Verifying Invariants of Lock-Free Data Structures with Rely-Guarantee and Refinement Types

Verifying invariants of fine-grained concurrent data structures is challenging, because interference from other threads may occur at any time. We propose a new way of proving invariants of fine-grained concurrent data structures: applying rely-guarantee reasoning to references in the concurrent sett...

Full description

Saved in:
Bibliographic Details
Published in:ACM transactions on programming languages and systems 2017-09, Vol.39 (3), p.1-54, Article 11
Main Authors: Gordon, Colin S., Ernst, Michael D., Grossman, Dan, Parkinson, Matthew J.
Format: Article
Language:English
Subjects:
Computing methodologies
Concurrent computing methodologies
Concurrent programming languages
Invariants
Program constructs
Program reasoning
Program verification
Semantics and reasoning
Theory of computation
Type structures
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
cited_by cdi_FETCH-LOGICAL-a244t-7e33d306da3aaf3e0ff2f7b0bc1a2e578afb8671ccf3659eb542ce87d290cb5a3
cites cdi_FETCH-LOGICAL-a244t-7e33d306da3aaf3e0ff2f7b0bc1a2e578afb8671ccf3659eb542ce87d290cb5a3
container_end_page 54
container_issue 3
container_start_page 1
container_title ACM transactions on programming languages and systems
container_volume 39
creator Gordon, Colin S.
Ernst, Michael D.
Grossman, Dan
Parkinson, Matthew J.
description Verifying invariants of fine-grained concurrent data structures is challenging, because interference from other threads may occur at any time. We propose a new way of proving invariants of fine-grained concurrent data structures: applying rely-guarantee reasoning to references in the concurrent setting. Rely-guarantee applied to references can verify bounds on thread interference without requiring a whole program to be verified. This article provides three new results. First, it provides a new approach to preserving invariants and restricting usage of concurrent data structures. Our approach targets a space between simple type systems and modern concurrent program logics, offering an intermediate point between unverified code and full verification. Furthermore, it avoids sealing concurrent data structure implementations and can interact safely with unverified imperative code. Second, we demonstrate the approach's broad applicability through a series of case studies, using two implementations: an axiomatic Coq domain-specific language and a library for Liquid Haskell. Third, these two implementations allow us to compare and contrast verifications by interactive proof (Coq) and a weaker form that can be expressed using automatically-discharged dependent refinement types (Liquid Haskell).
doi_str_mv 10.1145/3064850
format article
fullrecord <record><control><sourceid>acm_cross</sourceid><recordid>TN_cdi_crossref_primary_10_1145_3064850</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>3064850</sourcerecordid><originalsourceid>FETCH-LOGICAL-a244t-7e33d306da3aaf3e0ff2f7b0bc1a2e578afb8671ccf3659eb542ce87d290cb5a3</originalsourceid><addsrcrecordid>eNo90MFLwzAUBvAgCs4p3j3l5imaNEmbHmW6ORgIOj14Ka_pi1bXdiSp0v_eyqanB-_9-Hh8hJwLfiWE0teSp8pofkAmQmvDlM7lIZlwkSrG80Qfk5MQPjjnwmgzIa8v6Gs31O0bXbZf4GtoY6Cdo6vOfrK5R6S3EIE-Rd_b2HsM9LuO7_QRNwNb9OBHPxpoq3Hl6hYbbCNdD1sMp-TIwSbg2X5OyfP8bj27Z6uHxXJ2s2KQKBVZhlJW49MVSAAnkTuXuKzkpRWQoM4MuNKkmbDWyVTnWGqVWDRZleTclhrklFzucq3vQvDoiq2vG_BDIXjxW0mxr2SUFzsJtvlHf8cfqg9cvQ</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>Verifying Invariants of Lock-Free Data Structures with Rely-Guarantee and Refinement Types</title><source>Business Source Ultimate【Trial: -2024/12/31】【Remote access available】</source><source>Association for Computing Machinery:Jisc Collections:ACM OPEN Journals 2023-2025 (reading list)</source><creator>Gordon, Colin S. ; Ernst, Michael D. ; Grossman, Dan ; Parkinson, Matthew J.</creator><creatorcontrib>Gordon, Colin S. ; Ernst, Michael D. ; Grossman, Dan ; Parkinson, Matthew J.</creatorcontrib><description>Verifying invariants of fine-grained concurrent data structures is challenging, because interference from other threads may occur at any time. We propose a new way of proving invariants of fine-grained concurrent data structures: applying rely-guarantee reasoning to references in the concurrent setting. Rely-guarantee applied to references can verify bounds on thread interference without requiring a whole program to be verified. This article provides three new results. First, it provides a new approach to preserving invariants and restricting usage of concurrent data structures. Our approach targets a space between simple type systems and modern concurrent program logics, offering an intermediate point between unverified code and full verification. Furthermore, it avoids sealing concurrent data structure implementations and can interact safely with unverified imperative code. Second, we demonstrate the approach's broad applicability through a series of case studies, using two implementations: an axiomatic Coq domain-specific language and a library for Liquid Haskell. Third, these two implementations allow us to compare and contrast verifications by interactive proof (Coq) and a weaker form that can be expressed using automatically-discharged dependent refinement types (Liquid Haskell).