Formal Methods in System Design

, Volume 40, Issue 2, pp 170–205 | Cite as

Fences in weak memory models (extended version)

  • Jade Alglave
  • Luc Maranget
  • Susmit Sarkar
  • Peter Sewell
Article

Abstract

We present a class of relaxed memory models, defined in Coq, parameterised by the chosen permitted local reorderings of reads and writes, and by the visibility of inter- and intra-processor communications through memory (e.g. store atomicity relaxation). We prove results on the required behaviour and placement of memory fences to restore a given model (such as Sequential Consistency) from a weaker one. Based on this class of models we develop a tool, diy, that systematically and automatically generates and runs litmus tests. These tests can be used to explore the behaviour of processor implementations and the behaviour of models, and hence to compare the two against each other. We detail the results of experiments on Power and a model we base on them.

Keywords

Weak memory models Formal proofs Testing tool PowerPC Generic framework Fences 

References

  1. 1.
    A formal specification of Intel Itanium processor family memory ordering, October 2002. Intel Document 251429-001 Google Scholar
  2. 2.
    Adir A, Shurek G (2002) Generating concurrent test-programs with collisions for multi-processor verification. In: HLDVT Google Scholar
  3. 3.
    Adir A, Attiya H, Shurek G (2003) Information-flow models for shared Memory with an application to the PowerPC architecture. In: TPDS Google Scholar
  4. 4.
    Adve SV, Gharachorloo K (1995) Shared memory consistency models: a tutorial. Computer 29:66–76 CrossRefGoogle Scholar
  5. 5.
    Ahamad M, Bazzi RA, John R, Kohli P, Neiger G (1993) The power of processor consistency. In: SPAA Google Scholar
  6. 6.
    Alglave J A shared memory poetics. PhD thesis, Université Paris 7 and INRIA, 26 November 2010. http://diy.inria.fr/alglave-thesis.pdf
  7. 7.
    Alglave J, Fox A, Ishtiaq S, Myreen MO, Sarkar S, Sewell P, Zappa Nardelli F (2009) The semantics of Power and ARM multiprocessor machine code. In: DAMP Google Scholar
  8. 8.
    Alglave J, Maranget L, Sarkar S, Sewell P (2010) Fences in weak memory models. In: CAV Google Scholar
  9. 9.
    Alpha Architecture Reference Manual, 4th edn (2002) Google Scholar
  10. 10.
    AMD64 Architecture Programmer’s Manual. Advanced Micro Devices, September 2007. (3 vols) Google Scholar
  11. 11.
    ARM Architecture Reference Manual (ARMv7-A and ARMv7-R), April 2008 Google Scholar
  12. 12.
    Arvind, Maessen J-W (2006) Memory model = instruction reordering + store atomicity. In: ISCA. IEEE Comput Soc, Los Alamitos Google Scholar
  13. 13.
    Bertot Y, Casteran P (2004) In: Coq’Art. EATCS texts in theoretical computer science. Springer, Berlin Google Scholar
  14. 14.
    Boehm H-J, Adve SV (2008) Foundations of the C++ concurrency memory model. In: PLDI Google Scholar
  15. 15.
    Burckhardt S, Musuvathi M (2008) Effective program verification for relaxed memory models. In: CAV Google Scholar
  16. 16.
    Cantin J, Lipasti M, Smith J (2003) The complexity of verifying memory coherence. In: SPAA Google Scholar
  17. 17.
    Collier WW (1992) Reasoning about parallel architectures. Prentice Hall, New York MATHGoogle Scholar
  18. 18.
    Hangal S, Vahia D, Manovit C, Lu J-YJ, Narayanan S (2004) TSOTool: a program for verifying memory systems using the memory consistency model. In: ISCA Google Scholar
  19. 19.
    Higham L, Kawash J, Verwaal N Weak memory consistency models part I: Definitions and comparisons. Technical Report98/612/03, Department of Computer Science, The University of Calgary, January 1998 Google Scholar
  20. 20.
    Intel 64 and IA-32 Architectures Software Developer’s Manual (5 vols). Intel Corporation, March 2010. rev. 34 Google Scholar
  21. 21.
    Lamport L (1979) How to make a correct multiprocess program execute correctly on a multiprocessor. IEEE Trans Comput 46(7):779–782 MathSciNetCrossRefGoogle Scholar
  22. 22.
    Landin A, Hagersten E, Haridi S (1991) Race-free interconnection networks and multiprocessor consistency. Comput Archit News 19(3):106–115 CrossRefGoogle Scholar
  23. 23.
    Manson J, Pugh W, Adve SV (2005) The Java memory model. In: POPL Google Scholar
  24. 24.
    Owens S, Sarkar S, Sewell P (2009) A better x86 memory model: x86-TSO. In: TPHOL Google Scholar
  25. 25.
    Power ISA version 2.06, January 2009 Google Scholar
  26. 26.
    Sarkar S, Sewell P, Zappa Nardelli F, Owens S, Ridge T, Braibant T, Myreen M, Alglave J (2009) The semantics of x86-CC multiprocessor machine code. In: POPL Google Scholar
  27. 27.
    Sarkar S, Sewell P, Alglave J, Maranget L, Williams D (2011) Understanding Power multiprocessors. In: PLDI Google Scholar
  28. 28.
    Sewell P, Sarkar S, Owens S, Zappa Nardelli F, Myreen MO (2010) x86-TSO: a rigorous and usable programmer’s model for x86 multiprocessors. Commun ACM 53(7):89–97. (Research Highlights) CrossRefGoogle Scholar
  29. 29.
    Shasha D, Snir M (1988) Efficient and correct execution of parallel programs that share memory. ACM Trans Program Lang Syst 10(2):282–312 CrossRefGoogle Scholar
  30. 30.
    Sparc Architecture Manual Versions 8 and 9, 1992 and 1994 Google Scholar
  31. 31.
    Yang Y, Gopalakrishnan G, Linstrom G, Slind K (2004) Nemos: a framework for axiomatic and executable specifications of memory consistency models. In: IPDPS Google Scholar
  32. 32.
    Yang Y, Gopalakrishnan G, Lindstrom G (2007) UMM: an operational memory model specification framework with integrated model checking capability. In: CCPE Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2012

Authors and Affiliations

  • Jade Alglave
    • 1
    • 3
  • Luc Maranget
    • 1
  • Susmit Sarkar
    • 2
  • Peter Sewell
    • 2
  1. 1.INRIARocquencourtFrance
  2. 2.University of CambridgeCambridgeUK
  3. 3.Oxford UniversityOxfordUK

Personalised recommendations