research-article

A Sound and Complete Proof Technique for Linearizability of Concurrent Data Structures

Authors:

Gerhard Schellhorn,

Heike WehrheimAuthors Info & Claims

ACM Transactions on Computational Logic (TOCL), Volume 15, Issue 4

Article No.: 31, Pages 1 - 37

https://doi.org/10.1145/2629496

Published: 12 September 2014 Publication History

Abstract

Efficient implementations of data structures such as queues, stacks or hash-tables allow for concurrent access by many processes at the same time. To increase concurrency, these algorithms often completely dispose with locking, or only lock small parts of the structure. Linearizability is the standard correctness criterion for such a scenario—where a concurrent object is linearizable if all of its operations appear to take effect instantaneously some time between their invocation and return.

The potential concurrent access to the shared data structure tremendously increases the complexity of the verification problem, and thus current proof techniques for showing linearizability are all tailored to specific types of data structures. In previous work, we have shown how simulation-based proof conditions for linearizability can be used to verify a number of subtle concurrent algorithms. In this article, we now show that conditions based on backward simulation can be used to show linearizability of every linearizable algorithm, that is, we show that our proof technique is both sound and complete. We exemplify our approach by a linearizability proof of a concurrent queue, introduced in Herlihy and Wing's landmark paper on linearizability. Except for their manual proof, none of the numerous other approaches have successfully treated this queue.

Our approach is supported by a full mechanisation: both the linearizability proofs for case studies like the queue, and the proofs of soundness and completeness have been carried out with an interactive prover, which is KIV.

References

[1]

M. Abadi and L. Lamport. 1991. The existence of refinement mappings. Theoretical Computer Science 2, 253--284.

Digital Library

[2]

J.-R. Abrial and D. Cansell. 2005. Formal construction of a non-blocking concurrent queue algorithm (a case study in atomicity). Journal of Universal Computer Science 11, 5, 744--770.

[3]

Y. Afek, H. Attiya, D. Dolev, E. Gafni, M. Merritt, and N. Shavit. 1993. Atomic snapshots of shared memory. Journal of the ACM 40, 4, 873--890.

Digital Library

[4]

D. Amit, N. Rinetzky, T. W. Reps, M. Sagiv, and E. Yahav. 2007. Comparison under abstraction for verifying linearizability. In Proceedings of the 19th International Conference on Computer Aided Verification (CAV'07). 477--490.

Digital Library

[5]

R. Banach and G. Schellhorn. 2010. Atomic actions, and their refinements to isolated protocols. Formal Aspects of Computing 22, 1, 33--61.

[6]

S. Burckhardt, C. Dern, M. Musuvathi, and R. Tan. 2010. Line-up: A complete and automatic linearizability checker. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI'10). ACM, New York, NY, 330--340.

Digital Library

[7]

C. Calcagno, M. Parkinson, and V. Vafeiadis. 2007. Modular safety checking for fine-grained concurrency. In Proceedings of the 14th International Static Analysis Symposium (SAS'07). Lecture Notes in Computer Science, Vol. 4634. Springer, 233--238.

Digital Library

[8]

P. Cerný, A. Radhakrishna, D. Zufferey, S. Chaudhuri, and R. Alur. 2010. Model checking of linearizability of concurrent list implementations. In Proceedings of the 22nd International Conference on Computer Aided Verification (CAV'10). Lecture Notes in Computer Science, Vol. 4144. Springer, 465--479.

Digital Library

[9]

R. Colvin, S. Doherty, and L. Groves. 2005. Verifying concurrent data structures by simulation. Electronic Notes in Theoretical Computer Science 137, 2, 93--110.

Digital Library

[10]

R. Colvin and L. Groves. 2005. Formal verification of an array-based nonblocking queue. In Proceedings of the 10th IEEE International Conference on Engineering of Complex Computer Systems (ICECCS'05). IEEE, Los Alamitos, CA, 507--516.

Digital Library

[11]

R. Colvin, L. Groves, V. Luchangco, and M. Moir. 2006. Formal verification of a lazy concurrent list-based set. In Proceedings of the 18th International Conference on Computer Aided Verification (CAV'06). Lecture Notes in Computer Science, Vol. 4144. Springer, 475--488.

