ABSTRACT
We describe an automatic verification method to check whether transactional memories ensure strict serializability a key property assumed of the transactional interface. Our main contribution is a technique for effectively verifying parameterized systems. The technique merges ideas from parameterized hardware and protocol verification--verification by invisible invariants and symmetry reduction--with ideas from software verification--template-based invariant generation and satisfiability checking for quantified formulæ (modulo theories). The combination enables us to precisely model and analyze unbounded systems while taming state explosion.
Our technique enables automated proofs that two-phase locking (TPL), dynamic software transactional memory (DSTM), and transactional locking II (TL2) systems ensure strict serializability. The verification is challenging since the systems are unbounded in several dimensions: the number and length of concurrently executing transactions, and the size of the shared memory they access, have no finite limit. In contrast, state-of-the-art software model checking tools such as BLAST and TVLA are unable to validate either system, due to inherent expressiveness limitations or state explosion.
- K. R. Apt and D. Kozen. Limits for automatic verification of finite-state concurrent systems. Inf. Process. Lett., 22 (6): 307--309, 1986. Google ScholarDigital Library
- T. Arons, A. Pnueli, S. Ruah, J. Xu, and L. D. Zuck. Parameterized verification with automatically computed inductive assertions. In CAV, pages 221--234, 2001. Google ScholarDigital Library
- T. Ball and S. K. Rajamani. The SLAM project: debugging system software via static analysis. In POPL, pages 1--3, 2002. Google ScholarDigital Library
- J. Berdine, T. Lev-Ami, R. Manevich, G. Ramalingam, and S. Sagiv. Thread quantification for concurrent shape analysis. In CAV, pages 399--413, 2008. Google ScholarDigital Library
- D. Beyer, T. A. Henzinger, R. Majumdar, and A. Rybalchenko. Invariant synthesis for combined theories. In VMCAI, pages 378--394, 2007. Google ScholarDigital Library
- A. Cohen, J. W. O'Leary, A. Pnueli, M. R. Tuttle, and L. D. Zuck. Verifying correctness of transactional memories. In FMCAD, pages 37--44, 2007. Google ScholarDigital Library
- A. Cohen, A. Pnueli, and L. D. Zuck. Mechanical verification of transactional memories with non-transactional memory accesses. In CAV, pages 121--134, 2008. Google ScholarDigital Library
- S. Sankaranarayanan, and H. Sipma. Linear invariant generation using non-linear constraint solving. In CAV, pages 420--432, 2003.Google Scholar
- L. M. de Moura and N. Bjørner. Z3: An efficient SMT solver. In TACAS, pages 337--340, 2008. Google ScholarDigital Library
- D. Dice, O. Shalev, and N. Shavit. Transactional locking II. In DISC, pages 194--208, 2006. Google ScholarDigital Library
- D. L. Dill, A. J. Hu, and H. Wong-Toi. Checking for language inclusion using simulation preorders. In CAV, pages 255--265, 1991. Google ScholarDigital Library
- R. Guerraouić, and M. Kapalka. Dividing transactional memories by zero. In TRANSACT, 2008.Google Scholar
- B. Dutertre and L. de Moura. The YICES SMT solver. http://yices.csl.sri.com.Google Scholar
- M. D. Ernst, J. H. Perkins, P. J. Guo, S. McCamant, C. Pacheco, M. S. Tschantz, and C. Xiao. The Daikon system for dynamic detection of likely invariants. Sci. Comput. Program., 69 (1--3): 35--45, 2007. Google ScholarDigital Library
- R. Guerraoui, T. A. Henzinger, B. Jobstmann, and V. Singh. Model checking transactional memories. In PLDI, pages 372--382, 2008. Google ScholarDigital Library
- R. Guerraoui, T. A. Henzinger, and V. Singh. Completeness and nondeterminism in model checking transactional memories. In CONCUR, pages 21--35, 2008. Google ScholarDigital Library
