bridgingthegapbetweenprogramminglanguagesand...
TRANSCRIPT
Bridging the Gap between Programming Languages andHardware Weak Memory Models
Anton Podkopaev Ori Lahav Viktor Vafeiadis
0
1
Bridging the Gap between PL and Hardware Weak MMs
ProgrammingLanguage HardwareCompiler
CorrectCompiler
∀P ∈ Syntax(PL).
JPKPLJcompile(P)KHWJ−K{PL,HW} is Memory Model
1
Bridging the Gap between PL and Hardware Weak MMs
ProgrammingLanguage Hardware
CompilerCorrectCompiler
∀P ∈ Syntax(PL).
JPKPLJcompile(P)KHWJ−K{PL,HW} is Memory Model
1
Bridging the Gap between PL and Hardware Weak MMs
ProgrammingLanguage HardwareCompiler
CorrectCompiler
∀P ∈ Syntax(PL).
JPKPLJcompile(P)KHWJ−K{PL,HW} is Memory Model
1
Bridging the Gap between PL and Hardware Weak MMs
ProgrammingLanguage Hardware
Compiler
CorrectCompiler
∀P ∈ Syntax(PL).
JPKPLJcompile(P)KHWJ−K{PL,HW} is Memory Model
1
Bridging the Gap between PL and Hardware Weak MMs
ProgrammingLanguage Hardware
Compiler
CorrectCompiler
∀P ∈ Syntax(PL).
JPKPLJcompile(P)KHW
J−K{PL,HW} is Memory Model
1
Bridging the Gap between PL and Hardware Weak MMs
ProgrammingLanguage Hardware
Compiler
CorrectCompiler
∀P ∈ Syntax(PL).
JPKPLJcompile(P)KHWJ−K{PL,HW} is Memory Model
1
Bridging the Gap between PL and Hardware Weak MMs
ProgrammingLanguage Hardware
Compiler
CorrectCompiler
∀P ∈ Syntax(PL).
JPKPLJcompile(P)KHWJ−K{PL,HW} is Memory Model
2
Strong (SC) MM disallows a = b = 1
Memory;[x]← 0 [y]← 0
Values;a = ⊥ b = ⊥
a := [x];[y] := 1;
b := [y];[x] := b;
ARM and POWER weak MMs allow a = b = 1!
2
Strong (SC) MM disallows a = b = 1
Memory;[x]← 0 [y]← 0
Values;a = ⊥ b = ⊥
a := [x];[y] := 1;
b := [y];[x] := b;
ARM and POWER weak MMs allow a = b = 1!
2
Strong (SC) MM disallows a = b = 1
Memory;[x]← 0 [y]← 0
Values;a = 0 b = ⊥
a := [x];[y] := 1;
b := [y];[x] := b;
ARM and POWER weak MMs allow a = b = 1!
2
Strong (SC) MM disallows a = b = 1
Memory;[x]← 0 [y]← 1
Values;a = 0 b = ⊥
a := [x];[y] := 1;
b := [y];[x] := b;
ARM and POWER weak MMs allow a = b = 1!
2
Strong (SC) MM disallows a = b = 1
Memory;[x]← 0 [y]← 1
Values;a = 0 b = 1
a := [x];[y] := 1;
b := [y];[x] := b;
ARM and POWER weak MMs allow a = b = 1!
2
Strong (SC) MM disallows a = b = 1
Memory;[x]← 1 [y]← 1
Values;a = 0 b = 1
a := [x];[y] := 1;
b := [y];[x] := b;
ARM and POWER weak MMs allow a = b = 1!
2
Strong (SC) MM
disallows a = b = 1
Memory;[x]← 1 [y]← 1
Values;a = 0 b = 1
a := [x];[y] := 1;
b := [y];[x] := b;
ARM and POWER weak MMs allow a = b = 1!
2
Strong (SC) MM disallows a = b = 1
Memory;[x]← 1 [y]← 1
Values;a = 0 b = 1
a := [x];[y] := 1;
b := [y];[x] := b;
ARM and POWER weak MMs allow a = b = 1!
