Advertisement

Proving a Non-blocking Algorithm for Process Renaming with TLA\(^+\)

  • Aurélie Hurault
  • Philippe QuéinnecEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11823)

Abstract

Shared-memory concurrent algorithms are well-known for being difficult to write, ill-adapted to test, and complex to prove. Wait-free concurrent objects are a subclass where a process is never prevented from progressing, whatever the other processes are doing (or not doing). Algorithms in this subclass are often non intuitive and among the most complex to prove. This paper presents the analysis and the proof of a wait-free concurrent algorithm that is used to rename processes. By its adaptive and non-blocking nature, the renaming algorithm resists to test, because of the cost of covering all its states and transitions even with a small input set. Thus, a proof has been conducted in Open image in new window and verified with TLAPS, the Open image in new window Proof System. This algorithm is itself based on the assembly of wait-free concurrent objects, the splitters, that separate processes. With just two shared variables and three assignments, a splitter seems a simple object but it is not linearizable. To avoid explicitly in-lining it and dealing with its internal state, the proof of the renaming algorithm relies on replacing the splitter with a sequential specification that is proved correct with TLAPS and verified complete by model-checking on finite instances.

Keywords

Formal verification Non-blocking algorithm Open image in new window 

References

  1. [AM99]
    Afek, Y., Merritt, M.: Fast, wait-free (2k)-renaming. In: 18th Annual ACM Symposium on Principles of Distributed Computing, pp. 105–112 (1999)Google Scholar
  2. [CDLM10]
    Chaudhuri, K., Doligez, D., Lamport, L., Merz, S.: Verifying safety properties with the \({\rm TLA}^+\) proof system. In: Giesl, J., Hähnle, R. (eds.) IJCAR 2010. LNCS (LNAI), vol. 6173, pp. 142–148. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-14203-1_12CrossRefGoogle Scholar
  3. [CER10]
    Chuong, P., Ellen, F., Ramachandran, V.: A universal construction for wait-free transaction friendly data structures. In: 22nd ACM Symposium on Parallelism in Algorithms and Architectures, pp. 335–344 (2010)Google Scholar
  4. [CHQR19]
    Castaneda, A., Hurault, A., Queinnec, P., Roy, M.: Modular machine-checked proofs of concurrent algorithms built from tasks. In: Submitted to DISC 2019 (2019)Google Scholar
  5. [CRR11]
    Castañeda, A., Rajsbaum, S., Raynal, M.: The renaming problem in shared memory systems: an introduction. Comput. Sci. Rev. 5(3), 229–251 (2011)CrossRefGoogle Scholar
  6. [DGH13]
    Drăgoi, C., Gupta, A., Henzinger, T.A.: Automatic linearizability proofs of concurrent objects with cooperating updates. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 174–190. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-39799-8_11CrossRefGoogle Scholar
  7. [GGH05]
    Gao, H., Groote, J.F., Hesselink, W.H.: Lock-free dynamic hash tables with open addressing. Distrib. Comput. 18(1), 21–42 (2005)CrossRefGoogle Scholar
  8. [GH04]
    Gao, H., Hesselink, W.H.: A formal reduction for lock-free parallel algorithms. In: Alur, R., Peled, D.A. (eds.) CAV 2004. LNCS, vol. 3114, pp. 44–56. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-27813-9_4CrossRefGoogle Scholar
  9. [GKR+15]
    Gu, R., et al.: Deep specifications and certified abstraction layers. In: 42nd ACM Symposium on Principles of Programming Languages, pp. 595–608 (2015)Google Scholar
  10. [GR10]
    Gafni, E., Rajsbaum, S.: Recursion in distributed computing. In: Dolev, S., Cobb, J., Fischer, M., Yung, M. (eds.) SSS 2010. LNCS, vol. 6366, pp. 362–376. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-16023-3_30CrossRefGoogle Scholar
