Abstract
Memory consistency models (MCMs) which govern inter-module interactions in a shared memory system, are a significant, yet often under-appreciated, aspect of system design. MCMs are defined at the various layers of the hardware-software stack, requiring thoroughly verified specifications, compilers, and implementations at the interfaces between layers. Current verification techniques evaluate segments of the system stack in isolation, such as proving compiler mappings from a high-level language (HLL) to an ISA or proving validity of a microarchitectural implementation of an ISA.
This paper makes a case for full-stack MCM verification and provides a toolflow, TriCheck, capable of verifying that the HLL, compiler, ISA, and implementation collectively uphold MCM requirements. The work showcases TriCheck's ability to evaluate a proposed ISA MCM in order to ensure that each layer and each mapping is correct and complete. Specifically, we apply TriCheck to the open source RISC-V ISA [55], seeking to verify accurate, efficient, and legal compilations from C11. We uncover under-specifications and potential inefficiencies in the current RISC-V ISA documentation and identify possible solutions for each. As an example, we find that a RISC-V-compliant microarchitecture allows 144 outcomes forbidden by C11 to be observed out of 1,701 litmus tests examined. Overall, this paper demonstrates the necessity of full-stack verification for detecting MCM-related bugs in the hardware-software stack.
- Sarita Adve and Kourosh Gharachorloo. Shared memory consistency models: A tutorial. IEEE Computer, 29(12):66--76, 1996. Google Scholar
Digital Library
- Jade Alglave, Luc Maranget, and Michael Tautschnig. Herding cats: Modelling, simulation, testing, and data mining for weak memory. ACM Transactions on Programming Languages and Systems (TOPLAS), 36(2):7:1--7:74, July 2014.Google Scholar
- ARM. ARM Cortex-A9 technical reference manual ARMv7-A, 2008--2012. http://infocenter.arm.com/help/topic/com.arm.doc.ddi0388i/DDI0388I_cortex_a9_r4p1_trm.pdf.Google Scholar
- ARM. Cortex-A9 MPCore, programmer advice notice, read-after-read hazards. ARM Reference 761319., 2011. http://infocenter.arm.com/help/topic/com.arm.doc.uan0004a/UAN0004A_a9_read_read.pdf.Google Scholar
- Krste Asanovic, Rimas Avizienis, Jonathan Bachrach, Scott Beamer, David Biancolin, Christopher Celio, Henry Cook, Daniel Dabbelt, John Hauser, Adam Izraelevitz, Sagar Karandikar, Ben Keller, Donggyu Kim, John Koenig, Yunsup Lee, Eric Love, Martin Maas, Albert Magyar, Howard Mao, Miquel Moreto, Albert Ou, David A. Patterson, Brian Richards, Colin Schmidt, Stephen Twigg, Huy Vo, and Andrew Waterman. The Rocket Chip generator. Technical Report UCB/EECS-2016-17, EECS Department, University of California, Berkeley, Apr 2016.Google Scholar
- Mark Batty, Alastair F. Donaldson, and John Wickerson. Overhauling SC atomics in C11 and OpenCL. In 43rd Annual Symposium on Principles of Programming Languages (POPL), 2016. Google Scholar
Digital Library
- Mark Batty, Kayvan Memarian, Kyndylan Nienhuis, Jean Pichon-Pharabod, and Peter Sewell. The problem of programming language concurrency semantics. In 24th European Symposium on Programming (ESOP), part of the European Joint Conferences on Theory and Practice of Software (ETAPS), 2015. Google Scholar
Cross Ref
- Mark Batty, Kayvan Memarian, Scott Owens, Susmit Sarkar, and Peter Sewell. Clarifying and compiling C/C++ concurrency: From C++11 to POWER. In 39th Annual Symposium on Principles of Programming Languages (POPL), 2012. Google Scholar
Digital Library
- Mark Batty, Scott Owens, Susmit Sarkar, Peter Sewell, and Tjark Weber. Mathematizing C++concurrency. In 38th Annual Symposium on Principles of Programming Languages (POPL), 2011. Google Scholar
Digital Library