2
Strong (SC) MM disallows a = b = 1
Memory;[x]← 1 [y]← 1
Values;a = 0 b = 1
a := [x];[y] := 1;
b := [y];[x] := b;
ARM and POWER weak MMs allow a = b = 1!
3
Bridging the Gap between PL and Hardware Weak MMs
Promise
(R)C11
WeakestMO[Chakraborty and Vafeiadis, 2019]
IMM
x86-TSO
ARMv7
ARMv8.3
RISC-V
POWER
CompCert Weak MMs1. Declarative1. Declarative2. Preserves syntactic dependencies
(deps ∪ rf is acyclic)
1. Declarative2. Preserves syntactic dependencies
(deps ∪ rf is acyclic)3. Uses C11-style coherence
(hb; eco? is irreflexive)
1. Declarative2. Preserves syntactic dependencies
(deps ∪ rf is acyclic)3. Uses C11-style coherence
(hb; eco? is irreflexive)4. Non-multicopy-atomic
w/o mutually recursive relations
plv.mpi-sws.org/imm/ Thank you!
3
Bridging the Gap between PL and Hardware Weak MMs
Promise
(R)C11
WeakestMO[Chakraborty and Vafeiadis, 2019]
IMM
x86-TSO
ARMv7
ARMv8.3
RISC-V
POWER
CompCert Weak MMs1. Declarative1. Declarative2. Preserves syntactic dependencies
(deps ∪ rf is acyclic)
1. Declarative2. Preserves syntactic dependencies
(deps ∪ rf is acyclic)3. Uses C11-style coherence
(hb; eco? is irreflexive)
1. Declarative2. Preserves syntactic dependencies
(deps ∪ rf is acyclic)3. Uses C11-style coherence
(hb; eco? is irreflexive)4. Non-multicopy-atomic
w/o mutually recursive relations
plv.mpi-sws.org/imm/ Thank you!
3
Bridging the Gap between PL and Hardware Weak MMs
Promise
(R)C11
WeakestMO[Chakraborty and Vafeiadis, 2019]
IMM
x86-TSO
ARMv7
ARMv8.3
RISC-V
POWER
CompCert Weak MMs1. Declarative1. Declarative2. Preserves syntactic dependencies
(deps ∪ rf is acyclic)
1. Declarative2. Preserves syntactic dependencies
(deps ∪ rf is acyclic)3. Uses C11-style coherence
(hb; eco? is irreflexive)
1. Declarative2. Preserves syntactic dependencies
(deps ∪ rf is acyclic)3. Uses C11-style coherence
(hb; eco? is irreflexive)4. Non-multicopy-atomic
w/o mutually recursive relations
plv.mpi-sws.org/imm/ Thank you!
3
Bridging the Gap between PL and Hardware Weak MMs
Promise
(R)C11
WeakestMO[Chakraborty and Vafeiadis, 2019]
IMM
x86-TSO
ARMv7
ARMv8.3
RISC-V
POWER
CompCert Weak MMs1. Declarative1. Declarative2. Preserves syntactic dependencies
(deps ∪ rf is acyclic)
1. Declarative2. Preserves syntactic dependencies
(deps ∪ rf is acyclic)3. Uses C11-style coherence
(hb; eco? is irreflexive)
1. Declarative2. Preserves syntactic dependencies
(deps ∪ rf is acyclic)3. Uses C11-style coherence
(hb; eco? is irreflexive)4. Non-multicopy-atomic
w/o mutually recursive relations
plv.mpi-sws.org/imm/ Thank you!
3
Bridging the Gap between PL and Hardware Weak MMs
Promise
(R)C11
WeakestMO[Chakraborty and Vafeiadis, 2019]
IMM
x86-TSO
ARMv7
ARMv8.3
RISC-V
POWER
CompCert Weak MMs1. Declarative1. Declarative2. Preserves syntactic dependencies
(deps ∪ rf is acyclic)
1. Declarative2. Preserves syntactic dependencies
(deps ∪ rf is acyclic)3. Uses C11-style coherence
(hb; eco? is irreflexive)
1. Declarative2. Preserves syntactic dependencies
(deps ∪ rf is acyclic)3. Uses C11-style coherence
(hb; eco? is irreflexive)4. Non-multicopy-atomic
w/o mutually recursive relations
plv.mpi-sws.org/imm/ Thank you!
