skip to main content
research-article
Free Access

Making the java memory model safe

Published:03 January 2014Publication History
Skip Abstract Section

Abstract

This work presents a machine-checked formalisation of the Java memory model and connects it to an operational semantics for Java and Java bytecode. For the whole model, I prove the data race freedom guarantee and type safety. The model extends previous formalisations by dynamic memory allocation, thread spawns and joins, infinite executions, the wait-notify mechanism, and thread interruption, all of which interact in subtle ways with the memory model. The formalisation resulted in numerous clarifications of and fixes to the existing JMM specification.

References

  1. Adve, S. V. and Gharachorloo, K. 1996. Shared memory consistency models: A tutorial. Computer 29, 12, 66--76. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Adve, S. V. and Hill, M. D. 1990. Weak ordering—a new definition. In Proceedings of the 17th Annual International Symposium on Computer Architecture (ISCA'90). ACM, 2--14. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Alves-Foss, J., Ed. 1999. Formal Syntax and Semantics of Java. Lecture Notes in Computer Science, vol. 1523, Springer. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Aspinall, D. and Ševčík, J. 2007a. Formalising Java's data-race-free guarantee. In Theorem Proving in Higher Order Logics (TPHOLs'07), K. Schneider and J. Brandt, Eds., Lecture Notes in Computer Science, vol. 4732, Springer, 22--37. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Aspinall, D. and Ševčík, J. 2007b. Java memory model examples: Good, bad and ugly. In Proceedings of Verification and Analysis of Multi-Threaded Java-Like Programs (VAMP'07). 66--80.Google ScholarGoogle Scholar
  6. Batty, M., Memarian, K., Owens, S., Sarkar, S., and Sewell, P. 2012. Clarifying and compiling C/C++ concurrency: From C++11 to POWER. In Proceedings of the 39th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL'12). ACM, 509--520. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Batty, M., Owens, S., Sarkar, S., Sewell, P., and Weber, T. 2011. Mathematizing C++ concurrency. In Proceedings of the 38th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL'11). ACM, 55--66. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Boehm, H.-J. 2007. Memory model rationales. http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2007/n2176.html. ISO JTC1/SC22/WG21 document no. WG21/N2176.Google ScholarGoogle Scholar
  9. Boehm, H.-J. 2012. Can seqlocks get along with programming language memory models? In Proceedings of the ACM SIGPLAN Workshop on Memory Systems Performance and Correctness (MSPC'12). ACM, New York, NY, 12--20. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Boehm, H.-J. and Adve, S. V. 2008. Foundations of the C++ concurrency memory model. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI'08). ACM, 68--78. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Boudol, G. and Petri, G. 2009. Relaxed memory models: An operational approach. In Proceedings of the 36th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL'09). ACM, New York, NY, 392--403. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Boyland, J. 2009. An operational semantics including “volatile” for safe concurrency. J. Object Technol. 8, 4, 33--53.Google ScholarGoogle ScholarCross RefCross Ref
  13. Cenciarelli, P., Knapp, A., and Sibilio, E. 2007. The Java memory model: Operationally, denotationally, axiomatically. In Proceedings of the European Symposium on Programming (ESOP'07). R. De Nicola, Ed., Lecture Notes in Computer Science, vol. 4421, Springer, 331--346. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Choi, J.-D., Gupta, M., Serrano, M., Sreedhar, V. C., and Midkiff, S. 1999. Escape analysis for Java. In Proceedings of the 14th ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA'99). ACM, New York, NY, 1--19. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. De, A., Roychoudhury, A., and D'Souza, D. 2008. Java memory model aware software validation. In Proceedings of the 8th ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering (PASTE'08). ACM, New York, NY, 8--14. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Demange, D., Laporte, V., Zhao, L., Jagannathan, S., Pichardie, D., and Vitek, J. 2013. Plan B: A buffered memory model for Java. In Proceedings of the 40th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL'13). ACM, 329--341. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Drossopoulou, S. and Eisenbach, S. 1999. Describing the semantics of Java and proving type soundness. In Formal Syntax and Semantics of Java, J. Alves-Foss, Ed., Lecture Notes in Computer Science, vol. 1523, Springer, Berlin, 41--80. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Farzan, A., Chen, F., Meseguer, J., and Roşu, G. 2004a. Formal analysis of Java programs in JavaFAN. In Proceedings of Computer Aided Verification (CAV'04), R. Alur and D. Peled, Eds., Lecture Notes in Computer Science, vol. 3114, Springer, 501--505.Google ScholarGoogle Scholar
  19. Farzan, A., Meseguer, J., and Roşu, G. 2004b. Formal JVM code analysis in JavaFAN. In Proceedings of Algebraic Methodology and Software Technology (AMAST'04). C. Rattray, S. Maharaj, and C. Shankland, Eds., Lecture Notes in Computer Science, vol. 3116, Springer, 132--147.Google ScholarGoogle Scholar
  20. Giffhorn, D. 2012. Slicing of concurrent programs and its application to information flow control. Ph.D. thesis, Fakultät für Informatik, Karlsruher Institut für Technologie.Google ScholarGoogle Scholar
  21. Gong, L. 2003. Inside Java 2 Platform Security: Architecture, API Design, and Implementation 2nd Ed. The Java Series, Addison-Wesley. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Gosling, J., Joy, B., Steele, G., and Bracha, G. 2005. The Java Language Specification 3rd. Addison-Wesley. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Goto, M., Jagadeesan, R., Pitcher, C., and Riely, J. 2012. Types for relaxed memory models. In Proceedings of the 8th ACM SIGPLAN Workshop on Types in Language Design and Implementation (TLDI'12). ACM, New York, NY, 25--38. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Hill, M. D. 1998. Multiprocessors should support simple memory-consistency models. IEEE Computer 31, 8, 28--34. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Huisman, M. and Petri, G. 2007. The Java memory model: A formal explanation. In Proceedings of Verification and Analysis of Multi-threaded Java-like Programs (VAMP'07). 81--96.Google ScholarGoogle Scholar
  26. Hur, C.-K., Neis, G., Dreyer, D., and Vafeiadis, V. 2013. The power of parameterization in coinductive proof. In Proceedings of the 40th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL'13). ACM, 193--205. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. ISO. 2011. International standard ISO/IEC 14882:2011. information technology -- programming languages -- C++. International Organization for Standardization.Google ScholarGoogle Scholar
  28. Jacobs, B. 2005. JLS3 contains glitch concerning volatiles? Java Memory Model mailing list, post 2477.Google ScholarGoogle Scholar
  29. Jagadeesan, R., Pitcher, C., and Riely, J. 2010. Generative operational semantics for relaxed memory models. In Proceedings of the European Symposium on Programming (ESOP'10), A. D. Gordon, Ed., Lecture Notes in Computer Science, vol. 6012, Springer, 307--326. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. Jin, H., Yavuz-Kahveci, T., and Sanders, B. A. 2012. Java memory model-aware model checking. In Proceedings of the Tools and Algorithms for the Construction and Analysis of Systems (TACAS'12), C. Flanagan and B. König, Eds., Lecture Notes in Computer Science, vol. 7214. Springer, 220--236. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. Klein, G. and Nipkow, T. 2006. A machine-checked model for a Java-like language, virtual machine and compiler. ACM Trans. Program. Lang. Syst. 28, 4, 619--695. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Lamport, L. 1979. How to make a multiprocessor computer that correctly executes multiprocess programs. IEEE Trans. Comput. 28, 9, 690--691. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Lea, D. 2004. JSR 166: Concurrency utilities. http://jcp.org/en/jsr/detail?id=166.Google ScholarGoogle Scholar
