ABSTRACT
Model checking software transactional memories (STMs) is difficult because of the unbounded number, length, and delay of concurrent transactions and the unbounded size of the memory. We show that, under certain conditions, the verification problem can be reduced to a finite-state problem, and we illustrate the use of the method by proving the correctness of several STMs, including two-phase locking, DSTM, TL2, and optimistic concurrency control. The safety properties we consider include strict serializability and opacity; the liveness properties include obstruction freedom, livelock freedom, and wait freedom.
Our main contribution lies in the structure of the proofs, which are largely automated and not restricted to the STMs mentioned above. In a first step we show that every STM that enjoys certain structural properties either violates a safety or liveness requirement on some program with two threads and two shared variables, or satisfies the requirement on all programs. In the second step we use a model checker to prove the requirement for the STM applied to a most general program with two threads and two variables. In the safety case, the model checker constructs a simulation relation between two carefully constructed finite-state transition systems, one representing the given STM applied to a most general program, and the other representing a most liberal safe STM applied to the same program. In the liveness case, the model checker analyzes fairness conditions on the given STM transition system.
- J. H. Anderson, Y. Kim, and T. Herman. Shared-memory mutual exclusion: Major research trends since 1986. Distributed Computing, pages 75--110, 2003.]] Google Scholar
Digital Library
- R. Alur, K. L. McMillan, and D. Peled. Model-checking of correctness conditions for concurrent objects. Information and Computation, pages 167--188, 2000.]]Google Scholar
- S. Burckhardt, R. Alur, and M. M. K. Martin. Checkfence: checking consistency of concurrent data types on relaxed memory models. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), pages 12--21, 2007.]] Google Scholar
Digital Library
- M. C. Browne, E. M. Clarke, and O. Grumberg. Reasoning about networks with many identical finite state processes. Information and Computation, pages 13--31, 1989.]] Google Scholar
Digital Library
- J. R. Burch and D. L. Dill. Automatic verification of pipelined microprocessors control. In International Conference on Computer Aided Verification (CAV), pages 68--80. Springer, 1994.]] Google Scholar
Digital Library
- A. Cohen, J. O?Leary, A. Pnueli, M. R. Tuttle, and L. Zuck. Verifying correctness of transactional memories. In International Conference on Formal Methods in Computer-Aided Design (FMCAD), pages 37--44. IEEE Computer Society, 2007.]] Google Scholar
Digital Library
- D. Dice, O. Shalev, and N. Shavit. Transactional locking II. In International Symposium on Distributed Computing (DISC), pages 194--208. Springer, 2006.]] Google Scholar
Digital Library
- K. P. Eswaran, J. Gray, R. A. Lorie, and I. L. Traiger. The notions of consistency and predicate locks in a database system. Communications of the ACM, pages 624--633, 1976.]] Google Scholar
Digital Library
- K. Fraser and T. Harris. Concurrent programming without locks. ACM Transactions on Computer Systems, 2007.]] Google Scholar
Digital Library
- M. Flé and G. Roucairol. Maximal serializability of iterated transactions. Theoretical Computer Science, pages 1--16, 1985.]]Google Scholar
- R. Guerraoui and M. Kapalka. On the correctness of transactional memory. In ACM SIGPLAN Symposium on Principles and Practice of Parallel Programming (PPoPP), pages 175--184, 2008.]] Google Scholar
Digital Library
- G. Gopalakrishnan, Y. Yang, and H. Sivaraj. QB or Not QB: An efficient execution verification tool for memory orderings. In International Conference on Computer Aided Verification (CAV), pages 401--413. Springer, 2004.]]Google Scholar
Cross Ref
- M. Herlihy. Wait-free synchronization. ACM Transactions on Programming Languages and Systems, pages 124--149, 1991.]] Google Scholar
Digital Library
- M. R. Henzinger, T. A. Henzinger, and P. W. Kopke. Computing simulations on finite and infinite graphs. In IEEE Annual Symposium on Foundations of Computer Science (FOCS), pages 453--462, 1995.]] Google Scholar
Digital Library
- M. Herlihy, V. Luchangco, and M. Moir. Obstruction-free synchronization: Double-ended queues as an example. In International Conference on Distributed Computing Systems, pages 522--529. IEEE Computer Society, 2003.]] Google Scholar
Digital Library
- M. Herlihy, V. Luchangco, M. Moir, and W. N. Scherer. Software transactional memory for dynamic-sized data structures. In ACM SIGACT-SIGOPS Symposium on Principles of Distributed Computing (PODC), pages 92--101, 2003.]] Google Scholar
Digital Library
- M. Herlihy and J. E. B. Moss. Transactional memory: Architectural support for lock-free data structures. In International Symposium on Computer Architecture, pages 289--300. ACM Press, 1993.]] Google Scholar
Digital Library
- T. A. Henzinger, S. Qadeer, and S. K. Rajamani. Verifying sequential consistency on shared-memory multiprocessor systems. In International Conference on Computer Aided Verification (CAV), pages 301--315. Springer, 1999.]] Google Scholar
Digital Library
- H. T. Kung and J. T. Robinson. On optimistic methods for concurrency control. ACM Transactions on Database Systems, pages 213--226, 1981.]] Google Scholar
Digital Library
- J. R. Larus and R. Rajwar. Transactional Memory. Synthesis Lectures on Computer Architecture. Morgan & Claypool, 2007.]] Google Scholar
Digital Library
- R. Milner. An algebraic definition of simulation between programs. In International Joint Conference on Artificial Intelligence (IJCAI), pages 481--489. William Kaufmann, 1971.]]Google Scholar
Digital Library
- C. H. Papadimitriou. The serializability of concurrent database updates. Journal of the ACM, pages 631--653, 1979.]] Google Scholar
Digital Library
- S. Qadeer. Verifying sequential consistency on shared memory multiprocessors by model checking. IEEE Transactions on Parallel and Distributed Systems, pages 730--741, 2003.]] Google Scholar
Digital Library
- M. L. Scott. Sequential specification of transactional memory semantics. In ACM SIGPLAN Workshop on Languages, Compilers, and Hardware Support for Transactional Computing (TRANSACT), 2006.]]Google Scholar
- W. N. Scherer and M. L. Scott. Advanced contention management for dynamic software transactional memory. In ACM SIGACT-SIGOPS Symposium on Principles of Distributed Computing (PODC), pages 240--248, 2005.]] Google Scholar
Digital Library
- N. Shavit and D. Touitou. Software transactional memory. In ACM SIGACT-SIGOPS Symposium on Principles of Distributed Computing (PODC), pages 204--213, 1995.]] Google Scholar
Digital Library
Index Terms
Model checking transactional memories
Recommendations
Model checking transactional memories
Model checking transactional memories (TMs) is difficult because of the unbounded number, length, and delay of concurrent transactions, as well as the unbounded size of the memory. We show that, under certain conditions satisfied by most TMs we know of, ...
Model checking transactional memories
PLDI '08Model checking software transactional memories (STMs) is difficult because of the unbounded number, length, and delay of concurrent transactions and the unbounded size of the memory. We show that, under certain conditions, the verification problem can ...
Implementing and Evaluating a Model Checker for Transactional Memory Systems
ICECCS '10: Proceedings of the 2010 15th IEEE International Conference on Engineering of Complex Computer SystemsTransactional Memory (TM) is a promising technique that addresses the difficulty of parallel programming. Since TM takes responsibility for all concurrency control, TM systems are highly vulnerable to subtle correctness errors. Due to the difficulty of ...







Comments