Affiliation:
1. University of Cambridge
2. INRIA
Abstract
Exploiting the multiprocessors that have recently become ubiquitous requires high-performance and reliable concurrent systems code, for concurrent data structures, operating system kernels, synchronization libraries, compilers, and so on. However, concurrent programming, which is always challenging, is made much more so by two problems. First, real multiprocessors typically do not provide the sequentially consistent memory that is assumed by most work on semantics and verification. Instead, they have relaxed memory models, varying in subtle ways between processor families, in which different hardware threads may have only loosely consistent views of a shared memory. Second, the public vendor architectures, supposedly specifying what programmers can rely on, are often in ambiguous informal prose (a particularly poor medium for loose specifications), leading to widespread confusion.
In this paper we focus on x86 processors. We review several recent Intel and AMD specifications, showing that all contain serious ambiguities, some are arguably too weak to program above, and some are simply unsound with respect to actual hardware. We present a new
x86-TSO
programmer's model that, to the best of our knowledge, suffers from none of these problems. It is mathematically precise (rigorously defined in HOL4) but can be presented as an intuitive abstract machine which should be widely accessible to working programmers. We illustrate how this can be used to reason about the correctness of a Linux spinlock implementation and describe a general theory of data-race freedom for x86-TSO. This should put x86 multiprocessor system building on a more solid foundation; it should also provide a basis for future work on verification of such systems.
Funder
Engineering and Physical Sciences Research Council
Agence Nationale de la Recherche
Publisher
Association for Computing Machinery (ACM)
Reference31 articles.
1. Linux kernel mailing list thread "spin_unlock optimization (i386)" 119 messages Nov. 20--Dec. 7 1999 http://www.gossamer-threads.com/lists/engine?post=105365;list=linux. Accessed 2009/11/18. Linux kernel mailing list thread "spin_unlock optimization (i386)" 119 messages Nov. 20--Dec. 7 1999 http://www.gossamer-threads.com/lists/engine?post=105365;list=linux. Accessed 2009/11/18.
2. AMD64 Architecture Programmer's Manual (3 vols). Advanced Micro Devices Sept. 2007. rev. 3.14. AMD64 Architecture Programmer's Manual (3 vols ). Advanced Micro Devices Sept. 2007. rev. 3.14.
3. Intel 64 architecture memory ordering white paper 2007. Intel Corporation. SKU 318147-001. Intel 64 architecture memory ordering white paper 2007. Intel Corporation. SKU 318147-001.
4. Intel 64 and IA-32 Architectures Software Developer's Manual (5 vols). Intel Corporation Mar. 2010. rev. 34. Intel 64 and IA-32 Architectures Software Developer's Manual (5 vols ). Intel Corporation Mar. 2010. rev. 34.
Cited by
303 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献