A Memory Model Sensitive Checker for C#

Modern concurrent programming languages like Java and C# have a programming language level memory model; it captures the set of all allowed behaviors of programs on any implementation platform — uni- or multi-processor. Such a memory model is typically weaker than Sequential Consistency and allows reordering of operations within a program thread. Therefore, programs verified correct by assuming Sequential Consistency (that is, each thread proceeds in program order) may not behave correctly on certain platforms! The solution to this problem is to develop program checkers which are memory model sensitive. In this paper, we develop such an invariant checker for the programming language C#. Our checker identifies program states which are reached only because the C# memory model is more relaxed than Sequential Consistency. Furthermore, our checker identifies (a) operation reorderings which cause such undesirable states to be reached, and (b) simple program modifications — by inserting memory barrier operations — which prevent such undesirable reorderings.

[1]  Egon Börger,et al.  An ASM Specification of C# Threads and the .NET Memory Model , 2004, Abstract State Machines.

[2]  Yue Yang,et al.  QB or Not QB: An Efficient Execution Verification Tool for Memory Orderings , 2004, CAV.

[3]  Matthew B. Dwyer,et al.  Using Static and Dynamic Escape Analysis To Enable Model Reductions in Model-Checking Concurrent Object-Oriented Programs ? , 2003 .

[4]  David L Weaver,et al.  The SPARC architecture manual : version 9 , 1994 .

[5]  Cormac Flanagan,et al.  Automatic Software Model Checking Using CLP , 2003, ESOP.

[6]  Robert H. B. Netzer Race condition detection for debugging of shared-memoryparallel programs , 1991 .

[7]  Douglas C. Schmidt,et al.  Double-Checked Locking An Optimization Pattern for Efficiently Initializing and Accessing Thread-safe Objects , 1998 .

[8]  Urs Hölzle,et al.  Removing unnecessary synchronization in Java , 1999, OOPSLA '99.

[9]  Barton P. Miller,et al.  What are race conditions?: Some issues and formalizations , 1992, LOPL.

[10]  Edith Schonberg,et al.  Detecting access anomalies in programs with critical sections , 1991, PADD '91.

[11]  Michel Raynal,et al.  Algorithms for mutual exclusion , 1986 .

[12]  Barbara G. Ryder,et al.  Points-to analysis for Java using annotated constraints , 2001, OOPSLA '01.

[13]  Yue Yang,et al.  Nemos: a framework for axiomatic and executable specifications of memory consistency models , 2004, 18th International Parallel and Distributed Processing Symposium, 2004. Proceedings..

[14]  Martin C. Rinard,et al.  A parameterized type system for race-free Java programs , 2001, OOPSLA '01.

[15]  Yue Yang,et al.  Analyzing the Intel Itanium Memory Ordering Rules Using Logic Programming and SAT , 2003, CHARME.

[16]  Jeremy Manson,et al.  The Java memory model , 2005, POPL '05.

[17]  Ganesh Gopalakrishnan,et al.  The 'Test Model-Checking' Approach to the Verification of Formal Memory Models of Multiprocessors , 1998, CAV.

[18]  James R. Larus,et al.  Protocol-based data-race detection , 1998, SPDT '98.

[19]  Leslie Lamport,et al.  How to Make a Multiprocessor Computer That Correctly Executes Multiprocess Programs , 2016, IEEE Transactions on Computers.

[20]  David F. Bacon,et al.  Guava: a dialect of Java without data races , 2000, OOPSLA '00.

[21]  Robert H. B. Netzer,et al.  Detecting data races on weak memory systems , 1991, [1991] Proceedings. The 18th Annual International Symposium on Computer Architecture.

[22]  Tulika Mitra,et al.  Specifying multithreaded Java semantics for program verification , 2002, ICSE '02.

[23]  Nicholas Sterling,et al.  WARLOCK - A Static Data Race Analysis Tool , 1993, USENIX Winter.

[24]  Laurie J. Hendren,et al.  Efficient Inference of Static Types for Java Bytecode , 2000, SAS.

[25]  Jong-Deok Choi,et al.  An efficient cache-based access anomaly detection scheme , 1991, ASPLOS IV.

[26]  Mark D. Hill,et al.  A Unified Formalization of Four Shared-Memory Models , 1993, IEEE Trans. Parallel Distributed Syst..

[27]  Peter J. Keleher,et al.  Online data-race detection via coherency guarantees , 1996, OSDI '96.

[28]  William W. Collier,et al.  Reasoning about parallel architectures , 1992 .

[29]  David L. Dill,et al.  Java model checking , 2000, Proceedings ASE 2000. Fifteenth IEEE International Conference on Automated Software Engineering.

[30]  W. Visser,et al.  Second Generation of a Java Model Checker , 2000 .

[31]  Thomas R. Gross,et al.  Object race detection , 2001, OOPSLA '01.

[32]  Ganesh Gopalakrishnan,et al.  Memory-Model-Sensitive Data Race Analysis , 2004, ICFEM.

[33]  Klaus Havelund,et al.  Model checking JAVA programs using JAVA PathFinder , 2000, International Journal on Software Tools for Technology Transfer.

[34]  Joxan Jaffar,et al.  Constraint logic programming , 1987, POPL '87.

[35]  D. R. Fulkerson,et al.  Maximal Flow Through a Network , 1956 .

[36]  William Pugh,et al.  The Java Memory Model Simulator , 2002 .

[37]  Michael Burrows,et al.  Eraser: a dynamic data race detector for multithreaded programs , 1997, TOCS.

[38]  Alexander Aiken,et al.  Detecting Races in Relay Ladder Logic Programs , 1998, TACAS.

[39]  William Pugh The Java memory model is fatally flawed , 2000 .

[40]  Stephen N. Freund,et al.  Type-based race detection for Java , 2000, PLDI '00.

[41]  Sarita V. Adve,et al.  Shared Memory Consistency Models: A Tutorial , 1996, Computer.

[42]  Tobias Nipkow Java Bytecode Verification , 2004, Journal of Automated Reasoning.

[43]  Matthew B. Dwyer,et al.  Bandera: extracting finite-state models from Java source code , 2000, Proceedings of the 2000 International Conference on Software Engineering. ICSE 2000 the New Millennium.