Results 1 -
9 of
9
Outlawing Ghosts: Avoiding Out-of-Thin-Air Results
"... It is very difficult to define a programming language memory model for shared variables that both • allows programmers to take full advantage of weakly-ordered memory operations, but still • correctly disallows so-called “out-of-thin-air ” results, i.e. re-sults that can be justified only via reason ..."
Abstract
-
Cited by 4 (1 self)
- Add to MetaCart
(Show Context)
It is very difficult to define a programming language memory model for shared variables that both • allows programmers to take full advantage of weakly-ordered memory operations, but still • correctly disallows so-called “out-of-thin-air ” results, i.e. re-sults that can be justified only via reasoning that is in some sense circular. Real programming language implementations do not produce out-of-thin-air results. Architectural specifications successfully disal-low them. Nonetheless, the difficulty of disallowing them in lan-guage specifications causes real, and serious, problems. In the ab-sence of such a specification, essentially all precise reasoning about non-trivial programs becomes impractical. This remains a critical open problem in the specifications of Java, C, and C++, among oth-ers. We argue that there are plausible and relatively straight-forward solutions, but their performance impact requires further study. In the long run, they are likely to require strengthening of some hard-ware guarantees, so that they translate properly to guarantees at the programming language source level.
Synthesis of memory fences via refinement propagation
"... Abstract. We address the problem of fence inference in infinite-state concur-rent programs running on relaxed memory models such as TSO and PSO. We present a novel algorithm that can automatically synthesize the necessary fences for infinite-state programs. Our technique is based on two main ideas: ..."
Abstract
-
Cited by 1 (1 self)
- Add to MetaCart
(Show Context)
Abstract. We address the problem of fence inference in infinite-state concur-rent programs running on relaxed memory models such as TSO and PSO. We present a novel algorithm that can automatically synthesize the necessary fences for infinite-state programs. Our technique is based on two main ideas: (i) verification with numerical do-mains: we reduce verification under relaxed models to verification under sequen-tial consistency using integer and boolean variables. This enables us to combine abstraction refinement over booleans with powerful numerical abstractions over the integers. (ii) synthesis with refinement propagation: to synthesize fences for a program P, we combine abstraction refinements used for successful synthesis of programs coarser than P into a new candidate abstraction for P. This “proof reuse ” approach dramatically reduces the time required to discover a proof for P. We implemented our technique and successfully applied it to several challenging concurrent algorithms, including state of the art concurrent work-stealing queues. 1
Model Checking for SC and TSO
"... ns iste nt * Complete * W ell D ocumented*Easyto ..."
(Show Context)
Common Compiler Optimisations are Invalid
"... ns iste nt * Complete * W ell D ocumented*Easyto ..."
A Program Logic for C11 Memory Fences
"... Abstract. We describe a simple, but powerful, program logic for rea-soning about C11 relaxed accesses used in conjunction with release and acquire memory fences. Our logic, called fenced separation logic (FSL), extends relaxed separation logic with special modalities for describing state that has to ..."
Abstract
- Add to MetaCart
(Show Context)
Abstract. We describe a simple, but powerful, program logic for rea-soning about C11 relaxed accesses used in conjunction with release and acquire memory fences. Our logic, called fenced separation logic (FSL), extends relaxed separation logic with special modalities for describing state that has to be protected by memory fences. Like its precursor, FSL allows ownership transfer over synchronizations and can be used to verify the message-passing idiom and other similar programs. The soundness of FSL has been established in Coq. 1
Overhauling SC atomics in C11 and OpenCL
"... Despite the conceptual simplicity of sequential consistency (SC), the semantics of SC atomic operations and fences in the C11 and OpenCL memory models is subtle, leading to convoluted prose descriptions that translate to complex axiomatic formalisations. We conduct an overhaul of SC atomics in C11, ..."
Abstract
- Add to MetaCart
Despite the conceptual simplicity of sequential consistency (SC), the semantics of SC atomic operations and fences in the C11 and OpenCL memory models is subtle, leading to convoluted prose descriptions that translate to complex axiomatic formalisations. We conduct an overhaul of SC atomics in C11, reducing the associated axioms in both number and complexity. A consequence of our simplification is that the SC operations in an execution no longer need to be totally ordered. This relaxation enables, for the first time, efficient and exhaustive simulation of litmus tests that use SC atomics. We use our improved C11 model to present the first rigorous memory model formalisation for OpenCL (which extends C11 with support for heterogeneous many-core programming). In the OpenCL setting, we refine the SC axioms still further to give a sensible semantics to SC operations that employ a ‘memory scope ’ to restrict their visibility to specific threads. Our overhaul requires slight strengthenings of both the C11 and the OpenCL memory models, causing some behaviours to become disallowed. We argue that these strengthenings are natural, and prove that all of the formalised C11 and OpenCL compilation schemes of which we are aware (Power and x86 for C11, AMD GPU for OpenCL) remain valid in our revised models. Using the HERD memory model simulator, we show that our overhaul leads to an exponential improvement in simulation time for C11 litmus tests compared with the original model, making exhaustive simulation competitive, time-wise, with the non-exhaustive CDSChecker tool. 1.
Declaration
, 2014
"... This thesis does not exceed 61,400 words, and prior permission was granted for an exten-sion of 1,400 words. ..."
Abstract
- Add to MetaCart
(Show Context)
This thesis does not exceed 61,400 words, and prior permission was granted for an exten-sion of 1,400 words.