Abstract
Software transactional memory (STM) provides programmers with a high-level programming abstraction for synchronization of parallel processes, allowing blocks of codes that execute in an interleaved manner to be treated as atomic blocks. This atomicity property is captured by a correctness criterion called opacity, which relates the behaviour of an STM implementation to those of a sequential atomic specification. In this paper, we prove opacity of a recently proposed STM implementation: the Transactional Mutex Lock (TML) by Dalessandro et al. For this, we employ two different methods: the first method directly shows all histories of TML to be opaque (proof by induction), using a linearizability proof of TML as an assistance; the second method shows TML to be a refinement of an existing intermediate specification called TMS2 which is known to be opaque (proof by simulation). Both proofs are carried out within interactive provers, the first with KIV and the second with both Isabelle and KIV. This allows to compare not only the proof techniques in principle, but also their complexity in mechanization. It turns out that the second method, already leveraging an existing proof of opacity of TMS2, allows the proof to be decomposed into two independent proofs in the way that the linearizability proof does not.
Article PDF
Similar content being viewed by others
Avoid common mistakes on your manuscript.
References
Attiya H, Gotsman A, Hans S, Rinetzky N (2013) A programming language perspective on transactional memory consistency. In: Fatourou P, Taubenfeld G (eds) PODC’13. ACM, pp 309–318
Attiya H, Gotsman A, Hans S, Rinetzky N (2014) Safety of live transactions in transactional memory: TMS is necessary and sufficient. In: Kuhn F (ed) DISC, volume 8784 of LNCS. Springer, pp 376–390
Anand AS, Shyamasundar RK, Peri S (2016) Opacity proof for CaPR+ algorithm. In: Proceedings of the 17th international conference on distributed computing and networking, ICDCN ’16, New York, NY, USA. ACM, pp 16:1–16:4
Cristal A, Kulahcioglu Ozkan B, Cohen E, Kestor G, Kuru I, Unsal OS, Tasiran S, Mutluergil SO, Elmas T (2015) Verification tools for transactional programs. In: Guerraoui R, Romano P (eds) Transactional memory. Foundations, algorithms, tools, and applications—COST Action Euro-TM IC1001, volume 8913 of lecture notes in computer science. Springer, pp 283–306
Cohen A, O’Leary JW, Pnueli A, Tuttle MR, Zuck LD (2007) Verifying correctness of transactional memories. In: FMCAD, Washington, DC, USA. IEEE Computer Society, pp 37–44
Dongol B, Derrick J (2015) Verifying linearisability: a comparative survey. ACM Comput Surv 48(2): 19
Dalessandro L, Dice D, Scott ML, Shavit N, Spear MF (2010) Transactional mutex locks. In: D’Ambra P, Guarracino MR, Talia D (eds) Euro-Par (2), volume 6272 of LNCS. Springer, pp 2–13
Derrick J, Dongol B, Schellhorn G, Travkin O, Wehrheim H (2015) Verifying opacity of a transactional mutex lock. In: FM, volume 9109 of LNCS. Springer, pp 161–177
Doherty S, Groves L, Luchangco V, Moir M (2004) Formal verification of a practical lock-free queue algorithm. In: FORTE, volume 3235 of LNCS. Springer, pp 97–114
Doherty S, Groves L, Luchangco V, Moir M (2013) Towards formally specifying and verifying transactional memory. Formal Asp Comput 25(5): 769–799
Dice D, Shalev O, Shavit N (2006) Transactional locking II. In: Dolev S (ed) DISC, volume 4167 of LNCS. Springer, pp 194–208
Dalessandro L, Spear MF, Scott ML (2010) Norec: streamlining STM by abolishing ownership records. In: Govindarajan R, Padua DA, Hall MW (eds) PPoPP. ACM, pp 67–78
Derrick J, Schellhorn G, Wehrheim H (2011) Verifying linearisabilty with potential linearisation points. In: Proceedings formal methods (FM), LNCS 6664. Springer, pp 323–337
Emmi M, Majumdar R, Manevich R (2010) Parameterized verification of transactional memories. SIGPLAN Not 45(6): 134–145
Ernst G, Pfähler J, Schellhorn G, Haneberg D, Reif W (2015) KIV: overview and VerifyThis competition. Int J Softw Tools Technol Transfer 17(6):677–694. doi:10.1007/s10009-014-0308-3
Guerraoui R, Henzinger TA, Singh V (2008) Completeness and nondeterminism in model checking transactional memories. In: van Breugel F, Chechik M (eds) CONCUR. Springer, pp 21–35
