Automatic Linearizability Proofs of Concurrent Objects with Cooperating Updates

Drăgoi, Cezara; Gupta, Ashutosh; Henzinger, Thomas A.

doi:10.1007/978-3-642-39799-8_11

Cited by 27 publications

(29 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As a result, most work on automatically verifying linearizability (e.g. [2,18,19,1,6]) and some manual verification efforts (e.g., [4,3]) have relied on the simpler technique of forward simulations, even though it is known to be incomplete. The programmer is typically required to annotate each method with its linearization points and then the verifier uses some kind of shape analysis that automatically constructs the simulation relation.…”

Section: Related Workmentioning

confidence: 99%

Aspect-oriented linearizability proofs

Chakraborty¹,

Henzinger²,

Sezgin³

et al. 2015

Logical Methods in Computer Science

View full text Add to dashboard Cite

Abstract. Linearizability of concurrent data structures is usually proved by monolithic simulation arguments relying on the identification of the so-called linearization points. Regrettably, such proofs, whether manual or automatic, are often complicated and scale poorly to advanced non-blocking concurrency patterns, such as helping and optimistic updates.In response, we propose a more modular way of checking linearizability of concurrent queue algorithms that does not involve identifying linearization points. We reduce the task of proving linearizability with respect to the queue specification to establishing four basic properties, each of which can be proved independently by simpler arguments. As a demonstration of our approach, we verify the Herlihy and Wing queue, an algorithm that is challenging to verify by a simulation proof.

show abstract

Section: Related Workmentioning

confidence: 99%

Aspect-oriented linearizability proofs

Chakraborty¹,

Henzinger²,

Sezgin³

et al. 2015

Logical Methods in Computer Science

View full text Add to dashboard Cite

show abstract

“…We next explain how this desired property follows for hide e, from the two inequalities in e's postcondition zip ts 1 res.1 vs 1 ⊆ zip ts 2 vs 2 res.2 · ∪ χ O · ∪ ||m J ||, (14) zip ts 2 res.2 vs 2 ⊆ zip ts 1 vs 1 res.1 · ∪ χ O · ∪ ||m J ||. (15) Notice that (14) and (15) are ultimately instances of the conjunct η ⊆ χ O · ∪ ||m J || that was part of the specification (10), thereby justifying the use of subjective other variables.…”

Section: Verifying Exchanger's Clientmentioning

confidence: 99%

“…We know that dom m J = π S · ∪ π O (from Section 2), that π S = ∅ (from e's postcondition), and that by hiding, π O = χ O = ∅. Thus, towards deriving the postcondition of hide e, we simplify (14) and (15) into:…”

Section: Verifying Exchanger's Clientmentioning

confidence: 99%

“…At the moment, our goal was not to optimize the proof sizes, but to demonstrate that FCSL as a tool is suitable off-the-shelf for machine-checked verification of properties in the spirit of novel correctness conditions [3,23,29]. Therefore, we didn't invest into building advanced tactics [35] for specific classes of programs [53] or properties [5,6,14,52], and we leave developing such automation for future work.…”

Section: Mechanization and Evaluationmentioning

confidence: 99%

See 1 more Smart Citation

Hoare-style specifications as correctness conditions for non-linearizable concurrent objects

Sergey

Nanevski

Banerjee

et al. 2016

Proceedings of the 2016 ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and Applicatio

View full text Add to dashboard Cite

Designing efficient concurrent objects often requires abandoning the standard specification technique of linearizability in favor of more relaxed correctness conditions. However, the variety of alternatives makes it difficult to choose which condition to employ, and how to compose them when using objects specified by different conditions.In this work, we propose a uniform alternative in the form of Hoare logic, which can explicitly capture-in the auxiliary state-the interference of environment threads. We demonstrate the expressiveness of our method by verifying a number of concurrent objects and their clients, which have so far been specified only by non-standard conditions of concurrency-aware linearizability, quiescent, and quantitative quiescent consistency. We report on the implementation of the ideas in an existing Coq-based tool, providing the first mechanized proofs for all the examples in the paper.

show abstract

“…Several semi-automated verification approaches rely on annotating method bodies with linearization points [1,3,8,14,17,20,23] to reduce the otherwise-exponential number of possible linearizations to one single linearization. These methods typically rely on programmer annotation, and do not admit conclusive evidence of a violation in the case of a failed proof.…”

Section: Related Workmentioning

confidence: 99%

Monitoring refinement via symbolic reasoning

Emmi

Enea

Hamza

2015

Proceedings of the 36th ACM SIGPLAN Conference on Programming Language Design and Implementation

View full text Add to dashboard Cite

Efficient implementations of concurrent objects such as semaphores, locks, and atomic collections are essential to modern computing. Programming such objects is error prone: in minimizing the synchronization overhead between concurrent object invocations, one risks the conformance to reference implementations -or in formal terms, one risks violating observational refinement. Precisely testing this refinement even within a single execution is intractable, limiting existing approaches to executions with very few object invocations.We develop scalable and effective algorithms for detecting refinement violations. Our algorithms are founded on incremental, symbolic reasoning, and exploit foundational insights into the refinement-checking problem. Our approach is sound, in that we detect only actual violations, and scales far beyond existing violationdetection algorithms. Empirically, we find that our approach is practically complete, in that we detect the violations arising in actual executions.

show abstract

Automatic Linearizability Proofs of Concurrent Objects with Cooperating Updates

Cited by 27 publications

References 17 publications

Aspect-oriented linearizability proofs

Aspect-oriented linearizability proofs

Hoare-style specifications as correctness conditions for non-linearizable concurrent objects

Monitoring refinement via symbolic reasoning

Contact Info

Product

Resources

About