0 anton podkopaev
play

0 Anton Podkopaev Researcher @ JetBrains Research Postdoc @ - PowerPoint PPT Presentation

Aug 16, 2022 •453 likes •1.71k views

Programming language memory models: Problems, Solutions, and Directions Anton Podkopaev anton@ podkopaev.net 0 Anton Podkopaev Researcher @ JetBrains Research Postdoc @ MPI-SWS Docent @ HSE Programming languages Weak memory concurrency

  1. 1. support compiler optimizations 2. provide effjcient compilation to hardware 3. have easy non-expert mode Requirements to (Weak) Memory Models Hardware MMs should [x86, Power, ARM, RISC-V] 1. describe real CPUs 2. save room for future optimizations 3. provide reasonable guarantees for PLs Programming languages’ MMs should [C/C++, Java, JS, Wasm, OCaml] 6

  2. Requirements to (Weak) Memory Models Hardware MMs should [x86, Power, ARM, RISC-V] 1. describe real CPUs 2. save room for future optimizations 3. provide reasonable guarantees for PLs Programming languages’ MMs should [C/C++, Java, JS, Wasm, OCaml] 1. support compiler optimizations 2. provide effjcient compilation to hardware 3. have easy non-expert mode 6

  3. Requirements to (Weak) Memory Models Hardware MMs should [x86, Power, ARM, RISC-V] 1. describe real CPUs 2. save room for future optimizations 3. provide reasonable guarantees for PLs Programming languages’ MMs should [C/C++, Java, JS, Wasm, OCaml] 1. support compiler optimizations 2. provide effjcient compilation to hardware 3. have easy non-expert mode 6

  4. a y y 1 Optimized x 1 b x 1. Compiler optimizations [ x ] := 1 ; [ y ] := 1 ; Source a := [ y ]; b := [ x ]; 7

  5. a y y 1 Optimized x 1 b x 1. Compiler optimizations [ x ] := 1 ; [ y ] := 1 ; Source a := [ y ]; b := [ x ]; 7

  6. 1. Compiler optimizations [ x ] := 1 ; [ y ] := 1 ; Source a := [ y ]; b := [ x ]; a := [ y ]; [ y ] := 1 ; Optimized [ x ] := 1 ; b := [ x ]; 7

  7. 1. Compiler optimizations [ x ] := 1 ; [ y ] := 1 ; Source a := [ y ]; b := [ x ]; ⊆ a := [ y ]; [ y ] := 1 ; Optimized [ x ] := 1 ; b := [ x ]; 7

  8. 2. Effjcient compilation to hardware [ x ] := 1 ; [ y ] := 1 ; Source MM (SC) a := [ y ]; b := [ x ]; [ x ] := 1 ; [ y ] := 1 ; Target MM (x86) mfence ; mfence ; a := [ y ]; b := [ x ]; 8

  9. 2. Effjcient compilation to hardware [ x ] := 1 ; [ y ] := 1 ; Source MM (SC) a := [ y ]; b := [ x ]; No compilation scheme w/o fences [ x ] := 1 ; [ y ] := 1 ; Target MM (x86) mfence ; mfence ; a := [ y ]; b := [ x ]; 8

  10. D ata- R ace- F reedom guarantee: a x b y if a then if b then y 1 x 1 C/C++ MM allows to get a b 1 1 is O ut- O f- T hin- A ir outcome a b 3. Easy non-expert mode Nice program ⇒ nice behaviors 9

  11. D ata- R ace- F reedom guarantee: a x b y if a then if b then y 1 x 1 C/C++ MM allows to get a b 1 1 is O ut- O f- T hin- A ir outcome a b 3. Easy non-expert mode No data races ⇒ only SC behaviors 9

  12. D ata- R ace- F reedom guarantee: a x b y if a then if b then y 1 x 1 C/C++ MM allows to get a b 1 1 is O ut- O f- T hin- A ir outcome a b 3. Easy non-expert mode No data races in SC executions ⇒ only SC behaviors 9

  13. a x b y if a then if b then y 1 x 1 C/C++ MM allows to get a b 1 1 is O ut- O f- T hin- A ir outcome a b 3. Easy non-expert mode D ata- R ace- F reedom guarantee: No data races in SC executions ⇒ only SC behaviors 9

  14. C/C++ MM allows to get a b 1 1 is O ut- O f- T hin- A ir outcome a b 3. Easy non-expert mode D ata- R ace- F reedom guarantee: No data races in SC executions ⇒ only SC behaviors a := [ x ]; b := [ y ]; if a then if b then [ y ] := 1 [ x ] := 1 9

  15. 1 is O ut- O f- T hin- A ir outcome a b 3. Easy non-expert mode D ata- R ace- F reedom guarantee: No data races in SC executions ⇒ only SC behaviors a := [ x ]; b := [ y ]; if a then if b then [ y ] := 1 [ x ] := 1 C/C++ MM allows to get a = b = 1 9

  16. 3. Easy non-expert mode D ata- R ace- F reedom guarantee: No data races in SC executions ⇒ only SC behaviors a := [ x ]; b := [ y ]; if a then if b then [ y ] := 1 [ x ] := 1 C/C++ MM allows to get a = b = 1 a = b = 1 is O ut- O f- T hin- A ir outcome 9

  17. Simplicity No UB RC11 [Lahav et al., 2017] Promising [Kang et al., 2017, Lee et al., 2020] Weakestmo [Chakraborty and Vafeiadis, 2019] Modular Relaxed Dep. [Paviotti et al., 2020] OCaml MM [Dolan et al., 2018] Thank you! http://podkopaev.net Programming languages’ MM to Hardware Comp. Opt. (No OOTA) Efg. Comp. DRF SC [Lamport, 1979] Java MM [Manson et al., 2005] C/C++ MM [Batty et al., 2011] 10

