Scenario-Based Proofs for Concurrent Objects
Article No.: 140, Pages 1294 - 1323
Abstract
Concurrent objects form the foundation of many applications that exploit multicore architectures and their importance has lead to informal correctness arguments, as well as formal proof systems. Correctness arguments (as found in the distributed computing literature) give intuitive descriptions of a few canonical executions or "scenarios" often each with only a few threads, yet it remains unknown as to whether these intuitive arguments have a formal grounding and extend to arbitrary interleavings over unboundedly many threads.
We present a novel proof technique for concurrent objects, based around identifying a small set of scenarios (representative, canonical interleavings), formalized as the commutativity quotient of a concurrent object. We next give an expression language for defining abstractions of the quotient in the form of regular or context-free languages that enable simple proofs of linearizability. These quotient expressions organize unbounded interleavings into a form more amenable to reasoning and make explicit the relationship between implementation-level contention/interference and ADT-level transitions.
We evaluate our work on numerous non-trivial concurrent objects from the literature (including the Michael-Scott queue, Elimination stack, SLS reservation queue, RDCSS and Herlihy-Wing queue). We show that quotients capture the diverse features/complexities of these algorithms, can be used even when linearization points are not straight-forward, correspond to original authors' correctness arguments, and provide some new scenario-based arguments. Finally, we show that discovery of some object's quotients reduces to two-thread reasoning and give an implementation that can derive candidate quotients expressions from source code.
References
[1]
Parosh Aziz Abdulla, Bengt Jonsson, and Cong Quy Trinh. 2016. Automated Verification of Linearization Policies. In Static Analysis - 23rd International Symposium, SAS 2016, Edinburgh, UK, September 8-10, 2016, Proceedings, Xavier Rival (Ed.) (Lecture Notes in Computer Science, Vol. 9837). Springer, 61–83. https://doi.org/10.1007/978-3-662-53413-7_4
[2]
Josh Berdine, Tal Lev-Ami, Roman Manevich, G. Ramalingam, and Shmuel Sagiv. 2008. Thread Quantification for Concurrent Shape Analysis. In Computer Aided Verification, 20th International Conference, CAV 2008, Princeton, NJ, USA, July 7-14, 2008, Proceedings, Aarti Gupta and Sharad Malik (Eds.) (Lecture Notes in Computer Science, Vol. 5123). Springer, 399–413. https://doi.org/10.1007/978-3-540-70545-1_37
[3]
Richard Bornat, Cristiano Calcagno, Peter W. O’Hearn, and Matthew J. Parkinson. 2005. Permission accounting in separation logic. In Proceedings of the 32nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2005, Long Beach, California, USA, January 12-14, 2005. 259–270. https://doi.org/10.1145/1040305.1040327
[4]
Ahmed Bouajjani, Michael Emmi, Constantin Enea, and Jad Hamza. 2013. Verifying Concurrent Programs against Sequential Specifications. In Programming Languages and Systems - 22nd European Symposium on Programming, ESOP 2013, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2013, Rome, Italy, March 16-24, 2013. Proceedings, Matthias Felleisen and Philippa Gardner (Eds.) (Lecture Notes in Computer Science, Vol. 7792). Springer, 290–309. https://doi.org/10.1007/978-3-642-37036-6_17
[5]
Stephen Brookes. 2007. A semantics for concurrent separation logic. Theor. Comput. Sci., 375, 1-3 (2007), 227–270. https://doi.org/10.1016/j.tcs.2006.12.034
