ABSTRACT
Memory models are hard to reason about due to their complexity, which stems from the need to strike a balance between ease-of-programming and allowing compiler and hardware optimizations. In this paper, we present an automated tool, MemSAT, that helps in debugging and reasoning about memory models. Given an axiomatic specification of a memory model and a multi-threaded test program containing assertions, MemSAT outputs a trace of the program in which both the assertions and the memory model axioms are satisfied, if one can be found. The tool is fully automatic and is based on a SAT solver. If it cannot find a trace, it outputs a minimal subset of the memory model and program constraints that are unsatisfiable. We used MemSAT to check several existing memory models against their published test cases, including the current Java Memory Model by Manson et al. and a revised version of it by Sevcik and Aspinall. We found subtle discrepancies between what was expected and the actual results of test programs.
- S. V. Adve and K. Gharachorloo. Shared memory consistency models: A tutorial. Computer, 29(12):66--76, 1996. Google Scholar
Digital Library
- D. Aspinall and J. Sevcik. Formalising Java's data race free guarantee. In TPHOLs '07, pages 22--37, 2007. Google Scholar
Digital Library
- D. Aspinall and J. Sevcík. Java memory model examples: good, bad and ugly. In VAMP '07, Lisbon, Portugal, September 2007.Google Scholar
- S. Burckhardt, R. Alur, and M. M. K. Martin. CheckFence: checking consistency of concurrent data types on relaxed memory models. In PLDI '07, 2007. Google Scholar
Digital Library
- S. Burckhardt and M. Musuvathi. Effective program verification for relaxed memory models. In CAV '08, 2008. Google Scholar
Digital Library
- Causality test cases for the Java Memory Model. http://www.cs.umd.edu/~pugh/java/memoryModel/CausalityTestCases.html.Google Scholar
- A. De, A. Roychoudhury, and D. D'Souza. Java memory model aware software validation. In PASTE '08, 2008.Google Scholar
Digital Library
- D. Dill. The Murφ verification system. In CAV '96, 1996. Google Scholar
Digital Library
- J. Dolby, M. Vaziri, and F. Tip. Finding bugs efficiently with a SAT solver. In FSE '07, pages 195--204, 2007. Google Scholar
Digital Library
- N. Eén and N. Sörensson. An extensible SAT-solver. In SAT'03, 2003.Google Scholar
- G. Gopalakrishnan, Y. Yang, and H. Sivaraj. QB or Not QB: An efficient execution verification tool for memory orderings. In CAV '04, 2004.Google Scholar
Cross Ref
- J. Gosling, B. Joy, and G. Steele. The Java Specification Language. Addison-Wesley, 1996. Google Scholar
Digital Library
- Isabelle Theorem Prover. http://isabelle.in.tum.de/.Google Scholar
- D. Jackson. Software Abstractions: logic, language and analysis. MIT Press, 2006. Google Scholar
Digital Library
- JSR--133: Java memory model and thread specification revision. http://www.cs.umd.edu/~pugh/java/memoryModel.Google Scholar
- L. Lamport. How to make a multiprocessor computer that correctly executes multiprocess program. IEEE Trans. Comput., 28(9), 1979. Google Scholar
Digital Library
- J.-W. Maessen, Arvind, and X. Shen. Improving the Java Memory Model using CRF. In OOPSLA '00, 2000. Google Scholar
Digital Library
- J. Manson. The Java memory model. PhD thesis, University of Maryland, College Park, 2004. Google Scholar
Digital Library
- J. Manson, W. Pugh, and S. V. Adve. The Java memory model. In POPL '05, pages 378--391, New York, NY, USA, 2005. ACM. Google Scholar
Digital Library
- NemosFinder. http://www.cs.utah.edu/formal_verification/.Google Scholar
- W. Pugh. Fixing the Java memory model. In Java Grande '99, 1999. Google Scholar
Digital Library
- A. Roychoudhury and T. Mitra. Specifying multithreaded Java semantics for program verification. In ICSE '02, 2002. Google Scholar
Digital Library
- V. A. Saraswat, R. Jagadeesan, M. Michael, and C. von Praun. A theory of memory models. In PPoPP '07, pages 161--172, New York, NY, USA, 2007. ACM. Google Scholar
Digital Library
- S. Sarkar, P. Sewell, F. Z. Nardelli, S. Owens, T. Ridge, T. Braibant, M. O Myreen, and J. Alglave. The semantics of x86-CC multiprocessor machine code. In POPL '09, 2009. Google Scholar
Digital Library
- J. Sevcík and D. Aspinall. On validity of program transformations in the Java memory model. In ECOOP '08, 2008. Google Scholar
Digital Library
- E. Torlak. A constraint solver for software engineering: finding models and cores of large relational specifications. PhD thesis, MIT, 2009. Google Scholar
Digital Library
- E. Torlak, F. S.-H. Chang, and D. Jackson. Finding minimal unsatisfiable cores of declarative specifications. In FM '08, 2008. Google Scholar
Digital Library
- E. Torlak and D. Jackson. Kodkod: A relational model finder. In TACAS '07, 2007. Google Scholar
Digital Library
- Watson libraries for analysis (WALA). http://wala.sourceforge.net.Google Scholar
- The XSB logic programming system. http://xsb.sourceforge.net.Google Scholar
- Y. Yang, G. Gopalakrishnan, and G. Lindstrom. Analyzing the CRF Java memory model. In APSEC '01, 2001.Google Scholar
Cross Ref
- Y. Yang, G. Gopalakrishnan, and G. Lindstrom. Specifying Java thread semantics using a uniform memory model. In JGI '02, 2002. Google Scholar
Digital Library
- Y. Yang, G. Gopalakrishnan, G. Lindstrom, and K. Slind. Analyzing the Intel Itanium memory ordering rules using logic programming and SAT. In CHARME '03, 2003.Google Scholar
Cross Ref
- Y. Yang, G. Gopalakrishnan, G. Lindstrom, and K. Slind. Nemos: a framework for axiomatic and executable specifications of memory consistency models. In IPDPS '04, pages 26--30, 2004.Google Scholar
Cross Ref
Index Terms
MemSAT: checking axiomatic specifications of memory models
Recommendations
MemSAT: checking axiomatic specifications of memory models
PLDI '10Memory models are hard to reason about due to their complexity, which stems from the need to strike a balance between ease-of-programming and allowing compiler and hardware optimizations. In this paper, we present an automated tool, MemSAT, that helps ...
Beyond safety: customized SAT-based model checking
DAC '05: Proceedings of the 42nd annual Design Automation ConferenceModel checking of safety properties has taken a significant lead over non-safety properties in recent years. To bridge the gap, we propose dedicated SAT-based model checking algorithms for properties beyond safety. Previous bounded model checking (BMC) ...
Improved bounded model checking for the universal fragment of CTL
SAT-based bounded model checking (BMC) has been introduced as a complementary technique to BDD-based symbolic model checking in recent years, and a lot of successful work has been done in this direction. The approach was first introduced by A. Biere et ...







Comments