A Sound and Complete Proof Technique for Linearizability of Concurrent Data Structures

Efficient implementations of data structures such as queues, stacks or hash-tables allow for concurrent access by many processes at the same time. To increase concurrency, these algorithms often completely dispose with locking, or only lock small parts of the structure. Linearizability is the standard correctness criterion for such a scenario—where a concurrent object is linearizable if all of its operations appear to take effect instantaneously some time between their invocation and return. The potential concurrent access to the shared data structure tremendously increases the complexity of the verification problem, and thus current proof techniques for showing linearizability are all tailored to specific types of data structures. In previous work, we have shown how simulation-based proof conditions for linearizability can be used to verify a number of subtle concurrent algorithms. In this article, we now show that conditions based on backward simulation can be used to show linearizability of every linearizable algorithm, that is, we show that our proof technique is both sound and complete. We exemplify our approach by a linearizability proof of a concurrent queue, introduced in Herlihy and Wing's landmark paper on linearizability. Except for their manual proof, none of the numerous other approaches have successfully treated this queue. Our approach is supported by a full mechanisation: both the linearizability proofs for case studies like the queue, and the proofs of soundness and completeness have been carried out with an interactive prover, which is KIV.

[1]  Oleg Travkin,et al.  Proving Linearizability of Multiset with Local Proof Obligations , 2012, Electron. Commun. Eur. Assoc. Softw. Sci. Technol..

[2]  Martín Abadi,et al.  The existence of refinement mappings , 1988, [1988] Proceedings. Third Annual Information Symposium on Logic in Computer Science.

[3]  Howard Bowman,et al.  Weak Refinement in Z , 1997, ZUM.

[4]  Seif Haridi,et al.  Distributed Algorithms , 1992, Lecture Notes in Computer Science.

[5]  Omer Subasi,et al.  Simplifying Linearizability Proofs with Reduction and Abstraction , 2010, TACAS.

[6]  Wim H. Hesselink Universal extensions to simulate specifications , 2008, Inf. Comput..

[7]  Maurice Herlihy,et al.  Linearizability: a correctness condition for concurrent objects , 1990, TOPL.

[8]  Maurice Herlihy,et al.  Proving correctness of highly-concurrent linearisable objects , 2006, PPoPP '06.

[9]  Maurice Herlihy,et al.  A Lazy Concurrent List-Based Set Algorithm , 2007, Parallel Process. Lett..

[10]  F. Vaandrager Forward and Backward Simulations Part I : Untimed Systems , 1993 .

[11]  Bengt Jonsson Using refinement calculus techniques to prove linearizability , 2012, Formal Aspects of Computing.

[12]  John Derrick,et al.  Verifying Linearisability with Potential Linearisation Points , 2011, FM.

[13]  Robert Colvin,et al.  Derivation of a Scalable Lock-Free Stack Algorithm , 2007, Electron. Notes Theor. Comput. Sci..

[14]  Mark Moir,et al.  Using elimination to implement scalable and lock-free FIFO queues , 2005, SPAA '05.

[15]  Eran Yahav,et al.  Verifying linearizability with hindsight , 2010, PODC.

[16]  Eran Yahav,et al.  Comparison Under Abstraction for Verifying Linearizability , 2007, CAV.

[17]  Jim Woodcock,et al.  Using Z - specification, refinement, and proof , 1996, Prentice Hall international series in computer science.

[18]  Thomas A. Henzinger,et al.  Aspect-Oriented Linearizability Proofs , 2013, CONCUR.

[19]  Oleg Travkin,et al.  Two approaches for proving linearizability of multiset , 2014, Sci. Comput. Program..

[20]  Mark Moir,et al.  Formal Verification of a Practical Lock-Free Queue Algorithm , 2004, FORTE.

[21]  Kurt Stenzel,et al.  Structured Specifications and Interactive Proofs with KIV , 1998 .

[22]  John Derrick,et al.  Mechanizing a Correctness Proof for a Lock-Free Concurrent Stack , 2008, FMOODS.

[23]  Cliff B. Jones,et al.  Specification and Design of (Parallel) Programs , 1983, IFIP Congress.

