Context-Bounded Analysis for POWER

Abdulla, Parosh Aziz; Atig, Mohamed Faouzi; Bouajjani, Ahmed; Ngo, Tuan Phong

doi:10.1007/978-3-662-54580-5_4

Cited by 20 publications

(16 citation statements)

References 47 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…There are a number of existing concurrency model checking tools, none of which, however, apply to ARMv8 or RISC-V. Alglave et al [8] develop a model checking tool based on axiomatic models for some weaker models including RMO and Power, but not ARMv8, and it does not integrate a substantial ISA model. Abdulla et al [3][4][5] describe efficient model-checking algorithms for hardware models (TSO, PSO, and Power), proved sound for Power. They do not handle ARMv8; for their Nidhugg tool, ARM support is called "partial", under-approximating the behaviours [1], and they do not handle a (Power or ARM) ISA model, but a simple calculus.…”

Section: Related Workmentioning

confidence: 99%

Promising-ARM/RISC-V: a simpler and faster operational concurrency model

Pulte

Pichon-Pharabod

Kang

et al. 2019

Proceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation

View full text Add to dashboard Cite

For ARMv8 and RISC-V, there are concurrency models in two styles, extensionally equivalent: axiomatic models, expressing the concurrency semantics in terms of global properties of complete executions; and operational models, that compute incrementally. The latter are in an abstract microarchitectural style: they execute each instruction in multiple steps, out-of-order and with explicit branch speculation. This similarity to hardware implementations has been important in developing the models and in establishing confidence, but involves complexity that, for programming and modelchecking, one would prefer to avoid.We present new more abstract operational models for ARMv8 and RISC-V, and an exploration tool based on them. The models compute the allowed concurrency behaviours incrementally based on thread-local conditions and are significantly simpler than the existing operational models: executing instructions in a single step and (with the exception of early writes) in program order, and without branch speculation. We prove the models equivalent to the existing ARMv8 and RISC-V axiomatic models in Coq. The exploration tool is the first such tool for ARMv8 and RISC-V fast enough for exhaustively checking the concurrency behaviour of a number of interesting examples. We demonstrate using the tool for checking several standard concurrent datastructure and lock implementations, and for interactively stepping through model-allowed executions for debugging.

show abstract

Section: Related Workmentioning

confidence: 99%

Promising-ARM/RISC-V: a simpler and faster operational concurrency model

Pulte

Pichon-Pharabod

Kang

et al. 2019

Proceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation

View full text Add to dashboard Cite

show abstract

“…We used the files from the sub-categories shown in Table 1; each row shows the corresponding number of files and lines of code. Table 1 shows the results for the SV-COMP16 versions of CBMC [5], CIVL [26], Lazy-CSeq [13,14], the SV-COMP15 version of MU-CSeq [21], 2 and of IMU-CSeq on these benchmarks. We indicate with pass the number of correctly found bugs, with fail the number of unsuccessful analyses including tool crashes, memory limit hits, and timeouts, and with time the average time in seconds to find the bug.…”

Section: Experimental Evaluationmentioning

confidence: 99%

“…The notion of IMU exactly captures the coherence relation that is often used in the description of memory models (see [6,2]). In our setting, we achieve the reordering of the statements that are observed in the relaxed memory models by guessing the timestamps and then checking their consistency with the expected behaviours.…”

Section: Related Work Conclusion and Future Workmentioning

confidence: 99%

“…We plan to extend our approach to other memory models such as POWER. POWER relaxes PSO (and thus TSO) in two key aspects (see [2]): (i) the propagation of a write in the shared memory by a thread can be asynchronous, i.e., each thread can see the write at a different time; (ii) the order of execution of the statements of a thread can be rearranged liberally (w.r.t. the program order) provided that the dependency relations such as data-flow, address, control and isync are respected.…”

Section: Related Work Conclusion and Future Workmentioning

confidence: 99%

See 1 more Smart Citation

Using Shared Memory Abstractions to Design Eager Sequentializations for Weak Memory Models

Tomasco

Nguyen

Fischer

et al. 2017

Software Engineering and Formal Methods

View full text Add to dashboard Cite

Sequentialization is one of the most promising approaches for the symbolic analysis of concurrent programs. However, existing sequentializations assume sequential consistency, which modern hardware architectures no longer guarantee. In this paper we describe an approach to embed weak memory models within eager sequentializations. Our approach is based on the separation of intrathread computations from inter-thread communications by means of a shared memory abstraction (SMA). We give details of SMA implementations for the SC, TSO, and PSO memory models that are based on the idea of individual memory unwindings. We use our approach to implement a new, efficient BMC-based bug finding tool for multi-threaded C programs under SC, TSO, or PSO based on these SMAs, and show experimentally that it is competitive to existing tools.

show abstract

“…Given the high complexity for PS 2.0-rlx and the undecidability of PS 2.0-ra, we next consider a bounded version of the reachability problem. To this end, we propose a parametric under-approximation in the spirit of context bounding [9,33,21,26,24,29,1,3]. The aim of context bounding is to restrict the otherwise unbounded interaction between processes, and has been shown experimentally in the case of SC programs to maintain enough behaviour coverage for bug detection [24,29].…”

Section: Introductionmentioning

confidence: 99%

The Decidability of Verification under PS 2.0

Abdulla

Atig

Godbole

et al. 2021

Programming Languages and Systems

Self Cite

View full text Add to dashboard Cite

We consider the reachability problem for finite-state multi-threaded programs under the promising semantics () of Lee et al., which captures most common program transformations. Since reachability is already known to be undecidable in the fragment of with only release-acquire accesses (-), we consider the fragment with only relaxed accesses and promises (). We show that reachability under is undecidable in general and that it becomes decidable, albeit non-primitive recursive, if we bound the number of promises.Given these results, we consider a bounded version of the reachability problem. To this end, we bound both the number of promises and of “view-switches”, i.e., the number of times the processes may switch their local views of the global memory. We provide a code-to-code translation from an input program under (with relaxed and release-acquire memory accesses along with promises) to a program under SC, thereby reducing the bounded reachability problem under to the bounded context-switching problem under SC. We have implemented a tool and tested it on a set of benchmarks, demonstrating that typical bugs in programs can be found with a small bound.

show abstract

Context-Bounded Analysis for POWER

Cited by 20 publications

References 47 publications

Promising-ARM/RISC-V: a simpler and faster operational concurrency model

Promising-ARM/RISC-V: a simpler and faster operational concurrency model

Using Shared Memory Abstractions to Design Eager Sequentializations for Weak Memory Models

The Decidability of Verification under PS 2.0

Contact Info

Product

Resources

About