Abstract
We report on our efforts to use the XMC model checker to model and verify the Java metalocking algorithm. XMC [Ramakrishna et al. 1997] is a versatile and efficient model checker for systems specified in XL, a highly expressive value-passing language. Metalocking [Agesen et al. 1999] is a highly-optimized technique for ensuring mutually exclusive access by threads to object monitor queues and, therefore; plays an essential role in allowing Java to offer concurrent access to objects. Metalocking can be viewed as a two-tiered scheme. At the upper level, the metalock level, a thread waits until it can enqueue itself on an object's monitor queue in a mutually exclusive manner. At the lower level, the monitor-lock level, enqueued threads race to obtain exclusive access to the object. Our abstract XL specification of the metalocking algorithm is fully parameterized, both on the number of threads M, and the number of objects N. It also captures a sophisticated optimization of the basic metalocking algorithm known as extra-fast locking and unlocking of uncontended objects. Using XMC, we show that for a variety of values of M and N, the algorithm indeed provides mutual exclusion and freedom from deadlock and lockout at the metalock level. We also show that, while the monitor-lock level of the protocol preserves mutual exclusion and deadlock-freedom, it is not lockout-free because the protocol's designers chose to give equal preference to awaiting threads and newly arrived threads.
- ACL2. 2002. Applicative Common Lisp ACL2 v2.7. http://www.cs.utexas.edu/users/moore/acl2/.Google Scholar
- Agesen, O., Detlefs, D., Garthwaite, A., Knippel, R., Ramakrishna, Y. S., and White, D. 1999. An efficient metalock for implementing ubiquitous synchronization. In Proceedings of OOPSLA'99. Google ScholarDigital Library
- Archer, M., Heitmeyer, C., and Sims, S. 1998. TAME: A PVS interface to simplify proofs for automata models. User Interfaces for Theorem Provers. Eindhoven, The Netherlands.Google Scholar
- Basin, D., Friedrich, S., Gawkowski, M., and Posegga, J. 2002. Bytecode model checking: An experimental analysis. In 9th International SPIN Workshop on Model Checking of Software. Grenoble, France. Lecture Notes in Computer Science, vol. 2318, Springer-Verlag, 42--59. Google ScholarDigital Library
- Basu, S., Smolka, S. A., and Ward, O. R. 2000. Model checking the Java Metalocking algorithm. In Proceedings of 7th IEEE International Conference and Workshop on the Engineering of Computer Based Systems (ECBS'00). Edinburgh, Scotland.Google Scholar
- Clarke, E. M., Grumberg, O., and Peled, D. 1999. Model Checking. MIT Press, Cambridge, MA. Google ScholarDigital Library
- Corbett, J. C., Dwyer, M. B., Hatcliff, J., and Robby. 2000. A language framework for expressing checkable properties of dynamic software. SPIN Software Model Checking Workshop. Springer-Verlag. Google ScholarDigital Library
- Dong, Y., Du, X., Holzmann, G., and Smolka, S. A. 2003. Fighting livelock in the i-Protocol: A case study in explicit-state model checking. Softw. Tools Techn. Transfer 4, 4, 505--528.Google ScholarDigital Library
- Dong, Y., Ramakrishnan, C. R., and Smolka, S. A. 2003. Evidence explorer: A tool for exploring model-checking proofs. In Computer-Aided Verification (CAV'03).Google Scholar
- Emerson, E. 1990. Temporal and modal logic. In Handbook of Theoretical Computer Science, J. van Leeuwen, Ed., Vol. B. North-Holland, 995--1072. Google ScholarDigital Library
- Groote, J. F. and Rem, M., Eds. 1997. Science of Computer Programming, Special Issue on Verification and Validation Methods for Formal Descriptions. Vol. 29(1-2).Google Scholar
- Havelund, K. and Shankar, N. 1996. Experiments in theorem proving and model checking for protocol verification. In Industrial Benefit and Advances in Formal Methods (FME'96). Springer-Verlag, 662--681. Google ScholarDigital Library
- Hennessy, M. C. B. and Milner, R. 1985. Algebraic laws for nondeterminism and concurrency. J. ACM 32, 1 (Jan.), 137--161. Google ScholarDigital Library
- Holzmann, G. 2004. The SPIN Model Checker: Primer and Reference Manual. Addison-Wesley.Google Scholar
