Simon Doherty
Abstract
Abstract
Over the last decade, great progress has been made in developing practical transactional memory (TM) implementations, but relatively little attention has been paid to precisely specifying what it means for them to be correct, or formally proving that they are. In this paper, we present TMS1 (Transactional Memory Specification 1), a precise specification of correct behaviour of a TM runtime library. TMS1 targets TM runtimes used to implement transactional features in an unmanaged programming language such as C or C++. In such contexts, even transactions that ultimately abort must observe consistent states of memory; otherwise, unrecoverable errors such as divide-by-zero may occur before a transaction aborts, even in a correct program in which the error would not be possible if transactions were executed atomically. We specify TMS1 precisely using an I/O automaton (IOA). This approach enables us to also model TM implementations using IOAs and to construct fully formal and machine-checked correctness proofs for them using well established proof techniques and tools. We outline key requirements for a TM system. To avoid precluding any implementation that satisfies these requirements, we specify TMS1 to be as general as we can, consistent with these requirements. The cost of such generality is that the condition does not map closely to intuition about common TM implementation techniques, and thus it is difficult to prove that such implementations satisfy the condition. To address this concern, we present TMS2, a more restrictive condition that more closely reflects intuition about common TM implementation techniques. We present a simulation proof that TMS2 implements TMS1, thus showing that to prove that an implementation satisfies TMS1, it suffices to prove that it satisfies TMS2. We have formalised and verified this proof using the PVS specification and verification system.
- AA08 Aydonat U, Abdelrahmen T (2008) Serializability of transactions in software transactional memory. In: 3rd ACM workshop on transactional computing (TRANSACT)Google Scholar
- ABHI11 Semantics of transactional memory and automatic mutual exclusionACM Trans Program Lang Syst20113312:12:5010.1145/1889997.1889999Google ScholarDigital Library
- ATe09 Adl-Tabatabai A-R, Shpeisman T (eds) (2009) Draft specification of transactional language constructs for C++, version 1.0. http://labs.oracle.com/scalable/pubs/C++-transactional-constructs-1.0.pdfGoogle Scholar
- CDG05 Colvin R, Doherty S, Groves L (2005) Verifying concurrent data structures by simulation. In: Boiten E, Derrick J (eds) Proceedings of the refineNet workshop (REFINE). Electronic notes in theoretical computer science. Guildford, UKGoogle Scholar
- CGLM06 Colvin R, Groves L, Luchangco V, Moir M (2006) Formal verification of a lazy concurrent list-based set algorithm. In: Proceedings of the 18th international conference on computer aided verification (CAV), pp 475–488Google Scholar
- COP+07 Cohen A, O’Leary JW, Pnueli A, Tuttle MR, Zuck LD (2007) Verifying correctness of transactional memories. In: Proceedings of the formal methods in computer aided design (FMCAD), pp 37–44Google Scholar
- CPZ08 Cohen A, Pnueli A, Zuck LD (2008) Mechanical verification of transactional memories with non-transactional memory accesses. In: Proceedings of the 20th international conference on computer aided verification (CAV), pp 121–134Google Scholar
- DGLM04 Doherty S, Groves L, Luchangco V, Moir M (2004) Formal verification of a practical lock-free queue algorithm. In: Proceedings of the international conference on formal techniques for networked and distributed systems (FORTE), pp 97–114Google Scholar
- DGLM09 Doherty S, Groves L, Luchangco V, Moir M (2009) Towards formally specifying and verifying transactional memory. In: Proceedings of the refineNet workshop (REFINE). Electronic notes in theoretical computer science. http://labs.oracle.com/scalable/pubs/Refine09-TM-correctness.pdfGoogle Scholar
- DM09 Doherty S, Moir M (2009) Nonblocking algorithms and backward simulation. In: Proceedings of 23rd international conference on distributed computing (DISC)Google Scholar
- DSS06 Dice D, Shalev O, Shavit N (2006) Transactional locking II. In: Proceedings of the international conference on distributed computing (DISC), pp 194–208Google Scholar
- DSS10 Dalessandro L, Spear MF, Scott ML (2010) NOrec: streamlining STM by abolishing ownership records. In: Proceedings of the 15th ACM SIGPLAN symposium on principles and practice of parallel programming (PPoPP), pp 67–78Google Scholar
- GHJS08 Guerraoui R, Henzinger TA, Jobstmann B, Singh V (2008) Model checking transactional memories. In: Proceedings of the 2008 ACM SIGPLAN conference on programming language design and implementation (PLDI), pp 372–382Google Scholar
- GHS08 Guerraoui R, Henzinger TA, Singh V (2008) Completeness and nondeterminism in model checking transactional memories. In: Proceedings of the 19th international conference on concurrency theory (CONCUR), pp 21–35Google Scholar
- GHS09 Guerraoui R, Henzinger TA, Singh V (2009) Software transactional memory on relaxed memory models. In: Proceedings of the 21st international conference on computer aided verification (CAV), pp 321–336Google Scholar
