Susmit Sarkar
Peter Sewell
Scott Owens
ABSTRACT
Multiprocessors are now dominant, but real multiprocessors do not provide the sequentially consistent memory that is assumed by most work on semantics and verification. Instead, they have subtle relaxed (or weak) memory models, usually described only in ambiguous prose, leading to widespread confusion.
We develop a rigorous and accurate semantics for x86 multiprocessor programs, from instruction decoding to relaxed memory model, mechanised in HOL. We test the semantics against actual processors and the vendor litmus-test examples, and give an equivalent abstract-machine characterisation of our axiomatic memory model. For programs that are (in some precise sense) data-race free, we prove in HOL that their behaviour is sequentially consistent. We also contrast the x86 model with some aspects of Power and ARM behaviour.
This provides a solid intuition for low-level programming, and a sound foundation for future work on verification, static analysis, and compilation of low-level concurrent code.
References
- A formal specification of Intel Itanium processor family memory ordering. http://developer.intel.com/design/itanium/downloads/251429.htm.Google Scholar
- The SPARC architecture manual, v. 9. http://developers.sun.com/solaris/articles/sparcv9.pdf. Google ScholarDigital Library
- Linux kernel traffic, 1999. http://www.kernel-traffic.org/kernel-traffic/kt19991220_47.txt.Google Scholar
- AMD64 Architecture Programmer's Manual. Advanced Micro Devices, Sept. 2007. (3 vols).Google Scholar
- Intel 64 and IA-32 Architectures Software Developer's Manual. Intel Corporation, April (vol 1,2A,2B; rev.27), Feb. (vol.3A,3B; rev.26) 2008.Google Scholar
- The semantics of multiprocessor machine code, 2008. www.cl.cam.ac.uk/users/pes20/weakmemory.Google Scholar
- A. Adir, H. Attiya, and G. Shurek. Information--flow models for shared memory with an application to the powerpc architecture. IEEE Trans. Parallel Distrib. Syst., 14(5):502--515, 2003. Google ScholarDigital Library
- S. Adve and K. Gharachorloo. Shared memory consistency models: A tutorial. IEEE Computer, 29(12):66--76, Dec 1996. Google ScholarDigital Library
- M. Ahamad, R. A. Bazzi, R.John, P. Kohli, and G. Neiger. The power of processor consistency. In Proc. SPAA '93, 1993. Google ScholarDigital Library
- M. Ahamad, G. Neiger, J. Burns, P. Kohli, and P. Hutto. Causal memory: Definitions, implementation, and programming. Distributed Computing, 9(1):37--49, 1995.Google ScholarDigital Library
- ARM. ARM Architecture Reference Manual (ARMv7-A and ARMv7-R edition). 2008. Available from ARM.Google Scholar
- D. Aspinall and J. Sevcik. Formalising Java's data race free guarantee. In Proc. TPHOLs, LNCS, 2007. Google ScholarDigital Library
- H.-J. Boehm and S. Adve. Foundations of the C++ concurrency memory model. SIGPLAN Not., 43(6):68--78, 2008. Google ScholarDigital Library
- S. Burckhardt, R. Alur, and M. Martin. Checkfence: checking consistency of concurrent data types on relaxed memory models. In PLDI, 2007. Google ScholarDigital Library
- S. Burckhardt and M. Musuvathi. Effective program verification for relaxed memory models. In Proc. CAV, LNCS 5123, 2008. Google ScholarDigital Library
- N. Chong and S. Ishtiaq. Reasoning about the ARM weakly consistent memory model. In Proc. MSPC, 2008. Google ScholarDigital Library
- W. Collier. Reasoning about parallel architectures. Prentice-Hall, Inc., 1992. Google ScholarDigital Library
- M. Dubois, C. Scheurich, and F. Briggs. Memory access buffering in multiprocessors. In ISCA, 1986. Google ScholarDigital Library
- M. Gordon. Memory access semantics for a multiprocessor instruction set. Unpublished note (c.1993) www.cl.cam.ac.buffering in multiprocessors. In ISCA, 1986.Google Scholar
- L. Higham, L. A. Jackson, and J. Kawash. Programmer-centric conditions for itanium memory consistency. In Proc. ICDCN, 2006. Google ScholarDigital Library
- The HOL 4 system. http://hol.sourceforge.net/.Google Scholar
- Intel. Intel 64 architecture memory ordering white paper, 2007. SKU 318147-001.Google Scholar
- L. Lamport. How to make a multiprocessor computer that correctly executes multiprocess programs. IEEE Trans. Comput., C-28(9):690--691, 1979. Google ScholarDigital Library
- D. Lea. The JSR-133 cookbook for compiler writers. gee.cs.oswego.edu/dl/jmm/cookbook.html.Google Scholar
- L.Higham, J.Kawash, and N. Verwaal. Defining and comparing memory consistency models. In PDCS, 1997.Google Scholar
- V. M. Luchangco. Memory consistency models for high-performance distributed computing. PhD thesis, MIT, 2001. Google ScholarDigital Library
- J. Manson, W. Pugh, and S. Adve. The Java memory model. In Proc. POPL, 2005. Google ScholarDigital Library
- S. Park and D. L. Dill. An executable specification, analyzer and verifier for RMO (relaxed memory order). In Proc. SPAA '95, 1995. Google ScholarDigital Library
- V. Saraswat, R. Jagadeesan, M. Michael, and C. von Praun. A theory of memory models. In Proc. PPoPP, 2007. Google ScholarDigital Library
- G. Winskel. Event structures. In Advances in Petri Nets, LNCS 255, 1986. Google ScholarDigital Library
- Y. Yang, G. Gopalakrishnan, G. Lindstrom, and K. Slind. Nemos: A framework for axiomatic and executable specifications of memory consistency models. In IPDPS, 2004.Google ScholarCross Ref
Index Terms
The semantics of x86-CC multiprocessor machine code
Comments