Abstract
Recent advances in verification have made it possible to envision trusted implementations of real-world languages. Java with its type-safety and fully specified semantics would appear to be an ideal candidate; yet, the complexity of the translation steps used in production virtual machines have made it a challenging target for verifying compiler technology. One of Java's key innovations, its memory model, poses significant obstacles to such an endeavor. The Java Memory Model is an ambitious attempt at specifying the behavior of multithreaded programs in a portable, hardware agnostic, way. While experts have an intuitive grasp of the properties that the model should enjoy, the specification is complex and not well-suited for integration within a verifying compiler infrastructure. Moreover, the specification is given in an axiomatic style that is distant from the intuitive reordering-based reasonings traditionally used to justify or rule out behaviors, and ill suited to the kind of operational reasoning one would expect to employ in a compiler. This paper takes a step back, and introduces a Buffered Memory Model (BMM) for Java. We choose a pragmatic point in the design space sacrificing generality in favor of a model that is fully characterized in terms of the reorderings it allows, amenable to formal reasoning, and which can be efficiently applied to a specific hardware family, namely x86 multiprocessors. Although the BMM restricts the reorderings compilers are allowed to perform, it serves as the key enabling device to achieving a verification pathway from bytecode to machine instructions. Despite its restrictions, we show that it is backwards compatible with the Java Memory Model and that it does not cripple performance on TSO architectures.
Supplemental Material
- S. V. Adve and K. Gharachorloo. Shared memory consistency models: A tutorial. Computer, 29(12), 1996. Google Scholar
Digital Library
- S. V. Adve and M. Hill. A Unified Formalization of Four Shared-Memory Models. Par. and Distr. Systems, IEEE Transactions on, 1993. Google Scholar
Digital Library
- J. Alglave, L. Maranget, S. Sarkar, and P. Sewell. Fences in Weak Memory Models. In Proc. of CAV, 2010. Google Scholar
Digital Library
- D. Aspinall and J. Sevc1k. Java Memory Model Examples: Good, Bad and Ugly. In Proc. of VAMP, 2007.Google Scholar
- D. Aspinall and J. Sevc1k. Formalising Java's Data Race Free Guarantee. In Proc. of TPHOLs, 2007. Google Scholar
Digital Library
- H.-J. Boehm and S. V. Adve. Foundations of the C++ concurrency memory model. SIGPLAN Not., 43, 2008. Google Scholar
Digital Library
- G. Boudol and G. Petri. Relaxed Memory Models: an Operational Approach. In Proc. of POPL, 2009. Google Scholar
Digital Library
- G. Boudol and G. Petri. A Theory of Speculative Computation. In Proc. of ESOP, 2010. Google Scholar
Digital Library
- S. Burckhardt, M. Musuvathi, and V. Singh. Verifying Local Transformations on Relaxed Memory Models. In Proc. of CC, 2010. Google Scholar
Digital Library
- P. Cenciarelli, A. Knapp, and E. Sibilio. The Java Memory Model: Operationally, denotationally, axiomatically. In Proc. of ESOP, 2007. Google Scholar
Digital Library
- B. Goetz, T. Peierls, J. Bloch, J. Bowbeer, D. Holmes, and D. Lea. Java Concurrency in Practice. Addison-Wesley Longman, 2006. Google Scholar
Digital Library
- T. Henties, J. Hunt, D. Locke, K. Nilsen, M. Schoeberl, and J. Vitek. Java for safety-critical applications. In SafeCert, 2009.Google Scholar
- L. Higham, J. Kawash, and N. Verwaaland. Defining and Comparing Memory Consistency Models. In Proc. of PDCS, 1997.Google Scholar
- L. Hubert, T. Jensen, V. Monfort, and D. Pichardie. Enforcing Secure Object Initialization in Java. In Proc. of ESORICS, 2010. Google Scholar
Digital Library
- M. Huisman and G. Petri. The Java Memory Model: a Formal Explanation. In Proc. of VAMP, 2007.Google Scholar
- R. Jagadeesan, C. Pitcher, and J. Riely. Generative Operational Semantics for Relaxed Memory Models. In Proc. of ESOP, 2010. Google Scholar
Digital Library
- K. Kawachiya, A. Koseki, and T. Onodera. Lock Reservation: Java Locks can Mostly doWithout Atomic Operations. In Proc. of OOPSLA, 2002. Google Scholar
Digital Library
- G. Klein and T. Nipkow. A Machine-Checked Model for a Java-like Language, Virtual Machine, and Compiler. ACM Trans. Program. Lang. Syst., 28(4), 2006. Google Scholar
