research-article

Open access

A Universal, Sound, and Complete Forward Reasoning Technique for Machine-Verified Proofs of Linearizability

Authors:

Prasad Jayanti,

Siddhartha Jayanti,

Lizzie HernandezAuthors Info & Claims

Proceedings of the ACM on Programming Languages, Volume 8, Issue POPL

Article No.: 82, Pages 2456 - 2484

https://doi.org/10.1145/3632924

Published: 05 January 2024 Publication History

Abstract

We introduce simple, universal, sound, and complete proof methods for producing machine-verifiable proofs of linearizability and strong linearizability. Universality means that our method works for any object type; soundness means that an algorithm can be proved correct by our method only if it is linearizable (resp. strong linearizable); and completeness means that any linearizable (resp. strong linearizable) implementation can be proved so using our method. We demonstrate the simplicity and power of our method by producing proofs of linearizability for the Herlihy-Wing queue and Jayanti’s single-scanner snapshot, as well as a proof of strong linearizability of the Jayanti-Tarjan union-find object. All three of these proofs are machine-verified by TLAPS (the TLA+ Proof System).

References

[1]

M. Abadi and L. Lamport. The existence of refinement mappings. Theoretical Computer Science, 82 (2): 253–284, 1991. ISSN 0304-3975. URL https://www.sciencedirect.com/science/article/pii/030439759190224-P.

[2]

P. A. Abdulla, F. Haziza, L. Holík, B. Jonsson, and A. Rezine. An integrated specification and verification technique for highly concurrent data structures. International Journal on Software Tools for Technology Transfer, 19 (5): 549–563, Oct 2017. ISSN 1433-2787.

[3]

M. K. Aguilera and S. Frølund. Strict linearizability and the power of aborting. Technical Report HPL-2003-241, Hewlett-Packard Labs, 2003.

[4]

D. Amit, N. Rinetzky, T. W. Reps, M. Sagiv, and E. Yahav. Comparison under abstraction for verifying linearizability. In W. Damm and H. Hermanns, editors, Computer Aided Verification, 19th International Conference, CAV 2007, Berlin, Germany, July 3-7, 2007, Proceedings, volume 4590 of Lecture Notes in Computer Science, pages 477–490. Springer, 2007.

[5]

H. Attiya and C. Enea. Putting strong linearizability in context: Preserving hyperproperties in programs that use concurrent objects. In J. Suomela, editor, 33rd International Symposium on Distributed Computing, DISC 2019, October 14-18, 2019, Budapest, Hungary, volume 146 of LIPIcs, pages 2:1–2:17. Schloss Dagstuhl - Leibniz-Zentrum für Informatik, 2019.

[6]

H. Attiya, O. Ben-Baruch, and D. Hendler. Nesting-safe recoverable linearizability: Modular constructions for non-volatile memory. In Proceedings of the 2018 ACM Symposium on Principles of Distributed Computing, PODC ’18, page 7–16, New York, NY, USA, 2018. Association for Computing Machinery. ISBN 9781450357951.

[7]

H. Attiya, C. Enea, and J. L. Welch. Impossibility of strongly-linearizable message-passing objects via simulation by single-writer registers. In S. Gilbert, editor, 35th International Symposium on Distributed Computing, DISC 2021, October 4-8, 2021, Freiburg, Germany (Virtual Conference), volume 209 of LIPIcs, pages 7:1–7:18. Schloss Dagstuhl - Leibniz-Zentrum für Informatik, 2021.

[8]

R. Berryhill, W. M. Golab, and M. Tripunitara. Robust shared objects for non-volatile main memory. In E. Anceaume, C. Cachin, and M. G. Potop-Butucaru, editors, 19th International Conference on Principles of Distributed Systems, OPODIS 2015, December 14-17, 2015, Rennes, France, volume 46 of LIPIcs, pages 20:1–20:17. Schloss Dagstuhl - Leibniz-Zentrum für Informatik, 2015.

[9]

V. Bloemen, A. Laarman, and J. van de Pol. Multi-core on-the-fly SCC decomposition. In Proceedings of the 21st ACM SIGPLAN symposium on Principles and practice of parallel programming, PPoPP ’16, page to appear, 2016.

