The ‘test model-checking’ approach to the verification of formal memory models of multiprocessors

Nalumasu, Ratan; Ghughal, Rajnish; Mokkedem, Abdelillah; Gopalakrishnan, Ganesh

doi:10.1007/bfb0028767

Cited by 22 publications

(15 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Another approach for debugging a memory model is the "test model-checking" methodology [19]. In this approach, a memory model is verified against a state machine that generates a non-deterministic sequence of writes and test for certain assertions.…”

Section: Related Workmentioning

confidence: 99%

Generating Litmus Tests for Contrasting Memory Consistency Models

Mador-Haim

Alur

Martin

2010

Computer Aided Verification

View full text Add to dashboard Cite

Abstract. Well-defined memory consistency models are necessary for writing correct parallel software. Developing and understanding formal specifications of hardware memory models is a challenge due to the subtle differences in allowed reorderings and different specification styles. To facilitate exploration of memory model specifications, we have developed a technique for systematically comparing hardware memory models specified using both operational and axiomatic styles. Given two specifications, our approach generates all possible multi-threaded programs up to a specified bound, and for each such program, checks if one of the models can lead to an observable behavior not possible in the other model. When the models differs, the tool finds a minimal "litmus test" program that demonstrates the difference. A number of optimizations reduce the number of programs that need to be examined. Our prototype implementation has successfully compared both axiomatic and operational specifications of six different hardware memory models. We describe two case studies: (1) development of a non-store atomic variant of an existing memory model, which illustrates the use of the tool while developing a new memory model, and (2) identification of a subtle specification mistake in a recently published axiomatic specification of TSO.

show abstract

Section: Related Workmentioning

confidence: 99%

Generating Litmus Tests for Contrasting Memory Consistency Models

Mador-Haim

Alur

Martin

2010

Computer Aided Verification

View full text Add to dashboard Cite

show abstract

“…Queries will be specified in a notation similar to test automata [25] which are finite state observers of computations. We will generate Boolean satisfiability instances out of putative queries, and using Boolean satisfiability tools [26] arrive at either an answer in the affirmative ("SAT") or explain why certain scenarios are impossible using unsatisfiability cores [27].…”

Section: Formal Modeling Of Mpimentioning

confidence: 99%

“…We have recently finished such a formal specification for the Intel Itanium shared memory and built a tool that helps users query the specification using specific (short) shared memory concurrent assembly programs that have embedded assertions [25]. If these assertions can be satisfied, our tool emits an interleaving of the concurrent assembly language instructions that can satisfy the assertions.…”

Section: Formal Modeling Of Mpimentioning

confidence: 99%

Toward reliable and efficient message passing software through formal analysis

Gopalakrishnan

Kirby

2006

Proceedings 20th IEEE International Parallel &Amp; Distributed Processing Symposium

View full text Add to dashboard Cite

The quest for high performance drives parallel scientific computing software design. Well over 60% of the high-performance computing (HPC) community writes programs using the MPI library; to gain performance, they are known to perform many manual optimizations. Even tools that accept high level descriptions often generate MPI code, due to its eminent portability. However, since the overall performance of a program does not usually port (due to variations in the target architecture, cluster size, etc.), manual changes to the code are inevitable in today's approaches to MPI programming and optimization. This, together with the vastness and evolving nature of the MPI standard, and the innate complexity of concurrent programming introduces costly bugs.Our research addresses these challenges through specific efforts in the following broad areas: (i) high level expression of the parallel algorithm and compilation thereof into optimized MPI programs, (ii) optimizations of user-written detailed MPI programs through localized transformations such as barrier removal, (iii) formal modeling of complex communication standards, such as the MPI-2 standard and a facility for answering putative queries (this need arises when standard documents are impossibly difficult to manually study in order to answer questions that are not explicitly addressed in the standard), (iv) formal modeling of new (and hence relatively less well understood) features of communication libraries, such as the one-sided communication facility of MPI-2, and (v) formal modeling of intricate control algorithms in these libraries such as the progress engine for TCP and/or shared memory in MPICH2 (a formal model can explicate commonalities, help formally verify, as well as help create better future implementations). Our research gains focus through * Supported in part by NSF award CNS-0509379 numerous collaborations.

show abstract

“…proach [18] could automatically verify SC. Subsequent research showed that it actually verifies a weaker class than SC [19].…”

Section: Condon and Hu's Approachmentioning

confidence: 99%

Toward a decidable notion of sequential consistency

Bingham

Condon

2003

Proceedings of the Fifteenth Annual ACM Symposium on Parallel Algorithms and Architectures

View full text Add to dashboard Cite

A memory model specifies a correctness requirement for a distributed shared memory protocol. Sequential consistency (SC) is the most widely researched model; previous work [1] has shown that, in general, the SC verification problem is undecidable. We identify two aspects of the formulation found in [1] that we consider to be highly unnatural; we call these non-prefix-closedness and prophetic inheritance. We conjecture that preclusion of such behavior yields a decidable version of SC, which we call decisive sequential consistency (DSC). We also introduce a structure called a view window (VW), which retains information about a protocol's history, and we define the notion of a VW-bound, which essentially bounds the size of the VWs needed to maintain DSC. We prove that the class of DSC protocols with VW-bound k is decidable; left conjectured is the hypothesis that all DSC protocols have such a bound, and further that the bound is computable from the protocol description. This hypothesis is true for all real protocols known to us; we verify its truth for the Lazy Caching protocol [2].

show abstract

The ‘test model-checking’ approach to the verification of formal memory models of multiprocessors

Cited by 22 publications

References 18 publications

Generating Litmus Tests for Contrasting Memory Consistency Models

Generating Litmus Tests for Contrasting Memory Consistency Models

Toward reliable and efficient message passing software through formal analysis

Toward a decidable notion of sequential consistency

Contact Info

Product

Resources

About