Algebraic laws for nondeterminism and concurrency
Journal of the ACM (JACM)
Handbook of theoretical computer science (vol. B)
Computer networks (3rd ed.)
An efficient meta-lock for implementing ubiquitous synchronization
Proceedings of the 14th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Model checking
ACM Transactions on Programming Languages and Systems (TOPLAS)
Communication and Concurrency
A Language Framework for Expressing Checkable Properties of Dynamic Software
Proceedings of the 7th International SPIN Workshop on SPIN Model Checking and Software Verification
Bytecode Model Checking: An Experimental Analysis
Proceedings of the 9th International SPIN Workshop on Model Checking of Software
Logic Programming and Model Checking
PLILP '98/ALP '98 Proceedings of the 10th International Symposium on Principles of Declarative Programming
Experiments in Theorem Proving and Model Checking for Protocol Verification
FME '96 Proceedings of the Third International Symposium of Formal Methods Europe on Industrial Benefit and Advances in Formal Methods
Efficient Model Checking Using Tabled Resolution
CAV '97 Proceedings of the 9th International Conference on Computer Aided Verification
PVS: Combining Specification, Proof Checking, and Model Checking
CAV '96 Proceedings of the 8th International Conference on Computer Aided Verification
ASE '00 Proceedings of the 15th IEEE international conference on Automated software engineering
Spin model checker, the: primer and reference manual
Spin model checker, the: primer and reference manual
ActionScript bytecode verification with co-logic programming
Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security
| Hi-index | 0.00 |
We report on our efforts to use the XMC model checker to model and verify the Java metalocking algorithm. XMC [Ramakrishna et al. 1997] is a versatile and efficient model checker for systems specified in XL, a highly expressive value-passing language. Metalocking [Agesen et al. 1999] is a highly-optimized technique for ensuring mutually exclusive access by threads to object monitor queues and, therefore; plays an essential role in allowing Java to offer concurrent access to objects. Metalocking can be viewed as a two-tiered scheme. At the upper level, the metalock level, a thread waits until it can enqueue itself on an object's monitor queue in a mutually exclusive manner. At the lower level, the monitor-lock level, enqueued threads race to obtain exclusive access to the object. Our abstract XL specification of the metalocking algorithm is fully parameterized, both on the number of threads M, and the number of objects N. It also captures a sophisticated optimization of the basic metalocking algorithm known as extra-fast locking and unlocking of uncontended objects. Using XMC, we show that for a variety of values of M and N, the algorithm indeed provides mutual exclusion and freedom from deadlock and lockout at the metalock level. We also show that, while the monitor-lock level of the protocol preserves mutual exclusion and deadlock-freedom, it is not lockout-free because the protocol's designers chose to give equal preference to awaiting threads and newly arrived threads.