Software Verification for Weak Memory via Program Transformation

Multiprocessors implement weak memory models, but program verifiers often assume Sequential Consistency (SC), and thus may miss bugs due to weak memory. We propose a sound transformation of the program to verify, enabling SC tools to perform verification w.r.t. weak memory. We present experiments for a broad variety of models (from x86-TSO to Power) and a vast range of verification tools, quantify the additional cost of the transformation and highlight the cases when we can drastically reduce it. Our benchmarks include work-queue management code from PostgreSQL.

[1]  Peter Kulchyski and , 2015 .

[2]  Daniel Kroening,et al.  Partial Orders for Efficient BMC of Concurrent Software , 2013, ArXiv.

[3]  Daniel Kroening,et al.  Symmetry-Aware Predicate Abstraction for Shared-Variable Concurrent Programs , 2011, CAV.

[4]  Sebastian Burckhardt,et al.  CheckFence: checking consistency of concurrent data types on relaxed memory models , 2007, PLDI '07.

[5]  Lucas C. Cordeiro,et al.  Verifying multi-threaded software using smt-based context-bounded model checking , 2011, 2011 33rd International Conference on Software Engineering (ICSE).

[6]  Edsger W. Dijkstra,et al.  Cooperating sequential processes , 2002 .

[7]  Eran Yahav,et al.  Automatic inference of memory fences , 2010, Formal Methods in Computer Aided Design.

[8]  Sarita V. Adve,et al.  Shared Memory Consistency Models: A Tutorial , 1996, Computer.

[9]  Sebastian Burckhardt,et al.  On the verification problem for weak memory models , 2010, POPL '10.

[10]  Robert E. Tarjan,et al.  Enumeration of the Elementary Circuits of a Directed Graph , 1972, SIAM J. Comput..

[11]  Kenneth L. McMillan,et al.  Lazy Abstraction with Interpolants , 2006, CAV.

[12]  Leslie Lamport,et al.  A fast mutual exclusion algorithm , 1987, TOCS.

[13]  Boleslaw K. Szymanski A simple solution to Lamport's concurrent programming problem with linear wait , 1988, ICS '88.

[14]  Jade Alglave,et al.  A formal hierarchy of weak memory models , 2012, Formal Methods in System Design.

[15]  Beverly A. Sanders,et al.  Java Memory Model-Aware Model Checking , 2012, TACAS.

[16]  Leslie Lamport,et al.  How to Make a Correct Multiprocess Program Execute Correctly on a Multiprocessor , 1997, IEEE Trans. Computers.

[17]  Daniel Kroening,et al.  Soundness of Data Flow Analyses for Weak Memory Models , 2011, APLAS.

[18]  Jade Alglave,et al.  Stability in Weak Memory Models , 2011, CAV.

[19]  Sebastian Burckhardt,et al.  Effective Program Verification for Relaxed Memory Models , 2008, CAV.

[20]  ShashaDennis,et al.  Efficient and correct execution of parallel programs that share memory , 1988 .

[21]  Robert E. Tarjan,et al.  Depth-First Search and Linear Graph Algorithms , 1972, SIAM J. Comput..

[22]  Gary L. Peterson,et al.  Myths About the Mutual Exclusion Problem , 1981, Inf. Process. Lett..

[23]  Jade Alglave,et al.  Fences in Weak Memory Models , 2010, CAV.

[24]  Roland Meyer,et al.  Deciding Robustness against Total Store Ordering , 2011, ICALP.

[25]  Ganesh Gopalakrishnan,et al.  Memory-Model-Sensitive Data Race Analysis , 2004, ICFEM.

[26]  Eran Yahav,et al.  Partial-coherence abstractions for relaxed memory models , 2011, PLDI '11.

[27]  Thuan Quang Huynh,et al.  A Memory Model Sensitive Checker for C# , 2006, FM.

[28]  Jade Alglave,et al.  Understanding POWER multiprocessors , 2011, PLDI '11.

[29]  Sebastian Burckhardt,et al.  What's Decidable about Weak Memory Models? , 2012, ESOP.

[30]  Peter Sewell,et al.  A Better x86 Memory Model: x86-TSO (Extended Version) , 2009 .

[31]  Peter Sewell,et al.  A Better x86 Memory Model: x86-TSO , 2009, TPHOLs.

[32]  David L. Dill,et al.  An executable specification, analyzer and verifier for RMO (relaxed memory order) , 1995, SPAA '95.

[33]  Parosh Aziz Abdulla,et al.  Counter-Example Guided Fence Insertion under TSO , 2012, TACAS.

[34]  Ashutosh Gupta,et al.  Threader: A Constraint-Based Verifier for Multi-threaded Programs , 2011, CAV.

[35]  Pierre Wolper,et al.  A Verification-Based Approach to Memory Fence Insertion in Relaxed Memory Systems , 2011, SPIN.

[36]  Mohamed Faouzi Atig,et al.  Getting Rid of Store-Buffers in TSO Analysis , 2011, CAV.

[37]  Dennis Shasha,et al.  Efficient and correct execution of parallel programs that share memory , 1988, TOPL.

[38]  Scott Owens,et al.  Reasoning about the Implementation of Concurrency Abstractions on x86-TSO , 2010, ECOOP.

[39]  Martin C. Rinard,et al.  Analysis of Multithreaded Programs , 2001, SAS.