Reasoning about the Implementation of Concurrency Abstractions on x86-TSO

With the rise of multi-core processors, shared-memory concurrency has become a widespread feature of computation, from hardware, to operating systems, to programming languages such as C++ and Java. However, none of these provide sequentially consistent shared memory; instead they have relaxed memory models, which make concurrent programs even more challenging to understand. Programming language implementations run on hardware memory models, so VM and run-time system implementors must reason at both levels. Of particular interest are the low-level implementations of the abstractions that support language-level concurrency-especially because they invariably contain data races. In this paper, we develop a novel principle for reasoning about assembly programs on our previous x86-TSO memory model, and we use it to analyze five concurrency abstraction implementations: two spinlocks (from Linux); a non-blocking write protocol; the double-checked locking idiom; and java.util.concurrent's Parker. Our principle, called triangular-race freedom, strengthens the usual data-race freedom style of reasoning.

[1]  Sarita V. Adve,et al.  Shared Memory Consistency Models: A Tutorial , 1996, Computer.

[2]  Cliff B. Jones,et al.  Accommodating interference in the formal design of concurrent object-based programs , 1996, Formal Methods Syst. Des..

[3]  Klaus Havelund,et al.  Model checking programs , 2000, Proceedings ASE 2000. Fifteenth IEEE International Conference on Automated Software Engineering.

[4]  Christoph Lameter,et al.  Effective Synchronization on Linux/NUMA Systems , 2005 .

[5]  Sebastian Burckhardt,et al.  Effective Program Verification for Relaxed Memory Models , 2008, CAV.

[6]  Gil Neiger,et al.  Causal memory: definitions, implementation, and programming , 1995, Distributed Computing.

[7]  Hans-Juergen Boehm,et al.  Foundations of the C++ concurrency memory model , 2008, PLDI '08.

[8]  Nancy A. Lynch,et al.  Memory consistency models for high-performance distributed computing , 2001 .

[9]  Corporate SPARC architecture manual - version 8 , 1992 .

[10]  Leslie Lamport,et al.  How to Make a Multiprocessor Computer That Correctly Executes Multiprocess Programs , 2016, IEEE Transactions on Computers.

[11]  Roy Friedman,et al.  Limitations of Fast Consistency Conditions for Distributed Shared Memories , 1996, Inf. Process. Lett..

[12]  Norbert Schirmer,et al.  A Better Reduction Theorem for Store Buffers , 2009, ArXiv.

[13]  Stephen D. Brookes,et al.  A Semantics for Concurrent Separation Logic , 2004, CONCUR.

[14]  W. Marsden I and J , 2012 .

[15]  James O. Coplien,et al.  Pattern languages of program design , 1995 .

[16]  Peter Sewell,et al.  A Better x86 Memory Model: x86-TSO , 2009, TPHOLs.

[17]  Mark D. Hill,et al.  A Unified Formalization of Four Shared-Memory Models , 1993, IEEE Trans. Parallel Distributed Syst..

[18]  Radha Jagadeesan,et al.  A theory of memory models , 2007, PPOPP.

[19]  Hermann Kopetz,et al.  The non-blocking write protocol NBW: A solution to a real-time synchronization problem , 1993, 1993 Proceedings Real-Time Systems Symposium.

[20]  Scott Meyers,et al.  C++ and the Perils of Double-Checked Locking ∗ , 2004 .

[21]  Gilles Dowek,et al.  Principles of programming languages , 1981, Prentice Hall International Series in Computer Science.

[22]  Gérard Boudol,et al.  Relaxed memory models: an operational approach , 2009, POPL '09.

[23]  David Aspinall,et al.  On Validity of Program Transformations in the Java Memory Model , 2008, ECOOP.

[24]  Dennis Shasha,et al.  Efficient and correct execution of parallel programs that share memory , 1988, TOPL.

[25]  David L. Dill,et al.  An Executable Specification and Verifier for Relaxed Memory Order , 1999, IEEE Trans. Computers.

[26]  Bjarne Stroustrup,et al.  C++ Programming Language , 1986, IEEE Softw..

[27]  Tom Ridge,et al.  The semantics of x86-CC multiprocessor machine code , 2009, POPL '09.

[28]  Jan Vitek,et al.  ECOOP 2008 - Object-Oriented Programming, 22nd European Conference, Paphos, Cyprus, July 7-11, 2008, Proceedings , 2008, ECOOP.

[29]  David Aspinall,et al.  Formalising Java's Data Race Free Guarantee , 2007, TPHOLs.

[30]  Dirk Riehle,et al.  Pattern Languages of Program Design 3 , 1997 .

[31]  Bob Francis,et al.  Silicon Graphics Inc. , 1993 .

[32]  William Pugh The Java memory model is fatally flawed , 2000 .

[33]  Peter W. O'Hearn,et al.  Resources, Concurrency and Local Reasoning , 2004, CONCUR.

[34]  Douglas C. Schmidt,et al.  Double-checked locking , 1997 .