Bounded Model Checking of Concurrent Data Types on Relaxed Memory Models: A Case Study

  • Sebastian Burckhardt
  • Rajeev Alur
  • Milo M. K. Martin
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4144)


Many multithreaded programs employ concurrent data types to safely share data among threads. However, highly-concurrent algorithms for even seemingly simple data types are difficult to implement correctly, especially when considering the relaxed memory ordering models commonly employed by today’s multiprocessors. The formal verification of such implementations is challenging as well because the high degree of concurrency leads to a large number of possible executions. In this case study, we develop a SAT-based bounded verification method and apply it to a representative example, a well-known two-lock concurrent queue algorithm. We first formulate a correctness criterion that specifically targets failures caused by concurrency; it demands that all concurrent executions be observationally equivalent to some serial execution. Next, we define a relaxed memory model that conservatively approximates several common shared-memory multiprocessors. Using commit point specifications, a suite of finite symbolic tests, a prototype encoder, and a standard SAT solver, we successfully identify two failures of a naive implementation that can be observed only under relaxed memory models. We eliminate these failures by inserting appropriate memory ordering fences into the code. The experiments confirm that our approach provides a valuable aid for desigining and implementing concurrent data types.


Memory Model Sequential Consistency Bound Model Check Concurrent Execution Client Program 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Sutter, H., Larus, J.: Software and the concurrency revolution. ACM Queue 3(7), 54–62 (2005)CrossRefGoogle Scholar
  2. 2.
    Herlihy, M.: Wait-free synchronization. ACM Trans. Program. Lang. Syst. 13(1), 124–149 (1991)CrossRefGoogle Scholar
  3. 3.
    Peterson, G.L.: Concurrent reading while writing. ACM Trans. Program. Lang. Syst. 5(1), 46–55 (1983)MATHCrossRefGoogle Scholar
  4. 4.
    Lamport, L.: Concurrent reading and writing. Commun. ACM 20(11), 806–811 (1977)MATHCrossRefMathSciNetGoogle Scholar
  5. 5.
    Adve, S.V., Gharachorloo, K.: Shared memory consistency models: a tutorial. Computer 29(12), 66–76 (1996)CrossRefGoogle Scholar
  6. 6.
    Lamport, L.: How to make a multiprocessor computer that correctly executes multiprocess programs. IEEE Trans. Comp. C-28(9), 690–691 (1979)CrossRefGoogle Scholar
  7. 7.
    Elmas, T., Tasiran, S., Qadeer, S.: VYRD: verifying concurrent programs by runtime refinement-violation detection. In: Programming Language Design and Implementation (PLDI), pp. 27–37 (2005)Google Scholar
  8. 8.
    Clarke, E., Kroening, D., Lerda, F.: A tool for checking ANSI-C programs. In: Jensen, K., Podelski, A. (eds.) TACAS 2004. LNCS, vol. 2988, pp. 168–176. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  9. 9.
    Yang, Y., Gopalakrishnan, G., Lindstrom, G.: Memory-model-sensitive data race analysis. In: Davies, J., Schulte, W., Barnett, M. (eds.) ICFEM 2004. LNCS, vol. 3308, pp. 30–45. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  10. 10.
    Gopalakrishnan, G., Yang, Y., Sivaraj, H.: QB or not QB: An efficient execution verification tool for memory orderings. In: Alur, R., Peled, D.A. (eds.) CAV 2004. LNCS, vol. 3114, pp. 401–413. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  11. 11.
    Michael, M.M., Scott, M.L.: Simple, fast, and practical non-blocking and blocking concurrent queue algorithms. In: Principles of Distributed Computing (PODC), pp. 267–275 (1996)Google Scholar
  12. 12.
    Vafeiadis, V., Herlihy, M., Hoare, T., Shapiro, M.: Proving correctness of highly-concurrent linearisable objects. In: Principles and Practice of Parallel Programming (PPoPP), pp. 129–136 (2006)Google Scholar