  18. Simplicity No UB RC11 [Lahav et al., 2017] Promising [Kang et al., 2017, Lee et al., 2020] Weakestmo [Chakraborty and Vafeiadis, 2019] Modular Relaxed Dep. [Paviotti et al., 2020] OCaml MM [Dolan et al., 2018] Thank you! http://podkopaev.net Programming languages’ MM to Hardware Comp. Opt. (No OOTA) Efg. Comp. DRF SC [Lamport, 1979] Java MM [Manson et al., 2005] C/C++ MM [Batty et al., 2011] 11

  19. Validity of transformations [Ševčík and Aspinall, 2008] JMM SC Trace-preserving transformations ✓ Reordering normal memory accesses ✗ Redundant read after read elimination ✓ Redundant read after write elimination ✓ Irrelevant read elimination ✓ Irrelevant read introduction ✓ Redundant write before write elimination ✓ Redundant write after read elimination ✓ External action reordering ✗ 12

  20. Drawbacks: Hardware still allows weak behaviors, i.e., no end-to-end SC Requires modifying existing compilers SC-preserving optimizations in LLVM [Marino et al., 2011] Average slowdown: ▶ 34% w/ only SC preserving optimizations ▶ 5.5% w/ optimizations modifjed to preserve SC 13

  21. SC-preserving optimizations in LLVM [Marino et al., 2011] Average slowdown: ▶ 34% w/ only SC preserving optimizations ▶ 5.5% w/ optimizations modifjed to preserve SC Drawbacks: ▶ Hardware still allows weak behaviors, i.e., no end-to-end SC ▶ Requires modifying existing compilers 13

  22. Simplicity No UB RC11 [Lahav et al., 2017] Promising [Kang et al., 2017, Lee et al., 2020] Weakestmo [Chakraborty and Vafeiadis, 2019] Modular Relaxed Dep. [Paviotti et al., 2020] OCaml MM [Dolan et al., 2018] Thank you! http://podkopaev.net Programming languages’ MM to Hardware Comp. Opt. (No OOTA) Efg. Comp. DRF SC [Lamport, 1979] Java MM [Manson et al., 2005] C/C++ MM [Batty et al., 2011] 14

  23. Validity of transformations [Ševčík and Aspinall, 2008] SC JMM ∗ Trace-preserving transformations ✓ ✓ Reordering normal memory accesses ✓ ∗ ✗ Redundant read after read elimination ✓ ✗ Redundant read after write elimination ✓ ✓ Irrelevant read elimination ✓ ✓ Irrelevant read introduction ✓ ✗ Redundant write before write elimination ✓ ✓ Redundant write after read elimination ✓ ✗ External action reordering ✗ ✗ 15

  24. Validity of transformations [Ševčík and Aspinall, 2008] SC JMM ∗ Trace-preserving transformations ✓ ✓ Reordering normal memory accesses ✓ ∗ ✗ Redundant read after read elimination ✓ ✗ Redundant read after write elimination ✓ ✓ Irrelevant read elimination ✓ ✓ Irrelevant read introduction ✓ ✗ Redundant write before write elimination ✓ ✓ Redundant write after read elimination ✓ ✗ External action reordering ✗ ✗ 15

  25. Simplicity No UB RC11 [Lahav et al., 2017] Promising [Kang et al., 2017, Lee et al., 2020] Weakestmo [Chakraborty and Vafeiadis, 2019] Modular Relaxed Dep. [Paviotti et al., 2020] OCaml MM [Dolan et al., 2018] Thank you! http://podkopaev.net Programming languages’ MM to Hardware Comp. Opt. (No OOTA) Efg. Comp. DRF SC [Lamport, 1979] Java MM [Manson et al., 2005] C/C++ MM [Batty et al., 2011] 16

  26. Simplicity No UB RC11 [Lahav et al., 2017] Promising [Kang et al., 2017, Lee et al., 2020] Weakestmo [Chakraborty and Vafeiadis, 2019] Modular Relaxed Dep. [Paviotti et al., 2020] OCaml MM [Dolan et al., 2018] Thank you! http://podkopaev.net Programming languages’ MM to Hardware Comp. Opt. (No OOTA) Efg. Comp. DRF SC [Lamport, 1979] Java MM [Manson et al., 2005] C/C++ MM [Batty et al., 2011] 16

  27. Simplicity No UB RC11 [Lahav et al., 2017] Promising [Kang et al., 2017, Lee et al., 2020] Weakestmo [Chakraborty and Vafeiadis, 2019] Modular Relaxed Dep. [Paviotti et al., 2020] OCaml MM [Dolan et al., 2018] Thank you! http://podkopaev.net Programming languages’ MM to Hardware Comp. Opt. (No OOTA) Efg. Comp. DRF SC [Lamport, 1979] Java MM [Manson et al., 2005] C/C++ MM [Batty et al., 2011] 16

  28. End-to-end SC via Volatile JVM [Liu et al., 2017, Liu et al., 2019] Java MM guarantees D ata- R ace- F reedom: Shared locations are volatile (no data races) ⇒ SC semantics 17

  29. 28 79 81 164 57 85 157 73 125 103 End-to-end SC via Volatile JVM [Liu et al., 2017, Liu et al., 2019] Benchmarks Slowdown, in % DaCapo spark-perf x86 Average Max ARM (1) Average Max ARM (2) Average Max 17

