skip to main content
article

Model checking the Java metalocking algorithm

Published:01 July 2007Publication History
Skip Abstract Section

Abstract

We report on our efforts to use the XMC model checker to model and verify the Java metalocking algorithm. XMC [Ramakrishna et al. 1997] is a versatile and efficient model checker for systems specified in XL, a highly expressive value-passing language. Metalocking [Agesen et al. 1999] is a highly-optimized technique for ensuring mutually exclusive access by threads to object monitor queues and, therefore; plays an essential role in allowing Java to offer concurrent access to objects. Metalocking can be viewed as a two-tiered scheme. At the upper level, the metalock level, a thread waits until it can enqueue itself on an object's monitor queue in a mutually exclusive manner. At the lower level, the monitor-lock level, enqueued threads race to obtain exclusive access to the object. Our abstract XL specification of the metalocking algorithm is fully parameterized, both on the number of threads M, and the number of objects N. It also captures a sophisticated optimization of the basic metalocking algorithm known as extra-fast locking and unlocking of uncontended objects. Using XMC, we show that for a variety of values of M and N, the algorithm indeed provides mutual exclusion and freedom from deadlock and lockout at the metalock level. We also show that, while the monitor-lock level of the protocol preserves mutual exclusion and deadlock-freedom, it is not lockout-free because the protocol's designers chose to give equal preference to awaiting threads and newly arrived threads.

