Abstract
Model checking transactional memories (TMs) is difficult because of the unbounded number, length, and delay of concurrent transactions, as well as the unbounded size of the memory. We show that, under certain conditions satisfied by most TMs we know of, the model checking problem can be reduced to a finite-state problem, and we illustrate the use of the method by proving the correctness of several TMs, including two-phase locking, DSTM, and TL2. The safety properties we consider include strict serializability and opacity; the liveness properties include obstruction freedom, livelock freedom, and wait freedom. Our main contribution lies in the structure of the proofs, which are largely automated and not restricted to the TMs mentioned above. In a first step we show that every TM that enjoys certain structural properties either violates a requirement on some program with two threads and two shared variables, or satisfies the requirement on all programs. In the second step, we use a model checker to prove the requirement for the TM applied to a most general program with two threads and two variables. In the safety case, the model checker checks language inclusion between two finite-state transition systems, a nondeterministic transition system representing the given TM applied to a most general program, and a deterministic transition system representing a most liberal safe TM applied to the same program. The given TM transition system is nondeterministic because a TM can be used with different contention managers, which resolve conflicts differently. In the liveness case, the model checker analyzes fairness conditions on the given TM transition system.
Similar content being viewed by others
References
Alur R., McMillan K.L., Peled D.: Model-checking of correctness conditions for concurrent objects. Inf. Comput. 160, 167–188 (2000)
Anderson J.H., Kim Y., Herman T.: Shared-memory mutual exclusion: major research trends since 1986. Distrib. Comput. 16, 75–110 (2003)
Browne M.C., Clarke E.M., Grumberg O.: Reasoning about networks with many identical finite state processes. Inf. Comput. 81(11), 13–31 (1989)
Burckhardt, S., Alur, R., Martin, M.M.K.: CheckFence: checking consistency of concurrent data types on relaxed memory models. In: PLDI, pp. 12–21 (2007)
Cohen, A., O’Leary, J., Pnueli, A., Tuttle, M.R., Zuck, L.: Verifying correctness of transactional memories. In: FMCAD, pp. 37–44 (2007)
Cohen, A., Pnueli, A., Zuck, L.D.: Mechanical verification of transactional memories with non-transactional memory accesses. In: CAV, pp. 121–134. Springer (2008)
Dice, D., Shalev, O., Shavit, N.: Transactional locking II. In: DISC, pp. 194–208. Springer (2006)
Flé M., Roucairol G.: Maximal serializability of iterated transactions. Theor. Comput. Sci. 38(11), 1–16 (1985)
Fraser, K., Harris, T.: Concurrent programming without locks. ACM Trans. Comput. Syst. (2007)
Gopalakrishnan, G., Yang, Y., Sivaraj, H.: QB or Not QB: an efficient execution verification tool for memory orderings. In: CAV, pp. 401–413. Springer (2004)
Guerraoui, R., Henzinger, T.A., Jobstmann, B., Singh, V.: Model checking transactional memories. In: PLDI, pp. 372–382 (2008)
Guerraoui, R., Henzinger, T.A., Singh, V.: Completeness and nondeterminism in model checking transactional memories. In: CONCUR, pp. 21–35 (2008)
Guerraoui, R., Henzinger, T.A., Singh, V.: Software transactional memory on relaxed memory models. In: CAV, pp. 321–336 (2009)
Guerraoui, R., Herlihy, M., Pochon, B.: Polymorphic contention management. In: DISC, pp. 303–323 (2005)
Guerraoui, R., Kapalka, M.: On the correctness of transactional memory. In: PPoPP, pp. 175–184 (2008)
Henzinger, T.A., Qadeer, S., Rajamani, S.K.: Verifying sequential consistency on shared-memory multiprocessor systems. In CAV, pp. 301–315. Springer (1999)
Herlihy M.: Wait-free synchronization. ACM Trans. Program. Lang. Syst. 13(1), 124–149 (1991)
Herlihy, M., Luchangco, V., Moir, M.: Obstruction-free synchronization: double-ended queues as an example. In: ICDCS, pp. 522–529. IEEE Computer Society (2003)
Herlihy, M., Luchangco, V., Moir, M., Scherer, W.N.: Software transactional memory for dynamic-sized data structures. In: PODC, pp. 92–101 (2003)
Herlihy, M., Moss, J.E.B.: Transactional memory: architectural support for lock-free data structures. In: ISCA, pp. 289–300. ACM Press (1993)
Larus, J.R., Rajwar, R.: Transactional Memory. Synthesis Lectures on Computer Architecture. Morgan & Claypool (2007)
Papadimitriou C.H.: The serializability of concurrent database updates. J. ACM 26(4), 631–653 (1979)
Qadeer, S.: Verifying sequential consistency on shared-memory multiprocessors by model checking. IEEE Transactions on Parallel and Distributed Systems, 730–741 (2003)
Scherer, W.N., Scott, M.L.: Advanced contention management for dynamic software transactional memory. In: PODC, pp. 240–248 (2005)
Scott, M.L.: Sequential specification of transactional memory semantics. In: TRANSACT (2006)
Shavit, N., Touitou, D.: Software transactional memory. In: PODC, pp. 204–213 (1995)
Streett R.S.: Propositional dynamic logic of looping and converse is elementarily decidable. Inf. Control 54, 121–141 (1982)
De Wulf, M., Doyen, L., Henzinger, T.A., Raskin, J.-F.: Antichains: a new algorithm for checking universality of finite automata. In: CAV, pp. 17–30. Springer (2006)
Author information
Authors and Affiliations
Corresponding author
Additional information
This research was supported by the Swiss National Science Foundation. This paper is an extended and revised version of our previous work on model checking transactional memories [11,12].
Rights and permissions
About this article
Cite this article
Guerraoui, R., Henzinger, T.A. & Singh, V. Model checking transactional memories. Distrib. Comput. 22, 129–145 (2010). https://doi.org/10.1007/s00446-009-0092-6
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00446-009-0092-6