Checking and Enforcing Robustness against TSO

  • Ahmed Bouajjani
  • Egor Derevenetc
  • Roland Meyer
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7792)


We present algorithms for checking and enforcing robustness of concurrent programs against the Total Store Ordering (TSO) memory model. A program is robust if all its TSO computations correspond to computations under the Sequential Consistency (SC) semantics.

We provide a complete characterization of non-robustness in terms of so-called attacks: a restricted form of (harmful) out-of-program-order executions. Then, we show that detecting attacks can be parallelized, and can be solved using state reachability queries under the SC semantics in a suitably instrumented program obtained by a linear size source-to-source translation. Importantly, the construction is valid for an unbounded number of memory addresses and an arbitrary number of parallel threads. It is independent from the data domain and from the size of store buffers in the TSO semantics. In particular, when the data domain is finite and the number of addresses is fixed, we obtain decidability and complexity results for robustness, even for a parametric number of threads.

As a second contribution, we provide an algorithm for computing an optimal set of fences that enforce robustness. We consider two criteria of optimality: minimization of program size and maximization of its performance. The algorithms we define are implemented, and we successfully applied them to analyzing and correcting several concurrent algorithms.


Model Checker Parameterized Program Sequential Consistency Code Copy Helper Thread 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Trencher: a tool for checking and enforcing robustness against TSO,
  2. 2.
    Abdulla, P.A., Atig, M.F., Chen, Y.-F., Leonardsson, C., Rezine, A.: Counter-Example Guided Fence Insertion under TSO. In: Flanagan, C., König, B. (eds.) TACAS 2012. LNCS, vol. 7214, pp. 204–219. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  3. 3.
    Adve, S.V., Hill, M.D.: A unified formalization of four shared-memory models. IEEE Trans. Parallel Distrib. Syst. 4(6), 613–624 (1993)CrossRefGoogle Scholar
  4. 4.
    Alglave, J.: A Shared Memory Poetics. PhD thesis, University Paris 7 (2010)Google Scholar
  5. 5.
    Alglave, J., Maranget, L.: Stability in Weak Memory Models. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 50–66. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  6. 6.
    Alur, R., McMillan, K., Peled, D.: Model-Checking of Correctness Conditions for Concurrent Objects. In: LICS, pp. 219–228. IEEE Computer Society Press (1996)Google Scholar
  7. 7.
    Atig, M.F., Bouajjani, A., Burckhardt, S., Musuvathi, M.: On the Verification Problem for Weak Memory Models. In: POPL, pp. 7–18. ACM (2010)Google Scholar
  8. 8.
    Bouajjani, A., Derevenetc, E., Meyer, R.: Checking and enforcing robustness against TSO. CoRR, abs/1208.6152 (2012),
  9. 9.
    Bouajjani, A., Meyer, R., Möhlmann, E.: Deciding Robustness against Total Store Ordering. In: Aceto, L., Henzinger, M., Sgall, J. (eds.) ICALP 2011, Part II. LNCS, vol. 6756, pp. 428–440. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  10. 10.
    Burckhardt, S., Musuvathi, M.: Effective Program Verification for Relaxed Memory Models. In: Gupta, A., Malik, S. (eds.) CAV 2008. LNCS, vol. 5123, pp. 107–120. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  11. 11.