  30. 57 85 157 73 125 103 End-to-end SC via Volatile JVM [Liu et al., 2017, Liu et al., 2019] Benchmarks Slowdown, in % DaCapo spark-perf x86 Average 28 79 Max 81 164 ARM (1) Average Max ARM (2) Average Max 17

  31. 73 125 103 End-to-end SC via Volatile JVM [Liu et al., 2017, Liu et al., 2019] Benchmarks Slowdown, in % DaCapo spark-perf x86 Average 28 79 Max 81 164 ARM (1) Average 57 85 Max 157 ∞ ARM (2) Average Max 17

  32. End-to-end SC via Volatile JVM [Liu et al., 2017, Liu et al., 2019] Benchmarks Slowdown, in % DaCapo spark-perf x86 Average 28 79 Max 81 164 ARM (1) Average 57 85 Max 157 ∞ ARM (2) Average 73 125 Max 103 ∞ 17

  33. Simplicity No UB RC11 [Lahav et al., 2017] Promising [Kang et al., 2017, Lee et al., 2020] Weakestmo [Chakraborty and Vafeiadis, 2019] Modular Relaxed Dep. [Paviotti et al., 2020] OCaml MM [Dolan et al., 2018] Thank you! http://podkopaev.net Programming languages’ MM to Hardware Comp. Opt. (No OOTA) Efg. Comp. DRF SC [Lamport, 1979] Java MM [Manson et al., 2005] C/C++ MM [Batty et al., 2011] 18

  34. Simplicity No UB RC11 [Lahav et al., 2017] Promising [Kang et al., 2017, Lee et al., 2020] Weakestmo [Chakraborty and Vafeiadis, 2019] Modular Relaxed Dep. [Paviotti et al., 2020] OCaml MM [Dolan et al., 2018] Thank you! http://podkopaev.net Programming languages’ MM to Hardware Comp. Opt. (No OOTA) Efg. Comp. DRF SC [Lamport, 1979] Java MM [Manson et al., 2005] C/C++ MM [Batty et al., 2011] 18

  35. Simplicity No UB RC11 [Lahav et al., 2017] Promising [Kang et al., 2017, Lee et al., 2020] Weakestmo [Chakraborty and Vafeiadis, 2019] Modular Relaxed Dep. [Paviotti et al., 2020] OCaml MM [Dolan et al., 2018] Thank you! http://podkopaev.net Programming languages’ MM to Hardware Comp. Opt. (No OOTA) Efg. Comp. DRF SC [Lamport, 1979] Java MM [Manson et al., 2005] C/C++ MM [Batty et al., 2011] 18

  36. Simplicity No UB RC11 [Lahav et al., 2017] Promising [Kang et al., 2017, Lee et al., 2020] Weakestmo [Chakraborty and Vafeiadis, 2019] Modular Relaxed Dep. [Paviotti et al., 2020] OCaml MM [Dolan et al., 2018] Thank you! http://podkopaev.net Programming languages’ MM to Hardware Comp. Opt. (No OOTA) Efg. Comp. DRF SC [Lamport, 1979] Java MM [Manson et al., 2005] C/C++ MM [Batty et al., 2011] 19

  37. Simplicity No UB RC11 [Lahav et al., 2017] Promising [Kang et al., 2017, Lee et al., 2020] Weakestmo [Chakraborty and Vafeiadis, 2019] Modular Relaxed Dep. [Paviotti et al., 2020] OCaml MM [Dolan et al., 2018] Thank you! http://podkopaev.net Programming languages’ MM to Hardware Comp. Opt. (No OOTA) Efg. Comp. DRF SC [Lamport, 1979] Java MM [Manson et al., 2005] C/C++ MM [Batty et al., 2011] 19

  38. C/C++ MM allows to get a = b = 1, OOTA a := [ x ]; b := [ y ]; if a then if b then [ y ] := 1 [ x ] := 1 20

  39. a 0 b 0 a 0 b 1 a 1 b 1 R y 0 R y 1 R y 1 R x 0 R x 0 R x 1 W y 1 W y 1 W y 1 W x 1 W x 1 Axioms: 1. po rf preserved is acyclic ( rf preserved rf ) 2. … rf po po po rf po po Executions in C/C++ MM a := [ x ]; b := [ y ]; [ y ] := 1 if b then [ x ] := 1 21

  40. a 0 b 0 a 0 b 1 a 1 b 1 R y 1 R y 1 R x 0 R x 1 W y 1 W y 1 W x 1 W x 1 Axioms: 1. po rf preserved is acyclic ( rf preserved rf ) 2. … po po rf po rf po po Executions in C/C++ MM a := [ x ]; b := [ y ]; [ y ] := 1 if b then [ x ] := 1 R y 0 R x 0 W y 1 21

  41. a 0 b 1 a 1 b 1 R y 1 R y 1 R x 0 R x 1 W y 1 W y 1 W x 1 W x 1 Axioms: 1. po rf preserved is acyclic ( rf preserved rf ) 2. … po rf po rf po po po Executions in C/C++ MM a := [ x ]; b := [ y ]; [ y ] := 1 if b then [ x ] := 1 // a = 0 ; b = 0 R y 0 R x 0 W y 1 21

  42. a 1 b 1 R y 1 R x 1 W y 1 W x 1 Axioms: 1. po rf preserved is acyclic ( rf preserved rf ) 2. … rf rf po po po po po Executions in C/C++ MM a := [ x ]; b := [ y ]; [ y ] := 1 if b then [ x ] := 1 // a = 0 ; b = 0 // a = 0 ; b = 1 R y 0 R y 1 R x 0 R x 0 W y 1 W y 1 W x 1 21