Digital Library

[12]

W. De Roever and K. Engelhardt. 1998. Data Refinement: Model-Oriented Proof Methods and Their Comparison. Cambridge Tracts in Theoretical Computer Science, Vol. 47. Cambridge University Press.

[13]

J. Derrick and E. Boiten. 2001. Refinement in Z and object-Z: Foundations and advanced applications. In Formal Approaches to Computing and Information Technology. Springer. Available at http://www.cs.kent.ac.uk/pubs/2001/1200.

Digital Library

[14]

J. Derrick, E. A. Boiten, H. Bowman, and M. Steen. 1997. Weak refinement in Z. In Proceedings of the 10th International Conference of Z Users. Lecture Notes in Computer Science, Vol. 1212. Springer, 369--388.

Digital Library

[15]

J. Derrick, G. Schellhorn, and H. Wehrheim. 2008. Mechanizing a correctness proof for a lock-free concurrent stack. In Proceedings of the 10th IFIP WG 6.1 International Conference on Formal Methods for Open Object-Based Distributed Systems (FMOODS'08). Lecture Notes in Computer Science, Vol. 5051. Springer, 78--95.

Digital Library

[16]

J. Derrick, G. Schellhorn, and H. Wehrheim. 2011a. Mechanically verified proof obligations for linearizability. ACM Transactions on Program Languages and Systems 33, 1, 4.

Digital Library

[17]

J. Derrick, G. Schellhorn, and H. Wehrheim. 2011b. Verifying linearisability with potential linearisation points. In Proceedings of the 17th International Conference on Formal Methods (FM'11). Lecture Notes in Computer Science, Vol. 6664. Springer, 323--337.

Digital Library

[18]

S. Doherty, L. Groves, V. Luchangco, and M. Moir. 2004. Formal verification of a practical lock-free queue algorithm. In Formal Techniques for Networked and Distributed Systems (FORTE 2004). Lecture Notes in Computer Science, Vol. 3235. Springer, 97--114.

[19]

S. Doherty and M. Moir. 2009. Nonblocking algorithms and backward simulation. In Proceedings of the 23rd International Conference on Distributed Computed. Lecture Notes in Computer Science, Vol. 5805. Springer, 274--288.

Digital Library

[20]

T. Elmas, S. Qadeer, A. Sezgin, O. Subasi, and S. Tasiran. 2010. Simplifying linearizability proofs with reduction and abstraction. In Proceedings of the 16th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS'10). Lecture Notes in Computer Science, Vol. 6015. Springer, 296--311.

Digital Library

[21]

I. Filipovic, P. W. O'Hearn, N. Rinetzky, and H. Yang. 2010. Abstraction for concurrent objects. Theoretical Computer Science 411, 51--52, 4379--4398.

Digital Library

[22]

M. Fu, Yong Y. Li, X. Feng, Z. Shao, and Y. Zhang. 2010. Reasoning about optimistic concurrency using a program logic for history. In Proceedings of the 21st International Conference on Concurrency Theory. Lecture Notes in Computer Science, Vol. 6269. Springer, 388--402.

Digital Library

[23]

L. Groves. 2008. Trace-based derivation of a lock-free queue algorithm. Electronic Notes in Theoretical Computer Science 201, 69--98.

Digital Library

[24]

L. Groves and R. Colvin. 2007. Derivation of a scalable lock-free stack algorithm. Electronic Notes in Theoretical Computer Science 187, 55--74.

Digital Library

[25]

L. Groves and R. Colvin. 2009. Trace-based derivation of a scalable lock-free stack algorithm. Formal Aspects of Computing 21, 1--2, 187--223.

[26]

J. He, C. A. R. Hoare, and J. W. Sanders. 1986. Data refinement refined. In Proceedings of the European Symposium on Programming (ESOP'86). Springer, 187--196.