- Colin Blundell, Milo M.K. Martin, and Thomas F. Wenisch. InvisiFence: Performance-transparent memory ordering in conventional multiprocessors. In 36th Annual International Symposium on Computer Architecture (ISCA), 2009. Google Scholar
Digital Library
- Hans-J. Boehm. Threads cannot be implemented as a library. In Proceedings of the 2005 ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI '05, pages 261--268, New York, NY, USA, 2005. ACM.Google Scholar
Digital Library
- Hans-J. Boehm and Sarita V. Adve. Foundations of the C++concurrency memory model. In 29th Conference on Programming Language Design and Implementation (PLDI), 2008.Google Scholar
- Luis Ceze, James Tuck, Pablo Montesinos, and Josep Torrellas. BulkSC: Bulk enforcement of sequential consistency. In 34th Annual International Symposium on Computer Architecture (ISCA), 2007. Google Scholar
Digital Library
- William W. Collier. Reasoning About Parallel Architectures. Prentice-Hall, Inc., Upper Saddle River, NJ, USA, 1992.Google Scholar
Digital Library
- M. Elver and V. Nagarajan. TSO-CC: Consistency directed cache coherence for TSO. In 20th International Symposium on High Performance Computer Architecture (HPCA), 2014. Google Scholar
Cross Ref
- Kourosh Gharachorloo. Memory Consistency Models for Shared-memory Multiprocessors. PhD thesis, Stanford University, Stanford, CA, USA, 1996.Google Scholar
Digital Library
- Kourosh Gharachorloo, Daniel Lenoski, James Laudon, Phillip Gibbons, Anoop Gupta, and John Hennessy. Memory consistency and event ordering in scalable shared-memory multiprocessors. 17th International Symposium on Computer Architecture (ISCA), 1990.Google Scholar
Digital Library
- Chris Gniady and Babak Falsafi. Speculative sequential consistency with little custom storage. In International Conference on Parallel Architectures and Compilation Techniques (PACT), 2002. Google Scholar
Cross Ref
- Chris Gniady, Babak Falsafi, and T.N. Vijaykumar. Is SC + ILP = RC? 41st International Symposium on Computer Architecture (ISCA), 1999. Google Scholar
Digital Library
- Dibakar Gope and Mikko H. Lipasti. Atomic SC for simple in-order processors. In 20th International Symposium on High Performance Computer Architecture HPCA, 2014. Google Scholar
Cross Ref
- Martonosi Research Group. Check research tools and papers website, 2017. http://check.cs.princeton.edu.Google Scholar
- Sudheendra Hangal, Durgam Vahia, Chaiyasit Manovit, and Juin-Yeu Joseph Lu. TSOtool: A program for verifying memory systems using the memory consistency model. In 31st Annual International Symposium on Computer Architecture (ISCA), 2004. Google Scholar
Digital Library
- Derek R. Hower, Blake A. Hechtman, Bradford M. Beckmann, Benedict R. Gaster, Mark D. Hill, Steven K. Reinhardt, and David A. Wood. Heterogeneous-race-free memory models. In 19th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), 2014. Google Scholar
Digital Library
- ISO/IEC. Programming Languages -- C++, 2014.Google Scholar
- Daniel Jackson. Software Abstractions: logic, language, and analysis. MIT Press, 2012.Google Scholar
Digital Library
- Pete Keleher, Alan L. Cox, and Willy Zwaenepoel. Lazy release consistency for software distributed shared memory. In 19th Annual International Symposium on Computer Architecture, 1992.Google Scholar
Digital Library
- Ori Lahav, Viktor Vafeiadis, Jeehoon Kang, Chung-Kil Hur, and Derek Dreyer. Repairing sequential consistency in C/C++11. MPI-SWS, Tech. rep. MPI-SWS-2016-011, 2016.Google Scholar
- Leslie Lamport. How to make a multiprocessor computer that correctly executes multiprocess programs. IEEE Transactions on Computing, 28(9):690--691, 1979. Google Scholar
Digital Library
- Changhui Lin, Vijay Nagarajan, Rajiv Gupta, and Bharghava Rajaram. Efficient sequential consistency via conflict ordering. In 17th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), 2012. Google Scholar
