Advertisement

Formal Aspects of Computing

, Volume 25, Issue 5, pp 769–799 | Cite as

Towards formally specifying and verifying transactional memory

  • Simon Doherty
  • Lindsay Groves
  • Victor Luchangco
  • Mark Moir
Article

Abstract

Over the last decade, great progress has been made in developing practical transactional memory (TM) implementations, but relatively little attention has been paid to precisely specifying what it means for them to be correct, or formally proving that they are. In this paper, we present TMS1 (Transactional Memory Specification 1), a precise specification of correct behaviour of a TM runtime library. TMS1 targets TM runtimes used to implement transactional features in an unmanaged programming language such as C or C++. In such contexts, even transactions that ultimately abort must observe consistent states of memory; otherwise, unrecoverable errors such as divide-by-zero may occur before a transaction aborts, even in a correct program in which the error would not be possible if transactions were executed atomically. We specify TMS1 precisely using an I/O automaton (IOA). This approach enables us to also model TM implementations using IOAs and to construct fully formal and machine-checked correctness proofs for them using well established proof techniques and tools. We outline key requirements for a TM system. To avoid precluding any implementation that satisfies these requirements, we specify TMS1 to be as general as we can, consistent with these requirements. The cost of such generality is that the condition does not map closely to intuition about common TM implementation techniques, and thus it is difficult to prove that such implementations satisfy the condition. To address this concern, we present TMS2, a more restrictive condition that more closely reflects intuition about common TM implementation techniques. We present a simulation proof that TMS2 implements TMS1, thus showing that to prove that an implementation satisfies TMS1, it suffices to prove that it satisfies TMS2. We have formalised and verified this proof using the PVS specification and verification system.