  43. Axioms: 1. po rf preserved is acyclic ( rf preserved rf ) 2. … po rf po po rf po po Executions in C/C++ MM a := [ x ]; b := [ y ]; [ y ] := 1 if b then [ x ] := 1 // a = 0 ; b = 0 // a = 0 ; b = 1 // a = 1 ; b = 1 R y 0 R y 1 R y 1 R x 0 R x 0 R x 1 W y 1 W y 1 W y 1 W x 1 W x 1 21

  44. po rf rf po po po po Executions in C/C++ MM a := [ x ]; b := [ y ]; [ y ] := 1 if b then [ x ] := 1 // a = 0 ; b = 0 // a = 0 ; b = 1 // a = 1 ; b = 1 R y 0 R y 1 R y 1 R x 0 R x 0 R x 1 W y 1 W y 1 W y 1 W x 1 W x 1 Axioms: 1. po ∪ rf preserved is acyclic ( rf preserved ⊆ rf ) 2. … 21

  45. fake ctrl a x b y R y 1 R x 1 if a then if b then y 1 x 1 W y 1 W x 1 y 1 ctrl else ctrl rf ctrl ctrl rf ctrl rf Out-Of-Thin-Air in C/C++ MM R y 1 R x 1 a := [ x ]; b := [ y ]; [ y ] := 1 if b then [ x ] := 1 W y 1 W x 1 R y 1 R x 1 a := [ x ]; b := [ y ]; if a then if b then [ y ] := 1 [ x ] := 1 W y 1 W x 1 22

  46. fake ctrl a x b y R y 1 R x 1 if a then if b then y 1 x 1 W y 1 W x 1 y 1 ctrl else ctrl rf ctrl ctrl rf ctrl rf Out-Of-Thin-Air in C/C++ MM R y 1 R x 1 a := [ x ]; b := [ y ]; [ y ] := 1 if b then [ x ] := 1 W y 1 W x 1 R y 1 R x 1 a := [ x ]; b := [ y ]; if a then if b then [ y ] := 1 [ x ] := 1 W y 1 W x 1 22

  47. fake ctrl R y 1 R x 1 W y 1 W x 1 ctrl ctrl ctrl else rf ctrl ctrl rf rf Out-Of-Thin-Air in C/C++ MM R y 1 R x 1 a := [ x ]; b := [ y ]; [ y ] := 1 if b then [ x ] := 1 W y 1 W x 1 R y 1 R x 1 a := [ x ]; b := [ y ]; if a then if b then [ y ] := 1 [ x ] := 1 W y 1 W x 1 a := [ x ]; b := [ y ]; if a then if b then [ y ] := 1 [ x ] := 1 [ y ] := 1 22

  48. fake ctrl ctrl rf ctrl ctrl else rf ctrl ctrl rf Out-Of-Thin-Air in C/C++ MM R y 1 R x 1 a := [ x ]; b := [ y ]; [ y ] := 1 if b then [ x ] := 1 W y 1 W x 1 R y 1 R x 1 a := [ x ]; b := [ y ]; if a then if b then [ y ] := 1 [ x ] := 1 W y 1 W x 1 a := [ x ]; b := [ y ]; R y 1 R x 1 if a then if b then [ y ] := 1 [ x ] := 1 W y 1 W x 1 [ y ] := 1 22

  49. ctrl rf ctrl ctrl else rf ctrl ctrl rf Out-Of-Thin-Air in C/C++ MM R y 1 R x 1 a := [ x ]; b := [ y ]; [ y ] := 1 if b then [ x ] := 1 W y 1 W x 1 R y 1 R x 1 a := [ x ]; b := [ y ]; if a then if b then [ y ] := 1 [ x ] := 1 W y 1 W x 1 a := [ x ]; b := [ y ]; R y 1 R x 1 if a then if b then fake ctrl [ y ] := 1 [ x ] := 1 W y 1 W x 1 [ y ] := 1 22

  50. Simplicity No UB RC11 [Lahav et al., 2017] Promising [Kang et al., 2017, Lee et al., 2020] Weakestmo [Chakraborty and Vafeiadis, 2019] Modular Relaxed Dep. [Paviotti et al., 2020] OCaml MM [Dolan et al., 2018] Thank you! http://podkopaev.net Programming languages’ MM to Hardware Comp. Opt. (No OOTA) Efg. Comp. DRF SC [Lamport, 1979] Java MM [Manson et al., 2005] C/C++ MM [Batty et al., 2011] 23

  51. Simplicity No UB Promising [Kang et al., 2017, Lee et al., 2020] Weakestmo [Chakraborty and Vafeiadis, 2019] Modular Relaxed Dep. [Paviotti et al., 2020] OCaml MM [Dolan et al., 2018] Thank you! http://podkopaev.net Programming languages’ MM to Hardware Comp. Opt. (No OOTA) Efg. Comp. DRF SC [Lamport, 1979] Java MM [Manson et al., 2005] C/C++ MM [Batty et al., 2011] RC11 [Lahav et al., 2017] Forbids all po ∪ rf cycles 24

  52. since hardware respects rf How? 1. Restrict compiler optimizations 2. Put a fence between R and W Cheaper for C/C++ than for Java! po po po rf po W rf po po R W R rf po rf po po rf rf rf rf rf po rf po po po po po Forbidding po ∪ rf cycles Enough to respect [ R ] ; po ; [ W ] 25

