This paper addresses the challenge of formally verifying weak isolation levels in database systems. We propose a modular, implementation-agnostic specification methodology based on separation logic (Iris framework), and—within a unified logical framework—formally define three weak consistency semantics: Read Uncommitted, Read Committed, and Snapshot Isolation, for the first time. Our key contributions are: (1) compositional isolation specifications decoupled from concrete concurrency control mechanisms; (2) rigorous, machine-checked proofs of the hierarchical entailment relationships among these three isolation levels; and (3) a full Coq formalization verifying that a multi-version concurrency control (MVCC)-based key-value store satisfies the Snapshot Isolation specification, thereby establishing the realizability of all three specifications. This work provides both theoretical foundations and practical tooling for precise reasoning and trustworthy verification of high-concurrency database transaction libraries.

Isolation levels, consistency guarantees among concurrently execution transactions in local- and distributed systems, have been formalized in a number of models. Thus far, no model can reason about executable implementations of databases or local transaction libraries providing weak isolation levels. Weak isolation levels are characterized by being highly concurrent and, unlike their stronger counterpart serializability, they are not equivalent to the consistency guarantees provided by a transaction library implemented using a global lock. In this paper, we formalize three weak isolation levels in separation logic, namely read uncommitted, read committed, and snapshot isolation. We define modular separation logic specifications that are independent of the underlying transaction library implementation. Historically, isolation levels have been specified using examples of executions between concurrent transactions that are not allowed to occur, and we demonstrate that our specifications correctly prohibit such examples. To show that our specifications are realizable, we formally verify that an executable implementation of a key-value database running the multi-version concurrency control algorithm from the original snapshot isolation paper satisfies our specification of snapshot isolation. Moreover, we prove implications between the specifications -- snapshot isolation implies read committed and read committed implies read uncommitted -- and thus the verification effort of the database serves as proof that all of our specifications are realizable. All results are mechanised in the Coq proof assistant on top of the Iris separation logic framework.