Digital Library

[27]

S. Heller, M. Herlihy, V. Luchangco, M. Moir, W. N. Scherer III, and N. Shavit. 2005. A lazy concurrent list-based set algorithm. In Proceedings of the 9th International Conference on Principles of Distributed Systems (OPODIS'05). Lecture Notes in Computer Science, Vol. 3974. Springer, 305--309.

Digital Library

[28]

T. A. Henzinger, A. Sezgin, and V. Vafeiadis. 2013. Aspect-oriented linearizability proofs. In Proceedings of the International Conference on Concurrency Theory (CONCUR'13). Springer-Verlag, Berlin, Heidelberg, 242--256.

Digital Library

[29]

M. Herlihy and J. M. Wing. 1990. Linearizability: A correctness condition for concurrent objects. ACM Transactions on Programming Languages and Systems 12, 3, 463--492.

Digital Library

[30]

W. H. Hesselink. 2007. A criterion for atomicity revisited. Acta Informatica 44, 2, 123--151.

Digital Library

[31]

W. H. Hesselink. 2008. Universal extensions to simulate specifications. Information and Computation 206, 106--128.

Digital Library

[32]

C. B. Jones. 1983. Specification and design of (parallel) programs. In Proceedings of the IFIP 9th World Computer Congress (IFIP'83). 321--332.

[33]

B. Jonsson. 2012. Using refinement calculus techniques to prove linearizability. Formal Aspects of Computing 24, 4--6, 537--554.

[34]

KIV. 2010. Verification of Linearizability as Refinement Using Possibilities, Local Proof Obligations and Their Application to the Lazy Set Algorithm. Retrieved July 6, 2014, from http://www.informatik.uni-augsburg.de/swt/projects/possibilities.html.

[35]

KIV. 2011. Verification of Herlihy & Wing's Queue as an Instance of the Complete Refinement Theory of Linearizability. Retrieved July 6, 2014, from http://www.informatik.uni-augsburg.de/swt/projects/Herlihy-Wing-queue.html.

[36]

R. J. Lipton. 1975. Reduction: A method of proving properties of parallel programs. Communations of the ACM 18, 12, 717--721.

Digital Library

[37]

N. Lynch. 1996. Distributed Algorithms. Morgan Kaufmann.

Digital Library

[38]

N. Lynch and F. Vaandrager. 1995. Forward and backward simulations—Part I: Untimed systems. Information and Computation 121(2), 214--233.

Digital Library

[39]

M. M. Michael and M. L. Scott. 1996. Simple, fast, and practical non-blocking and blocking concurrent queue algorithms. In Proceedings of the 15th ACM Symposium on Principles of Distributed Computing. 267--275.

Digital Library

[40]

M. Moir, D. Nussbaum, O. Shalev, and N. Shavit. 2005. Using elimination to implement scalable and lock-free FIFO queues. In Proceedings of the 17th Annual ACM Symposium on Parallelism in Algorithms and Architectures. ACM, New York, NY, 253--262.

Digital Library

[41]

P. W. O'Hearn, N. Rinetzky, M. T. Vechev, E. Yahav, and G. Yorsh. 2010. Verifying linearizability with hindsight. In Proceedings of the 29th Annual ACM SIGACT-SIGOPS Symposium on Principles of Distributed Computing (PODC'10). 85--94.

Digital Library

[42]

W. Reif, G. Schellhorn, K. Stenzel, and M. Balser. 1998. Structured specifications and interactive proofs with KIV. In Automated Deduction—A Basis for Applications, Vol. II. Kluwer, 13--39.

[43]

G. Schellhorn. 2008. Completeness of ASM refinement. Electronic Notes in Theoretical Computer Science 214, 25--49.

Digital Library

[44]

G. Schellhorn. 2009. Completeness of fair ASM refinement. Science of Computer Programming 76, 9, 756--773.

Digital Library

[45]

G. Schellhorn, B. Tofan, G. Ernst, J. Pfähler, and W. Reif. 2014. RGITL: A temporal logic framework for compositional reasoning about interleaved programs. Annals of Mathematics and Artificial Intelligence 71, 1--44.

Digital Library

[46]

G. Schellhorn, H. Wehrheim, and J. Derrick. 2012. How to prove algorithms linearisable. In Proceedings of the 24th International Conference on Computer Aided Verification (CAV'12). Lecture Notes in Computer Science, Vol. 7358, Springer, 243--259.

Digital Library

[47]

B. Tofan, S. Bäumler, G. Schellhorn, and W. Reif. 2010. Temporal logic verification of lock-freedom. In Proceedings of the 10th International Conference on Mathematics of Program Construction (MPC'10). Lecture Notes in Computer Science, Vol. 6120. Springer, 377--396.

Digital Library

[48]

B. Tofan, G. Schellhorn, and W. Reif. 2011. Formal verification of a lock-free stack with hazard pointers. In Proceedings of the 8th International Conference on Theoretical Aspects of Computing (ICTAC'11). Lecture Notes in Computer Science, Vol. 6916. Springer, 239--255.

Digital Library

[49]

B. Tofan, O. Travkin, G. Schellhorn, and H. Wehrheim. 2014. Two approaches for proving linearizability of multiset. Science of Computer Programming Journal, to appear.

Digital Library

[50]

O. Travkin, H. Wehrheim, and G. Schellhorn. 2012. Proving linearizability of multiset with local proof obligations. In Proceedings of the 12th International Workshop on Automated Verification of Critical Systems (AVoCS'12). Automated Verification of Critical Systems, Vol. 53, ECEASST, 1--15.

[51]

R. K. Treiber. 1986. System Programming: Coping with Parallelism. Technical Report RJ 5118. IBM Almaden Research Center.

[52]

A. Turon and M. Wand. 2011. A separation logic for refining concurrent objects. In Proceedings of the 38th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL'11). ACM, New York, NY, 247--258.

Digital Library

[53]

V. Vafeiadis. 2007. Modular Fine-Grained Concurrency Verification. Ph.D. Dissertation. University of Cambridge.

[54]

V. Vafeiadis. 2010. Automatically proving linearisability. In Proceedings of the 22nd International Conference on Computer Aided Verification (CAV'10). Lecture Notes in Computer Science, Vol. 6174. Springer, 450--464.

Digital Library

[55]

V. Vafeiadis, M. Herlihy, T. Hoare, and M. Shapiro. 2006. Proving correctness of highly-concurrent linearisable objects. In Proceedings of the 11th ACM SIGPLAN Symposium on Principles and Practice of Parallel Programming (PPoPP'06). ACM, New York, NY, 129--136.

Digital Library

[56]

J. C. P. Woodcock and J. Davies. 1996. Using Z: Specification, Refinement, and Proof. Prentice Hall.

Digital Library

Cited By

Oliveira Vale AShao ZChen Y(2024)A Compositional Theory of LinearizabilityJournal of the ACM10.1145/364366871:2(1-107)Online publication date: 27-Jan-2024
https://dl.acm.org/doi/10.1145/3643668
Asteasuain F(2024)Formally Verifying Data Science Systems with a Sound an Correct FormalismComputer Science – CACIC 202310.1007/978-3-031-62245-8_9(121-136)Online publication date: 23-Jun-2024
https://doi.org/10.1007/978-3-031-62245-8_9
Oliveira Vale AShao ZChen Y(2023)A Compositional Theory of LinearizabilityProceedings of the ACM on Programming Languages10.1145/35712317:POPL(1089-1120)Online publication date: 9-Jan-2023
https://dl.acm.org/doi/10.1145/3571231
Show More Cited By

Index Terms

A Sound and Complete Proof Technique for Linearizability of Concurrent Data Structures

Recommendations

Verifying correctness of persistent concurrent data structures: a sound and complete method
Abstract
Non-volatile memory (NVM), aka persistent memory, is a new memory paradigm that preserves its contents even after power loss. The expected ubiquity of NVM has stimulated interest in the design of persistent concurrent data structures, together with ...
Mechanically verified proof obligations for linearizability