  53. since hardware respects rf How? 1. Restrict compiler optimizations 2. Put a fence between R and W Cheaper for C/C++ than for Java! rf rf R W R W po rf po po rf po po po rf po po po po po rf po rf po rf rf po Forbidding po ∪ rf cycles Enough to respect [ R ] ; po ; [ W ] ( po ∪ rf ) ∗ 25

  54. since hardware respects rf How? 1. Restrict compiler optimizations 2. Put a fence between R and W Cheaper for C/C++ than for Java! rf po rf po po R po W rf W R po po po po po po po rf rf rf rf po Forbidding po ∪ rf cycles Enough to respect [ R ] ; po ; [ W ] ( po ∪ rf ) ∗ rf \ po rf \ po 25

  55. since hardware respects rf How? 1. Restrict compiler optimizations 2. Put a fence between R and W Cheaper for C/C++ than for Java! po R W R W po po rf po po po rf po po rf po rf po po rf rf rf Forbidding po ∪ rf cycles Enough to respect [ R ] ; po ; [ W ] ( po ∪ rf \ po ) ∗ rf \ po rf \ po 25

  56. since hardware respects rf How? 1. Restrict compiler optimizations 2. Put a fence between R and W Cheaper for C/C++ than for Java! po R W R W po po rf po po po rf po po rf po rf po po rf rf rf Forbidding po ∪ rf cycles Enough to respect [ R ] ; po ; [ W ] ( po ∪ rf \ po ) ∗ rf \ po rf \ po 25

  57. How? 1. Restrict compiler optimizations 2. Put a fence between R and W Cheaper for C/C++ than for Java! po R W R W po po rf po po po rf po po rf po rf rf po rf rf Forbidding po ∪ rf cycles Enough to respect [ R ] ; po ; [ W ] since hardware respects rf \ po ( po ∪ rf \ po ) ∗ rf \ po rf \ po 25

  58. Cheaper for C/C++ than for Java! po R W R W po po rf po po po po rf po rf po rf po rf rf rf Forbidding po ∪ rf cycles Enough to respect [ R ] ; po ; [ W ] since hardware respects rf \ po ( po ∪ rf \ po ) ∗ rf \ po rf \ po How? 1. Restrict compiler optimizations 2. Put a fence between R and W 25

  59. po po R W R W po po rf po po po po rf rf rf rf rf po rf po Forbidding po ∪ rf cycles Enough to respect [ R ] ; po ; [ W ] since hardware respects rf \ po ( po ∪ rf \ po ) ∗ rf \ po rf \ po How? 1. Restrict compiler optimizations 2. Put a fence between R and W Cheaper for C/C++ than for Java! 25

  60. C/C++ has undefjned behavior 26

  61. subject to OOTA int data int data 0 0 atomic< int > f f 0 0 f acq 0 f rel 1 Java: Fine, but may print 0 C/C++: Undefjned Behavior! Race on normal location! Java MM C/C++ MM special locations data race on int weak guarantees undefjned behavior access to int relaxed ( rlx ) access to atomic<int> int while volatile int atomic<int> Undefjned Behavior and Memory Models [ data ] := 42 ; while ([ f ] == 0 ) {} ; [ f ] := 1 ; print ([ data ]); 27

  62. subject to OOTA int data 0 atomic< int > f 0 f acq 0 f rel 1 Java: Fine, but may print 0 C/C++: Undefjned Behavior! Race on normal location! Java MM C/C++ MM special locations data race on int weak guarantees undefjned behavior access to int relaxed ( rlx ) access to atomic<int> int while volatile int atomic<int> Undefjned Behavior and Memory Models int data = 0 ; f = 0 ; [ data ] := 42 ; while ([ f ] == 0 ) {} ; [ f ] := 1 ; print ([ data ]); 27

  63. subject to OOTA int data 0 atomic< int > f 0 f acq 0 f rel 1 Java MM C/C++ MM special locations data race on int weak guarantees undefjned behavior access to int relaxed ( rlx ) access to atomic<int> while volatile int int atomic<int> Undefjned Behavior and Memory Models int data = 0 ; f = 0 ; [ data ] := 42 ; while ([ f ] == 0 ) {} ; [ f ] := 1 ; print ([ data ]); Java: Fine, but may print 0 C/C++: Undefjned Behavior! Race on normal location! 27

  64. subject to OOTA int data 0 f 0 f acq 0 f rel 1 Java: Fine, but may print 0 C/C++: Undefjned Behavior! Race on normal location! Java MM C/C++ MM special locations data race on int weak guarantees undefjned behavior access to int relaxed ( rlx ) access to atomic<int> int while volatile int atomic<int> Undefjned Behavior and Memory Models int data = 0 ; atomic< int > f = 0 ; [ data ] := 42 ; while ([ f ] == 0 ) {} ; [ f ] := 1 ; print ([ data ]); 27

  65. subject to OOTA int data 0 f 0 f 0 f 1 Java: Fine, but may print 0 C/C++: Undefjned Behavior! Race on normal location! Java MM C/C++ MM special locations data race on int weak guarantees undefjned behavior access to int relaxed ( rlx ) access to atomic<int> int while atomic<int> volatile int Undefjned Behavior and Memory Models int data = 0 ; atomic< int > f = 0 ; while ([ f ] acq == 0 ) {} ; [ data ] := 42 ; [ f ] rel := 1 ; print ([ data ]); 27

  66. int data 0 f 0 f 0 f 1 Java: Fine, but may print 0 C/C++: Undefjned Behavior! Race on normal location! subject to OOTA int while atomic<int> volatile int Undefjned Behavior and Memory Models int data = 0 ; atomic< int > f = 0 ; while ([ f ] acq == 0 ) {} ; [ data ] := 42 ; [ f ] rel := 1 ; print ([ data ]); Java MM C/C++ MM special locations data race on int weak guarantees undefjned behavior access to int relaxed ( rlx ) access to atomic<int> 27

