Proving highly-concurrent traversals correct

Feldman, Yotam M. Y.; Khyzha, Artem; Enea, Constantin; Morrison, Adam; Nanevski, Aleksandar; Rinetzky, Noam; Shoham, Sharon

doi:10.1145/3428196

Cited by 9 publications

(4 citation statements)

References 67 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We assume that it is abstracted with the postcondition at line 3 in insert stating that y is the successor of x, the input k is in between x.key and y.key, and that at some point between the invocation of the operation and "now", x resides on a valid search path for k that starts at the head of the list, denoted as ⋅ head k → x. Recent work [9,10] shows that this postcondition can be derived easily by showing that roughly, list nodes are never updated once they become unreachable. Therefore, the implementations of insert and delete are as follows:…”

Section: E Layers Of the List Setmentioning

confidence: 99%

The Commutativity Quotients of Concurrent Objects

Constantin¹,

Fathololumi²,

Koskinen³

2023

Preprint

View full text Add to dashboard Cite

Concurrent objects form the foundation of many applications that exploit multicore architectures. Reasoning about the fine-grained complexities (interleavings, invariants, etc.) of those data structures, however, is notoriously difficult. Formal proof methodologies for arguing about the correctness-i.e., linearizability-of these data structures are still somewhat disconnected from the intuitive correctness arguments.Intuitions are often about a few canonical executions, possibly with few threads, whereas formal proofs would often use generic but complex arguments about arbitrary interleavings over unboundedly many threads. As a way to bring formal proofs closer to intuitive arguments, we introduce a new methodology for characterizing the interleavings of concurrent objects, based on their commutativity quotient. This quotient represents every interleaving up to reordering of commutative steps and, when chosen carefully, admits simple abstractions in the form of regular or context-free languages that enable simple proofs of linearizability. We demonstrate these facts on a large class of lock-free data structures and the infamously difficult Herlihy-Wing Queue. We automate the discovery of these execution quotients and show it can be automatically done for challenging data-structures such as Treiber's stack, Michael/Scott Queue, and a concurrent Set implemented as a linked list.

show abstract

Section: E Layers Of the List Setmentioning

confidence: 99%

The Commutativity Quotients of Concurrent Objects

Constantin¹,

Fathololumi²,

Koskinen³

2023

Preprint

View full text Add to dashboard Cite

show abstract

“…There has been a great deal of work on linearizability verification [15][16][17][18][19][20][21][22][23][24][25][26][27][28][29][30][31][32][33][34]. However, proving linearizability of sophisticated concurrent data structures is still challenging.…”

Section: Related Work and Conclusionmentioning

confidence: 99%

Proving Linearizability Using Linearizations of Delete Operations

Wen

Peng

Song

2023

Preprint

View full text Add to dashboard Cite

Linearizability is a commonly accepted correctness criterion for concurrent data structures. Concurrent queues and stacks are among themost fundamental concurrent data structures. In this paper, we presentnecessary and sufficient conditions for proving linearizability of concurrent queues and stacks, which make use of linearizations of dequeueand pop operations. The verification conditions intuitively express the FIFO/LIFO semantics of concurrent queues/stacks and can be verified just by reasoning about the happened-before order of operations. Wehave successfully applied the proof technique to prove 9 challenging concurrent queues and stacks and optimize the TS queue. We believe thatour proof technique can be extended to the concurrent data structureswhich have the ordering requirements when their elements are removed.

show abstract

“…Moreover, searches have fixed linearization points. This structure can therefore be handled, in principle, using the single-copy framework of Krishna et al [2020a] (by building on the formalization of the RCU semantics developed in [Gotsman et al 2013] and the high-level proof idea for the Citrus tree of Feldman et al [2020]).…”

Section: Related Workmentioning

confidence: 99%

“…Several other works present generic proof arguments for verifying concurrent traversals of search structures that involve dynamic linearization points [Drachsler-Cohen et al 2018;Feldman et al 2018Feldman et al , 2020O'Hearn et al 2010]. However, these approaches focus on single-copy structures and rely on global reasoning based on graph reachability.…”

Section: Related Workmentioning

confidence: 99%

Verifying concurrent multicopy search structures

Patel

Krishna

Shasha

et al. 2021

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

Multicopy search structures such as log-structured merge (LSM) trees are optimized for high insert/update/delete (collectively known as upsert) performance. In such data structures, an upsert on key k , which adds ( k , v ) where v can be a value or a tombstone, is added to the root node even if k is already present in other nodes. Thus there may be multiple copies of k in the search structure. A search on k aims to return the value associated with the most recent upsert. We present a general framework for verifying linearizability of concurrent multicopy search structures that abstracts from the underlying representation of the data structure in memory, enabling proof-reuse across diverse implementations. Based on our framework, we propose template algorithms for (a) LSM structures forming arbitrary directed acyclic graphs and (b) differential file structures, and formally verify these templates in the concurrent separation logic Iris. We also instantiate the LSM template to obtain the first verified concurrent in-memory LSM tree implementation.

show abstract

Proving highly-concurrent traversals correct

Cited by 9 publications

References 67 publications

The Commutativity Quotients of Concurrent Objects

The Commutativity Quotients of Concurrent Objects

Proving Linearizability Using Linearizations of Delete Operations

Verifying concurrent multicopy search structures

Contact Info

Product

Resources

About