Verification of STM on relaxed memory models

Software transactional memories (STM) are described in the literature with assumptions of sequentially consistent program execution and atomicity of high level operations like read, write, and abort. However, in a realistic setting, processors use relaxed memory models to optimize hardware performance. Moreover, the atomicity of operations depends on the underlying hardware. This paper presents the first approach to verify STMs under relaxed memory models with atomicity of 32 bit loads and stores, and read-modify-write operations. We describe RML, a simple language for expressing concurrent programs. We develop a semantics of RML parametrized by a relaxed memory model. We then present our tool, FOIL, which takes as input the RML description of an STM algorithm restricted to two threads and two variables, and the description of a memory model, and automatically determines the locations of fences, which if inserted, ensure the correctness of the restricted STM algorithm under the given memory model. We use FOIL to verify DSTM, TL2, and McRT STM under the memory models of sequential consistency, total store order, partial store order, and relaxed memory order for two threads and two variables. Finally, we extend the verification results for DSTM and TL2 to an arbitrary number of threads and variables by manually proving that the structural properties of STMs are satisfied at the hardware level of atomicity under the considered relaxed memory models.

[1]  Jakob Rehof,et al.  Context-Bounded Model Checking of Concurrent Software , 2005, TACAS.

[2]  Jaejin Lee,et al.  Hiding relaxed memory consistency with a compiler , 2001 .

[3]  Rachid Guerraoui,et al.  Software Transactional Memory on Relaxed Memory Models , 2009, CAV.

[4]  Dinghao Wu,et al.  KISS: keep it simple and sequential , 2004, PLDI '04.

[5]  Thomas A. Henzinger,et al.  Proceedings of the 8th International Conference on Computer Aided Verification , 1996 .

[6]  Nir Shavit,et al.  Transactional Locking II , 2006, DISC.

[7]  Rachid Guerraoui,et al.  Model checking transactional memories , 2010, Distributed Computing.

[8]  Thomas Ball,et al.  Finding and Reproducing Heisenbugs in Concurrent Programs , 2008, OSDI.

[9]  Maurice Herlihy,et al.  Software transactional memory for dynamic-sized data structures , 2003, PODC '03.

[10]  Richard L. Sites,et al.  Alpha Architecture Reference Manual , 1995 .

[11]  Jaejin Lee,et al.  Automatic fence insertion for shared memory multiprocessing , 2003, ICS '03.

[12]  Amir Pnueli,et al.  Mechanical Verification of Transactional Memories with Non-transactional Memory Accesses , 2008, CAV.

[13]  Nir Shavit,et al.  Software transactional memory , 1995, PODC '95.

[14]  Yue Yang,et al.  QB or Not QB: An Efficient Execution Verification Tool for Memory Orderings , 2004, CAV.

[15]  David L Weaver,et al.  The SPARC architecture manual : version 9 , 1994 .

[16]  Sarita V. Adve,et al.  Shared Memory Consistency Models: A Tutorial , 1996, Computer.

[17]  Gerard J. Holzmann,et al.  The Model Checker SPIN , 1997, IEEE Trans. Software Eng..

[18]  Tom Ridge,et al.  The semantics of x86-CC multiprocessor machine code , 2009, POPL '09.

[19]  Serdar Tasiran A Compositional Method for Verifying Software Transactional Memory Implementations , 2008 .

[20]  Bratin Saha,et al.  McRT-STM: a high performance software transactional memory system for a multi-core runtime , 2006, PPoPP '06.

[21]  Hans-Juergen Boehm,et al.  Foundations of the C++ concurrency memory model , 2008, PLDI '08.

[22]  Stephen N. Freund,et al.  Velodrome: a sound and complete dynamic atomicity checker for multithreaded programs , 2008, PLDI '08.

[23]  Jakob Rehof,et al.  Zing: A Model Checker for Concurrent Software , 2004, CAV.

[24]  Nir Shavit,et al.  Software transactional memory , 1995, PODC '95.

[25]  Serdar Tasiran,et al.  Goldilocks: a race and transaction-aware java runtime , 2007, PLDI '07.

[26]  Kunle Olukotun,et al.  Testing implementations of transactional memory , 2006, 2006 International Conference on Parallel Architectures and Compilation Techniques (PACT).

[27]  Anna Philippou,et al.  Tools and Algorithms for the Construction and Analysis of Systems , 2018, Lecture Notes in Computer Science.

[28]  Mark Moir,et al.  Formal Verification of a Lazy Concurrent List-Based Set Algorithm , 2006, CAV.

[29]  Stephen N. Freund,et al.  FastTrack: efficient and precise dynamic race detection , 2009, PLDI '09.

[30]  Maurice Herlihy,et al.  Proving correctness of highly-concurrent linearisable objects , 2006, PPoPP '06.

[31]  Leslie Lamport,et al.  How to Make a Multiprocessor Computer That Correctly Executes Multiprocess Programs , 2016, IEEE Transactions on Computers.

[32]  Radha Jagadeesan,et al.  A theory of memory models , 2007, PPOPP.

[33]  Rachid Guerraoui MichaKapaka On the Correctness of Transactional Memory , 2008 .

[34]  Rachid Guerraoui,et al.  On the correctness of transactional memory , 2008, PPoPP.

[35]  Christos H. Papadimitriou,et al.  The serializability of concurrent database updates , 1979, JACM.

[36]  Rachid Guerraoui,et al.  Model checking transactional memories , 2008, PLDI '08.

[37]  Rachid Guerraoui,et al.  Completeness and Nondeterminism in Model Checking Transactional Memories , 2008, CONCUR.

[38]  Gérard Boudol,et al.  Relaxed memory models: an operational approach , 2009, POPL '09.

[39]  Sebastian Burckhardt,et al.  CheckFence: checking consistency of concurrent data types on relaxed memory models , 2007, PLDI '07.

[40]  Sebastian Burckhardt,et al.  Verifying Compiler Transformations for Concurrent Programs , 2008 .

[41]  Jeremy Manson,et al.  The Java memory model , 2005, POPL '05.

[42]  Maurice Herlihy,et al.  Transactional Memory: Architectural Support For Lock-free Data Structures , 1993, Proceedings of the 20th Annual International Symposium on Computer Architecture.

[43]  Michael L. Scott Sequential Specification of Transactional Memory Semantics , 2006 .

[44]  Thomas A. Henzinger,et al.  Antichains: A New Algorithm for Checking Universality of Finite Automata , 2006, CAV.

[45]  Stephen N. Freund,et al.  Atomizer: A dynamic atomicity checker for multithreaded programs , 2008, Sci. Comput. Program..

[46]  Serdar Tasiran,et al.  VYRD: verifYing concurrent programs by runtime refinement-violation detection , 2005, PLDI '05.

[47]  Sebastian Burckhardt,et al.  Bounded Model Checking of Concurrent Data Types on Relaxed Memory Models: A Case Study , 2006, CAV.