A History of BlockingQueues
This provides a method for formally verifying concurrent data structures, which is important for software developers and verification researchers, though it is incremental as it builds on existing specification languages like JML and separation logic.
The paper tackles the challenge of formally specifying concurrent data structures by proposing history-based specifications, which use state histories instead of current state to ensure stability against interference from other threads, and demonstrates this on the BlockingQueue hierarchy from java.util.concurrent, showing that specifications can be inherited and used to derive properties like order preservation.
This paper describes a way to formally specify the behaviour of concurrent data structures. When specifying concurrent data structures, the main challenge is to make specifications stable, i.e., to ensure that they cannot be invalidated by other threads. To this end, we propose to use history-based specifications: instead of describing method behaviour in terms of the object's state, we specify it in terms of the object's state history. A history is defined as a list of state updates, which at all points can be related to the actual object's state. We illustrate the approach on the BlockingQueue hierarchy from the java.util.concurrent library. We show how the behaviour of the interface BlockingQueue is specified, leaving a few decisions open to descendant classes. The classes implementing the interface correctly inherit the specifications. As a specification language, we use a combination of JML and permission-based separation logic, including abstract predicates. This results in an abstract, modular and natural way to specify the behaviour of concurrent queues. The specifications can be used to derive high-level properties about queues, for example to show that the order of elements is preserved. Moreover, the approach can be easily adapted to other concurrent data structures.