- R. Guerraoui, T. A. Henzinger, and V. Singh. Software transactional memory on relaxed memory models. In CAV, pages 321--336, 2009. Google ScholarDigital Library
- T. A. Henzinger, R. Jhala, R. Majumdar, and G. Sutre. Lazy abstraction. In POPL, pages 58--70, 2002. Google ScholarDigital Library
- M. Herlihy and J. E. B. Moss. Transactional memory: Architectural support for lock-free data structures. In ISCA, pages 289--300, 1993. Google ScholarDigital Library
- M. Herlihy, V. Luchangco, M. Moir, and W. N. S. III. Software transactional memory for dynamic-sized data structures. In PODC, pages 92--101, 2003. Google ScholarDigital Library
- S. Kleene. Introduction to Metamathematics. North Holland, 1980.Google Scholar
- L. Lamport. Specifying concurrent program modules. ACM Trans. Program. Lang. Syst., 5 (2): 190--222, 1983. Google ScholarDigital Library
- J. R. Larus and R. Rajwar. Transactional Memory. Morgan & Claypool Publishers, 2006.Google ScholarCross Ref
- T. Lev-Ami and S. Sagiv. TVLA: A system for implementing static analyses. In SAS, pages 280--301, 2000. Google ScholarDigital Library
- Z. Manna and A. Pnueli. The Temporal Logic of Reactive and Concurrent Systems: Specification. Springer-Verlag, 1992. Google ScholarDigital Library
- K. L. McMillan. Verification of infinite state systems by compositional model checking. In CHARME, pages 219--234, 1999. Google ScholarDigital Library
- C. H. Papadimitriou. The serializability of concurrent database updates. J. ACM, 26 (4): 631--653, 1979. Google ScholarDigital Library
- A. Pnueli, S. Ruah, and L. D. Zuck. Automatic deductive verification with invisible invariants. In TACAS, pages 82--97, 2001. Google ScholarDigital Library
- J. Reineke. Shape analysis of sets. Master's thesis, Universität des Saarlandes, Germany, June 2005.Google Scholar
- J. C. Reynolds. Separation logic: A logic for shared mutable data structures. In LICS, pages 55--74, 2002. Google ScholarDigital Library
- S. Sagiv, T. W. Reps, and R. Wilhelm. Parametric shape analysis via 3-valued logic. ACM Trans. Program. Lang. Syst., 24 (3): 217--298, 2002. Google ScholarDigital Library
- S. Srivastava and S. Gulwani. Program verification using templates over predicate abstraction. In PLDI, pages 223--234, 2009. Google ScholarDigital Library
- S. Tasiran. A compositional method for verifying software transactional memory implementations. Technical Report MSR-TR-2008-56, Microsoft Research, April 2008.Google Scholar
- C. Weidenbach, D. Dimova, A. Fietzke, R. Kumar, M. Suda, and P. Wischnewski. SPASS version 3.5. In CADE, pages 140--145, 2009. Google ScholarDigital Library
- H. Yang, O. Lee, J. Berdine, C. Calcagno, B. Cook, D. Distefano, and P. W. O'Hearn. Scalable shape analysis for systems code. In CAV, pages 385--398, 2008. Google ScholarDigital Library
- K. Zee, V. Kuncak, and M. C. Rinard. Full functional verification of linked data structures. In PLDI, pages 349--361, 2008. Google ScholarDigital Library
Index Terms
- Parameterized verification of transactional memories
Recommendations
Parameterized verification of transactional memories
PLDI '10We describe an automatic verification method to check whether transactional memories ensure strict serializability a key property assumed of the transactional interface. Our main contribution is a technique for effectively verifying parameterized ...
Grasping the gap between blocking and non-blocking transactional memories
Transactional memory (TM) is an inherently optimistic abstraction: it allows concurrent processes to execute sequences of shared-data accesses (transactions) speculatively, with an option of aborting them in the future. Early TM designs avoided using ...
Comments