Concurrent objects are inherently complex to verify. In the late 80s and early 90s, Herlihy and Wing proposed linearizability as a correctness condition for concurrent objects, which, once proven, allows us to reason about concurrent objects using pre- ...
Mechanizing a Correctness Proof for a Lock-Free Concurrent Stack
FMOODS '08: Proceedings of the 10th IFIP WG 6.1 international conference on Formal Methods for Open Object-Based Distributed Systems

Distributed algorithms are inherently complex to verify. In this paper we show how to verify that a concurrent lock-free implementation of a stack is correct by mechanizing the proof that it is linearizable, linearizability being a correctness notion ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Computational Logic

ACM Transactions on Computational Logic Volume 15, Issue 4

August 2014

296 pages

ISSN:1529-3785

EISSN:1557-945X

DOI:10.1145/2656934

Editor:
Dale Miller
INRIA Saclay, France

Issue’s Table of Contents

Copyright © 2014 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 12 September 2014

Accepted: 01 May 2014

Revised: 01 April 2014

Received: 01 July 2013

Published in TOCL Volume 15, Issue 4

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

30
Total Citations
View Citations
318
Total Downloads

Downloads (Last 12 months)19
Downloads (Last 6 weeks)2

Reflects downloads up to 21 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Oliveira Vale AShao ZChen Y(2024)A Compositional Theory of LinearizabilityJournal of the ACM10.1145/364366871:2(1-107)Online publication date: 27-Jan-2024
https://dl.acm.org/doi/10.1145/3643668
Asteasuain F(2024)Formally Verifying Data Science Systems with a Sound an Correct FormalismComputer Science – CACIC 202310.1007/978-3-031-62245-8_9(121-136)Online publication date: 23-Jun-2024
https://doi.org/10.1007/978-3-031-62245-8_9
Oliveira Vale AShao ZChen Y(2023)A Compositional Theory of LinearizabilityProceedings of the ACM on Programming Languages10.1145/35712317:POPL(1089-1120)Online publication date: 9-Jan-2023
https://dl.acm.org/doi/10.1145/3571231
D'Osualdo ERaad AVafeiadis V(2023)The Path to Durable LinearizabilityProceedings of the ACM on Programming Languages10.1145/35712197:POPL(748-774)Online publication date: 9-Jan-2023
https://dl.acm.org/doi/10.1145/3571219
Schellhorn GBodenmüller SBitterlich MReif W(2022)Software & System Verification with KIVThe Logic of Software. A Tasting Menu of Formal Methods10.1007/978-3-031-08166-8_20(408-436)Online publication date: 4-Jul-2022
https://doi.org/10.1007/978-3-031-08166-8_20
Vindum SBirkedal LHriţcu CPopescu A(2021)Contextual refinement of the Michael-Scott queue (proof pearl)Proceedings of the 10th ACM SIGPLAN International Conference on Certified Programs and Proofs10.1145/3437992.3439930(76-90)Online publication date: 17-Jan-2021
https://dl.acm.org/doi/10.1145/3437992.3439930
Schellhorn GBodenmüller SPfähler JReif W(2020)Adding Concurrency to a Sequential Refinement TowerRigorous State-Based Methods10.1007/978-3-030-48077-6_2(6-23)Online publication date: 22-May-2020
https://doi.org/10.1007/978-3-030-48077-6_2
Winter KSmith GDerrick J(2019)Modelling concurrent objects running on the TSO and ARMv8 memory modelsScience of Computer Programming10.1016/j.scico.2019.102308(102308)Online publication date: Sep-2019
https://doi.org/10.1016/j.scico.2019.102308
Derrick JDoherty SDongol BSchellhorn GWehrheim H(2019)Verifying Correctness of Persistent Concurrent Data StructuresFormal Methods – The Next 30 Years10.1007/978-3-030-30942-8_12(179-195)Online publication date: 7-Oct-2019
https://dl.acm.org/doi/10.1007/978-3-030-30942-8_12
Winter KSmith GDerrick J(2018)Observational Models for Linearizability Checking on Weak Memory Models2018 International Symposium on Theoretical Aspects of Software Engineering (TASE)10.1109/TASE.2018.00021(100-107)Online publication date: Aug-2018
https://doi.org/10.1109/TASE.2018.00021
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents