to discuss useful methods of structuring complex processes, and to relate these to the problems of improving the quality of large computer systems. Two distinct ways of structuring systems are presented, namely, process combination, and process abstraction; these are then used to discuss such topics as concurrency, synchronization, multiprogramming, interpreters, and programmable processors. This discussion is based on a set of precise definitions for such concepts as “process,” “processor, ” “computation, ” “combination, ” and “abstraction. ” The paper relates these definitions to both current research and practical applications, with particular concern for the problems of the performance, reliability, and modifiability of computer systems. Key words and phrases: sequential process, cooperating processes, asynchronous processes, parallelism, complexity, program, processor, interpreter, hierarchical structures, abstraction, refinement.

Computer environments have changed dramatically in recent years, from the large centralised mainframe to the networked collections of workstation style machines. The power of workstations is increasing, but the common paradigms used to manage data on these workstations are still fundamentally the same as those employed by the

Abstract. We present a general framework for defining denotational notion of state. We show how this framework can be used to establish natural relationships between traditional models of concurrency and more recent models based on separation principles. We formulate an intuitively reasonable characterization of when one model of state implements another, and we show that semantics based on related notions of state induce the same notions of partial and total correctness behavior. 1

When proving that a parallel program has a given property it is often convenient to assume that a statement is indivisible, i.e. that the statement cannot be interleaved with the rest of the program. Here sufficient conditions are obtained to show that the assumption that a statement is indivisible can be relaxed and still preserve properties such as halting. Thus correctness proofs of a parallel system can often be greatly simplified.