A separation logic for refining concurrent objects

Turon, Aaron; Wand, Mitchell

doi:10.1145/1925844.1926415

Cited by 15 publications

(12 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Indeed, one might reasonably hope that effects could provide something of a 'simplifying lens', with refined types capturing things that would otherwise be extra model structure or more complex invariants, such that the combination does not lead to further complexity. The use of Brookes's trace model (also used by, for example, Turon and Wand [28]) already seems to bring some simplification compared to transition systems or resumptions.…”

Section: Discussionmentioning

confidence: 99%

Effect-dependent transformations for concurrent programs

Benton

Hofmann

Nigam

2018

Science of Computer Programming

View full text Add to dashboard Cite

We describe a denotational semantics for an abstract effect system for a higher-order, shared-variable concurrent programming language. We prove the soundness of a number of general effectbased program equivalences, including a parallelization equation that specifies sufficient conditions for replacing sequential composition with parallel composition. Effect annotations are relative to abstract locations specified by contracts rather than physical footprints allowing us in particular to show the soundness of some transformations involving fine-grained concurrent data structures, such as Michael-Scott queues, that allow concurrent access to different parts of mutable data structures.Our semantics is based on refining a trace-based semantics for first-order programs due to Brookes. By moving from concrete to abstract locations, and adding type refinements that capture the possible side-effects of both expressions and their concurrent environments, we are able to validate many equivalences that do not hold in an unrefined model. The meanings of types are expressed using a game-based logical relation over sets of traces. Two programs e 1 and e 2 are logically related if one is able to solve a two-player game: for any trace with result value v 1 in the semantics of e 1 (challenge) that the player presents, the opponent can present an (response) equivalent trace in the semantics of e 2 with a logically related result value v 2 .

show abstract

Section: Discussionmentioning

confidence: 99%

Effect-dependent transformations for concurrent programs

Benton

Hofmann

Nigam

2018

Science of Computer Programming

View full text Add to dashboard Cite

show abstract

“…Finally, there is a recent trend to generalise linearisability to general refinement of concurrent objects [10], [26], where the abstract level is not required to execute one abstract operation. We have not yet studied these theoretically interesting generalisations, since they are not needed for our examples.…”

Section: Discussionmentioning

confidence: 99%

How to Prove Algorithms Linearisable

Schellhorn

Wehrheim

Derrick

2012

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Linearisability is the standard correctness criterion for concurrent data structures. In this paper, we present a sound and complete proof technique for linearisability based on backward simulations. We exemplify this technique by a linearisability proof of the queue algorithm presented in Herlihy and Wing's landmark paper. Except for the manual proof by them, none of the many other current approaches to checking linearisability has successfully treated this intricate example. Our approach is grounded on complete mechanisation: the proof obligations for the queue are verified using the interactive prover KIV, and so is the general soundness and completeness result for our proof technique.

show abstract

“…Some authors have have presented constructive methods for developing fine-grained objects, dispensing with linearizability as a proof obligation [Turon and Wand 2011;Liang et al 2012]. Instead, they focus on maintenance of the observable behaviour of the abstract object directly.…”

Section: Linearizability and Observational Refinementmentioning

confidence: 99%

Verifying Linearisability

Dongol

Derrick

2015

ACM Comput. Surv.

View full text Add to dashboard Cite

Linearizability is a key correctness criterion for concurrent data structures, ensuring that each history of the concurrent object under consideration is consistent with respect to a history of the corresponding abstract data structure. Linearizability allows concurrent (i.e., overlapping) operation calls take effect in any order, but requires the real-time order of non-overlapping to be preserved. The sophisticated nature of concurrent objects means that linearizability is difficult to judge, and hence, over the years, numerous techniques for verifying linearizability have been developed using a variety of formal foundations such as data refinement, shape analysis, reduction, etc. However, because the underlying framework, nomenclature and terminology for each method is different, it has become difficult for practitioners to evaluate the differences between each approach, and hence, evaluate the methodology most appropriate for verifying the data structure at hand. In this paper, we compare the major of methods for verifying linearizability, describe the main contribution of each method, and compare their advantages and limitations.

show abstract

A separation logic for refining concurrent objects

Cited by 15 publications

References 32 publications

Effect-dependent transformations for concurrent programs

Effect-dependent transformations for concurrent programs

How to Prove Algorithms Linearisable

Verifying Linearisability

Contact Info

Product

Resources

About