Mechanically verified proof obligations for linearizability

Derrick, John; Schellhorn, Gerhard; Wehrheim, Heike

doi:10.1145/1889997.1890001

Cited by 49 publications

(82 citation statements)

References 46 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…There has been an enormous amount of interest in deriving techniques for verifying linearizability. These range from using shape analysis [2,4] and separation logic [4] to rely-guarantee reasoning [20] and refinement-based simulation methods [10,7]. Most of this work has been for sequentially consistent architectures, but some work has been done for TSO [3,11,19,9].…”

Section: Coarse-grained Abstractionmentioning

confidence: 99%

“…Below we describe how we adapt the formal definition and proof method for linearizability given in [7]. In the standard definition of linearizability, histories are sequences of events which can be invocations or returns of operations from a set I and performed by a particular process from a set P. On the TSO architecture, operations can be flushes and we assume that a flush is only executed by a CPU process cpu ∈ P, different from all other processes.…”

Section: Linearizability: From Concrete To Intermediate Specificationmentioning

confidence: 99%

“…Let mp(p, m, n, h) denote matching pairs of invocations and returns by process p in history h as in [7]. Its definition requires that h(m) and h(n) are executed by the same process p and are an invocation and return event, respectively, of the same operation.…”

Section: Linearizability: From Concrete To Intermediate Specificationmentioning

confidence: 99%

“…Existing proof methods for showing this include the simulation-based approach in [7]. This is based on showing that the concrete specification is a non-atomic refinement of the abstract one.…”

Section: That Is Operations In Hs Do Not Overlap (Each Invocation Ismentioning

confidence: 99%

See 3 more Smart Citations

Using Coarse-Grained Abstractions to Verify Linearizability on TSO Architectures

Derrick

Smith

Groves

et al. 2014

Hardware and Software: Verification and Testing

Self Cite

View full text Add to dashboard Cite

Abstract. Most approaches to verifying linearizability assume a sequentially consistent memory model, which is not always realised in practice. In this paper we study correctness on a weak memory model: the TSO (Total Store Order) memory model, which is implemented in x86 multicore architectures. Our central result is a proof method that simplifies proofs of linearizability on TSO. This is necessary since the use of local buffers in TSO adds considerably to the verification overhead on top of the already subtle linearizability proofs. The proof method involves constructing a coarse-grained abstraction as an intermediate layer between an abstract description and the concurrent algorithm. This allows the linearizability proof to be split into two smaller components, where the effect of the local buffers in TSO is dealt with at a higher level of abstraction than it would have been otherwise.

show abstract

Section: Coarse-grained Abstractionmentioning

confidence: 99%

Section: Linearizability: From Concrete To Intermediate Specificationmentioning

confidence: 99%

Section: Linearizability: From Concrete To Intermediate Specificationmentioning

confidence: 99%

Section: That Is Operations In Hs Do Not Overlap (Each Invocation Ismentioning

confidence: 99%

See 2 more Smart Citations

Using Coarse-Grained Abstractions to Verify Linearizability on TSO Architectures

Derrick

Smith

Groves

et al. 2014

Hardware and Software: Verification and Testing

Self Cite

View full text Add to dashboard Cite

show abstract

“…Refinement techniques have already proved useful in the verification of linearizability, see [10]. Here, we employ coupled simulations to derive a methodology for showing that fine-grained atomic concurrent algorithms are quiescent consistent, and apply it to prove quiescent consistency of a concurrent queue implementation.…”

Section: Introductionmentioning

confidence: 99%

Quiescent Consistency: Defining and Verifying Relaxed Linearizability

Derrick

Dongol

Schellhorn

et al. 2014

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. Concurrent data structures like stacks, sets or queues need to be highly optimized to provide large degrees of parallelism with reduced contention. Linearizability, a key consistency condition for concurrent objects, sometimes limits the potential for optimization. Hence algorithm designers have started to build concurrent data structures that are not linearizable but only satisfy relaxed consistency requirements. In this paper, we study quiescent consistency as proposed by Shavit and Herlihy, which is one such relaxed condition. More precisely, we give the first formal definition of quiescent consistency, investigate its relationship with linearizability, and provide a proof technique for it based on (coupled) simulations. We demonstrate our proof technique by verifying quiescent consistency of a (nonlinearizable) FIFO queue built using a diffraction tree.

show abstract

Testing for linearizability

Lowe

2016

Concurrency and Computation

View full text Add to dashboard Cite

Summary Linearizability is a well established correctness condition for concurrent datatypes. Informally, a concurrent datatype is linearizable if operation calls appear to have an effect, one at a time, in an order that is consistent with a sequential (specification) datatype, with each operation taking effect between the point at which it is called and when it returns. We present a testing framework for linearizabilty. The basic idea is to generate histories of the datatype randomly, and to test whether each is linearizable. We consider five algorithms—one existing, and four new—for testing whether a history of a concurrent datatype implementation is linearizable. Four of these are generic: they will work with any concurrent datatype for which there is a corresponding sequential specification datatype. The fifth considers specifically a history of a concurrent queue. We also combine algorithms in competition parallel in various ways. We perform an experimental evaluation of the different algorithms. We illustrate that the framework is very effective in finding bugs, and discuss the pragmatics of using the framework. Copyright © 2016 John Wiley & Sons, Ltd.

show abstract

Mechanically verified proof obligations for linearizability

Cited by 49 publications

References 46 publications

Using Coarse-Grained Abstractions to Verify Linearizability on TSO Architectures

Using Coarse-Grained Abstractions to Verify Linearizability on TSO Architectures

Quiescent Consistency: Defining and Verifying Relaxed Linearizability

Testing for linearizability

Contact Info

Product

Resources

About