Model checking transactional memories

Guerraoui, Rachid; Henzinger, Thomas A.; Jobstmann, Barbara; Singh, Vasu

doi:10.1145/1375581.1375626

Cited by 37 publications

(21 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Although there are several works comparing and contrasting different correctness conditions for STM (including opacity) (e.g., [DGLM13,LLM12b,AGHR14]), there only a handful of papers that consider verification of the STM implementations themselves. A model checking approach is presented in [GHS10], however, the technique only considers conflicts between read and write operations in different transactions. More recently, Lesani has considered opacity verification of numerous algorithms [Les14], which includes techniques for reducing the problem of proving opacity into one of verifying a number of simpler invariants on the orders of events [LP14].…”

Section: Discussionmentioning

confidence: 99%

“…Model checking (e.g., [COP + 07]) is generally not suitable for our aims of rigorously verifying algorithms against all possible executions. One promising approach is by Guerraoui et al [GHS08,GHS10], who present a method for model checking opacity using a reduction theorem that lifts opacity (for two threads and two variables) to opacity (for an arbitrary number of processes and variables). However, their specifications do not consider the values that are read/written, and hence, the link to the definition of opacity in [GK10], which requires a memory semantics is unclear.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Mechanized proofs of opacity: a comparison of two techniques

et al. 2018

View full text Add to dashboard Cite

Software transactional memory (STM) provides programmers with a high-level programming abstraction for synchronization of parallel processes, allowing blocks of codes that execute in an interleaved manner to be treated as atomic blocks. This atomicity property is captured by a correctness criterion called opacity, which relates the behaviour of an STM implementation to those of a sequential atomic specification. In this paper, we prove opacity of a recently proposed STM implementation: the Transactional Mutex Lock (TML) by Dalessandro et al. For this, we employ two different methods: the first method directly shows all histories of TML to be opaque (proof by induction), using a linearizability proof of TML as an assistance; the second method shows TML to be a refinement of an existing intermediate specification called TMS2 which is known to be opaque (proof by simulation). Both proofs are carried out within interactive provers, the first with KIV and the second with both Isabelle and KIV. This allows to compare not only the proof techniques in principle, but also their complexity in mechanization. It turns out that the second method, already leveraging an existing proof of opacity of TMS2, allows the proof to be decomposed into two independent proofs in the way that the linearizability proof does not.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Mechanized proofs of opacity: a comparison of two techniques

et al. 2018

View full text Add to dashboard Cite

show abstract

“…While Bouajjani et al [5,14] consider the complexity for individual linearizable collection types, we are the first to establish (in)tractability of individual replicated data types. Others have developed effective consistency checking algorithms for sequential consistency [3,9,23,31], serializability [12,17,18,21], linearizability [10,16,28,37], and even weaker notions like eventual consistency [7] and sequential happens-before consistency [13,15]. In contrast, we are the first to establish precise polynomial-time algorithms for runtime verification of replicated data types.…”

Section: Related Workmentioning

confidence: 99%

On the Complexity of Checking Consistency for Replicated Data Types

Biswas

Emmi

Enea

2019

Computer Aided Verification

View full text Add to dashboard Cite

Recent distributed systems have introduced variations of familiar abstract data types (ADTs) like counters, registers, flags, and sets, that provide high availability and partition tolerance. These conflict-free replicated data types (CRDTs) utilize mechanisms to resolve the effects of concurrent updates to replicated data. Naturally these objects weaken their consistency guarantees to achieve availability and partition-tolerance, and various notions of weak consistency capture those guarantees. In this work we study the tractability of CRDT-consistency checking. To capture guarantees precisely, and facilitate symbolic reasoning, we propose novel logical characterizations. By developing novel reductions from propositional satisfiability problems, and novel consistencychecking algorithms, we discover both positive and negative results. In particular, we show intractability for replicated flags, sets, counters, and registers, yet tractability for replicated growable arrays. Furthermore, we demonstrate that tractability can be redeemed for registers when each value is written at most once, for counters when the number of replicas is fixed, and for sets and flags when the number of replicas and variables is fixed.

show abstract

“…snps(3) = prop 1 (3) ∧ prop 2 (3). Table 1 demonstrates the result of the state space of PS y (3) partitioned by snps (2). The first column lists the sets of equivalence class, while the second is the label of each equivalence class and its bit vector expression is shown in the last column.…”

Section: An Examplementioning

confidence: 99%

“…Model checking is an automatic technique for verifying finite state concurrent systems, which uses a finite state machine to describe the system under consideration and temporal logic to state the properties that the system must satisfy. This method has been used successfully in practice to verify complex software and hardware systems [1,2]. However, efficient verification of parameterized cache coherence protocols is one of the most challenging problems in verification domain today.…”

Section: Introductionmentioning

confidence: 99%

State space reduction in modeling checking parameterized cache coherence protocol by two-dimensional abstraction

Guo

Zhang

et al. 2012

J Supercomput

View full text Add to dashboard Cite

Scalability of cache coherence protocol is a key component in future shared-memory multi-core or multi-processor systems. The state space explosion is the first hurdle while applying model-checking to scalable protocols. In order to validate parameterized cache coherence protocols effectively, we present a new method of reducing the state space of parameterized systems, two-dimensional abstraction (TDA). Drawing inspiration from the design principle of parameterized systems, an abstract model of an unbounded system is constructed out of finite states. The mathematical principles underlying TDA is presented. Theoretical reasoning demonstrates that TDA is correct and sound. An example of parameterized cache coherence protocol based on MESI illustrates how to produce a much smaller abstract model by TDA. We also demonstrate the power of our method by applying it to various well-known classes of protocols. During the development of TH-1A supercomputer system, TDA was used to verify the coherence protocol in FT-1000 CPU and showed the potential advantages in reducing the verification complexity.

show abstract

Model checking transactional memories

Cited by 37 publications

References 30 publications

Mechanized proofs of opacity: a comparison of two techniques

Mechanized proofs of opacity: a comparison of two techniques

On the Complexity of Checking Consistency for Replicated Data Types

State space reduction in modeling checking parameterized cache coherence protocol by two-dimensional abstraction

Contact Info

Product

Resources

About