</description><identifier>ISSN: 0164-0925</identifier><identifier>EISSN: 1558-4593</identifier><identifier>DOI: 10.1145/3064850</identifier><language>eng</language><publisher>New York, NY, USA: ACM</publisher><subject>Computing methodologies ; Concurrent computing methodologies ; Concurrent programming languages ; Invariants ; Program constructs ; Program reasoning ; Program verification ; Semantics and reasoning ; Theory of computation ; Type structures</subject><ispartof>ACM transactions on programming languages and systems, 2017-09, Vol.39 (3), p.1-54, Article 11</ispartof><rights>ACM</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-a244t-7e33d306da3aaf3e0ff2f7b0bc1a2e578afb8671ccf3659eb542ce87d290cb5a3</citedby><cites>FETCH-LOGICAL-a244t-7e33d306da3aaf3e0ff2f7b0bc1a2e578afb8671ccf3659eb542ce87d290cb5a3</cites><orcidid>0000-0002-9012-4490</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,780,784,27924,27925</link.rule.ids></links><search><creatorcontrib>Gordon, Colin S.</creatorcontrib><creatorcontrib>Ernst, Michael D.</creatorcontrib><creatorcontrib>Grossman, Dan</creatorcontrib><creatorcontrib>Parkinson, Matthew J.</creatorcontrib><title>Verifying Invariants of Lock-Free Data Structures with Rely-Guarantee and Refinement Types</title><title>ACM transactions on programming languages and systems</title><addtitle>ACM TOPLAS</addtitle><description>Verifying invariants of fine-grained concurrent data structures is challenging, because interference from other threads may occur at any time. We propose a new way of proving invariants of fine-grained concurrent data structures: applying rely-guarantee reasoning to references in the concurrent setting. Rely-guarantee applied to references can verify bounds on thread interference without requiring a whole program to be verified. This article provides three new results. First, it provides a new approach to preserving invariants and restricting usage of concurrent data structures. Our approach targets a space between simple type systems and modern concurrent program logics, offering an intermediate point between unverified code and full verification. Furthermore, it avoids sealing concurrent data structure implementations and can interact safely with unverified imperative code. Second, we demonstrate the approach's broad applicability through a series of case studies, using two implementations: an axiomatic Coq domain-specific language and a library for Liquid Haskell. Third, these two implementations allow us to compare and contrast verifications by interactive proof (Coq) and a weaker form that can be expressed using automatically-discharged dependent refinement types (Liquid Haskell).</description><subject>Computing methodologies</subject><subject>Concurrent computing methodologies</subject><subject>Concurrent programming languages</subject><subject>Invariants</subject><subject>Program constructs</subject><subject>Program reasoning</subject><subject>Program verification</subject><subject>Semantics and reasoning</subject><subject>Theory of computation</subject><subject>Type structures</subject><issn>0164-0925</issn><issn>1558-4593</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2017</creationdate><recordtype>article</recordtype><recordid>eNo90MFLwzAUBvAgCs4p3j3l5imaNEmbHmW6ORgIOj14Ka_pi1bXdiSp0v_eyqanB-_9-Hh8hJwLfiWE0teSp8pofkAmQmvDlM7lIZlwkSrG80Qfk5MQPjjnwmgzIa8v6Gs31O0bXbZf4GtoY6Cdo6vOfrK5R6S3EIE-Rd_b2HsM9LuO7_QRNwNb9OBHPxpoq3Hl6hYbbCNdD1sMp-TIwSbg2X5OyfP8bj27Z6uHxXJ2s2KQKBVZhlJW49MVSAAnkTuXuKzkpRWQoM4MuNKkmbDWyVTnWGqVWDRZleTclhrklFzucq3vQvDoiq2vG_BDIXjxW0mxr2SUFzsJtvlHf8cfqg9cvQ</recordid><startdate>20170930</startdate><enddate>20170930</enddate><creator>Gordon, Colin S.</creator><creator>Ernst, Michael D.</creator><creator>Grossman, Dan</creator><creator>Parkinson, Matthew J.</creator><general>ACM</general><scope>AAYXX</scope><scope>CITATION</scope><orcidid>https://orcid.org/0000-0002-9012-4490</orcidid></search><sort><creationdate>20170930</creationdate><title>Verifying Invariants of Lock-Free Data Structures with Rely-Guarantee and Refinement Types</title><author>Gordon, Colin S. ; Ernst, Michael D. ; Grossman, Dan ; Parkinson, Matthew J.