Skip to main content
SpringerLink
Log in

Memory model sensitive bytecode verification

  • Published:
Formal Methods in System Design Aims and scope Submit manuscript

Abstract

Modern concurrent programming languages like C# and Java have a programming language level memory model, which captures the set of all allowed behaviors of programs on any implementation platform—uni- or multi-processor. Such a memory model is typically weaker than Sequential Consistency and allows reordering of operations within a program thread. Therefore, programs verified correct by assuming Sequential Consistency (that is, each thread proceeds in program order) may not behave correctly on certain platforms! One solution to this problem is to develop program checkers which are memory model sensitive. In this paper, we develop a bytecode level invariant checker for the programming language C#. Our checker identifies program states which are reached only because the C# memory model is more relaxed than Sequential Consistency. It employs partial order reduction strategies to speed up the search. These strategies are different from standard partial order reduction methods since our search also considers execution traces containing bytecode re-orderings. Furthermore, our checker identifies (a) operation re-orderings which cause undesirable states to be reached, and (b) simple program modifications—by inserting memory barrier operations—which prevent such undesirable re-orderings.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Java Specification Request (JSR) 133 (2004) Java memory model and thread specification revision

  2. Abrams B. http://blogs.msdn.com/brada/archive/2004/05/12/130935.aspx

  3. Brumme C. Weblog: memory model. http://blogs.msdn.com/cbrumme/archive/2003/05/17/51445.aspx

  4. Burckhardt S, Alur R, Martin M (2006) Bounded model checking of concurrent data types on relaxed memory models: a case study. In: International conference on computer aided verification (CAV)

  5. Burckhardt S, Alur R, Martin M (2007). Checkfence: checking consistency of concurrent data types on relaxed memory models. In: ACM conference on programming language design and implementation (PLDI)

  6. Clarke EM, Grumberg O, Peled D (1999) Model checking. MIT Press, Cambridge

    Google Scholar 

  7. Collier WW (1992) Reasoning about parallel architectures. Prentice Hall, New York. Details available from http://www.mpdiag.com/archtest.html

    MATH  Google Scholar 

  8. Dill DL, Park S, Nowatzyk A (1993) Formal specification of abstract memory models. Symposium on research on integrated systems. MIT Press, Cambridge

    Google Scholar 

  9. Dwyer MB, Hatcliff JR Prasad VR (2004) Exploiting object escape and locking information in partial order reduction for concurrent object-oriented programs. Form Methods Syst Des 25(2–3):199–240

    Article  MATH  Google Scholar 

  10. Bacon D et al. The “Double-checked locking is broken” declaration. http://www.cs.umd.edu/~pugh/java/memoryModel/DoubleCheckedLocking.html

  11. Ford LR, Fulkerson DR (1956) Maximum flow through a network. Can J Math 8:399–404

    MATH  MathSciNet  Google Scholar 

  12. Gopalakrishnan G, Yang Y, Lindstrom G (2004) QB or not QB: an efficient execution verification tool for memory orderings. In: International Conference on Computer Aided Verification (CAV)

  13. Huynh TQ, Roychoudhury A (2006) A memory model sensitive checker for C#. In: Formal methods symposium (FM). http://www.comp.nus.edu.sg/~abhik/pdf/fm06.pdf

  14. JGF (2001) The Java grande Forum Multi-threaded Benchmarks. http://www.epcc.ed.ac.uk/computing/research_activities/java_grande/threads.html

  15. JPF (2005) The Java path finder model checking tool. http://javapathfinder.sourceforge.net/

  16. Lamport L (1979) How to make a multiprocessor computer that correctly executes multiprocess programs. IEEE Trans Comput 28(9):690–691

    Article  MATH  Google Scholar 

  17. Lea D The JSR-133 cookbook for compiler writers. http://gee.cs.oswego.edu/dl/jmm/cookbook.html

  18. Manson J, Pugh W (2002) The java memory model simulator. In: Workshop on formal techniques for Java-like programs, in association with ECOOP

  19. Manson J, Pugh W, Adve S (2005) The Java memory model. In: ACM symposium on principles of programming languages (POPL)

  20. Microsoft (2005) Standard ECMA-334 C# specification. http://www.ecma-international.org/publications/files/ECMA-ST/Ecma-334.pdf 1

  21. Microsoft (2005) Standard ECMA-335 common language infrastructure (CLI). http://www.ecma-international.org/publications/standards/Ecma-335.htm

  22. Morrison V. Dotnet discussion: the DOTNET memory model. http://discuss.develop.com/archives/wa.exe?A2=ind0203B&L=DOTNET&P=R375

  23. Nalumusu R et al (1998) The ‘test model checking’ approach to the verification of memory models of multiprocessors. In International conference on computer aided verification (CAV)

  24. Nipkow T et al (2003) Special issue on Java bytecode verification. J Autom Reas 30(34)

  25. Park S, Dill DL (1999) An executable specification and verifier for relaxed memory order. IEEE Trans Comput 48(2):227–235

    Article  Google Scholar 

  26. Pugh W Test for sequential consistency of volatiles. http://www.cs.umd.edu/~pugh/java/memoryModel/ReadAfterWrite.java

  27. Raynal M (1986) Algorithms for mutual exclusion. MIT Press, Cambridge

    MATH  Google Scholar 

  28. Roychoudhury A, Mitra T (2002) Specifying multithreaded Java semantics for program verification. In ACM international conference on software engineering (ICSE)

  29. Schmidt D, Harrison T (1996) Double-checked locking: an optimization pattern for efficiently initializing and accessing thread-safe objects. In: 3rd annual pattern languages of program design conference

  30. Stark RF, Borger E (2004) An ASM specification of C# threads and the NET memory model. In: Abstract state machines workshop. Lecture notes in computer science, vol 3065. Springer, Berlin

    Google Scholar 

  31. Yang Y, Gopalakrishnan G, Lindstrom G (2004) Memory model sensitive data race analysis. In International conference on formal engineering methods (ICFEM)

  32. Yang Y, Gopalakrishnan G, Lindstrom G, Slind K (2003) Analyzing the Intel Itanium memory ordering rules using logic programming and SAT. In: Correct hardware design and verification methods CHARME

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, University of Maryland, College Park, USA

    Thuan Quang Huynh

  2. Department of Computer Science, National University of Singapore, Singapore, Singapore

    Abhik Roychoudhury

Authors
  1. Thuan Quang Huynh
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Abhik Roychoudhury
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Abhik Roychoudhury.

Additional information

A preliminary version of this paper appeared as (Huynh and Roychoudhury, in: Formal Methods Symposium, 2006). The conference paper is available from http://www.comp.nus.edu.sg/~abhik/pdf/fm06.pdf.

This work was done when the first author was a Research Assistant at National University of Singapore.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Huynh, T.Q., Roychoudhury, A. Memory model sensitive bytecode verification. Form Methods Syst Des 31, 281–305 (2007). https://doi.org/10.1007/s10703-007-0041-6

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10703-007-0041-6

Keywords

Search

Navigation