The Benefits of Duality in Verifying Concurrent Programs under TSO

We address the problem of verifying safety properties of concurrent programs running over the TSO memory model. Known decision procedures for this model are based on complex encodings of store buffers as lossy channels. These procedures assume that the number of processes is fixed. However, it is important in general to prove correctness of a system/algorithm in a parametric way with an arbitrarily large number of processes. In this paper, we introduce an alternative (yet equivalent) semantics to the classical one for the TSO model that is more amenable for efficient algorithmic verification and for extension to parametric verification. For that, we adopt a dual view where load buffers are used instead of store buffers. The flow of information is now from the memory to load buffers. We show that this new semantics allows (1) to simplify drastically the safety analysis under TSO, (2) to obtain a spectacular gain in efficiency and scalability compared to existing procedures, and (3) to extend easily the decision procedure to the parametric case, which allows to obtain a new decidability result, and more importantly, a verification algorithm that is more general and more efficient in practice than the one for bounded instances.

[1]  Michel Dubois,et al.  Memory access buffering in multiprocessors , 1998, ISCA '98.

[2]  Chao Wang,et al.  Dynamic partial order reduction for relaxed memory models , 2015, PLDI.

[3]  Roland Meyer,et al.  Checking and Enforcing Robustness against TSO , 2013, ESOP.

[4]  Viktor Vafeiadis Separation logic for weak memory models , 2015, PLMW '15.

[5]  Sarita V. Adve,et al.  Shared Memory Consistency Models: A Tutorial , 1996, Computer.

[6]  Shengchao Qin,et al.  Reasoning about Fences and Relaxed Atomics , 2016, 2016 24th Euromicro International Conference on Parallel, Distributed, and Network-Based Processing (PDP).

[7]  Ori Lahav,et al.  Owicki-Gries Reasoning for Weak Memory Models , 2015, ICALP.

[8]  Francesco Zappa Nardelli,et al.  x86-TSO , 2010, Commun. ACM.

[9]  Parosh Aziz Abdulla,et al.  Well (and Better) Quasi-Ordered Transition Systems , 2010, The Bulletin of Symbolic Logic.

[10]  Koushik Sen,et al.  Testing concurrent programs on relaxed memory models , 2011, ISSTA '11.

[11]  Sebastian Burckhardt,et al.  Effective Program Verification for Relaxed Memory Models , 2008, CAV.

[12]  Brian Case,et al.  SPARC architecture , 1992 .

[13]  Sebastian Burckhardt,et al.  On the verification problem for weak memory models , 2010, POPL '10.

[14]  Parosh Aziz Abdulla,et al.  The Best of Both Worlds: Trading Efficiency and Optimality in Fence Insertion for TSO , 2015, ESOP.

[15]  Sebastian Burckhardt,et al.  What's Decidable about Weak Memory Models? , 2012, ESOP.

[16]  YahavEran,et al.  Dynamic synthesis for relaxed memory models , 2012 .

[17]  Parosh Aziz Abdulla,et al.  Precise and Sound Automatic Fence Insertion Procedure under PSO , 2015, NETYS.

[18]  Eran Yahav,et al.  Partial-coherence abstractions for relaxed memory models , 2011, PLDI '11.

[19]  Parosh Aziz Abdulla,et al.  General decidability theorems for infinite-state systems , 1996, Proceedings 11th Annual IEEE Symposium on Logic in Computer Science.

[20]  Eran Yahav,et al.  Automatic inference of memory fences , 2010, Formal Methods in Computer Aided Design.

[21]  Parosh Aziz Abdulla,et al.  Memorax, a Precise and Sound Tool for Automatic Fence Insertion under TSO , 2013, TACAS.

[22]  Daniel Kroening,et al.  Software Verification for Weak Memory via Program Transformation , 2012, ESOP.

[23]  Mohamed Faouzi Atig,et al.  Getting Rid of Store-Buffers in TSO Analysis , 2011, CAV.

[24]  M. Hill,et al.  Weak ordering-a new definition , 1990, [1990] Proceedings. The 17th Annual International Symposium on Computer Architecture.

[25]  Sebastian Burckhardt,et al.  CheckFence: checking consistency of concurrent data types on relaxed memory models , 2007, PLDI '07.

[26]  Peter Sewell,et al.  A Better x86 Memory Model: x86-TSO , 2009, TPHOLs.

[27]  Philippe Schnoebelen,et al.  Well-structured transition systems everywhere! , 2001, Theor. Comput. Sci..

[28]  Graham Higman,et al.  Ordering by Divisibility in Abstract Algebras , 1952 .

[29]  Parosh Aziz Abdulla,et al.  Stateless Model Checking for POWER , 2016, CAV.

[30]  Salvatore La Torre,et al.  Embedding weak memory models within eager sequentialization , 2016 .

[31]  Eran Yahav,et al.  Effective Abstractions for Verification under Relaxed Memory Models , 2015, VMCAI.

[32]  Jeff Huang,et al.  Maximal causality reduction for TSO and PSO , 2016, OOPSLA.

[33]  Leslie Lamport,et al.  How to Make a Multiprocessor Computer That Correctly Executes Multiprocess Programs , 2016, IEEE Transactions on Computers.

[34]  Parosh Aziz Abdulla,et al.  Counter-Example Guided Fence Insertion under TSO , 2012, TACAS.

[35]  Oleg Travkin,et al.  Verification of Concurrent Programs on Weak Memory Models , 2016, ICTAC.

[36]  Parosh Aziz Abdulla,et al.  Automatic Fence Insertion in Integer Programs via Predicate Abstraction , 2012, SAS.

[37]  Ori Lahav,et al.  Explaining Relaxed Memory Models with Program Transformations , 2016, FM.

[38]  Patrick Lam,et al.  SATCheck: SAT-directed stateless model checking for SC and TSO , 2015, OOPSLA.

[39]  Salvatore La Torre,et al.  Lazy sequentialization for TSO and PSO via shared memory abstractions , 2016, 2016 Formal Methods in Computer-Aided Design (FMCAD).

[40]  Eran Yahav,et al.  Predicate Abstraction for Relaxed Memory Models , 2013, SAS.

[41]  Roland Meyer,et al.  Robustness against Power is PSpace-complete , 2014, ICALP.

[42]  Daniel Kroening,et al.  Partial Orders for Efficient Bounded Model Checking of Concurrent Software , 2013, CAV.

[43]  Yue Yang,et al.  Nemos: a framework for axiomatic and executable specifications of memory consistency models , 2004, 18th International Parallel and Distributed Processing Symposium, 2004. Proceedings..

[44]  Parosh Aziz Abdulla,et al.  Stateless model checking for TSO and PSO , 2015, Acta Informatica.