Proving linearizability with temporal logic

Linearizability is a global correctness criterion for concurrent systems. One technique to prove linearizability is applying a composition theorem which reduces the proof of a property of the overall system to sufficient rely-guarantee conditions for single processes. In this paper, we describe how the temporal logic framework implemented in the KIV interactive theorem prover can be used to model concurrent systems and to prove such a composition theorem. Finally, we show how this generic theorem can be instantiated to prove linearizability of two classic lock-free implementations: a Treiber-like stack and a slightly improved version of Michael and Scott’s queue.

[1]  Viktor Vafeiadis,et al.  Modular fine-grained concurrency verification , 2008 .

[2]  Rod M. Burstall,et al.  Program Proving as Hand Simulation with a Little Induction , 1974, IFIP Congress.

[3]  John Derrick,et al.  Proving Linearizability Via Non-atomic Refinement , 2007, IFM.

[4]  Antonio Cau,et al.  Parallel composition of assumption-commitment specifications , 2009, Acta Informatica.

[5]  Leslie Lamport,et al.  The +CAL Algorithm Language , 2006, NCA.

[6]  Leonor Prensa Nieto The Rely-Guarantee Method in Isabelle/HOL , 2003, ESOP.

[7]  Maurice Herlihy,et al.  Linearizability: a correctness condition for concurrent objects , 1990, TOPL.

[8]  Dominique Cansell,et al.  Formal Construction of a Non-blocking Concurrent Queue Algorithm (a Case Study in Atomicity) , 2005, J. Univers. Comput. Sci..

[9]  A. Cau,et al.  Parallel composition of assumption-commitment specifications a unifying approach for shared variable and distributed message passing concurrency , 1995 .

[10]  Robert Colvin,et al.  Trace-based derivation of a scalable lock-free stack algorithm , 2008, Formal Aspects of Computing.

[11]  John C. Reynolds,et al.  Separation logic: a logic for shared mutable data structures , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[12]  Mark Moir,et al.  Formal Verification of a Practical Lock-Free Queue Algorithm , 2004, FORTE.

[13]  Jozef Hooman,et al.  Concurrency Verification: Introduction to Compositional and Noncompositional Methods , 2001, Cambridge Tracts in Theoretical Computer Science.

[14]  Edsger W. Dijkstra,et al.  Solution of a problem in concurrent programming control , 1965, CACM.

[15]  Robert Colvin,et al.  Derivation of a Scalable Lock-Free Stack Algorithm , 2007, Electron. Notes Theor. Comput. Sci..

[16]  Bernd Finkbeiner,et al.  Verifying Temporal Properties of Reactive Systems: A STeP Tutorial , 2000, Formal Methods Syst. Des..

[17]  Egon Börger Specification and validation methods , 1995 .

[18]  A. M. Michael,et al.  Irrigation, Theory and Practice , 1978 .

[19]  Cliff B. Jones,et al.  Tentative steps toward a development method for interfering programs , 1983, TOPL.

[20]  Peter W. O'Hearn,et al.  A Local Shape Analysis Based on Separation Logic , 2006, TACAS.

[21]  Viktor Vafeiadis,et al.  Shape-Value Abstraction for Verifying Linearizability , 2008, VMCAI.

[22]  Susan Owicki,et al.  An axiomatic proof technique for parallel programs I , 1976, Acta Informatica.

[23]  Bowen Alpern,et al.  Recognizing safety and liveness , 2005, Distributed Computing.

[24]  Gregory H. Harris,et al.  Review of "Abstract state machines: a method for high-level system design and analysis" by Egon Börger and Robert Stärk. Springer-Verlag 2003. , 2004, SOEN.

[25]  Eran Yahav,et al.  Comparison Under Abstraction for Verifying Linearizability , 2007, CAV.

[26]  Wim H. Hesselink Refinement verification of the lazy caching algorithm , 2006, Acta Informatica.

[27]  Amir Pnueli,et al.  TLPVS: A PVS-Based LTL Verification System , 2003, Verification: Theory and Practice.

[28]  Egon Börger,et al.  Abstract State Machines. A Method for High-Level System Design and Analysis , 2003 .

[29]  Martín Abadi,et al.  Conjoining specifications , 1995, TOPL.

[30]  Bengt Jonsson,et al.  Assumption/Guarantee Specifications in Linear-Time Temporal Logic , 1996, Theor. Comput. Sci..

[31]  Sara Kalvala,et al.  A Formulation of TLA in Isabelle , 1995, TPHOLs.

[32]  Nir Shavit,et al.  A scalable lock-free stack algorithm , 2004, SPAA '04.

[33]  Leslie Lamport,et al.  The temporal logic of actions , 1994, TOPL.

[34]  Michael Balser,et al.  Verifying concurrent systems with symbolic execution: temporal reasoning is symbolic execution with a little induction , 2006 .

[35]  Kurt Stenzel,et al.  Structured Specifications and Interactive Proofs with KIV , 1998 .

[36]  John Derrick,et al.  Mechanizing a Correctness Proof for a Lock-Free Concurrent Stack , 2008, FMOODS.

[37]  Wolfgang Reif,et al.  Interactive Verification of Concurrent Systems using Symbolic Execution , 2010, LPAR Workshops.

[38]  Wolfgang Bibel,et al.  Automated Deduction - A Basis for Applications : Volume II: Systems and Implementation Techniques , 1998 .

[39]  Ben C. Moszkowski,et al.  Executing temporal logic programs , 1986, Seminar on Concurrency.

[40]  Dov M. Gabbay,et al.  Handbook of Philosophical Logic Vol. 10 , 2001 .

[41]  Wolfgang Reif,et al.  Compositional Proofs with Symbolic Execution , 2008, VERIFY.

[42]  Maged M. Michael,et al.  Simple, fast, and practical non-blocking and blocking concurrent queue algorithms , 1996, PODC '96.

[43]  Jerzy Tiuryn,et al.  Dynamic logic , 2001, SIGA.

[44]  K. Mani Chandy,et al.  Proofs of Networks of Processes , 1981, IEEE Transactions on Software Engineering.

[45]  Edsger W. Dijkstra,et al.  Solution of a problem in concurrent programming control , 1965, CACM.

[46]  Viktor Vafeiadis,et al.  Modular Safety Checking for Fine-Grained Concurrency , 2007, SAS.

[47]  ShavitNir,et al.  A scalable lock-free stack algorithm , 2010 .

[48]  J. F. Groote,et al.  Lock-free parallel and concurrent garbage collection by mark&sweep , 2007, Sci. Comput. Program..

[49]  Edmund M. Clarke,et al.  Model Checking , 1999, Handbook of Automated Reasoning.

[50]  Viktor Vafeiadis,et al.  A Marriage of Rely/Guarantee and Separation Logic , 2007, CONCUR.

[51]  Maurice Herlihy,et al.  Proving correctness of highly-concurrent linearisable objects , 2006, PPoPP '06.

[52]  Roman Manevich,et al.  Thread Quantification for Concurrent Shape Analysis , 2008, CAV.

[53]  Yuri Gurevich,et al.  Evolving algebras 1993: Lipari guide , 1995, Specification and validation methods.

[54]  Robert Colvin,et al.  Verifying Concurrent Data Structures by Simulation , 2005, Electron. Notes Theor. Comput. Sci..