Abstract
We propose an axiomatic generic framework for modelling weak memory. We show how to instantiate this framework for Sequential Consistency (SC), Total Store Order (TSO), C++ restricted to release-acquire atomics, and Power. For Power, we compare our model to a preceding operational model in which we found a flaw. To do so, we define an operational model that we show equivalent to our axiomatic model.
We also propose a model for ARM. Our testing on this architecture revealed a behaviour later acknowledged as a bug by ARM, and more recently, 31 additional anomalies.
We offer a new simulation tool, called herd, which allows the user to specify the model of his choice in a concise way. Given a specification of a model, the tool becomes a simulator for that model. The tool relies on an axiomatic description; this choice allows us to outperform all previous simulation tools. Additionally, we confirm that verification time is vastly improved, in the case of bounded model checking.
Finally, we put our models in perspective, in the light of empirical data obtained by analysing the C and C++ code of a Debian Linux distribution. We present our new analysis tool, called mole, which explores a piece of code to find the weak memory idioms that it uses.
- Parosh Aziz Abdulla, Mohamed Faouzi Atig, Yu-Fang Chen, Carl Leonardsson, and Ahmed Rezine. 2012. Counter-example guided fence insertion under TSO. In Proceedings of TACAS. Springer-Verlag, Berlin, Heidelberg, 204--219. Google Scholar
Digital Library
- Parosh Aziz Abdulla, Mohamed Faouzi Atig, Yu-Fang Chen, Carl Leonardsson, and Ahmed Rezine. 2013. Memorax, a precise and sound tool for automatic fence insertion under TSO. In Proceedings of TACAS. Springer-Verlag, Berlin, Heidelberg, 530--536. Google Scholar
Digital Library
- Allon Adir, Hagit Attiya, and Gil Shurek. 2003. Information-flow models for shared memory with an application to the PowerPC architecture. IEEE Transactions on Parallel and Distributed Systems 14, 5, 502--515. Google Scholar
Digital Library
- Sarita V. Adve and Hans-Juergen Boehm. 2010. Memory models: A case for rethinking parallel languages and hardware. Communications of the ACM 53, 8, 90--101. Google Scholar
Digital Library
- Sarita V. Adve and Kourosh Gharachorloo. 1996. Shared memory consistency models: A tutorial. IEEE Computer 29, 12, 66--76. Google Scholar
Digital Library
- Jade Alglave. 2010. A Shared Memory Poetics. Ph.D. Dissertation. Université Paris 7.Google Scholar
- Jade Alglave. 2012. A formal hierarchy of weak memory models. Formal Methods in System Design 41, 2, 178--210. Google Scholar
Digital Library
- Jade Alglave, Anthony C. J. Fox, Samin Ishtiaq, Magnus O. Myreen, Susmit Sarkar, Peter Sewell, and Francesco Zappa Nardelli. 2009. The semantics of power and ARM multiprocessor machine code. In Proceedings of AMP. ACM Press, New York, NY, 13--24. Google Scholar
Digital Library
- Jade Alglave, Daniel Kroening, John Lugton, Vincent Nimal, and Michael Tautschnig. 2011a. Soundness of data flow analyses for weak memory models. In Proceedings of APLAS. Springer-Verlag, Berlin, Heidelberg, 272--288. Google Scholar
Digital Library
- Jade Alglave, Daniel Kroening, Vincent Nimal, and Michael Tautschnig. 2013a. Software verification for weak memory via program transformation. In Proceedings of ESOP. Springer-Verlag, Berlin, Heidelberg, 512--532. Google Scholar
Digital Library
