Reasoning about the Implementation of Concurrency Abstractions on x86-TSO

  • Scott Owens
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6183)


With the rise of multi-core processors, shared-memory concurrency has become a widespread feature of computation, from hardware, to operating systems, to programming languages such as C++ and Java. However, none of these provide sequentially consistent shared memory; instead they have relaxed memory models, which make concurrent programs even more challenging to understand. Programming language implementations run on hardware memory models, so VM and run-time system implementors must reason at both levels. Of particular interest are the low-level implementations of the abstractions that support language-level concurrency—especially because they invariably contain data races.

In this paper, we develop a novel principle for reasoning about assembly programs on our previous x86-TSO memory model, and we use it to analyze five concurrency abstraction implementations: two spinlocks (from Linux); a non-blocking write protocol; the double-checked locking idiom; and java.util.concurrent’s Parker. Our principle, called triangular-race freedom, strengthens the usual data-race freedom style of reasoning.


Memory Model Critical Section Mutual Exclusion Data Race Sequential Consistency 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Adve, S.V., Gharachorloo, K.: Shared memory consistency models: A tutorial. IEEE Computer 29(12), 66–76 (1996)Google Scholar
  2. 2.
    Adve, S.V., Hill, M.D.: A unified formalization of four shared-memory models. IEEE Trans. Parallel Distrib. Syst. 4(6), 613–624 (1993)CrossRefGoogle Scholar
  3. 3.
    Ahamad, M., Neiger, G., Burns, J.E., Kohli, P., Hutto, P.W.: Causal memory: Definitions, implementation, and programming. Distributed Computing 9(1) (1995)Google Scholar
  4. 4.
    AMD64 Architecture Programmer’s Manual (3 vols). Advanced Micro Devices, rev. 3.14 (September 2007)Google Scholar
  5. 5.
    Aspinall, D., Ševčík, J.: Formalising Java’s data race free guarantee. In: Schneider, K., Brandt, J. (eds.) TPHOLs 2007. LNCS, vol. 4732, pp. 22–37. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  6. 6.
    Boehm, H.-J., Adve, S.V.: Foundations of the C++ concurrency memory model. In: Proc. Prog. Language Design and Implementation, pp. 68–78. ACM, New York (2008)Google Scholar
  7. 7.
    Boudol, G., Petri, G.: Relaxed memory models: An operational approach. In: Proc. Principles of Programming Languages, pp. 392–403. ACM, New York (2009)Google Scholar
  8. 8.
    Brookes, S.: A semantics for concurrent separation logic. Theor. Comput. Sci. 375(1-3), 227–270 (2007)zbMATHCrossRefMathSciNetGoogle Scholar
  9. 9.
    Burckhardt, S., Musuvathi, M.: Effective program verification for relaxed memory models. In: Gupta, A., Malik, S. (eds.) CAV 2008. LNCS, vol. 5123, pp. 107–120. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  10. 10.
    Cohen, E., Schirmer, N.: A better reduction theorem for store buffers. arXiv:0909.4637v1 (2009)Google Scholar
  11. 11.
    Dice, D.: Java memory model concerns on Intel and AMD systems (January 2008), (accessed 2009/12/13)
  12. 12.
    Dice, D.: A race in LockSupport park() arising from weak memory models (November 2009), (accessed 2009/12/13)
  13. 13.
    The “double-checked locking is broken” declaration,
  14. 14.
    Friedman, R.: Consistency Conditions for Distributed Shared Memories. PhD thesis, Technion: Israel Institute of Technology (1994)Google Scholar
