Rely-guarantee (RG) logic uses thread interference specifications (relies and guarantees) to reason about the correctness of multithreaded software. Unfortunately, RG logic requires each function postcondition to be “stabilized” or specialized to the behavior of other threads, making it difficult to write function specifications that are reusable at multiple call sites.

This paper presents Mover Logic, which extends RG logic to address this problem via the notion of atomic functions. Atomic functions behave as if they execute serially without interference from concurrent threads, and so they can be assigned more general and reusable specifications that avoids the stabilization requirement of RG logic. Several practical verifiers (Calvin-R, QED, CIVL, Armada, Anchor, etc.) have demonstrated the modularity benefits of atomic function specifications. However, the complexity of these systems and their correctness proofs makes it challenging to understand and extend these systems. Mover Logic formalizes the central ideas of RG logic and atomic functions in a declarative program logic that provides a rigorous and accessible logical foundation for future work.