the semantics of transactions and weak memory …...the semantics of transactions and weak memory in...
TRANSCRIPT
![Page 1: THE SEMANTICS OF TRANSACTIONS AND WEAK MEMORY …...THE SEMANTICS OF TRANSACTIONS AND WEAK MEMORY IN X86, POWER, ARM, AND C++ Tyler Sorensen Princeton University John Wickerson Imperial](https://reader030.vdocument.in/reader030/viewer/2022040908/5e7f21ba0ec8141a2c5c80d3/html5/thumbnails/1.jpg)
THE SEMANTICS OF TRANSACTIONS AND WEAK MEMORY
IN X86, POWER, ARM, AND C++
Tyler Sorensen Princeton University
John Wickerson Imperial College London
Nathan Chong Arm Ltd.
USENIX Annual Technical Conference, 11 July 2019
![Page 2: THE SEMANTICS OF TRANSACTIONS AND WEAK MEMORY …...THE SEMANTICS OF TRANSACTIONS AND WEAK MEMORY IN X86, POWER, ARM, AND C++ Tyler Sorensen Princeton University John Wickerson Imperial](https://reader030.vdocument.in/reader030/viewer/2022040908/5e7f21ba0ec8141a2c5c80d3/html5/thumbnails/2.jpg)
WEAK MEMORY
!2
8 > > > > > > > < > > > > > > > :SC
8 > > > > > > > > > > > > < > > > > > > > > > > > > :x86
r0=1r1=0
r0=0r1=1
r0=1r1=1
r0=0r1=0
MOV [x] 1 MOV [y] 1
MOV r0 [y] MOV r1 [x]
![Page 3: THE SEMANTICS OF TRANSACTIONS AND WEAK MEMORY …...THE SEMANTICS OF TRANSACTIONS AND WEAK MEMORY IN X86, POWER, ARM, AND C++ Tyler Sorensen Princeton University John Wickerson Imperial](https://reader030.vdocument.in/reader030/viewer/2022040908/5e7f21ba0ec8141a2c5c80d3/html5/thumbnails/3.jpg)
WEAK MEMORY
!3
8 > > > > > > > < > > > > > > > :SC
8 > > > > > > > > > > > > < > > > > > > > > > > > > :x86
r0=1r1=0
r0=0r1=1
r0=1r1=1
r0=0r1=0
MOV [x] 1 MOV [y] 1
MOV r0 [y] MOV r1 [x]
![Page 4: THE SEMANTICS OF TRANSACTIONS AND WEAK MEMORY …...THE SEMANTICS OF TRANSACTIONS AND WEAK MEMORY IN X86, POWER, ARM, AND C++ Tyler Sorensen Princeton University John Wickerson Imperial](https://reader030.vdocument.in/reader030/viewer/2022040908/5e7f21ba0ec8141a2c5c80d3/html5/thumbnails/4.jpg)
WEAK MEMORY IS HARD!
• x86 proved tricky to formalise correctly [Sarkar et al., POPL'09; Owens et al., TPHOLs'09]
• Bug found in deployed "Power 5" processors [Alglave et al., CAV'10]
• C++ specification did not guarantee its own key property [Batty et al., POPL'11]
• Routine compiler optimisations are invalid under Java and C++ memory models [Sevcik, PLDI'11; Vafeiadis et al. POPL'15]
• Behaviour of NVIDIA graphics processors contradicted NVIDIA's programming guide [Alglave et al., ASPLOS'15]
!4
![Page 5: THE SEMANTICS OF TRANSACTIONS AND WEAK MEMORY …...THE SEMANTICS OF TRANSACTIONS AND WEAK MEMORY IN X86, POWER, ARM, AND C++ Tyler Sorensen Princeton University John Wickerson Imperial](https://reader030.vdocument.in/reader030/viewer/2022040908/5e7f21ba0ec8141a2c5c80d3/html5/thumbnails/5.jpg)
MODELLING WEAK MEMORY
!5
MOV [x] 1 MOV [y] 1
MOV r0 [y] MOV r1 [x]
r0=1 r1=1
W x 1
R y 1
W y 1
R x 1
rf
rfpo po
W x 1
R y 0
W y 1
R x 1po po
rffr
W x 1
R y 1
W y 1
R x 0po
rfpo
fr
W x 1
R y 0
W y 1
R x 0po po
fr
fr
x86:
SC:
x86:
SC:
x86:
SC:
x86:
SC:
r0=0 r1=1 r0=1 r1=0 r0=0 r1=0
![Page 6: THE SEMANTICS OF TRANSACTIONS AND WEAK MEMORY …...THE SEMANTICS OF TRANSACTIONS AND WEAK MEMORY IN X86, POWER, ARM, AND C++ Tyler Sorensen Princeton University John Wickerson Imperial](https://reader030.vdocument.in/reader030/viewer/2022040908/5e7f21ba0ec8141a2c5c80d3/html5/thumbnails/6.jpg)
TRANSACTIONAL MEMORY
!6
• X86: XBEGIN
...