  67. int data 0 f 0 f 0 f 1 Java: Fine, but may print 0 C/C++: Undefjned Behavior! Race on normal location! while volatile int int atomic<int> Undefjned Behavior and Memory Models int data = 0 ; atomic< int > f = 0 ; while ([ f ] acq == 0 ) {} ; [ data ] := 42 ; [ f ] rel := 1 ; print ([ data ]); Java MM C/C++ MM special locations data race on int weak guarantees undefjned behavior subject to OOTA access to int relaxed ( rlx ) access to atomic<int> 27

  68. Simplicity No UB Promising [Kang et al., 2017, Lee et al., 2020] Weakestmo [Chakraborty and Vafeiadis, 2019] Modular Relaxed Dep. [Paviotti et al., 2020] OCaml MM [Dolan et al., 2018] Thank you! http://podkopaev.net Programming languages’ MM to Hardware Comp. Opt. (No OOTA) Efg. Comp. DRF SC [Lamport, 1979] Java MM [Manson et al., 2005] C/C++ MM [Batty et al., 2011] RC11 [Lahav et al., 2017] Forbids all po ∪ rf cycles 28

  69. Simplicity Promising [Kang et al., 2017, Lee et al., 2020] Weakestmo [Chakraborty and Vafeiadis, 2019] Modular Relaxed Dep. [Paviotti et al., 2020] OCaml MM [Dolan et al., 2018] Thank you! http://podkopaev.net Programming languages’ MM to Hardware Comp. Opt. (No OOTA) Efg. Comp. No UB DRF SC [Lamport, 1979] Java MM [Manson et al., 2005] C/C++ MM [Batty et al., 2011] RC11 [Lahav et al., 2017] Forbids all po ∪ rf cycles 28

  70. To forbid po ∪ rf cycles in C/C++ enough to respect [ R ] ; po ; [ W ] on atomics 29

  71. ARMv8: bogus conditional branch for relaxed atomic reads No changes for LLVM x86: no fences 1. Restrict compiler optimizations: 2. Put a fence between R and W Slowdown on ARMv8 is 0% on average and 6.3% max CDS from CDS C++, Folly, Junction, Rigtorp libs and 6 bechmarks from CDSSpec Preserving [ R ] ; po ; [ W ] for atomics in LLVM [Ou and Demsky, 2018] 30

  72. ARMv8: bogus conditional branch for relaxed atomic reads No changes for LLVM x86: no fences Slowdown on ARMv8 is 0% on average and 6.3% max CDS from CDS C++, Folly, Junction, Rigtorp libs and 6 bechmarks from CDSSpec Preserving [ R ] ; po ; [ W ] for atomics in LLVM [Ou and Demsky, 2018] 1. Restrict compiler optimizations: 2. Put a fence between R and W 30

  73. ARMv8: bogus conditional branch for relaxed atomic reads x86: no fences Slowdown on ARMv8 is 0% on average and 6.3% max CDS from CDS C++, Folly, Junction, Rigtorp libs and 6 bechmarks from CDSSpec Preserving [ R ] ; po ; [ W ] for atomics in LLVM [Ou and Demsky, 2018] 1. Restrict compiler optimizations: No changes for LLVM 2. Put a fence between R and W 30

  74. ARMv8: bogus conditional branch for relaxed atomic reads Slowdown on ARMv8 is 0% on average and 6.3% max CDS from CDS C++, Folly, Junction, Rigtorp libs and 6 bechmarks from CDSSpec Preserving [ R ] ; po ; [ W ] for atomics in LLVM [Ou and Demsky, 2018] 1. Restrict compiler optimizations: No changes for LLVM 2. Put a fence between R and W ▶ x86: no fences 30

  75. Slowdown on ARMv8 is 0% on average and 6.3% max CDS from CDS C++, Folly, Junction, Rigtorp libs and 6 bechmarks from CDSSpec Preserving [ R ] ; po ; [ W ] for atomics in LLVM [Ou and Demsky, 2018] 1. Restrict compiler optimizations: No changes for LLVM 2. Put a fence between R and W ▶ x86: no fences ▶ ARMv8: bogus conditional branch for relaxed atomic reads 30

  76. Preserving [ R ] ; po ; [ W ] for atomics in LLVM [Ou and Demsky, 2018] 1. Restrict compiler optimizations: No changes for LLVM 2. Put a fence between R and W ▶ x86: no fences ▶ ARMv8: bogus conditional branch for relaxed atomic reads Slowdown on ARMv8 is 0% on average and 6.3% max CDS from CDS C++, Folly, Junction, Rigtorp libs and 6 bechmarks from CDSSpec 30

Recommend

0 Correct Programming Compiler Compiler Hardware Language P Syntax PL compile P P PL HW

0 Correct Programming Compiler Compiler Hardware Language P Syntax PL compile P P PL HW

Bridging the Gap between Programming Languages and Hardware Weak Memory Models Anton Podkopaev Ori Lahav Viktor Vafeiadis 0 Correct Programming Compiler Compiler Hardware Language P Syntax PL compile P P PL HW PL HW is Memory Model

980 views • 74 slides
Simple Simple Pure Pure Java Java Anton Keks Anton Keks anton@codeborne.com

