Skip to main content
SpringerLink
Log in
Book cover

International Conference on Software Engineering and Formal Methods

SEFM 2016: Software Engineering and Formal Methods pp 188–203Cite as

Model Checking Simulation Rules for Linearizability

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 9763))

Abstract

Linearizability is the standard notion of correctness for concurrent objects. A number of approaches have been developed for proving linearizability along with associated tool support. In this paper, we extend the tool support for an existing simulation-based method. We complement the current theorem-prover support with model checking to allow a means of quickly finding problems with an implementation before attempting a full verification. Our model checking approach is novel in that it is used to verify the simulation rules, rather than directly trying to check an object being accessed by a number of threads. As a consequence, verification can be done for an arbitrary number of accessing threads; something that is not possible with existing approaches based on model checking.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    This choice was partly inspired by the use of TLA+ and TLC at Amazon [15, 16].

  2. 2.

    Following [7] we adopt the blocking semantics of Z in which operations are guarded, i.e., unable to occur when their predicate cannot be satisfied [6].

  3. 3.

    Following [7], we assume all values of variables and values in the range of functions that are not explicitly changed by a Z operation, remain unchanged.

  4. 4.

    An example of a nondeterministic operation is an invocation operation that takes an input. Such an operation is nondeterministic on the value of that input.

  5. 5.

    The output of the model checker run can be checked to ensure that this model does not have an empty set of initial states.

  6. 6.

    The notation \(Init \wedge \Box [Op]_{\langle v_1,\ldots ,v_n\rangle }\) describes the module’s behaviours whose initial states satisfy Init and whose state transitions satisfy Op, and specifies that the environment of the module is unable to change the values of \(v_1,\ldots ,v_n\).

  7. 7.

    To save time, we often ran multiple jobs at once, i.e., using one module, at the expense of a smaller state space.

References

  1. Amit, D., Rinetzky, N., Reps, T., Sagiv, M., Yahav, E.: Comparison under abstraction for verifying linearizability. In: Damm, W., Hermanns, H. (eds.) CAV 2007. LNCS, vol. 4590, pp. 477–490. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  2. Burckhardt, S., Dern, C., Musuvathi, M., Tan, R.: Line-up: a complete and automatic linearizability checker. In: PLDI 2010, pp. 330–340. ACM (2010)

    Google Scholar 

  3. Burckhardt, S., Gotsman, A., Musuvathi, M., Yang, H.: Concurrent library correctness on the TSO memory model. In: Seidl, H. (ed.) Programming Languages and Systems. LNCS, vol. 7211, pp. 87–107. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  4. Calcagno, C., Parkinson, M., Vafeiadis, V.: Modular safety checking for fine-grained concurrency. In: Riis Nielson, H., Filé, G. (eds.) SAS 2007. LNCS, vol. 4634, pp. 233–248. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  5. de Moura, L., Owre, S., Rueß, H., Rushby, J., Shankar, N., Sorea, M., Tiwari, A.: SAL 2. In: Alur, R., Peled, D.A. (eds.) CAV 2004. LNCS, vol. 3114, pp. 496–500. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  6. Derrick, J., Boiten, E.: Refinement in Z and Object-Z: Foundations and Advanced Applications, 2nd edn. Springer, London (2014)

    Book  MATH  Google Scholar 

  7. Derrick, J., Schellhorn, G., Wehrheim, H.: Mechanically verified proof obligations for linearizability. ACM Trans. Program. Lang. Syst. 33(1), 4 (2011)

    Article  Google Scholar 

  8. Derrick, J., Schellhorn, G., Wehrheim, H.: Verifying linearisability with potential linearisation points. In: Butler, M., Schulte, W. (eds.) FM 2011. LNCS, vol. 6664, pp. 323–337. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  9. Doherty, S., Groves, L., Luchangco, V., Moir, M.: Formal verification of a practical lock-free queue algorithm. In: de Frutos-Escrig, D., Núñez, M. (eds.) FORTE 2004. LNCS, vol. 3235, pp. 97–114. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  10. Gotsman, A., Musuvathi, M., Yang, H.: Show no weakness: sequentially consistent specifications of TSO libraries. In: Aguilera, M.K. (ed.) DISC 2012. LNCS, vol. 7611, pp. 31–45. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  11. Herlihy, M., Shavit, N.: The Art of Multiprocessor Programming. Morgan Kaufmann, San Francisco (2008)

    Google Scholar 

  12. Herlihy, M., Wing, J.M.: Linearizability: a correctness condition for concurrent objects. ACM Trans. Program. Lang. Syst. 12(3), 463–492 (1990)