3
Bridging the Gap between PL and Hardware Weak MMs
Promise
(R)C11
WeakestMO[Chakraborty and Vafeiadis, 2019]
IMM
x86-TSO
ARMv7
ARMv8.3
RISC-V
POWER
CompCert Weak MMs1. Declarative1. Declarative2. Preserves syntactic dependencies
(deps ∪ rf is acyclic)
1. Declarative2. Preserves syntactic dependencies
(deps ∪ rf is acyclic)3. Uses C11-style coherence
(hb; eco? is irreflexive)
1. Declarative2. Preserves syntactic dependencies
(deps ∪ rf is acyclic)3. Uses C11-style coherence
(hb; eco? is irreflexive)4. Non-multicopy-atomic
w/o mutually recursive relations
plv.mpi-sws.org/imm/ Thank you!
3
Bridging the Gap between PL and Hardware Weak MMs
Promise
(R)C11
WeakestMO[Chakraborty and Vafeiadis, 2019]
IMM
x86-TSO
ARMv7
ARMv8.3
RISC-V
POWER
CompCert Weak MMs1. Declarative1. Declarative2. Preserves syntactic dependencies
(deps ∪ rf is acyclic)
1. Declarative2. Preserves syntactic dependencies
(deps ∪ rf is acyclic)3. Uses C11-style coherence
(hb; eco? is irreflexive)
1. Declarative2. Preserves syntactic dependencies
(deps ∪ rf is acyclic)3. Uses C11-style coherence
(hb; eco? is irreflexive)4. Non-multicopy-atomic
w/o mutually recursive relations
plv.mpi-sws.org/imm/ Thank you!
3
Bridging the Gap between PL and Hardware Weak MMs
Promise
(R)C11
WeakestMO[Chakraborty and Vafeiadis, 2019]
IMM
x86-TSO
ARMv7
ARMv8.3
RISC-V
POWER
CompCert Weak MMs1. Declarative1. Declarative2. Preserves syntactic dependencies
(deps ∪ rf is acyclic)
1. Declarative2. Preserves syntactic dependencies
(deps ∪ rf is acyclic)3. Uses C11-style coherence
(hb; eco? is irreflexive)
1. Declarative2. Preserves syntactic dependencies
(deps ∪ rf is acyclic)3. Uses C11-style coherence
(hb; eco? is irreflexive)4. Non-multicopy-atomic
w/o mutually recursive relations
plv.mpi-sws.org/imm/ Thank you!
3
Bridging the Gap between PL and Hardware Weak MMs
Promise
(R)C11
WeakestMO[Chakraborty and Vafeiadis, 2019]
IMM
x86-TSO
ARMv7
ARMv8.3
RISC-V
POWER
CompCert Weak MMs
1. Declarative
1. Declarative2. Preserves syntactic dependencies
(deps ∪ rf is acyclic)
1. Declarative2. Preserves syntactic dependencies
(deps ∪ rf is acyclic)3. Uses C11-style coherence
(hb; eco? is irreflexive)
1. Declarative2. Preserves syntactic dependencies
(deps ∪ rf is acyclic)3. Uses C11-style coherence
(hb; eco? is irreflexive)4. Non-multicopy-atomic
w/o mutually recursive relations
plv.mpi-sws.org/imm/ Thank you!