[6]
Stephen D. Brookes. 2004. A Semantics for Concurrent Separation Logic. In CONCUR 2004 - Concurrency Theory, 15th International Conference, London, UK, August 31 - September 3, 2004, Proceedings. 16–34. https://doi.org/10.1007/978-3-540-28644-8_2
[7]
Tej Chajed, M. Frans Kaashoek, Butler W. Lampson, and Nickolai Zeldovich. 2018. Verifying concurrent software using movers in CSPEC. In OSDI. https://www.usenix.org/conference/osdi18/presentation/chajed
[8]
Soham Chakraborty, Thomas A. Henzinger, Ali Sezgin, and Viktor Vafeiadis. 2015. Aspect-oriented linearizability proofs. Log. Methods Comput. Sci., 11, 1 (2015), https://doi.org/10.2168/LMCS-11(1:20)2015
[9]
Edmund M. Clarke, E. Allen Emerson, Somesh Jha, and A. Prasad Sistla. 1998. Symmetry Reductions in Model Checking. In Computer Aided Verification, 10th International Conference, CAV ’98, Vancouver, BC, Canada, June 28 - July 2, 1998, Proceedings, Alan J. Hu and Moshe Y. Vardi (Eds.) (Lecture Notes in Computer Science, Vol. 1427). Springer, 147–158. https://doi.org/10.1007/BFb0028741
[10]
Pedro da Rocha Pinto, Thomas Dinsdale-Young, and Philippa Gardner. 2014. TaDA: A Logic for Time and Data Abstraction. In ECOOP 2014 - Object-Oriented Programming - 28th European Conference, Uppsala, Sweden, July 28 - August 1, 2014. Proceedings. 207–231. https://doi.org/10.1007/978-3-662-44202-9_9
[11]
David Detlefs, Christine H. Flood, Alex Garthwaite, Paul Alan Martin, Nir Shavit, and Guy L. Steele Jr. 2000. Even Better DCAS-Based Concurrent Deques. In Distributed Computing, 14th International Conference, DISC 2000, Toledo, Spain, October 4-6, 2000, Proceedings, Maurice Herlihy (Ed.) (Lecture Notes in Computer Science, Vol. 1914). Springer, 59–73. https://doi.org/10.1007/3-540-40026-5_4
[12]
Thomas Dinsdale-Young, Lars Birkedal, Philippa Gardner, Matthew J. Parkinson, and Hongseok Yang. 2013. Views: compositional reasoning for concurrent programs. In The 40th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL ’13, Rome, Italy - January 23 - 25, 2013, Roberto Giacobazzi and Radhia Cousot (Eds.). ACM, 287–300. https://doi.org/10.1145/2429069.2429104
[13]
Mike Dodds, Xinyu Feng, Matthew J. Parkinson, and Viktor Vafeiadis. 2009. Deny-Guarantee Reasoning. In Programming Languages and Systems, 18th European Symposium on Programming, ESOP 2009, Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009, York, UK, March 22-29, 2009. Proceedings, Giuseppe Castagna (Ed.) (Lecture Notes in Computer Science, Vol. 5502). Springer, 363–377. https://doi.org/10.1007/978-3-642-00590-9_26
[14]
Simon Doherty, David Detlefs, Lindsay Groves, Christine H. Flood, Victor Luchangco, Paul Alan Martin, Mark Moir, Nir Shavit, and Guy L. Steele Jr. 2004. DCAS is not a silver bullet for nonblocking algorithm design. In SPAA 2004: Proceedings of the Sixteenth Annual ACM Symposium on Parallelism in Algorithms and Architectures, June 27-30, 2004, Barcelona, Spain, Phillip B. Gibbons and Micah Adler (Eds.). ACM, 216–224. https://doi.org/10.1145/1007912.1007945
[15]
Cezara Dragoi, Ashutosh Gupta, and Thomas A. Henzinger. 2013. Automatic Linearizability Proofs of Concurrent Objects with Cooperating Updates. In CAV ’13 (LNCS, Vol. 8044). Springer, 174–190.
[16]
Tayfun Elmas, Shaz Qadeer, and Serdar Tasiran. 2009. A calculus of atomic actions. In POPL. https://doi.org/10.1145/1480881.1480885
[17]
Constantin Enea, Parisa Fathololumi, and Eric Koskinen. 2023. Scenario-Based Proofs for Concurrent Objects [Extended Version]. arxiv:2301.05740.
