Simon Bäumler
Skip Abstract Section
Abstract
Abstract
Linearizability is a global correctness criterion for concurrent systems. One technique to prove linearizability is applying a composition theorem which reduces the proof of a property of the overall system to sufficient rely-guarantee conditions for single processes. In this paper, we describe how the temporal logic framework implemented in the KIV interactive theorem prover can be used to model concurrent systems and to prove such a composition theorem. Finally, we show how this generic theorem can be instantiated to prove linearizability of two classic lock-free implementations: a Treiber-like stack and a slightly improved version of Michael and Scott’s queue.
- AC05 Formal construction of a non-blocking concurrent queue algorithm (a case study in atomicity)J Univers Comput Sci2005115744770Google Scholar
- AL95 Conjoining specificationsACM Trans Program Lang Syst19951750753410.1145/203095.201069Google ScholarDigital Library
- ARR+07 Amit D, Rinetzky N, Reps TW, Sagiv M, Yahav E (2007) Comparison under abstraction for verifying linearizability. In: CAV, pp 477–490Google Scholar
- AS87 Recognizing safety and livenessDistrib Comput1987231171260641.6803910.1007/BF01782772Google ScholarDigital Library
- Bal05 Balser M (2005) Verifying concurrent system with symbolic execution—temporal reasoning is symbolic execution with a little induction. PhD thesis, University of Augsburg, Augsburg, GermanyGoogle Scholar
- BBO+99 Bjørner NS, Browne A, Michael A Col On, Finkbeiner B, Sipma HB, Uribe T (1999) Verifying temporal properties of reactive systems: a STeP tutorial. In: Formal methods in system design, vol 16, 2000 pGoogle Scholar
- BBRS08 Balser M, Bäumler S, Reif W, Schellhorn G (2008) Interactive verification of concurrent systems using symbolic execution. In: Proceedings of 7th international workshop of implementation of logics (IWIL 08)Google Scholar
- BLAM+08 Berdine J, Lev-Ami T, Manevich R, Ramalingam G, Sagiv M (2008) Thread quantification for concurrent shape analysis. In: CAV’08. Springer, New YorkGoogle Scholar
- BNBR08 Bäumler S, Nafz F, Balser M, Reif W (2008) Compositional proofs with symbolic execution. In: Beckert B, Klein G (eds) Proceedings of the 5th international verification workshop, vol 372 of Ceur workshop proceedingsGoogle Scholar
- BS03 Abstract state machines—a method for high-level system design and analysis2003New YorkSpringer-Verlag1040.68042Google Scholar
- Bur74 Program proving as hand simulation with a little inductionInf Process197474309312Google Scholar
- CC96 Parallel composition of assumption-commitment specifications: a unifying approach for shared variable and distributed message passing concurrencyActa Inform199633215317610.1007/s0023600500391378918Google ScholarDigital Library
- CDG05 Verifying concurrent data structures by simulationENTCS200513793110Google ScholarDigital Library
- CGP00 Model checking2000CambridgeMIT PressGoogle ScholarDigital Library
- CMZ02 Cau A, Moszkowski B, Zedan H (2002) ITL—interval temporal logic. Software Technology Research Laboratory, SERCentre, De Montfort University, The Gateway, Leicester LE1 9BH, UK. www.cms.dmu.ac.uk/~cau/itlhomepageGoogle Scholar
- CPV07 Calcagno C, Parkinson MJ, Vafeiadis V (2007) Modular safety checking for fine-grained concurrency. In: SAS, pp 233–248Google Scholar
- DGLM04 Doherty S, Groves L, Luchangco V, Moir M (2004) Formal verification of a practical lock-free queue algorithm. In: FORTE 2004, vol 3235 of LNCS, pp 97–114Google Scholar
- Dij65 Solution of a problem in concurrent programming controlCommun ACM19658956910.1145/365559.365617Google ScholarDigital Library
- DOY06 Distefano D, O’Hearn PW, Yang H (2006) A local shape analysis based on separation logic. In: TACAS, vol 3920. Springer, New York, pp 287–302Google Scholar
- dRdBH+01 de Roever W-P, de Boer F, Hannemann U, Hooman J, Lakhnech Y, Poel M, Zwiers J (2001) Concurrency verification: introduction to compositional and noncompositional methods. Number 54 in Cambridge Tracts in Theoretical Computer Science. Cambridge University PressGoogle Scholar
- DSW07 Derrick J, Schellhorn G, Wehrheim H (2007) Proving linearizability via non-atomic refinement. In: IFM, pp 195–214Google Scholar
- DSW08 Derrick J, Schellhorn G, Wehrheim H (2008) Mechanising a correctness proof for a lock-free concurrent stack. In: Prooceedings of FMOODS 2008, Oslo, vol 5051 of LNCS, pp 78–95Google Scholar
- GC07 Derivation of a scalable lock-free stack algorithmElectron Notes Theor Comput Sci2007187557410.1016/j.entcs.2006.08.044Google ScholarDigital Library
- GC09 Trace-based derivation of a scalable lock-free stack algorithmForm Asp Comp2009211–21872231165.6806410.1007/s00165-008-0092-5Google ScholarDigital Library
- GGH07 Lock-free parallel and concurrent garbage collection by mark&sweepSci Comput Program20076433413741178.6852810.1016/j.scico.2006.10.0012312641Google Scholar
- Gur95 Evolving algebras 1993: Lipari guideSpecification and validation methods1995OxfordOxford University Press936Google ScholarDigital Library
- Har84 Dynamic logicHandbook of philosophical logic, vol 21984DordrechtReidel496604Google Scholar