4
(Declarative) Executions in IMMa := [x];[y] := 1;
b := [y];[x] := b;
Rx0
Wy1
Ry0
Wx0fr ,Rx0
Wy1
Ry1
Wx1data
frrf ,
Rx1
Wy1
Ry1
Wx1data
rf
Rx1
Wy1
Ry1
Wx1po data
rf
Axioms:1. data ∪ rf is acyclic…
4
(Declarative) Executions in IMMa := [x];[y] := 1;
b := [y];[x] := b;
Rx0
Wy1
Ry0
Wx0fr ,Rx0
Wy1
Ry1
Wx1data
frrf ,
Rx1
Wy1
Ry1
Wx1data
rf
Rx1
Wy1
Ry1
Wx1po data
rf
Axioms:1. data ∪ rf is acyclic…
4
(Declarative) Executions in IMMa := [x];[y] := 1;
b := [y];[x] := b;
Rx0
Wy1
Ry0
Wx0fr ,Rx0
Wy1
Ry1
Wx1data
frrf ,
Rx1
Wy1
Ry1
Wx1data
rf
Rx1
Wy1
Ry1
Wx1po data
rf
Axioms:1. data ∪ rf is acyclic…
4
(Declarative) Executions in IMMa := [x];[y] := 1;
b := [y];[x] := b;
Rx0
Wy1
Ry0
Wx0fr ,Rx0
Wy1
Ry1
Wx1data
frrf ,
Rx1
Wy1
Ry1
Wx1data
rf
Rx1
Wy1
Ry1
Wx1po data
rf
Axioms:1. data ∪ rf is acyclic…
5
Bridging the Gap between PL and Hardware Weak MMs
Promise
(R)C11
WeakestMO[Chakraborty and Vafeiadis, 2019]
IMM
x86-TSO
ARMv7
ARMv8.3
RISC-V
POWER
CompCert Weak MMs
1. Declarative
1. Declarative2. Preserves syntactic dependencies
(deps ∪ rf is acyclic)
1. Declarative2. Preserves syntactic dependencies
(deps ∪ rf is acyclic)3. Uses C11-style coherence
(hb; eco? is irreflexive)
1. Declarative2. Preserves syntactic dependencies
(deps ∪ rf is acyclic)3. Uses C11-style coherence
(hb; eco? is irreflexive)4. Non-multicopy-atomic
w/o mutually recursive relations
plv.mpi-sws.org/imm/ Thank you!
5
Bridging the Gap between PL and Hardware Weak MMs
Promise
(R)C11
WeakestMO[Chakraborty and Vafeiadis, 2019]
IMM
x86-TSO
ARMv7
ARMv8.3
RISC-V
POWER
CompCert Weak MMs1. Declarative
1. Declarative2. Preserves syntactic dependencies(deps ∪ rf is acyclic)
1. Declarative2. Preserves syntactic dependencies
(deps ∪ rf is acyclic)3. Uses C11-style coherence
(hb; eco? is irreflexive)
1. Declarative2. Preserves syntactic dependencies
(deps ∪ rf is acyclic)3. Uses C11-style coherence
(hb; eco? is irreflexive)4. Non-multicopy-atomic
w/o mutually recursive relations
plv.mpi-sws.org/imm/ Thank you!
5
Bridging the Gap between PL and Hardware Weak MMs
Promise
(R)C11
WeakestMO[Chakraborty and Vafeiadis, 2019]
IMM
x86-TSO
ARMv7
ARMv8.3
RISC-V
POWER
CompCert Weak MMs1. Declarative1. Declarative2. Preserves syntactic dependencies
(deps ∪ rf is acyclic)
1. Declarative2. Preserves syntactic dependencies(deps ∪ rf is acyclic)
3. Uses C11-style coherence(hb; eco? is irreflexive)
1. Declarative2. Preserves syntactic dependencies
(deps ∪ rf is acyclic)3. Uses C11-style coherence
(hb; eco? is irreflexive)4. Non-multicopy-atomic
w/o mutually recursive relations
plv.mpi-sws.org/imm/ Thank you!
5
Bridging the Gap between PL and Hardware Weak MMs
Promise
(R)C11
WeakestMO[Chakraborty and Vafeiadis, 2019]
IMM
x86-TSO
ARMv7
ARMv8.3
RISC-V
POWER
CompCert Weak MMs1. Declarative1. Declarative2. Preserves syntactic dependencies
(deps ∪ rf is acyclic)
1. Declarative2. Preserves syntactic dependencies
(deps ∪ rf is acyclic)3. Uses C11-style coherence
(hb; eco? is irreflexive)
1. Declarative2. Preserves syntactic dependencies(deps ∪ rf is acyclic)
3. Uses C11-style coherence(hb; eco? is irreflexive)
4. Non-multicopy-atomicw/o mutually recursive relations
plv.mpi-sws.org/imm/ Thank you!
