Time, clocks, and the ordering of events in a distributed system
Communications of the ACM
Lock reservation: Java locks can mostly do without atomic operations
OOPSLA '02 Proceedings of the 17th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
A Unified Formalization of Four Shared-Memory Models
IEEE Transactions on Parallel and Distributed Systems
Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Java Concurrency in Practice
A machine-checked model for a Java-like language, virtual machine, and compiler
ACM Transactions on Programming Languages and Systems (TOPLAS)
Eliminating synchronization-related atomic operations with biased locking and bulk rebiasing
Proceedings of the 21st annual ACM SIGPLAN conference on Object-oriented programming systems, languages, and applications
Foundations of the C++ concurrency memory model
Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation
On Validity of Program Transformations in the Java Memory Model
ECOOP '08 Proceedings of the 22nd European conference on Object-Oriented Programming
The semantics of x86-CC multiprocessor machine code
Proceedings of the 36th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Relaxed memory models: an operational approach
Proceedings of the 36th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A Better x86 Memory Model: x86-TSO
TPHOLs '09 Proceedings of the 22nd International Conference on Theorem Proving in Higher Order Logics
A Formally Verified Compiler Back-end
Journal of Automated Reasoning
High-level programming of embedded hard real-time devices
Proceedings of the 5th European conference on Computer systems
The java memory model: operationally, denotationally, axiomatically
ESOP'07 Proceedings of the 16th European conference on Programming
x86-TSO: a rigorous and usable programmer's model for x86 multiprocessors
Communications of the ACM
Formalising java's data race free guarantee
TPHOLs'07 Proceedings of the 20th international conference on Theorem proving in higher order logics
MemSAT: checking axiomatic specifications of memory models
PLDI '10 Proceedings of the 2010 ACM SIGPLAN conference on Programming language design and implementation
Enforcing secure object initialization in java
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Relaxed-memory concurrency and verified compilation
Proceedings of the 38th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Static analysis of run-time errors in embedded critical parallel C programs
ESOP'11/ETAPS'11 Proceedings of the 20th European conference on Programming languages and systems: part of the joint European conferences on theory and practice of software
Understanding POWER multiprocessors
Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation
A case for an SC-preserving compiler
Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation
Safe optimisations for shared-memory concurrent programs
Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation
Verifying fence elimination optimisations
SAS'11 Proceedings of the 18th international conference on Static analysis
CAV'10 Proceedings of the 22nd international conference on Computer Aided Verification
Verifying local transformations on relaxed memory models
CC'10/ETAPS'10 Proceedings of the 19th joint European conference on Theory and Practice of Software, international conference on Compiler Construction
A theory of speculative computation
ESOP'10 Proceedings of the 19th European conference on Programming Languages and Systems
Generative operational semantics for relaxed memory models
ESOP'10 Proceedings of the 19th European conference on Programming Languages and Systems
Java and the java memory model -- a unified, machine-checked formalisation
ESOP'12 Proceedings of the 21st European conference on Programming Languages and Systems
Quarantining weakness: compositional reasoning under relaxed memory models
ESOP'13 Proceedings of the 22nd European conference on Programming Languages and Systems
Making the java memory model safe
ACM Transactions on Programming Languages and Systems (TOPLAS)
| Hi-index | 0.00 |
Recent advances in verification have made it possible to envision trusted implementations of real-world languages. Java with its type-safety and fully specified semantics would appear to be an ideal candidate; yet, the complexity of the translation steps used in production virtual machines have made it a challenging target for verifying compiler technology. One of Java's key innovations, its memory model, poses significant obstacles to such an endeavor. The Java Memory Model is an ambitious attempt at specifying the behavior of multithreaded programs in a portable, hardware agnostic, way. While experts have an intuitive grasp of the properties that the model should enjoy, the specification is complex and not well-suited for integration within a verifying compiler infrastructure. Moreover, the specification is given in an axiomatic style that is distant from the intuitive reordering-based reasonings traditionally used to justify or rule out behaviors, and ill suited to the kind of operational reasoning one would expect to employ in a compiler. This paper takes a step back, and introduces a Buffered Memory Model (BMM) for Java. We choose a pragmatic point in the design space sacrificing generality in favor of a model that is fully characterized in terms of the reorderings it allows, amenable to formal reasoning, and which can be efficiently applied to a specific hardware family, namely x86 multiprocessors. Although the BMM restricts the reorderings compilers are allowed to perform, it serves as the key enabling device to achieving a verification pathway from bytecode to machine instructions. Despite its restrictions, we show that it is backwards compatible with the Java Memory Model and that it does not cripple performance on TSO architectures.