XEND
• Power: tbegin ...
tend
• ARM: tstart
...
tcommit
• C++: atomic {
...
}
![Page 7: THE SEMANTICS OF TRANSACTIONS AND WEAK MEMORY …...THE SEMANTICS OF TRANSACTIONS AND WEAK MEMORY IN X86, POWER, ARM, AND C++ Tyler Sorensen Princeton University John Wickerson Imperial](https://reader030.vdocument.in/reader030/viewer/2022040908/5e7f21ba0ec8141a2c5c80d3/html5/thumbnails/7.jpg)
WEAK MEMORY + TM = ?
!7
r0=1r1=0
r0=0r1=1
r0=1r1=1
r0=0r1=0
MOV [x] 1MOV r0 [y]
MOV [y] 1MOV r1 [x]
XBEGIN
XEND
XBEGIN
XEND
8 > > > > > > > < > > > > > > > :SC
8 > > > > > > > > > > > > < > > > > > > > > > > > > :x86
![Page 8: THE SEMANTICS OF TRANSACTIONS AND WEAK MEMORY …...THE SEMANTICS OF TRANSACTIONS AND WEAK MEMORY IN X86, POWER, ARM, AND C++ Tyler Sorensen Princeton University John Wickerson Imperial](https://reader030.vdocument.in/reader030/viewer/2022040908/5e7f21ba0ec8141a2c5c80d3/html5/thumbnails/8.jpg)
WEAK MEMORY + TM = ?
!8
8 > > > > > > > < > > > > > > > :SC
8 > > > > > > > > > > > > < > > > > > > > > > > > > :x86
r0=1r1=0
r0=0r1=1
r0=1r1=1
r0=0r1=0
MOV [x] 1MOV r0 [y]
MOV [y] 1MOV r1 [x]
8 > > > > > > > < > > > > > > > :
transactional SC
XBEGIN
XEND
XBEGIN
XEND
![Page 9: THE SEMANTICS OF TRANSACTIONS AND WEAK MEMORY …...THE SEMANTICS OF TRANSACTIONS AND WEAK MEMORY IN X86, POWER, ARM, AND C++ Tyler Sorensen Princeton University John Wickerson Imperial](https://reader030.vdocument.in/reader030/viewer/2022040908/5e7f21ba0ec8141a2c5c80d3/html5/thumbnails/9.jpg)
BUILDING OUR MODELS
!9
x86:
Power:
ARM:
C++:
![Page 10: THE SEMANTICS OF TRANSACTIONS AND WEAK MEMORY …...THE SEMANTICS OF TRANSACTIONS AND WEAK MEMORY IN X86, POWER, ARM, AND C++ Tyler Sorensen Princeton University John Wickerson Imperial](https://reader030.vdocument.in/reader030/viewer/2022040908/5e7f21ba0ec8141a2c5c80d3/html5/thumbnails/10.jpg)
VALIDATING OUR MODELS
!10
1. Consult architecture manuals.
2. Interview engineers.
3. Check models have reasonable mathematical properties (e.g. adding/extending/coalescing transactions is safe).
4. Check that models validate existing compiler mappings.
5. Generate conformance tests and run them on hardware.
![Page 11: THE SEMANTICS OF TRANSACTIONS AND WEAK MEMORY …...THE SEMANTICS OF TRANSACTIONS AND WEAK MEMORY IN X86, POWER, ARM, AND C++ Tyler Sorensen Princeton University John Wickerson Imperial](https://reader030.vdocument.in/reader030/viewer/2022040908/5e7f21ba0ec8141a2c5c80d3/html5/thumbnails/11.jpg)
VALIDATING OUR MODELS
!11
x86
Num
ber o
f tes
ts
0
100
200
300
400
Test size (instructions)
2 3 4 5 6 7
Power
Num
ber o
f tes
ts
0
250
500
750
1000
Test size (instructions)
2 3 4 5 6
Behaviours that must be forbidden
![Page 12: THE SEMANTICS OF TRANSACTIONS AND WEAK MEMORY …...THE SEMANTICS OF TRANSACTIONS AND WEAK MEMORY IN X86, POWER, ARM, AND C++ Tyler Sorensen Princeton University John Wickerson Imperial](https://reader030.vdocument.in/reader030/viewer/2022040908/5e7f21ba0ec8141a2c5c80d3/html5/thumbnails/12.jpg)
VALIDATING OUR MODELS
!12
x86
Num
ber o
f tes
ts
0
750
1500
2250
3000
Test size (instructions)
2 3 4 5 6 7
Behaviours that should be allowed
Power
Num
ber o
f tes
ts
0
1500
3000
4500
6000
Test size (instructions)
2 3 4 5 6
