Go with the flow: compositional abstractions for concurrent data structures

Krishna, Siddharth; Shasha, Dennis; Wies, Thomas

doi:10.1145/3158125

Cited by 29 publications

(43 citation statements)

References 58 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The proof given here shows that the new framework eliminates the need for the customized concurrent separation logic defined in [24]. We start with a recap of Harris' algorithm adapted from [24].…”

Section: Advanced Flow Reasoning and The Harris Listmentioning

confidence: 99%

“…As we argue in §2, cancellativity is, in general, necessary for local reasoning, and is critical for ensuring that the inflow of a composed graph is uniquely determined. Due to this issue, [24] requires proofs to reason about flow interface equivalence classes. This prevents the general modification of graphs with cyclic structures.…”

Section: Related Workmentioning

confidence: 99%

“…Finally, the proof also requires showing stabilitiy of all intermediate assertions in blue. This is straightforward and follows the proof method used by [24,42], so we omit these details here. var n := head.next 8 9 while (isMarkedRef(n) || r.key < k)…”

Section: D2 Proofmentioning

confidence: 99%

See 2 more Smart Citations

Local Reasoning for Global Graph Properties

Krishna

Summers

Wies

2020

Programming Languages and Systems

Self Cite

View full text Add to dashboard Cite

Separation logics are widely used for verifying programs that manipulate complex heap-based data structures. These logics build on so-called separation algebras, which allow expressing properties of heap regions such that modifications to a region do not invalidate properties stated about the remainder of the heap. This concept is key to enabling modular reasoning and also extends to concurrency. While heaps are naturally related to mathematical graphs, many ubiquitous graph properties are non-local in character, such as reachability between nodes, path lengths, acyclicity and other structural invariants, as well as data invariants which combine with these notions. Reasoning modularly about such graph properties remains notoriously difficult, since a local modification can have side-effects on a global property that cannot be easily confined to a small region. In this paper, we address the question: What separation algebra can be used to avoid proof arguments reverting back to tedious global reasoning in such cases? To this end, we consider a general class of global graph properties expressed as fixpoints of algebraic equations over graphs. We present mathematical foundations for reasoning about this class of properties, imposing minimal requirements on the underlying theory that allow us to define a suitable separation algebra. Building on this theory we develop a general proof technique for modular reasoning about global graph properties over program heaps, in a way which can be integrated with existing separation logics. To demonstrate our approach, we present local proofs for two challenging examples: a priority inheritance protocol and the non-blocking concurrent Harris list. S. Krishna et al. 1 method acquire(p: Node, r: Node) { 2 if (r.next == null) { 3 r.next := p; update(p, -1, r.curr_prio) 4 } else { 5 p.next := r; update(r, -1, p.curr_prio) 6 } 7 } 8 method update(n: Node, from: Int, to: Int) { 9 n.prios := n.prios \ {from} 10 if (to >= 0) n.prios := n.prios ∪ {to} 11 from := n.curr_prio 12 n.curr_prio := max(n.prios ∪ {n.def_prio}) 13 to := n.curr_prio; 14 if (from != to && n.next != null) { 15 update(n.next, from, to) 16 } 17 }

show abstract

Section: Advanced Flow Reasoning and The Harris Listmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Local Reasoning for Global Graph Properties

Krishna

Summers

Wies

2020

Programming Languages and Systems

Self Cite

View full text Add to dashboard Cite

show abstract

“…Finally, there is a lot of general work on proving linearisability [70][71][72], which essentially allows reasoning about fine-grained concurrency by using sequential verification techniques. Our technique, as well as the history-based technique of [67] uses process algebraic linearisation to do so.…”

Section: Related Workmentioning

confidence: 99%

An Abstraction Technique for Verifying Shared-Memory Concurrency

2020

View full text Add to dashboard Cite

Modern concurrent and distributed software is highly complex. Techniques to reason about the correct behaviour of such software are essential to ensure its reliability. To be able to reason about realistic programs, these techniques must be modular and compositional as well as practical by being supported by automated tools. However, many existing approaches for concurrency verification are theoretical and focus primarily on expressivity and generality. This paper contributes a technique for verifying behavioural properties of concurrent and distributed programs that balances expressivity and usability. The key idea of the approach is that program behaviour is abstractly modelled using process algebra, and analysed separately. The main difficulty is presented by the typical abstraction gap between program implementations and their models. Our approach bridges this gap by providing a deductive technique for formally linking programs with their process-algebraic models. Our verification technique is modular and compositional, is proven sound with Coq, and has been implemented in the automated concurrency verifier VerCors. Moreover, our technique is demonstrated on multiple case studies, including the verification of a leader election protocol.

show abstract

“…Page 26 of 1-34. marking algorithm [Yang 2001a], but without any tool support or automation. Recent work on Flows [Krishna et al 2018] allows one to prove the preservation of a rich variety of graph invariants including reachability properties, but requires fixpoint computations that are hard to automate. Methods can operate on a subgraph; under the condition that interfaces [Krishna et al 2018] of these subgraphs are preserved, a view on the caller's graph can be reconstructed.…”

Section: Related Workmentioning

confidence: 99%

Modular verification of heap reachability properties in separation logic

Ter-Gabrielyan

Summers

Müller

2019

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

The correctness of many algorithms and data structures depends on reachability properties, that is, on the existence of chains of references between objects in the heap. Reasoning about reachability is difficult for two main reasons. First, any heap modification may affect an unbounded number of reference chains, which complicates modular verification, in particular, framing. Second, general graph reachability is not supported by SMT solvers, which impedes automatic verification.In this paper, we present a modular specification and verification technique for reachability properties in separation logic. For each method, we specify reachability only locally within the fragment of the heap on which the method operates. A novel form of reachability framing for relatively convex subheaps allows one to extend reachability properties from the heap fragment of a callee to the larger fragment of its caller, enabling precise procedure-modular reasoning. Our technique supports practically important heap structures, namely acyclic graphs with a bounded outdegree as well as (potentially cyclic) graphs with at most one path (modulo cycles) between each pair of nodes. The integration into separation logic allows us to reason about reachability and other properties in a uniform way, to verify concurrent programs, and to automate our technique via existing separation logic verifiers. We demonstrate that our verification technique is amenable to SMT-based verification by encoding a number of benchmark examples into the Viper verification infrastructure.

show abstract

Go with the flow: compositional abstractions for concurrent data structures

Cited by 29 publications

References 58 publications

Local Reasoning for Global Graph Properties

Local Reasoning for Global Graph Properties

An Abstraction Technique for Verifying Shared-Memory Concurrency

Modular verification of heap reachability properties in separation logic

Contact Info

Product

Resources

About