Modelling concurrent objects running on the TSO and ARMv8 memory models

Abstract

• Presents a method for using a standard linearizability proof method on hardware weak memory models. • Generates a transition system, which reflects on weak memory model behaviour, from a given piece of code. • Covers the widely used TSO memory model, as well as the latest version of the ARM processor, ARMv8. • Enables the use of a model checker to check correctness of code, taking into account TSO/ARMv8 weak memory behaviour. Hardware weak memory models, such as TSO and ARM, are used to increase the performance of concurrent programs by allowing program instructions to be executed on the hardware in a different order to that specified by the software. This places a challenge on the verification of concurrent objects used in these programs since the variations in the executions need to be considered. Many approaches exist for verifying concurrent objects along with associated tool support. In particular, we focus on a thread-local approach to checking linearizability , the standard correctness condition for concurrent objects, using a model checker. This approach, like most others, does not support weak memory models. In order to reuse this existing approach, therefore, we show how to use the semantics of a weak memory model to directly derive a transition system of concurrent objects running under it. We do this for both TSO and the latest version of ARM, ARMv8. Since there is a straightforward implementation of TSO, we reflect this in our transition system which includes a buffer of writes to memory mirroring the store buffer of TSO. We illustrate linearizability checking using model checking on a transition system generated by this approach. The implementation of the significantly more complex ARMv8 architecture is less obvious. We derive our transition system in this case from an existing operational semantics that is consistent with the results of thousands of litmus test run on ARM hardware.