Stateless software model checking parameterized with memory consistency models

Formal verification of multithreaded software running on multi-core hardware has for long been challenging for anything other than the simplest of programs. The complexity of dealing with the arbitrary interleavings of such a program makes it one of the hardest problems of software verification. However, the industry trend of introducing embedded multi-core processors into the world of safety critical systems makes it unavoidable having to deal with this problem, because formal methods are even more important for concurrent programs due to their inherent nondeterminism, which makes testing unreliable. Furthermore, multi-core processors offer many types of optimizations to decrease execution time – one such technique is to allow the reordering of memory accesses whenever possible, to avoid having to wait for the typically much slower memory instructions to finish. This may introduce unexpected behavior compared to a purely sequential execution. Few analyses have been adapted to deal with such behavior, and most of them follow predefined memory models hard-coded into their algorithms without providing any facilities to customize it. This hurts the applicability of such techniques, as most types of hardware do not fully conform to theoretical models (either by design, or due to design flaws). In this work I propose an algorithm that accepts a concurrent program including assertions and a memory model as inputs, and reports whether the program can reach an erroneous state when run on a processor that abides by the given memory model. This algorithm builds on the stateless model checking approach, which yields a significantly lower memory usage than other techniques by using a smart exploration strategy to manage the large state space. I show that the algorithm is optimal in terms of explored executions and sound when the program meets certain criteria. Furthermore, I apply the algorithm to several well-known architectures and programs, and evaluate its performance compared to state-of-the-art software model checking tools. The expected impact of this work is to facilitate the correct implementation of concurrent software on multi-core architectures, ultimately leading to better performance and lower costs in embedded systems.