- Jade Alglave, Daniel Kroening, and Michael Tautschnig. 2013b. Partial orders for efficient bounded model checking of concurrent software. In Proceedings of CAV. Springer-Verlag, Berlin, Heidelberg, 141--157.Google Scholar
- Jade Alglave and Luc Maranget. 2011. Stability in weak memory models. In Proceedings of CAV. Springer-Verlag, Berlin, Heidelberg, 50--66. Google Scholar
Digital Library
- Jade Alglave, Luc Maranget, Susmit Sarkar, and Peter Sewell. 2010. Fences in weak memory models. In Proceedings of CAV. Springer-Verlag, Berlin, Heidelberg, 258--272. Google Scholar
Digital Library
- Jade Alglave, Luc Maranget, Susmit Sarkar, and Peter Sewell. 2011b. Litmus: Running tests against hardware. In Proceedings of TACAS. Springer-Verlag, Berlin, Heidelberg, 41--44. Google Scholar
Digital Library
- Jade Alglave, Luc Maranget, Susmit Sarkar, and Peter Sewell. 2012. Fences in weak memory models (extended version). Formal Methods in System Design 40, 2, 170--205. Google Scholar
Digital Library
- ARM Ltd. 2010. ARM Architecture Reference Manual: ARMv7-A and ARMv7-R Edition. ARM Ltd.Google Scholar
- ARM Ltd. 2011. Cortex-A9 MPCore, Programmer Advice Notice, Read-after-Read Hazards. ARM Ltd.Google Scholar
- Arvind and Jan-Willem Maessen. 2006. Memory Model = Instruction Reordering + Store Atomicity. In Proceedings of ISCA. IEEE Computer Society, Washington, DC, 29--40. Google Scholar
Digital Library
- Mohamed Faouzi Atig, Ahmed Bouajjani, Sebastian Burckhardt, and Madanlal Musuvathi. 2010. On the verification problem for weak memory models. In Proceedings of POPL. ACM Press, New York, NY, 7--18. Google Scholar
Digital Library
- Mohamed Faouzi Atig, Ahmed Bouajjani, Sebastian Burckhardt, and Madanlal Musuvathi. 2012. What’s decidable about weak memory models? In Proceedings of ESOP. Springer-Verlag, Berlin, Heidelberg, 26--46. Google Scholar
Digital Library
- Mohamed Faouzi Atig, Ahmed Bouajjani, and Gennaro Parlato. 2011. Getting rid of store-buffers in TSO analysis. In Proceedings of CAV. Springer-Verlag, Berlin, Heidelberg, 99--115. Google Scholar
Digital Library
- Mark Batty, Mike Dodds, and Alexey Gotsman. 2013. Library abstraction for C/C++ concurrency. In Proceedings of POPL. ACM Press, New York, NY, 235--248. Google Scholar
Digital Library
- Mark Batty, Scott Owens, Susmit Sarkar, Peter Sewell, and Tjark Weber. 2011. Mathematizing C++ concurrency. In Proceedings of POPL. ACM Press, New York, NY, 55--66. Google Scholar
Digital Library
- Yves Bertot and Pierre Casteran. 2004. Interactive Theorem Proving and Program Development: Coq’Art: The Calculus of Inductive Constructions. Springer-Verlag. Google Scholar
Digital Library
- Hans-Juergen Boehm and Sarita V. Adve. 2008. Foundations of the C++ concurrency memory model. In Proceedings of PLDI. ACM Press, New York, NY, 68--78. Google Scholar
Digital Library
- Hans-Juergen Boehm and Sarita V. Adve. 2012. You don’t know jack about shared variables or memory models. Communications of the ACM 55, 2, 48--54. Google Scholar
Digital Library
- Ahmed Bouajjani, Egor Derevenetc, and Roland Meyer. 2013. Checking and enforcing robustness against TSO. In Proceedings of ESOP. Springer-Verlag, Berlin, Heidelberg, 533--553. Google Scholar
Digital Library
- Ahmed Bouajjani, Roland Meyer, and Eike Möhlmann. 2011. Deciding robustness against total store ordering. In Proceedings of ICALP (2). Springer-Verlag, Berlin, Heidelberg, 428--440. Google Scholar
Digital Library