[10]

A. Bouajjani, M. Emmi, C. Enea, and S. O. Mutluergil. Proving linearizability using forward simulations. In Computer Aided Verification: 29th International Conference, CAV 2017, Heidelberg, Germany, July 24-28, 2017, Proceedings, Part II 30, pages 542–563. Springer, 2017.

[11]

S. Chakraborty, T. A. Henzinger, A. Sezgin, and V. Vafeiadis. Aspect-oriented linearizability proofs. Logical Methods in Computer Science, Volume 11, Issue 1, Apr. 2015. URL https://lmcs.episciences.org/1051.

[12]

D. Y. C. Chan, V. Hadzilacos, X. Hu, and S. Toueg. An impossibility result on strong linearizability in message-passing systems. CoRR, abs/2108.01651, 2021. URL https://arxiv.org/abs/2108.01651.

[13]

K. Chaudhuri, D. Doligez, L. Lamport, and S. Merz. Verifying safety properties with the TLA+ Proof System. In J. Giesl and R. Hähnle, editors, Automated Reasoning, pages 142–148, Berlin, Heidelberg, 2010. Springer Berlin Heidelberg. ISBN 978-3-642-14203-1.

[14]

R. Colvin and L. Groves. Formal verification of an array-based nonblocking queue. In 10th International Conference on Engineering of Complex Computer Systems (ICECCS 2005), 16-20 June 2005, Shanghai, China, pages 507–516. IEEE Computer Society, 2005.

[15]

R. Colvin, L. Groves, V. Luchangco, and M. Moir. Formal verification of a lazy concurrent list-based set algorithm. In T. Ball and R. B. Jones, editors, Computer Aided Verification, 18th International Conference, CAV 2006, Seattle, WA, USA, August 17-20, 2006, Proceedings, volume 4144 of Lecture Notes in Computer Science, pages 475–488. Springer, 2006. URL

[16]

L. Dhulipala, C. Hong, and J. Shun. ConnectIt: A framework for static and incremental parallel graph connectivity algorithms, 2020.

[17]

M. Dodds, A. Haas, and C. M. Kirsch. A scalable, correct time-stamped stack. In Proceedings of the 42nd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL ’15, page 233–246, New York, NY, USA, 2015. Association for Computing Machinery. ISBN 9781450333009.

[18]

S. Doherty. Modelling and verifying non-blocking algorithms that use dynamically allocated memory. In Victoria University of Wellington, 2003.

[19]

B. Dongol and J. Derrick. Verifying linearizability: A comparative survey. CoRR, abs/1410.6268, 2014. URL http://arxiv.org/abs/1410.6268.

[20]

W. M. Golab, L. Higham, and P. Woelfel. Linearizable implementations do not suffice for randomized distributed computation. In L. Fortnow and S. P. Vadhan, editors, Proceedings of the 43rd ACM Symposium on Theory of Computing, STOC 2011, San Jose, CA, USA, 6-8 June 2011, pages 373–382. ACM, 2011.

[21]

Google-Graph-Mining-Team. Google graph-mining. https://github.com/google/graph-mining, 2023.

[22]

T. L. Harris, K. Fraser, and I. A. Pratt. A practical multi-word compare-and-swap operation. In Proceedings of the 16th International Conference on Distributed Computing, DISC ’02, pages 265–279, London, UK, UK, 2002. Springer-Verlag. ISBN 3-540-00073-9. URL http://dl.acm.org/citation.cfm?id=645959.676137.

[23]

S. Heller, M. Herlihy, V. Luchangco, M. Moir, W. N. Scherer, and N. Shavit. A lazy concurrent list-based set algorithm. In J. H. Anderson, G. Prencipe, and R. Wattenhofer, editors, Principles of Distributed Systems, pages 3–16, Berlin, Heidelberg, 2006. Springer Berlin Heidelberg. ISBN 978-3-540-36322-4.

[24]

M. Helmi, L. Higham, and P. Woelfel. Strongly linearizable implementations: Possibilities and impossibilities. In Proceedings of the 2012 ACM Symposium on Principles of Distributed Computing, PODC ’12, page 385–394, New York, NY, USA, 2012. Association for Computing Machinery. ISBN 9781450314503.

