Bounded Model Checking of Concurrent Data Types on Relaxed Memory Models: A Case Study

Many multithreaded programs employ concurrent data types to safely share data among threads. However, highly-concurrent algorithms for even seemingly simple data types are difficult to implement correctly, especially when considering the relaxed memory ordering models commonly employed by today's multiprocessors. The formal verification of such implementations is challenging as well because the high degree of concurrency leads to a large number of possible executions. In this case study, we develop a SAT-based bounded verification method and apply it to a representative example, a well-known two-lock concurrent queue algorithm. We first formulate a correctness criterion that specifically targets failures caused by concurrency; it demands that all concurrent executions be observationally equivalent to some serial execution. Next, we define a relaxed memory model that conservatively approximates several common shared-memory multiprocessors. Using commit point specifications, a suite of finite symbolic tests, a prototype encoder, and a standard SAT solver, we successfully identify two failures of a naive implementation that can be observed only under relaxed memory models. We eliminate these failures by inserting appropriate memory ordering fences into the code. The experiments confirm that our approach provides a valuable aid for desigining and implementing concurrent data types.

[1]  Yue Yang,et al.  QB or Not QB: An Efficient Execution Verification Tool for Memory Orderings , 2004, CAV.

[2]  David L Weaver,et al.  The SPARC architecture manual : version 9 , 1994 .

[3]  Daniel Kroening,et al.  A Tool for Checking ANSI-C Programs , 2004, TACAS.

[4]  David L. Dill,et al.  Formal specification of abstract memory models , 1993 .

[5]  Gary J. Nutt,et al.  A unified theory of shared memory consistency , 2002, JACM.

[6]  Maurice Herlihy,et al.  Linearizability: a correctness condition for concurrent objects , 1990, TOPL.

[7]  Leslie Lamport,et al.  Concurrent reading and writing , 1977, Commun. ACM.

[8]  Jaejin Lee,et al.  Automatic fence insertion for shared memory multiprocessing , 2003, ICS '03.

[9]  Sarita V. Adve,et al.  Shared Memory Consistency Models: A Tutorial , 1996, Computer.

[10]  Maged M. Michael,et al.  Simple, fast, and practical non-blocking and blocking concurrent queue algorithms , 1996, PODC '96.

[11]  Maurice Herlihy,et al.  Wait-free synchronization , 1991, TOPL.

[12]  Dennis Shasha,et al.  Efficient and correct execution of parallel programs that share memory , 1988, TOPL.

[13]  Brian Case,et al.  SPARC architecture , 1992 .

[14]  George J. Milne,et al.  Correct Hardware Design and Verification Methods , 2003, Lecture Notes in Computer Science.

[15]  Yue Yang,et al.  Nemos: a framework for axiomatic and executable specifications of memory consistency models , 2004, 18th International Parallel and Distributed Processing Symposium, 2004. Proceedings..

[16]  Gary L. Peterson,et al.  Concurrent Reading While Writing , 1983, TOPL.

[17]  Yue Yang,et al.  Analyzing the Intel Itanium Memory Ordering Rules Using Logic Programming and SAT , 2003, CHARME.

[18]  Orna Grumberg,et al.  Bounded Model Checking of Concurrent Programs , 2005, CAV.

[19]  David L. Dill,et al.  An executable specification, analyzer and verifier for RMO (relaxed memory order) , 1995, SPAA '95.

[20]  Eran Yahav,et al.  Automatically Verifying Concurrent Queue Algorithms , 2003, SoftMC@CAV.

[21]  Rajeev Alur,et al.  Model-Checking of Correctness Conditions for Concurrent Objects , 2000, Inf. Comput..

[22]  Jong-Deok Choi,et al.  Conditional Memory Ordering , 2006, 33rd International Symposium on Computer Architecture (ISCA'06).

[23]  Ganesh Gopalakrishnan,et al.  Memory-Model-Sensitive Data Race Analysis , 2004, ICFEM.

[24]  James R. Larus,et al.  Software and the Concurrency Revolution , 2005, ACM Queue.

[25]  Serdar Tasiran,et al.  VYRD: verifYing concurrent programs by runtime refinement-violation detection , 2005, PLDI '05.

[26]  Michael Burrows,et al.  Eraser: a dynamic data race detector for multithreaded programs , 1997, TOCS.

[27]  Mikko H. Lipasti,et al.  Correctly implementing value prediction in microprocessors that support multithreading or multiprocessing , 2001, MICRO.

[28]  Sharad Malik,et al.  Chaff: engineering an efficient SAT solver , 2001, Proceedings of the 38th Design Automation Conference (IEEE Cat. No.01CH37232).

[29]  Rajeev Alur,et al.  A Temporal Logic of Nested Calls and Returns , 2004, TACAS.

[30]  Maurice Herlihy,et al.  Proving correctness of highly-concurrent linearisable objects , 2006, PPoPP '06.

[31]  Leslie Lamport,et al.  How to Make a Multiprocessor Computer That Correctly Executes Multiprocess Programs , 2016, IEEE Transactions on Computers.