skip to main content

C4: verified transactional objects

Published:29 April 2022Publication History
Skip Abstract Section

Abstract

Transactional objects combine the performance of classical concurrent objects with the high-level programmability of transactional memory. However, verifying the correctness of transactional objects is tricky, requiring reasoning simultaneously about classical concurrent objects, which guarantee the atomicity of individual methods—the property known as linearizability—and about software-transactional-memory libraries, which guarantee the atomicity of user-defined sequences of method calls—or serializability.

We present a formal-verification framework called C4, built up from the familiar notion of linearizability and its compositional properties, that allows proof of both kinds of libraries, along with composition of theorems from both styles to prove correctness of applications or further libraries. We apply the framework in a significant case study, verifying a transactional set object built out of both classical and transactional components following the technique of transactional predication; the proof is modular, reasoning separately about the transactional and nontransactional parts of the implementation. Central to our approach is the use of syntactic transformers on interaction trees—i.e., transactional libraries that transform client code to enforce particular synchronization disciplines. Our framework and case studies are mechanized in Coq.

References

  1. Martín Abadi and Leslie Lamport. 1991. The existence of refinement mappings. Theoretical Computer Science, 82, 2 (1991), 253–284.Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Sarita V Adve and Kourosh Gharachorloo. 1996. Shared memory consistency models: A tutorial. computer, 29, 12 (1996), 66–76.Google ScholarGoogle Scholar
  3. Timos Antonopoulos, Paul Gazzillo, Eric Koskinen, and Zhong Shao. 2016. Vertical Composition of Reversible Atomic Objects.Google ScholarGoogle Scholar
  4. Alasdair Armstrong, Brijesh Dongol, and Simon Doherty. 2017. Proving opacity via linearizability: a sound and complete method. In International Conference on Formal Techniques for Distributed Objects, Components, and Systems. 50–66.Google ScholarGoogle ScholarCross RefCross Ref
  5. Gal Assa, Hagar Meir, Guy Golan-Gueta, Idit Keidar, and Alexander Spiegelman. 2020. Nesting and composition in transactional data structure libraries. In Proceedings of the 25th ACM SIGPLAN Symposium on Principles and Practice of Parallel Programming. 405–406.Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Hagit Attiya, Alexey Gotsman, Sandeep Hans, and Noam Rinetzky. 2017. Characterizing transactional memory consistency conditions using observational refinement. Journal of the ACM (JACM), 65, 1 (2017), 1–44.Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Mark Batty, Mike Dodds, and Alexey Gotsman. 2013. Library abstraction for C/C++ concurrency. ACM SIGPLAN Notices, 48, 1 (2013), 235–248.Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Ahmed Bouajjani, Michael Emmi, Constantin Enea, and Suha Orhun Mutluergil. 2017. Proving linearizability using forward simulations. In International Conference on Computer Aided Verification. 542–563.Google ScholarGoogle ScholarCross RefCross Ref
  9. Nathan G. Bronson, Jared Casper, Hassan Chafi, and Kunle Olukotun. 2010. Transactional predication: high-performance concurrent sets and maps for STM. In Proceedings of the 29th ACM SIGACT-SIGOPS symposium on Principles of distributed computing (PODC ’10). ACM, New York, NY, USA. 6–15. isbn:978-1-60558-888-9 https://doi.org/10.1145/1835698.1835703 Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Andrea Cerone, Alexey Gotsman, and Hongseok Yang. 2014. Parameterised linearisability. In International Colloquium on Automata, Languages, and Programming. 98–109.Google ScholarGoogle Scholar
  11. Adam Chlipala. 2021. Skipping the Binder Bureaucracy with Mixed Embeddings in a Semantics Course (Functional Pearl). Proc. ACM Program. Lang., 5, ICFP (2021), Article 94, aug, 28 pages. https://doi.org/10.1145/3473599 Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Pedro da Rocha Pinto, Thomas Dinsdale-Young, and Philippa Gardner. 2014. TaDA: A logic for time and data abstraction. In European Conference on Object-Oriented Programming. 207–231.Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Luke Dalessandro, Dave Dice, Michael Scott, Nir Shavit, and Michael Spear. 2010. Transactional mutex locks. In European Conference on Parallel Processing. 2–13.Google ScholarGoogle ScholarCross RefCross Ref
