Mechanized proofs of opacity: A comparison of two techniques

Software transactional memory (STM) provides programmers with a high-level programming abstraction for synchronization of parallel processes, allowing blocks of codes that execute in an interleaved manner to be treated as atomic blocks. This atomicity property is captured by a correctness criterion called opacity, which relates the behaviour of an STM implementation to those of a sequential atomic specification. In this paper, we prove opacity of a recently proposed STM implementation: the Transactional Mutex Lock (TML) by Dalessandro et al. For this, we employ two different methods: the first method directly shows all histories of TML to be opaque (proof by induction), using a linearizability proof of TML as an assistance; the second method shows TML to be a refinement of an existing intermediate specification called TMS2 which is known to be opaque (proof by simulation). Both proofs are carried out within interactive provers, the first with KIV and the second with both Isabelle and KIV. This allows to compare not only the proof techniques in principle, but also their complexity in mechanization. It turns out that the second method, already leveraging an existing proof of opacity of TMS2, allows the proof to be decomposed into two independent proofs in the way that the linearizability proof does not

Correctness and Progress Verification of Non-Blocking Programs

The progression of multi-core processors has inspired the development of concurrency libraries that guarantee safety and liveness properties of multiprocessor applications. The difficulty of reasoning about safety and liveness properties in a concurrent environment has led to the development of tools to verify that a concurrent data structure meets a correctness condition or progress guarantee. However, these tools possess shortcomings regarding the ability to verify a composition of data structure operations. Additionally, verification techniques for transactional memory evaluate correctness based on low-level read/write histories, which is not applicable to transactional data structures that use a high-level semantic conflict detection. In my dissertation, I present tools for checking the correctness of multiprocessor programs that overcome the limitations of previous correctness verification techniques. Correctness Condition Specification (CCSpec) is the first tool that automatically checks the correctness of a composition of concurrent multi-container operations performed in a non-atomic manner. Transactional Correctness tool for Abstract Data Types (TxC-ADT) is the first tool that can check the correctness of transactional data structures. TxC-ADT elevates the standard definitions of transactional correctness to be in terms of an abstract data type, an essential aspect for checking correctness of transactions that synchronize only for high-level semantic conflicts. Many practical concurrent data structures, transactional data structures, and algorithms to facilitate non-blocking programming all incorporate helping schemes to ensure that an operation comprising multiple atomic steps is completed according to the progress guarantee. The helping scheme introduces additional interference by the active threads in the system to achieve the designed progress guarantee. Previous progress verification techniques do not accommodate loops whose termination is dependent on complex behaviors of the interfering threads, making these approaches unsuitable. My dissertation presents the first progress verification technique for non-blocking algorithms that are dependent on descriptor-based helping mechanisms

