Proving Opacity of a Pessimistic STM

Transactional Memory (TM) is a high-level programming abstraction for concurrency control that provides programmers with the illusion of atomically executing blocks of code, called transactions. TMs come in two categories, optimistic and pessimistic, where in the latter transactions never abort. While this simplifies the programming model, high-performing pessimistic TMs can be complex. In this paper, we present the first formal verification of a pessimistic software TM algorithm, namely, an algorithm proposed by Matveev and Shavit. The correctness criterion used is opacity, formalising the transactional atomicity guarantees. We prove that this pessimistic TM is a refinement of an intermediate opaque I/O-automaton, known as TMS2. To this end, we develop a rely-guarantee approach for reducing the complexity of the proof. Proofs are mechanised in the interactive prover Isabelle.

[1]  Rupak Majumdar,et al.  Parameterized verification of transactional memories , 2010, PLDI '10.

[2]  Amir Pnueli,et al.  Mechanical Verification of Transactional Memories with Non-transactional Memory Accesses , 2008, CAV.

[3]  Sathya Peri,et al.  Opacity proof for CaPR+ algorithm , 2015, ICDCN.

[4]  Gokcen Kestor,et al.  Verification Tools for Transactional Programs , 2015, Transactional Memory.

[5]  N. Lynch,et al.  Forward and backward simulations , 1993 .

[6]  Olaf Müller,et al.  I/O Automata and Beyond: Temporal Logic and Abstraction in Isabelle , 1998, TPHOLs.

[7]  Yu Zhang,et al.  Formal Reasoning About Lazy-STM Programs , 2010, Journal of Computer Science and Technology.

[8]  Lawrence Charles Paulson,et al.  Isabelle/HOL: A Proof Assistant for Higher-Order Logic , 2002 .

[9]  Oleg Travkin,et al.  Towards a Thread-Local Proof Technique for Starvation Freedom , 2016, IFM.

[10]  Cliff B. Jones,et al.  Specification and Design of (Parallel) Programs , 1983, IFIP Congress.

[11]  Rachid Guerraoui,et al.  Completeness and Nondeterminism in Model Checking Transactional Memories , 2008, CONCUR.

[12]  M. Lesani Putting Opacity in its Place , 2012 .

[13]  Rachid Guerraoui,et al.  On the correctness of transactional memory , 2008, PPoPP.

[14]  Nancy A. Lynch,et al.  Hierarchical correctness proofs for distributed algorithms , 1987, PODC '87.

[15]  Wehrheim Heike,et al.  Isabelle files for verification of a pessimistic STM algorithm , 2016 .

[16]  J. Michael Spivey,et al.  The Z notation - a reference manual , 1992, Prentice Hall International Series in Computer Science.

[17]  Rachid Guerraoui,et al.  Model checking transactional memories , 2008, PLDI '08.

[18]  Nir Shavit,et al.  Software transactional memory , 1995, PODC '95.

[19]  Mohsen Lesani,et al.  On the Correctness of Transactional Memory Algorithms , 2014 .

[20]  Rachid Guerraoui,et al.  Principles of Transactional Memory , 2010, Synthesis Lectures on Distributed Computing Theory.

[21]  Nir Shavit,et al.  Towards a Fully Pessimistic STM Model , 2012 .

[22]  John Derrick,et al.  Verifying Linearisability , 2015, ACM Comput. Surv..

[23]  Mark Moir,et al.  A Framework for Formally Verifying Software Transactional Memory Algorithms , 2012, CONCUR.

[24]  Nir Shavit,et al.  Pessimistic Software Lock-Elision , 2012, DISC.

[25]  Amir Pnueli,et al.  Verifying Correctness of Transactional Memories , 2007, Formal Methods in Computer Aided Design (FMCAD'07).

[26]  John Derrick,et al.  Verifying Opacity of a Transactional Mutex Lock , 2015, FM.

[27]  James R. Larus,et al.  Transactional Memory, 2nd edition , 2010, Transactional Memory.

[28]  Mark Moir,et al.  Towards formally specifying and verifying transactional memory , 2009, Formal Aspects of Computing.

[29]  Hagit Attiya,et al.  A programming language perspective on transactional memory consistency , 2013, PODC '13.

[30]  Susan Owicki,et al.  An axiomatic proof technique for parallel programs I , 1976, Acta Informatica.

[31]  Rachid Guerraoui,et al.  Model checking transactional memories , 2010, Distributed Computing.