- Hes06 Refinement verification of the lazy caching algorithmActa Inform20064331952221100.6812610.1007/s00236-006-0020-12263643Google ScholarDigital Library
- HSY04 Hendler D, Shavit N, Yerushalmi L (2004) A scalable lock-free stack algorithm. In: SPAA ’04: ACM symposium on parallelism in algorithms and architectures, New York, NY, USA. ACM Press, pp 206–215Google Scholar
- HW90 Linearizability: a correctness condition for concurrent objectsACM Trans Program Lang Syst199012346349210.1145/78969.78972Google ScholarDigital Library
- Jon83 Tentative steps toward a development method for interfering programsACM Trans Program Lang Syst1983545966190517.6803210.1145/69575.69577Google ScholarDigital Library
- JT96 Assumption/guarantee specifications in linear-time temporal logicTheor Comput Sci19961671–247720874.6821010.1016/0304-3975(96)00069-21422510Google ScholarDigital Library
- Kal95 Kalvala S (1995) A formulation of TLA in Isabelle. http://www.research.digital.com/SRC/personal/lamport/tla/tla.html Accessed June 1995Google Scholar
- KIV Web presentation of the composition theorem and the lock-free stack and queue case study in KIV. URL: http://www.informatik.uni-augsburg.de/swt/projects/lock-free.htmlGoogle Scholar
- Lam94 The temporal logic of actionsACM Trans Program Lang Syst199416387292310.1145/177492.177726Google ScholarDigital Library
- Lam06 Lamport L (2006) The +CAL algorithm language. Technical report, MicrosoftGoogle Scholar
- MC81 Misra J, Chandi KM (1981) Proofs of networks of processes. IEEE Trans Softw EngGoogle Scholar
- Mer95 Merz S (1995) Mechanizing TLA in Isabelle. In: Rodošek R (ed) Workshop on verification in new orientations. Univeristy of Maribor, Maribor, pp 54–74Google Scholar
- Mos86 Executing temporal logic programs1986CambridgeCambridge University PressGoogle ScholarDigital Library
- MS96 Michael MM, Scott ML (1996) Simple, fast, and practical non-blocking and blocking concurrent queue algorithms. In: Proceedings of 15th ACM symposium on principles of distributed computing, pp 267–275Google Scholar
- OG76 An axiomatic proof technique for parallel programs IActa Inform197663193400312.6801110.1007/BF00268134413587Google ScholarDigital Library
- PA03 Pnueli A, Arons T (2003) TLPVS: a PVS-based LTL verification system. In: Verification-theory and practice. Proceedings of an international symposium in honor of Zohar Manna’s 64th birthday. Lecture Notes in Computer Science. Springer-Verlag, New York, pp 84–98Google Scholar
- Pre03 The rely-guarantee method in Isabelle/HOLEuropean symposium on programming (ESOP’03), vol 2618 of LNCS2003New YorkSpringer348362Google Scholar
- Rey02 Reynolds JC (2002) Separation logic: a logic for shared mutable data structures. In: LICS ’02: Proceedings of the 17th annual IEEE symposium on logic in computer science, Washington, DC, USA. IEEE Computer Society, pp 55–74Google Scholar
- RSSB98 Reif W, Schellhorn G, Stenzel K, Balser M (1998) Structured specifications and interactive proofs with KIV. In: Bibel W, Schmitt P (eds) Automated deduction—a basis for applications, vol II: systems and implementation techniques, chapter 1: interactive theorem proving. Kluwer Academic Publishers, Dordrecht, pp 13–39Google Scholar
- Tre86 Treiber RK (1986) System programming: coping with parallelism. Technical report RJ 5118. IBM Almaden Research CenterGoogle Scholar
- Vaf07 Vafeiadis V (2007) Modular fine-grained concurrency verification. PhD thesis, University of CambridgeGoogle Scholar
- Vaf09 Vafeiadis V (2009) Shape-value abstraction for verifying linearizability. In: Proceedings VMCAI 2009, vol 5403 of LNCS. Springer, New YorkGoogle Scholar
- VHHS06 Vafeiadis V, Herlihy M, Hoare T, Shapiro M (2006) Proving correctness of highly-concurrent linearisable objects. In: PPoPP ’06: Proceedings of the eleventh ACM SIGPLAN symposium on principles and practice of parallel programming, New York, NY, USA. ACM, pp 129–136Google Scholar
- VP07 Vafeiadis V, Parkinson MJ (2007) A marriage of rely/guarantee and separation logic. In: CONCUR, pp 256–271Google Scholar
Recommendations
Temporal logic verification of lock-freedom
MPC'10: Proceedings of the 10th international conference on Mathematics of program constructionLock-free implementations of data structures try to better utilize the capacity of modern multi-core computers, by increasing the potential to run in parallel. The resulting high degree of possible interference makes verification of these algorithms ...
On temporal logic versus datalog
Logic and complexity in computer scienceWe provide a direct and modular translation from the temporal logics CTL, ETL, FCTL (CTL extended with the ability to express fairness) and the Modal µ-calculus to Monadic inf-Datalog with built-in predicates. We call it inf-Datalog because the ...
Two approaches for proving linearizability of multiset
Linearizability is a key correctness criterion for concurrent software. In our previous work, we have introduced local proof obligations, which, by showing a refinement between an abstract specification and its implementation, imply linearizability of ...
Comments