![Page 13: THE SEMANTICS OF TRANSACTIONS AND WEAK MEMORY …...THE SEMANTICS OF TRANSACTIONS AND WEAK MEMORY IN X86, POWER, ARM, AND C++ Tyler Sorensen Princeton University John Wickerson Imperial](https://reader030.vdocument.in/reader030/viewer/2022040908/5e7f21ba0ec8141a2c5c80d3/html5/thumbnails/13.jpg)
USING OUR MODELS
![Page 14: THE SEMANTICS OF TRANSACTIONS AND WEAK MEMORY …...THE SEMANTICS OF TRANSACTIONS AND WEAK MEMORY IN X86, POWER, ARM, AND C++ Tyler Sorensen Princeton University John Wickerson Imperial](https://reader030.vdocument.in/reader030/viewer/2022040908/5e7f21ba0ec8141a2c5c80d3/html5/thumbnails/14.jpg)
LOCK ELISION
!14
lock()X = X + 2unlock()
lock()X = 1unlock()
![Page 15: THE SEMANTICS OF TRANSACTIONS AND WEAK MEMORY …...THE SEMANTICS OF TRANSACTIONS AND WEAK MEMORY IN X86, POWER, ARM, AND C++ Tyler Sorensen Princeton University John Wickerson Imperial](https://reader030.vdocument.in/reader030/viewer/2022040908/5e7f21ba0ec8141a2c5c80d3/html5/thumbnails/15.jpg)
LOCK ELISION
!15
lock()ldr W5,[X]add W5,W5,#2str W5,[X]unlock()
lock()mov W7,#1str W7,[X]unlock()
![Page 16: THE SEMANTICS OF TRANSACTIONS AND WEAK MEMORY …...THE SEMANTICS OF TRANSACTIONS AND WEAK MEMORY IN X86, POWER, ARM, AND C++ Tyler Sorensen Princeton University John Wickerson Imperial](https://reader030.vdocument.in/reader030/viewer/2022040908/5e7f21ba0ec8141a2c5c80d3/html5/thumbnails/16.jpg)
LOCK ELISION
!16
lock()mov W7,#1str W7,[X]unlock()
Loop:ldaxr W2,[M]cbnz W2,Loopmov W3,#1stxr W4,W3,[M]cbnz W4,Loopldr W5,[X]add W5,W5,#2str W5,[X]stlr WZR,[M]
![Page 17: THE SEMANTICS OF TRANSACTIONS AND WEAK MEMORY …...THE SEMANTICS OF TRANSACTIONS AND WEAK MEMORY IN X86, POWER, ARM, AND C++ Tyler Sorensen Princeton University John Wickerson Imperial](https://reader030.vdocument.in/reader030/viewer/2022040908/5e7f21ba0ec8141a2c5c80d3/html5/thumbnails/17.jpg)
LOCK ELISION
!17
Loop:ldaxr W2,[M]cbnz W2,Loopmov W3,#1stxr W4,W3,[M]cbnz W4,Loopldr W5,[X]add W5,W5,#2str W5,[X]stlr WZR,[M]
tstartldr W6,[M]cbz W6,L1tcancelL1:mov W7,#1str W7,[X]tcommit
![Page 18: THE SEMANTICS OF TRANSACTIONS AND WEAK MEMORY …...THE SEMANTICS OF TRANSACTIONS AND WEAK MEMORY IN X86, POWER, ARM, AND C++ Tyler Sorensen Princeton University John Wickerson Imperial](https://reader030.vdocument.in/reader030/viewer/2022040908/5e7f21ba0ec8141a2c5c80d3/html5/thumbnails/18.jpg)
LOCK ELISION
!18
![Page 19: THE SEMANTICS OF TRANSACTIONS AND WEAK MEMORY …...THE SEMANTICS OF TRANSACTIONS AND WEAK MEMORY IN X86, POWER, ARM, AND C++ Tyler Sorensen Princeton University John Wickerson Imperial](https://reader030.vdocument.in/reader030/viewer/2022040908/5e7f21ba0ec8141a2c5c80d3/html5/thumbnails/19.jpg)
CONCLUSION
• Weak memory is pervasive, and transactional memory is entering the mainstream.
• We have designed and validated formal models of how these features interact in x86, Power, ARM, and C++.
• Weak memory + transactions + lock elision = tricky!
!19
![Page 20: THE SEMANTICS OF TRANSACTIONS AND WEAK MEMORY …...THE SEMANTICS OF TRANSACTIONS AND WEAK MEMORY IN X86, POWER, ARM, AND C++ Tyler Sorensen Princeton University John Wickerson Imperial](https://reader030.vdocument.in/reader030/viewer/2022040908/5e7f21ba0ec8141a2c5c80d3/html5/thumbnails/20.jpg)
THE SEMANTICS OF TRANSACTIONS AND WEAK MEMORY
IN X86, POWER, ARM, AND C++
Tyler Sorensen Princeton University
John Wickerson Imperial College London
Nathan Chong Arm Ltd.
USENIX Annual Technical Conference, 11 July 2019