[25]

T. A. Henzinger, A. Sezgin, and V. Vafeiadis. Aspect-oriented linearizability proofs. In P. R. D’Argenio and H. Melgratti, editors, CONCUR 2013 – Concurrency Theory, pages 242–256, Berlin, Heidelberg, 2013. Springer Berlin Heidelberg. ISBN 978-3-642-40184-8.

[26]

M. Herlihy. Wait-free synchronization. ACM Trans. Program. Lang. Syst., 13 (1): 124–149, January 1991. ISSN 0164-0925. URL

[27]

M. Herlihy and J. M. Wing. Axioms for concurrent objects. In Conference Record of the Fourteenth Annual ACM Symposium on Principles of Programming Languages, Munich, Germany, January 21-23, 1987, pages 13–26. ACM Press, 1987.

[28]

M. P. Herlihy and J. M. Wing. Linearizability: A correctness condition for concurrent objects. ACM Trans. Program. Lang. Syst., 12 (3): 463–492, July 1990. ISSN 0164-0925. URL

[29]

C. Hong, L. Dhulipala, and J. Shun. Exploring the design space of static and incremental graph connectivity algorithms on GPUs. Proceedings of the ACM International Conference on Parallel Architectures and Compilation Techniques, September 2020.

[30]

J. Izraelevitz, H. Mendes, and M. L. Scott. Linearizability of persistent memory objects under a full-system-crash failure model. In C. Gavoille and D. Ilcinkas, editors, Distributed Computing - 30th International Symposium, DISC 2016, Paris, France, September 27-29, 2016. Proceedings, volume 9888 of Lecture Notes in Computer Science, pages 313–327. Springer, 2016.

[31]

P. Jayanti. An optimal multi-writer snapshot algorithm. In H. N. Gabow and R. Fagin, editors, Proceedings of the 37th Annual ACM Symposium on Theory of Computing, Baltimore, MD, USA, May 22-24, 2005, pages 723–732. ACM, 2005.

[32]

P. Jayanti, S. Jayanti, and S. Jayanti. Durable algorithms for writable LL/SC and CAS with dynamic joining. In R. Oshman, editor, 37th International Symposium on Distributed Computing (DISC 2023), volume 281 of Leibniz International Proceedings in Informatics (LIPIcs), pages 25:1–25:20, Dagstuhl, Germany, 2023. Schloss Dagstuhl – Leibniz-Zentrum für Informatik. ISBN 978-3-95977-301-0. URL https://drops.dagstuhl.de/opus/volltexte/2023/19151.

[33]

P. Jayanti, S. Jayanti, U. Y. Yavuz, and L. Hernandez Videa. Artifact for "A Universal, Sound, and Complete Forward Reasoning Technique for Machine-Verified Proofs of Linearizability", POPL 2024, Oct. 2023.

[34]

S. Jayanti, R. E. Tarjan, and E. Boix-Adserà. Randomized concurrent set union and generalized wake-up. In Proceedings of the 2019 ACM Symposium on Principles of Distributed Computing, PODC ’19, page 187–196, New York, NY, USA, 2019. Association for Computing Machinery. ISBN 9781450362177.

[35]

S. V. Jayanti and R. E. Tarjan. A randomized concurrent algorithm for disjoint set union. In Proceedings of the 2016 ACM Symposium on Principles of Distributed Computing, PODC ’16, pages 75–82, New York, NY, USA, 2016. ACM. ISBN 978-1-4503-3964-3.

[36]

S. V. Jayanti and R. E. Tarjan. Concurrent disjoint set union. Distributed Comput., 34 (6): 413–436, 2021.

[37]

M. Jones. What really happened to the software on the Mars Pathfinder spacecraft? https://www.rapitasystems.com/blog/what-really-happened-software-mars-pathfinder-spacecraft, July 2013.

[38]

B. Jonsson. On decomposing and refining specifications of distributed systems. In J. W. de Bakker, W. P. de Roever, and G. Rozenberg, editors, Stepwise Refinement of Distributed Systems, Models, Formalisms, Correctness, REX Workshop, Mook, The Netherlands, May 29 - June 2, 1989, Proceedings, volume 430 of Lecture Notes in Computer Science, pages 361–385. Springer, 1989.

