Abstract Specifications for Concurrent Maps

  • Shale Xiong
  • Pedro da Rocha Pinto
  • Gian Ntzik
  • Philippa Gardner
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10201)

Abstract

Despite recent advances in reasoning about concurrent data structure libraries, the largest implementations in java.util.concurrent have yet to be verified. The key issue lies in the development of modular specifications, which provide clear logical boundaries between clients and implementations. A solution is to use recent advances in fine-grained concurrency reasoning, in particular the introduction of abstract atomicity to concurrent separation logic reasoning. We present two specifications of concurrent maps, both providing the clear boundaries we seek. We show that these specifications are equivalent, in that they can be built from each other. We show how we can verify client programs, such as a concurrent set and a producer-consumer client. We also give a substantial first proof that the main operations of ConcurrentSkipListMap in java.util.concurrent satisfy the map specification. This work demonstrates that we now have the technology to verify the largest implementations in java.util.concurrent.

References

  1. 1.
    Amighi, A., Blom, S., Huisman, M., Mostowski, W., Zaharieva-Stojanovski, M.: Formal specifications for java’s synchronisation classes. In: Proceedings of PDP 2014, pp. 725–733 (2014)Google Scholar
  2. 2.
    Blom, S., Huisman, M., Zaharieva-Stojanovski, M.: History-based verification of functional behaviour of concurrent programs. In: Calinescu, R., Rumpe, B. (eds.) SEFM 2015. LNCS, vol. 9276, pp. 84–98. Springer, Cham (2015). doi:10.1007/978-3-319-22969-0_6 CrossRefGoogle Scholar
  3. 3.
    Bornat, R., Calcagno, C., O’Hearn, P., Parkinson, M.: Permission accounting in separation logic. In: Proceedings of POPL 2005, pp. 259–270 (2005)Google Scholar
  4. 4.
    da Rocha Pinto, P.: Reasoning with time and data abstractions. Ph.D. thesis, Imperial College London (2017)Google Scholar
  5. 5.
    da Rocha Pinto, P., Dinsdale-Young, T., Dodds, M., Gardner, P., Wheelhouse, M.J.: A simple abstraction for complex concurrent indexes. In: Proceedings of OOPSLA 2011, pp. 845–864 (2011)Google Scholar
  6. 6.
    Rocha Pinto, P., Dinsdale-Young, T., Gardner, P.: TaDA: a logic for time and data abstraction. In: Jones, R. (ed.) ECOOP 2014. LNCS, vol. 8586, pp. 207–231. Springer, Heidelberg (2014). doi:10.1007/978-3-662-44202-9_9 Google Scholar
  7. 7.
    da Rocha Pinto, P., Dinsdale-Young, T., Gardner, P.: Steps in modular specifications for concurrent modules (invited tutorial paper). Electr. Notes. Theor. Comput. Sci. 319, 3–18 (2015)MathSciNetCrossRefMATHGoogle Scholar
  8. 8.
    Rocha Pinto, P., Dinsdale-Young, T., Gardner, P., Sutherland, J.: Modular termination verification for non-blocking concurrency. In: Thiemann, P. (ed.) ESOP 2016. LNCS, vol. 9632, pp. 176–201. Springer, Heidelberg (2016). doi:10.1007/978-3-662-49498-1_8 CrossRefGoogle Scholar
  9. 9.
    Dinsdale-Young, T., Birkedal, L., Gardner, P., Parkinson, M., Yang, H.: Views: compositional reasoning for concurrent programs. In: POPL, pp. 287–300 (2013)Google Scholar
  10. 10.
    Dinsdale-Young, T., Dodds, M., Gardner, P., Parkinson, M.J., Vafeiadis, V.: Concurrent abstract predicates. In: D’Hondt, T. (ed.) ECOOP 2010. LNCS, vol. 6183, pp. 504–528. Springer, Heidelberg (2010). doi:10.1007/978-3-642-14107-2_24 CrossRefGoogle Scholar
  11. 11.
    Dinsdale-Young, T., da Rocha Pinto, P., Andersen, K.J., Birkedal, L.: Caper: automatic verification for fine-grained concurrency. In: Proceedings of ESOP 2017 (2017)Google Scholar
  12. 12.
    Dodds, M., Feng, X., Parkinson, M., Vafeiadis, V.: Deny-guarantee reasoning. In: Castagna, G. (ed.) ESOP 2009. LNCS, vol. 5502, pp. 363–377. Springer, Heidelberg (2009). doi:10.1007/978-3-642-00590-9_26 CrossRefGoogle Scholar