- Gérard Boudol and Gustavo Petri. 2009. Relaxed memory models: An operational approach. In Proceedings of POPL. ACM Press, New York, NY, 392--403. Google Scholar
Digital Library
- Gérard Boudol, Gustavo Petri, and Bernard P. Serpette. 2012. Relaxed operational semantics of concurrent programming languages. In Proceedings of EXPRESS/SOS. 19--33.Google Scholar
- Sebastian Burckhardt, Rajeev Alur, and Milo M. K. Martin. 2007. CheckFence: Checking consistency of concurrent data types on relaxed memory models. In Proceedings of PLDI. ACM, New York, NY, 12--21. Google Scholar
Digital Library
- Sebastian Burckhardt, Alexey Gotsman, and Hongseok Yang. 2013. Understanding eventual consistency. Technical Report TR-2013-39. Microsoft Research.Google Scholar
- Sebastian Burckhardt, Alexey Gotsman, Hongseok Yang, and Marek Zawirski. 2014. Replicated data types: Specification, verification, optimality. In Proceedings of POPL. ACM Press, New York, NY, 271--284. Google Scholar
Digital Library
- Sebastian Burckhardt and Madan Musuvathi. 2008. Memory Model Safety of Programs. In Proceedings of the Workshop on Exploiting Concurrency Efficiently and Correctly (EC)2.Google Scholar
- Pietro Cenciarelli, Alexander Knapp, and Eleonora Sibilio. 2007. The Java memory model: Operationally, denotationally, axiomatically. In Proceedings of ESOP. Springer-Verlag, Berlin, Heidelberg, 331--346. Google Scholar
Digital Library
- Nathan Chong and Samin Ishtiaq. 2008. Reasoning about the ARM weakly consistent memory model. In Proceedings of MSPC. ACM Press, New York, NY, 16--19. Google Scholar
Digital Library
- Edmund M. Clarke, Daniel Kroening, and Flavio Lerda. 2004. A tool for checking ANSI-C programs. In Proceedings of TACAS. Springer-Verlag, Berlin, Heidelberg, 168--176.Google Scholar
- William Collier. 1992. Reasoning About Parallel Architectures. Prentice Hall. Google Scholar
Digital Library
- Compaq Computer Corp. 2002. Alpha Architecture Reference Manual. Compaq Computer Corp.Google Scholar
- Kourosh Gharachorloo, Daniel Lenoski, James Laudon, Phillip B. Gibbons, Anoop Gupta, and John L. Hennessy. 1990. Memory consistency and event ordering in scalable shared-memory multiprocessors. In Proceedings of ISCA. ACM Press, New York, NY, 15--26. Google Scholar
Digital Library
- Jacob Goodman. 1989. Cache consistency and sequential consistency. Technical Report. IEEE Scalable Coherent Interface Group.Google Scholar
- Ganesh Gopalakrishnan, Yue Yang, and Hemanthkumar Sivaraj. 2004. QB or not QB: An efficient execution verification tool for memory orderings. In Proceedings of CAV. Springer-Verlag, Berlin, Heidelberg, 401--413.Google Scholar
- Michael J. C. Gordon. 2002. Relating event and trace semantics of hardware description languages. Computer Journal 45, 1, 27--36.Google Scholar
Cross Ref
- Richard Grisenthwaite. 2009. ARM Barrier Litmus Tests and Cookbook. ARM Ltd.Google Scholar
- Sudheendra Hangal, Durgam Vahia, Chaiyasit Manovit, Juin-Yeu Joseph Lu, and Sridhar Narayanan. 2004. TSOtool: A program for verifying memory systems using the memory consistency model. In Proceedings of ISCA. IEEE Computer Society, Washington, DC, 114--123. Google Scholar
Digital Library
- C. A. R. Hoare and Peter E. Lauer. 1974. Consistent and complementary formal theories of the semantics of programming languages. Acta Informatica 3, 135--153.Google Scholar
Digital Library
- David Howells and Paul E. MacKenney. 2013. Linux Kernel Memory Barriers, 2013 version. Retrieved May 29, 2014, from https://www.kernel.org/doc/Documentation/memory-barriers.txt.Google Scholar