  14. Thomas Dickerson, Eric Koskinen, Paul Gazzillo, and Maurice Herlihy. 2019. Conflict Abstractions and Shadow Speculation for Optimistic Transactional Objects. In Asian Symposium on Programming Languages and Systems. 313–331.Google ScholarGoogle Scholar
  15. Simon Doherty, Lindsay Groves, Victor Luchangco, and Mark Moir. 2013. Towards formally specifying and verifying transactional memory. Formal Aspects of Computing, 25, 5 (2013), 769–799.Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Avner Elizarov, Guy Golan-Gueta, and Erez Petrank. 2019. LOFT: lock-free transactional data structures. In Proceedings of the 24th Symposium on Principles and Practice of Parallel Programming. 425–426.Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Michael Emmi and Constantin Enea. 2019. Violat: generating tests of observational refinement for concurrent objects. In International Conference on Computer Aided Verification. 534–546.Google ScholarGoogle ScholarCross RefCross Ref
  18. Xinyu Feng. 2009. Local rely-guarantee reasoning. In POPL ’09.Google ScholarGoogle Scholar
  19. Ivana Filipović, Peter O’Hearn, Noam Rinetzky, and Hongseok Yang. 2010. Abstraction for concurrent objects. Theoretical Computer Science, 411, 51-52 (2010), 4379–4398.Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Guy Golan-Gueta, G. Ramalingam, Mooly Sagiv, and Eran Yahav. 2013. Concurrent Libraries with Foresight. In Proceedings of the 34th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI ’13). ACM, New York, NY, USA. 263–274. isbn:978-1-4503-2014-6 https://doi.org/10.1145/2491956.2462172 Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Alexey Gotsman and Hongseok Yang. 2012. Linearizability with ownership transfer. In International Conference on Concurrency Theory. 256–271.Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Ronghui Gu, Jérémie Koenig, Tahina Ramananandro, Zhong Shao, Xiongnan (Newman) Wu, Shu-Chun Weng, Haozhong Zhang, and Yu Guo. 2015. Deep Specifications and Certified Abstraction Layers. In Proceedings of the 42nd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL ’15). Association for Computing Machinery, New York, NY, USA. 595–608. isbn:9781450333009 https://doi.org/10.1145/2676726.2676975 Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Ronghui Gu, Zhong Shao, Jieung Kim, Xiongnan (Newman) Wu, Jérémie Koenig, Vilhelm Sjöberg, Hao Chen, David Costanzo, and Tahina Ramananandro. 2018. Certified Concurrent Abstraction Layers. In Proceedings of the 39th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI 2018). Association for Computing Machinery, New York, NY, USA. 646–661. isbn:9781450356985 https://doi.org/10.1145/3192366.3192381 Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Rachid Guerraoui. 1995. Modular atomic objects. Theory and Practice of Object Systems, 1, 2 (1995), 89–99.Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Rachid Guerraoui and Michal Kapalka. 2008. On the correctness of transactional memory. In Proceedings of the 13th ACM SIGPLAN Symposium on Principles and practice of parallel programming. 175–184.Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Tim Harris, Simon Marlow, Simon Peyton-Jones, and Maurice Herlihy. 2005. Composable Memory Transactions. In Proceedings of the Tenth ACM SIGPLAN Symposium on Principles and Practice of Parallel Programming (PPoPP ’05). Association for Computing Machinery, New York, NY, USA. 48–60. isbn:1595930809 https://doi.org/10.1145/1065944.1065952 Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Ahmed Hassan, Roberto Palmieri, and Binoy Ravindran. 2014. Optimistic transactional boosting. In Proceedings of the 19th ACM SIGPLAN symposium on Principles and practice of parallel programming. 387–388.Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Chris Hawblitzel, Erez Petrank, Shaz Qadeer, and Serdar Tasiran. 2015. Automated and modular refinement reasoning for concurrent programs. In International Conference on Computer Aided Verification. 449–465.Google ScholarGoogle ScholarCross RefCross Ref