Proceedings of Formal Methods in Computer Aided Design, FMCAD 2007

Table of Contents: Preface (p. xx) -- Organizing Committee (p. xxi) -- Program Committee (p. xix) -- Referees (p. xxiv) -- SAT-BASED METHODS -- Exploiting Resolution Proofs to Speed up LTL Vacuity Detection for BMC / by Jocelyn Simmonds, University of Toronto; Jessica Davies, University of Toronto; Arie Gurfinkel, SEI at Carnegie Mellon University; and Marsha Chechik, University of Toronto (p. 3) -- Improved Design Debugging using Maximum Satisfiability / by Sean Safarpour, University of Toronto; Mark Liffiton, University of Michigan; Hratch Mangassarian, University of Toronto; Andreas Veneris, University of Toronto; and Karem Sakallah, University of Michigan (p. 13) -- Industrial Strength SAT-based Alignability Algorithm for Hardware Equivalence Verification / by Daher Kaiss, Marcelo Skaba, Ziyad Hanna, and Zurah Khasidashvili, Intel IDC (p. 20) -- Boosting Verification by Automatic Tuning of Decision Procedures / by Frank Hutter, Domagoj Babic, Holger Hoos, and Alan Hu, University of British Columbia (p. 27) -- HIGH-LEVEL SYSTEM ANALYSIS -- Verifying Correctness of Transactional Memories / by Ariel Cohen, New York University; John O’Leary, Intel; Amir Pnueli, New York University; Mark Tuttle, Intel; and Lenore Zuck, University of Illinois at Chicago (p. 37) -- Algorithmic Analysis of Piecewise FIFO Systems / by Naghmeh Ghafari, University of Waterloo; Arie Gurfinkel, Carnegie Mellon University; Nils Klarlund, Google; and Richard Trefler, University of Waterloo (p. 45) -- Transaction Based Modeling and Verification of Hardware Protocol Implementations / by Xiaofang Chen, University of Utah; Steven German, IBM; and Ganesh Gopalakrishnan, University of Utah (p. 53) -- Automating Hazard Checking in Transaction-Level Microarchitecture Models / by Yogesh Mahajan and Sharad Malik, Princeton University (p. 62) -- ABSTRACTION-BASED METHODS -- Computing Abstractions by Integrating BDDs and SMT / by Roberto Cavada, FBK-irst; Alessandro Cimatti, FNK-irst; Anders Franzen, FBK-irst; Kalyanasundaram Krishnamani, TIFR-Mumbai & FBK-irst; Marco Roveri, FBK-irst; and R.K. Shyamasundar, TIFR-Mumbai (p. 69) -- Induction in CEGAR for Detecting Counterexamples / by Chao Wang, Aarti Gupta, and Franjo Ivancic, NEC Labs America (p. 77) -- Lifting Propositional Interpolants to the Word-Level / by Daniel Kroening and Georg Weissenbacher, ETH Zurich (p. 85) -- SOFTWARE ANALYSIS METHODS -- Global Optimization of Compositional Systems / by Fadi Zaraket, John Pape, Adnan Aziz, Margarida Jacome, and Sarfraz Khurshid, University of Texas at Austin (p. 93) -- Cross-Entropy Based Testing / by Hana Chockler, Benny Godlin, Eitan Farchi, and Sergey Novikov, IBM Haifa Research Laboratory (p. 101) -- SYMBOLIC TRAJECTORY EVALUATION -- Automatic Abstraction Refinement for Generalized Symbolic Trajectory Evaluation / by Yan Chen, Yujing He, and Fei Xie, Portland State University; and Jin Yang, Intel (p. 111) -- A Logic for GSTE / by Edward Smith, Oxford University (p. 119) -- Automatic Abstraction in Symbolic Trajectory Evaluation / by Sara Adams, Magnus Bjork, and Tom Melham, Oxford University; and Carl-Johan Seger, Strategic CAD Labs, Intel (p. 127) -- SPECIFICATION THEORY -- A Coverage Analysis for Safety Property Lists / by Koen Claessen, Chalmers University of Technology (p. 139) -- What Triggers a Behavior? / by Orna Kupferman and Yoad Lustig, Hebrew University (p. 146) -- Two-Dimensional Regular Expressions for Compositional Bus Protocols / by Kathi Fisler, WPI Department of Computer Science (p. 154) -- A Quantitative Completeness Analysis for Property-Sets / by Martin Oberkönig, Martin Schickel, and Hans Eveking, Darmstadt University of Technology (p. 158) -- INDUSTRIAL-STRENGTH VERIFICATION -- Automated Extraction of Inductive Invariants to Aid Model Checking / by Michael Case, Alan Mishchenko, and Robert Brayton, University of California, Berkeley (p. 165) -- Checking Safety by Inductive Generalization of Counterexamples to Induction / by Aaron Bradley and Zohar Manna, Stanford University (p. 173) -- Fast Minimum Register Retiming Via Binary Maximum-Flow / by Aaron Hurst, Alan Mishchenko, and Robert Brayton, University of California, Berkeley (p. 181) -- Formal Verification of Partial Good Self-Test Fencing Structures / by Adrian Seigler, Gary Van Huben, and Hari Mony, IBM (p. 188) -- Case Study: Integrating FV and DV within the Verification of Intel® Core ™ Microprocessor / by Alon Flaisher, Alon Gluska, and Eli Singerman, Intel (p. 192) -- REASONING ABOUT PHYSICAL SYSTEMS -- Circuit-Level Verification of a High-Speed Toggle / by Chao Yan and Mark R. Greenstreet, University of British Columbia (p. 199) -- Combining Symbolic Simulation and Interval Arithmetic for the Verification of AMS Designs / by Mohamed Zaki, Ghiath Al Sammane, and Sofiene Tahar, Concordia University, Montreal; and Guy Bois, Ecole Polytechnique de Montreal (p. 207) -- Analyzing Gene Relationships for Down Syndrome with Labeled Transitions Graphs / by Neha Rungta, Brigham Young University; Hyrum Carroll, Brigham Young University; Eric Mercer, Brigham Young University; Randall Roper, Indiana University-Purdue University Indianapolis; Mark Clement, Brigham Young University; and Quinn Snell, Brigham Young University (p. 216) -- ADVANCED THEOREM-PROVING APPLICATIONS -- A Formal Model of Clock Domain Crossing and Automated Verification of Time-Triggered Hardware / by Julien Schmaltz, Radboud University Nijmegen (p. 223) -- Modeling Time-Triggered Protocols and Verifying their Real-Time Schedules / by Lee Pike, Galois (p. 231) -- A Mechanized Refinement Framework for Analysis of Custom Memories / by Sandip Ray, University of Texas at Austin; and Jayanta Bhadra, Freescale Semiconductor (p. 239) -- Author Index (p. 243)11-14 November, 2007 in Austin, Texashttp://www.cs.utexas.edu/users/hunt/FMCAD/Computer Science