Repairing sequential consistency in C/C++11

LahavOri,; Vafeiadis, Viktor; KangJeehoon,; HurChung-Kil,; DreyerDerek,

doi:10.1145/3140587.3062352

Cited by 37 publications

(38 citation statements)

References 31 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This argument builds on previous proof attempts [34,35]. It has recently become clear that those are unsound [47,48,49], but those issues and the mixed-size extensions appear to be orthogonal.…”

Section: Introductionmentioning

confidence: 55%

“…We now sketch an argument to show that mixed-size phenomena introduce no further complication to correctness proof for the standard compilation scheme [58] from C/C++11 concurrency to POWER, by adapting a previous proof attempt [34] to cover the models of §5 and §3. Note, however, that that previous result and proof are now known to be unsound, for unrelated reasons [47,48,49]. Specifically, the previous result does not hold for mixtures of SC and non-SC atomic C/C++11 accesses, where the requirement that the SC order of C/C++11 is consistent with happens-before is not be satisfied in all cases.…”

Section: Mixed-size C/c++11 To Powermentioning

confidence: 93%

See 1 more Smart Citation

Mixed-size concurrency: ARM, POWER, C/C++11, and SC

et al. 2017

View full text Add to dashboard Cite

show abstract

Section: Introductionmentioning

confidence: 55%

Section: Mixed-size C/c++11 To Powermentioning

confidence: 93%

Mixed-size concurrency: ARM, POWER, C/C++11, and SC

et al. 2017

View full text Add to dashboard Cite

show abstract

“…The first bullet translates to an fr relation, and the second translates to co. In our model (which for modeling purposes splits atom into separate read and write components [32]), Figure 8. Without a No-Thin-Air axiom, nothing would prevent each loads from speculating a return value of 42 and then using the other's speculation to justify its own, even though the value 42 would never be produced otherwise.…”

Section: Atomicitymentioning

confidence: 99%

“…• Empirical testing often runs into tractability limits and is inherently incomplete [2,35]. • Memory models change regularly, either intentionally [12] or because bugs are found [11,32,51]. • Writing proofs can be hard and/or tedious, especially because the use of rigorous but pedantic theorem provers such as Coq [4] or HOL [5] is the accepted standard.…”

Section: Introductionmentioning

confidence: 99%

A Formal Analysis of the NVIDIA PTX Memory Consistency Model

Lustig

Sahasrabuddhe

Giroux

2019

Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Syst

View full text Add to dashboard Cite

This paper presents the first formal analysis of the official memory consistency model for the NVIDIA PTX virtual ISA. Like other GPU memory models, the PTX memory model is weakly ordered but provides scoped synchronization primitives that enable GPU program threads to communicate through memory. However, unlike some competing GPU memory models, PTX does not require data race freedom, and this results in PTX using a fundamentally different (and more complicated) set of rules in its memory model. As such, PTX has a clear need for a rigorous and reliable memory model testing and analysis infrastructure. We break our formal analysis of the PTX memory model into multiple steps that collectively demonstrate its rigor and validity. First, we adapt the English language specification from the public PTX documentation into a formal axiomatic model. Second, we derive an up-to-date presentation of an OpenCL-like scoped C++ model and develop a mapping from the synchronization primitives of that scoped C++ model onto PTX. Third, we use the Alloy relational modeling tool to empirically test the correctness of the mapping. Finally, we compile the model and mapping into Coq and build a full machine-checked proof that the mapping is sound for programs of any size. Our analysis demonstrates that in spite of issues in previous generations, the new NVIDIA PTX memory model is suitable as a sound compilation target for GPU programming languages such as CUDA. CCS Concepts • Hardware → Theorem proving and SAT solving; • Software and its engineering → Consistency.

show abstract

“…The main reason for this gap is that the behaviour of relaxed accesses is notoriously hard to specify [3,5]. Up until recently, memory models have either been too strong (e.g., [5,14,17]), forbidding some behaviours observed with modern hardware and compilers, or they have been too weak (e.g., [4]), allowing so-called out-of-thin-air (OOTA) behaviour even though it does not occur in practice and is highly problematic.…”

Section: Introductionmentioning

confidence: 99%

A Separation Logic for a Promising Semantics

Svendsen

Pichon-Pharabod

Doko

et al. 2018

Programming Languages and Systems

Self Cite

View full text Add to dashboard Cite

We present SLR, the first expressive program logic for reasoning about concurrent programs under a weak memory model addressing the out-of-thin-air problem. Our logic includes the standard features from existing logics, such as RSL and GPS, that were previously known to be sound only under stronger memory models: (1) separation, (2) per-location invariants, and (3) ownership transfer via release-acquire synchronisation-as well as novel features for reasoning about (4) the absence of out-of-thin-air behaviours and (5) coherence. The logic is proved sound over the recent "promising" memory model of Kang et al., using a substantially different argument to soundness proofs of logics for simpler memory models.

show abstract

Repairing sequential consistency in C/C++11

Cited by 37 publications

References 31 publications

Mixed-size concurrency: ARM, POWER, C/C++11, and SC

Mixed-size concurrency: ARM, POWER, C/C++11, and SC

A Formal Analysis of the NVIDIA PTX Memory Consistency Model

A Separation Logic for a Promising Semantics

Contact Info

Product

Resources

About