- Kozen, D. 1983. Results on the propositional μ-calculus. Theoret. Comput. Sci. 27, 333--354.Google ScholarCross Ref
- Milner, R. 1989. Communication and Concurrency. International Series in Computer Science. Prentice Hall. Google ScholarDigital Library
- Moore, J. S. and Porter, G. 2002. The apprentice challenge. ACM Trans. Program. Lang. Syst. 24, 3, 1--24. Google ScholarDigital Library
- Murphi. 2006. Murphi description language and verifier. http://verify.stanford.edu/dill/murphi.html.Google Scholar
- Owre, S., Rajan, S., Rushby, J., Shankar, N., and Srivas, M. 1996. PVS: Combining specification, proof checking, and model checking. In Proceedings of 8th International Conference on Computer Aided Verification (CAV'96). Lecture Notes in Computer Science, vol. 1102, Springer-Verlag, 411--414. Google ScholarDigital Library
- Pike, R., Presotto, D., Thompson, K., and Holzmann, G. 1991. Process sleep and wake-up on a shared-memory multiprocessor. In Proceedings of the Spring EurOpen Conference. Tromso, Norway, 161--166.Google Scholar
- PVS. 2003. The PVS specification and verification system v1.3. http://pvs.csl.sri.com/.Google Scholar
- Ramakrishna, Y. S., Ramakrishnan, C. R., Ramakrishnan, I. V., Smolka, S. A., Swift, T. W., and Warren, D. S. 1997. Efficient model checking using tabled resolution. In Proceedings of the 9th International Conference on Computer-Aided Verification (CAV'97). Haifa, Israel, Springer-Verlag. Google ScholarDigital Library
- Roychoudhury, A., Kumar, K. N., Ramakrishnan, C., Ramakrishnan, I., and Smolka, S. 2000. Verification of parameterized systems using logic-program transformations. In Tools and Algorithms for the Construction and Analysis of Algorithms (TACAS'00), S. Graf and M. Schwartzbach, Eds. Lecture Notes in Computer Science, vol. 1785. Springer-Verlag. Google ScholarDigital Library
- Roychoudhury, A. and Ramakrishnan, I. 2001. Automated inductive verification of parameterized protocols. In 13th International Conference on Computer Aided Verification (CAV'01) Paris, France. G. Berry, H. Comon, and A. Finke, Eds. Lecture Notes in Computer Science, vol. 2102. Springer-Verlag, 25--37. Google ScholarDigital Library
- Smolka, S. et al. 1998. Logic programming and model checking. In Proceedings of PLILP/ALP'98. Lecture Notes in Computer Science, vol. 1490, Springer-Verlag. Google ScholarDigital Library
- SMV. 2006. Symbolic model verifier 2.5. http://www.cs.cmu.edu/~modelcheck/smv.html.Google Scholar
- Tanenbaum, A. S. 1996. Computer Networks 3rd ed. Prentice Hall. Google ScholarDigital Library
- Visser, W., Havelund, K., Brat, G., and Park, S. 2000. Model checking programs. In International Conference on Automated Software Engineering. Grenoble, France. IEEE Computer Society Press. Google ScholarDigital Library
- XSB. 2001. The XSB logic programming system v2.4. Available by anonymous ftp from ftp.cs.sunysb.edu.Google Scholar
Index Terms
Model checking the Java metalocking algorithm
Recommendations
Design, verification and applications of a new read-write lock algorithm
SPAA '12: Proceedings of the twenty-fourth annual ACM symposium on Parallelism in algorithms and architecturesCoordination and synchronization of parallel tasks is a major source of complexity in parallel programming. These constructs take many forms in practice including directed barrier and point-to-point synchronizations, termination detection of child tasks,...
Lock elision for read-only critical sections in Java
PLDI '10It is not uncommon in parallel workloads to encounter shared data structures with read-mostly access patterns, where operations that update data are infrequent and most operations are read-only. Typically, data consistency is guaranteed using mutual ...
Lock elision for read-only critical sections in Java
PLDI '10: Proceedings of the 31st ACM SIGPLAN Conference on Programming Language Design and ImplementationIt is not uncommon in parallel workloads to encounter shared data structures with read-mostly access patterns, where operations that update data are infrequent and most operations are read-only. Typically, data consistency is guaranteed using mutual ...
Comments