Skip to main content

2019 | OriginalPaper | Chapter

Proving a Non-blocking Algorithm for Process Renaming with TLA\(^+\)

Authors : Aurélie Hurault, Philippe Quéinnec

Published in: Tests and Proofs

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

loading …


Shared-memory concurrent algorithms are well-known for being difficult to write, ill-adapted to test, and complex to prove. Wait-free concurrent objects are a subclass where a process is never prevented from progressing, whatever the other processes are doing (or not doing). Algorithms in this subclass are often non intuitive and among the most complex to prove. This paper presents the analysis and the proof of a wait-free concurrent algorithm that is used to rename processes. By its adaptive and non-blocking nature, the renaming algorithm resists to test, because of the cost of covering all its states and transitions even with a small input set. Thus, a proof has been conducted in and verified with TLAPS, the Proof System. This algorithm is itself based on the assembly of wait-free concurrent objects, the splitters, that separate processes. With just two shared variables and three assignments, a splitter seems a simple object but it is not linearizable. To avoid explicitly in-lining it and dealing with its internal state, the proof of the renaming algorithm relies on replacing the splitter with a sequential specification that is proved correct with TLAPS and verified complete by model-checking on finite instances.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"


Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Technik"


Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe


Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"


Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Available only for authorised users
The percentage decrease is explained by the progressive dominance of multiple stop in the invalid assignments.
The construct \([ x \textsc { except }![e_1] = e_2]\) is a shortcut for . For multi-dimensional arrays, provers work better with the latest.
Another approach would have been to show a bisimulation between their transition systems. Note that it requires to exhibit a parameterized bisimulation, as we have to consider any number of concurrent invocations. We had already proved the properties on the concurrent splitter during our initial attempt at proving the renaming algorithm (Sect. 4.2) and it seemed simpler to continue onward.
go back to reference Afek, Y., Merritt, M.: Fast, wait-free (2k)-renaming. In: 18th Annual ACM Symposium on Principles of Distributed Computing, pp. 105–112 (1999) Afek, Y., Merritt, M.: Fast, wait-free (2k)-renaming. In: 18th Annual ACM Symposium on Principles of Distributed Computing, pp. 105–112 (1999)
go back to reference Chuong, P., Ellen, F., Ramachandran, V.: A universal construction for wait-free transaction friendly data structures. In: 22nd ACM Symposium on Parallelism in Algorithms and Architectures, pp. 335–344 (2010) Chuong, P., Ellen, F., Ramachandran, V.: A universal construction for wait-free transaction friendly data structures. In: 22nd ACM Symposium on Parallelism in Algorithms and Architectures, pp. 335–344 (2010)
go back to reference Castaneda, A., Hurault, A., Queinnec, P., Roy, M.: Modular machine-checked proofs of concurrent algorithms built from tasks. In: Submitted to DISC 2019 (2019) Castaneda, A., Hurault, A., Queinnec, P., Roy, M.: Modular machine-checked proofs of concurrent algorithms built from tasks. In: Submitted to DISC 2019 (2019)
go back to reference Castañeda, A., Rajsbaum, S., Raynal, M.: The renaming problem in shared memory systems: an introduction. Comput. Sci. Rev. 5(3), 229–251 (2011)CrossRef Castañeda, A., Rajsbaum, S., Raynal, M.: The renaming problem in shared memory systems: an introduction. Comput. Sci. Rev. 5(3), 229–251 (2011)CrossRef
go back to reference Gao, H., Groote, J.F., Hesselink, W.H.: Lock-free dynamic hash tables with open addressing. Distrib. Comput. 18(1), 21–42 (2005)CrossRef Gao, H., Groote, J.F., Hesselink, W.H.: Lock-free dynamic hash tables with open addressing. Distrib. Comput. 18(1), 21–42 (2005)CrossRef
go back to reference Gu, R., et al.: Deep specifications and certified abstraction layers. In: 42nd ACM Symposium on Principles of Programming Languages, pp. 595–608 (2015) Gu, R., et al.: Deep specifications and certified abstraction layers. In: 42nd ACM Symposium on Principles of Programming Languages, pp. 595–608 (2015)