  29. Maurice Herlihy and Eric Koskinen. 2008. Transactional boosting: a methodology for highly-concurrent transactional objects. In Proceedings of the 13th ACM SIGPLAN Symposium on Principles and practice of parallel programming (PPoPP ’08). ACM, New York, NY, USA. 207–216. isbn:978-1-59593-795-7 https://doi.org/10.1145/1345206.1345237 Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. Maurice Herlihy and J. Eliot B. Moss. 1993. Transactional Memory: Architectural Support for Lock-Free Data Structures. In Proceedings of the 20th Annual International Symposium on Computer Architecture (ISCA ’93). Association for Computing Machinery, New York, NY, USA. 289–300. isbn:0818638109 https://doi.org/10.1145/165123.165164 Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. Maurice P. Herlihy and Jeannette M. Wing. 1990. Linearizability: a correctness condition for concurrent objects. ACM Trans. Program. Lang. Syst., 12, 3 (1990), July, 463–492. issn:0164-0925 https://doi.org/10.1145/78969.78972 Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Nathaniel Herman, Jeevana Priya Inala, Yihe Huang, Lillian Tsai, Eddie Kohler, Barbara Liskov, and Liuba Shrira. 2016. Type-aware transactions for faster concurrent code. In Proceedings of the Eleventh European Conference on Computer Systems. 1–16.Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Aquinas Hobor, Andrew W. Appel, and Francesco Zappa Nardelli. 2008. Oracle semantics for concurrent separation logic. In ESOP.Google ScholarGoogle Scholar
  34. Suresh Jagannathan, Vincent Laporte, Gustavo Petri, David Pichardie, and Jan Vitek. 2014. Atomicity refinement for verified compilation. ACM Transactions on Programming Languages and Systems (TOPLAS), 36, 2 (2014), 1–30.Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. Suresh Jagannathan, Jan Vitek, Adam Welc, and Antony Hosking. 2005. A transactional object calculus. Science of Computer Programming, 57, 2 (2005), 164–186.Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. Cliff B. Jones. 1983. Specification and Design of (Parallel) Programs. In Information Processing 83. 9, 321–332.Google ScholarGoogle Scholar
  37. Ralf Jung, Robbert Krebbers, Lars Birkedal, and Derek Dreyer. 2016. Higher-order Ghost State. In Proceedings of the 21st ACM SIGPLAN International Conference on Functional Programming (ICFP 2016). ACM, New York, NY, USA. 256–269. isbn:978-1-4503-4219-3 https://doi.org/10.1145/2951913.2951943 Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. Ralf Jung, David Swasey, Filip Sieczkowski, Kasper Svendsen, Aaron Turon, Lars Birkedal, and Derek Dreyer. 2015. Iris: Monoids and Invariants As an Orthogonal Basis for Concurrent Reasoning. In POPL ’15. 637–650. isbn:978-1-4503-3300-9Google ScholarGoogle Scholar
  39. Nicolas Koh, Yao Li, Yishuai Li, Li yao Xia, Lennart Beringer, Wolf Honore, William Mansky, Benjamin C. Pierce, and Steve Zdancewic. 2019. From C to Interaction Trees: Specifying, Verifying, and Testing a Networked Server. In 8th ACM SIGPLAN International Conference on Certified Programs and Proofs.Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. Bernhard Kragl, Shaz Qadeer, and Thomas A Henzinger. 2020. Refinement for structured concurrent programs. In International Conference on Computer Aided Verification. 275–298.Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. Pierre LaBorde, Lance Lebanoff, Christina Peterson, Deli Zhang, and Damian Dechev. 2019. Wait-Free Dynamic Transactions for Linked Data Structures. In Proceedings of the 10th International Workshop on Programming Models and Applications for Multicores and Manycores (PMAM’19). Association for Computing Machinery, New York, NY, USA. 41–50. isbn:9781450362900 https://doi.org/10.1145/3303084.3309491 Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. Kenneth Lamar, Christina Peterson, and Damian Dechev. 2020. Lock-free transactional vector. In Proceedings of the Eleventh International Workshop on Programming Models and Applications for Multicores and Manycores. 1–10.Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. Douglas Lea. 2000. Concurrent programming in Java: design principles and patterns. Addison-Wesley Professional.Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. Mohsen Lesani, Victor Luchangco, and Mark Moir. 2012. A framework for formally verifying software transactional memory algorithms. In International Conference on Concurrency Theory. 516–530.Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. Mohsen Lesani, Victor Luchangco, and Mark Moir. 2012. Putting opacity in its place. In Workshop on the theory of transactional memory. 137–151.Google ScholarGoogle Scholar
  46. Mohsen Lesani, Todd Millstein, and Jens Palsberg. 2014. Automatic Atomicity Verification for Clients of Concurrent Data Structures. In Proceedings of the 16th International Conference on Computer Aided Verification - Volume 8559. Springer-Verlag New York, Inc., New York, NY, USA. 550–567. isbn:978-3-319-08866-2 https://doi.org/10.1007/978-3-319-08867-9_37 Google ScholarGoogle ScholarDigital LibraryDigital Library
  47. Mohsen Lesani, Li yao Xia, Anders Kaseorg, Christian J. Bell, Adam Chlipala, Benjamin C. Pierce, and Steve Zdancewic. 2022. C4: Verified Transactional Objects. https://doi.org/10.5281/zenodo.6342476 Google ScholarGoogle ScholarDigital LibraryDigital Library
  48. Hongjin Liang and Xinyu Feng. 2013. Modular Verification of Linearizability with Non-fixed Linearization Points. In Proceedings of the 34th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI ’13). ACM, New York, NY, USA. 459–470. isbn:978-1-4503-2014-6 https://doi.org/10.1145/2491956.2462189 Google ScholarGoogle ScholarDigital LibraryDigital Library
  49. Peng Liu, Julian Dolby, and Charles Zhang. 2013. Finding Incorrect Compositions of Atomicity. In Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering (ESEC/FSE 2013). ACM, New York, NY, USA. 158–168. isbn:978-1-4503-2237-9 https://doi.org/10.1145/2491411.2491435 Google ScholarGoogle ScholarDigital LibraryDigital Library
  50. Peng Liu, Omer Tripp, and Xiangyu Zhang. 2014. Flint: Fixing Linearizability Violations. In Proceedings of the 2014 ACM International Conference on Object Oriented Programming Systems Languages & Applications (OOPSLA ’14). ACM, New York, NY, USA. 543–560. isbn:978-1-4503-2585-1 https://doi.org/10.1145/2660193.2660217 Google ScholarGoogle ScholarDigital LibraryDigital Library
  51. N. Lynch and F. Vaandrager. 1995. Forward and Backward Simulations. Information and Computation, 121, 2 (1995), 214 – 233. issn:0890-5401 https://doi.org/10.1006/inco.1995.1134 Google ScholarGoogle ScholarDigital LibraryDigital Library
  52. Erik Meijer, Maarten Fokkinga, and Ross Paterson. 1991. Functional programming with bananas, lenses, envelopes and barbed wire. In Conference on functional programming languages and computer architecture. 124–144.Google ScholarGoogle ScholarCross RefCross Ref
  53. Vijay Menon, Steven Balensiefer, Tatiana Shpeisman, Ali-Reza Adl-Tabatabai, Richard L Hudson, Bratin Saha, and Adam Welc. 2008. Single global lock semantics in a weakly atomic STM. ACM Sigplan Notices, 43, 5 (2008), 15–26.Google ScholarGoogle ScholarDigital LibraryDigital Library
  54. Andrzej S. Murawski and Nikos Tzevelekos. 2019. Higher-order linearisability. Journal of Logical and Algebraic Methods in Programming, 104 (2019), 86–116. issn:2352-2208 https://doi.org/10.1016/j.jlamp.2019.01.002 Google ScholarGoogle Scholar
  55. Aleksandar Nanevski, Ruy Ley-Wild, Ilya Sergey, and Germán Andrés Delbianco. 2014. Communicating State Transition Systems for Fine-Grained Concurrent Resources. In Proceedings of the 23rd European Symposium on Programming Languages and Systems - Volume 8410. Springer-Verlag New York, Inc., New York, NY, USA. 290–310. isbn:978-3-642-54832-1 https://doi.org/10.1007/978-3-642-54833-8_16 Google ScholarGoogle ScholarDigital LibraryDigital Library
  56. Peter W. O’Hearn. 2007. Resources, concurrency, and local reasoning. Theor. Comput. Sci., 375, 1-3 (2007), 271–307.Google ScholarGoogle ScholarDigital LibraryDigital Library
  57. Christos H Papadimitriou. 1979. The serializability of concurrent database updates. Journal of the ACM (JACM), 26, 4 (1979), 631–653.Google ScholarGoogle ScholarDigital LibraryDigital Library
  58. Christina Peterson and Damian Dechev. 2017. A Transactional Correctness Tool for Abstract Data Types. ACM Trans. Archit. Code Optim., 14, 4 (2017), Article 37, Nov., 24 pages. issn:1544-3566 https://doi.org/10.1145/3148964 Google ScholarGoogle ScholarDigital LibraryDigital Library
