Parameterized verification of transactional memories

We describe an automatic verification method to check whether transactional memories ensure strict serializability a key property assumed of the transactional interface. Our main contribution is a technique for effectively verifying parameterized systems. The technique merges ideas from parameterized hardware and protocol verification--verification by invisible invariants and symmetry reduction--with ideas from software verification--template-based invariant generation and satisfiability checking for quantified formulæ (modulo theories). The combination enables us to precisely model and analyze unbounded systems while taming state explosion. Our technique enables automated proofs that two-phase locking (TPL), dynamic software transactional memory (DSTM), and transactional locking II (TL2) systems ensure strict serializability. The verification is challenging since the systems are unbounded in several dimensions: the number and length of concurrently executing transactions, and the size of the shared memory they access, have no finite limit. In contrast, state-of-the-art software model checking tools such as BLAST and TVLA are unable to validate either system, due to inherent expressiveness limitations or state explosion.

[1]  Christoph Weidenbach,et al.  SPASS Version 3.5 , 2009, CADE.

[2]  Reinhard Wilhelm,et al.  Parametric shape analysis via 3-valued logic , 2002, TOPL.

[3]  Zohar Manna,et al.  The Temporal Logic of Reactive and Concurrent Systems , 1991, Springer New York.

[4]  L. D. Moura,et al.  The YICES SMT Solver , 2006 .

[5]  Alan J. Hu,et al.  Checking for Language Inclusion Using Simulation Preorders , 1991, CAV.

[6]  John C. Reynolds,et al.  Separation logic: a logic for shared mutable data structures , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[7]  Maurice Herlihy,et al.  Transactional Memory: Architectural Support For Lock-free Data Structures , 1993, Proceedings of the 20th Annual International Symposium on Computer Architecture.

[8]  Serdar Tasiran A Compositional Method for Verifying Software Transactional Memory Implementations , 2008 .

[9]  Sriram K. Rajamani,et al.  The SLAM project: debugging system software via static analysis , 2002, POPL '02.

[10]  Peter W. O'Hearn,et al.  Scalable Shape Analysis for Systems Code , 2008, CAV.

[11]  Viktor Kuncak,et al.  Full functional verification of linked data structures , 2008, PLDI '08.

[12]  Maurice Herlihy,et al.  Transactional Memory: Architectural Support For Lock-free Data Structures , 1993, Proceedings of the 20th Annual International Symposium on Computer Architecture.

[13]  Shmuel Sagiv,et al.  TVLA: A System for Implementing Static Analyses , 2000, SAS.

[14]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[15]  Amir Pnueli,et al.  Automatic Deductive Verification with Invisible Invariants , 2001, TACAS.

[16]  S. C. Kleene,et al.  Introduction to Metamathematics , 1952 .

[17]  Christos H. Papadimitriou,et al.  The serializability of concurrent database updates , 1979, JACM.

[18]  Rachid Guerraoui,et al.  Model checking transactional memories , 2008, PLDI '08.

[19]  Stephen McCamant,et al.  The Daikon system for dynamic detection of likely invariants , 2007, Sci. Comput. Program..

[20]  Henny B. Sipma,et al.  Linear Invariant Generation Using Non-linear Constraint Solving , 2003, CAV.

[21]  Roman Manevich,et al.  Thread Quantification for Concurrent Shape Analysis , 2008, CAV.

[22]  Rachid Guerraoui,et al.  Dividing Transactional Memories by Zero , 2008 .

[23]  Kenneth L. McMillan,et al.  Verification of Infinite State Systems by Compositional Model Checking , 1999, CHARME.

[24]  Rachid Guerraoui,et al.  Software Transactional Memory on Relaxed Memory Models , 2009, CAV.

[25]  James R. Larus,et al.  Transactional Memory , 2006, Transactional Memory.

[26]  Thomas A. Henzinger,et al.  Invariant Synthesis for Combined Theories , 2007, VMCAI.

[27]  Sumit Gulwani,et al.  Program verification using templates over predicate abstraction , 2009, PLDI '09.

[28]  Nir Shavit,et al.  Transactional Locking II , 2006, DISC.

[29]  Thomas A. Henzinger,et al.  Lazy abstraction , 2002, POPL '02.

[30]  Rachid Guerraoui,et al.  Model checking transactional memories , 2010, Distributed Computing.

[31]  Maurice Herlihy,et al.  Software transactional memory for dynamic-sized data structures , 2003, PODC '03.

[32]  Amir Pnueli,et al.  Mechanical Verification of Transactional Memories with Non-transactional Memory Accesses , 2008, CAV.

[33]  Krzysztof R. Apt,et al.  Limits for Automatic Verification of Finite-State Concurrent Systems , 1986, Inf. Process. Lett..

[34]  Amir Pnueli,et al.  Verifying Correctness of Transactional Memories , 2007 .

[35]  Amir Pnueli,et al.  Parameterized Verification with Automatically Computed Inductive Assertions , 2001, CAV.

[36]  Leslie Lamport,et al.  Specifying Concurrent Program Modules , 1983, TOPL.

[37]  Jan Reineke,et al.  Shape Analysis of Sets , 2006, Trustworthy Software.

[38]  Reinhard Wilhelm,et al.  Parametric shape analysis via 3-valued logic , 1999, POPL '99.