skip to main content
article
Public Access

Synthesizing memory models from framework sketches and Litmus tests

Published:14 June 2017Publication History
Skip Abstract Section

Abstract

A memory consistency model specifies which writes to shared memory a given read may see. Ambiguities or errors in these specifications can lead to bugs in both compilers and applications. Yet architectures usually define their memory models with prose and litmus tests—small concurrent programs that demonstrate allowed and forbidden outcomes. Recent work has formalized the memory models of common architectures through substantial manual effort, but as new architectures emerge, there is a growing need for tools to aid these efforts.

This paper presents MemSynth, a synthesis-aided system for reasoning about axiomatic specifications of memory models. MemSynth takes as input a set of litmus tests and a framework sketch that defines a class of memory models. The sketch comprises a set of axioms with missing expressions (or holes). Given these inputs, MemSynth synthesizes a completion of the axioms—i.e., a memory model—that gives the desired outcome on all tests. The MemSynth engine employs a novel embedding of bounded relational logic in a solver-aided programming language, which enables it to tackle complex synthesis queries intractable to existing relational solvers. This design also enables it to solve new kinds of queries, such as checking if a set of litmus tests unambiguously defines a memory model within a framework sketch.

We show that MemSynth can synthesize specifications for x86 in under two seconds, and for PowerPC in 12 seconds from 768 litmus tests. Our ambiguity check identifies missing tests from both the Intel x86 documentation and the validation suite of a previous PowerPC formalization. We also used MemSynth to reproduce, debug, and automatically repair a paper on comparing memory models in just two days.

