skip to main content

Model checking for a multi-execution memory model

Published:31 October 2022Publication History
Skip Abstract Section

Abstract

Multi-execution memory models, such as Promising and Weakestmo, are an advanced class of weak memory consistency models that justify certain outcomes of a concurrent program by considering multiple candidate executions collectively. While this key characteristic allows them to support effective compilation to hardware models and a wide range of compiler optimizations, it makes reasoning about them substantially more difficult. In particular, we observe that Promising and Weakestmo inhibit effective model checking because they allow some suprisingly weak behaviors that cannot be generated by examining one execution at a time.

We therefore introduce Weakestmo2, a strengthening of Weakestmo by constraining its multi-execution nature, while preserving the important properties of Weakestmo: DRF theorems, compilation to hardware models, and correctness of local program transformations. Our strengthening rules out a class of surprisingly weak program behaviors, which we attempt to characterize with the help of two novel properties: load buffering race freedom and certification locality. In addition, we develop WMC, a model checker for Weakestmo2 with performance close to that of the best tools for per-execution models.

References

  1. Parosh Aziz Abdulla, Stavros Aronis, Mohamed Faouzi Atig, Bengt Jonsson, Carl Leonardsson, and Konstantinos Sagonas ( 2015a ). “Stateless model checking for TSO and PSO.” In: TACAS 2015. Vol. 9035. LNCS. Berlin, Heidelberg: Springer, pp. 353-367. https://doi.org/10.1007/978-3-662-46681-0_28. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Parosh Aziz Abdulla, Stavros Aronis, Bengt Jonsson, and Konstantinos Sagonas ( 2014 ). “Optimal dynamic partial order reduction.” In: POPL 2014. New York, NY, USA: ACM, pp. 373-384. https://doi.org/10.1145/2535838.2535845. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Parosh Aziz Abdulla, Mohamed Faouzi Atig, Adwait Godbole, S. Krishna, and Viktor Vafeiadis ( 2021 ). “The Decidability of Verification under PS 2.0.” In: ESOP 2021. Ed. by Nobuko Yoshida. Cham: Springer International Publishing, pp. 1-29. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Parosh Aziz Abdulla, Mohamed Faouzi Atig, Bengt Jonsson, and Carl Leonardsson ( 2016 ). “Stateless model checking for POWER.” In: CAV 2016. Vol. 9780. LNCS. Berlin, Heidelberg: Springer, pp. 134-156. https://doi.org/10.1007/978-3-319-41540-6_8. Google ScholarGoogle ScholarCross RefCross Ref
  5. Parosh Aziz Abdulla, Mohamed Faouzi Atig, Bengt Jonsson, and Tuan Phong Ngo (Oct. 2018 ). “Optimal stateless model checking under the release-acquire semantics.” In: Proc. ACM Program. Lang. 2.OOPSLA, 135 : 1-135 : 29. https://doi.org/10. 1145/3276505. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Parosh Aziz Abdulla, Mohamed Faouzi Atig, and Ngo Tuan Phong (2015b). “The best of both worlds: Trading eficiency and optimality in fence insertion for TSO.” In: ESOP 2015. Vol. 9032. LNCS. Springer, pp. 308-332. https://doi.org/10.1007/978-3-662-46669-8_13. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Sarita V. Adve and Kourosh Gharachorloo (Dec. 1996 ). “Shared memory consistency models: A tutorial.” In: IEEE Comput. 29.12, pp. 66-76. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Jade Alglave and Patrick Cousot ( 2017 ). “Ogre and Pythia: an invariance proof method for weak consistency models.” In: POPL 2017. Ed. by Giuseppe Castagna and Andrew D. Gordon. ACM, pp. 3-18. url: http://dl.acm.org/citation.cfm?id= 3009883. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Jade Alglave, Daniel Kroening, and Michael Tautschnig ( 2013 ). “Partial orders for eficient bounded model checking of concurrent software.” In: CAV 2013. Vol. 8044. LNCS. Berlin, Heidelberg: Springer, pp. 141-157. https://doi.org/10.1007/978-3-642-39799-8_9. Google ScholarGoogle ScholarCross RefCross Ref
