Formal Methods in System Design

, Volume 39, Issue 3, pp 297–331 | Cite as

Verification of STM on relaxed memory models

  • Rachid Guerraoui
  • Thomas A. Henzinger
  • Vasu Singh
Article
  • 99 Downloads

Abstract

Software transactional memories (STM) are described in the literature with assumptions of sequentially consistent program execution and atomicity of high level operations like read, write, and abort. However, in a realistic setting, processors use relaxed memory models to optimize hardware performance. Moreover, the atomicity of operations depends on the underlying hardware. This paper presents the first approach to verify STMs under relaxed memory models with atomicity of 32 bit loads and stores, and read-modify-write operations. We describe RML, a simple language for expressing concurrent programs. We develop a semantics of RML parametrized by a relaxed memory model. We then present our tool, FOIL, which takes as input the RML description of an STM algorithm restricted to two threads and two variables, and the description of a memory model, and automatically determines the locations of fences, which if inserted, ensure the correctness of the restricted STM algorithm under the given memory model. We use FOIL to verify DSTM, TL2, and McRT STM under the memory models of sequential consistency, total store order, partial store order, and relaxed memory order for two threads and two variables. Finally, we extend the verification results for DSTM and TL2 to an arbitrary number of threads and variables by manually proving that the structural properties of STMs are satisfied at the hardware level of atomicity under the considered relaxed memory models.