5
Bridging the Gap between PL and Hardware Weak MMs
Promise
(R)C11
WeakestMO[Chakraborty and Vafeiadis, 2019]
IMM
x86-TSO
ARMv7
ARMv8.3
RISC-V
POWER
CompCert Weak MMs1. Declarative1. Declarative2. Preserves syntactic dependencies
(deps ∪ rf is acyclic)
1. Declarative2. Preserves syntactic dependencies
(deps ∪ rf is acyclic)3. Uses C11-style coherence
(hb; eco? is irreflexive)
1. Declarative2. Preserves syntactic dependencies
(deps ∪ rf is acyclic)3. Uses C11-style coherence
(hb; eco? is irreflexive)4. Non-multicopy-atomic
w/o mutually recursive relations
plv.mpi-sws.org/imm/ Thank you!
5
Bridging the Gap between PL and Hardware Weak MMs
Promise
(R)C11
WeakestMO[Chakraborty and Vafeiadis, 2019]
IMM
x86-TSO
ARMv7
ARMv8.3
RISC-V
POWER
CompCert Weak MMs1. Declarative1. Declarative2. Preserves syntactic dependencies
(deps ∪ rf is acyclic)
1. Declarative2. Preserves syntactic dependencies
(deps ∪ rf is acyclic)3. Uses C11-style coherence
(hb; eco? is irreflexive)
1. Declarative2. Preserves syntactic dependencies
(deps ∪ rf is acyclic)3. Uses C11-style coherence
(hb; eco? is irreflexive)4. Non-multicopy-atomic
w/o mutually recursive relations
plv.mpi-sws.org/imm/ Thank you!
5
Bridging the Gap between PL and Hardware Weak MMs
Promise
(R)C11
WeakestMO[Chakraborty and Vafeiadis, 2019]
IMM
x86-TSO
ARMv7
ARMv8.3
RISC-V
POWER
CompCert Weak MMs1. Declarative1. Declarative2. Preserves syntactic dependencies
(deps ∪ rf is acyclic)
1. Declarative2. Preserves syntactic dependencies
(deps ∪ rf is acyclic)3. Uses C11-style coherence
(hb; eco? is irreflexive)
1. Declarative2. Preserves syntactic dependencies
(deps ∪ rf is acyclic)3. Uses C11-style coherence
(hb; eco? is irreflexive)4. Non-multicopy-atomic
w/o mutually recursive relations
plv.mpi-sws.org/imm/ Thank you!
6
(Operational) Execution in Promise
Promised
a := [x];[y] := 1;
b := [y];[x] := b;
Requires certification
Values;a = ⊥ b = ⊥
6
(Operational) Execution in Promise
Promised
a := [x];[y] := 1;
b := [y];[x] := b;
Requires certification
Values;a = ⊥ b = ⊥
6
(Operational) Execution in Promise
Promised
a := [x];[y] := 1;
b := [y];[x] := b;
Requires certification
Values;a = ⊥ b = ⊥
6
(Operational) Execution in Promise
Promised
a := [x];[y] := 1;
b := [y];[x] := b;Requires certification
Values;a = ⊥ b = ⊥
6
(Operational) Execution in Promise
Promised
a := [x];[y] := 1;
b := [y];[x] := b;
Requires certification
Values;a = ⊥ b = 1
6
(Operational) Execution in Promise
Promised
a := [x];[y] := 1;
b := [y];[x] := b;
Requires certification
Values;a = ⊥ b = 1
6
(Operational) Execution in Promise
Promised
a := [x];[y] := 1;
b := [y];[x] := b;
Requires certification
Values;a = 1 b = 1
6
(Operational) Execution in Promise
Promised
a := [x];[y] := 1;
b := [y];[x] := b;
Requires certification
Values;a = 1 b = 1
7
Bridging the Gap between PL and Hardware Weak MMs
Promise
(R)C11
WeakestMO[Chakraborty and Vafeiadis, 2019]
IMM
x86-TSO
ARMv7
ARMv8.3
RISC-V
POWER
CompCert Weak MMs1. Declarative1. Declarative2. Preserves syntactic dependencies
(deps ∪ rf is acyclic)
1. Declarative2. Preserves syntactic dependencies
(deps ∪ rf is acyclic)3. Uses C11-style coherence
(hb; eco? is irreflexive)
1. Declarative2. Preserves syntactic dependencies
(deps ∪ rf is acyclic)3. Uses C11-style coherence
(hb; eco? is irreflexive)4. Non-multicopy-atomic
w/o mutually recursive relations
plv.mpi-sws.org/imm/ Thank you!