  10. Jade Alglave, Luc Maranget, and Michael Tautschnig ( July 2014 ). “Herding cats: Modelling, simulation, testing, and data mining for weak memory.” In: ACM Trans. Program. Lang. Syst. 36.2, 7 : 1-7 : 74. https://doi.org/10.1145/2627752. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. J. Barnat, L. Brim, and V. Havel ( July 2013 ). “LTL model checking of parallel programs with under-approximated TSO memory model.” In: ACSD 2013, pp. 51-59. https://doi.org/10.1109/ACSD. 2013. 8. Google ScholarGoogle ScholarCross RefCross Ref
  12. Mark Batty, Kayvan Memarian, Kyndylan Nienhuis, Jean Pichon-Pharabod, and Peter Sewell ( 2015 ). “ The problem of programming language concurrency semantics.” In: ESOP 2015. Vol. 9032. LNCS. Berlin, Heidelberg: Springer, pp. 283-307. url: http://dx.doi.org/10.1007/978-3-662-46669-8_12. Google ScholarGoogle ScholarCross RefCross Ref
  13. Mark Batty, Scott Owens, Susmit Sarkar, Peter Sewell, and Tjark Weber ( 2011 ). “ Mathematizing C ++ concurrency.” In: POPL 2011. Austin, Texas, USA: ACM, pp. 55-66. https://doi.org/10.1145/1926385.1926394. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Ahmed Bouajjani, Egor Derevenetc, and Roland Meyer ( 2013 ). “Checking and enforcing robustness against TSO.” In: ESOP 2013. Vol. 7792. LNCS. Springer, pp. 533-553. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Soham Chakraborty and Viktor Vafeiadis (Jan. 2019 ). “Grounding thin-air reads with event structures.” In: Proc. ACM Program. Lang. 3.POPL, 70 : 1-70 : 28. https://doi.org/10.1145/3290383. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Brian Demsky and Patrick Lam ( 2015 ). “SATCheck: SAT-directed stateless model checking for SC and TSO.” In: OOPSLA 2015. Pittsburgh, PA, USA: ACM, pp. 20-36. https://doi.org/10.1145/2814270.2814297. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Marko Doko and Viktor Vafeiadis ( 2016 ). “A Program Logic for C11 Memory Fences.” In: VMCAI 2016. Ed. by Barbara Jobstmann and K. Rustan M. Leino. Vol. 9583. LNCS. Springer, pp. 413-430. https://doi.org/10.1007/978-3-662-49122-5_20. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Marko Doko and Viktor Vafeiadis ( 2017 ). “Tackling Real-Life Relaxed Concurrency with FSL++.” In: ESOP 2017. Ed. by Hongseok Yang. Vol. 10201. LNCS. Springer, pp. 448-475. https://doi.org/10.1007/978-3-662-54434-1_17. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Cormac Flanagan and Patrice Godefroid ( 2005 ). “Dynamic partial-order reduction for model checking software.” In: POPL 2005. New York, NY, USA: ACM, pp. 110-121. https://doi.org/10.1145/1040305.1040315. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Shiyou Huang and Jef Huang ( 2016 ). “Maximal Causality Reduction for TSO and PSO.” In: CONF_OOPSLA 2016. New York, NY, USA: ACM, pp. 447-461. https://doi.org/10.1145/2983990.2984025. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Radha Jagadeesan, Alan Jefrey, and James Riely (Nov. 2020 ). “Pomsets with preconditions: A simple model of relaxed memory.” In: JNL_PACMPL 4.OOPSLA. https://doi.org/10.1145/3428262. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Alan Jefrey and James Riely ( 2016 ). “ On thin air reads: Towards an event structures model of relaxed memory.” In: CONF_LICS 2016. New York, NY, USA: ACM, pp. 759-767. https://doi.org/10.1145/2933575.2934536. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Alan Jefrey, James Riely, Mark Batty, Simon Cooksey, Ilya Kaysin, and Anton Podkopaev ( 2022 ). “ The leaky semicolon: Compositional semantic dependencies for relaxed-memory concurrency.” In: JNL_PACMPL 6.POPL, pp. 1-30. https: //doi.org/10.1145/3498716. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Jan-Oliver Kaiser, Hoang-Hai Dang, Derek Dreyer, Ori Lahav, and Viktor Vafeiadis ( 2017 ). “Strong Logic for Weak Memory: Reasoning About Release-Acquire Consistency in Iris.” In: CONF_ECOOP 2017. Vol. 74. Dagstuhl, Germany: Schloss Dagstuhl-Leibniz-Zentrum fuer Informatik, 17 : 1-17 : 29. https://doi.org/10.4230/LIPIcs.ECOOP. 2017. 17. Google ScholarGoogle ScholarCross RefCross Ref
  25. Jeehoon Kang, Chung-Kil Hur, Ori Lahav, Viktor Vafeiadis, and Derek Dreyer ( 2017 ). “A promising semantics for relaxedmemory concurrency.” In: CONF_POPL 2017. Paris, France: ACM, pp. 175-189. https://doi.org/10.1145/3009837.3009850. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Michalis Kokologiannakis, Ori Lahav, Konstantinos Sagonas, and Viktor Vafeiadis (Dec. 2017 ). “Efective stateless model checking for C/C++ concurrency.” In: Proc. ACM Program. Lang. 2.POPL, 17 : 1-17 : 32. https://doi.org/10.1145/3158105. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Michalis Kokologiannakis, Azalea Raad, and Viktor Vafeiadis ( 2019 ). “Model checking for weakly consistent libraries.” In: PLDI 2019. New York, NY, USA: ACM. https://doi.org/10.1145/3314221.3314609. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Michalis Kokologiannakis and Viktor Vafeiadis ( 2020 ). “HMC: Model checking for hardware memory models.” In: ASPLOS 2020. ASPLOS '20. Lausanne, Switzerland: ACM, pp. 1157-1171. https://doi.org/10.1145/3373376.3378480. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. Michalis Kokologiannakis and Viktor Vafeiadis ( 2021 ). “GenMC: A model checker for weak memory models.” In: CAV 2021. Ed. by Alexandra Silva and K. Rustan M. Leino. Vol. 12759. LNCS. Springer, pp. 427-440. https://doi.org/10.1007/978-3-030-81685-8_20. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. Ori Lahav, Viktor Vafeiadis, Jeehoon Kang, Chung-Kil Hur, and Derek Dreyer ( 2017 ). “Repairing sequential consistency in C/C++ 11.” In: PLDI 2017. Barcelona, Spain: ACM, pp. 618-632. https://doi.org/10.1145/3062341.3062352. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. Leslie Lamport (Sept. 1979 ). “How to Make a Multiprocessor Computer that Correctly Executes Multiprocess Programs.” In: IEEE Trans. Computers 28.9, pp. 690-691. https://doi.org/10.1109/TC. 1979. 1675439. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Sung-Hwan Lee, Minki Cho, Anton Podkopaev, Soham Chakraborty, Chung-Kil Hur, Ori Lahav, and Viktor Vafeiadis ( 2020 ). “Promising 2.0: Global optimizations in relaxed memory concurrency.” In: PLDI 2020. Ed. by Alastair F. Donaldson and Emina Torlak. ACM, pp. 362-376. https://doi.org/10.1145/3385412.3386010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Jeremy Manson, William Pugh, and Sarita V. Adve ( 2005 ). “The Java memory model.” In: POPL 2005. ACM, pp. 378-391. https://doi.org/10.1145/1040305.1040336. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. Evgenii Moiseenko, Michalis Kokologiannakis, and Viktor Vafeiadis ( 2022 ). Model Checking for a Multi-Execution Memory Model (Supplementary Material). url: https://plv.mpi-sws.org/wmc/. Google ScholarGoogle Scholar
  35. Evgenii Moiseenko, Anton Podkopaev, Ori Lahav, Orestis Melkonian, and Viktor Vafeiadis ( 2020 ). “Reconciling Event Structures with Modern Multiprocessors.” In: ECOOP 2020. Vol. 166. Leibniz International Proceedings in Informatics (LIPIcs). Dagstuhl, Germany: Schloss Dagstuhl-Leibniz-Zentrum für Informatik, 5 : 1-5 : 26. https://doi.org/10.4230/LIPIcs. ECOOP. 2020. 5. Google ScholarGoogle ScholarCross RefCross Ref
  36. Brian Norris and Brian Demsky ( 2013 ). “CDSChecker: Checking concurrent data structures written with C/C++ atomics.” In: OOPSLA 2013. ACM, pp. 131-150. https://doi.org/10.1145/2509136.2509514. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. Jonas Oberhauser et al. ( 2021 ). “VSync: Push-Button Verification and Optimization for Synchronization Primitives on Weak Memory Models.” In: ASPLOS 2021. Virtual, USA: ACM, pp. 530-545. https://doi.org/10.1145/3445814.3446748. Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. Peizhao Ou and Brian Demsky (Oct. 2018 ). “Towards Understanding the Costs of Avoiding Out-of-Thin-Air Results.” In: Proc. ACM Program. Lang. 2.OOPSLA. https://doi.org/10.1145/3276506. Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. Scott Owens, Susmit Sarkar, and Peter Sewell ( 2009 ). “A better x86 memory model: x86-TSO.” In: TPHOLs 2009. Munich, Germany: Springer, pp. 391-407. https://doi.org/10.1007/978-3-642-03359-9_27. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. Marco Paviotti, Simon Cooksey, Anouk Paradis, Daniel Wright, Scott Owens, and Mark Batty ( 2020 ). “Modular relaxed dependencies in weak memory concurrency.” In: ESOP 2020. Ed. by Peter Müller. Vol. 12075. LNCS. Springer, pp. 599-625. https://doi.org/10.1007/978-3-030-44914-8_22. Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. Jean Pichon-Pharabod and Peter Sewell ( 2016 ). “A concurrency semantics for relaxed atomics that permits optimisation and avoids thin-air executions.” In: POPL 2016. St. Petersburg, FL, USA: ACM, pp. 622-633. https://doi.org/10.1145/2837614. 2837616. Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. Anton Podkopaev, Ori Lahav, and Viktor Vafeiadis (Jan. 2019 ). “Bridging the gap between programming languages and hardware weak memory models.” In: Proc. ACM Program. Lang. 3.POPL, 69 : 1-69 : 31. https://doi.org/10.1145/3290382. Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. Christopher Pulte, Shaked Flur, Will Deacon, Jon French, Susmit Sarkar, and Peter Sewell ( 2018 ). “Simplifying ARM concurrency: Multicopy-atomic axiomatic and operational models for ARMv8.” In: Proc. ACM Program. Lang. 2.POPL, 19 : 1-19 : 29. https://doi.org/10.1145/3158107. Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. Christopher Pulte, Jean Pichon-Pharabod, Jeehoon Kang, Sung-Hwan Lee, and Chung-Kil Hur ( 2019 ). “Promising-ARM/RISCV: A simpler and faster operational concurrency model.” In: PLDI 2019. Phoenix, AZ, USA: ACM, pp. 1-15. https : //doi.org/10.1145/3314221.3314624. Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. Tom Ridge ( 2010 ). “A rely-guarantee proof system for x86-TSO.” In: VSTTE 2010. Vol. 6217. LNCS. Springer, pp. 55-70. Google ScholarGoogle Scholar
  46. rmem ( 2009 ). rmem: Executable concurrency models for ARMv8, RISC-V, Power, and x86. url: https://github.com/remsproject/rmem (visited on Aug. 24, 2019 ). Google ScholarGoogle Scholar
  47. Filip Sieczkowski, Kasper Svendsen, Lars Birkedal, and Jean Pichon-Pharabod ( 2015 ). “A separation logic for fictional sequential consistency.” In: ESOP 2015. Vol. 9032. LNCS. Berlin, Heidelberg: Springer, pp. 736-761. Google ScholarGoogle ScholarCross RefCross Ref
  48. SV-COMP ( 2019 ). Competition on Software Verification (SV-COMP). url: https://sv-comp.sosy-lab.org/2019/ (visited on Mar. 27, 2019 ). Google ScholarGoogle Scholar
  49. Kasper Svendsen, Jean Pichon-Pharabod, Marko Doko, Ori Lahav, and Viktor Vafeiadis ( 2018 ). “A separation logic for a promising semantics.” In: ESOP 2018. Ed. by Amal Ahmed. Vol. 10801. LNCS. Springer, pp. 357-384. https://doi.org/10. 1007/978-3-319-89884-1_13. Google ScholarGoogle ScholarCross RefCross Ref
  50. Aaron Turon, Viktor Vafeiadis, and Derek Dreyer ( 2014 ). “GPS: Navigating weak memory with ghosts, protocols, and separation.” In: OOPSLA 2014. ACM, pp. 691-707. https://doi.org/10.1145/2660193.2660243. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Model checking for a multi-execution memory model

        Recommendations

        Comments

        Login options

        Check if you have access through your login credentials or your institution to get full access on this article.

        Sign in

        Full Access

        • Article Metrics

          • Downloads (Last 12 months)92
          • Downloads (Last 6 weeks)14

          Other Metrics

        PDF Format

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader
        About Cookies On This Site

        We use cookies to ensure that we give you the best experience on our website.

        Learn more

        Got it!