Verifying atomic data types

  • Jeannette M. Wing
Technical Contributions
Part of the Lecture Notes in Computer Science book series (LNCS, volume 430)


Atomic transactions are a widely-accepted technique for organizing computation in fault-tolerant distributed systems. In most languages and systems based on transactions, atomicity is implemented through atomic objects, typed data objects that provide their own synchronization and recovery. Hence, atomicity is the key correctness condition required of a data type implementation. This paper presents a technique for verifying the correctness of implementations of atomic data types. The novel aspect of this technique is the extension of Hoare's abstraction function to map to a set of sequences of abstract operations, not just to a single abstract value. We give an example of a proof for an atomic queue implemented in a real programming language, Avalon/C++.


Atomicity program verification fault-tolerance transactions distributed systems abstract data types 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [1]
    M. Abadi and L. Lamport. The Existence of Refinement Mappings. Technical Report 29, DEC Systems Research Center, August, 1988.Google Scholar
  2. [2]
    K.R. Apt, N. Francez, and W.P. DeRoever. A Proof System for Communicating Sequential Processes. ACM Transactions on Programming Languages and Systems 2(3):359–385, July, 1980.CrossRefGoogle Scholar
  3. [3]
    P.A. Bernstein and N. Goodman. A survey of techniques for synchronization and recovery in decentralized computer systems. ACM Computing Surveys 13(2):185–222, June, 1981.CrossRefGoogle Scholar
  4. [4]
    E. Best and B. Randell. A Formal Model of Atomicity in Asynchronous Systems. Acta Informatica 16(1):93–124, 1981.CrossRefGoogle Scholar
  5. [5]
    A. Birrell, J. Guttag, J. Horning, R. Levin. Synchronization Primitives for a Multiprocessor: A Formal Specification. In Proceedings of the Eleventh ACM Symposium on Operating Systems Principles, pages 94–102. ACM/SIGOPS, 1987.Google Scholar
  6. [6]
    D. Bjorner and C.G. Jones (Eds.). Lecture Notes in Computer Science. Volume 61: The Vienna Development Method: the Meta-language. Springer-Verlag, Berlin-Heidelberg-New York, 1978.Google Scholar
  7. [7]
    R.M. Burstall and J.A. Goguen. An Informal Introduction to Specifications Using CLEAR. In Boyer and Moore (editors), The Correctness Problem in Computer Science. Academic Press, 1981.Google Scholar
  8. [8]
    D. L. Detlefs, M. P. Herlihy, and J. M. Wing. Inheritance of Synchronization and Recovery Properties in Avalon/C++. IEEE Computer:57–69, December, 1988.Google Scholar
  9. [9]
    G. Dixon and S.K. Shirvastava. Exploiting Type Inheritance Facilities to Implement Recoverability in Object Based Systems. In Proceedings of the 6th Symposium in Reliability in Distributed Software and Database Systems. March, 1987.Google Scholar
  10. [10]
    K.P. Eswaran, J.N. Gray, R.A. Lone, and I.L. Traiger. The Notion of Consistency and Predicate Locks in a Database System. Communications ACM 19(11):624–633, November, 1976.CrossRefGoogle Scholar
  11. [11]
    J.E. Richardson and M.J. Carey. Programming Constructs for Database System Implementation in EXODUS. In ACM SIGMOD 1987 Annual Conference, pages 208–219. May, 1987.Google Scholar
  12. [12]
    M.P. Herlihy, N.A. Lynch, M. Merritt, and W.E. Weihl. On the correctness of orphan elimination algorithms. In 17th Symposium on Fault-Tolerant Computer Systems. July, 1987. Abbreviated version of MIT/LCS/TM-329.Google Scholar
  13. [13]
    S.J. Garland and J.V. Guttag. Inductive Methods for Reasoning about Abstract Data Types. In Proceedings of the 15th Symposium on Principles of Programming Languages, pages 219–228. January, 1988.Google Scholar
  14. [14]
    J.A. Goguen and J.J. Tardo. An Introduction to OBJ: A Language for Writing and Testing Formal Algebraic Program Specifications. In Proceedings of the Conference on Specifications of Reliable Software, pages 170–189. Boston, MA, 1979.Google Scholar
  15. [15]
    C. Gong and J.M. Wing. Machine-Assisted Proofs of Atomicity. 1989. in preparation.Google Scholar
  16. [16]
    J.V. Guttag, J.J. Horning, and J.M. Wing. The Larch Family of Specification Languages. IEEE Software 2(5):24–36, September, 1985.Google Scholar
  17. [17]
