Model Checking Linearizability via Refinement

Linearizability is an important correctness criterion for implementations of concurrent objects. Automatic checking of linearizability is challenging because it requires checking that 1) all executions of concurrent operations be serializable, and 2) the serialized executions be correct with respect to the sequential semantics. This paper describes a new method to automatically check linearizability based on refinement relations from abstract specifications to concrete implementations. Our method avoids the often difficult task of determining linearization points in implementations, but can also take advantage of linearization points if they are given. The method exploits model checking of finite state systems specified as concurrent processes with shared variables. Partial order reduction is used to effectively reduce the search space. The approach is built into a toolset that supports a rich set of concurrent operators. The tool has been used to automatically check a variety of implementations of concurrent objects, including the first algorithms for the mailbox problem and scalable NonZero indicators. Our system was able to find all known and injected bugs in these implementations.

[1]  David King ER , 2008, BMJ : British Medical Journal.

[2]  Marcos K. Aguilera,et al.  The mailbox problem , 2010, Distributed Computing.

[3]  Kousha Etessami,et al.  Analysis of Recursive Game Graphs Using Data Flow Equations , 2004, VMCAI.

[4]  Viktor Vafeiadis,et al.  Shape-Value Abstraction for Verifying Linearizability , 2008, VMCAI.

[5]  Jun Sun,et al.  PAT: Towards Flexible Verification under Fairness , 2009, CAV.

[6]  Eran Yahav,et al.  Comparison Under Abstraction for Verifying Linearizability , 2007, CAV.

[7]  Mark Moir,et al.  SNZI: scalable NonZero indicators , 2007, PODC '07.

[8]  Jun Sun,et al.  Model Checking CSP Revisited: Introducing a Process Analysis Toolkit , 2008, ISoLA.

[9]  Scott D. Stoller,et al.  Static analysis of atomicity for programs with non-blocking synchronization , 2005, PPoPP.

[10]  Maurice Herlihy,et al.  Proving correctness of highly-concurrent linearisable objects , 2006, PPoPP '06.

[11]  Maged M. Michael,et al.  Nonblocking Algorithms and Preemption-Safe Locking on Multiprogrammed Shared Memory Multiprocessors , 1998, J. Parallel Distributed Comput..

[12]  Jun Sun,et al.  Specifying and Verifying Event-Based Fairness Enhanced Systems , 2008, ICFEM.

[13]  Andrew William Roscoe,et al.  Model-checking CSP , 1994 .

[14]  Alan J. Hu,et al.  Checking for Language Inclusion Using Simulation Preorders , 1991, CAV.

[15]  John Derrick,et al.  Proving Linearizability Via Non-atomic Refinement , 2007, IFM.

[16]  Roman Manevich,et al.  Heap Decomposition for Concurrent Shape Analysis , 2008, SAS.

[17]  Yanhong A. Liu,et al.  Formal Verification of Scalable NonZero Indicators , 2009, SEKE.

[18]  Antti Valmari,et al.  Stubborn set methods for process algebras , 1997, Partial Order Methods in Verification.

[19]  Rajeev Alur,et al.  Model-checking of correctness conditions for concurrent objects , 1996, Proceedings 11th Annual IEEE Symposium on Logic in Computer Science.

[20]  Seif Haridi,et al.  Distributed Algorithms , 1992, Lecture Notes in Computer Science.

[21]  C. A. R. Hoare,et al.  Communicating sequential processes , 1978, CACM.

[22]  George J. Milne,et al.  Correct Hardware Design and Verification Methods , 2003, Lecture Notes in Computer Science.

[23]  Maurice Herlihy,et al.  Linearizability: a correctness condition for concurrent objects , 1990, TOPL.

[24]  Mark Moir,et al.  Formal Verification of a Practical Lock-Free Queue Algorithm , 2004, FORTE.

[25]  Cheng Chen,et al.  A practical nonblocking queue algorithm using compare-and-swap , 2000, Proceedings Seventh International Conference on Parallel and Distributed Systems (Cat. No.PR00568).

[26]  Robert Colvin,et al.  Verifying Concurrent Data Structures by Simulation , 2005, Electron. Notes Theor. Comput. Sci..

[27]  E. Allen Emerson,et al.  From Asymmetry to Full Symmetry: New Techniques for Symmetry Reduction in Model Checking , 1999, CHARME.

[28]  Hagit Attiya,et al.  Distributed Computing: Fundamentals, Simulations and Advanced Topics , 1998 .

[29]  Roman Manevich,et al.  Thread Quantification for Concurrent Shape Analysis , 2008, CAV.

[30]  David de Frutos-Escrig,et al.  Formal Techniques for Networked and Distributed Systems – FORTE 2004 , 2004, Lecture Notes in Computer Science.

[31]  Eran Yahav,et al.  Deriving linearizable fine-grained concurrent objects , 2008, PLDI '08.

[32]  Jun Sun,et al.  Integrating Specification and Programs for System Modeling and Verification , 2009, 2009 Third IEEE International Symposium on Theoretical Aspects of Software Engineering.

[33]  Andrew William Roscoe,et al.  The Theory and Practice of Concurrency , 1997 .

[34]  Alan Bundy,et al.  Constructing Induction Rules for Deductive Synthesis Proofs , 2006, CLASE.

[35]  Heike Wehrheim,et al.  Partial order reductions for failures refinement , 1999, EXPRESS.

[36]  Robert Colvin,et al.  Formal verification of an array-based nonblocking queue , 2005, 10th IEEE International Conference on Engineering of Complex Computer Systems (ICECCS'05).