Abstract:Despite multiprocessors implementing weak memory models, verification methods often assume Sequential Consistency (SC), thus may miss bugs due to weak memory. We propose a sound transformation of the program to verify, enabling SC tools to perform verification w.r.t. weak memory. We present experiments for a broad variety of models (from x86/TSO to Power/ARM) and a vast range of verification tools, quantify the additional cost of the transformation and highlight the cases when we can drastically reduce it. Our benchmarks include work-queue management code from PostgreSQL.
What problem does this paper attempt to address?
### What problem does this paper attempt to solve?
This paper aims to solve the challenges encountered in software verification of multi - core processors under weak memory models. Specifically, most current multi - core architectures (such as Intel's x86, IBM's Power, and ARM) implement weak memory models for performance optimization, allowing optimization measures such as instruction reordering, store buffering, and write atomicity relaxation. These optimizations make concurrent programming and debugging extremely complex because the execution of a program may not be a simple interleaving of its instructions but is affected by the memory model.
However, most existing verification methods assume sequential consistency (SC), which may lead to the inability to detect specific errors caused by weak memory models. For example, the lock - free signal code in the open - source database PostgreSQL fails on a PowerPC cluster due to the memory model. This phenomenon highlights the need for weak - memory - aware verification.
To solve this problem, the author proposes a unified method: transform a given C - language concurrent program into a form that simulates weak - memory behavior through program transformation, so that existing SC verification tools can be used to verify the behavior of these programs in a sequential - consistency environment. This method avoids writing specialized tools for each architecture but instead simulates buffer and cache scenarios in a weak - memory environment by adding arrays, etc.
### Main contributions
1. **Program transformation**: Section 3 details the concurrent - program - transformation method for weak - memory models. This method defines a general - purpose abstract machine and, with the help of the Coq proof assistant, proves its equivalence to existing frameworks. In addition, it shows how to significantly reduce the transformation cost through optimization.
2. **Implementation details**: Section 4 describes the specific implementation, supporting multiple memory models (such as x86/TSO, PSO, RMO, and Power) and multiple program analyzers (such as Blender, CheckFence, ESBMC, etc.). This reflects the wide applicability and flexibility of this method.
3. **Experimental results**: Section 5 details the experimental results, including using 555 litmus tests to verify theoretical research, verifying TSO examples from the literature, and a new example - a relational - database code fragment in PostgreSQL that has an error specific to the Power architecture. This error has attracted extensive attention from IBM.
Through these efforts, the author not only solves the verification problem under weak - memory models but also provides an efficient and unified verification platform, enabling researchers to easily integrate various existing verification tools.