CSV 889: Concurrent Software Verification

Subodh SharmaIndian Institute of Technology Delhi

Relaxed Memory Effects and its Verification

Why Relaxed Memory

• Higher Performance• How? – Speculative execution, buffering, caching, etc.

This leads to nonintuitive executionVerification becomes difficult

TSO – Total Store Order

• Exhibited in x86 h/w• w-r relaxation (to different variables) • All writes are totally ordered

PSO – Total Store Order

• w-r relaxation + w-w relaxation too – to different variables

• All writes to the same variable are totally ordered

Effects of RMM on Stateless Model Checking

• Explosion in the number of interleavings– Why?

New bugs!

T1() { int a; x = 1; a = y; print (“%d”, a);}

T2() { y=1; b=x; print(“%d”, b); }

TSO

Effects of RMM on Stateless Model Checking

• Explosion in the number of interleavings– Why?

New bugs!

T1() { x = 1; y = 1; }

T2() { if(y==1) if(x==0) ERROR(); }

PSO

Not reachable under TSO or SC!

DPOR for TSO/PSO

• thread scheduling nondeterminism• store buffering nondeterminism

• Key ideas – buffer bounding for aggressive optimization – shadow threads to model buffered writes

Shadow Threads

Shadow Threads

Must HB order between buffered writes and flushes to the memory

BWs are omitted as they are thread local!

Shadow Threads for PSO

To model per-address store buffers in PSO – one shadow thread per var

Advantages

• No need to distinguish edges from scheduling and buffering nondeterminism!

Implies classical DPOR features are applicable!

Changes in DPOR Defs

• Enabled/Done/BT set: sets of pairs of

Changes in DPOR Defs

• Dependency Relation

Buffer Bounding

• Flushing of writes can be delayed for finitely many subsequent writes

Acknowledgements

DPOR for RMM by Zhang, Kusano, Wang: PLDI 2015