Mechanical verification of Lamport’s Bakery algorithm

Proof assistants like PVS can be used fruitfully for the design and verification of concurrent algorithms. The technique is presented here by applying it to Lamport’s Bakery algorithm. The proofs for safety properties such as mutual exclusion, first-come–first-served, and absence of deadlock are based on invariants. The argument for liveness (progress) is given in a set-theoretic version of temporal logic. Liveness requires the assumption of weak fairness and holds only for executions with not more than finitely many fault steps per process. The condition of finitely many faults can be removed by postulating strong fairness. The algorithm and its verification are extended to allow unboundedly many processes, by means of expandable arrays and weak atomic snapshots.