Advertisement

Checking Linearizability of Encapsulated Extended Operations

  • Oren Zomer
  • Guy Golan-Gueta
  • G. Ramalingam
  • Mooly Sagiv
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8410)

Abstract

Linearizable objects (data-structures) provide operations that appear to execute atomically. Modern mainstream languages provide many linearizable data-structures, simplifying concurrent programming. In practice, however, programmers often find a need to execute a sequence of operations (on linearizable objects) that executes atomically and write extended operations for this purpose. Such extended operations are a common source of atomicity bugs.

This paper focuses on the problem of verifying that a set of extension operations (to a linearizable library) are themselves linearizable. We present several reduction theorems that simplify this verification problem enabling more efficient verification.

We first introduce the notion of an encapsulated extension: this is an extension that (a) does not introduce new shared state (beyond the shared state in the base linearizable library), and (b) accesses or modifies the shared state only through the base operations. We show that encapsulated extensions are widely prevalent in real applications.

We show that linearizability of encapsulated extended operations can be verified by considering only histories with one occurrence of an extended operation, interleaved with atomic occurrences of base and extended operations. As a consequence, this verification needs to consider only histories with two threads, whereas general linearizability verification requires considering histories with an unbounded number of threads.

We show that when the operations satisfy certain properties, each extended operation can be verified independently of the others, enabling further reductions.

We have implemented a simple static analysis algorithm that conservatively verifies linearizabilty of encapsulated extensions of Java concurrent maps. We present empirical results illustrating the benefits of the reduction theorems.

