Show No Weakness: Sequentially Consistent Specifications of TSO Libraries

Modern programming languages, such as C++ and Java, provide a sequentially consistent (SC) memory model for well-behaved programs that follow a certain synchronisation discipline, e.g., for those that are data-race free (DRF). However, performance-critical libraries often violate the discipline by using low-level hardware primitives, which have a weaker semantics. In such scenarios, it is important for these libraries to protect their otherwise well-behaved clients from the weaker memory model. In this paper, we demonstrate that a variant of linearizability can be used to reason formally about the interoperability between a high-level DRF client and a low-level library written for the Total Store Order (TSO) memory model, which is implemented by x86 processors. Namely, we present a notion of linearizability that relates a concrete library implementation running on TSO to an abstract specification running on an SC machine. A client of this library is said to be DRF if its SC executions calling the abstract library specification do not contain data races. We then show how to compile a DRF client to TSO such that it only exhibits SC behaviours, despite calling into a racy library.

[1]  Hongseok Yang,et al.  Linearizability with Ownership Transfer , 2012, CONCUR.

[2]  Peter Sewell,et al.  Mathematizing C++ concurrency , 2011, POPL '11.

[3]  Roland Meyer,et al.  Deciding Robustness against Total Store Ordering , 2011, ICALP.

[4]  Scott Owens,et al.  Reasoning about the Implementation of Concurrency Abstractions on x86-TSO , 2010, ECOOP.

[5]  Sebastian Burckhardt,et al.  Concurrent Library Correctness on the TSO Memory Model , 2012, ESOP.

[6]  Peter Sewell,et al.  Clarifying and compiling C/C++ concurrency: from C++11 to POWER , 2012, POPL '12.

[7]  Robin Milner,et al.  On Observing Nondeterminism and Concurrency , 1980, ICALP.

[8]  Hongseok Yang,et al.  Liveness-Preserving Atomicity Abstraction , 2011, ICALP.

[9]  Peter Sewell,et al.  A Better x86 Memory Model: x86-TSO , 2009, TPHOLs.

[10]  Daniel Pierre Bovet,et al.  Understanding the Linux Kernel , 2000 .

[11]  Hans-Juergen Boehm,et al.  Foundations of the C++ concurrency memory model , 2008, PLDI '08.

[12]  David Aspinall,et al.  Formalising Java's Data Race Free Guarantee , 2007, TPHOLs.

[13]  Theo D'Hondt ECOOP 2010 - Object-Oriented Programming, 24th European Conference, Maribor, Slovenia, June 21-25, 2010. Proceedings , 2010, ECOOP.

[14]  Maurice Herlihy,et al.  Linearizability: a correctness condition for concurrent objects , 1990, TOPL.

[15]  Jade Alglave,et al.  Stability in Weak Memory Models , 2011, CAV.

[16]  Leslie Lamport,et al.  How to Make a Multiprocessor Computer That Correctly Executes Multiprocess Programs , 2016, IEEE Transactions on Computers.

[17]  Jeremy Manson,et al.  The Java memory model , 2005, POPL '05.