- IBM Corp. 2009. Power ISA Version 2.06. IBM Corp.Google Scholar
- Intel Corp. 2002. A Formal Specification of Intel Itanium Processor Family Memory Ordering. Intel Corp.Google Scholar
- Intel Corp. 2009. Intel 64 and IA-32 Architectures Software Developer’s Manual. Intel Corp.Google Scholar
- ISO. 2011. ISO/IEC 9899:2011 Information technology — Programming languages — C. International Organization for Standardization.Google Scholar
- Daniel Jackson. 2002. Alloy: A lightweight object modelling notation. ACM Transactions on Software Engineering and Methodology 11, 2, 256--290. Google Scholar
Digital Library
- Vineet Kahlon, Yu Yang, Sriram Sankaranarayanan, and Aarti Gupta. 2007. Fast and accurate static data-race detection for concurrent programs. In Proceedings of CAV. Springer-Verlag, Berlin, Heidelberg, 226--239. Google Scholar
Digital Library
- Michael Kuperstein, Martin T. Vechev, and Eran Yahav. 2010. Automatic inference of memory fences. In Proceedings of FMCAD. IEEE Computer Society, Washington, DC, 111--119. Google Scholar
Digital Library
- Michael Kuperstein, Martin T. Vechev, and Eran Yahav. 2011. Partial-coherence abstractions for relaxed memory models. In Proceedings of PLDI. ACM Press, New York, NY, 187--198. Google Scholar
Digital Library
- Leslie Lamport. 1979. How to make a multiprocessor computer that correctly executes multiprocess programs. IEEE Transactions on Computer Systems 28, 9, 690--691. Google Scholar
Digital Library
- Richard J. Lipton and Jonathan S. Sandberg. 1988. PRAM: A scalable shared memory. Technical Report CS-TR-180-88. Princeton University.Google Scholar
- Feng Liu, Nayden Nedev, Nedyalko Prisadnikov, Martin T. Vechev, and Eran Yahav. 2012. Dynamic synthesis for relaxed memory models. In Proceedings of PLDI. ACM Press, New York, NY, 429--440. Google Scholar
Digital Library
- Sela Mador-Haim, Rajeev Alur, and Milo M. K. Martin. 2010. Generating litmus tests for contrasting memory consistency models. In Proceedings of CAV. Springer-Verlag, Berlin, Heidelberg, 273--287. Google Scholar
Digital Library
- Sela Mador-Haim, Luc Maranget, Susmit Sarkar, Kayvan Memarian, Jade Alglave, Scott Owens, Rajeev Alur, Milo M. K. Martin, Peter Sewell, and Derek Williams. 2012. An axiomatic memory model for POWER multiprocessors. In Proceedings of CAV. Springer-Verlag, Berlin, Heidelberg, 495--512. Google Scholar
Digital Library
- Jeremy Manson, William Pugh, and Sarita V. Adve. 2005. The Java memory model. In Proceedings of POPL. ACM Press, New York, NY, 378--391. Google Scholar
Digital Library
- Paul E. McKenney and Jonathan Walpole. 2007. What is RCU, fundamentally? Retrieved May 29, 2014, from http://lwn.net/Articles/262464/.Google Scholar
- Gil Neiger. 2000. A taxonomy of multiprocessor memory-ordering models. In Tutorial and Workshop on Formal Specification and Verification Methods for Shared Memory Systems.Google Scholar
- Scott Owens, Peter Böhm, Francesco Zappa Nardelli, and Peter Sewell. 2011. Lem: A lightweight tool for heavyweight semantics. In Proceedings of ITP. Springer-Verlag, Berlin, Heidelberg, 363--369. Google Scholar
Digital Library
- Scott Owens, Susmit Sarkar, and Peter Sewell. 2009. A better x86 memory model: x86-TSO. In Proceedings of TPHOLs. Springer-Verlag, Berlin, Heidelberg, 391--407. Google Scholar
Digital Library