Digital Library
- Daniel Lustig, Michael Pellauer, and Margaret Martonosi. PipeCheck: Specifying and verifying microarchitectural enforcement of memory consistency models. In 47th International Symposium on Microarchitecture (MICRO), 2014. Google Scholar
Digital Library
- Daniel Lustig, Geet Sethi, Margaret Martonosi, and Abhishek Bhattacharjee. COATCheck: Verifying Memory Ordering at the Hardware-OS Interface. In Proceedings of the 21st International Conference on Architectural Support for Programming Languages and Operating Systems, 2016. Google Scholar
Digital Library
- Daniel Lustig, Caroline Trippel, Michael Pellauer, and Margaret Martonosi. ArMOR: Defending against memory consistency model mismatches in heterogeneous architectures. In 42nd International Symposium on Computer Architecture (ISCA), 2015. Google Scholar
Digital Library
- Daniel Lustig, Andrew Wright, Alexandros Papakonstantinou, and Olivier Giroux. Automated synthesis of comprehensive memory model litmus test suites. 22nd International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), 2017.Google Scholar
Digital Library
- Sela Mador-Haim, Luc Maranget, Susmit Sarkar, Kayvan Memarian, Jade Alglave, Scott Owens, Rajeev Alur, Milo M. K. Martin, Peter Sewell, and Derek Williams. An axiomatic memory model for POWER multiprocessors. In 24th International Conference on Computer Aided Verification (CAV), 2012. Google Scholar
Digital Library
- Yatin A. Manerkar, Daniel Lustig, Michael Pellauer, and Margaret Martonosi. CCICheck: Using μhb graphs to verify the coherence-consistency interface. In 48th International Symposium on Microarchitecture (MICRO), 2015. Google Scholar
Digital Library
- Yatin A. Manerkar, Caroline Trippel, Daniel Lustig, Michael Pellauer, and Margaret Martonosi. Counterexamples and proof loophole for the C/CGoogle Scholar
- to POWER and armv7 trailing-sync compiler mappings. CoRR, abs/1611.01507, 2016.Google Scholar
- Milo M. K. Martin, Daniel J. Sorin, Harold W. Cain, Mark D. Hill, and Mikko H. Lipasti. Correctly implementing value prediction in microprocessors that support multithreading or multiprocessing. In 34th International Symposium on Microarchitecture (MICRO), 2001. Google Scholar
Cross Ref
- Paul E. McKenney and Raul Silvera. Example POWER implementation for C/C++memory model, 2011. http://www.rdrop.com/users/paulmck/scalability/paper/N2745r.2011.03.04a.html.Google Scholar
- Dominic P. Mulligan, Scott Owens, Kathryn E. Gray, Tom Ridge, and Peter Sewell. Lem: Reusable engineering of real-world semantics. In 19th International Conference on Functional Programming (ICFP), 2014. Google Scholar
Digital Library
- Tobias Nipkow, Markus Wenzel, and Lawrence C. Paulson. Isabelle/HOL: A Proof Assistant for Higher-order Logic. Springer-Verlag, Berlin, Heidelberg, 2002. Google Scholar
Cross Ref
- Scott Owens, Susmit Sarkar, and Peter Sewell. A better x86 memory model: x86-TSO. In 22nd International Conference on Theorem Proving in Higher Order Logics (TPHOLs), 2009. Google Scholar
Digital Library
- Gustavo Petri, Jan Vitek, and Suresh Jagannathan. Cooking the books: Formalizing JMM implementation recipes. In 29th European Conference on Object-Oriented Programming (ECOOP), 2015.Google Scholar
- Parthasarathy Ranganathan, Vijay S. Pai, and Sarita V. Adve. Using speculative retirement and larger instruction windows to narrow the performance gap between memory consistency models. In 9th Symposium on Parallel Algorithms and Architectures (SPAA), 1997. Google Scholar
Digital Library
- RISC-V Foundation. RISC-V port of Linux kernel, 2016. https://github.com/riscv/riscv-linux/blob/master/arch/riscv/include/asm/barrier.h.Google Scholar
- Susmit Sarkar, Kayvan Memarian, Scott Owens, Mark Batty, Peter Sewell, Luc Maranget, Jade Alglave, and Derek Williams. Synchronising C/C++ and POWER. In 33rd Conference on Programming Language Design and Implementation (PLDI), 2012. Google Scholar
