Mechanical Proofs of Correctness for DCAS-based Concurrent Deques

David Detlefs and Mark Moir

Correspondence to david.detlefs@sun.com

Introduction

We were invited to submit it for consideration in a "Best Papers of SPAA" issue of a journal (which eventually, after some confusion, turned out to be Theory of Computing Systems.) However, this would require fleshing out of the correctness proofs, which had been made somewhat sketchily in the conference paper.

During this time, Mark Moir had joined Sun Labs, and immersed himself in the DCAS-based concurrent data structure work we were doing. Mark has high standards of proof, and wished to hold us to those standards. Mark has interest in extending and promoting the proof of mechanical theorem provers in theoretical CS; Dave had some previous experience which such theorem provers (and low confidence in his ability to construct a correct proof without such aid). Therefore we decided to work together to do a mechanical correctness proof, and that Mark would join the paper as an author.

We used the Simplify theorem prover, largely because Dave had been one of the developers of that system. A description and download is available at the link just given.

There are two algorithms in the paper. Below are links to two proof script files, one for each of the algorithms. To run these successfully through Simplify, one minor tweak is necessary: you need to set an environment variable, using

   setenv PROVER_D1P_MAX_EFFORT 1

The journal version of the paper has a detailed explanation of the proof; including (almost) the full text of the proof scripts. When that is complete and cleared for publication, this page will link to that version. For now, and for posterity and experimentation, here are the full input files for the two proofs:

• Array-based algorithm.
• Linked-list-based algorithm.