References

  1. ACL2. 2002. Applicative Common Lisp ACL2 v2.7. http://www.cs.utexas.edu/users/moore/acl2/.Google ScholarGoogle Scholar
  2. Agesen, O., Detlefs, D., Garthwaite, A., Knippel, R., Ramakrishna, Y. S., and White, D. 1999. An efficient metalock for implementing ubiquitous synchronization. In Proceedings of OOPSLA'99. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Archer, M., Heitmeyer, C., and Sims, S. 1998. TAME: A PVS interface to simplify proofs for automata models. User Interfaces for Theorem Provers. Eindhoven, The Netherlands.Google ScholarGoogle Scholar
  4. Basin, D., Friedrich, S., Gawkowski, M., and Posegga, J. 2002. Bytecode model checking: An experimental analysis. In 9th International SPIN Workshop on Model Checking of Software. Grenoble, France. Lecture Notes in Computer Science, vol. 2318, Springer-Verlag, 42--59. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Basu, S., Smolka, S. A., and Ward, O. R. 2000. Model checking the Java Metalocking algorithm. In Proceedings of 7th IEEE International Conference and Workshop on the Engineering of Computer Based Systems (ECBS'00). Edinburgh, Scotland.Google ScholarGoogle Scholar
  6. Clarke, E. M., Grumberg, O., and Peled, D. 1999. Model Checking. MIT Press, Cambridge, MA. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Corbett, J. C., Dwyer, M. B., Hatcliff, J., and Robby. 2000. A language framework for expressing checkable properties of dynamic software. SPIN Software Model Checking Workshop. Springer-Verlag. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Dong, Y., Du, X., Holzmann, G., and Smolka, S. A. 2003. Fighting livelock in the i-Protocol: A case study in explicit-state model checking. Softw. Tools Techn. Transfer 4, 4, 505--528.Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Dong, Y., Ramakrishnan, C. R., and Smolka, S. A. 2003. Evidence explorer: A tool for exploring model-checking proofs. In Computer-Aided Verification (CAV'03).Google ScholarGoogle Scholar
  10. Emerson, E. 1990. Temporal and modal logic. In Handbook of Theoretical Computer Science, J. van Leeuwen, Ed., Vol. B. North-Holland, 995--1072. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Groote, J. F. and Rem, M., Eds. 1997. Science of Computer Programming, Special Issue on Verification and Validation Methods for Formal Descriptions. Vol. 29(1-2).Google ScholarGoogle Scholar
  12. Havelund, K. and Shankar, N. 1996. Experiments in theorem proving and model checking for protocol verification. In Industrial Benefit and Advances in Formal Methods (FME'96). Springer-Verlag, 662--681. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Hennessy, M. C. B. and Milner, R. 1985. Algebraic laws for nondeterminism and concurrency. J. ACM 32, 1 (Jan.), 137--161. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Holzmann, G. 2004. The SPIN Model Checker: Primer and Reference Manual. Addison-Wesley.Google ScholarGoogle Scholar
  15. Kozen, D. 1983. Results on the propositional μ-calculus. Theoret. Comput. Sci. 27, 333--354.Google ScholarGoogle ScholarCross RefCross Ref
  16. Milner, R. 1989. Communication and Concurrency. International Series in Computer Science. Prentice Hall. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Moore, J. S. and Porter, G. 2002. The apprentice challenge. ACM Trans. Program. Lang. Syst. 24, 3, 1--24. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Murphi. 2006. Murphi description language and verifier. http://verify.stanford.edu/dill/murphi.html.Google ScholarGoogle Scholar
  19. Owre, S., Rajan, S., Rushby, J., Shankar, N., and Srivas, M. 1996. PVS: Combining specification, proof checking, and model checking. In Proceedings of 8th International Conference on Computer Aided Verification (CAV'96). Lecture Notes in Computer Science, vol. 1102, Springer-Verlag, 411--414. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Pike, R., Presotto, D., Thompson, K., and Holzmann, G. 1991. Process sleep and wake-up on a shared-memory multiprocessor. In Proceedings of the Spring EurOpen Conference. Tromso, Norway, 161--166.Google ScholarGoogle Scholar
  21. PVS. 2003. The PVS specification and verification system v1.3. http://pvs.csl.sri.com/.Google ScholarGoogle Scholar
  22. Ramakrishna, Y. S., Ramakrishnan, C. R., Ramakrishnan, I. V., Smolka, S. A., Swift, T. W., and Warren, D. S. 1997. Efficient model checking using tabled resolution. In Proceedings of the 9th International Conference on Computer-Aided Verification (CAV'97). Haifa, Israel, Springer-Verlag. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Roychoudhury, A., Kumar, K. N., Ramakrishnan, C., Ramakrishnan, I., and Smolka, S. 2000. Verification of parameterized systems using logic-program transformations. In Tools and Algorithms for the Construction and Analysis of Algorithms (TACAS'00), S. Graf and M. Schwartzbach, Eds. Lecture Notes in Computer Science, vol. 1785. Springer-Verlag. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Roychoudhury, A. and Ramakrishnan, I. 2001. Automated inductive verification of parameterized protocols. In 13th International Conference on Computer Aided Verification (CAV'01) Paris, France. G. Berry, H. Comon, and A. Finke, Eds. Lecture Notes in Computer Science, vol. 2102. Springer-Verlag, 25--37. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Smolka, S. et al. 1998. Logic programming and model checking. In Proceedings of PLILP/ALP'98. Lecture Notes in Computer Science, vol. 1490, Springer-Verlag. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. SMV. 2006. Symbolic model verifier 2.5. http://www.cs.cmu.edu/~modelcheck/smv.html.Google ScholarGoogle Scholar
  27. Tanenbaum, A. S. 1996. Computer Networks 3rd ed. Prentice Hall. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Visser, W., Havelund, K., Brat, G., and Park, S. 2000. Model checking programs. In International Conference on Automated Software Engineering. Grenoble, France. IEEE Computer Society Press. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. XSB. 2001. The XSB logic programming system v2.4. Available by anonymous ftp from ftp.cs.sunysb.edu.Google ScholarGoogle Scholar

Index Terms

  1. Model checking the Java metalocking algorithm

                Recommendations

                Reviews

                Rosziati Ibrahim

                Basu and Smolka present a case study of modeling and verifying the Java metalocking algorithm using the XMC model checker. They verify the correctness of the metalocking algorithm by manually constructing a model of the algorithm, and then performing model checking on the derived model. The Java Virtual Machine (JVM) is often used for implementing Internet-based applications using extensive synchronization operations. Metalocking is viewed as a two-tier scheme for achieving monitor-style synchronization in objects. For the metalocking algorithm, the upper tier is used as the metalock level, while the lower tier is used as the monitor-lock level. XMC, on the other hand, is a model checker for value-passing languages such as Java. The metalock level is used to access the object’s synchronization data, and the monitor-lock level is used to access the object data. In the metalocking algorithm, threads observe a certain protocol when manipulating an object’s synchronization data. This paper is recommended for readers interested in theorem proving using the XMC model checker. Online Computing Reviews Service

                Access critical reviews of Computing literature here

                Become a reviewer for Computing Reviews.

                Comments

                Login options

                Check if you have access through your login credentials or your institution to get full access on this article.

                Sign in

                Full Access

                PDF Format

                View or Download as a PDF file.

                PDF

                eReader

                View online with eReader.

                eReader