Paper Info
Title
Mechanized proofs of opacity: a comparison of two techniques.
Abstract
Software transactional memory (STM) provides programmers with a high-level programming abstraction for synchronization of parallel processes, allowing blocks of codes that execute in an interleaved manner to be treated as atomic blocks. This atomicity property is captured by a correctness criterion called opacity, which relates the behaviour of an STM implementation to those of a sequential atomic specification. In this paper, we prove opacity of a recently proposed STM implementation: the Transactional Mutex Lock (TML) by Dalessandro et al. For this, we employ two different methods: the first method directly shows all histories of TML to be opaque (proof by induction), using a linearizability proof of TML as an assistance; the second method shows TML to be a refinement of an existing intermediate specification called TMS2 which is known to be opaque (proof by simulation). Both proofs are carried out within interactive provers, the first with KIV and the second with both Isabelle and KIV. This allows to compare not only the proof techniques in principle, but also their complexity in mechanization. It turns out that the second method, already leveraging an existing proof of opacity of TMS2, allows the proof to be decomposed into two independent proofs in the way that the linearizability proof does not.
Year
DOI
Venue
2018
10.1007/s00165-017-0433-3
Formal Asp. Comput.
Keywords
Field
DocType
Software transactional memory, Opacity, Verification, Refinement, KIV, Isabelle
Linearizability,Atomicity,Software transactional memory,Synchronization,Programming language,Semaphore,Computer science,Correctness,Mathematical induction,Theoretical computer science,Mathematical proof
Journal
Volume
Issue
ISSN
30
5
0934-5043
Citations 
PageRank 
References 
1
0.36
21
Authors
6
Name
Order
Citations
PageRank
John Derrick117016.67
Simon Doherty2325.57
Brijesh Dongol319325.27
Gerhard Schellhorn476956.43
Oleg Travkin5525.66
Heike Wehrheim61013104.85