    Burnim, J., Sen, K., Stergiou, C.: Sound and Complete Monitoring of Sequential Consistency for Relaxed Memory Models. In: Abdulla, P.A., Leino, K.R.M. (eds.) TACAS 2011. LNCS, vol. 6605, pp. 11–25. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  12. 12.
    Dice, D.: A race in locksupport park() arising from weak memory models (November 2009),
  13. 13.
    Frigo, M., Leiserson, C.E., Randall, K.H.: The implementation of the Cilk-5 multithreaded language. SIGPLAN Not. 33(5), 212–223 (1998)CrossRefGoogle Scholar
  14. 14.
    German, S.M., Sistla, P.A.: Reasoning about systems with many processes. JACM 39, 675–735 (1992)MathSciNetzbMATHCrossRefGoogle Scholar
  15. 15.
    Gibbons, P.B., Korach, E.: Testing shared memories. SIAM J. Comp. 26(4), 1208–1244 (1997)MathSciNetzbMATHCrossRefGoogle Scholar
  16. 16.
    Herlihy, M., Shavit, N.: The Art of Multiprocessor Programming. MKP (2008)Google Scholar
  17. 17.
    Holzmann, G.J.: The model checker SPIN. IEEE Tr. Soft. Eng. 23, 279–295 (1997)CrossRefGoogle Scholar
  18. 18.
    Kopetz, H., Reisinger, J.: The Non-Blocking Write Protocol NBW: A Solution to a Real-Time Synchronisation Problem. In: IEEE Real-Time Systems Symposium, pp. 131–137. IEEE Computer Society Press (1993)Google Scholar
  19. 19.
    Kuperstein, M., Vechev, M.T., Yahav, E.: Partial-Coherence Abstractions for Relaxed Memory Models. In: PLDI, pp. 187–198. ACM (2011)Google Scholar
  20. 20.
    Kuperstein, M., Vechev, M.T., Yahav, E.: Automatic inference of memory fences. SIGACT News 43(2), 108–123 (2012)CrossRefGoogle Scholar
  21. 21.
    Lamport, L.: How to make a multiprocessor computer that correctly executes multiprocess programs. IEEE Trans. Comp. 28(9), 690–691 (1979)zbMATHCrossRefGoogle Scholar
  22. 22.
    Lamport, L.: A fast mutual exclusion algorithm. ACM Tr. Comp. Sys. 5(1) (1987)Google Scholar
  23. 23.
    Linden, A., Wolper, P.: A Verification-Based Approach to Memory Fence Insertion in Relaxed Memory Systems. In: Groce, A., Musuvathi, M. (eds.) SPIN 2011. LNCS, vol. 6823, pp. 144–160. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  24. 24.
    Lipton, R.: The reachability problem requires exponential space. Technical Report 62, Yale University (1976)Google Scholar
  25. 25.
    Owens, S.: Reasoning about the Implementation of Concurrency Abstractions on x86-TSO. In: D’Hondt, T. (ed.) ECOOP 2010. LNCS, vol. 6183, pp. 478–503. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  26. 26.
    Owens, S., Sarkar, S., Sewell, P.: A better x86 memory model: x86-TSO (extended version). Technical Report CL-TR-745, University of Cambridge (2009)Google Scholar
  27. 27.
    Rackoff, C.: The covering and boundedness problems for vector addition systems. Theor. Comp. Sci. 6, 223–231 (1978)MathSciNetzbMATHCrossRefGoogle Scholar
  28. 28.
    Sewell, P., Sarkar, S., Owens, S., Nardelli, F.Z., Myreen, M.O.: x86-TSO: a rigorous and usable programmer’s model for x86 multiprocessors. CACM 53, 89–97 (2010)CrossRefGoogle Scholar
  29. 29.
    Shasha, D., Snir, M.: Efficient and correct execution of parallel programs that share memory. ACM TOPLAS 10(2), 282–312 (1988)CrossRefGoogle Scholar
  30. 30.
    Vafeiadis, V., Zappa Nardelli, F.: Verifying Fence Elimination Optimisations. In: Yahav, E. (ed.) SAS 2011. LNCS, vol. 6887, pp. 146–162. Springer, Heidelberg (2011)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Ahmed Bouajjani
    • 1
  • Egor Derevenetc
    • 2
    • 3
  • Roland Meyer
    • 3
  1. 1.LIAFAUniversity Paris 7France
  2. 2.Fraunhofer ITWMGermany
  3. 3.University of KaiserslauternGermany

Personalised recommendations