Verifying Linearisability

Linearisability is a key correctness criterion for concurrent data structures, ensuring that each history of the concurrent object under consideration is consistent with respect to a history of the corresponding abstract data structure. Linearisability allows concurrent (i.e., overlapping) operation calls to take effect in any order, but requires the real-time order of nonoverlapping to be preserved. The sophisticated nature of concurrent objects means that linearisability is difficult to judge, and hence, over the years, numerous techniques for verifying lineasizability have been developed using a variety of formal foundations such as data refinement, shape analysis, reduction, etc. However, because the underlying framework, nomenclature, and terminology for each method is different, it has become difficult for practitioners to evaluate the differences between each approach, and hence, evaluate the methodology most appropriate for verifying the data structure at hand. In this article, we compare the major of methods for verifying linearisability, describe the main contribution of each method, and compare their advantages and limitations.

[1]  Xinyu Feng,et al.  A rely-guarantee-based simulation for verifying concurrent program transformations , 2012, POPL '12.

[2]  Wolfgang Reif,et al.  A Compositional Proof Method for Linearizability Applied to a Wait-Free Multiset , 2014, IFM.

[3]  Lindsay Groves Reasoning about Nonblocking Concurrency using Reduction , 2007, 12th IEEE International Conference on Engineering Complex Computer Systems (ICECCS 2007).

[4]  John Derrick,et al.  How to Prove Algorithms Linearisable , 2012, CAV.

[5]  共立出版株式会社 コンピュータ・サイエンス : ACM computing surveys , 1978 .

[6]  Nir Shavit,et al.  The SkipTrie: low-depth concurrent search without rebalancing , 2013, PODC '13.

[7]  Maged M. Michael,et al.  Simple, fast, and practical non-blocking and blocking concurrent queue algorithms , 1996, PODC '96.

[8]  Maurice Herlihy,et al.  Linearizability: a correctness condition for concurrent objects , 1990, TOPL.

[9]  Mark Moir,et al.  Formal Verification of a Practical Lock-Free Queue Algorithm , 2004, FORTE.

[10]  Hui Gao,et al.  Verification of a Lock-Free Implementation of Multiword LL/SC Object , 2009, 2009 Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing.

[11]  Wolfgang Reif,et al.  Interactive Verification of Concurrent Systems using Symbolic Execution , 2010, LPAR Workshops.

[12]  Jonathan P. Bowen Formal Specification and Documentation Using Z: A Case Study Approach , 1996 .

[13]  Viktor Vafeiadis,et al.  A Marriage of Rely/Guarantee and Separation Logic , 2007, CONCUR.

[14]  Maurice Herlihy,et al.  Proving correctness of highly-concurrent linearisable objects , 2006, PPoPP '06.

[15]  Nancy A. Lynch,et al.  An introduction to input/output automata , 1989 .

[16]  Peter W. O'Hearn,et al.  Local Reasoning about Programs that Alter Data Structures , 2001, CSL.

[17]  Maged M. Michael,et al.  High performance dynamic lock-free hash tables and list-based sets , 2002, SPAA '02.

[18]  Eran Yahav,et al.  Verifying linearizability with hindsight , 2010, PODC.

[19]  Adrian Colbrook,et al.  Concurrent Data Structures , 1991, ICCI.

[20]  Lindsay Groves Trace-based Derivation of a Lock-Free Queue Algorithm , 2008, Electron. Notes Theor. Comput. Sci..

[21]  Peter W. O'Hearn,et al.  Abstraction for concurrent objects , 2009, Theor. Comput. Sci..

[22]  Philippas Tsigas,et al.  Efficient lock-free binary search trees , 2014, PODC '14.

[23]  Mark Moir,et al.  DCAS is not a silver bullet for nonblocking algorithm design , 2004, SPAA '04.

[24]  D. M. Hutton,et al.  The Art of Multiprocessor Programming , 2008 .

[25]  Natarajan Shankar,et al.  PVS: Combining Specification, Proof Checking, and Model Checking , 1996, FMCAD.

