MemSAT: checking axiomatic specifications of memory models

Memory models are hard to reason about due to their complexity, which stems from the need to strike a balance between ease-of-programming and allowing compiler and hardware optimizations. In this paper, we present an automated tool, MemSAT, that helps in debugging and reasoning about memory models. Given an axiomatic specification of a memory model and a multi-threaded test program containing assertions, MemSAT outputs a trace of the program in which both the assertions and the memory model axioms are satisfied, if one can be found. The tool is fully automatic and is based on a SAT solver. If it cannot find a trace, it outputs a minimal subset of the memory model and program constraints that are unsatisfiable. We used MemSAT to check several existing memory models against their published test cases, including the current Java Memory Model by Manson et al. and a revised version of it by Sevcik and Aspinall. We found subtle discrepancies between what was expected and the actual results of test programs.

[1]  Niklas Sörensson,et al.  An Extensible SAT-solver , 2003, SAT.

[2]  Tulika Mitra,et al.  Specifying multithreaded Java semantics for program verification , 2002, ICSE '02.

[3]  Daniel Jackson,et al.  Software Abstractions - Logic, Language, and Analysis , 2006 .

[4]  David Aspinall,et al.  Formalising Java's Data Race Free Guarantee , 2007, TPHOLs.

[5]  Emina Torlak,et al.  A constraint solver for software engineering: finding models and cores of large relational specifications , 2009 .

[6]  David Aspinall Java Memory Model Examples: Good, Bad and Ugly , 2007 .

[7]  Xiaowei Shen,et al.  Improving the Java memory model using CRF , 2000, OOPSLA '00.

[8]  Tom Ridge,et al.  The semantics of x86-CC multiprocessor machine code , 2009, POPL '09.

[9]  Felix Sheng-Ho Chang,et al.  Finding Minimal Unsatisfiable Cores of Declarative Specifications , 2008, FM.

[10]  Yue Yang,et al.  QB or Not QB: An Efficient Execution Verification Tool for Memory Orderings , 2004, CAV.

[11]  Yue Yang,et al.  Specifying Java thread semantics using a uniform memory model , 2002, JGI '02.

[12]  Sebastian Burckhardt,et al.  Effective Program Verification for Relaxed Memory Models , 2008, CAV.

[13]  William Pugh Fixing the Java memory model , 1999, JAVA '99.

[14]  The XSB Logic Programming System , 2007 .

[15]  Jeremy Manson,et al.  JSR-133: Java Memory Model and Thread Specification , 2003 .

[16]  Sebastian Burckhardt,et al.  CheckFence: checking consistency of concurrent data types on relaxed memory models , 2007, PLDI '07.

[17]  Ganesh Gopalakrishnan,et al.  Analyzing the CRF Java memory model , 2001, Proceedings Eighth Asia-Pacific Software Engineering Conference.

[18]  Emina Torlak,et al.  Kodkod: A Relational Model Finder , 2007, TACAS.

[19]  Radha Jagadeesan,et al.  A theory of memory models , 2007, PPOPP.

[20]  Jeremy Manson,et al.  The Java memory model , 2005, POPL '05.

[21]  Guy L. Steele,et al.  The Java Language Specification , 1996 .

[22]  Yue Yang,et al.  Nemos: a framework for axiomatic and executable specifications of memory consistency models , 2004, 18th International Parallel and Distributed Processing Symposium, 2004. Proceedings..

[23]  David L. Dill,et al.  The Murphi Verification System , 1996, CAV.

[24]  Sarita V. Adve,et al.  Shared Memory Consistency Models: A Tutorial , 1996, Computer.

[25]  Yue Yang,et al.  Analyzing the Intel Itanium Memory Ordering Rules Using Logic Programming and SAT , 2003, CHARME.

[26]  Deepak D'Souza,et al.  Java memory model aware software validation , 2008, PASTE '08.

[27]  David Aspinall,et al.  On Validity of Program Transformations in the Java Memory Model , 2008, ECOOP.

[28]  Frank Tip,et al.  Finding bugs efficiently with a SAT solver , 2007, ESEC-FSE '07.

[29]  Leslie Lamport,et al.  How to Make a Multiprocessor Computer That Correctly Executes Multiprocess Programs , 2016, IEEE Transactions on Computers.