Digital Library
- Susmit Sarkar, Peter Sewell, Jade Alglave, Luc Maranget, and Derek Williams. Understanding power multiprocessors. In Proceedings of the 32Nd ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI '11, pages 175--186, New York, NY, USA, 2011. ACM. Google Scholar
Digital Library
- Peter Sewell. C/c++11 mappings to processors. 2016.Google Scholar
- Peter Sewell et al. C/C++11 mappings to processors, 2016. https://www.cl.cam.ac.uk/ pes20/cpp/cpp0xmappings.html.Google Scholar
- Abhayendra Singh, Satish Narayanasamy, Daniel Marino, Todd Millstein, and Madanlal Musuvathi. End-to-end sequential consistency. In 39th International Symposium on Computer Architecture (ISCA), 2012. Google Scholar
Cross Ref
- SPARC International. The SPARC Architecture Manual (Version 9). Prentice-Hall, Inc., Upper Saddle River, NJ, USA, 1994.Google Scholar
Digital Library
- J. M. Tendler, J. S. Dodson, J. S. Fields, H. Le, and B. Sinharoy. POWER4 system microarchitecture. IBM Journal of Research and Development, 46(1):5--25, January 2002. Google Scholar
Digital Library
- Linus Torvalds et al. Linux kernel, 2016. https://github.com/torvalds/linux/blob/master/arch/alpha/include/asm/barrier.h.Google Scholar
- Viktor Vafeiadis, Thibaut Balabonski, Soham Chakraborty, Robin Morisset, and Francesco Zappa Nardelli. Common compiler optimisations are invalid in the C11 memory model and what we can do about it. In 42nd Symposium on Principles of Programming Languages (POPL), 2015. Google Scholar
Digital Library
- Viktor Vafeiadis and Chinmay Narayan. Relaxed separation logic: A program logic for C11 concurrency. In 28th International Conference on Object Oriented Programming Systems Languages and Applications (OOPSLA), 2013. Google Scholar
Digital Library
- Andrew Waterman, Yunsup Lee, David A. Patterson, and Krste Asanovic. The RISC-V instruction set manual, volume I: User-level ISA, version 2.1. Technical Report UCB/EECS-2016-118, EECS Department, University of California, Berkeley, May 2016.Google Scholar
- Thomas F. Wenisch, Anastasia Ailamaki, Babak Falsafi, and Andreas Moshovos. Mechanisms for store-wait-free multiprocessors. In 34th International Symposium on Computer Architecture (ISCA), 2007. Google Scholar
Digital Library
- John Wickerson, Mark Batty, Tyler Sorensen, and George A Constantinides. Automatically comparing memory consistency models. 44th Symposium on Principles of Programming Languages (POPL), 2017.Google Scholar
Digital Library
Index Terms
TriCheck: Memory Model Verification at the Trisection of Software, Hardware, and ISA
Recommendations
TriCheck: Memory Model Verification at the Trisection of Software, Hardware, and ISA
ASPLOS '17: Proceedings of the Twenty-Second International Conference on Architectural Support for Programming Languages and Operating SystemsMemory consistency models (MCMs) which govern inter-module interactions in a shared memory system, are a significant, yet often under-appreciated, aspect of system design. MCMs are defined at the various layers of the hardware-software stack, requiring ...
TriCheck: Memory Model Verification at the Trisection of Software, Hardware, and ISA
Asplos'17Memory consistency models (MCMs) which govern inter-module interactions in a shared memory system, are a significant, yet often under-appreciated, aspect of system design. MCMs are defined at the various layers of the hardware-software stack, requiring ...
An evaluation of speculative instruction execution on simultaneous multithreaded processors
Modern superscalar processors rely heavily on speculative execution for performance. For example, our measurements show that on a 6-issue superscalar, 93% of committed instructions for SPECINT95 are speculative. Without speculation, processor resources ...







Comments