[39]

B. Jonsson. Simulations between specifications of distributed systems. In J. C. M. Baeten and J. F. Groote, editors, CONCUR ’91, 2nd International Conference on Concurrency Theory, Amsterdam, The Netherlands, August 26-29, 1991, Proceedings, volume 527 of Lecture Notes in Computer Science, pages 346–360. Springer, 1991.

[40]

R. Jung, R. Krebbers, J.-H. Jourdan, A. Bizjak, L. Birkedal, and D. Dreyer. Iris from the ground up: A modular foundation for higher-order concurrent separation logic. Journal of Functional Programming, 28: e20, 2018.

[41]

R. Jung, R. Lepigre, G. Parthasarathy, M. Rapoport, A. Timany, D. Dreyer, and B. Jacobs. The future is ours: Prophecy variables in separation logic. Proc. ACM Program. Lang., 4 (POPL), Dec. 2019.

[42]

A. Khyzha, M. Dodds, A. Gotsman, and M. Parkinson. Proving linearizability using partial orders. In Programming Languages and Systems: 26th European Symposium on Programming, ESOP 2017, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2017, Uppsala, Sweden, April 22–29, 2017, Proceedings 26, pages 639–667. Springer, 2017.

[43]

L. Lamport. Specifying concurrent program modules. ACM Trans. Program. Lang. Syst., 5 (2): 190–222, 1983.

[44]

L. Lamport and S. Merz. Prophecy made simple. ACM Trans. Program. Lang. Syst., 44 (2): 6:1–6:27, 2022.

[45]

N. Leveson and C. Turner. An investigation of the Therac-25 accidents. Computer, 1993.

[46]

J. Lim. An engineering disaster: Therac-25, 1998.

[47]

N. A. Lynch. Distributed Algorithms. Morgan Kaufmann, 1996. ISBN 1-55860-348-4.

[48]

N. A. Lynch and F. W. Vaandrager. Forward and backward simulations: I. untimed systems. Inf. Comput., 121 (2): 214–233, 1995.

[49]

J. Öhman and A. Nanevski. Visibility reasoning for concurrent snapshot algorithms. Proc. ACM Program. Lang., 6 (POPL), Jan. 2022.

[50]

A. Oliveira Vale, Z. Shao, and Y. Chen. A compositional theory of linearizability. Proc. ACM Program. Lang., 7 (POPL), Jan. 2023.

[51]

S. S. Owicki and D. Gries. An axiomatic proof technique for parallel programs I. Acta Informatica, 6: 319–340, 1976.

[52]

K. Poulsen. Software bug contributed to blackout. SecurityFocus, 2004.

[53]

W. Reif, G. Schellhorn, K. Stenzel, and M. Balser. Structured specifications and interactive proofs with KIV. Automated Deduction—A Basis for Applications: Volume II: Systems and Implementation Techniques, pages 13–39, 1998.

[54]

G. Schellhorn, B. Tofan, G. Ernst, and W. Reif. Interleaved programs and rely-guarantee reasoning with ITL. In C. Combi, M. Leucker, and F. Wolter, editors, Eighteenth International Symposium on Temporal Representation and Reasoning, TIME 2011, Lübeck, Germany, September 12-14, 2011, pages 99–106. IEEE, 2011.

[55]

G. Schellhorn, J. Derrick, and H. Wehrheim. A sound and complete proof technique for linearizability of concurrent data structures. ACM Trans. Comput. Logic, 15 (4), September 2014. ISSN 1529-3785.

[56]

V. Vafeiadis. Modular fine-grained concurrency verification. Technical Report UCAM-CL-TR-726, University of Cambridge, Computer Laboratory, July 2008. URL https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-726.pdf.

[57]

V. Vafeiadis. Shape-value abstraction for verifying linearizability. In N. D. Jones and M. Müller-Olm, editors, Verification, Model Checking, and Abstract Interpretation, 10th International Conference, VMCAI 2009, Savannah, GA, USA, January 18-20, 2009. Proceedings, volume 5403 of Lecture Notes in Computer Science, pages 335–348. Springer, 2009.