- GK08 Guerraoui R, Kapalka M (2008) On the correctness of transactional memory. In: Proceedings of the 13th ACM SIGPLAN symposium on principles and practice of parallel programming (PPoPP), pp 175–184Google Scholar
- GK10 Guerraoui R, Kapałka M (2010) Principles of Transactional Memory. Synthesis Lectures on Distributed Computing Theory. Morgan Claypool, USAGoogle Scholar
- HK08 Herlihy M, Koskinen E (2008) Transactional boosting: a methodology for highly-concurrent transactional objects. In: Proceedings of the 13th ACM SIGPLAN symposium on principles and practice of parallel programming (PPoPP), pp 207–216Google Scholar
- HM93 Herlihy M, Moss JEB (1993) Transactional memory: architectural support for lock-free data structures. In: Proceedings of the 20th annual international symposium on computer architecture (ISCA)Google Scholar
- Hoa72 Hoare CAR (1972) Towards a theory of parallel programming. In: Operating systems techniques. Academic Press, New York, pp 61–71Google Scholar
- HSATH06 Hudson RL, Saha B, Adl-Tabatabai A-R, Hertzberg BC (2006) McRT-Malloc: a scalable transactional memory allocator. In: Proceedings of the 5th international symposium on memory management (ISMM), pp 74–83Google Scholar
- IdMR08 Imbs D, de Mendívil J, Raynal M (2008) On the consistency conditions of transactional memories. Technical Report 1917, Institut de Recherche en Informatique et Systèmes AalátoiresGoogle Scholar
- IdMR09 Imbs D, de Mendívil J, Raynal M (2009) Brief announcement: virtual world consistency, a new condition for STM systems. In: Proceedings of the 2009 ACM symposium on principles of distributed computing (PODC), pp 280–281Google Scholar
- LLM+09 Lev Y, Luchangco V, Marathe VJ, Moir M, Nussbaum D, Olszewski M (2009) Anatomy of a scalable software transactional memory. In: 4th ACM SIGPLAN workshop on transactional computing (TRANSACT)Google Scholar
- LT87 Lynch N, Tuttle M (1987) Hierarchical correctness proofs for distributed algorithms. In: Proceedings of the 6th annual ACM symposium on principles of distributed computing (PODC), pp 137–151Google Scholar
- LT89 An introduction to input/output automataCWI Q1989221924610234720677.68067Google Scholar
- LV95 Forward and backward simulations, I: untimed systemsInf Comput1995121221423313485280834.6812310.1006/inco.1995.1134Google ScholarDigital Library
- MG08 Moore KF, Grossman D (2008) High-level small step operational semantics for transactions. In: Proceedings of the 35th annual ACM symposium on principles of prgoramming languages (POPL)Google Scholar
- MH06 Nested transactional memory: model and architecture sketchesSci Comput Program200663218620122913941119.6804310.1016/j.scico.2006.05.010Google ScholarDigital Library
- OG76 An axiomatic proof technique for parallel programsActa Inform1976643193404135870312.6801110.1007/BF00268134Google ScholarDigital Library
- OST09 O’Leary J, Saha B, Tuttle MR (2009) Model checking transactional memory with Spin. In: Proceedings of the 29th IEEE international conference on distributed computing systems (ICDCS), pp 335–342Google Scholar
- Pap79 The serializability of concurrent database updatesJ ACM1979266316535455410419.6803610.1145/322154.322158Google ScholarDigital Library
- PVS The PVS specification and verification system. http://pvs.csl.sri.com/Google Scholar
- RRW08 Ramadan HE, Roy I, Witchel E (2008) Dependence-aware transactional memory for increased concurrency. In: Proceedings of the 41st annual IEEE/ACM international symposium on microarchitecture, pp 246–257Google Scholar
- SATH+06 Saha B, Adl-Tabatabai A-R, Hudson RL, Minh CC, Hertzberg B (2006) McRT-STM: a high performance software transactional memory system for a multi-core runtime. In: Proceedings of the 11th ACM SIGPLAN symposium on principles and practice of parallel programming (PPoPP), pp 187–197Google Scholar
- Sch92 Schneider F (1992) Introduction, special issue: specification of concurrent systems. Distrib Comput 6(1)Google Scholar
- Sco06 Scott ML (2006) Sequential specification of transactional memory semantics. In: 1st ACM SIGPLAN workshop on languages, compilers, and hardware support for transactional computing (TRANSACT)Google Scholar
- Sky09 SkySTM Interest Google Group (2009). http://groups.google.com/group/skystm-interestGoogle Scholar
Index Terms
- Towards formally specifying and verifying transactional memory
Recommendations
Towards Formally Specifying and Verifying Transactional Memory
We describe ongoing work in which we aim to formally specify a correctness condition for transactional memory (TM) called Weakest Reasonable Condition (WRC), and to facilitate fully formal and machine-checked proofs that TM implementations satisfy the ...
Towards transactional memory semantics for C++
SPAA '09: Proceedings of the twenty-first annual symposium on Parallelism in algorithms and architecturesTransactional memory (TM) eliminates many problems associated with lock-based synchronization. Over recent years, much progress has been made in software and hardware implementation techniques for TM. However, before transactional memory can be ...
Unbounded page-based transactional memory
Proceedings of the 2006 ASPLOS ConferenceExploiting thread level parallelism is paramount in the multicore era. Transactions enable programmers to expose such parallelism by greatly simplifying the multi-threaded programming model. Virtualized transactions (unbounded in space and time) are ...
Comments