Reasoning about commutativity between data-structure operations is an important problem with many applications. In the sequential setting, commutativity can be used to reason about the correctness of refactoring, compiler transformations, and identify instances of non-determinism. In parallel contexts, commutativity dates back to the database (Weihl in IEEE Trans Comput 37(12):1488–1505, 1988) and compilers (Rinard and Diniz in ACM Trans Program Lang Syst 19(6):942–991, 1997) communities and, more recently, appears in optimistic parallelization (Herlihy and Koskinen in Proceedings of the 13th ACM SIGPLAN symposium on principles and practice of parallel programming, 2008), dynamic concurrency (Tripp et al. in Proceedings of the 33rd ACM SIGPLAN conference on programming language design and implementation, PLDI ’12, New York, NY, USA, ACM, pp 145–156, 2012; Dimitrov et al. in Proceedings of the 35th ACM SIGPLAN conference on programming language design and implementation, 2014), scalable systems (Clements et al. in ACM Trans Comput Syst 32(4):10, 2015) and even smart contracts (Dickerson et al. in Proceedings of the ACM symposium on principles of distributed computing, PODC ’17, New York, NY, USA, ACM, pp 303–312, 2017). There have been research results on automatic generation of commutativity conditions, yet we are unaware of any fully automated technique to generate conditions that are both sound and effective. We have designed such a technique, driven by an algorithm that iteratively refines a conservative approximation of the commutativity (and non-commutativity) condition for a pair of methods into an increasingly precise version. The algorithm terminates if/when the entire state space has been considered, and can be aborted at any time to obtain a partial yet sound commutativity condition. We have generalized our work to left-/right-movers (Lipton in Commun ACM 8(12):717–721, 1975) and proved relative completeness. We describe aspects of our technique that lead to useful commutativity conditions, including how predicates are selected during refinement and heuristics that impact the output shape of the condition. We have implemented our technique in a prototype open-source tool Servois. Our algorithm produces quantifier-free queries that are dispatched to a back-end SMT solver. We evaluate Servois first by synthesizing commutativity conditions for a range of data structures including Set, HashTable, Accumulator, Counter, and Stack. We then show several applications of our work including reasoning about memories and locks, finding vulnerabilities in Ethereum smart contracts, improving transactional memory performance, distributed applications, code refactoring, verification, and synthesis.

中文翻译：

---

综合精确和有用的交换条件

关于数据结构操作之间的可交换性的推理是许多应用程序的重要问题。在顺序设置中，可交换性可用于推理重构、编译器转换的正确性，并识别非确定性实例。在并行上下文中，交换性可以追溯到数据库（IEEE Trans Comput 37(12):1488–1505, 1988 中的 Weihl）和编译器（ACM Trans Program Lang Syst 19(6):942–991, 1997 中的 Rinard 和 Diniz）社区，最近，出现在乐观并行化（Herlihy 和 Koskinen 在 Proceedings of the 13th ACM SIGPLAN symposium parallel programming of parallel programming，2008 年）、动态并发（Tripp 等人在 Proceedings of the 33rd ACM SIGPLAN Conference on Programming语言设计和实现，PLDI '12，纽约，纽约，美国，ACM，第 145-156 页，2012 年；迪米特洛夫等人。2014 年第 35 届 ACM SIGPLAN 编程语言设计和实现会议论文集）、可扩展系统（Clements 等人在 ACM Trans Comput Syst 32(4):10, 2015 年）甚至智能合约（Dickerson 等人在 Proceedings 中） ACM 分布式计算原理研讨会，PODC '17，纽约，纽约，美国，ACM，第 303–312 页，2017 年）。已有关于自动生成交换条件的研究结果，但我们不知道有任何全自动技术来生成既合理又有效的条件。我们设计了这样一种技术，由一种算法驱动，该算法迭代地将一对方法的交换性（和非交换性）条件的保守近似精炼为越来越精确的版本。如果/当考虑了整个状态空间时，算法终止，并且可以随时中止以获得部分但可靠的交换条件。我们已经将我们的工作推广到左/右移动者（Lipton in Commun ACM 8(12):717-721, 1975）并证明了相对完整性。我们描述了我们的技术中导致有用的交换条件的方面，包括在细化过程中如何选择谓​​词以及影响条件输出形状的启发式方法。我们已经在原型开源工具 Servois 中实现了我们的技术。我们的算法生成无量词查询，这些查询被分派到后端 SMT 求解器。我们首先通过综合一系列数据结构的交换条件来评估 Servois，包括 Set、HashTable、Accumulator、Counter 和 Stack。