Keywords

Transactional memory Formal specification Verification I/O automation Simulation proof Refinement 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. AA08.
    Aydonat U, Abdelrahmen T (2008) Serializability of transactions in software transactional memory. In: 3rd ACM workshop on transactional computing (TRANSACT)Google Scholar
  2. ABHI11.
    Abadi M, Birrell A, Harris T, Isard M (2011) Semantics of transactional memory and automatic mutual exclusion. ACM Trans Program Lang Syst 33(1): 2:1–2:50CrossRefGoogle Scholar
  3. ATe09.
    Adl-Tabatabai A-R, Shpeisman T (eds) (2009) Draft specification of transactional language constructs for C++, version 1.0. http://labs.oracle.com/scalable/pubs/C++-transactional-constructs-1.0.pdf
  4. CDG05.
    Colvin R, Doherty S, Groves L (2005) Verifying concurrent data structures by simulation. In: Boiten E, Derrick J (eds) Proceedings of the refineNet workshop (REFINE). Electronic notes in theoretical computer science. Guildford, UKGoogle Scholar
  5. CGLM06.
    Colvin R, Groves L, Luchangco V, Moir M (2006) Formal verification of a lazy concurrent list-based set algorithm. In: Proceedings of the 18th international conference on computer aided verification (CAV), pp 475–488Google Scholar
  6. COP+07.
    Cohen A, O’Leary JW, Pnueli A, Tuttle MR, Zuck LD (2007) Verifying correctness of transactional memories. In: Proceedings of the formal methods in computer aided design (FMCAD), pp 37–44Google Scholar
  7. CPZ08.
    Cohen A, Pnueli A, Zuck LD (2008) Mechanical verification of transactional memories with non-transactional memory accesses. In: Proceedings of the 20th international conference on computer aided verification (CAV), pp 121–134Google Scholar
  8. DGLM04.
    Doherty S, Groves L, Luchangco V, Moir M (2004) Formal verification of a practical lock-free queue algorithm. In: Proceedings of the international conference on formal techniques for networked and distributed systems (FORTE), pp 97–114Google Scholar
  9. DGLM09.
    Doherty S, Groves L, Luchangco V, Moir M (2009) Towards formally specifying and verifying transactional memory. In: Proceedings of the refineNet workshop (REFINE). Electronic notes in theoretical computer science. http://labs.oracle.com/scalable/pubs/Refine09-TM-correctness.pdf
  10. DM09.
    Doherty S, Moir M (2009) Nonblocking algorithms and backward simulation. In: Proceedings of 23rd international conference on distributed computing (DISC)Google Scholar
  11. DSS06.
    Dice D, Shalev O, Shavit N (2006) Transactional locking II. In: Proceedings of the international conference on distributed computing (DISC), pp 194–208Google Scholar
  12. DSS10.
    Dalessandro L, Spear MF, Scott ML (2010) NOrec: streamlining STM by abolishing ownership records. In: Proceedings of the 15th ACM SIGPLAN symposium on principles and practice of parallel programming (PPoPP), pp 67–78Google Scholar
  13. GHJS08.
    Guerraoui R, Henzinger TA, Jobstmann B, Singh V (2008) Model checking transactional memories. In: Proceedings of the 2008 ACM SIGPLAN conference on programming language design and implementation (PLDI), pp 372–382Google Scholar
  14. GHS08.
    Guerraoui R, Henzinger TA, Singh V (2008) Completeness and nondeterminism in model checking transactional memories. In: Proceedings of the 19th international conference on concurrency theory (CONCUR), pp 21–35Google Scholar
  15. GHS09.
    Guerraoui R, Henzinger TA, Singh V (2009) Software transactional memory on relaxed memory models. In: Proceedings of the 21st international conference on computer aided verification (CAV), pp 321–336Google Scholar
  16. GK08.
    Guerraoui R, Kapalka M (2008) On the correctness of transactional memory. In: Proceedings of the 13th ACM SIGPLAN symposium on principles and practice of parallel programming (PPoPP), pp 175–184Google Scholar
  17. GK10.
    Guerraoui R, Kapałka M (2010) Principles of Transactional Memory. Synthesis Lectures on Distributed Computing Theory. Morgan Claypool, USAGoogle Scholar
  18. HK08.
    Herlihy M, Koskinen E (2008) Transactional boosting: a methodology for highly-concurrent transactional objects. In: Proceedings of the 13th ACM SIGPLAN symposium on principles and practice of parallel programming (PPoPP), pp 207–216Google Scholar
  19. HM93.
    Herlihy M, Moss JEB (1993) Transactional memory: architectural support for lock-free data structures. In: Proceedings of the 20th annual international symposium on computer architecture (ISCA)Google Scholar
  20. Hoa72.
    Hoare CAR (1972) Towards a theory of parallel programming. In: Operating systems techniques. Academic Press, New York, pp 61–71Google Scholar
  21. HSATH06.
    Hudson RL, Saha B, Adl-Tabatabai A-R, Hertzberg BC (2006) McRT-Malloc: a scalable transactional memory allocator. In: Proceedings of the 5th international symposium on memory management (ISMM), pp 74–83Google Scholar
  22. IdMR08.
    Imbs D, de Mendívil J, Raynal M (2008) On the consistency conditions of transactional memories. Technical Report 1917, Institut de Recherche en Informatique et Systèmes AalátoiresGoogle Scholar
  23. IdMR09.
    Imbs D, de Mendívil J, Raynal M (2009) Brief announcement: virtual world consistency, a new condition for STM systems. In: Proceedings of the 2009 ACM symposium on principles of distributed computing (PODC), pp 280–281Google Scholar
  24. LLM+09.
    Lev Y, Luchangco V, Marathe VJ, Moir M, Nussbaum D, Olszewski M (2009) Anatomy of a scalable software transactional memory. In: 4th ACM SIGPLAN workshop on transactional computing (TRANSACT)Google Scholar
  25. LT87.
    Lynch N, Tuttle M (1987) Hierarchical correctness proofs for distributed algorithms. In: Proceedings of the 6th annual ACM symposium on principles of distributed computing (PODC), pp 137–151Google Scholar
  26. LT89.
    Lynch NA, Tuttle MR (1989) An introduction to input/output automata. CWI Q 2: 219–246MathSciNetzbMATHGoogle Scholar
  27. LV95.
    Lynch N, Vaandrager F (1995) Forward and backward simulations, I: untimed systems. Inf Comput 121(2): 214–233MathSciNetzbMATHCrossRefGoogle Scholar
  28. MG08.
    Moore KF, Grossman D (2008) High-level small step operational semantics for transactions. In: Proceedings of the 35th annual ACM symposium on principles of prgoramming languages (POPL)Google Scholar
  29. MH06.
    Moss JEB, Hosking AL (2006) Nested transactional memory: model and architecture sketches. Sci Comput Program 63(2): 186–201MathSciNetzbMATHCrossRefGoogle Scholar
  30. OG76.
    Owicki S, Gries D (1976) An axiomatic proof technique for parallel programs. Acta Inform 6(4): 319–340MathSciNetzbMATHCrossRefGoogle Scholar
  31. OST09.
    O’Leary J, Saha B, Tuttle MR (2009) Model checking transactional memory with Spin. In: Proceedings of the 29th IEEE international conference on distributed computing systems (ICDCS), pp 335–342Google Scholar
  32. Pap79.
    Papadimitriou CH (1979) The serializability of concurrent database updates. J ACM 26: 631–653MathSciNetzbMATHCrossRefGoogle Scholar
  33. PVS.
    The PVS specification and verification system. http://pvs.csl.sri.com/
  34. RRW08.
    Ramadan HE, Roy I, Witchel E (2008) Dependence-aware transactional memory for increased concurrency. In: Proceedings of the 41st annual IEEE/ACM international symposium on microarchitecture, pp 246–257Google Scholar
  35. SATH+06.
    Saha B, Adl-Tabatabai A-R, Hudson RL, Minh CC, Hertzberg B (2006) McRT-STM: a high performance software transactional memory system for a multi-core runtime. In: Proceedings of the 11th ACM SIGPLAN symposium on principles and practice of parallel programming (PPoPP), pp 187–197Google Scholar
  36. Sch92.
    Schneider F (1992) Introduction, special issue: specification of concurrent systems. Distrib Comput 6(1)Google Scholar
  37. Sco06.
    Scott ML (2006) Sequential specification of transactional memory semantics. In: 1st ACM SIGPLAN workshop on languages, compilers, and hardware support for transactional computing (TRANSACT)Google Scholar
  38. Sky09.
    SkySTM Interest Google Group (2009). http://groups.google.com/group/skystm-interest

Copyright information

© British Computer Society 2012

Authors and Affiliations

  • Simon Doherty
    • 1
  • Lindsay Groves
    • 1
  • Victor Luchangco
    • 2
  • Mark Moir
    • 2
  1. 1.School of Engineering and Computer ScienceVictoria University of WellingtonWellingtonNew Zealand
  2. 2.Oracle LabsBurlingtonUSA

Personalised recommendations