  15. 15.
    Intel 64 and IA-32 Architectures Software Developer’s Manual. Intel Corporation, April(vol 1,2A,2B; rev.27), Februay(vol.3A,3B; rev.26) (2008)Google Scholar
  16. 16.
    ISO/IEC 14882, programming languages - C++. WG21 n2800 (October 2008)Google Scholar
  17. 17.
    Jones, C.B.: Accommodating interference in the formal design of concurrent object-based programs. Form. Methods Syst. Des. 8(2), 105–122 (1996)CrossRefGoogle Scholar
  18. 18.
    JSR 133: Java memory model and thread specification revision,
  19. 19.
    Kopetz, H., Reisinger, J.: The non-blocking write protocol NBW: A solution to a real-time synchronisation problem. In: Real-Time Systems Symposium (1993)Google Scholar
  20. 20.
    Lameter, C.: Effective synchronization on Linux/NUMA systems. In: Gelato Conference. Silicon Graphics, Inc. (2005),
  21. 21.
    Lamport, L.: How to make a multiprocessor computer that correctly executes multiprocess programs. IEEE Trans. Computers 28(9), 690–691 (1979)zbMATHCrossRefGoogle Scholar
  22. 22.
    Linux kernel mailing list (November 1999), Subj.: spin_unlock optimization(i386)Google Scholar
  23. 23.
    Luchango, V.: Memory Consistency Models for High Performance Distributed Computing. PhD thesis, Massachusetts Institute of Technology (2001)Google Scholar
  24. 24.
    Meyers, S., Alexandrescu, A.: C++ and the perils of double-checked locking. Dr. Dobbs Journal (July-August 2004)Google Scholar
  25. 25.
    Norrish, M., Slind, K.: Hol-4,
  26. 26.
    O’Hearn, P.W.: Resources, concurrency, and local reasoning. Theor. Comput. Sci. 375(1-3), 271–307 (2007)zbMATHCrossRefMathSciNetGoogle Scholar
  27. 27.
    Owens, S., Sarkar, S., Sewell, P.: A better x86 memory model: x86-TSO. In: Urban, C. (ed.) TPHOLs 2009. LNCS, vol. 5674, pp. 391–407. Springer, Heidelberg (2009)Google Scholar
  28. 28.
    Park, S., Dill, D.L.: An executable specification and verifier for relaxed memory order. IEEE Trans. Computers 48(2), 227–235 (1999)CrossRefGoogle Scholar
  29. 29.
    Pugh, W.: The Java memory model is fatally flawed. Concurrency - Practice and Experience 12(6), 445–455 (2000)CrossRefGoogle Scholar
  30. 30.
    Saraswat, V.A., Jagadeesan, R., Michael, M.M., von Praun, C.: A theory of memory models. In: Principles and Practice of Parallel Programming (2007)Google Scholar
  31. 31.
    Sarkar, S., Sewell, P., Zappa Nardelli, F., Owens, S., Ridge, T., Braibant, T., Myreen, M.O., Alglave, J.: The semantics of x86-CC multiprocessor machine code. In: Proc. Principles of Programming Languages, pp. 379–391. ACM, New York (2009)Google Scholar
  32. 32.
    Schmidt, D.C., Harrison, T.: Double-checked locking. In: Pattern Languages of Program Design 3. Addison-Wesley, Reading (1997)Google Scholar
  33. 33.
    Shasha, D., Snir, M.: Efficient and correct execution of parallel programs that share memory. ACM Trans. Program. Lang. Syst. 10(2), 282–312 (1988)CrossRefGoogle Scholar
  34. 34.
    SPARC International, Inc. The SPARC Architecture Manual: Version 8. Prentice Hall, Englewood Cliffs (1992)Google Scholar
  35. 35.
    Ševčík, J., Aspinall, D.: On validity of program transformations in the Java memory model. In: Vitek, J. (ed.) ECOOP 2008. LNCS, vol. 5142, pp. 27–51. Springer, Heidelberg (2008)Google Scholar
  36. 36.
    Visser, W., Havelund, K., Brat, G.P., Park, S., Lerda, F.: Model checking programs. Autom. Softw. Eng. 10(2), 203–232 (2003)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Scott Owens
    • 1
  1. 1.University of Cambridge 

Personalised recommendations