  13. 13.
    Rabinovitz, I., Grumberg, O.: Bounded model checking of concurrent programs. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 82–97. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  14. 14.
    Yahav, E., Sagiv, M.: Automatically verifying concurrent queue algorithms. Electr. Notes Theor. Comput. Sci. 89(3) (2003)Google Scholar
  15. 15.
    Herlihy, M.P., Wing, J.M.: Linearizability: a correctness condition for concurrent objects. ACM Trans. Program. Lang. Syst. 12(3), 463–492 (1990)CrossRefGoogle Scholar
  16. 16.
    Park, S., Dill, D.L.: An executable specification, analyzer and verifier for RMO (relaxed memory order). In: Symposium on Parallel Algorithms and Architectures (SPAA), pp. 34–41 (1995)Google Scholar
  17. 17.
    Dill, D.L., Park, S., Nowatzyk, A.G.: Formal specification of abstract memory models. In: Symposium on Research on Integrated Systems, pp. 38–52. MIT Press, Cambridge (1993)Google Scholar
  18. 18.
    Savage, S., Burrows, M., Nelson, G., Sobalvarro, P., Anderson, T.: Eraser: A dynamic data race detector for multithreaded programs. ACM Trans. Comp. Sys. 15(4), 391–411 (1997)CrossRefGoogle Scholar
  19. 19.
    Frey, B.: PowerPC Architecture Book v2.02. International Business Machines Corporation (2005)Google Scholar
  20. 20.
    Weaver, D.L., Germond, T. (eds.): The SPARC Architecture Manual Version 9. Prentice-Hall, Englewood Cliffs (1994)Google Scholar
  21. 21.
    Compaq Computer Corporation. Alpha Architecture Reference Manual, 4th edn. (January 2002)Google Scholar
  22. 22.
    International Business Machines Corporation. z/Architecture Principles of Operation, 1st edn. (December 2000)Google Scholar
  23. 23.
    Yang, Y., Gopalakrishnan, G., Lindstrom, G., Slind, K.: Analyzing the Intel Itanium memory ordering rules using logic programming and SAT. In: Geist, D., Tronci, E. (eds.) CHARME 2003. LNCS, vol. 2860, pp. 81–95. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  24. 24.
    Alur, R., McMillan, K., Peled, D.: Model-checking of correctness conditions for concurrent objects. In: Logic in Computer Science (LICS), pp. 219–228 (1996)Google Scholar
  25. 25.
    Steinke, R.C., Nutt, G.J.: A unified theory of shared memory consistency. J. ACM 51(5), 800–849 (2004)CrossRefMathSciNetMATHGoogle Scholar
  26. 26.
    Yang, Y., Gopalakrishnan, G., Lindstrom, G., Slind, K.: Nemos: A framework for axiomatic and executable specifications of memory consistency models. In: International Parallel and Distributed Processing Symposium (IPDPS) (2004)Google Scholar
  27. 27.
    Shasha, D., Snir, M.: Efficient and correct execution of parallel programs that share memory. ACM Trans. Program. Lang. Syst. 10(2), 282–312 (1988)CrossRefGoogle Scholar
  28. 28.
    Fang, X., Lee, J., Midkiff, S.P.: Automatic fence insertion for shared memory multiprocessing. In: International Conference on Supercomputing (ICS), pp. 285–294 (2003)Google Scholar
  29. 29.
    von Praun, C., Cain, T., Choi, J., Ryu, K.: Conditional memory ordering. In: International Symposium on Computer Architecture (ISCA) (2006)Google Scholar
  30. 30.
    Moskewicz, M., Madigan, C., Zhao, Y., Zhang, L., Malik, S.: Chaff: Engineering an efficient SAT solver. In: Design Automation Conference (DAC), pp. 530–535 (2001)Google Scholar
  31. 31.
    Martin, M., Sorin, D., Cain, H., Hill, M., Lipasti, M.: Correctly implementing value prediction in microprocessors that support multithreading or multiprocessing. In: International Symposium on Microarchitecture (MICRO), pp. 328–337 (2001)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Sebastian Burckhardt
    • 1
  • Rajeev Alur
    • 1
  • Milo M. K. Martin
    • 1
  1. 1.Department of Computer ScienceUniversity of Pennsylvania 

Personalised recommendations