28 research outputs found
Shape predicates allow unbounded verification of linearizability using canonical abstraction
Canonical abstraction is a static analysis technique that represents states as 3-valued logical structures, and is able to construct finite representations of systems with infinite statespaces for verification. The granularity of the abstraction can be altered by the definition of instrumentation predicates, which derive their meaning from other predicates. We introduce shape predicates for preserving certain structures of the state during abstraction. We show that shape predicates allow linearizability to be verified for concurrent data structures using canonical abstraction alone, and use the approach to verify a stack and two queue algorithms. This contrasts with previous efforts to verify linearizability with canonical abstraction, which have had to employ other techniques as well
Recommended from our members
Verifying linearisability: A comparative survey
Linearisability is a key correctness criterion for concurrent data structures, ensuring that each history of the concurrent object under consideration is consistent with respect to a history of the corresponding abstract data structure. Linearisability allows concurrent (i.e., overlapping) operation calls to take effect in any order, but requires the real-time order of nonoverlapping to be preserved. The sophisticated nature of concurrent objects means that linearisability is difficult to judge, and hence, over the years, numerous techniques for verifying lineasizability have been developed using a variety of formal foundations such as data refinement, shape analysis, reduction, etc. However, because the underlying framework, nomenclature, and terminology for each method is different, it has become difficult for practitioners to evaluate the differences between each approach, and hence, evaluate the methodology most appropriate for verifying the data structure at hand. In this article, we compare the major of methods for verifying linearisability, describe the main contribution of each method, and compare their advantages and limitations
Make flows small again: revisiting the flow framework
We present a new flow framework for separation logic reasoning about programs
that manipulate general graphs. The framework overcomes problems in earlier
developments: it is based on standard fixed point theory, guarantees least
flows, rules out vanishing flows, and has an easy to understand notion of
footprint as needed for soundness of the frame rule. In addition, we present
algorithms for automating the frame rule, which we evaluate on graph updates
extracted from linearizability proofs for concurrent data structures. The
evaluation demonstrates that our algorithms help to automate key aspects of
these proofs that have previously relied on user guidance or heuristics
A Sound and Complete Proof Technique for Linearizability of Concurrent Data Structures
Efficient implementations of data structures such as queues, stacks or hash-tables allow for concurrent access by many processes at the same time. To increase concurrency, these algorithms often completely dispose with locking, or only lock small parts of the structure. Linearizability is the standard correctness criterion for such a scenario—where a concurrent object is linearizable if all of its operations appear to take effect instantaneously some time between their invocation and return.
The potential concurrent access to the shared data structure tremendously increases the complexity of the verification problem, and thus current proof techniques for showing linearizability are all tailored to specific types of data structures. In previous work, we have shown how simulation-based proof conditions for linearizability can be used to verify a number of subtle concurrent algorithms. In this article, we now show that conditions based on backward simulation can be used to show linearizability of every linearizable algorithm, that is, we show that our proof technique is both sound and complete. We exemplify our approach by a linearizability proof of a concurrent queue, introduced in Herlihy and Wing's landmark paper on linearizability. Except for their manual proof, none of the numerous other approaches have successfully treated this queue.
Our approach is supported by a full mechanisation: both the linearizability proofs for case studies like the queue, and the proofs of soundness and completeness have been carried out with an interactive prover, which is KIV
Computer Aided Verification
The open access two-volume set LNCS 11561 and 11562 constitutes the refereed proceedings of the 31st International Conference on Computer Aided Verification, CAV 2019, held in New York City, USA, in July 2019. The 52 full papers presented together with 13 tool papers and 2 case studies, were carefully reviewed and selected from 258 submissions. The papers were organized in the following topical sections: Part I: automata and timed systems; security and hyperproperties; synthesis; model checking; cyber-physical systems and machine learning; probabilistic systems, runtime techniques; dynamical, hybrid, and reactive systems; Part II: logics, decision procedures; and solvers; numerical programs; verification; distributed systems and networks; verification and invariants; and concurrency
Computer Aided Verification
This open access two-volume set LNCS 10980 and 10981 constitutes the refereed proceedings of the 30th International Conference on Computer Aided Verification, CAV 2018, held in Oxford, UK, in July 2018. The 52 full and 13 tool papers presented together with 3 invited papers and 2 tutorials were carefully reviewed and selected from 215 submissions. The papers cover a wide range of topics and techniques, from algorithmic and logical foundations of verification to practical applications in distributed, networked, cyber-physical, and autonomous systems. They are organized in topical sections on model checking, program analysis using polyhedra, synthesis, learning, runtime verification, hybrid and timed systems, tools, probabilistic systems, static analysis, theory and security, SAT, SMT and decisions procedures, concurrency, and CPS, hardware, industrial applications
Context-Aware Separation Logic
Separation logic is often praised for its ability to closely mimic the
locality of state updates when reasoning about them at the level of assertions.
The prover only needs to concern themselves with the footprint of the
computation at hand, i.e., the part of the state that is actually being
accessed and manipulated. Modern concurrent separation logics lift this local
reasoning principle from the physical state to abstract ghost state. For
instance, these logics allow one to abstract the state of a fine-grained
concurrent data structure by a predicate that provides a client the illusion of
atomic access to the underlying state. However, these abstractions
inadvertently increase the footprint of a computation: when reasoning about a
local low-level state update, one needs to account for its effect on the
abstraction, which encompasses a possibly unbounded portion of the low-level
state. Often this gives the reasoning a global character.
We present context-aware separation logic (CASL) to provide new opportunities
for local reasoning in the presence of rich ghost state abstractions. CASL
introduces the notion of a context of a computation, the part of the concrete
state that is only affected on the abstract level. Contexts give rise to a new
proof rule that allows one to reduce the footprint by the context, provided the
computation preserves the context as an invariant. The context rule complements
the frame rule of separation logic by enabling more local reasoning in cases
where the predicate to be framed is known in advance. We instantiate our
developed theory for the flow framework, which enables local reasoning about
global properties of heap graphs. We then use the instantiation to obtain a
fully local proof of functional correctness for a sequential binary search tree
implementation that is inspired by fine-grained concurrent search structures