[18]
Constantin Enea, Parisa Fathololumi, and Eric Koskinen. 2024. CION: Concurrent Trace Reductions. https://github.com/quotientprovers/cion
[19]
Patrice Godefroid. 1996. Partial-Order Methods for the Verification of Concurrent Systems - An Approach to the State-Explosion Problem (Lecture Notes in Computer Science, Vol. 1032). Springer. isbn:3-540-60761-7 https://doi.org/10.1007/3-540-60761-7
[20]
Timothy L. Harris, Keir Fraser, and Ian A. Pratt. 2002. A Practical Multi-word Compare-and-Swap Operation. In Distributed Computing, 16th International Conference, DISC 2002, Toulouse, France, October 28-30, 2002 Proceedings, Dahlia Malkhi (Ed.) (Lecture Notes in Computer Science, Vol. 2508). Springer, 265–279. https://doi.org/10.1007/3-540-36108-1_18
[21]
Chris Hawblitzel, Erez Petrank, Shaz Qadeer, and Serdar Tasiran. 2015. Automated and Modular Refinement Reasoning for Concurrent Programs. In CAV. https://doi.org/10.1007/978-3-319-21668-3_26
[22]
Matthias Heizmann, Yu-Fang Chen, Daniel Dietsch, Marius Greitschus, Jochen Hoenicke, Yong Li, Alexander Nutz, Betim Musa, Christian Schilling, Tanja Schindler, and Andreas Podelski. 2018. Ultimate Automizer and the Search for Perfect Interpolants - (Competition Contribution). In Tools and Algorithms for the Construction and Analysis of Systems - 24th International Conference, TACAS 2018, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2018, Thessaloniki, Greece, April 14-20, 2018, Proceedings, Part II, Dirk Beyer and Marieke Huisman (Eds.) (Lecture Notes in Computer Science, Vol. 10806). Springer, 447–451. https://doi.org/10.1007/978-3-319-89963-3_30
[23]
Danny Hendler, Nir Shavit, and Lena Yerushalmi. 2004. A scalable lock-free stack algorithm. In SPAA 2004: Proceedings of the Sixteenth Annual ACM Symposium on Parallelism in Algorithms and Architectures, June 27-30, 2004, Barcelona, Spain, Phillip B. Gibbons and Micah Adler (Eds.). ACM, 206–215. https://doi.org/10.1145/1007912.1007944
[24]
Maurice Herlihy and Nir Shavit. 2008. The Art of Multiprocessor Programming. Morgan Kaufmann Publishers Inc., San Francisco, CA, USA. isbn:0123705916, 9780123705914
[25]
Maurice Herlihy and Jeannette M. Wing. 1990. Linearizability: A Correctness Condition for Concurrent Objects. ACM Trans. Program. Lang. Syst., 12, 3 (1990), 463–492. https://doi.org/10.1145/78969.78972
[26]
Cliff B. Jones. 1983. Specification and Design of (Parallel) Programs. In IFIP Congress. 321–332.
[27]
Ralf Jung, Robbert Krebbers, Jacques-Henri Jourdan, Ales Bizjak, Lars Birkedal, and Derek Dreyer. 2018. Iris from the ground up: A modular foundation for higher-order concurrent separation logic. J. Funct. Program., 28 (2018), e20. https://doi.org/10.1017/S0956796818000151
[28]
Ralf Jung, Rodolphe Lepigre, Gaurav Parthasarathy, Marianna Rapoport, Amin Timany, Derek Dreyer, and Bart Jacobs. 2020. The future is ours: prophecy variables in separation logic. Proc. ACM Program. Lang., 4, POPL (2020), 45:1–45:32. https://doi.org/10.1145/3371113
[29]
Ralf Jung, David Swasey, Filip Sieczkowski, Kasper Svendsen, Aaron Turon, Lars Birkedal, and Derek Dreyer. 2015. Iris: Monoids and Invariants as an Orthogonal Basis for Concurrent Reasoning. In Proceedings of the 42nd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2015, Mumbai, India, January 15-17, 2015. 637–650. https://doi.org/10.1145/2676726.2676980
[30]
Eric Koskinen. 2024. quotientprovers/cion: oopsla2024-artifact: Version used in evaluation for the OOPSLA’24 paper "Scenario-Based Proofs for Concurrent Objects". https://doi.org/10.5281/zenodo.10814650
[31]
Dexter Kozen. 1997. Kleene Algebra with Tests. ACM Trans. Program. Lang. Syst., 19, 3 (1997), 427–443. https://doi.org/10.1145/256167.256195
[32]
Bernhard Kragl, Constantin Enea, Thomas A. Henzinger, Suha Orhun Mutluergil, and Shaz Qadeer. 2020. Inductive sequentialization of asynchronous programs. In Proceedings of the 41st ACM SIGPLAN International Conference on Programming Language Design and Implementation, PLDI 2020, London, UK, June 15-20, 2020, Alastair F. Donaldson and Emina Torlak (Eds.). ACM, 227–242. isbn:978-1-4503-7613-6 https://doi.org/10.1145/3385412.3385980
[33]
Bernhard Kragl and Shaz Qadeer. 2018. Layered Concurrent Programs. In CAV. https://doi.org/10.1007/978-3-319-96145-3_5
[34]
Bernhard Kragl, Shaz Qadeer, and Thomas A. Henzinger. 2018. Synchronizing the Asynchronous. In CONCUR. https://doi.org/10.4230/LIPIcs.CONCUR.2018.21
[35]
Siddharth Krishna, Dennis E. Shasha, and Thomas Wies. 2018. Go with the flow: compositional abstractions for concurrent data structures. PACMPL, 2, POPL (2018), 37:1–37:31. https://doi.org/10.1145/3158125
[36]
Ruy Ley-Wild and Aleksandar Nanevski. 2013. Subjective auxiliary state for coarse-grained concurrency. In The 40th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL ’13, Rome, Italy - January 23 - 25, 2013. 561–574. https://doi.org/10.1145/2429069.2429134
[37]
Richard J. Lipton. 1975. Reduction: A Method of Proving Properties of Parallel Programs. Commun. ACM, 18, 12 (1975), https://doi.org/10.1145/361227.361234
[38]
Antoni W. Mazurkiewicz. 1986. Trace Theory. In Petri Nets: Central Models and Their Properties, Advances in Petri Nets 1986, Part II, Proceedings of an Advanced Course, Bad Honnef, Germany, 8-19 September 1986, Wilfried Brauer, Wolfgang Reisig, and Grzegorz Rozenberg (Eds.) (Lecture Notes in Computer Science, Vol. 255). Springer, 279–324. https://doi.org/10.1007/3-540-17906-2_30
[39]
Maged M. Michael and Michael L. Scott. 1996. Simple, Fast, and Practical Non-Blocking and Blocking Concurrent Queue Algorithms. In PODC ’96. ACM, 267–275.
[40]
Aleksandar Nanevski, Anindya Banerjee, Germán Andrés Delbianco, and Ignacio Fábregas. 2019. Specifying concurrent programs in separation logic: morphisms and simulations. Proc. ACM Program. Lang., 3, OOPSLA (2019), 161:1–161:30. https://doi.org/10.1145/3360587
[41]
Peter W. O’Hearn. 2004. Resources, Concurrency and Local Reasoning. In CONCUR 2004 - Concurrency Theory, 15th International Conference, London, UK, August 31 - September 3, 2004, Proceedings. 49–67. https://doi.org/10.1007/978-3-540-28644-8_4
[42]
Peter W. O’Hearn. 2007. Resources, concurrency, and local reasoning. Theor. Comput. Sci., 375, 1-3 (2007), https://doi.org/10.1016/j.tcs.2006.12.035
[43]
Peter W. O’Hearn, Noam Rinetzky, Martin T. Vechev, Eran Yahav, and Greta Yorsh. 2010. Verifying linearizability with hindsight. In Proceedings of the 29th Annual ACM Symposium on Principles of Distributed Computing, PODC 2010, Zurich, Switzerland, July 25-28, 2010, Andréa W. Richa and Rachid Guerraoui (Eds.). ACM, 85–94. isbn:978-1-60558-888-9 https://doi.org/10.1145/1835698.1835722
[44]
Susan S. Owicki and David Gries. 1976. Verifying Properties of Parallel Programs: An Axiomatic Approach. Commun. ACM, 19, 5 (1976), 279–285. https://doi.org/10.1145/360051.360224
[45]
Matthew J. Parkinson, Richard Bornat, and Peter W. O’Hearn. 2007. Modular verification of a non-blocking stack. In Proceedings of the 34th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2007, Nice, France, January 17-19, 2007. 297–302. https://doi.org/10.1145/1190216.1190261
[46]
Azalea Raad, Jules Villard, and Philippa Gardner. 2015. CoLoSL: Concurrent Local Subjective Logic. In Programming Languages and Systems - 24th European Symposium on Programming, ESOP 2015, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2015, London, UK, April 11-18, 2015. Proceedings. 710–735. https://doi.org/10.1007/978-3-662-46669-8_29
[47]
Gerhard Schellhorn, Heike Wehrheim, and John Derrick. 2012. How to Prove Algorithms Linearisable. In Computer Aided Verification - 24th International Conference, CAV 2012, Berkeley, CA, USA, July 7-13, 2012 Proceedings. 243–259.
[48]
William N Scherer III, Doug Lea, and Michael L Scott. 2006. Scalable synchronous queues. In Proceedings of the eleventh ACM SIGPLAN symposium on Principles and practice of parallel programming. 147–156.
[49]
Ilya Sergey, Aleksandar Nanevski, and Anindya Banerjee. 2015. Specifying and Verifying Concurrent Algorithms with Histories and Subjectivity. In Programming Languages and Systems - 24th European Symposium on Programming, ESOP 2015, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2015, London, UK, April 11-18, 2015. Proceedings. 333–358. https://doi.org/10.1007/978-3-662-46669-8_14
[50]
R. K. Treiber. 1986. Systems Programming: Coping with Parallelism. IBM Almaden Research Center.
[51]
Aaron Turon, Derek Dreyer, and Lars Birkedal. 2013. Unifying refinement and hoare-style reasoning in a logic for higher-order concurrency. In ACM SIGPLAN International Conference on Functional Programming, ICFP’13, Boston, MA, USA - September 25 - 27, 2013. 377–390. https://doi.org/10.1145/2500365.2500600
[52]
V. Vafeiadis. 2008. Modular fine-grained concurrency verification. Ph. D. Dissertation. University of Cambridge.
[53]
Viktor Vafeiadis. 2009. Shape-Value Abstraction for Verifying Linearizability. In VMCAI ’09: Proc. 10th Intl. Conf. on Verification, Model Checking, and Abstract Interpretation (LNCS, Vol. 5403). Springer, 335–348.
[54]
Viktor Vafeiadis. 2010. Automatically Proving Linearizability. In Computer Aided Verification, 22nd International Conference, CAV 2010, Edinburgh, UK, July 15-19, 2010. Proceedings, Tayssir Touili, Byron Cook, and Paul B. Jackson (Eds.) (Lecture Notes in Computer Science, Vol. 6174). Springer, 450–464. https://doi.org/10.1007/978-3-642-14295-6_40
[55]
Viktor Vafeiadis and Matthew J. Parkinson. 2007. A Marriage of Rely/Guarantee and Separation Logic. In CONCUR 2007 - Concurrency Theory, 18th International Conference, CONCUR 2007, Lisbon, Portugal, September 3-8, 2007, Proceedings, Luís Caires and Vasco Thudichum Vasconcelos (Eds.) (Lecture Notes in Computer Science, Vol. 4703). Springer, 256–271. https://doi.org/10.1007/978-3-540-74407-8_18
[56]
He Zhu, Gustavo Petri, and Suresh Jagannathan. 2015. Poling: SMT Aided Linearizability Proofs. In Computer Aided Verification - 27th International Conference, CAV 2015, San Francisco, CA, USA, July 18-24, 2015, Proceedings, Part II. 3–19.
Index Terms
- Scenario-Based Proofs for Concurrent Objects
Recommendations
Looking for efficient implementations of concurrent objects
PaCT'11: Proceedings of the 11th international conference on Parallel computing technologiesAs introduced by Taubenfeld, a contention-sensitive implementation of a concurrent object is an implementation such that the overhead introduced by locking is eliminated in the common cases, i.e., when there is no contention or when the operations ...
On the implementation of concurrent objects
Dependable and Historic ComputingThe implementation of objects shared by concurrent processes, with provable safety and liveness guarantees, is a fundamental issue of concurrent programming in shared memory systems. It is now largely accepted that linearizability (or atomicity) is an ...
Tasks in modular proofs of concurrent algorithms
AbstractProving the correctness of distributed or concurrent algorithms is a complex process. Errors in the reasoning are hard to find, calling for computer-checked proof systems like Coq or TLA+. To use these tools, sequential specifications of base ...
Comments
Information & Contributors
Information
Published In
April 2024
1492 pages
Copyright © 2024 Owner/Author.
This work is licensed under a Creative Commons Attribution International 4.0 License.
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 29 April 2024
Published in PACMPL Volume 8, Issue OOPSLA1
Check for updates
Badges
Author Tags
Qualifiers
- Research-article
Funding Sources
- National Science Foundation
- Agence Nationale de la Recherche
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 208Total Downloads
- Downloads (Last 12 months)208
- Downloads (Last 6 weeks)36
Reflects downloads up to 15 Jan 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in