Weak Memory Models with Matching Axiomatic and Operational Definitions
نویسندگان
چکیده
Memory consistency models are notorious for being difficult to define precisely, to reason about, and to verify. More than a decade of effort has gone into nailing down the definitions of the ARM and IBM Power memory models, and yet there still remain aspects of those models which (perhaps surprisingly) remain unresolved to this day. In response to these complexities, there has been somewhat of a recent trend in the (general-purpose) architecture community to limit new memory models to being (multicopy) atomic: where store values can be read by the issuing processor before being advertised to other processors. TSO is the most notable example, used in the past by IBM 370 and SPARC-TSO, and currently used in x86. Recently (in March 2017) ARM has also switched to a multicopy atomic memory model, and the new RISC-V ISA and recent academic proposals such as WMM are pushing to do the same. In this paper, we show that when memory models are atomic, it becomes much easier to produce axiomatic definitions, operational definitions, and proofs of equivalence than doing the same under nonatomic models. The increased ease with which these definitions can be produced in turn allows architects to build processors much more confidently, and yet the relaxed nature of the models we propose still allows most or all of the performance of non-atomic models to be retained. In fact, in this paper, we show that atomic memory models can be defined in a way that is parametrized by basic instruction and fence orderings. Our operational vs. axiomatic equivalence proofs, which are likewise parameterized, show that the operational model is sound with respect to the axioms and that the operational model is complete: that it can show any behavior permitted by axiomatic model. For concreteness, we instantiate our parameterized framework in two forms. First, we describe GAM (General Atomic Memory model), which permits intra-thread load-store reorderings. Then, we show how forbidding load-store reordering (as proposed by WMM) allows the operational and axiomatic model to be even further simplified into one based on Instantaneous Instruction Execution (I2E). Under I2E, each processor executes instructions in order and instantaneously, providing an even simpler model still for processors which do not implement load-store reordering. We then prove that the operational and axiomatic definitions of I2E are equivalent as well.
منابع مشابه
Operational Specification of Distributed Memory Models
Memory models have been described using many techniques. In this paper we describe a framework for specifying memory models using both axiomatic and operational approaches. We show how, to be equivalent, axiomatic definitions must be prefix-closed.
متن کاملExplaining Relaxed Memory Models with Program Transformations
Weak memory models determine the behavior of concurrent programs. While they are often understood in terms of reorderings that the hardware or the compiler may perform, their formal definitions are typically given in a very different style—either axiomatic or operational. In this paper, we investigate to what extent weak behaviors of existing memory models can be fully explained in terms of reo...
متن کاملA better x86 memory model: x86-TSO (extended version)
Real multiprocessors do not provide the sequentially consistent memory that is assumed by most work on semantics and verification. Instead, they have relaxed memory models, typically described in ambiguous prose, which lead to widespread confusion. These are prime targets for mechanized formalization. In previous work we produced a rigorous x86-CC model, formalizing the Intel and AMD architectu...
متن کاملA Better x86 Memory Model: x86-TSO
Real multiprocessors do not provide the sequentially consistent memory that is assumed by most work on semantics and verification. Instead, they have relaxed memory models, typically described in ambiguous prose, which lead to widespread confusion. These are prime targets for mechanized formalization. In previous work we produced a rigorous x86-CC model, formalizing the Intel and AMD architectu...
متن کاملA Herding cats: Modelling, Simulation, Testing, and Data-mining for Weak Memory
We propose an axiomatic generic framework for modelling weak memory. We show how to instantiate this framework for SC, TSO, C++ restricted to release-acquire atomics, and Power. For Power, we compare our model to a preceding operational model in which we found a flaw. To do so, we define an operational model that we show equivalent to our axiomatic model. We also propose a model for ARM. Our te...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- CoRR
دوره abs/1710.04259 شماره
صفحات -
تاریخ انتشار 2017