[26]  Leslie Lamport,et al.  How to Make a Correct Multiprocess Program Execute Correctly on a Multiprocessor , 1997, IEEE Trans. Computers.

[27]  Calton Pu,et al.  A Lock-Free Multiprocessor OS Kernel (Abstract) , 1992, ACM SIGOPS Oper. Syst. Rev..

[28]  D. Friggens On the Use of Model Checking for the Bounded and Unbounded Verification  of Nonblocking Concurrent Data Structures , 2013 .

[29]  Ralph-Johan Back,et al.  Refinement Calculus , 1998, Graduate Texts in Computer Science.

[30]  Sarita V. Adve,et al.  Shared Memory Consistency Models: A Tutorial , 1996, Computer.

[31]  Yehuda Afek,et al.  Quasi-Linearizability: Relaxed Consistency for Improved Concurrency , 2010, OPODIS.

[32]  Keir Fraser,et al.  Concurrent programming without locks , 2007, TOCS.

[33]  Cliff B. Jones,et al.  Tentative steps toward a development method for interfering programs , 1983, TOPL.

[34]  Michel Raynal,et al.  Atomic Consistency (Linearizability) , 2013 .

[35]  Seif Haridi,et al.  Distributed Algorithms , 1992, Lecture Notes in Computer Science.

[36]  Robert Colvin,et al.  Formal verification of an array-based nonblocking queue , 2005, 10th IEEE International Conference on Engineering of Complex Computer Systems (ICECCS'05).

[37]  Robert Colvin,et al.  Verifying Concurrent Data Structures by Simulation , 2005, Electron. Notes Theor. Comput. Sci..

[38]  Wolfgang Reif,et al.  Proving linearizability with temporal logic , 2009, Formal Aspects of Computing.

[39]  Kurt Stenzel,et al.  The KIV System: A Tool for Formal Program Development , 1993, STACS.

[40]  Ben C. Moszkowski,et al.  Compositional Reasoning Using Interval Temporal Logic and Tempura , 1997, COMPOS.

[41]  Ana Sokolova,et al.  Quantitative relaxation of concurrent data structures , 2013, POPL.

[42]  Rachid Guerraoui,et al.  Fault-Tolerance by Replication in Distributed Systems , 1996, Ada-Europe.

[43]  Timothy L. Harris,et al.  A Pragmatic Implementation of Non-blocking Linked-Lists , 2001, DISC.

[44]  Mark Moir,et al.  Formal Verification of a Lazy Concurrent List-Based Set Algorithm , 2006, CAV.

[45]  John Derrick,et al.  Using Coupled Simulations in Non-atomic Refinement , 2003, ZB.

[46]  Thomas A. Henzinger,et al.  Automatic Linearizability Proofs of Concurrent Objects with Cooperating Updates , 2013, CAV.

[47]  Brijesh Dongol Formalising Progress Properties of Non-blocking Programs , 2006, ICFEM.

[48]  Kai Engelhardt,et al.  Data Refinement: Model-Oriented Proof Methods and their Comparison , 1998 .

[49]  Dominique Cansell,et al.  Formal Construction of a Non-blocking Concurrent Queue Algorithm (a Case Study in Atomicity) , 2005, J. Univers. Comput. Sci..

[50]  Viktor Vafeiadis,et al.  Modular fine-grained concurrency verification , 2008 .

[51]  Nancy A. Lynch,et al.  Forward and Backward Simulations: I. Untimed Systems , 1995, Inf. Comput..

[52]  John Derrick,et al.  Mechanically verified proof obligations for linearizability , 2011, TOPL.

[53]  Stephan van Staden On Rely-Guarantee Reasoning , 2015, MPC.

[54]  Viktor Vafeiadis,et al.  Proving that non-blocking algorithms don't block , 2009, POPL '09.

[55]  Lindsay Groves,et al.  Verifying Michael and Scott's Lock-Free Queue Algorithm using Trace Reduction , 2008, CATS.

[56]  Richard J. Lipton,et al.  Reduction: a method of proving properties of parallel programs , 1975, CACM.

