UNIVERSITY OF CALIFORNIA Los Angeles On the Correctness of Transactional Memory Algorithms A dissertation submitted in partial satisfaction of the requirements for the degree Doctor of Philosophy in Computer Science by Mohsen Lesani 2014 R Copyright by Mohsen Lesani 2014 ABSTRACT OF THE DISSERTATION On the Correctness of Transactional Memory Algorithms by Mohsen Lesani Doctor of Philosophy in Computer Science University of California, Los Angeles, 2014 Professor Jens Palsberg, Chair Transactional Memory (TM) provides programmers with a high-level and composable concurrency control abstraction. The correct execution of client programs using TM is directly dependent on the correctness of the TM algorithms. In return for the simpler programming model, designing a correct TM algorithm is an art. This dissertation contributes to the specification, safety criterion, testing and verification of TM algorithms. In particular, it presents techniques to prove the correctness or incorrectness of TM algorithms. We introduce a language for architecture-independent specification of synchronization algorithms. An algorithm specification captures two abstract properties of the algorithm namely the type of the used synchronization objects and the pairs of method calls that should preserve their program order in the relaxed execution. Decomposition of the correctness condition supports modular and scalable verification. We in- troduce the markability correctness condition as the conjunction of three intuitive invariants: write- observation, read-preservation and real-time-preservation. We prove the equivalence of markability and opacity correctness conditions. We identify two pitfalls that lead to violation of opacity: the write-skew and write-exposure anomalies. We present a constraint-based testing technique and an automatic tool called Samand that finds traces of such bug patterns. Using Samand, we show that the DSTM and McRT algorithms suffer from the write-skew and write-exposure anomalies. We present a sound program logic called synchronization object logic (SOL) that supports rea- soning about the execution order and linearization order. It provides inference rules that axiomatize the properties and the interdependence of these orders and also the properties of common synchro- nization object types. We show that derivation of markability in SOL is a sound syntactic proof technique for opacity. We use SOL to prove the markability and hence opacity of the TL2 algorithm in PVS. ii The dissertation of Mohsen Lesani is approved. Todd Millstein Glenn Reinman Hans Boehm Edward Effros Jens Palsberg, Committee Chair University of California, Los Angeles 2014 iii To Niloufar, Shahnaz and Mehdi iv Contents List of Figures vii 1 Introduction 1 2 Synchronization Object Language 4 2.1 Introduction . .4 2.2 Syntax . .6 2.2.1 Specification . .6 2.2.2 TM Algorithm Specification . .9 2.2.3 Extended Syntax . 10 2.2.4 Example Specifications . 13 2.3 Semantics . 29 2.3.1 Execution History . 29 2.3.2 Synchronization Object Types . 31 2.3.3 History Semantics . 44 3 TM Correctness 48 3.1 Introduction . 48 3.2 Opacity . 49 3.3 Markability . 51 3.3.1 Write-observation and Read-preservation . 51 3.3.2 Marking TL2 . 53 3.3.3 The Marking Theorem . 54 4 Testing TM Algorithms 58 4.1 Introduction . 58 4.2 Opacity Bug Patterns . 59 4.3 Automatic Bug Finding . 60 4.4 Experiments . 65 5 Synchronization Object Program Logic 67 5.1 Introduction . 67 5.2 Simple Example . 68 5.2.1 Algorithm Specification . 68 5.2.2 Program Logic . 69 v 5.2.3 Deduction . 72 5.3 Assertion Language . 76 5.4 Assertion Semantics . 77 5.5 Inference Rules . 78 5.5.1 Classical First-order Logic Inference Rules . 78 5.5.2 Structure Inference Rules . 81 5.5.3 Basic Inference Rules . 83 5.5.4 Synchronization Object Inference Rules . 85 5.6 Soundness . 96 5.7 Dekker Mutual Exclusion . 97 6 Syntactic TM Correctness 102 6.1 Client Transactions . 103 6.2 Markability . 104 7 Verification of TM Algorithms 106 7.1 Marking TL2 . 106 7.2 Marking DSTM (visible reads) . 107 7.3 Marking NORec . 109 8 Related Works 110 8.1 Verification of Transactional Memory . 110 8.2 Concurrent Program Logics . 113 9 Conclusions and Future Works 116 10 Appendix 117 10.1 Synchronization Object Language . 117 10.1.1 Specification . 117 10.1.2 Semantics . 118 10.2 TM Correctness . 123 10.2.1 The Marking Theorem . 123 10.2.2 Marking TL2 . 138 10.3 Testing TM Algorithms . 157 10.3.1 Example: Dekker Mutual Exclusion . 157 10.3.2 Language . 159 10.3.3 TM Algorithms in Samand . 161 10.4 Synchronization Object Program Logic . 170 10.4.1 Soundness . 170 10.4.2 Derived Rules . 186 10.5 Syntactic TM Correctness . 188 10.5.1 Transactions . 188 10.5.2 Markability . 190 10.6 Related Works . 192 11 Bibliography 193 vi List of Figures 2.1 πDekker Dekker Algorithm Specification . 13 2.2 πTL2 TL2 Algorithm Specification . 15 2.3 πTL2V ariant TL2 Variant Algorithm Specification . 17 2.4 πDST M DSTM Algorithm Specification . 19 2.5 πDST MV is DSTM (visible reads) Algorithm Specification . 21 2.6 πMcRT McRT Algorithm Specification . 23 2.7 NORec NORec Algorithm Specification . 24 2.8 TLRW Algorithm (objects) . 25 2.9 TLRW Algorithm (read) . 26 2.10 TLRW Algorithm (write) . 27 2.11 TLRW Algorithm (abort and commit) . 28 2.12 History Semantics H(π) of a specification π = (T ; D; P)................. 45 3.1 F inalStateOpaque ..................................... 50 3.2 Illustrations of Write-observation and Read-preservation . 51 3.3 TL2 Read-Preservation Example . 53 3.4 The set of local and global reads and writes . 55 3.5 F inalStateMarkable .................................... 56 4.1 Counterexamples . 66 5.1 Example Specification π .................................. 68 5.2 Structure Inference Rules. 69 5.3 Basic inference rules. 70 5.4 Synchronization Object Inference Rules. 71 5.5 Classical Inference Rules . 79 5.6 Derived Classical Inference Rules . 79 5.7 Equivalence and Arithmetic Rules . 80 5.8 Derived Equivalence and Arithmetic Rules . 80 5.9 Structure Inference Rules. All of the rules have the side condition π = (T ; D; P)... 82 5.10 Derived Structure Inference Rules . 83 5.11 Basic Inference Rules . 84 5.12 Derived Basic Inference Rules . ..