Faster linearizability checking via PP-compositionality

Linearizability is a well-established consistency and correctness criterion for concurrent data types. An important feature of linearizability is Herlihy and Wing's locality principle, which says that a concurrent system is linearizable if and only if all of its constituent parts (so-called objects) are linearizable. This paper presents $P$-compositionality, which generalizes the idea behind the locality principle to operations on the same concurrent data type. We implement $P$-compositionality in a novel linearizability checker. Our experiments with over nine implementations of concurrent sets, including Intel's TBB library, show that our linearizability checker is one order of magnitude faster and/or more space efficient than the state-of-the-art algorithm.Comment: 15 pages, 2 figure

Tuberculosis patients and resilience: A visual ethnographic health study in Khayelitsha, Cape Town.

Khayelitsha, one of the biggest and poorest townships in South Africa, has a well-resourced tuberculosis (TB) programme with an interdisciplinary approach addressing the medical, social, and economic forces impacting TB care. Nevertheless, the area remains burdened with one of the highest TB rates in the world. Using a resilience-based approach, we conducted a critical ethnographic study to develop deeper insights into the complexities of patients' experiences with TB and care. Between October 2014 and March 2015, we approached 30 TB patients, 10 health-care workers, 10 pastors, and 10 traditional healers, using participant observation, in-depth interviews, and focus group discussions. In addition, seven key informants were filmed on a daily basis by the lead researcher. The work reported here (both text and short videos) illustrates the various manifestations of resilience that patients demonstrated and how these impacted on decisions involving treatment seeking and adherence. We have synthesized the data into the following inter-related themes: TB aetiologies and treatment; the embodied experience of TB treatment; alcohol consumption; financial constraints; and support and stigma. The findings from this research highlight patients' strategies for adapting to adversities, such as pausing TB treatment when lacking food to avoid becoming psychotic, consuming alcohol to better cope, obtaining social grants, and avoiding stigmatizing attitudes. Some manifestations of resilience may interact and, inadvertently, undermine TB patients' health. Other aspects of resilience, such as strong community ties, elicited long-term health benefits. TB programs would benefit from a resilience-building approach that builds on pre-existing strengths and vulnerabilities of TB patients and their communities. With the use of short videos, we provided patients with an alternative path for expressing their experiences, which we hope will support synergies between patients, researchers, and policy-makers for improved TB programmes

Nonblocking algorithms and backward simulation

Abstract. Optimistic and nonblocking concurrent algorithms are increasingly finding their way into practical use; an important example is software transactional memory implementations. Such algorithms are notoriously difficult to design and verify as correct, and we believe complete, formal, and machine-checked correctness proofs for such algorithms are critical. We have been studying the use of automated tools such as the PVS theorem proving system to model algorithms and their specifications using formalisms such as I/O automata, and using simulation proof techniques to show the algorithms implement their specifications. While it has been relatively rare in the past, optimistic and nonblocking algorithms often require a special flavour of simulation proof, known as backward simulation. In this paper, we present what we believe is by far the most challenging backward simulation proof achieved to date; this proof was developed and completely checked using PVS.

Formal verification of a lazy concurrent list-based set algorithm

We describe a formal verification of a recent concurrent list-based set algorithm due to Heller et al. The algorithm is optimistic: the add and remove operations traverse the list without locking, and lock only the nodes affected by the operation; the contains operation uses no locks and is wait-free. These properties make the algorithm challenging to prove correct, much more so than simple coarse-grained locking algorithms. We have proved that the algorithm is linearisable using simulation between input/output automata modelling the behaviour of an abstract set and the implementation. The automata and simulation proof obligations are specified and verified using PVS

Shape-Value Abstraction for Verifying Linearizability

Abstract. This paper presents a novel abstraction for heap-allocated data structures that keeps track of both their shape and their contents. By combining this abstraction with thread-local analysis and relyguarantee reasoning, we can verify a collection of fine-grained blocking and non-blocking concurrent algorithms for an arbitrary (unbounded) number of threads. We prove that these algorithms are linearizable, namely equivalent (modulo termination) to their sequential counterparts.

Simplifying linearizability proofs with reduction and abstraction

Abstract. The typical proof of linearizability establishes an abstraction map from the concurrent program to a sequential specification, and identifies the commit points of operations. If the concurrent program uses fine-grained concurrency and complex synchronization, constructing such a proof is difficult. We propose a sound proof system that significantly simplifies the reasoning about linearizability. Linearizability is proved by transforming an implementation into its specification within this proof system. The proof system combines reduction and abstraction, which increase the granularity of atomic actions, with variable introduction and hiding, which relate the synchronization mechanism of the implementation to that of the specification. We construct the abstraction map incrementally, and eliminate the need to reason about the location of commit points in the implementation. We have implemented our method in the QED verifier and demonstrate its effecacy and practicality on several highly-concurrent examples from the literature.