  59. Azalea Raad, Marko Doko, Lovro Rožić, Ori Lahav, and Viktor Vafeiadis. 2019. On library correctness under weak memory consistency: Specifying and verifying concurrent libraries under declarative consistency models. Proceedings of the ACM on Programming Languages, 3, POPL (2019), 1–31.Google ScholarGoogle ScholarDigital LibraryDigital Library
  60. Gerhard Schellhorn, Heike Wehrheim, and John Derrick. 2012. How to Prove Algorithms Linearisable. In Proceedings of the 24th International Conference on Computer Aided Verification (CAV’12). Springer-Verlag, Berlin, Heidelberg. 243–259. isbn:978-3-642-31423-0 https://doi.org/10.1007/978-3-642-31424-7_21 Google ScholarGoogle ScholarDigital LibraryDigital Library
  61. Michael Scott. 2006. Sequential specification of transactional memory semantics.Google ScholarGoogle Scholar
  62. Peter Sewell, Susmit Sarkar, Scott Owens, Francesco Zappa Nardelli, and Magnus O Myreen. 2010. x86-TSO: a rigorous and usable programmer’s model for x86 multiprocessors. Commun. ACM, 53, 7 (2010), 89–97.Google ScholarGoogle ScholarDigital LibraryDigital Library
  63. Ohad Shacham, Nathan Bronson, Alex Aiken, Mooly Sagiv, Martin Vechev, and Eran Yahav. 2011. Testing atomicity of composed concurrent operations. In Proceedings of the 2011 ACM international conference on Object oriented programming systems languages and applications (OOPSLA ’11). ACM, New York, NY, USA. 51–64. isbn:978-1-4503-0940-0 https://doi.org/10.1145/2048066.2048073 Google ScholarGoogle ScholarDigital LibraryDigital Library
  64. Nir Shavit and Dan Touitou. 1995. Software Transactional Memory. In Proceedings of the Fourteenth Annual ACM Symposium on Principles of Distributed Computing (PODC ’95). Association for Computing Machinery, New York, NY, USA. 204–213. isbn:0897917103 https://doi.org/10.1145/224964.224987 Google ScholarGoogle ScholarDigital LibraryDigital Library
  65. Alexander Spiegelman, Guy Golan-Gueta, and Idit Keidar. 2016. Transactional Data Structure Libraries. In Proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI ’16). ACM, New York, NY, USA. 682–696. isbn:978-1-4503-4261-2 https://doi.org/10.1145/2908080.2908112 Google ScholarGoogle ScholarDigital LibraryDigital Library
  66. Aaron Turon, Viktor Vafeiadis, and Derek Dreyer. 2014. GPS: Navigating Weak Memory with Ghosts, Protocols, and Separation. In Proceedings of the 2014 ACM International Conference on Object Oriented Programming Systems Languages & Applications (OOPSLA ’14). ACM, New York, NY, USA. 691–707. isbn:978-1-4503-2585-1 https://doi.org/10.1145/2660193.2660243 Google ScholarGoogle ScholarDigital LibraryDigital Library
  67. Aaron J Turon, Jacob Thamsborg, Amal Ahmed, Lars Birkedal, and Derek Dreyer. 2013. Logical relations for fine-grained concurrency. In Proceedings of the 40th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages. 343–356.Google ScholarGoogle ScholarDigital LibraryDigital Library
  68. Viktor Vafeiadis and Matthew Parkinson. 2007. A Marriage of Rely/Guarantee and Separation Logic. In CONCUR.Google ScholarGoogle Scholar
  69. Matt Windsor, Mike Dodds, Ben Simner, and Matthew J. Parkinson. 2017. Starling: Lightweight Concurrency Verification with Views. In Computer Aided Verification, Rupak Majumdar and Viktor Kunčak (Eds.). Springer International Publishing, Cham. 544–569. isbn:978-3-319-63387-9Google ScholarGoogle Scholar
  70. Li-yao Xia, Yannick Zakowski, Paul He, Chung-Kil Hur, Gregory Malecha, Benjamin C. Pierce, and Steve Zdancewic. 2020. Interaction trees: representing recursive and impure programs in Coq. Proc. ACM Program. Lang., 4, POPL (2020), 51:1–51:32. https://doi.org/10.1145/3371119 Distinguished paper award Google ScholarGoogle ScholarDigital LibraryDigital Library
  71. Yannick Zakowski, Paul He, Chung-Kil Hur, and Steve Zdancewic. 2020. An Equational Theory for Weak Bisimulation via Generalized Parameterized Coinduction. In Proceedings of the 9th ACM SIGPLAN International Conference on Certified Programs and Proofs (CPP).Google ScholarGoogle ScholarDigital LibraryDigital Library
  72. Deli Zhang, Pierre Laborde, Lance Lebanoff, and Damian Dechev. 2018. Lock-free transactional transformation for linked data structures. ACM Transactions on Parallel Computing (TOPC), 5, 1 (2018), 1–37.Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. C4: verified transactional objects

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!