Relaxed-memory concurrency and verified compilation

In this paper, we consider the semantic design and verified compilation of a C-like programming language for concurrent shared-memory computation above x86 multiprocessors. The design of such a language is made surprisingly subtle by several factors: the relaxed-memory behaviour of the hardware, the effects of compiler optimisation on concurrent code, the need to support high-performance concurrent algorithms, and the desire for a reasonably simple programming model. In turn, this complexity makes verified (or verifying) compilation both essential and challenging. We define a concurrent relaxed-memory semantics for ClightTSO, an extension of CompCert's Clight in which the processor's memory model is exposed for high-performance code. We discuss a strategy for verifying compilation from ClightTSO to x86, which we validate with correctness proofs (building on CompCert) for the most interesting compiler phases.

[1]  Enrico Tassi,et al.  A Small Scale Reflection Extension for the Coq system , 2008 .

[2]  Jade Alglave,et al.  Fences in Weak Memory Models , 2010, CAV.

[3]  Peter Sewell,et al.  Mathematizing C++ concurrency , 2011, POPL '11.

[4]  Leslie Lamport,et al.  How to Make a Multiprocessor Computer That Correctly Executes Multiprocess Programs , 2016, IEEE Transactions on Computers.

[5]  Francesco Zappa Nardelli,et al.  x86-TSO , 2010, Commun. ACM.

[6]  Xavier Leroy,et al.  Formal verification of a realistic compiler , 2009, CACM.

[7]  Alexander Knapp,et al.  The Java Memory Model: Operationally, Denotationally, Axiomatically , 2007, ESOP.

[8]  Andrew W. Appel,et al.  Oracle Semantics for Concurrent Separation Logic , 2008, ESOP.

[9]  Peter Sewell,et al.  A Better x86 Memory Model: x86-TSO , 2009, TPHOLs.

[10]  Robin Milner,et al.  Communication and concurrency , 1989, PHI Series in computer science.

[11]  Hans-Juergen Boehm,et al.  HP Laboratories , 2006 .

[12]  David Aspinall,et al.  On Validity of Program Transformations in the Java Memory Model , 2008, ECOOP.

[13]  Chung-Kil Hur,et al.  Biorthogonality, step-indexing and compiler correctness , 2009, ICFP.

[14]  Peter Sewell,et al.  On Implementations and Semantics of a Concurrent Programming Language , 1997, CONCUR.

[15]  Andreas Lochbihler,et al.  Verifying a Compiler for Java Threads , 2010, ESOP.

[16]  Keir Fraser,et al.  Practical lock-freedom , 2003 .

[17]  Sarita V. Adve,et al.  Shared Memory Consistency Models: A Tutorial , 1996, Computer.

[18]  Tom Ridge,et al.  Ott: effective tool support for the working semanticist , 2007, ICFP '07.

[19]  Doug Lea Concurrent Programming in Java. Second Edition: Design Principles and Patterns , 1999 .

[20]  Scott Owens,et al.  Reasoning about the Implementation of Concurrency Abstractions on x86-TSO , 2010, ECOOP.

[21]  Bjarne Stroustrup,et al.  C++ Programming Language , 1986, IEEE Softw..

[22]  Tom Ridge,et al.  The semantics of x86-CC multiprocessor machine code , 2009, POPL '09.

[23]  Xavier Leroy,et al.  A Formally Verified Compiler Back-end , 2009, Journal of Automated Reasoning.

[24]  Adam Chlipala,et al.  A verified compiler for an impure functional language , 2010, POPL '10.

[25]  Doug Lea,et al.  Concurrent Programming In Java , 1996 .

[26]  Magnus O. Myreen Verified just-in-time compiler on x86 , 2010, POPL '10.

[27]  Jeremy Manson,et al.  The Java memory model , 2005, POPL '05.

[28]  Emina Torlak,et al.  MemSAT: checking axiomatic specifications of memory models , 2010, PLDI '10.

[29]  Tom Ridge,et al.  Ott: Effective tool support for the working semanticist , 2010, J. Funct. Program..

[30]  William Pugh The Java memory model is fatally flawed , 2000 .

[31]  Xavier Leroy,et al.  Mechanized Semantics for the Clight Subset of the C Language , 2009, Journal of Automated Reasoning.