Keywords

Transactional memories Model checking Relaxed memory models 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Adve SV, Gharachorloo K (1996) Shared memory consistency models: A tutorial. IEEE Comput 66–76 Google Scholar
  2. 2.
    Andrews T, Qadeer S, Rajamani SK, Rehof J, Xie Y (2004) Zing: A model checker for concurrent software. In: International conference on computer aided verification. Springer, Berlin, pp 484–487 CrossRefGoogle Scholar
  3. 3.
    Boehm HJ, Adve SV (2008) Foundations of the C++ concurrency memory model. In: ACM SIGPLAN conference on programming language design and implementation. ACM, New York, pp 68–78 Google Scholar
  4. 4.
    Boudol G, Petri G (2009) Relaxed memory models: An operational approach. In: ACM SIGPLAN symposium on principles of programming languages, pp 392–403 Google Scholar
  5. 5.
    Burckhardt S, Alur R, Martin MMK (2006) Bounded model checking of concurrent data types on relaxed memory models: A case study. In: International conference on computer aided verification. Springer, Berlin, pp 489–502 CrossRefGoogle Scholar
  6. 6.
    Burckhardt S, Alur R, Martin MMK (2007) CheckFence: Checking consistency of concurrent data types on relaxed memory models. In: ACM SIGPLAN conference on programming language design and implementation. ACM, New York, pp 12–21 Google Scholar
  7. 7.
    Burckhardt S, Musuvathi M, Singh V (2008) Verifying compiler transformations for concurrent programs. Technical Report MSR-TR-2008-171, Microsoft Research Google Scholar
  8. 8.
    Cohen A, Pnueli A, Zuck LD (2008) Mechanical verification of transactional memories with non-transactional memory accesses. In: International conference on computer aided verification. Springer, Berlin, pp 121–134 CrossRefGoogle Scholar
  9. 9.
    Colvin R, Groves L, Luchangco V, Moir M (2006) Formal verification of a lazy concurrent list-based set algorithm. In: International conference on computer aided verification. Springer, Berlin, pp 475–488 CrossRefGoogle Scholar
  10. 10.
    De Wulf M, Doyen L, Henzinger TA, Raskin J-F (2006) Antichains: A new algorithm for checking universality of finite automata. In: International conference on computer aided verification. Springer, Berlin, pp 17–30 CrossRefGoogle Scholar
  11. 11.
    Dice D, Shalev O, Shavit N (2006) Transactional locking II. In: International symposium on distributed computing. Springer, Berlin, pp 194–208 Google Scholar
  12. 12.
    Elmas T, Tasiran S, Qadeer S (2005) VYRD: Verifying concurrent programs by runtime refinement-violation detection. In: ACM SIGPLAN conference on programming language design and implementation, pp 27–37 Google Scholar
  13. 13.
    Elmas T, Qadeer S, Tasiran S (2007) Goldilocks: A race and transaction-aware Java runtime. In: ACM SIGPLAN conference on programming language design and implementation, pp 245–255 Google Scholar
  14. 14.
    Fang X, Lee J, Midkiff SP (2003) Automatic fence insertion for shared memory multiprocessing. In: International conference on supercomputing, pp 285–294 Google Scholar
  15. 15.
    Flanagan C, Freund SN (2004) Atomizer: A dynamic atomicity checker for multithreaded programs. In: ACM SIGPLAN symposium on principles of programming languages, pp 256–267 CrossRefGoogle Scholar
  16. 16.
    Flanagan C, Freund SN (2009) FastTrack: Efficient and precise dynamic race detection. In: ACM SIGPLAN conference on programming language design and implementation, pp 121–133 CrossRefGoogle Scholar
  17. 17.
    Flanagan C, Freund SN, Yi J (2008) Velodrome: A sound and complete dynamic atomicity checker for multithreaded programs. In: ACM SIGPLAN conference on programming language design and implementation, pp 293–303 Google Scholar
  18. 18.
    Gopalakrishnan G, Yang Y, Sivaraj H (2004) QB or Not QB: An efficient execution verification tool for memory orderings. In: International conference on computer aided verification. Springer, Berlin, pp 401–413 CrossRefGoogle Scholar
  19. 19.
    Guerraoui R, Henzinger TA, Jobstmann B, Singh V (2008) Model checking transactional memories. In: ACM SIGPLAN conference on programming language design and implementation. ACM, New York, pp 372–382 Google Scholar
  20. 20.
    Guerraoui R, Henzinger TA, Singh V (2008) Nondeterminism and completeness in model checking transactional memories. In: International conference on concurrency theory. Springer, Berlin, pp 21–35 Google Scholar
  21. 21.
    Guerraoui R, Henzinger TA, Singh V (2009) Software transactional memory on relaxed memory models. In: International conference on computer aided verification. Springer, Berlin, pp 321–336 CrossRefGoogle Scholar
  22. 22.
    Guerraoui R, Kapałka M (2008) On the correctness of transactional memory. In: ACM SIGPLAN symposium on principles and practice of parallel programming. ACM, New York, pp 175–184 Google Scholar
  23. 23.
    Herlihy M, Moss JEB (1993) Transactional memory: Architectural support for lock-free data structures. In: International symposium on computer architecture. ACM, New York, pp 289–300 CrossRefGoogle Scholar
  24. 24.
    Herlihy M, Luchangco V, Moir M, Scherer WN (2003) Software transactional memory for dynamic-sized data structures. In: ACM SIGACT-SIGOPS symposium on principles of distributed computing. ACM, New York, pp 92–101 Google Scholar
  25. 25.
    Holzmann GJ (1997) The model checker SPIN. IEEE Trans Softw Eng 279–295 Google Scholar
  26. 26.
    Lamport L (1979) How to make a multiprocessor computer that correctly executes multiprocess programs. IEEE Trans Comput 690–691 Google Scholar
  27. 27.
    Lee J, Padua DA (2001) Hiding relaxed memory consistency with a compiler. IEEE Trans Comput 824–833 Google Scholar
  28. 28.
    Manovit C, Hangal S, Chafi H, McDonald A, Kozyrakis C, Olukotun K (2006) Testing implementations of transactional memory. In: International conference on parallel architectures and compilation techniques, pp 134–143 Google Scholar
  29. 29.
    Manson J, Pugh W, Adve SV (2005) The Java memory model. In: ACM SIGPLAN symposium on principles of programming languages. ACM, New York, pp 378–391 Google Scholar
  30. 30.
    Musuvathi M, Qadeer S, Ball T, Basler G, Nainar PA, Neamtiu I (2008) Finding and reproducing heisenbugs in concurrent programs. In: USENIX symposium on operating systems design and implementation, pp 267–280 Google Scholar
  31. 31.
    Papadimitriou CH (1979) The serializability of concurrent database updates. J ACM 26(4) Google Scholar
  32. 32.
    Qadeer S, Rehof J (2005) Context-bounded model checking of concurrent software. In: International conference on tools and algorithms for the construction and analysis of systems, pp 93–107 CrossRefGoogle Scholar
  33. 33.
    Qadeer S, Wu D (2004) KISS: Keep it simple and sequential. In: ACM SIGPLAN conference on programming language design and implementation, pp 14–24 CrossRefGoogle Scholar
  34. 34.
    Saha B, Adl-Tabatabai A, Hudson RL, Minh CC, Hertzberg B (2006) McRT-STM: A high performance software transactional memory system for a multi-core runtime. In: ACM SIGPLAN symposium on principles and practice of parallel programming. ACM, New York, pp 187–197 Google Scholar
  35. 35.
    Saraswat VA, Jagadeesan R, Michael M, von Praun C (2007) A theory of memory models. In: ACM SIGPLAN symposium on principles and practice of parallel programming. ACM, New York, pp 161–172 CrossRefGoogle Scholar
  36. 36.
    Sarkar S, Sewell P, Zappa Nardelli F, Owens S, Ridge T, Braibant T, Myreen MO, Alglave J (2009) The semantics of x86-CC multiprocessor machine code. In: ACM SIGPLAN symposium on principles of programming languages, pp 379–391 Google Scholar
  37. 37.
    Scott ML (2006) Sequential specification of transactional memory semantics. In: ACM SIGPLAN workshop on transactional computing Google Scholar
  38. 38.
    Shavit N, Touitou D (1995) Software transactional memory. In: ACM SIGACT-SIGOPS symposium on principles of distributed computing. ACM, New York, pp 204–213 Google Scholar
  39. 39.
    Sites RL (ed) (2002) Alpha architecture reference manual. Digital Press, Newton Google Scholar
  40. 40.
    Tasiran S (2008) A compositional method for verifying software transactional memory implementations. Technical Report MSR-TR-2008-56, Microsoft Research Google Scholar
  41. 41.
    Vafeiadis V, Herlihy M, Hoare T, Shapiro M (2006) Proving correctness of highly-concurrent linearisable objects. In: ACM SIGPLAN symposium on principles and practice of parallel programming, pp 129–136 Google Scholar
  42. 42.
    Weaver D, Germond T (eds) (1994) The SPARC architecture manual (version 9). Prentice-Hall Inc, Englewood Cliffs Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2011

Authors and Affiliations

  • Rachid Guerraoui
    • 1
  • Thomas A. Henzinger
    • 2
  • Vasu Singh
    • 2
  1. 1.LPD (Station 14), I&CEPFLLausanneSwitzerland
  2. 2.IST AustriaKlosterneuburgAustria

Personalised recommendations