Model Checking a Lazy Concurrent List-Based Set Algorithm

Zhang, Shao Jie; Liu, Yang

doi:10.1109/ssiri.2010.37

Cited by 4 publications

(4 citation statements)

References 15 publications

(27 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…10 The increased model checking time is due to the large number of fired rules and state space explored. This is due to the large number of interleavings due to fine-grained synchronization and is consistent with similar scalability challenges faced by other model checking efforts in this domain [4,22,24,25].…”

Section: Methodssupporting

confidence: 85%

“…Further, in practice, we were only able to scale to a small number of list nodes. This, we believe was primarily due to the large number of interleavings in the execution of concurrent data structures and is consistent with the limited success of other model checking based efforts for concurrent data structures [4,22,24,25]. The limited scalability in bounding the number of list nodes motivated us to study possible extensions of the CMP method approach in order to model check Linearizability for data structures with an unbounded list size as well.…”

Section: Introductionsupporting

confidence: 59%

“…Among model checking approaches, Vechev et al [22] describe their experience with verifying Linearizability using the SPIN model checker. Similarly, the work by Zhang et al [24,25] and Liu et al [11] also performs model checking to verify concurrent data structures. Both these approaches use a refinement based proof approach and scale to not more than a small number of threads and list nodes.…”

Section: Related Workmentioning

confidence: 99%

See 2 more Smart Citations

Model checking unbounded concurrent lists

Sethi

Talupur

Malik

2015

Int J Softw Tools Technol Transfer

View full text Add to dashboard Cite

We present a method for model checking list-based concurrent data structures. These data structures, increasingly available in libraries such as Intel Thread Building blocks and Java.util.concurrent (JSR), are notorious for being error prone. This stems from the usage of sophisticated synchronization techniques in their implementation for high efficiency. This efficiency comes at the cost of increasing the number of possible thread interleavings during execution, thus making them hard to verify. Consequently, the verification of concurrent data structures has been of interest to the formal methods community. Concurrent data structures are unbounded in two dimensions: the list size is unbounded and an unbounded number of threads access them. Thus, their model checking requires abstraction to a model bounded in both the dimensions. In previous work, we showed how the unbounded threads can be model checked by using the CMP (CoMPositional) method. The method abstracted the unbounded threads by keeping one thread as is and abstracting all the other threads to a single environment thread. Next, this abstraction was iteratively refined by the user in order to prove correctness. However, in that work we assumed that the number of list elements were bounded to a fixed value. In practice this fixed value was small; model checking could only complete for small sized lists. In this work, we overcome this limitation and model check the unbounded list as well. Our method has the same flavor as the CMP method in the thread dimension, but differs significantly in the list dimension. In the list dimension, our method constructs an abstraction of the unbounded list by keeping the nodes pointed to by the pointers in the model as is (referred to as concrete nodes), and abstracting away chains of all the nodes which are not pointed to by any pointers to abstract nodes. Since the accesses to the abstract nodes return non-deterministic field values, the abstraction may have to be refined to constrain these values. This is accomplished by the iterative addition of lemmas by the user. We show the soundness of our method and establish its utility by model checking challenging concurrent data structure examples.

show abstract

Section: Methodssupporting

confidence: 85%

Section: Introductionsupporting

confidence: 59%

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Model checking unbounded concurrent lists

Sethi

Talupur

Malik

2015

Int J Softw Tools Technol Transfer

View full text Add to dashboard Cite

show abstract

“…Similarly, the work by Zhang et al [24,25] and Liu et al [11] also performs model checking to verify concurrent data structures. Both these approaches use a refinement based proof approach and scale to not more than a small number of threads and list nodes.…”

Section: Related Workmentioning

confidence: 99%

Model Checking Unbounded Concurrent Lists

Sethi

Talupur²,

Malik

2013

Model Checking Software

View full text Add to dashboard Cite

Abstract. We present a method for model checking list-based concurrent data structures. These data structures, increasingly available in libraries such as Intel Thread Building blocks and Java.util.concurrent (JSR), are notorious for being error prone. This stems from the usage of sophisticated synchronization techniques in their implementation for high efficiency. This efficiency comes at the cost of increasing the number of possible thread interleavings during execution, thus making them hard to verify. Consequently, the verification of concurrent data structures has been of interest to the formal methods community. Concurrent data structures are unbounded in two dimensions: the list size is unbounded and an unbounded number of threads access them. Thus, their model checking requires abstraction to a model bounded in both the dimensions. In previous work, we showed how the unbounded threads can be model checked by using the CMP (CoMPositional) method. The method abstracted the unbounded threads by keeping one thread as is and abstracting all the other threads to a single environment thread. Next, this abstraction was iteratively refined by the user in order to prove correctness. However, in that work we assumed that the number of list elements were bounded to a fixed value. In practice this fixed value was small; model checking could only complete for small sized lists. In this work, we overcome this limitation and model check the unbounded list as well. Our method has the same flavor as the CMP method in the thread dimension, but differs significantly in the list dimension. In the list dimension, our method constructs an abstraction of the unbounded list by keeping the nodes pointed to by the pointers in the model as is (referred to as concrete nodes), and abstracting away chains of all the nodes which are not pointed to by any pointers to abstract nodes. Since the accesses to the abstract nodes return non-deterministic field values, the abstraction may have to be refined to constrain these values. This is accomplished by the iterative addition of lemmas by the user. We show the soundness of our method and establish its utility by model checking challenging concurrent data structure examples.

show abstract