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-a244t-7e33d306da3aaf3e0ff2f7b0bc1a2e578afb8671ccf3659eb542ce87d290cb5a3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2017</creationdate><topic>Computing methodologies</topic><topic>Concurrent computing methodologies</topic><topic>Concurrent programming languages</topic><topic>Invariants</topic><topic>Program constructs</topic><topic>Program reasoning</topic><topic>Program verification</topic><topic>Semantics and reasoning</topic><topic>Theory of computation</topic><topic>Type structures</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Gordon, Colin S.</creatorcontrib><creatorcontrib>Ernst, Michael D.</creatorcontrib><creatorcontrib>Grossman, Dan</creatorcontrib><creatorcontrib>Parkinson, Matthew J.</creatorcontrib><collection>CrossRef</collection><jtitle>ACM transactions on programming languages and systems</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Gordon, Colin S.</au><au>Ernst, Michael D.</au><au>Grossman, Dan</au><au>Parkinson, Matthew J.</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Verifying Invariants of Lock-Free Data Structures with Rely-Guarantee and Refinement Types</atitle><jtitle>ACM transactions on programming languages and systems</jtitle><stitle>ACM TOPLAS</stitle><date>2017-09-30</date><risdate>2017</risdate><volume>39</volume><issue>3</issue><spage>1</spage><epage>54</epage><pages>1-54</pages><artnum>11</artnum><issn>0164-0925</issn><eissn>1558-4593</eissn><abstract>Verifying invariants of fine-grained concurrent data structures is challenging, because interference from other threads may occur at any time. We propose a new way of proving invariants of fine-grained concurrent data structures: applying rely-guarantee reasoning to references in the concurrent setting. Rely-guarantee applied to references can verify bounds on thread interference without requiring a whole program to be verified. This article provides three new results. First, it provides a new approach to preserving invariants and restricting usage of concurrent data structures. Our approach targets a space between simple type systems and modern concurrent program logics, offering an intermediate point between unverified code and full verification. Furthermore, it avoids sealing concurrent data structure implementations and can interact safely with unverified imperative code. Second, we demonstrate the approach's broad applicability through a series of case studies, using two implementations: an axiomatic Coq domain-specific language and a library for Liquid Haskell. Third, these two implementations allow us to compare and contrast verifications by interactive proof (Coq) and a weaker form that can be expressed using automatically-discharged dependent refinement types (Liquid Haskell).</abstract><cop>New York, NY, USA</cop><pub>ACM</pub><doi>10.1145/3064850</doi><tpages>54</tpages><orcidid>https://orcid.org/0000-0002-9012-4490</orcidid><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier ISSN: 0164-0925
ispartof ACM transactions on programming languages and systems, 2017-09, Vol.39 (3), p.1-54, Article 11
issn 0164-0925
1558-4593
language eng
recordid cdi_crossref_primary_10_1145_3064850
source Business Source Ultimate【Trial: -2024/12/31】【Remote access available】; Association for Computing Machinery:Jisc Collections:ACM OPEN Journals 2023-2025 (reading list)
subjects Computing methodologies
Concurrent computing methodologies
Concurrent programming languages
Invariants
Program constructs
Program reasoning
Program verification
Semantics and reasoning
Theory of computation
Type structures
title Verifying Invariants of Lock-Free Data Structures with Rely-Guarantee and Refinement Types
url http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-05T05%3A41%3A24IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-acm_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Verifying%20Invariants%20of%20Lock-Free%20Data%20Structures%20with%20Rely-Guarantee%20and%20Refinement%20Types&rft.jtitle=ACM%20transactions%20on%20programming%20languages%20and%20systems&rft.au=Gordon,%20Colin%20S.&rft.date=2017-09-30&rft.volume=39&rft.issue=3&rft.spage=1&rft.epage=54&rft.pages=1-54&rft.artnum=11&rft.issn=0164-0925&rft.eissn=1558-4593&rft_id=info:doi/10.1145/3064850&rft_dat=%3Cacm_cross%3E3064850%3C/acm_cross%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-a244t-7e33d306da3aaf3e0ff2f7b0bc1a2e578afb8671ccf3659eb542ce87d290cb5a3%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true