Linearizability: a correctness condition for concurrent objects
ACM Transactions on Programming Languages and Systems (TOPLAS)
In transition from global to modular temporal reasoning about programs
Logics and models of concurrent systems
The Repeat Offender Problem: A Mechanism for Supporting Dynamic-Sized, Lock-Free Data Structures
DISC '02 Proceedings of the 16th International Conference on Distributed Computing
Hazard Pointers: Safe Memory Reclamation for Lock-Free Objects
IEEE Transactions on Parallel and Distributed Systems
Exploiting deferred destruction: an analysis of read-copy-update techniques in operating system kernels
Modular verification of a non-blocking stack
Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Resources, concurrency, and local reasoning
Theoretical Computer Science
Local Action and Abstract Separation Logic
LICS '07 Proceedings of the 22nd Annual IEEE Symposium on Logic in Computer Science
Proceedings of the 36th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Checking interference with fractional permissions
SAS'03 Proceedings of the 10th international conference on Static analysis
On the relationship between concurrent separation logic and assume-guarantee reasoning
ESOP'07 Proceedings of the 16th European conference on Programming
Reasoning about optimistic concurrency using a program logic for history
CONCUR'10 Proceedings of the 21st international conference on Concurrency theory
Formal verification of a lock-free stack with hazard pointers
ICTAC'11 Proceedings of the 8th international conference on Theoretical aspects of computing
Proving the correctness of nonblocking data structures
Communications of the ACM
Proving the Correctness of Nonblocking Data Structures
Queue - Concurrency
Hi-index | 0.02 |
Memory management is one of the most complex aspects of modern concurrent algorithms, and various techniques proposed for it--such as hazard pointers, read-copy-update and epoch-based reclamation--have proved very challenging for formal reasoning. In this paper, we show that different memory reclamation techniques actually rely on the same implicit synchronisation pattern, not clearly reflected in the code, but only in the form of assertions used to argue its correctness. The pattern is based on the key concept of a grace period, during which a thread can access certain shared memory cells without fear that they get deallocated. We propose a modular reasoning method, motivated by the pattern, that handles all three of the above memory reclamation techniques in a uniform way. By explicating their fundamental core, our method achieves clean and simple proofs, scaling even to realistic implementations of the algorithms without a significant increase in proof complexity. We formalise the method using a combination of separation logic and temporal logic and use it to verify example instantiations of the three approaches to memory reclamation.