Daniel Lustig
ABSTRACT
The memory consistency model is a fundamental part of any shared memory architecture or programming model. Modern weak memory models are notoriously difficult to define and to implement correctly. Most real-world programming languages, compilers, and (micro)architectures therefore rely heavily on black-box testing methodologies. The success of such techniques requires that the suite of litmus tests used to perform the testing be comprehensive--it should ideally stress all obscure corner cases of the model and of its implementation. Most litmus test suites today are generated from some combination of manual effort and randomization; however, the complex and subtle nature of contemporary memory models means that manual effort is both error-prone and subject to incomplete coverage.
This paper presents a methodology for synthesizing comprehensive litmus test suites directly from a memory model specification. By construction, these suites contain all tests satisfying a minimality criterion: that no synchronization mechanism in the test can be weakened without causing new behaviors to become observable. We formalize this notion using the Alloy modeling language, and we apply it to a number of existing and newly-proposed memory models. Our results show not only that this synthesis technique can automatically reproduce all manually-generated tests from existing suites, but also that it discovers new tests that are not as well studied.
- Advanced Micro Devices (AMD). AMD64 architecture programmer's manual. Technical report, 2016. URL: http://developer.amd.com/resources/developer-guides-manuals.Google Scholar
- S. V. Adve and M. D. Hill. Weak ordering--a new definition. In 17th Annual International Symposium on Computer Architecture (ISCA), 1990.Google ScholarDigital Library
- J. Alglave and L. Maranget. Towards a formalization of the HSA memory model in the cat language. Technical report, 2016. HSA Foundation Specification Version 1. URL: http://www.hsafoundation.com/?ddownload=5381.Google Scholar
- J. Alglave, L. Maranget, S. Sarkar, and P. Sewell. Fences in weak memory models. In 22nd International Conference on Computer Aided Verification (CAV), 2010. Google ScholarDigital Library
- J. Alglave, L. Maranget, and M. Tautschnig. Herding cats: Modelling, simulation, testing, and data mining for weak memory. ACM Transanctions on Programming Languages and Systems(TOPLAS), 36(2):7:1--7:74, July 2014. ISSN 0164-0925.Google Scholar
- J. Alglave, M. Batty, A. F. Donaldson, G. Gopalakrishnan, J. Ketema, D. Poetzl, T. Sorensen, and J. Wickerson. GPU concurrency: Weak behaviours and programming assumptions. In 20th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), 2015a. Google ScholarDigital Library
- J. Alglave, L. Maranget, and M. Tautschnig. Herding cats: Modelling, simulation, testing, and data mining for weak memory, companion material, Power litmus tests. 2015b. URL: http://diy.inria.fr/cats/showlogs/power-tests.tgz.Google Scholar
- AMD. Revision guide for AMD family 10h processors. Technical report, 2012. Bug 254. URL: http://support.amd.com/TechDocs/41322_10h_Rev_Gd.pdf.Google Scholar
- ARM. Cortex-A9 MPCore™, programmer advice notice, read-after-read hazards. Technical report, 2011. URL: http://infocenter.arm.com/help/topic/com.arm.doc.uan0004a/UAN0004A_a9_read_read.pdf.Google Scholar
- ARM Holdings. ARM architecture reference manuals. Technical report, 2016. URL: http://infocenter.arm.com/help/topic/com.arm.doc.set.architecture.Google Scholar
- M. Batty, A. F. Donaldson, and J. Wickerson. Overhauling sc atomics in c11 and opencl. In 43rd Annual Symposium on Principles of Programming Languages (POPL), 2016. Google ScholarDigital Library
- H.-J. Boehm and S. V. Adve. Foundations of the C++ concurrency memory model. In 29th Annual Conference on Programming Language Design and Implementation (PLDI), 2008. Google ScholarDigital Library
- H.-J. Boehm and B. Demsky. Outlawing ghosts: Avoiding out-of-thin-air results. In Workshop on Memory Systems Performance and Correctness (MSPC), 2014. Google ScholarDigital Library
- S. Hangal, D. Vahia, C. Manovit, and J.-Y. J. Lu. TSOtool: A program for verifying memory systems using the memory consistency model. In 31st Annual International Symposium on Computer Architecture (ISCA), 2004. Google ScholarDigital Library
- Intel. A formal specification of Intel Itanium processor family memory ordering. Technical report, 2002. URL: ftp://download.intel.com/design/Itanium/Downloads/25142901.pdf.Google Scholar
- Intel. Intel Xeon processor E5 v3 product family, processor specification update. Technical report, 2016a. Bug HSE44. URL: http://www.intel.com/content/dam/www/public/us/en/documents/specification-updates/xeon-e5-v3-spec-update.pdf.Google Scholar
- Intel. Intel®© 64 and IA-32 architectures software developer manuals.Google Scholar
- Technical report, 2016b. URL: http://www.intel.com/content/www/us/en/processors/architectures-software-developer-manuals.html.Google Scholar
- International Organization for Standardization (ISO). Information technology -- programming languages -- C, ISO/IEC 9899:2011. Technical report, Dec. 2011a.Google Scholar