Guerraoui R, Henzinger TA, Singh V (2010) Model checking transactional memories. Distrib Comput 22(3): 129–145
Guerraoui R, Kapalka M (2008) On the correctness of transactional memory. In: Chatterjee S, Scott ML (eds) PPOPP. ACM, pp 175–184
Guerraoui R, Kapalka M (2010) Principles of transactional memory. Synthesis lectures on distributed computing theory. Morgan & Claypool Publishers, San Rafael
Herlihy M, Luchangco V, Moir M, Scherer III WN (2003) Software transactional memory for dynamic-sized data structures. In: PODC. ACM, pp 92–101
Harris T, Larus JR, Rajwar R (2010) Transactional memory. In: Synthesis lectures on computer architecture, 2nd edn. Morgan & Claypool Publishers, San Rafael
Herlihy M, Wing JM (1990) Linearizability: a correctness condition for concurrent objects. ACM TOPLAS 12(3): 463–492
Imbs D, Raynal M (2012) Virtual world consistency: a condition for STM systems (with a versatile protocol with invisible read operations). Theor Comput Sci 444: 113–127
Lamport L (1979) How to make a multiprocessor computer that correctly executes multiprocess programs. IEEE Trans Comput 28(9): 690–691
Lesani M (2014) On the correctness of transactional memory algorithms. Ph.D. thesis, UCLA
Lesani M, Luchangco V, Moir M (2012) A framework for formally verifying software transactional memory algorithms. In: Koutny M, Ulidowski I (eds) CONCUR 2012. Springer, Berlin, pp 516–530
Lesani M, Luchangco V, Moir M (2012) Putting opacity in its place. In: Workshop on the theory of transactional memory
Lesani M, Palsberg J (2013) Proving non-opacity. In: Afek Y (ed) DISC, volume 8205 of LNCS. Springer, pp 106–120
Lesani M, Palsberg J (2014) Decomposing opacity. In: Kuhn F (ed) DISC, volume 8784 of LNCS. Springer, pp 391–405
Lynch NA, Tuttle MR (1987) Hierarchical correctness proofs for distributed algorithms. In: PODC, New York, NY, USA. ACM, pp 137–151
Lynch N, Vaandrager F (1995) Forward and backward simulations. Inf Comput 121(2): 214–233
Li Y, Zhang Y, Chen Y-Y, Fu M (2010) Formal reasoning about lazy-STM programs. J Comput Sci Technol 25(4): 841–852
Müller O (1998) I/O Automata and beyond: temporal logic and abstraction in Isabelle. In: Grundy J, Newey M (eds) TPHOLs. Springer, Berlin, pp 331–348
Nipkow T, Paulson LC, Wenzel M (2002) Isabelle/HOL— a proof assistant for higher-order logic, volume 2283 of LNCS. Springer
Owre S, Rushby JM, Shankar N (1992) PVS: A prototype verification system. In: Kapur D (ed) Automated deduction—CADE-11, 11th international conference on automated deduction, Saratoga Springs, NY, USA, June 15–18, 1992, proceedings, volume 607 of LNCS. Springer, pp 748–752
Papadimitriou CH (1979) The serializability of concurrent database updates. J ACM 26(4): 631–653
Schellhorn G, Derrick J, Wehrheim H (2014) A sound and complete proof technique for linearizability of concurrent data structures. ACM Trans Comput Log 15(4):31:1–31:37
Spear MF, Michael MM, von Praun C (2008) RingSTM: scalable transactions with a single atomic instruction. In: Proceedings of the twentieth annual symposium on parallelism in algorithms and architectures. ACM, pp 275–284
Verification of opacity of a Transactional Mutex Lock with KIV and Isabelle, 2016. http://www.informatik.uni-augsburg.de/swt/projects/Opacity-TML.html
Vafeiadis V (2007) Modular fine-grained concurrency verification. Ph.D. thesis, University of Cambridge
Wenzel M (2002) Isabelle/Isar-a versatile environment for human-readable formal proof documents. Ph.D. thesis, Institut für Informatik, Technische Universität München
Author information
Authors and Affiliations
Corresponding author
Additional information
Frank de Boer, Nikolaj Bjorner, Andrew Butterfield and Jim Woodcock
Rights and permissions
Open Access This article is distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made.
About this article
Cite this article
Derrick, J., Doherty, S., Dongol, B. et al. Mechanized proofs of opacity: a comparison of two techniques. Form Asp Comp 30, 597–625 (2018). https://doi.org/10.1007/s00165-017-0433-3
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00165-017-0433-3