Checking and Enforcing Robustness against TSO
We present algorithms for checking and enforcing robustness of concurrent programs against the Total Store Ordering (TSO) memory model. A program is robust if all its TSO computations correspond to computations under the Sequential Consistency (SC) semantics.
We provide a complete characterization of non-robustness in terms of so-called attacks: a restricted form of (harmful) out-of-program-order executions. Then, we show that detecting attacks can be parallelized, and can be solved using state reachability queries under the SC semantics in a suitably instrumented program obtained by a linear size source-to-source translation. Importantly, the construction is valid for an unbounded number of memory addresses and an arbitrary number of parallel threads. It is independent from the data domain and from the size of store buffers in the TSO semantics. In particular, when the data domain is finite and the number of addresses is fixed, we obtain decidability and complexity results for robustness, even for a parametric number of threads.
As a second contribution, we provide an algorithm for computing an optimal set of fences that enforce robustness. We consider two criteria of optimality: minimization of program size and maximization of its performance. The algorithms we define are implemented, and we successfully applied them to analyzing and correcting several concurrent algorithms.
KeywordsModel Checker Parameterized Program Sequential Consistency Code Copy Helper Thread
- 1.Trencher: a tool for checking and enforcing robustness against TSO, http://concurrency.cs.uni-kl.de/trencher.html
- 4.Alglave, J.: A Shared Memory Poetics. PhD thesis, University Paris 7 (2010)Google Scholar
- 6.Alur, R., McMillan, K., Peled, D.: Model-Checking of Correctness Conditions for Concurrent Objects. In: LICS, pp. 219–228. IEEE Computer Society Press (1996)Google Scholar
- 7.Atig, M.F., Bouajjani, A., Burckhardt, S., Musuvathi, M.: On the Verification Problem for Weak Memory Models. In: POPL, pp. 7–18. ACM (2010)Google Scholar
- 8.Bouajjani, A., Derevenetc, E., Meyer, R.: Checking and enforcing robustness against TSO. CoRR, abs/1208.6152 (2012), http://arxiv.org/abs/1208.6152
- 12.Dice, D.: A race in locksupport park() arising from weak memory models (November 2009), https://blogs.oracle.com/dave/entry/a_race_in_locksupport_park
- 16.Herlihy, M., Shavit, N.: The Art of Multiprocessor Programming. MKP (2008)Google Scholar
- 18.Kopetz, H., Reisinger, J.: The Non-Blocking Write Protocol NBW: A Solution to a Real-Time Synchronisation Problem. In: IEEE Real-Time Systems Symposium, pp. 131–137. IEEE Computer Society Press (1993)Google Scholar
- 19.Kuperstein, M., Vechev, M.T., Yahav, E.: Partial-Coherence Abstractions for Relaxed Memory Models. In: PLDI, pp. 187–198. ACM (2011)Google Scholar
- 22.Lamport, L.: A fast mutual exclusion algorithm. ACM Tr. Comp. Sys. 5(1) (1987)Google Scholar
- 24.Lipton, R.: The reachability problem requires exponential space. Technical Report 62, Yale University (1976)Google Scholar
- 26.Owens, S., Sarkar, S., Sewell, P.: A better x86 memory model: x86-TSO (extended version). Technical Report CL-TR-745, University of Cambridge (2009)Google Scholar