Skip Supplemental Material Section

Supplemental Material

References

  1. S. V. Adve and M. D. Hill. Weak ordering - a new definition. In ISCA, 1990. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. J. Alglave. A formal hierarchy of weak memory models. Form. Methods Syst. Des., 41(2), 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. J. Alglave. Modeling of Architectures. In Advanced Lectures of the 15th International School on Formal Methods, 2015.Google ScholarGoogle ScholarCross RefCross Ref
  4. J. Alglave and L. Maranget. The Phat Experiment. http: //diy.inria.fr/phat/, 2010.Google ScholarGoogle Scholar
  5. J. Alglave, A. Fox, S. Ishtiaq, M. O. Myreen, S. Sarkar, P. Sewell, and F. Zappa Nardelli. The semantics of Power and ARM multiprocessor machine code. In DAMP, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. J. Alglave, L. Maranget, S. Sarkar, and P. Sewell. Fences in weak memory models. In CAV, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. J. Alglave, L. Maranget, S. Sarkar, and P. Sewell. Litmus: Running tests against hardware. In TACAS, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. J. Alglave, L. Maranget, and M. Tautschnig. Herding cats: Modelling, simulation, testing, and data mining for weak memory. ACM Trans. Program. Lang. Syst., 36(2), 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. J. Alglave, M. Batty, A. F. Donaldson, G. Gopalakrishnan, J. Ketema, D. Poetzl, T. Sorensen, and J. Wickerson. GPU concurrency: Weak behaviors and programming assumptions. In ASPLOS, 2015. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. R. Alur and M. M. K. Martin. Personal communication, July 2016.Google ScholarGoogle Scholar
  11. M. Batty, S. Owens, S. Sarkar, P. Sewell, and W. Weber. Mathematizing C++ concurrency. In POPL, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. M. Batty, A. F. Donaldson, and J. Wickerson. Overhauling SC atomics in C11 and OpenCL. In POPL, 2016. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. J. Bornholt, E. Torlak, D. Grossman, and L. Ceze. Optimizing synthesis with metasketches. In POPL, 2016. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. S. Burckhardt and M. Musuvathi. Effective program verification for relaxed memory models. In CAV, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. J. Burnim, K. Sen, and C. Stergiou. Sound and complete monitoring of sequential consistency for relaxed memory models. In TACAS, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Compaq. Alpha Architecture Reference Manual. 4th edition, 2002.Google ScholarGoogle Scholar
  17. J. Crawford, M. Ginsberg, E. Luks, and A. Roy. Symmetrybreaking predicates for search problems. In KR, 1996. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. A. Dan, Y. Meshman, M. Vechev, and E. Yahav. Effective abstractions for verification under relaxed memory models. In VMCAI, 2015. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. L. De Moura and N. Bjørner. Z3: An efficient SMT solver. In TACAS, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. B. Demsky and P. Lam. SATCheck: SAT-directed stateless model checking for SC and TSO. In OOPSLA, 2015. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. M. Flatt and PLT. Reference: Racket. Technical Report PLTTR-2010-1, PLT Design Inc., 2010.Google ScholarGoogle Scholar
  22. IBM. Power ISA Version 2.06 Revision B. IBM, 2010.Google ScholarGoogle Scholar
  23. Intel Corporation. Intel 64 and IA-32 Architectures Software Developer’s Manual. Intel Corporation, 2015. Revision 53.Google ScholarGoogle Scholar
  24. D. Jackson. Software Abstractions: logic, language, and analysis. MIT Press, 2nd edition, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. L. Lamport. Time, clocks, and the ordering of events in a distributed system. Commun. ACM, 21(7), 1978. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. D. Lustig, M. Pellauer, and M. Martonosi. PipeCheck: Specifying and verifying microarchitectural enforcement of memory consistency models. In MICRO, 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. D. Lustig, A. Wright, A. Papakonstantinou, and O. Giroux. Automated synthesis of comprehensive memory model litmus test suites. In ASPLOS, 2017. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. S. Mador-Haim, R. Alur, and M. M. K. Martin. Generating litmus tests for contrasting memory consistency models. In CAV, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. S. Mador-Haim, R. Alur, and M. M. K. Martin. Litmus tests for comparing memory consistency models: How long do they need to be? In DAC, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. S. Mador-Haim, L. Maranget, S. Sarkar, K. Memarian, J. Alglave, S. Owens, R. Alur, M. M. K. Martin, P. Sewell, and D. Williams. An axiomatic memory model for POWER multiprocessors. In CAV, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. J. Manson, W. Pugh, and S. V. Adve. The Java memory model. In POPL, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. P. E. McKenney. A Formal Model of Linux-Kernel Memory Ordering. Linux Plumbers Conference, 2016.Google ScholarGoogle Scholar
  33. A. Milicevic, J. P. Near, E. Kang, and D. Jackson. Alloy ∗ : A general-purpose higher-order relational constraint solver. In ICSE, 2015. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. S. Owens, S. Sarkar, and P. Sewell. A better x86 memory model: x86-TSO (extended version). Technical Report UCAMCL-TR-745, University of Cambridge, 2009.Google ScholarGoogle Scholar
  35. S. Owens, S. Sarkar, and P. Sewell. A better x86 memory model: x86-TSO. In TPHOLs, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. S. Park and D. L. Dill. An executable specification, analyzer and verifier for RMO (Relaxed Memory Order). In SPAA, 1995. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. Racket. The Racket programming language. http://racketlang.org.Google ScholarGoogle Scholar
  38. S. Sarkar, P. Sewell, F. Zappa Nardelli, S. Owens, T. Ridge, T. Braibant, M. O. Myreen, and J. Alglave. The semantics of x86-CC multiprocessor machine code. In POPL, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. S. Sarkar, P. Sewell, J. Alglave, L. Maranget, and D. Williams. Understanding POWER multiprocessors. In PLDI, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. P. Sewell, S. Sarkar, S. Owens, F. Zappa Nardelli, and M. O. Myreen. x86-TSO: A rigorous and usable programmer’s model for x86 multiprocessors. Commun. ACM, 53(7):89–97, July 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. A. Solar-Lezama, L. Tancau, R. Bodik, V. Saraswat, and S. Seshia. Combinatorial sketching for finite programs. In ASPLOS, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. E. Torlak and R. Bodik. Growing solver-aided languages with Rosette. In Onward!, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. E. Torlak and R. Bodik. A lightweight symbolic virtual machine for solver-aided host languages. In PLDI, 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. E. Torlak and D. Jackson. Kodkod: A relational model finder. In TACAS, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. E. Torlak, M. Vaziri, and J. Dolby. MemSAT: Checking axiomatic specifications of memory models. In PLDI, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. D. L. Weaver and T. Germond. The SPARC architecture manual (version 9). SPARC International, 1994.Google ScholarGoogle Scholar
  47. J. Wickerson, M. Batty, T. Sorensen, and G. A. Constantinides. Automatically comparing memory consistency models. In POPL, 2017. Google ScholarGoogle ScholarDigital LibraryDigital Library
  48. Y. Yang, G. Gopalakrishnan, G. Lindstrom, and K. Slind. Nemos: A framework for axiomatic and executable specifications of memory consistency models. In IPDPS, 2004.Google ScholarGoogle ScholarCross RefCross Ref
  49. F. Zappa Nardelli, P. Sewell, J. ˘Sev˘cík, S. Sarkar, S. Owens, L. Maranget, M. Batty, and J. Alglave. Relaxed memory models must be rigorous. In EC 2, 2009.Google ScholarGoogle Scholar

Index Terms

  1. Synthesizing memory models from framework sketches and Litmus tests

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      • Published in

        cover image ACM SIGPLAN Notices
        ACM SIGPLAN Notices  Volume 52, Issue 6
        PLDI '17
        June 2017
        708 pages
        ISSN:0362-1340
        EISSN:1558-1160
        DOI:10.1145/3140587
        Issue’s Table of Contents
        • cover image ACM Conferences
          PLDI 2017: Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation
          June 2017
          708 pages
          ISBN:9781450349888
          DOI:10.1145/3062341

        Copyright © 2017 ACM

        Publisher

        Association for Computing Machinery

        New York, NY, United States

        Publication History

        • Published: 14 June 2017

        Check for updates

        Qualifiers

        • article

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!