    Article  Google Scholar 

  13. Lamport, L.: Specifying Systems: The TLA+ Language and Tools for Hardware and Software Engineers. Addison-Wesley Longman, Boston (2002)

    Google Scholar 

  14. Liu, Y., Chen, W., Liu, Y.A., Sun, J.: Model checking linearizability via refinement. In: Cavalcanti, A., Dams, D.R. (eds.) FM 2009. LNCS, vol. 5850, pp. 321–337. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  15. Newcombe, C.: Why Amazon Chose TLA\(^{ + }\). In: Ait Ameur, Y., Schewe, K.-D. (eds.) ABZ 2014. LNCS, vol. 8477, pp. 25–39. Springer, Heidelberg (2014)

    Chapter  Google Scholar 

  16. Newcombe, C., Rath, T., Zhang, F., Munteanu, B., Brooker, M., Deardeuff, M.: How Amazon Web Services uses formal methods. Commun. ACM 58(4), 66–73 (2015)

    Article  Google Scholar 

  17. Reif, W., Schellhorn, G., Stenzel, K., Balser, M.: Structured specifications and interactive proofs with KIV. In: Automated Deduction, pp. 13–39. Kluwer (1998)

    Google Scholar 

  18. Schellhorn, G., Wehrheim, H., Derrick, J.: A sound and complete proof technique for linearizability of concurrent data structures. ACM Trans. Comput. Logic 15(4), 31:1–31:37 (2014)

    Article  MathSciNet  MATH  Google Scholar 

  19. Smith, G., Derrick, J.: Verifying data refinements using a model checker. Formal Aspects Comput. 18(3), 264–287 (2006)

    Article  MathSciNet  MATH  Google Scholar 

  20. Smith, G., Winter, K.: Model checking action system refinements. Formal Aspects Comput. 21(1–2), 155–186 (2009)

    Article  MATH  Google Scholar 

  21. Spivey, J.M.: The Z Notation: A Reference Manual. Prentice Hall, London (1992)

    MATH  Google Scholar 

  22. Travkin, O., Mütze, A., Wehrheim, H.: SPIN as a linearizability checker under weak memory models. In: Bertacco, V., Legay, A. (eds.) HVC 2013. LNCS, vol. 8244, pp. 311–326. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  23. Treiber, R.K.: Systems programming: Coping with parallelism. Technical report RJ 5118, IBM Almaden Res. Ctr. (1986)

    Google Scholar 

  24. Vafeiadis, V.: Modular fine-grained concurrency verification. Ph.D. thesis, University of Cambridge (2007)

    Google Scholar 

  25. Černý, P., Radhakrishna, A., Zufferey, D., Chaudhuri, S., Alur, R.: Model checking of linearizability of concurrent list implementations. In: Touili, T., Cook, B., Jackson, P. (eds.) CAV 2010. LNCS, vol. 6174, pp. 465–479. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  26. Vechev, M., Yahav, E., Yorsh, G.: Experience with model checking linearizability. In: Păsăreanu, C.S. (ed.) SPIN 2009. LNCS, vol. 5578, pp. 261–278. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  27. Yu, Y., Manolios, P., Lamport, L.: Model checking TLA+ specifications. In: Pierre, L., Kropf, T. (eds.) CHARME 1999. LNCS, vol. 1703, pp. 54–66. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  28. Zhang, S.J.: Scalable automatic linearizability checking. In: ICSE 2011, pp. 1185–1187. ACM (2011)

    Google Scholar 

Download references

Acknowledgements

Thanks to Kirsten Winter for her helpful comments. This work was supported by ARC Discovery Grant DP160102457.

Author information

Authors and Affiliations

  1. School of Information Technology and Electrical Engineering, The University of Queensland, Brisbane, Australia

    Graeme Smith

Authors
  1. Graeme Smith
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Graeme Smith .

Editor information

Editors and Affiliations

  1. IMT - School for Advanced Studies, Lucca, Italy

    Rocco De Nicola

  2. Institute of Computer Languages, TU Wien, Wien, Austria

    Eva Kühn

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Smith, G. (2016). Model Checking Simulation Rules for Linearizability. In: De Nicola, R., Kühn, E. (eds) Software Engineering and Formal Methods. SEFM 2016. Lecture Notes in Computer Science(), vol 9763. Springer, Cham. https://doi.org/10.1007/978-3-319-41591-8_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-41591-8_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-41590-1

  • Online ISBN: 978-3-319-41591-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation