Linearizability with Ownership Transfer

Linearizability is a commonly accepted notion of correctness for libraries of concurrent algorithms. Unfortunately, it assumes a complete isolation between a library and its client, with interactions limited to passing values of a given data type. This is inappropriate for common programming languages, where libraries and their clients can communicate via the heap, transferring the ownership of data structures, and can even run in a shared address space without any memory protection. In this paper, we present the first definition of linearizability that lifts this limitation and establish an Abstraction Theorem: while proving a property of a client of a concurrent library, we can soundly replace the library by its abstract implementation related to the original one by our generalisation of linearizability. We also prove that linearizability with ownership transfer can be derived from the classical one if the library does not access some of data structures transferred to it by the client.

[1]  Viktor Vafeiadis,et al.  Modular fine-grained concurrency verification , 2008 .

[2]  Ralph-Johan Back,et al.  On Correct Refinement of Programs , 1981, J. Comput. Syst. Sci..

[3]  Maurice Herlihy,et al.  Linearizability: a correctness condition for concurrent objects , 1990, TOPL.

[4]  Serdar Tasiran,et al.  A calculus of atomic actions , 2009, POPL '09.

[5]  Maurice Herlihy,et al.  The art of multiprocessor programming , 2020, PODC '06.

[6]  Peter W. O'Hearn,et al.  Permission accounting in separation logic , 2005, POPL '05.

[7]  Xinyu Feng,et al.  Deny-Guarantee Reasoning , 2009, ESOP.

[8]  Omer Subasi,et al.  Simplifying Linearizability Proofs with Reduction and Abstraction , 2010, TACAS.

[9]  Hongseok Yang,et al.  Data Refinement with Low-Level Pointer Operations , 2005, APLAS.

[10]  Alexey Gotsman,et al.  Library abstraction for C/C++ concurrency , 2013, POPL.

[11]  Peter W. O'Hearn,et al.  Local Action and Abstract Separation Logic , 2007, 22nd Annual IEEE Symposium on Logic in Computer Science (LICS 2007).

[12]  Peter W. O'Hearn,et al.  Resources, concurrency, and local reasoning , 2007 .

[13]  Eran Yahav,et al.  Comparison Under Abstraction for Verifying Linearizability , 2007, CAV.

[14]  C. A. R. Hoare,et al.  Proof of correctness of data representations , 1972, Acta Informatica.

[15]  Sebastian Burckhardt,et al.  Concurrent Library Correctness on the TSO Memory Model , 2012, ESOP.

[16]  Anindya Banerjee,et al.  Ownership confinement ensures representation independence for object-oriented programs , 2002, JACM.

[17]  Hongseok Yang,et al.  Liveness-Preserving Atomicity Abstraction , 2011, ICALP.

[18]  Cliff B. Jones,et al.  Specification and Design of (Parallel) Programs , 1983, IFIP Congress.

[19]  Hongseok Yang Blaiming the Client: On Data Refinement in the Presence of Pointers , 2010 .

[20]  Peter W. O'Hearn,et al.  Abstraction for concurrent objects , 2009, Theor. Comput. Sci..

[21]  John C. Reynolds,et al.  Types, Abstraction and Parametric Polymorphism , 1983, IFIP Congress.

[22]  Viktor Vafeiadis Automatically Proving Linearizability , 2010, CAV.

[23]  James Noble,et al.  Simple Ownership Types for Object Containment , 2001, ECOOP.

[24]  Amir Pnueli,et al.  In Transition From Global to Modular Temporal Reasoning about Programs , 1989, Logics and Models of Concurrent Systems.

[25]  Aaron Turon,et al.  A separation logic for refining concurrent objects , 2011, POPL '11.

[26]  John C. Reynolds,et al.  Separation logic: a logic for shared mutable data structures , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[27]  Hongseok Yang,et al.  Show No Weakness: Sequentially Consistent Specifications of TSO Libraries , 2012, DISC.

[28]  Keir Fraser,et al.  A Practical Multi-word Compare-and-Swap Operation , 2002, DISC.

[29]  Cliff B. Jones,et al.  Splitting atoms safely , 2007, Theor. Comput. Sci..

[30]  Peter W. O'Hearn,et al.  Blaming the client: on data refinement in the presence of pointers , 2009, Formal Aspects of Computing.