8
How to prove correctness ofcompilation?
Simulation
How to simulate graphs?
Traverse in proper order!
8
How to prove correctness ofcompilation? Simulation
How to simulate graphs?
Traverse in proper order!
8
How to prove correctness ofcompilation? Simulation
How to simulate graphs?
Traverse in proper order!
8
How to prove correctness ofcompilation? Simulation
How to simulate graphs?
Traverse in proper order!
9
Traversal of IMM executiona := [x];[y] := 1;
b := [y];[x] := b;
Promised
Promised
Rx1
Wy1
Ry1
Wx1
Covered
Issued
10
Promise → IMM compilation correctness proof1. Operational semantics of IMM’s traversal:
G ⊢ ⟨C, I⟩ → ⟨C ′, I ′⟩
2. Completeness of traversal:
∀G ∈ JPKIMM. G ⊢ initTraverse →∗ ⟨G.Events,G.Writes⟩3. Simulation theorems:
initTraverse initPromisesimulated by traverse
traverse′
promise
∃ promise′
simulated by
simulated by
Promise’s certificationPromise’s certificationvia traversal ofcertification graph
10
Promise → IMM compilation correctness proof1. Operational semantics of IMM’s traversal:
G ⊢ ⟨C, I⟩ → ⟨C ′, I ′⟩2. Completeness of traversal:
∀G ∈ JPKIMM. G ⊢ initTraverse →∗ ⟨G.Events,G.Writes⟩
3. Simulation theorems:
initTraverse initPromisesimulated by traverse
traverse′
promise
∃ promise′
simulated by
simulated by
Promise’s certificationPromise’s certificationvia traversal ofcertification graph
10
Promise → IMM compilation correctness proof1. Operational semantics of IMM’s traversal:
G ⊢ ⟨C, I⟩ → ⟨C ′, I ′⟩2. Completeness of traversal:
∀G ∈ JPKIMM. G ⊢ initTraverse →∗ ⟨G.Events,G.Writes⟩3. Simulation theorems:
initTraverse initPromisesimulated by traverse
traverse′
promise
∃ promise′
simulated by
simulated by
Promise’s certificationPromise’s certificationvia traversal ofcertification graph
10
Promise → IMM compilation correctness proof1. Operational semantics of IMM’s traversal:
G ⊢ ⟨C, I⟩ → ⟨C ′, I ′⟩2. Completeness of traversal:
∀G ∈ JPKIMM. G ⊢ initTraverse →∗ ⟨G.Events,G.Writes⟩3. Simulation theorems:
initTraverse initPromisesimulated by traverse
traverse′
promise
∃ promise′
simulated by
simulated by
Promise’s certificationPromise’s certificationvia traversal ofcertification graph
10
Promise → IMM compilation correctness proof1. Operational semantics of IMM’s traversal:
G ⊢ ⟨C, I⟩ → ⟨C ′, I ′⟩2. Completeness of traversal:
∀G ∈ JPKIMM. G ⊢ initTraverse →∗ ⟨G.Events,G.Writes⟩3. Simulation theorems:
initTraverse initPromisesimulated by traverse
traverse′
promise
∃ promise′
simulated by
simulated by
Promise’s certification
Promise’s certificationvia traversal ofcertification graph
10
Promise → IMM compilation correctness proof1. Operational semantics of IMM’s traversal:
G ⊢ ⟨C, I⟩ → ⟨C ′, I ′⟩2. Completeness of traversal:
∀G ∈ JPKIMM. G ⊢ initTraverse →∗ ⟨G.Events,G.Writes⟩3. Simulation theorems:
initTraverse initPromisesimulated by traverse
traverse′
promise
∃ promise′
simulated by
simulated by
Promise’s certification
Promise’s certificationvia traversal ofcertification graph
11
Traversal of IMM executiona := [x];[y] := 1;
b := [y];[x] := b;
Promised Promised
Rx1
Wy1
Ry1
Wx1
Covered
Issued
11
Traversal of IMM executiona := [x];[y] := 1;
b := [y];[x] := b;
Promised
Promised
Rx1
Wy1
Ry1
Wx1
Covered
Issued
11
Traversal of IMM executiona := [x];[y] := 1;
b := [y];[x] := b;
Promised
Promised
Rx1
Wy1
Ry1
Wx1
Covered
Issued
11
Traversal of IMM executiona := [x];[y] := 1;
b := [y];[x] := b;
Promised Promised
Rx1
Wy1
Ry1
Wx1
Covered
Issued
11
Traversal of IMM executiona := [x];[y] := 1;
b := [y];[x] := b;
Promised
Promised
Rx1
Wy1
Ry1
Wx1
Covered
Issued
11
Traversal of IMM executiona := [x];[y] := 1;
b := [y];[x] := b;
Promised
Promised
Rx1
Wy1
Ry1
Wx1
Covered
Issued
11
Traversal of IMM executiona := [x];[y] := 1;
b := [y];[x] := b;
Promised Promised
Rx1
Wy1
Ry1
Wx1
Covered
Issued
12
Bridging the Gap between PL and Hardware Weak MMs
Promise
(R)C11
WeakestMO[Chakraborty and Vafeiadis, 2019]
IMM
x86-TSO
ARMv7
ARMv8.3
RISC-V
POWER
CompCert Weak MMs1. Declarative1. Declarative2. Preserves syntactic dependencies
(deps ∪ rf is acyclic)
1. Declarative2. Preserves syntactic dependencies
(deps ∪ rf is acyclic)3. Uses C11-style coherence
(hb; eco? is irreflexive)
1. Declarative2. Preserves syntactic dependencies
(deps ∪ rf is acyclic)3. Uses C11-style coherence
(hb; eco? is irreflexive)4. Non-multicopy-atomic
w/o mutually recursive relations
plv.mpi-sws.org/imm/ Thank you!
12
Bridging the Gap between PL and Hardware Weak MMs
Promise
(R)C11
WeakestMO[Chakraborty and Vafeiadis, 2019]
IMM
x86-TSO
ARMv7
ARMv8.3
RISC-V
POWER
CompCert Weak MMs1. Declarative1. Declarative2. Preserves syntactic dependencies
(deps ∪ rf is acyclic)
1. Declarative2. Preserves syntactic dependencies
(deps ∪ rf is acyclic)3. Uses C11-style coherence
(hb; eco? is irreflexive)
1. Declarative2. Preserves syntactic dependencies
(deps ∪ rf is acyclic)3. Uses C11-style coherence
(hb; eco? is irreflexive)4. Non-multicopy-atomic
w/o mutually recursive relations
plv.mpi-sws.org/imm/ Thank you!
12
Bridging the Gap between PL and Hardware Weak MMs
Promise
(R)C11
WeakestMO[Chakraborty and Vafeiadis, 2019]
IMM
x86-TSO
ARMv7
ARMv8.3
RISC-V
POWER
CompCert Weak MMs
1. Declarative1. Declarative2. Preserves syntactic dependencies
(deps ∪ rf is acyclic)
1. Declarative2. Preserves syntactic dependencies
(deps ∪ rf is acyclic)3. Uses C11-style coherence
(hb; eco? is irreflexive)
1. Declarative2. Preserves syntactic dependencies
(deps ∪ rf is acyclic)3. Uses C11-style coherence
(hb; eco? is irreflexive)4. Non-multicopy-atomic
w/o mutually recursive relations
plv.mpi-sws.org/imm/ Thank you!