- International Organization for Standardization (ISO). Information technology -- programming languages -- C++, ISO/IEC 14882:2011. Technical report, Sept. 2011b.Google Scholar
- D. Jackson. Alloy: A lightweight object modelling notation. In ACM Transactions on Software Engineering and Methodology (TOSEM), volume 11, Apr. 2002. URL: http://alloy.mit.edu.Google Scholar
- Khronos Group. The OpenCL specification, version 2.1. Technical report, 2015. URL: https://www.khronos.org/registry/cl/specs/opencl-2.1.pdf.Google Scholar
- L. Lamport. How to make a multiprocessor computer that correctly executes multiprocess programs. IEEE Transactions on Computers, 28, 1979. Google ScholarDigital Library
- D. Lustig, G. Sethi, M. Martonosi, and A. Bhattacharjee. COATCheck: Verifying memory ordering at the hardware-OS interface. In 21st International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), 2016. Google ScholarDigital Library
- S. Mador-Haim, R. Alur, and M. M. K. Martin. Generating litmus tests for contrasting memory consistency models. In 22nd International Conference on Computer Aided Verification (CAV), 2010. Google ScholarDigital Library
- S. Mador-Haim, L. Maranget, S. Sarkar, K. Memarian, J. Alglave, S. Owens, R. Alur, M. M. K. Martin, P. Sewell, and D. Williams. An axiomatic memory model for power multiprocessors. In 24th International Conference on Computer Aided Verification (CAV), 2012. Google ScholarDigital Library
- Y. A. Manerkar, C. Trippel, D. Lustig, M. Pellauer, and M. Martonosi. Counterexamples and proof loophole for the C/C++ to POWER and ARMv7 trailing-sync compiler mappings. arXiv, 1611.01507v2, Nov 2016.Google Scholar
- C. Manovit, S. Hangal, H. Chafi, A. McDonald, C. Kozyrakis, and K. Olukotun. Testing implementations of transactional memory. In 15th International Conference on Parallel Architectures and Compilation Techniques (PACT), 2006. Google ScholarDigital Library
- A. Milicevic, J. P. Near, E. Kang, and D. Jackson. Alloy*: A higher-order relational constraint solver. In 37th International Conference on Software Engineering (ICSE), 2015.Google Scholar
- S. Owens, S. Sarkar, and P. Sewell. A better x86 memory model: x86-TSO. In 22nd International Conference on Theorem Proving in Higher Order Logics (TPHOLs), 2009. Google ScholarDigital Library
- Power.org. Power ISA TM version 2.0 Technical report, 2013. URL: https://www.power.org/wp-content/uploads/2013/05/PowerISA_V2.07_PUBLIC.pdf.Google Scholar
- S. Sarkar, P. Sewell, J. Alglave, L. Maranget, and D. Williams. Understanding POWER multiprocessors, companion material, POWER and ARM litmus tests. Technical report, 2011a. URL: https://www.cl.cam.ac.uk/~pes20/ppc-supplemental/test6.pdf.Google Scholar
- S. Sarkar, P. Sewell, J. Alglave, L. Maranget, and D. Williams. Understanding POWER multiprocessors. In 32nd Conference on Programming Language Design and Implementation (PLDI), 2011b. Google ScholarDigital Library
- J. Šečík and D. Aspinall. On validity of program transformations in the java memory model. In 22nd European Conference on Object-Oriented Programming (ECOOP), 2008.Google Scholar
- T. Sorensen and A. F. Donaldson. Exposing errors related to weak memory in GPU applications. In 37th Conference on Programming Language Design and Implementation (PLDI), 2016. Google ScholarDigital Library
- SPARC International. The SPARC architecture manual, version Technical report, 1993.Google Scholar
- E. Torlak and D. Jackson. Kodkod: A relational model finder. In 13th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS), 2007. Google ScholarCross Ref
- V. Vafeiadis, T. Balabonski, S. Chakraborty, R. Morisset, and F. Zappa Nardelli. Common compiler optimisations are invalid in the C11 memory model and what we can do about it. In 42nd Symposium on Principles of Programming Languages (POPL), 2015. Google ScholarDigital Library
- J. Wickerson, M. Batty, T. Sorensen, and G. A. Constantinides. Automatically comparing memory consistency models. 44th Symposium on Principles of Programming Languages (POPL), 2017 Google ScholarDigital Library
Index Terms
- Automated Synthesis of Comprehensive Memory Model Litmus Test Suites
Recommendations
Automated Synthesis of Comprehensive Memory Model Litmus Test Suites
ASPLOS '17The memory consistency model is a fundamental part of any shared memory architecture or programming model. Modern weak memory models are notoriously difficult to define and to implement correctly. Most real-world programming languages, compilers, and (...
Automated Synthesis of Comprehensive Memory Model Litmus Test Suites
Asplos'17The memory consistency model is a fundamental part of any shared memory architecture or programming model. Modern weak memory models are notoriously difficult to define and to implement correctly. Most real-world programming languages, compilers, and (...
Litmus tests for comparing memory consistency models: how long do they need to be?
DAC '11: Proceedings of the 48th Design Automation ConferenceMemory consistency litmus tests are small parallel programs that are designed to illustrate subtle differences between memory consistency models by exhibiting different outcomes for different models. In this paper, we show that for a class of memory ...
Comments