[24]  Gerhard Schellhorn,et al.  Completeness of fair ASM refinement , 2011, Sci. Comput. Program..

[25]  Mark Moir,et al.  Formal Verification of a Lazy Concurrent List-Based Set Algorithm , 2006, CAV.

[26]  Swarat Chaudhuri,et al.  Model Checking of Linearizability of Concurrent List Implementations , 2010, CAV.

[27]  Kai Engelhardt,et al.  Data Refinement: Model-Oriented Proof Methods and their Comparison , 1998 .

[28]  Wolfgang Reif,et al.  Formal Verification of a Lock-Free Stack with Hazard Pointers , 2011, ICTAC.

[29]  Wolfgang Reif,et al.  Temporal Logic Verification of Lock-Freedom , 2010, MPC.

[30]  Gidon Ernst,et al.  RGITL: A temporal logic framework for compositional reasoning about interleaved programs , 2014, Annals of Mathematics and Artificial Intelligence.

[31]  Viktor Vafeiadis,et al.  Modular fine-grained concurrency verification , 2008 .

[32]  Nir Shavit,et al.  Atomic snapshots of shared memory , 1990, JACM.

[33]  Nancy A. Lynch,et al.  Forward and Backward Simulations: I. Untimed Systems , 1995, Inf. Comput..

[34]  John Derrick,et al.  Mechanically verified proof obligations for linearizability , 2011, TOPL.

[35]  Richard Banach,et al.  Atomic actions, and their refinements to isolated protocols , 2009, Formal Aspects of Computing.

[36]  Wim H. Hesselink,et al.  A criterion for atomicity revisited , 2007, Acta Informatica.

[37]  Lindsay Groves Trace-based Derivation of a Lock-Free Queue Algorithm , 2008, Electron. Notes Theor. Comput. Sci..

[38]  Peter W. O'Hearn,et al.  Abstraction for concurrent objects , 2009, Theor. Comput. Sci..

[39]  Gerhard Schellhorn,et al.  Completeness of ASM Refinement , 2008, Refine@FM.

[40]  Perdita Stevens,et al.  Refinement in Z and object-Z: foundations and advanced applications , 2002, Softw. Test. Verification Reliab..

[41]  C. A. R. Hoare,et al.  Data Refinement Refined , 1986, ESOP.

[42]  Robert Colvin,et al.  Formal verification of an array-based nonblocking queue , 2005, 10th IEEE International Conference on Engineering of Complex Computer Systems (ICECCS'05).

[43]  Yu Zhang,et al.  Reasoning about Optimistic Concurrency Using a Program Logic for History , 2010, CONCUR.

[44]  Viktor Vafeiadis,et al.  Modular Safety Checking for Fine-Grained Concurrency , 2007, SAS.

[45]  Viktor Vafeiadis Automatically Proving Linearizability , 2010, CAV.

[46]  Richard J. Lipton,et al.  Reduction: a method of proving properties of parallel programs , 1975, CACM.

[47]  Mark Moir,et al.  Nonblocking Algorithms and Backward Simulation , 2009, DISC.

[48]  Sebastian Burckhardt,et al.  Line-up: a complete and automatic linearizability checker , 2010, PLDI '10.

[49]  John Derrick,et al.  How to Prove Algorithms Linearisable , 2012, CAV.

[50]  Maged M. Michael,et al.  Simple, fast, and practical non-blocking and blocking concurrent queue algorithms , 1996, PODC '96.

[51]  Dominique Cansell,et al.  Formal Construction of a Non-blocking Concurrent Queue Algorithm (a Case Study in Atomicity) , 2005, J. Univers. Comput. Sci..

[52]  Aaron Turon,et al.  A separation logic for refining concurrent objects , 2011, POPL '11.

[53]  Robert Colvin,et al.  Trace-based derivation of a scalable lock-free stack algorithm , 2008, Formal Aspects of Computing.

[54]  Robert Colvin,et al.  Verifying Concurrent Data Structures by Simulation , 2005, Electron. Notes Theor. Comput. Sci..