  34. Liu, H. and Moore, J. S. 2003. Executable JVM model for analytical reasoning: A study. In Proceedings of the Workshop on Interpreters, Virtual Machines and Emulators (IVME'03). ACM, 15--23. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. Lochbihler, A. 2007. Jinja with threads. Archive Formal Proofs. http://afp.sf.net/entries/JinjaThreads.shtml.Google ScholarGoogle Scholar
  36. Lochbihler, A. 2008. Type safe nondeterminism - a formal semantics of Java threads. In Proceedings of the International Workshop on Foundations of Object-Oriented Languages (FOOL'08).Google ScholarGoogle Scholar
  37. Lochbihler, A. 2010. Verifying a compiler for Java threads. In Proceedings of the European Symposium on Programming (ESOP'10), A. D. Gordon, Ed., Lecture Notes in Computer Science, vol. 6012, Springer, 427--447. Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. Lochbihler, A. 2012a. Java and the Java memory model -- a unified, machine-checked formalisation. In Proceedings of the European Symposium on Programming (ESOP'12), H. Seidl, Ed., Lecture Notes in Computer Science, vol. 7211, Springer, 497--517. Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. Lochbihler, A. 2012b. A machine-checked, type-safe model of Java concurrency -- language, virtual machine, memory model and verified compiler. Ph.D. thesis, Fakult,ät für Informatik, Karlsruher Institut für Technologie.Google ScholarGoogle Scholar
  40. Lochbihler, A. and Bulwahn, L. 2011. Animating the formalised semantics of a Java-like language. In Proceedings of Interactive Theorem Proving (ITP'11). M. van Eekelen, H. Geuvers, J. Schmalz, and F. Wiedijk, Eds., Lecture Notes in Computer Science, vol. 6898, Springer, 216--232. Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. Manson, J. 2007. The proof of DRF guarantee and initialization. Java memory model mailing list, post 62.Google ScholarGoogle Scholar
  42. Manson, J., Pugh, W., and Adve, S. V. 2005. The Java memory model. In Proceedings of the 32nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL'05). ACM, 378--391. Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. Nipkow, T., Paulson, L. C., and Wenzel, M. 2002. Isabelle/HOL—A Proof Assistant for Higher-Order Logic. Lecture Notes in Computer Science, vol. 2283, Springer. Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. Nipkow, T. and von Oheimb, D. 1998. Javalight is type-safe—definitely. In Proceedings of the 25th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL'98). ACM, 161--170. Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. Petri, G. and Huisman, M. 2008. BicolanoMT: A formalization of multi-threaded Java at bytecode level. In Proceedings of Bytecode Semantics, Verification, Analysis and Transformation (BYTECODE'08). Electronic Notes in Theoretical Computer Science.Google ScholarGoogle Scholar
  46. Pierce, B. C. 2002. Types and Programming Languages. The MIT Press. Google ScholarGoogle ScholarDigital LibraryDigital Library
  47. Polyakov, S. and Schuster, A. 2006. Verification of the Java causality requirements. In Proceedings of Hardware Software, Verification and Testing (HVC'05), S. Ur, E. Bin, and Y. Wolfsthal, Eds., Lecture Notes in Computer Science, vol. 3875, Springer, Berlin, 224--246. Google ScholarGoogle ScholarDigital LibraryDigital Library
  48. Pugh, W. 2000. The Java memory model is fatally flawed. Concurrency: Practice Exper. 12, 445--455.Google ScholarGoogle ScholarCross RefCross Ref
  49. Pugh, W. and Manson, J. 2004. Causality test cases for the Java memory model. http://www.cs.umd.edu/ pugh/java/memoryModel/CausalityTestCases.html.Google ScholarGoogle Scholar
  50. Ruf, E. 2000. Effective synchronization removal for Java. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI'00). ACM, New York, NY, 208--218. Google ScholarGoogle ScholarDigital LibraryDigital Library
  51. Sangiorgi, D. 1998. On the bisimulation proof method. Math. Structures Comput. Sci. 8, 5, 447--479. Google ScholarGoogle ScholarDigital LibraryDigital Library