  13. 13.
    Harris, T.L.: A pragmatic implementation of non-blocking linked-lists. In: Welch, J. (ed.) DISC 2001. LNCS, vol. 2180, pp. 300–314. Springer, Heidelberg (2001). doi:10.1007/3-540-45414-4_21 CrossRefGoogle Scholar
  14. 14.
    Heller, S., Herlihy, M., Luchangco, V., Moir, M., Scherer, W.N., Shavit, N.: A lazy concurrent list-based set algorithm. In: Anderson, J.H., Prencipe, G., Wattenhofer, R. (eds.) OPODIS 2005. LNCS, vol. 3974, pp. 3–16. Springer, Heidelberg (2006). doi:10.1007/11795490_3 CrossRefGoogle Scholar
  15. 15.
    Herlihy, M.P., Wing, J.M.: Linearizability: a correctness condition for concurrent objects. ACM Trans. Program. Lang. Syst. 12(3), 463–492 (1990)CrossRefGoogle Scholar
  16. 16.
    Jacobs, B., Piessens, F.: Expressive modular fine-grained concurrency specification. In: Proceedings of POPL 2011, pp. 271–282 (2011)Google Scholar
  17. 17.
    Jung, R., Swasey, D., Sieczkowski, F., Svendsen, K., Turon, A., Birkedal, L., Dreyer, D.: Iris: monoids and invariants as an orthogonal basis for concurrent reasoning. In: Proceedings of POPL 2015, pp. 637–650 (2015)Google Scholar
  18. 18.
    Lea, D., et al.: Java specification request 166: Concurrency utilities (2004)Google Scholar
  19. 19.
    Liang, H., Feng, X.: Modular verification of linearizability with non-fixed linearization points. SIGPLAN Not. 48(6), 459–470 (2013)CrossRefGoogle Scholar
  20. 20.
    Nanevski, A., Ley-Wild, R., Sergey, I., Delbianco, G.A.: Communicating state transition systems for fine-grained concurrent resources. In: Shao, Z. (ed.) ESOP 2014. LNCS, vol. 8410, pp. 290–310. Springer, Heidelberg (2014). doi:10.1007/978-3-642-54833-8_16 CrossRefGoogle Scholar
  21. 21.
    O’Hearn, P.W.: Resources, concurrency, and local reasoning. Theor. Comput. Sci. 375(1-3), 271–307 (2007)Google Scholar
  22. 22.
    O’Hearn, P.W., Rinetzky, N., Vechev, M.T., Yahav, E., Yorsh, G.: Verifying linearizability with hindsight. In: Proceedings of PODC 2010, pp. 85–94 (2010)Google Scholar
  23. 23.
    Pugh, W.: Skip lists: a probabilistic alternative to balanced trees. Commun. ACM 33(6), 668–676 (1990)CrossRefGoogle Scholar
  24. 24.
    Sagiv, Y.: Concurrent operations on b-trees with overtaking. In: Proceedings of PODS 1985, pp. 28–37 (1985)Google Scholar
  25. 25.
    Sergey, I., Nanevski, A., Banerjee, A.: Specifying and verifying concurrent algorithms with histories and subjectivity. In: Vitek, J. (ed.) ESOP 2015. LNCS, vol. 9032, pp. 333–358. Springer, Heidelberg (2015). doi:10.1007/978-3-662-46669-8_14 CrossRefGoogle Scholar
  26. 26.
    Svendsen, K., Birkedal, L.: Impredicative concurrent abstract predicates. In: Shao, Z. (ed.) ESOP 2014. LNCS, vol. 8410, pp. 149–168. Springer, Heidelberg (2014). doi:10.1007/978-3-642-54833-8_9 CrossRefGoogle Scholar
  27. 27.
    Turon, A., Dreyer, D., Birkedal, L.: Unifying refinement and Hoare-style reasoning in a logic for higher-order concurrency. In: Proceedings of ICFP 2013, pp. 377–390 (2013)Google Scholar
  28. 28.
    Vafeiadis, V., Parkinson, M.: A marriage of rely/guarantee and separation logic. In: Caires, L., Vasconcelos, V.T. (eds.) CONCUR 2007. LNCS, vol. 4703, pp. 256–271. Springer, Heidelberg (2007). doi:10.1007/978-3-540-74407-8_18 CrossRefGoogle Scholar
  29. 29.
    Xiong, S., da Rocha Pinto, P., Ntzik, G., Gardner, P.: Abstract specifications for concurrent maps (extended version). Technical Report 2017/1, Department of Computing, Imperial College London (2017). https://www.doc.ic.ac.uk/research/technicalreports/2017/#1

Copyright information

© Springer-Verlag GmbH Germany 2017

Authors and Affiliations

  • Shale Xiong
    • 1
  • Pedro da Rocha Pinto
    • 1
  • Gian Ntzik
    • 1
  • Philippa Gardner
    • 1
  1. 1.Imperial College LondonLondonUK

Personalised recommendations