The Java Memory Model: a Formal Explanation

This paper discusses the new Java Memory Model (JMM), introduced for Java 1.5. The JMM specifies the allowed executions of multithreaded Java programs. The new JMM fixes some security problems of the previous memory model. In addition, it gives compiler builders the possibility to apply a wide range of singlethreaded compiler optimisations (something that was nearly impossible for the old memory model). For program developers, the JMM provides the following guarantee: if a program does not contain any data races, its allowed behaviours can be described with an interleaving semantics. This paper motivates the definition of the JMM. It shows in particular the consequences of the wish to have the data race freeness guarantee and to forbid any out of thin air values to occur in an execution. The remainder of the paper then discusses a formalisation of the JMM in Coq. This formalisation has been used to prove the data race freeness guarantee. Given the complexity of the JMM definition, having a formalisation is necessary to investigate all aspects of the JMM.

[1]  Alexander Knapp,et al.  The Java Memory Model: Operationally, Denotationally, Axiomatically , 2007, ESOP.

[2]  Leslie Lamport,et al.  How to Make a Multiprocessor Computer That Correctly Executes Multiprocess Programs , 2016, IEEE Transactions on Computers.

[3]  Jalal Kawash,et al.  Limitations and capabilities of weak memory consistency systems , 2000 .

[4]  James Gosling,et al.  The Java Language Specification, 3rd Edition , 2005 .

[5]  Radha Jagadeesan,et al.  A theory of memory models , 2007, PPOPP.

[6]  Guy L. Steele,et al.  Java(TM) Language Specification, The (3rd Edition) (Java (Addison-Wesley)) , 2005 .

[7]  Sarita V. Adve,et al.  Shared Memory Consistency Models: A Tutorial , 1996, Computer.

[8]  Jalal Y. Kawash Limitations and capabilities of weak memory consistency systems , 2000 .

[9]  Sarita V. Adve,et al.  Designing memory consistency models for shared-memory multiprocessors , 1993 .

[10]  Jeremy Manson,et al.  JSR-133: Java Memory Model and Thread Specification , 2003 .

[11]  Jalal Kawash,et al.  WEAK MEMORY CONSISTENCY MODELS PART ONE: DEFINITIONS AND COMPARISONS , 1998 .

[12]  Kourosh Gharachorloo,et al.  Proving sequential consistency of high-performance shared memories (extended abstract) , 1991, SPAA '91.

[13]  William Pugh The Java memory model is fatally flawed , 2000 .

[14]  Christine Paulin-Mohring,et al.  The coq proof assistant reference manual , 2000 .

[15]  Leslie Lamport,et al.  Time, clocks, and the ordering of events in a distributed system , 1978, CACM.

[16]  Jeremy Manson,et al.  The Java memory model , 2005, POPL '05.

[17]  Pierre Castéran,et al.  Interactive Theorem Proving and Program Development , 2004, Texts in Theoretical Computer Science An EATCS Series.

[18]  M. Hill,et al.  Weak ordering-a new definition , 1990, [1990] Proceedings. The 17th Annual International Symposium on Computer Architecture.

[19]  K. Gharachodoo,et al.  Memory consistency models for shared memory multiprocessors , 1996 .

[20]  Hugo Herbelin,et al.  The Coq proof assistant : reference manual, version 6.1 , 1997 .

[21]  David Aspinall,et al.  Formalising Java's Data Race Free Guarantee , 2007, TPHOLs.