go back to reference Herlihy, M.: Wait-free synchronization. ACM Trans. Program. Lang. Syst. 13(1), 124–149 (1991)CrossRef Herlihy, M.: Wait-free synchronization. ACM Trans. Program. Lang. Syst. 13(1), 124–149 (1991)CrossRef
go back to reference Herlihy, M.: A methodology for implementing highly concurrent objects. ACM Trans. Program. Lang. Syst. 15(5), 745–770 (1993)CrossRef Herlihy, M.: A methodology for implementing highly concurrent objects. ACM Trans. Program. Lang. Syst. 15(5), 745–770 (1993)CrossRef
go back to reference Herlihy, M., Wing, J.M.: Linearizability: a correctness condition for concurrent objects. ACM Trans. Program. Lang. Syst. 12(3), 463–492 (1990)CrossRef Herlihy, M., Wing, J.M.: Linearizability: a correctness condition for concurrent objects. ACM Trans. Program. Lang. Syst. 12(3), 463–492 (1990)CrossRef
go back to reference Bug JDK-6785442: ConcurrentLinkedQueue.remove() and poll() can both remove the same element (2008) Bug JDK-6785442: ConcurrentLinkedQueue.remove() and poll() can both remove the same element (2008)
go back to reference Kshemkalyani, A.D., Singhal, M.: Distributed Computing: Principles, Algorithms, and Systems. Cambridge University Press, Cambridge (2011)MATH Kshemkalyani, A.D., Singhal, M.: Distributed Computing: Principles, Algorithms, and Systems. Cambridge University Press, Cambridge (2011)MATH
go back to reference Lamport, L.: The temporal logic of actions. ACM Trans. Program. Lang. Syst. 16(3), 872–923 (1994)CrossRef Lamport, L.: The temporal logic of actions. ACM Trans. Program. Lang. Syst. 16(3), 872–923 (1994)CrossRef
go back to reference Lamport, L.: Specifying Systems. Addison Wesley, Boston (2002)MATH Lamport, L.: Specifying Systems. Addison Wesley, Boston (2002)MATH
go back to reference Moir, M., Anderson, J.H.: Wait-free algorithms for fast, long-lived renaming. Sci. Comput. Program. 25(1), 1–39 (1995)MathSciNetCrossRef Moir, M., Anderson, J.H.: Wait-free algorithms for fast, long-lived renaming. Sci. Comput. Program. 25(1), 1–39 (1995)MathSciNetCrossRef
go back to reference Moir, M., Nussbaum, D., Shalev, O., Shavit, N.: Using elimination to implement scalable and lock-free FIFO queues. In: 17th ACM Symposium on Parallelism in Algorithms and Architectures, pp. 253–262 (2005) Moir, M., Nussbaum, D., Shalev, O., Shavit, N.: Using elimination to implement scalable and lock-free FIFO queues. In: 17th ACM Symposium on Parallelism in Algorithms and Architectures, pp. 253–262 (2005)
go back to reference Michael, M.M., Scott, M.L.: Nonblocking algorithms and preemption-safe locking on multiprogrammed shared memory multiprocessors. J. Parallel Distrib. Comput. 51(1), 1–26 (1998)CrossRef Michael, M.M., Scott, M.L.: Nonblocking algorithms and preemption-safe locking on multiprogrammed shared memory multiprocessors. J. Parallel Distrib. Comput. 51(1), 1–26 (1998)CrossRef
go back to reference O’Hearn, P.W., Rinetzky, N., Vechev, M.T., Yahav, E., Yorsh, G.: Verifying linearizability with hindsight. In: 29th ACM Symposium on Principles of Distributed Computing, pp. 85–94 (2010) O’Hearn, P.W., Rinetzky, N., Vechev, M.T., Yahav, E., Yorsh, G.: Verifying linearizability with hindsight. In: 29th ACM Symposium on Principles of Distributed Computing, pp. 85–94 (2010)
go back to reference Rajsbaum, S., Raynal, M.: A theory-oriented introduction to wait-free synchronization based on the adaptive renaming problem. In: 25th IEEE International Conference on Advanced Information Networking and Applications, pp. 356–363 (2011) Rajsbaum, S., Raynal, M.: A theory-oriented introduction to wait-free synchronization based on the adaptive renaming problem. In: 25th IEEE International Conference on Advanced Information Networking and Applications, pp. 356–363 (2011)
go back to reference Shavit, N., Touitou, D.: Elimination trees and the construction of pools and stacks. Theory Comput. Syst. 30(6), 645–670 (1997)MathSciNetCrossRef Shavit, N., Touitou, D.: Elimination trees and the construction of pools and stacks. Theory Comput. Syst. 30(6), 645–670 (1997)MathSciNetCrossRef
go back to reference Timnat, S., Petrank, E.: A practical wait-free simulation for lock-free data structures. In: ACM Symposium on Principles and Practice of Parallel Programming, PPoPP 2014, pp. 357–368 (2014) Timnat, S., Petrank, E.: A practical wait-free simulation for lock-free data structures. In: ACM Symposium on Principles and Practice of Parallel Programming, PPoPP 2014, pp. 357–368 (2014)
Proving a Non-blocking Algorithm for Process Renaming with TLA
Aurélie Hurault
Philippe Quéinnec
Copyright Year

Premium Partner