[57]  N. Lynch,et al.  Forward and backward simulations , 1993 .

[58]  Neil D. Jones,et al.  A flexible approach to interprocedural data flow analysis and programs with recursive data structures , 1982, POPL '82.

[59]  Viktor Vafeiadis Automatically Proving Linearizability , 2010, CAV.

[60]  Carroll Morgan,et al.  A single complete rule for data refinement , 1993, Formal Aspects of Computing.

[61]  J. F. Groote,et al.  Lock-free parallel and concurrent garbage collection by mark&sweep , 2007, Sci. Comput. Program..

[62]  Brijesh Dongol,et al.  Progress-based verification and derivation of concurrent programs , 2009 .

[63]  Robert Colvin,et al.  Derivation of a Scalable Lock-Free Stack Algorithm , 2007, Electron. Notes Theor. Comput. Sci..

[64]  Xinyu Feng,et al.  Characterizing Progress Properties of Concurrent Objects via Contextual Refinements , 2013, CONCUR.

[65]  Yanhong A. Liu,et al.  Verifying Linearizability via Optimized Refinement Checking , 2013, IEEE Transactions on Software Engineering.

[66]  Graeme Smith,et al.  The Object-Z Specification Language , 1999, Advances in Formal Methods.

[67]  Cheng Chen,et al.  A practical nonblocking queue algorithm using compare-and-swap , 2000, Proceedings Seventh International Conference on Parallel and Distributed Systems (Cat. No.PR00568).

[68]  John Derrick,et al.  Quiescent Consistency: Defining and Verifying Relaxed Linearizability , 2014, FM.

[69]  Omer Subasi,et al.  Simplifying Linearizability Proofs with Reduction and Abstraction , 2010, TACAS.

[70]  Tayfun Elmas QED: a proof system based on reduction and abstraction for the static verification of concurrent software , 2010, 2010 ACM/IEEE 32nd International Conference on Software Engineering.

[71]  Aaron Turon,et al.  A separation logic for refining concurrent objects , 2011, POPL '11.

[72]  Robert Colvin,et al.  Trace-based derivation of a scalable lock-free stack algorithm , 2008, Formal Aspects of Computing.

[73]  Hui Gao,et al.  Lock-free dynamic hash tables with open addressing , 2003, Distributed Computing.

[74]  John C. Reynolds,et al.  Separation logic: a logic for shared mutable data structures , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[75]  John Derrick,et al.  Non-atomic Refinement in Z and CSP , 2005, ZB.

[76]  John Derrick,et al.  Defining Correctness Conditions for Concurrent Objects in Multicore Architectures , 2015, ECOOP.

[77]  Eran Yahav,et al.  Comparison Under Abstraction for Verifying Linearizability , 2007, CAV.

[78]  Hongseok Yang,et al.  Parameterised Linearisability , 2014, ICALP.

[79]  H. Gao,et al.  A general lock-free algorithm using compare-and-swap , 2007, Inf. Comput..

[80]  Francois Pacull,et al.  R-linearizability: an extension of linearizability to replicated objects , 1993, 1993 4th Workshop on Future Trends of Distributed Computing Systems.

[81]  Rod M. Burstall,et al.  Program Proving as Hand Simulation with a Little Induction , 1974, IFIP Congress.

[82]  Gidon Ernst,et al.  Interleaved Programs and Rely-Guarantee Reasoning with ITL , 2011, 2011 Eighteenth International Symposium on Temporal Representation and Reasoning.

[83]  Maurice Herlihy,et al.  A Lazy Concurrent List-Based Set Algorithm , 2007, Parallel Process. Lett..

[84]  Keir Fraser,et al.  A Practical Multi-word Compare-and-Swap Operation , 2002, DISC.

[85]  Wolfgang Reif,et al.  Formal Verification of a Lock-Free Stack with Hazard Pointers , 2011, ICTAC.

[86]  John Derrick,et al.  A Sound and Complete Proof Technique for Linearizability of Concurrent Data Structures , 2014, TOCL.