    M.P. Herlihy. A quorum-consensus replication method for abstract data types. ACM Transactions on Computer Systems 4(1), February, 1986.Google Scholar
  18. [18]
    M.P. Herlihy and J.M. Wing. Avalon: Language Support for Reliable Distributed Systems. In The Seventeenth International Symposium on Fault-Tolerant Computing, pages 89–94. July, 1987. Also available as CMU-CS-TR-86-167.Google Scholar
  19. [19]
    M.P. Herlihy and J.M. Wing. Axioms for concurrent objects. In Fourteenth ACM Symposium on Principles of Programming Languages, pages 13–26. January, 1987.Google Scholar
  20. [20]
    C.A.R. Hoare. Proof of Correctness of Data Representations. Acta Informatica 1(1):271–281, 1972.CrossRefGoogle Scholar
  21. [21]
    L. Lamport. Time, clocks, and the ordering of events in a distributed system. Communications of the ACM 21(7):558–565, July, 1978.CrossRefGoogle Scholar
  22. [22]
    L. Lamport. Specifying Concurrent Program Modules. ACM Transactions on Programming Languages and Systems 5(2):190–222, April, 1983.CrossRefGoogle Scholar
  23. [23]
    R.A. Lerner. Specifying Concurrent Programs. 1989. Thesis Proposal.Google Scholar
  24. [24]
    B.H. Liskov, and R. Scheifler. Guardians and actions: linguistic support for robust, distributed programs. Transactions on Programming Languages and Systems 5(3):381–404, July, 1983.CrossRefGoogle Scholar
  25. [25]
    N. Lynch. A Concurrency Control For Resilient Nested Transactions. Technical Report MIT/LCS/TR-285, Laboratory for Computer Science, 1985.Google Scholar
  26. [26]
    N. Lynch and M. Merritt. Introduction to the Theory of Nested Transactions. In Proceedings of the International Conference on Database Theory. Rome, Italy, September, 1986. Sponsored by EATCS and IEEE.Google Scholar
  27. [27]
    N. Lynch and M. Tuttle. Hierarchical Correctness Proofs for Distributed Algorithms. Technical Report MIT/LCS/TR-387, Laboratory for Computer Science, 1987, 1987.Google Scholar
  28. [28]
    Z. Manna and A. Pnueli. Verification of concurrent Programs, Part I: The Temporal Framework. Technical Report STAN-CS-81-836, Dept. of Computer Science, Stanford University, June, 1981.Google Scholar
  29. [29]
    J.E.B. Moss. Nested Transactions: An Approach to Reliable Distributed Computing. Technical Report MIT/LCS/TR-260, Laboratory for Computer Science, April, 1981.Google Scholar
  30. [30]
    R. Nakajima, M. Honda, and H. Nakahara. Hierarchical Program Specification and Verification—A Many-sorted Logical Approach. Acta Informatica 14:135–155, 1980.Google Scholar
  31. [31]
    S. Owicki and D. Gries. Verifying Properties of Parallel Programs: An Axiomatic Approach. Communications of the ACM 19(5):279–285, May, 1976.Google Scholar
  32. [32]
    C.H. Papadimitriou. The serializability of concurrent database updates. Journal of the ACM 26(4):631–653, October, 1979.CrossRefGoogle Scholar
  33. [33]
    D.P. Reed. Implementing atomic actions on decentralized data. ACM Transactions on Computer Systems 1(1):3–23, February, 1983.CrossRefGoogle Scholar
  34. [34]
    A.Z. Spector, J.J. Bloch, D.S. Daniels, R.P. Draves, D. Duchamp, J.L. Eppinger, S.G. Menees, D.S. Thompson. The Camelot Project. Database Engineering 9(4), December, 1986. Also available as Technical Report CMU-CS-86-166, Carnegie Mellon University, November 1986.Google Scholar
  35. [35]
    B. Stroustrup. The C++ Programming Language. Addison Wesley, 1986.Google Scholar
  36. [36]
    W.E. Weihl. Specification and implementation of atomic data types. Technical Report TR-314, MIT Laboratory for Computer Science, March, 1984.Google Scholar
  37. [37]
    W.E. Weihl, and B.H. Liskov. Implementation of resilient, atomic data types. ACM Transactions on Programming Languages and Systems 7(2):244–270, April, 1985.CrossRefGoogle Scholar
  38. [38]
    W.E. Weihl. Local Atomicity Properties: Modular Concurrency Control for Abstract Data Types. Transactions on Programming Languages and Systems 11(2):249–283, April, 1989.Google Scholar
  39. [39]
    C.T. Wilkes and R.J. LeBlanc. Rationale for the design of Aeolus: a systems programming language for an action/object system. Technical Report GIT-ICS-86/12, Georgia Inst. of Tech. School of Information and Computer Science, Dec, 1986.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1990

Authors and Affiliations

  • Jeannette M. Wing
    • 1
  1. 1.School of Computer ScienceCarnegie Melion UniversityPittsburghUSA

Personalised recommendations