[58]

V. Vafeiadis, M. Herlihy, T. Hoare, and M. Shapiro. Proving correctness of highly-concurrent linearisable objects. In Proceedings of the Eleventh ACM SIGPLAN Symposium on Principles and Practice of Parallel Programming, PPoPP ’06, page 129–136, New York, NY, USA, 2006. Association for Computing Machinery. ISBN 1595931899.

Cited By

Jayanti PJayanti SYavuz UHernandez LDhulipala LSun Y(2024)Meta-Configuration Tracking for Machine-Certified Correctness of Concurrent Data Structures (Abstract)Proceedings of the 2024 ACM Workshop on Highlights of Parallel Computing10.1145/3670684.3673406(21-22)Online publication date: 17-Jun-2024
https://dl.acm.org/doi/10.1145/3670684.3673406
Jayanti STarjan RDhulipala LSun Y(2024)Fast, Scalable, and Machine-Verified Multicore Disjoint Set Union Data Structures and their Wide Deployment in Parallel Algorithms (Abstract)Proceedings of the 2024 ACM Workshop on Highlights of Parallel Computing10.1145/3670684.3673405(27-28)Online publication date: 17-Jun-2024
https://dl.acm.org/doi/10.1145/3670684.3673405

Index Terms

A Universal, Sound, and Complete Forward Reasoning Technique for Machine-Verified Proofs of Linearizability
1. Security and privacy
  1. Formal methods and theory of security
    1. Logic and verification
2. Theory of computation
  1. Design and analysis of algorithms
    1. Concurrent algorithms
  2. Semantics and reasoning
    1. Program reasoning
      1. Program verification

Recommendations

Meta-Configuration Tracking for Machine-Certified Correctness of Concurrent Data Structures (Abstract)
HOPC'24: Proceedings of the 2024 ACM Workshop on Highlights of Parallel Computing

We introduce meta-configuration tracking: a simple, universal, sound, and complete proof method for producing machine-verifiable proofs of linearizability. Universality means that our method works for any object type; soundness means that an algorithm ...
A Sound and Complete Proof Technique for Linearizability of Concurrent Data Structures

Efficient implementations of data structures such as queues, stacks or hash-tables allow for concurrent access by many processes at the same time. To increase concurrency, these algorithms often completely dispose with locking, or only lock small parts ...
Mechanically verified proof obligations for linearizability

Concurrent objects are inherently complex to verify. In the late 80s and early 90s, Herlihy and Wing proposed linearizability as a correctness condition for concurrent objects, which, once proven, allows us to reason about concurrent objects using pre- ...

Comments

Information & Contributors

Information

Published In

cover image Proceedings of the ACM on Programming Languages

Proceedings of the ACM on Programming Languages Volume 8, Issue POPL

January 2024

2820 pages

EISSN:2475-1421

DOI:10.1145/3554315

Editor:
Michael Hicks
Amazon, USA

Issue’s Table of Contents

Copyright © 2024 Owner/Author.

This work is licensed under a Creative Commons Attribution 4.0 International License.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 05 January 2024

Published in PACMPL Volume 8, Issue POPL

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Badges

Author Tags

Qualifiers

Research-article

Funding Sources

US Department of Defense
Dartmouth College

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
351
Total Downloads

Downloads (Last 12 months)351
Downloads (Last 6 weeks)80

Reflects downloads up to 21 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Jayanti PJayanti SYavuz UHernandez LDhulipala LSun Y(2024)Meta-Configuration Tracking for Machine-Certified Correctness of Concurrent Data Structures (Abstract)Proceedings of the 2024 ACM Workshop on Highlights of Parallel Computing10.1145/3670684.3673406(21-22)Online publication date: 17-Jun-2024
https://dl.acm.org/doi/10.1145/3670684.3673406
Jayanti STarjan RDhulipala LSun Y(2024)Fast, Scalable, and Machine-Verified Multicore Disjoint Set Union Data Structures and their Wide Deployment in Parallel Algorithms (Abstract)Proceedings of the 2024 ACM Workshop on Highlights of Parallel Computing10.1145/3670684.3673405(27-28)Online publication date: 17-Jun-2024
https://dl.acm.org/doi/10.1145/3670684.3673405

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Media

Figures

Other

Tables

View Issue’s Table of Contents