Effective Program Verification for Relaxed Memory Models
CAV '08 Proceedings of the 20th international conference on Computer Aided Verification
On Validity of Program Transformations in the Java Memory Model
ECOOP '08 Proceedings of the 22nd European conference on Object-Oriented Programming
The semantics of x86-CC multiprocessor machine code
Proceedings of the 36th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
VCC: A Practical System for Verifying Concurrent C
TPHOLs '09 Proceedings of the 22nd International Conference on Theorem Proving in Higher Order Logics
A Better x86 Memory Model: x86-TSO
TPHOLs '09 Proceedings of the 22nd International Conference on Theorem Proving in Higher Order Logics
Formalising java's data race free guarantee
TPHOLs'07 Proceedings of the 20th international conference on Theorem proving in higher order logics
Operational reasoning for concurrent caml programs and weak memory models
TPHOLs'07 Proceedings of the 20th international conference on Theorem proving in higher order logics
Reasoning about the implementation of concurrency abstractions on x86-TSO
ECOOP'10 Proceedings of the 24th European conference on Object-oriented programming
Concurrent library correctness on the TSO memory model
ESOP'12 Proceedings of the 21st European conference on Programming Languages and Systems
Comprehensive formal verification of an OS microkernel
ACM Transactions on Computer Systems (TOCS)
Hi-index | 0.00 |
When verifying a concurrent program, it is usual to assume sequentially consistent memory. However, most modern multiprocessors buffer their stores, providing native sequential consistency only at a substantial performance penalty. To regain sequential consistency, a programmer has to follow an appropriate programming discipline. However, existing naïve disciplines, such as protecting all shared accesses with locks to avoid data races, or flushing store buffers according to a protocol that allows arbitrary data races, are not flexible enough for building high-performance multiprocessor software. We present a new discipline for concurrent programming under TSO (total store order, with store buffer forwarding). Instead of using concurrency primitives, such as locks, it is based on maintaining ownership information in ghost state, allowing the discipline to be expressed as a state invariant and verified through conventional program reasoning. If every execution of a program in a system without store buffers follows the discipline, then every execution of the program in a system with store buffers is sequentially consistent.