12
Bridging the Gap between PL and Hardware Weak MMs
Promise
(R)C11
WeakestMO[Chakraborty and Vafeiadis, 2019]
IMM
x86-TSO
ARMv7
ARMv8.3
RISC-V
POWER
CompCert Weak MMs
1. Declarative1. Declarative2. Preserves syntactic dependencies
(deps ∪ rf is acyclic)
1. Declarative2. Preserves syntactic dependencies
(deps ∪ rf is acyclic)3. Uses C11-style coherence
(hb; eco? is irreflexive)
1. Declarative2. Preserves syntactic dependencies
(deps ∪ rf is acyclic)3. Uses C11-style coherence
(hb; eco? is irreflexive)4. Non-multicopy-atomic
w/o mutually recursive relations
plv.mpi-sws.org/imm/ Thank you!
13
Links I
Chakraborty, S. and Vafeiadis, V. (2019).Grounding thin-air reads with event structures.In POPL 2019. ACM.Kang, J., Hur, C.-K., Lahav, O., Vafeiadis, V., and Dreyer, D. (2017).A promising semantics for relaxed-memory concurrency.In POPL 2017. ACM.
14
Backup slides
15
IMM definition
Def. G is called IMM-consistent if the following hold:• codom(G.rf) = G.R.• For every location ℓ ∈ Loc, G.co totally orders G.Wℓ.• G.rmw ∩ (G.fre ; G.coe) = ∅.• G.hb ; G.eco? is irreflexive.• G.ar is acyclic.
ar ≜ rfe ∪ bob ∪ ppo ∪ detour ∪ psc ∪ [Wstrong] ; po ; [W]bob ≜ po ; [Wrel] ∪ [Racq] ; po ∪ po ; [F] ∪ [F] ; po ∪ [Wrel] ; po|loc ; [W]ppo ≜ [R] ; (deps ∪ rfi)+ ; [W]deps ≜ data ∪ ctrl ∪ addr ; po? ∪ casdep ∪ [Rex] ; po
16
Traversal definition
a ∈ Next(G,C) ∩ Coverable(G,C, I)G ⊢ ⟨C, I⟩ → ⟨C ∪ {a}, I⟩
w ∈ Issuable(G,C, I) \ IG ⊢ ⟨C, I⟩ → ⟨C, I ∪ {w}⟩
Def. w ∈ Issuable(G,C, I) iff w ∈ G.W and the following hold:• dom(([G.Wrel] ; G.po|G.loc ∪ [G.F] ; G.po) ; [w]) ⊆ C• dom((G.detour ∪ G.rfe) ; G.ppo ; [w]) ⊆ I• dom((G.detour ∪ G.rfe) ; [G.Racq] ; G.po ; [w]) ⊆ I• dom([G.Wstrong] ; G.po ; [w]) ⊆ I
Def. e ∈ Coverable(G,C, I) iff e ∈ G.E, dom(G.po ; [e]) ⊆ C and either(i) e ∈ G.W ∩ I; (ii) e ∈ G.R and dom(G.rf ; [e]) ⊆ I;(iii) e ∈ G.F<sc; or (iv) e ∈ G.Fsc and dom(G.sc ; [e]) ⊆ C.
17
Mistake in Kang et al.17’s compilation to POWER correctness proof
Rrlxz1
Fsc
Wrlxx1
Wrlxx2
Fsc
Wrlxy1
Rrlxy1
Wrlxz1
rf
corf
Consistent in Strong-POWER.Not consistent in the promise-free declarative model of[Kang et al., 2017].
18
Promise → IMM compilation of RMWs
a := [y]rlx // 1[z]rlx := a
b := [z]rlx // 1c := FADDrlx,rel
strong (x, 1) // 0[y]rlx := c+ 1
Rrlxy1
Wrlxz1
Rrlxz1
Rrlxx0
Wrelstrongx1
Wrlxy1
data rmwdata
bobrfe