Model Checking Transactional Memory with Spin

We used the Spin model checker to show that Intel's implementation of software transactional memory is correct.  Transactional memory makes it possible  to write properly-synchronized multi-threaded programs without the explicit use of locks. We describe our model of Intel's implementation, our experience with Spin,  what we have shown, and what obstacles remain to showing more.

[1]  Leslie Lamport Checking a Multithreaded Algorithm with +CAL , 2006, DISC.

[2]  Rajeev Alur,et al.  Model-Checking of Correctness Conditions for Concurrent Objects , 2000, Inf. Comput..

[3]  Rachid Guerraoui,et al.  On the correctness of transactional memory , 2008, PPoPP.

[4]  James R. Larus,et al.  Transactional Memory , 2006, Transactional Memory.

[5]  Leslie Lamport,et al.  The +CAL Algorithm Language , 2006, NCA.

[6]  Gerard J. Holzmann,et al.  The SPIN Model Checker , 2003 .

[7]  Gerard J. Holzmann,et al.  An improvement in formal verification , 1994, FORTE.

[8]  Rachid Guerraoui,et al.  Model checking transactional memories , 2010, Distributed Computing.

[9]  Sharad Malik,et al.  Runtime Validation of Transactional Memory Systems , 2008, 9th International Symposium on Quality Electronic Design (isqed 2008).

[10]  Simon L. Peyton Jones,et al.  Composable memory transactions , 2005, CACM.

[11]  Sava Krstić Parametrized System Verification with Guard Strengthening and Parameter Abstraction , 2005 .

[12]  Leslie Lamport The +CAL Algorithm Language , 2006, NCA.

[13]  Nancy A. Lynch,et al.  Hierarchical correctness proofs for distributed algorithms , 1987, PODC '87.

[14]  Dan Grossman,et al.  High-level small-step operational semantics for transactions , 2008, POPL '08.

[15]  Joseph Sifakis,et al.  Model checking , 1996, Handbook of Automated Reasoning.

[16]  Seungjoon Park,et al.  A Simple Method for Parameterized Verification of Cache Coherence Protocols , 2004, FMCAD.

[17]  Rachid Guerraoui,et al.  Software Transactional Memory on Relaxed Memory Models , 2009, CAV.

[18]  Nir Shavit,et al.  Software transactional memory , 1995, PODC '95.

[19]  Amir Pnueli,et al.  Verifying Correctness of Transactional Memories , 2007, Formal Methods in Computer Aided Design (FMCAD'07).

[20]  Maged M. Michael,et al.  Nonblocking Algorithms and Preemption-Safe Locking on Multiprogrammed Shared Memory Multiprocessors , 1998, J. Parallel Distributed Comput..

[21]  Bratin Saha,et al.  Runtime Environment for Terascale Platforms , 2007 .

[22]  David L. Dill,et al.  Better verification through symmetry , 1996, Formal Methods Syst. Des..

[23]  Robert Ennals Software Transactional Memory Should Not Be Obstruction-Free , 2005 .

[24]  Mark Moir,et al.  Formal Verification of a Practical Lock-Free Queue Algorithm , 2004, FORTE.

[25]  Keir Fraser,et al.  Language support for lightweight transactions , 2003, SIGP.

[26]  Mark Plesko,et al.  Optimizing memory transactions , 2006, PLDI '06.

[27]  Seif Haridi,et al.  Distributed Algorithms , 1992, Lecture Notes in Computer Science.

[28]  Bratin Saha,et al.  McRT-STM: a high performance software transactional memory system for a multi-core runtime , 2006, PPoPP '06.

[29]  Brian T. Lewis,et al.  Compiler and runtime support for efficient software transactional memory , 2006, PLDI '06.

[30]  Bratin Saha,et al.  Code Generation and Optimization for Transactional Memory Constructs in an Unmanaged Language , 2007, International Symposium on Code Generation and Optimization (CGO'07).

[31]  Nir Shavit,et al.  Transactional Locking II , 2006, DISC.

[32]  Michael L. Scott Sequential Specification of Transactional Memory Semantics , 2006 .

[33]  Kunle Olukotun,et al.  Testing implementations of transactional memory , 2006, 2006 International Conference on Parallel Architectures and Compilation Techniques (PACT).

[34]  Maurice Herlihy,et al.  Transactional Memory: Architectural Support For Lock-free Data Structures , 1993, Proceedings of the 20th Annual International Symposium on Computer Architecture.

[35]  Gerard J. Holzmann,et al.  The SPIN Model Checker - primer and reference manual , 2003 .

[36]  Gerard J. Holzmann,et al.  The Engineering of a Model Checker: The Gnu i-Protocol Case Study Revisited , 1999, SPIN.

[37]  Mark R. Tuttle,et al.  Going with the Flow: Parameterized Verification Using Message Flows , 2008, 2008 Formal Methods in Computer-Aided Design.

[38]  Maurice Herlihy,et al.  Software transactional memory for dynamic-sized data structures , 2003, PODC '03.