  11. [Her91]
    Herlihy, M.: Wait-free synchronization. ACM Trans. Program. Lang. Syst. 13(1), 124–149 (1991)CrossRefGoogle Scholar
  12. [Her93]
    Herlihy, M.: A methodology for implementing highly concurrent objects. ACM Trans. Program. Lang. Syst. 15(5), 745–770 (1993)CrossRefGoogle Scholar
  13. [HQ19]
    Hurault, A., Quéinnec, P.: \({\rm TLA}^+\) proof of Moir-Anderson renaming algorithm (2019). http://hurault.perso.enseeiht.fr/RenamingProof
  14. [HW90]
    Herlihy, M., Wing, J.M.: Linearizability: a correctness condition for concurrent objects. ACM Trans. Program. Lang. Syst. 12(3), 463–492 (1990)CrossRefGoogle Scholar
  15. [JDK08]
    Bug JDK-6785442: ConcurrentLinkedQueue.remove() and poll() can both remove the same element (2008)Google Scholar
  16. [KS11]
    Kshemkalyani, A.D., Singhal, M.: Distributed Computing: Principles, Algorithms, and Systems. Cambridge University Press, Cambridge (2011)zbMATHGoogle Scholar
  17. [Lam86]
    Lamport, L.: On interprocess communication. Distrib. Comput. 1(2), 77–101 (1986)MathSciNetCrossRefGoogle Scholar
  18. [Lam94]
    Lamport, L.: The temporal logic of actions. ACM Trans. Program. Lang. Syst. 16(3), 872–923 (1994)CrossRefGoogle Scholar
  19. [Lam02]
    Lamport, L.: Specifying Systems. Addison Wesley, Boston (2002)zbMATHGoogle Scholar
  20. [Lam09]
    Lamport, L.: The PlusCal algorithm language. In: Leucker, M., Morgan, C. (eds.) ICTAC 2009. LNCS, vol. 5684, pp. 36–60. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-03466-4_2CrossRefGoogle Scholar
  21. [Lam12]
    Lamport, L.: How to write a 21st century proof. J. Fixed Point Theory Appl. 11(1), 43–63 (2012)MathSciNetCrossRefGoogle Scholar
  22. [MA95]
    Moir, M., Anderson, J.H.: Wait-free algorithms for fast, long-lived renaming. Sci. Comput. Program. 25(1), 1–39 (1995)MathSciNetCrossRefGoogle Scholar
  23. [MNSS05]
    Moir, M., Nussbaum, D., Shalev, O., Shavit, N.: Using elimination to implement scalable and lock-free FIFO queues. In: 17th ACM Symposium on Parallelism in Algorithms and Architectures, pp. 253–262 (2005)Google Scholar
  24. [MS98]
    Michael, M.M., Scott, M.L.: Nonblocking algorithms and preemption-safe locking on multiprogrammed shared memory multiprocessors. J. Parallel Distrib. Comput. 51(1), 1–26 (1998)CrossRefGoogle Scholar
  25. [ORV+10]
    O’Hearn, P.W., Rinetzky, N., Vechev, M.T., Yahav, E., Yorsh, G.: Verifying linearizability with hindsight. In: 29th ACM Symposium on Principles of Distributed Computing, pp. 85–94 (2010)Google Scholar
  26. [RR11]
    Rajsbaum, S., Raynal, M.: A theory-oriented introduction to wait-free synchronization based on the adaptive renaming problem. In: 25th IEEE International Conference on Advanced Information Networking and Applications, pp. 356–363 (2011)Google Scholar
  27. [ST97]
    Shavit, N., Touitou, D.: Elimination trees and the construction of pools and stacks. Theory Comput. Syst. 30(6), 645–670 (1997)MathSciNetCrossRefGoogle Scholar
  28. [TP14]
    Timnat, S., Petrank, E.: A practical wait-free simulation for lock-free data structures. In: ACM Symposium on Principles and Practice of Parallel Programming, PPoPP 2014, pp. 357–368 (2014)Google Scholar
  29. [TSR14]
    Tofan, B., Schellhorn, G., Reif, W.: A compositional proof method for linearizability applied to a wait-free multiset. In: Albert, E., Sekerinski, E. (eds.) IFM 2014. LNCS, vol. 8739, pp. 357–372. Springer, Cham (2014).  https://doi.org/10.1007/978-3-319-10181-1_22CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.IRITUniversité de ToulouseToulouseFrance

Personalised recommendations