Proving Highly-Concurrent Traversals Correct

TL;DR

This paper introduces a simplified proof technique for verifying the correctness of highly-concurrent, unsynchronized traversals in search data structures, making linearizability proofs more accessible and applicable to complex trees.

Contribution

The authors present a general framework relying on sequential properties and simple conditions to prove correctness of concurrent traversals, simplifying prior complex reasoning.

Findings

Successfully applied to prove correctness of several complex concurrent binary search trees.

Framework reduces proof complexity by avoiding intricate reasoning about read-write interactions.

Demonstrates applicability to data structures beyond previous proof techniques' reach.

Abstract

Modern highly-concurrent search data structures, such as search trees, obtain multi-core scalability and performance by having operations traverse the data structure without any synchronization. As a result, however, these algorithms are notoriously difficult to prove linearizable, which requires identifying a point in time in which the traversal's result is correct. The problem is that traversing the data structure as it undergoes modifications leads to complex behaviors, necessitating intricate reasoning about all interleavings of reads by traversals and writes mutating the data structure. In this paper, we present a general proof technique for proving unsynchronized traversals correct in a significantly simpler manner, compared to typical concurrent reasoning and prior proof techniques. Our framework relies only on sequential properties} of traversals and on a conceptually simple and widely-applicable condition about the ways an algorithm's writes mutate the data structure. Establishing that a target data structure satisfies our condition requires only simple concurrent reasoning, without considering interactions of writes and reads. This reasoning can be further simplified by using our framework. To demonstrate our technique, we apply it to prove several interesting and challenging concurrent binary search trees: the logical-ordering AVL tree, the Citrus tree, and the full contention-friendly tree. Both the logical-ordering tree and the full contention-friendly tree are beyond the reach of previous approaches targeted at simplifying linearizability proofs.