Using refinement calculus techniques to prove linearizability

Stepwise refinement is a method for systematically transforming a high-level program into an efficiently executable one. A sequence of successively refined programs can also serve as a correctness proof, which makes different mechanisms in the program explicit. We present rules for refinement of multi-threaded shared-variable concurrent programs. We apply our rules to the problem of verifying linearizability of concurrent objects, that are accessed by an unbounded number of concurrent threads. Linearizability is an established correctness criterion for concurrent objects, which states that the effect of each method execution can be considered to occur atomically at some point in time between its invocation and response. We show how linearizability can be expressed in terms of our refinement relation, and present rules for establishing this refinement relation between programs by a sequence of local transformations of method bodies. Contributions include strengthenings of previous techniques for atomicity refinement, as well as an absorption rule, which is particularly suitable for reasoning about concurrent algorithms that implement atomic operations. We illustrate the application of the refinement rules by proving linearizability of Treiber’s concurrent stack algorithm and Michael and Scott’s concurrent queue algorithm.

[1]  Bengt Jonsson,et al.  Compositional specification and verification of distributed systems , 1994, TOPL.

[2]  Ralph-Johan Back A Method for Refining Atomicity in Parallel Algorithms , 1989, PARLE.

[3]  Lindsay Groves Reasoning about Nonblocking Concurrency , 2009, J. Univers. Comput. Sci..

[4]  Ralph-Johan Back,et al.  A calculus of refinements for program derivations , 1988, Acta Informatica.

[5]  Scott D. Stoller,et al.  Static analysis of atomicity for programs with non-blocking synchronization , 2005, PPoPP.

[6]  Maurice Herlihy,et al.  Linearizability: a correctness condition for concurrent objects , 1990, TOPL.

[7]  Leslie Lamport A theorem on atomicity in distributed algorithms , 2005, Distributed Computing.

[8]  Omer Subasi,et al.  Simplifying Linearizability Proofs with Reduction and Abstraction , 2010, TACAS.

[9]  Maged M. Michael,et al.  Simple, fast, and practical non-blocking and blocking concurrent queue algorithms , 1996, PODC '96.

[10]  Nancy A. Lynch,et al.  Hierarchical correctness proofs for distributed algorithms , 1987, PODC '87.

[11]  K. Mani Chandy Parallel program design , 1989 .

[12]  Zvonimir Rakamaric,et al.  A Logic and Decision Procedure for Predicate Abstraction of Heap-Manipulating Programs , 2006, VMCAI.

[13]  Lindsay Groves,et al.  Verifying Michael and Scott's Lock-Free Queue Algorithm using Trace Reduction , 2008, CATS.

[14]  Kaisa Sere,et al.  Stepwise Refinement of Parallel Algorithms , 1990, Sci. Comput. Program..

[15]  Richard J. Lipton,et al.  Reduction: a method of proving properties of parallel programs , 1975, CACM.

[16]  K. Mani Chandy,et al.  Parallel program design - a foundation , 1988 .

[17]  Mark Moir,et al.  DCAS is not a silver bullet for nonblocking algorithm design , 2004, SPAA '04.

[18]  Carroll Morgan,et al.  Programming from specifications , 1990, Prentice Hall International Series in computer science.

[19]  Stephen N. Freund,et al.  Checking Concise Specifications for Multithreaded Software , 2004, J. Object Technol..

[20]  Maged M. Michael,et al.  Correction of a Memory Management Method for Lock-Free Data Structures , 1995 .