- Susmit Sarkar, Kayvan Memarian, Scott Owens, Mark Batty, Peter Sewell, Luc Maranget, Jade Alglave, and Derek Williams. 2012. Synchronising C/C++ and POWER. In Proceedings of PLDI. ACM Press, New York, NY, 311--322. Google Scholar
Digital Library
- Susmit Sarkar, Peter Sewell, Jade Alglave, Luc Maranget, and Derek Williams. 2011. Understanding power multiprocessors. In Proceedings of PLDI. ACM Press, New York, NY, 175--186. Google Scholar
Digital Library
- Susmit Sarkar, Peter Sewell, Francesco Zappa Nardelli, Scott Owens, Tom Ridge, Thomas Braibant, Magnus O. Myreen, and Jade Alglave. 2009. The semantics of x86-CC multiprocessor machine code. In Proceedings of POPL. ACM Press, New York, NY, 379--391. Google Scholar
Digital Library
- Dennis Shasha and Marc Snir. 1988. Efficient and correct execution of parallel programs that share memory. ACM Transactions on Programming and Language Systems 10, 2, 282--312. Google Scholar
Digital Library
- SPARC International Inc. 1992. The SPARC Architecture Manual Version 8. SPARC International Inc. Google Scholar
Digital Library
- SPARC International Inc. 1994. The SPARC Architecture Manual Version 9. SPARC International Inc. Google Scholar
Digital Library
- Robert C. Steinke and Gary J. Nutt. 2004. A unified theory of shared memory consistency. Journal of the ACM 51, 5, 800--849. Google Scholar
Digital Library
- Robert Tarjan. 1973. Enumeration of the elementary circuits of a directed graph. SIAM Journal of Computing 2, 3, 211--216.Google Scholar
Cross Ref
- Joel M. Tendler, J. Steve Dodson, J. S. Fields Jr., Hung Le, and Balaram Sinharoy. 2002. POWER4 system microarchitecture. IBM Journal of Research and Development 46, 1, 5--26. Google Scholar
Digital Library
- Emina Torlak, Mandana Vaziri, and Julian Dolby. 2010. MemSAT: Checking axiomatic specifications of memory models. In Proceedings of PLDI. ACM Press, New York, NY, 341--350. Google Scholar
Digital Library
- Yue Yang, Ganesh Gopalakrishnan, Gary Lindstrom, and Konrad Slind. 2004. Nemos: A framework for axiomatic and executable specifications of memory consistency models. In Proceedings of IPDPS. IEEE Computer Society, Washington, DC, 31b.Google Scholar
Cross Ref
- Francesco Zappa Nardelli, Peter Sewell, Jaroslav Sevcik, Susmit Sarkar, Scott Owens, Luc Maranget, Mark Batty, and Jade Alglave. 2009. Relaxed memory models must be rigorous. In Proceedings of the Workshop on Exploiting Concurrency Efficiently and Correctly (EC)2.Google Scholar
Index Terms
Herding Cats: Modelling, Simulation, Testing, and Data Mining for Weak Memory
Recommendations
Partial-coherence abstractions for relaxed memory models
PLDI '11We present an approach for automatic verification and fence inference in concurrent programs running under relaxed memory models. Verification under relaxed memory models is a hard problem. Given a finite state program and a safety specification, ...
Taming x86-TSO persistency
We study the formal semantics of non-volatile memory in the x86-TSO architecture. We show that while the explicit persist operations in the recent model of Raad et al. from POPL'20 only enforce order between writes to the non-volatile memory, it is ...
What’s Decidable About Causally Consistent Shared Memory?
While causal consistency is one of the most fundamental consistency models weaker than sequential consistency, the decidability of safety verification for (finite-state) concurrent programs running under causally consistent shared memories is still ...






Comments