Digital Library
- L. Lamport. Time, Clocks, and the Ordering of Events in a Distributed System. Commun. ACM, 21(7), 1978. Google Scholar
Digital Library
- X. Leroy. A Formally Verified Compiler Back-end. J. Autom. Reasoning, 43(4), 2009. Google Scholar
Digital Library
- A. Lochbihler. Java and the Java memory Model -- a Unified, Machine-Checked Formalisation. In Proc. of ESOP, 2012. Google Scholar
Digital Library
- J. Manson, W. Pugh, and S. V. Adve. The Java Memory Model. In Proc. of POPL, 2005. Google Scholar
Digital Library
- D. Marino, A. Singh, T. D. Millstein, M. Musuvathi, and S. Narayanasamy. A Case for an SC-Preserving Compiler. In Proc. of PLDI, 2011. Google Scholar
Digital Library
- A. Mine. Static Analysis of Run-Time Errors in Embedded Critical Parallel C Programs. In Proc. of ESOP, 2011. Google Scholar
Digital Library
- S. Owens, S. Sarkar, and P. Sewell. A Better x86 Memory Model: x86-TSO. In Proc. of TPHOLs, 2009. Google Scholar
Digital Library
- F. Pizlo, L. Ziarek, E. Blanton, P. Maj, and J. Vitek. High-level Programming of Embedded Hard Real-Time Devices. In Proc. of EuroSys, 2010. Google Scholar
Digital Library
- W. Pugh. The Initialization On Demand Holder idiom, 2004. http://www.cs.umd.edu/~pugh/java/memoryModel/jsr-133-faq.html#dcl.Google Scholar
- W. Pugh. Causality test cases for the Java Memory Model, 2004. http://www.cs.umd.edu/~pugh/java/memoryModel/CausalityTestCases.html.Google Scholar
- K. Russell and D. Detlefs. Eliminating Synchronization-Related Atomic Operations with Biased Locking and Bulk Rebiasing. In Proc. of OOPSLA, 2006. Google Scholar
Digital Library
- S. Sarkar, P. Sewell, F. Z. Nardelli, S. Owens, T. Ridge, T. Braibant, M. O. Myreen, and J. Alglave. The Semantics of x86-CC Multiprocessor Machine Code. In Proc. of POPL, 2009. Google Scholar
Digital Library
- S. Sarkar, P. Sewell, J. Alglave, L. Maranget, and D. Williams. Understanding Power Multiprocessors. In Proc. of PLDI, 2011. Google Scholar
Digital Library
- J. Sevc1k. Program Transformations in Weak Memory Models. PhD thesis, The University of Edinburgh, 2009.Google Scholar
- J. Sevc1k. Safe optimisations for shared-memory concurrent programs. In Proc. of PLDI, 2011. Google Scholar
Digital Library
- J. Sevc1k and D. Aspinall. On Validity of Program Transformations in the Java Memory Model. In Proc. of ECOOP, 2008. Google Scholar
Digital Library
- J. Sevc1k, V. Vafeiadis, F. Z. Nardelli, S. Jagannathan, and P. Sewell. Relaxed-memory Concurrency and Verified Compilation. In Proc. of POPL, 2011. Google Scholar
Digital Library
- P. Sewell, S. Sarkar, S. Owens, F. Z. Nardelli, and M. O. Myreen. x86-TSO: A rigorous and usable programmer's model for x86 multiprocessors. Commun. ACM, 53(7), 2010. Google Scholar
Digital Library
- E. Torlak, M. Vaziri, and J. Dolby. MemSAT: Checking Axiomatic Specifications of Memory Models. In Proc. of PLDI, 2010. Google Scholar
Digital Library
- V. Vafeiadis and F. Z. Nardelli. Verifying fence elimination optimisations. In Proc. of SAS, 2011. Google Scholar
Digital Library
Index Terms
Plan B: a buffered memory model for Java
Recommendations
Plan B: a buffered memory model for Java
POPL '13: Proceedings of the 40th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languagesRecent advances in verification have made it possible to envision trusted implementations of real-world languages. Java with its type-safety and fully specified semantics would appear to be an ideal candidate; yet, the complexity of the translation ...
JDMM: a java memory model for non-cache-coherent memory architectures
ISMM '14: Proceedings of the 2014 international symposium on Memory managementAs the number of cores continuously grows, processor designers are considering non coherent memories as more scalable and energy efficient alternatives to the current coherent ones. The Java Memory Model (JMM) requires that all cores can access the Java ...
JDMM: a java memory model for non-cache-coherent memory architectures
ISMM '14As the number of cores continuously grows, processor designers are considering non coherent memories as more scalable and energy efficient alternatives to the current coherent ones. The Java Memory Model (JMM) requires that all cores can access the Java ...







Comments