[87]  Jozef Hooman,et al.  Concurrency Verification: Introduction to Compositional and Noncompositional Methods , 2001, Cambridge Tracts in Theoretical Computer Science.

[88]  Jean-Raymond Abrial,et al.  Modeling in event-b - system and software engineering by Jean-Raymond Abrial , 2010, SOEN.

[89]  Wolfgang Reif,et al.  Temporal Logic Verification of Lock-Freedom , 2010, MPC.

[90]  Panos K. Chrysanthis,et al.  In Search of Acceptability Citeria: Database Consistency Requirements and Transaction Correctness properties , 1992, IWDOM.

[91]  Mark Moir,et al.  Using elimination to implement scalable and lock-free FIFO queues , 2005, SPAA '05.

[92]  Viktor Vafeiadis,et al.  Shape-Value Abstraction for Verifying Linearizability , 2008, VMCAI.

[93]  Susan Owicki,et al.  An axiomatic proof technique for parallel programs I , 1976, Acta Informatica.

[94]  Calton Pu,et al.  A Lock-Free Multiprocessor OS Kernel , 1992, OPSR.

[95]  Thomas A. Henzinger,et al.  Aspect-Oriented Linearizability Proofs , 2013, CONCUR.

[96]  Simon Doherty Modelling and Verifying Non-blocking Algorithms that Use Dynamically Allocated Memory , 2004 .

[97]  Alan Burns,et al.  Comparing Degrees of Non-Determinism in Expression Evaluation , 2013, Comput. J..

[98]  Marc Shapiro,et al.  Eventual Consistency , 2009, Encyclopedia of Database Systems.

[99]  Radha Jagadeesan,et al.  Between Linearizability and Quiescent Consistency - Quantitative Quiescent Consistency , 2014, ICALP.

[100]  G. Lipari On the nature of progress , 2011 .

[101]  Ben C. Moszkowski,et al.  A complete axiomatization of interval temporal logic with infinite time , 2000, Proceedings Fifteenth Annual IEEE Symposium on Logic in Computer Science (Cat. No.99CB36332).

[102]  Lindsay Groves Reasoning about Nonblocking Concurrency , 2009, J. Univers. Comput. Sci..

[103]  Eran Yahav,et al.  Deriving linearizable fine-grained concurrent objects , 2008, PLDI '08.

[104]  Xinyu Feng,et al.  A Structural Approach to Prophecy Variables , 2012, TAMC.

[105]  Hongseok Yang,et al.  Linearizability with Ownership Transfer , 2012, CONCUR.

[106]  John Derrick,et al.  Simplifying proofs of linearisability using layers of abstraction , 2013, Electron. Commun. Eur. Assoc. Softw. Sci. Technol..

[107]  Martín Abadi,et al.  The existence of refinement mappings , 1988, [1988] Proceedings. Third Annual Information Symposium on Logic in Computer Science.

[108]  Kenneth P. Birman,et al.  Maintaining consistency in distributed systems , 1992, EW 5.

[109]  Nir Shavit Data structures in the multicore age , 2011, CACM.

[110]  Michel Raynal,et al.  Distributed Algorithms for Message-Passing Systems , 2013, Springer Berlin Heidelberg.

[111]  Eran Yahav,et al.  Experience with Model Checking Linearizability , 2009, SPIN.

[112]  Serdar Tasiran,et al.  A calculus of atomic actions , 2009, POPL '09.

[113]  Nir Shavit,et al.  A scalable lock-free stack algorithm , 2004, SPAA '04.

[114]  Xinyu Feng,et al.  Modular verification of linearizability with non-fixed linearization points , 2013, PLDI 2013.

[115]  Bengt Jonsson Using refinement calculus techniques to prove linearizability , 2012, Formal Aspects of Computing.

[116]  John Derrick,et al.  Verifying Linearisability with Potential Linearisation Points , 2011, FM.

[117]  John Derrick,et al.  Admit Your Weakness: Verifying Correctness on TSO Architectures , 2014, FACS.

[118]  Yanhong A. Liu,et al.  Model Checking Linearizability via Refinement , 2009, FM.