Failure-atomic Synchronization-free Regions

Emerging persistent memory (PM) technologies, such as Intel and Micron’s 3D XPoint, aim to combine the byteaddressability of DRAM with the durability of storage. The promise of PM is to enable data structures that provide the convenience and performance of in-place load-store manipulation, and yet persist across failures, such as power interruptions and OS or program crashes. Following such a crash, volatile program state (DRAM, program counters, registers, etc.) are lost, but PM state is preserved. A recovery process can then examine the PM state, reconstruct required volatile state, and resume program execution. Reasoning about the correctness of recovery code requires precise semantics for the allowable PM state after a failure. Specifying such semantics is complicated by the desire to support concurrent PM accesses from multiple threads and optimizations that reorder or coalesce accesses. The state observed at recovery can be greatly simplified by providing failure atomicity of sets of PM updates. Failure atomicity assures that either all or none of the updates in a set are visible after failure, reducing the state space recovery code might observe. Recent work has proposed memory persistency models to provide programmers with such semantics [1]–[3]. Like previous works, we refer to the act of writing the value of a store operation to PM as a persist. Similar to memory consistency models, which govern the visibility of writes to shared memory, persistency models govern the order of persists to PM. Most of these persistency models [1]–[3] have been specified at the abstraction level of the hardware instruction set architecture (ISA). Such ISA-level persistency models do not specify semantics for higher-level languages, where compiler optimizations may also reorder or elide PM reads and writes. We first discuss existing proposals that add persistency semantics to the language memory model. In particular, ATLAS [4] and acquire-release persistency (ARP) [5] extend the C++ memory model with persistency semantics. The two proposals differ in the granularity of failure atomicity they guarantee and rely on different synchronization primitives to ensure correct persist ordering in PM. ATLAS: ATLAS [4] provides persistency semantics for lock-based multi-threaded C++ programs. It guarantees failure atomicity at the granularity of an outermost critical section, as shown in Figure 1(a), where a critical section is the code bounded by lock and unlock synchronization primitives. Failure-atomicity of critical sections guarantees that recovery may only observe sequentially consistent PM state. However, l1.lock() ...