  52. Ševčík, J. 2008. Program transformations in weak memory models. Ph.D. thesis, Laboratory for Foundations of Computer Science, School of Informatics, University of Edinburgh.Google ScholarGoogle Scholar
  53. Ševčík, J. and Aspinall, D. 2008. On validity of program transformations in the Java memory model. In Proceedings of the 22nd European Conference on Object-Oriented Programming (ECOOP'08), J. Vitek, Ed., Lecture Notes in Computer Science, vol. 5142, Springer, 27--51. Google ScholarGoogle ScholarDigital LibraryDigital Library
  54. Ševčík, J., Vafeiadis, V., Nardelli, F., Jagannathan, S., and Sewell, P. 2011. Relaxed-memory concurrency and verified compilation. In Proceedings of the 38th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL'11). ACM, 43--54. Google ScholarGoogle ScholarDigital LibraryDigital Library
  55. Sewell, P., Sarkar, S., Owens, S., Nardelli, F. Z., and Myreen, M. O. 2010. ×86-TSO: A rigorous and usable programmer's model for ×86 multiprocessors. Comm. ACM 53, 89--97. Google ScholarGoogle ScholarDigital LibraryDigital Library
  56. Sorin, D. J., Hill, M. D., and Wood, D. A. 2011. A Primer on Memory Consistency and Cache Coherence. Morgan & Claypool. Google ScholarGoogle ScholarDigital LibraryDigital Library
  57. Stärk, R., Schmid, J., and Börger, E. 2001. Java and the Java Virtual Machine. Springer.Google ScholarGoogle Scholar
  58. Steinke, R. C. and Nutt, G. J. 2004. A unified theory of shared memory consistency. J. ACM 51, 5, 800--849. Google ScholarGoogle ScholarDigital LibraryDigital Library
  59. Sura, Z., Fang, X., Wong, C.-L., Midkiff, S. P., Lee, J., and Padua, D. 2005. Compiler techniques for high performance sequentially consistent Java programs. In Proceedings of the 10th ACM SIGPLAN Symposium on Principles and Practice of Parallel Programming (PPoPP'05). ACM, New York, NY, 2--13. Google ScholarGoogle ScholarDigital LibraryDigital Library
  60. Torlak, E., Vaziri, M., and Dolby, J. 2010. MemSAT: Checking axiomatic specifications of memory models. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI'10). ACM, 341--350. Google ScholarGoogle ScholarDigital LibraryDigital Library
  61. Verbrugge, C., Kielstra, A., and Zhang, Y. 2011. There is nothing wrong with out-of-thin-air: Compiler optimization and memory models. In Proceedings of the ACM SIGPLAN Workshop on Memory Systems Performance and Correctness (MSPC'11). ACM, New York, NY, 1--6. Google ScholarGoogle ScholarDigital LibraryDigital Library
  62. Wright, A. K. and Felleisen, M. 1994. A syntactic approach to type soundness. Info. Comput. 115, 1, 38--94. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Making the java memory model safe

        Recommendations

        Comments

        Login options

        Check if you have access through your login credentials or your institution to get full access on this article.

        Sign in

        Full Access

        • Published in

          cover image ACM Transactions on Programming Languages and Systems
          ACM Transactions on Programming Languages and Systems  Volume 35, Issue 4
          December 2013
          169 pages
          ISSN:0164-0925
          EISSN:1558-4593
          DOI:10.1145/2560142
          Issue’s Table of Contents

          Copyright © 2014 ACM

          Publisher

          Association for Computing Machinery

          New York, NY, United States

          Publication History

          • Published: 3 January 2014
          • Accepted: 1 August 2013
          • Revised: 1 May 2013
          • Received: 1 December 2012
          Published in toplas Volume 35, Issue 4

          Permissions

          Request permissions about this article.

          Request Permissions

          Check for updates

          Qualifiers

          • research-article
          • Research
          • Refereed

        PDF Format

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader
        About Cookies On This Site

        We use cookies to ensure that we give you the best experience on our website.

        Learn more

        Got it!