Keywords

concurrency linearizability atomicity verification composition extension 

References

  1. 1.
    Shacham, O., Bronson, N.G., Aiken, A., Sagiv, M., Vechev, M.T., Yahav, E.: Testing atomicity of composed concurrent operations. In: OOPSLA, pp. 51–64 (2011)Google Scholar
  2. 2.
    Herlihy, M.P., Wing, J.M.: Linearizability: a correctness condition for concurrent objects. TOPLAS 12(3) (1990)Google Scholar
  3. 3.
    Alur, R., McMillan, K.L., Peled, D.: Model-checking of correctness conditions for concurrent objects. Inf. Comput. 160(1-2), 167–188 (2000)CrossRefzbMATHMathSciNetGoogle Scholar
  4. 4.
    Zomer, O., Golan-Gueta, G., Ramalingam, G., Sagiv, M.: Checking linearizability of encapsulated extended operations. Technical report, Tel Aviv University (2013), http://www.cs.tau.ac.il/~ggolan/papers/ESOP14TechRep.pdf
  5. 5.
    Shacham, O.: Verifying Atomicity of Composed Concurrent Operations. PhD thesis, Tel Aviv University (2012)Google Scholar
  6. 6.
    Golan-Gueta, G., Ramalingam, G., Sagiv, M., Yahav, E.: Concurrent libraries with foresight. In: PLDI, pp. 263–274 (2013)Google Scholar
  7. 7.
    Hoare, C.A.R.: Towards a theory of parallel programming. Operating System Techniques (1972)Google Scholar
  8. 8.
    Jones, C.B.: Specification and design of (parallel) programs. In: IFIP Congress (1983)Google Scholar
  9. 9.
    Clarke Jr., E.: Synthesis of resource invariants for concurrent programs. TOPLAS 2(3), 338–358 (1980)CrossRefzbMATHGoogle Scholar
  10. 10.
    Flanagan, C., Qadeer, S.: Thread-modular model checking. In: Ball, T., Rajamani, S.K. (eds.) SPIN 2003. LNCS, vol. 2648, pp. 213–224. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  11. 11.
    Gotsman, A., Berdine, J., Cook, B., Sagiv, M.: Thread-modular shape analysis. In: Proceedings of the 2007 ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2007, pp. 266–277. ACM, New York (2007)CrossRefGoogle Scholar
  12. 12.
    Filipovic, I., O’Hearn, P., Rinetzky, N., Yang, H.: Abstraction for concurrent objects. Theoretical Computer Science 411(51-52), 4379–4398 (2010)CrossRefzbMATHMathSciNetGoogle Scholar
  13. 13.
    Ball, T., Burckhardt, S., Coons, K.E., Musuvathi, M., Qadeer, S.: Preemption sealing for efficient concurrency testing. In: Esparza, J., Majumdar, R. (eds.) TACAS 2010. LNCS, vol. 6015, pp. 420–434. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  14. 14.
    Flanagan, C., Qadeer, S.: A type and effect system for atomicity. In: PLDI, pp. 338–349 (2003)Google Scholar
  15. 15.
    Musuvathi, M., Qadeer, S.: Iterative context bounding for systematic testing of multithreaded programs. In: PLDI, pp. 446–455 (2007)Google Scholar
  16. 16.
    Elmas, T., Qadeer, S., Tasiran, S.: A calculus of atomic actions. In: POPL, pp. 2–15 (2009)Google Scholar
  17. 17.
    Elmas, T., Tasiran, S., Qadeer, S.: Vyrd: verifying concurrent programs by runtime refinement-violation detection. In: PLDI, pp. 27–37 (2005)Google Scholar
  18. 18.
    Burckhardt, S., Dern, C., Musuvathi, M., Tan, R.: Line-up: a complete and automatic linearizability checker. In: PLDI, pp. 330–340 (2010)Google Scholar
  19. 19.
    Vafeiadis, V., Herlihy, M., Hoare, T., Shapiro, M.: Proving correctness of highly-concurrent linearisable objects. In: PPoPP (2006)Google Scholar
  20. 20.
    Doherty, S., Groves, L., Luchangco, V., Moir, M.: Formal verification of a practical lock-free queue algorithm. In: de Frutos-Escrig, D., Núñez, M. (eds.) FORTE 2004. LNCS, vol. 3235, pp. 97–114. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  21. 21.
    Colvin, R., Groves, L., Luchangco, V., Moir, M.: Formal verification of a lazy concurrent list-based set algorithm. In: Ball, T., Jones, R.B. (eds.) CAV 2006. LNCS, vol. 4144, pp. 475–488. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  22. 22.
    Gao, H., Hesselink, W.H.: A formal reduction for lock-free parallel algorithms. In: Alur, R., Peled, D.A. (eds.) CAV 2004. LNCS, vol. 3114, pp. 44–56. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  23. 23.
    Amit, D., Rinetzky, N., Reps, T.W., Sagiv, M., Yahav, E.: Comparison under abstraction for verifying linearizability. In: Damm, W., Hermanns, H. (eds.) CAV 2007. LNCS, vol. 4590, pp. 477–490. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  24. 24.
    Cousot, P., Cousot, R.: Abstract interpretation: A unified lattice model for static analysis of programs by construction of approximation of fixed points. In: POPL, pp. 238–252 (1977)Google Scholar
  25. 25.
    Berdine, J., Lev-Ami, T., Manevich, R., Ramalingam, G., Sagiv, M.: Thread quantification for concurrent shape analysis. In: Gupta, A., Malik, S. (eds.) CAV 2008. LNCS, vol. 5123, pp. 399–413. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  26. 26.
    Manevich, R., Lev-Ami, T., Sagiv, M., Ramalingam, G., Berdine, J.: Heap decomposition for concurrent shape analysis. In: Alpuente, M., Vidal, G. (eds.) SAS 2008. LNCS, vol. 5079, pp. 363–377. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  27. 27.
    Vafeiadis, V.: Automatically proving linearizability. In: Touili, T., Cook, B., Jackson, P. (eds.) CAV 2010. LNCS, vol. 6174, pp. 450–464. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  28. 28.
    Turon, A.: Reagents: expressing and composing fine-grained concurrency. In: PLDI, pp. 157–168 (2012)Google Scholar
  29. 29.
    Hawkins, P., Aiken, A., Fisher, K., Rinard, M.C., Sagiv, M.: Concurrent data representation synthesis. In: PLDI, pp. 417–428 (2012)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  • Oren Zomer
    • 1
  • Guy Golan-Gueta
    • 1
  • G. Ramalingam
    • 2
  • Mooly Sagiv
    • 1
  1. 1.Tel Aviv UniversityTel AvivIsrael
  2. 2.Microsoft ResearchBangaloreIndia

Personalised recommendations