Formalizing Shared Memory Consistency Models for Program Analysis

Shared memory consistency models are critical for system correctness but difficult to analyze. The increasing popularity of multithreaded programming also creates a new challenge in how to help programmers reason about thread executions against the underlying memory consistency rules. This dissertation addresses the problem of formally specifying memory models to support program analysis. Two analytical frameworks are established to support both operational and nonoperational specification styles. These frameworks are applied to formalize a wide range of memory consistency designs, including classical, industrial processor level, and language level memory models. We first present an operational style specification framework called UMM, which supports a generic memory abstraction and provides built-in model checking capability. Then we present Nemos, a nonoperational specification framework that uses higher order predicate logic to capture memory ordering constraints in a declarative and compositional fashion. After imposing the consistency rules on a symbolic program execution, the validity of the execution can be automatically checked through constraint solving or SAT solving. This method makes a memory model executable, a powerful feature lacking in previous nonoperational methods. Furthermore, a constraint-based approach is applied to specify control/data dependence and to capture “programmer expectations.” By combining the constraints of program properties and language semantics, memory-model-sensitive program analysis can be automated. Three concrete applications of this approach are proposed, including execution validation, race detection and atomicity verification.

[1]  Ganesh Gopalakrishnan,et al.  Shared Memory Consistency Protocol Verification Against Weak Memory Models: Refinement via Model-Checking , 2002, CAV.

[2]  David L. Dill,et al.  Formal specification of abstract memory models , 1993 .

[3]  Vivek Sarkar,et al.  Location Consistency-A New Memory Model and Cache Consistency Protocol , 2000, IEEE Trans. Computers.

[4]  Larry Rudolph,et al.  Commit-reconcile & fences (CRF): a new memory model for architects and compiler writers , 1999, ISCA.

[5]  Mark D. Hill,et al.  A Unified Formalization of Four Shared-Memory Models , 1993, IEEE Trans. Parallel Distributed Syst..

[6]  Sarita V. Adve,et al.  Shared Memory Consistency Models: A Tutorial , 1996, Computer.

[7]  Nicholas Sterling,et al.  WARLOCK - A Static Data Race Analysis Tool , 1993, USENIX Winter.

[8]  David Mosberger,et al.  Memory consistency models , 1993, OPSR.

[9]  Leslie Lamport,et al.  Checking Cache-Coherence Protocols with TLA+ , 2003, Formal Methods Syst. Des..

[10]  Gary L. Peterson,et al.  Myths About the Mutual Exclusion Problem , 1981, Inf. Process. Lett..

[11]  Jong-Deok Choi,et al.  An efficient cache-based access anomaly detection scheme , 1991, ASPLOS IV.

[12]  Ganesh Gopalakrishnan,et al.  Analyzing the CRF Java memory model , 2001, Proceedings Eighth Asia-Pacific Software Engineering Conference.

[13]  David L. Dill,et al.  Java model checking , 2000, Proceedings ASE 2000. Fifteenth IEEE International Conference on Automated Software Engineering.

[14]  Gary J. Nutt,et al.  A lattice based framework of shared memory consistency models , 2001, Proceedings 21st International Conference on Distributed Computing Systems.

[15]  Gil Neiger,et al.  A Characterization of Scalable Shared Memories , 1993, 1993 International Conference on Parallel Processing - ICPP'93.

[16]  David L. Dill,et al.  An Executable Specification and Verifier for Relaxed Memory Order , 1999, IEEE Trans. Computers.

[17]  M. Raynal,et al.  A Suite of Formal Definitions for Consistency Criteria in Distributed Shared Memories , 1996 .

[18]  James C. Corbett,et al.  Bandera: extracting finite-state models from Java source code , 2000, ICSE.

[19]  Jong-Deok Choi,et al.  Efficient and precise datarace detection for multithreaded object-oriented programs , 2002, PLDI '02.

[20]  M. Gordon,et al.  Introduction to HOL: a theorem proving environment for higher order logic , 1993 .

[21]  Alba Cristina Magalhaes Alves de Melo Defining Uniform and Hybrid Memory Consistency Models on a Unified Framework , 1999, HICSS.

[22]  Ganesh Gopalakrishnan,et al.  Rigorous Concurrency Analysis of Multithreaded Programs , 2003 .

[23]  Barton P. Miller,et al.  What are race conditions?: Some issues and formalizations , 1992, LOPL.

[24]  K. Gharachodoo,et al.  Memory consistency models for shared memory multiprocessors , 1996 .

[25]  W. Visser,et al.  Second Generation of a Java Model Checker , 2000 .

[26]  Phillip B. Gibbons,et al.  Testing Shared Memories , 1997, SIAM J. Comput..

[27]  Charles Wallace,et al.  Investigating Java Concurrency Using Abstract State Machines , 2000, Abstract State Machines.

[28]  Yue Yang,et al.  Nemos: a framework for axiomatic and executable specifications of memory consistency models , 2004, 18th International Parallel and Distributed Processing Symposium, 2004. Proceedings..

[29]  Michael Burrows,et al.  Eraser: a dynamic data race detector for multithreaded programs , 1997, TOCS.

[30]  Leslie Lamport,et al.  How to Make a Multiprocessor Computer That Correctly Executes Multiprocess Programs , 2016, IEEE Transactions on Computers.