Simple Simple Pure Pure Java Java Anton Keks Anton Keks anton@codeborne.com

Simple Simple Pure Pure Java Java Anton Keks Anton Keks anton@codeborne.com anton@codeborne.com The Enterprise... The Enterprise... Enterprise Architecture 20 years ago a new field was born, addressing System complexity = more and more

223 views • 21 slides
Fuzzing the OpenBSD Kernel Part 1/N Anton Lindqvist &lt;anton@openbsd.org&gt; Introduction

Fuzzing the OpenBSD Kernel Part 1/N Anton Lindqvist &lt;anton@openbsd.org&gt; Introduction

Fuzzing the OpenBSD Kernel Part 1/N Anton Lindqvist &lt;anton@openbsd.org&gt; Introduction Fuzzing the OpenBSD kernel using the syzkaller kernel fuzzer. Heard about first on the BSD Now podcast back in April 2018. Ongoing effort, hence 1/N in

668 views • 15 slides
EloKIT Technology Anton Adamovitch (CEO of Conelum

EloKIT Technology Anton Adamovitch (CEO of Conelum

EloKIT Technology Anton Adamovitch (CEO of Conelum LLC) anton.adamovitch@conelum.com +371 28612101 Pr . blem faced Today, and for more than 30 years - for compulsory tests of food/drinks

263 views • 12 slides
The Story of Wines For Humanity In The Beginning There was a man named Anton Steinhart.

The Story of Wines For Humanity In The Beginning There was a man named Anton Steinhart.

The Story of Wines For Humanity In The Beginning There was a man named Anton Steinhart. Anton had a charitable heart and big dreams. As a teenager and through his adulthood he dreamed of giving back and even considered becoming a

154 views • 11 slides
Tutorial: Building a backend in 24 hours Anton Korobeynikov anton@korobeynikov.info Outline 1.

Tutorial: Building a backend in 24 hours Anton Korobeynikov anton@korobeynikov.info Outline 1.

Tutorial: Building a backend in 24 hours Anton Korobeynikov anton@korobeynikov.info Outline 1. From IR to assembler: codegen pipeline 2. MC 3. Parts of a backend 4. Example step-by-step The Pipeline IR Passes LLVM IR DAG DAG Lower

788 views • 68 slides
YES! YES! Anton Hagenbeek, M.D., Ph.D. Anton Hagenbeek, M.D., Ph.D. Academic Medical Center

YES! YES! Anton Hagenbeek, M.D., Ph.D. Anton Hagenbeek, M.D., Ph.D. Academic Medical Center

IS THERE A ROLE FOR RITUXIMAB IN IS THERE A ROLE FOR RITUXIMAB IN MAINTENANCE TREATMENT IN NON- MAINTENANCE TREATMENT IN NON- FOLLICULAR INDOLENT LYMPHOMAS? FOLLICULAR INDOLENT LYMPHOMAS? YES! YES! Anton Hagenbeek, M.D., Ph.D. Anton

556 views • 26 slides
Rethinking Electrons and the Electric Phenomenon. Anton Vrba Anton Vrba c Presentation to

Rethinking Electrons and the Electric Phenomenon. Anton Vrba Anton Vrba c Presentation to

Ein Gedankenexperiment 1 History 7 Proposition 17 Rethinking Electrons and the Electric Phenomenon. Anton Vrba Anton Vrba c Presentation to Vigier 10 July, 2016 Rethinking Electrons and the Electric Phenomenon. 0/30 Ein

337 views • 31 slides
Holonomy of supermanifolds Anton Galaev Masaryk University (Brno, Czech Republic) Anton Galaev

Holonomy of supermanifolds Anton Galaev Masaryk University (Brno, Czech Republic) Anton Galaev

Holonomy of supermanifolds Anton Galaev Masaryk University (Brno, Czech Republic) Anton Galaev Holonomy of supermanifolds The case of smooth manifolds Let E M be a vector bundle over a smooth manifold M , a connection on E . : [ a ,

716 views • 30 slides
Induction-Recursion 20 years later Anton Setzer Swansea University, Swansea UK Gothenburg,

Induction-Recursion 20 years later Anton Setzer Swansea University, Swansea UK Gothenburg,

Induction-Recursion 20 years later Anton Setzer Swansea University, Swansea UK Gothenburg, Sweden, 5 June 2013 Symposium on Semantics and Logics of Programs Dedicated to Peter Dybjer on Occasion of his 60th Birthday Anton Setzer

710 views • 53 slides
HAMMER TIME: STATIC BLOG IN RUBY by Anton Katunin @antulik Welcome, my name is Anton and today

HAMMER TIME: STATIC BLOG IN RUBY by Anton Katunin @antulik Welcome, my name is Anton and today

HAMMER TIME: STATIC BLOG IN RUBY by Anton Katunin @antulik Welcome, my name is Anton and today I will talk about static blogs in ruby THIS IS A LIGHTING TALK 5 min This is a lightning talk. All I have is 5 minutes ABOUT ME A bit out

586 views • 34 slides
Dialogs API Anton Epple Eppleton IT Consulting Anton Epple http://www.eppleton.de NetBeans

Dialogs API Anton Epple Eppleton IT Consulting Anton Epple http://www.eppleton.de NetBeans

NetBeans Rich Client Platform Nodes &amp; Explorer API Dialogs API Anton Epple Eppleton IT Consulting Anton Epple http://www.eppleton.de NetBeans Rich Client Platform Introduction The Dialogs API helps in creating dialogs &amp; wizards Is

668 views • 40 slides
Closing the Validation Gap or Verifying Railway Interlockings in Agda Anton Setzer Swansea

Closing the Validation Gap or Verifying Railway Interlockings in Agda Anton Setzer Swansea

