Concurrent Data Structures Linked in Time

TL;DR

This paper introduces a novel separation logic-based method for reasoning about concurrent data structures with dynamic, non-local linearization points, simplifying correctness proofs by encoding temporal aspects as spatial state.

Contribution

It proposes a linking-in-time approach that models linearization points as part of auxiliary state, enabling dynamic modification and easier reasoning about concurrent objects.

Findings

Successfully verified an optimal snapshot algorithm in Coq.

The method effectively handles dynamic and non-local linearization points.

Provides a concise way to reason about client properties of concurrent objects.

Abstract

Arguments about correctness of a concurrent data structure are typically carried out by using the notion of linearizability and specifying the linearization points of the data structure's procedures. Such arguments are often cumbersome as the linearization points' position in time can be dynamic (depend on the interference, run-time values and events from the past, or even future), non-local (appear in procedures other than the one considered), and whose position in the execution trace may only be determined after the considered procedure has already terminated. In this paper we propose a new method, based on a separation-style logic, for reasoning about concurrent objects with such linearization points. We embrace the dynamic nature of linearization points, and encode it as part of the data structure's auxiliary state, so that it can be dynamically modified in place by auxiliary code, as needed when some appropriate run-time event occurs. We name the idea linking-in-time, because it reduces temporal reasoning to spatial reasoning. For example, modifying a temporal position of a linearization point can be modeled similarly to a pointer update in separation logic. Furthermore, the auxiliary state provides a convenient way to concisely express the properties essential for reasoning about clients of such concurrent objects. We illustrate the method by verifying (mechanically in Coq) an intricate optimal snapshot algorithm due to Jayanti, as well as some clients.