[31]  Jalal Kawash,et al.  DEFINING AND COMPARING MEMORY CONSISTENCY MODELS , 1997 .

[32]  Laurie J. Hendren,et al.  Efficient Inference of Static Types for Java Bytecode , 2000, SAS.

[33]  Edith Schonberg,et al.  On-the-fly detection of access anomalies , 2018, PLDI '89.

[34]  Greg Nelson,et al.  Extended static checking for Java , 2002, PLDI '02.

[35]  Tulika Mitra,et al.  Specifying multithreaded Java semantics for program verification , 2002, ICSE '02.

[36]  William Pugh,et al.  Semantics of Multithreaded Java , 2001 .

[37]  Alexander Aiken,et al.  Detecting races in Relay Ladder Logic programs , 1998, International Journal on Software Tools for Technology Transfer.

[38]  Cormac Flanagan,et al.  A type and effect system for atomicity , 2003, PLDI.

[39]  Mikko H. Lipasti,et al.  The complexity of verifying memory coherence , 2003, SPAA '03.

[40]  Nicolas Beldiceanu,et al.  Constraint Logic Programming , 1997 .

[41]  Brian Case,et al.  SPARC architecture , 1992 .

[42]  Stephen N. Freund,et al.  Type-based race detection for Java , 2000, PLDI '00.

[43]  William W. Collier,et al.  Reasoning about parallel architectures , 1992 .

[44]  David F. Bacon,et al.  Guava: a dialect of Java without data races , 2000, OOPSLA '00.

[45]  Rob Gerth Sequential consistency and the lazy caching algorithm , 1999, Distributed Computing.

[46]  Klaus Havelund,et al.  Model checking JAVA programs using JAVA PathFinder , 2000, International Journal on Software Tools for Technology Transfer.

[47]  Robert H. B. Netzer,et al.  Pace condition detection for debugging shared-memory parallel programs , 1992 .

[48]  Leslie Lamport,et al.  Time, clocks, and the ordering of events in a distributed system , 1978, CACM.

[49]  Barton P. Miller,et al.  Detecting Data Races on Weak Memory Systems , 1991, ISCA.

[50]  James C. Corbett,et al.  Evaluating Deadlock Detection Methods for Concurrent Software , 1996, IEEE Trans. Software Eng..

[51]  Rida A. Bazzi,et al.  The power of processor consistency , 1993, SPAA '93.

[52]  Assaf Schuster,et al.  Java consistency: nonoperational characterizations for Java memory behavior , 2000, TOCS.

[53]  Yue Yang,et al.  Analyzing the Intel Itanium Memory Ordering Rules Using Logic Programming and SAT , 2003, CHARME.

[54]  Yue Yang,et al.  UMM: an operational memory model specification framework with integrated model checking capability , 2005, Concurr. Pract. Exp..

[55]  James R. Larus,et al.  Protocol-based data-race detection , 1998, SPDT '98.

[56]  Thomas R. Gross,et al.  Object race detection , 2001, OOPSLA '01.

[57]  Gil Neiger,et al.  Causal memory: definitions, implementation, and programming , 1995, Distributed Computing.

[58]  Richard J. Lipton,et al.  Reduction: a method of proving properties of parallel programs , 1975, CACM.

[59]  Vicente Cholvi-Juan Formalizing Memory Coherency Models , 1994 .

[60]  William Pugh Fixing the Java memory model , 1999, JAVA '99.

[61]  Alba Cristina Magalhaes Alves de Melo,et al.  Visual-MCM: Visualising Execution Histories on Multiple Memory Consistency Models , 1999, ACPC.

[62]  Xiaowei Shen,et al.  Improving the Java memory model using CRF , 2000, OOPSLA '00.

[63]  Martin C. Rinard,et al.  A parameterized type system for race-free Java programs , 2001, OOPSLA '01.

[64]  Yue Yang,et al.  QB or Not QB: An Efficient Execution Verification Tool for Memory Orderings , 2004, CAV.

[65]  David L Weaver,et al.  The SPARC architecture manual : version 9 , 1994 .

[66]  Alan L. Cox,et al.  Lazy release consistency for software distributed shared memory , 1992, ISCA '92.

[67]  William Pugh,et al.  Core semantics of multithreaded Java , 2001, JGI '01.

[68]  Barbara G. Ryder,et al.  Points-to analysis for Java using annotated constraints , 2001, OOPSLA '01.

[69]  Cormac Flanagan,et al.  Automatic Software Model Checking Using CLP , 2003, ESOP.

[70]  Eugene Goldberg,et al.  BerkMin: A Fast and Robust Sat-Solver , 2002, Discret. Appl. Math..

[71]  Edith Schonberg,et al.  Detecting access anomalies in programs with critical sections , 1991, PADD '91.

[72]  Yue Yang,et al.  Specifying Java thread semantics using a uniform memory model , 2002, JGI '02.

[73]  Sharad Malik,et al.  The Quest for Efficient Boolean Satisfiability Solvers , 2002, CAV.

[74]  Nigel Warren,et al.  Java in practice : design styles and idioms for effective Java , 1999 .

[75]  Peter J. Keleher,et al.  Online data-race detection via coherency guarantees , 1996, OSDI '96.