x86-TSO

Exploiting the multiprocessors that have recently become ubiquitous requires high-performance and reliable concurrent systems code, for concurrent data structures, operating system kernels, synchronization libraries, compilers, and so on. However, concurrent programming, which is always challenging, is made much more so by two problems. First, real multiprocessors typically do not provide the sequentially consistent memory that is assumed by most work on semantics and verification. Instead, they have relaxed memory models, varying in subtle ways between processor families, in which different hardware threads may have only loosely consistent views of a shared memory. Second, the public vendor architectures, supposedly specifying what programmers can rely on, are often in ambiguous informal prose (a particularly poor medium for loose specifications), leading to widespread confusion. In this paper we focus on x86 processors. We review several recent Intel and AMD specifications, showing that all contain serious ambiguities, some are arguably too weak to program above, and some are simply unsound with respect to actual hardware. We present a new x86-TSO programmer's model that, to the best of our knowledge, suffers from none of these problems. It is mathematically precise (rigorously defined in HOL4) but can be presented as an intuitive abstract machine which should be widely accessible to working programmers. We illustrate how this can be used to reason about the correctness of a Linux spinlock implementation and describe a general theory of data-race freedom for x86-TSO. This should put x86 multiprocessor system building on a more solid foundation; it should also provide a basis for future work on verification of such systems.

[1]  Scott Owens,et al.  Reasoning about the Implementation of Concurrency Abstractions on x86-TSO , 2010, ECOOP.

[2]  Jalal Kawash,et al.  WEAK MEMORY CONSISTENCY MODELS PART ONE: DEFINITIONS AND COMPARISONS , 1998 .

[3]  David L. Dill,et al.  An Executable Specification and Verifier for Relaxed Memory Order , 1999, IEEE Trans. Computers.

[4]  Mark D. Hill,et al.  A Unified Formalization of Four Shared-Memory Models , 1993, IEEE Trans. Parallel Distributed Syst..

[5]  Robert Cypher,et al.  Multiprocessor Memory Model Verification , 2006 .

[6]  Michel Cekleov,et al.  Formal Specification of Memory Models , 1992 .

[7]  David Aspinall,et al.  On Validity of Program Transformations in the Java Memory Model , 2008, ECOOP.

[8]  Roy Friedman,et al.  Limitations of Fast Consistency Conditions for Distributed Shared Memories , 1996, Inf. Process. Lett..

[9]  Jeremy Manson,et al.  The Java memory model , 2005, POPL '05.

[10]  Nancy A. Lynch,et al.  Memory consistency models for high-performance distributed computing , 2001 .

[11]  Sarita V. Adve,et al.  Shared Memory Consistency Models: A Tutorial , 1996, Computer.

[12]  Sebastian Burckhardt,et al.  Effective Program Verification for Relaxed Memory Models , 2008, CAV.

[13]  Robin Milner,et al.  Communication and concurrency , 1989, PHI Series in computer science.

[14]  Tom Ridge,et al.  The semantics of x86-CC multiprocessor machine code , 2009, POPL '09.

[15]  Radha Jagadeesan,et al.  A theory of memory models , 2007, PPOPP.

[16]  Gil Neiger,et al.  Causal memory: definitions, implementation, and programming , 1995, Distributed Computing.

[17]  David Aspinall,et al.  Formalising Java's Data Race Free Guarantee , 2007, TPHOLs.

[18]  Nick Knupffer Intel Corporation , 2018, The Grants Register 2019.

[19]  Hans-Juergen Boehm,et al.  Foundations of the C++ concurrency memory model , 2008, PLDI '08.

[20]  Sarita V. Adve,et al.  Memory models: a case for rethinking parallel languages and hardware , 2009, PODC '09.

[21]  Leslie Lamport,et al.  How to Make a Multiprocessor Computer That Correctly Executes Multiprocess Programs , 2016, IEEE Transactions on Computers.

[22]  Sridhar Narayanan,et al.  TSOtool: a program for verifying memory systems using the memory consistency model , 2004, Proceedings. 31st Annual International Symposium on Computer Architecture, 2004..

[23]  Peter Sewell,et al.  A Better x86 Memory Model: x86-TSO , 2009, TPHOLs.

[24]  Gérard Boudol,et al.  Relaxed memory models: an operational approach , 2009, POPL '09.

[25]  Sebastian Burckhardt,et al.  Verifying Compiler Transformations for Concurrent Programs , 2008 .

[26]  K. Gharachodoo,et al.  Memory consistency models for shared memory multiprocessors , 1996 .

[27]  Amitabha Roy,et al.  Fast and Generalized Polynomial Time Memory Consistency Verification , 2006, CAV.