Closing the Validation Gap or Verifying Railway Interlockings in Agda Anton Setzer Swansea University, Swansea UK Shonan Meeting Logical Analysis of Descriptions and their Representations Shonan Village Center, Japan 26 January 2015 Anton

599 views • 38 slides
Interfacing with the Numerical Homotopy Algorithms in PHCpack Anton Leykin and Jan Verschelde

Interfacing with the Numerical Homotopy Algorithms in PHCpack Anton Leykin and Jan Verschelde

PHCmaple PHCpack and C Interfacing with the Numerical Homotopy Algorithms in PHCpack Anton Leykin and Jan Verschelde Institute of Mathematics and its Applications, Minneapolis, USA ICMS 2006, Castro Urdiales Anton Leykin Interfacing with the

464 views • 9 slides
Security Vulnerabilities Decomposition Katy Anton OWASP Top 10 @KatyAnton When the report is

Security Vulnerabilities Decomposition Katy Anton OWASP Top 10 @KatyAnton When the report is

Security Vulnerabilities Decomposition Katy Anton OWASP Top 10 @KatyAnton When the report is published @KatyAnton Katy Anton Software development background Project co-leader for OWASP Top 10 Proactive Controls (@OWASPControls)

1.21k views • 45 slides
Genetic Approximations for the Failure-Free Security Games Anton Charnamord

Genetic Approximations for the Failure-Free Security Games Anton Charnamord

Genetic Approximations for the Failure-Free Security Games Anton Charnamord anton.charnamord@cyber.ee October 2nd, 2015 Genetic Approximations for the Failure-Free Security Games Aleksandr Lenin 1 , 2 , Jan Willemson 1 and Anton Charnamord 1 , 2

579 views • 46 slides
Intoduction to Supergeometry Anton Galaev Masaryk University (Brno, Czech Republic) Anton Galaev

Intoduction to Supergeometry Anton Galaev Masaryk University (Brno, Czech Republic) Anton Galaev

Linear superalgebra Superdomains Supermanifolds Supersymmetries Intoduction to Supergeometry Anton Galaev Masaryk University (Brno, Czech Republic) Anton Galaev Intoduction to Supergeometry Linear superalgebra Lie superalgebras Lie

1.39k views • 120 slides
Conceptual spaces for matching and representing preferences Anton Benz Alexandra Strekalova ZAS

Conceptual spaces for matching and representing preferences Anton Benz Alexandra Strekalova ZAS

Conceptual spaces for matching and representing preferences Anton Benz Alexandra Strekalova ZAS Berlin Tandem Workshop on Optimality in Language and Geometric Approaches to Cognition 13 December 2010 Anton Benz Alexandra Strekalova ZAS

281 views • 25 slides
GPU Computing: Development and Analysis Part 1 Anton Wijs Muhammad Osama Marieke Huisman

GPU Computing: Development and Analysis Part 1 Anton Wijs Muhammad Osama Marieke Huisman

GPU Computing: Development and Analysis Part 1 Anton Wijs Muhammad Osama Marieke Huisman Sebastiaan Joosten NLeSC GPU Course Rob van Nieuwpoort &amp; Ben van Werkhoven Who are we? Anton Wijs Assistant professor, Software

776 views • 60 slides
Advanced rheometric tools for polymer applications Gunther Arnold a , Sandra Lanteri b , Jrg

Advanced rheometric tools for polymer applications Gunther Arnold a , Sandra Lanteri b , Jrg

MIPOL2017 Milan February 2017 Advanced rheometric tools for polymer applications Gunther Arnold a , Sandra Lanteri b , Jrg Luger a a Anton Paar Germany b Anton Paar Italia www.anton-paar.com Cone Partitioned Plate Edge fracture

467 views • 18 slides
Coalgebraic Programming Using Copattern Matching Anton Setzer Swansea University, Swansea UK

Coalgebraic Programming Using Copattern Matching Anton Setzer Swansea University, Swansea UK

Coalgebraic Programming Using Copattern Matching Anton Setzer Swansea University, Swansea UK Gregynog, Wales, UK, 27 June 2013 Continuity, Computability, Constructivity From Logic to Algorithms (CCC 2013) Anton Setzer Coalgebraic

789 views • 41 slides
Fuzzy Logic for Robot Navigation Anton Volkov 05.11.2018

Fuzzy Logic for Robot Navigation Anton Volkov 05.11.2018

Fuzzy Logic for Robot Navigation Anton Volkov 05.11.2018 http://www.informatik.uni-hamburg.de/WTM/ Agenda Motivation Fuzzy logic introduction Fuzzy logic-based navigation Conclusion Discussion Anton Volkov Fuzzy Logic for

772 views • 23 slides
Simulating Codata Types using Coalgebras Anton Setzer Swansea University, Swansea UK Types 2018,

Simulating Codata Types using Coalgebras Anton Setzer Swansea University, Swansea UK Types 2018,

Simulating Codata Types using Coalgebras Anton Setzer Swansea University, Swansea UK Types 2018, Braga, Portugal 18 June 2018 Coalgebras in Type Theory Musical Notation In Agda Reduced to Coalgebras Suggested Extension Conclusion Anton

541 views • 25 slides
Injecting Security Controls into Software Applications Katy Anton Principal Application Security

Injecting Security Controls into Software Applications Katy Anton Principal Application Security

Injecting Security Controls into Software Applications Katy Anton Principal Application Security Consultant About me Katy Anton Software development background Project co-leader for OWASP Top 10 Proactive Controls (@OWASPControls)

599 views • 37 slides

More recommend