generative operational semantics for relaxed memory...
TRANSCRIPT
Generative Operational Semantics forRelaxed Memory Models
Radha Jagadeesan Corin Pitcher James Riely
School of ComputingDePaul University
ESOP 2010
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 1 / 32
An operational semantics for concurrency
Message passing concurrency well understoodoperational/denotational models, equivalence/order relations soundtype systems, proof systems, etc
Shared-memory concurrency well understood, assumingsequentially consistent execution, ordata race free programs
Relaxed models used in practiceCompiler flexibility (source, JIT, instruction decoder/scheduler)Efficiency, lock free algorithms
Relaxed models not well understoodGoal: novel type system for relaxed modelThis paper: operational semantics for soundness proof
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 2 / 32
An operational semantics for concurrency
Message passing concurrency well understoodoperational/denotational models, equivalence/order relations soundtype systems, proof systems, etc
Shared-memory concurrency well understood, assumingsequentially consistent execution, ordata race free programs
Relaxed models used in practiceCompiler flexibility (source, JIT, instruction decoder/scheduler)Efficiency, lock free algorithms
Relaxed models not well understoodGoal: novel type system for relaxed modelThis paper: operational semantics for soundness proof
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 2 / 32
An operational semantics for concurrency
Message passing concurrency well understoodoperational/denotational models, equivalence/order relations soundtype systems, proof systems, etc
Shared-memory concurrency well understood, assumingsequentially consistent execution, ordata race free programs
Relaxed models used in practiceCompiler flexibility (source, JIT, instruction decoder/scheduler)Efficiency, lock free algorithms
Relaxed models not well understoodGoal: novel type system for relaxed modelThis paper: operational semantics for soundness proof
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 2 / 32
An operational semantics for concurrency
Message passing concurrency well understoodoperational/denotational models, equivalence/order relations soundtype systems, proof systems, etc
Shared-memory concurrency well understood, assumingsequentially consistent execution, ordata race free programs
Relaxed models used in practiceCompiler flexibility (source, JIT, instruction decoder/scheduler)Efficiency, lock free algorithms
Relaxed models not well understoodGoal: novel type system for relaxed modelThis paper: operational semantics for soundness proof
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 2 / 32
An operational semantics for concurrency
Message passing concurrency well understoodoperational/denotational models, equivalence/order relations soundtype systems, proof systems, etc
Shared-memory concurrency well understood, assumingsequentially consistent execution, ordata race free programs
Relaxed models used in practiceCompiler flexibility (source, JIT, instruction decoder/scheduler)Efficiency, lock free algorithms
Relaxed models not well understoodGoal: novel type system for relaxed modelThis paper: operational semantics for soundness proof
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 2 / 32
Transformations that occur in relaxed models
Non-conflict reordering (conflict = same location + write)p.f=0p.g=1
p.g=1p.f=0
Redundant read eliminationx=p.fp.g=1y=p.freturn y
x=p.fp.g=1return x
Roach motelx=p.fk.acquire()
k.acquire()x=p.f
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 3 / 32
Transformations that occur in relaxed models
Non-conflict reordering (conflict = same location + write)p.f=0p.g=1
p.g=1p.f=0
Redundant read eliminationx=p.fp.g=1y=p.freturn y
x=p.fp.g=1return x
Roach motelx=p.fk.acquire()
k.acquire()x=p.f
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 3 / 32
Transformations that occur in relaxed models
Non-conflict reordering (conflict = same location + write)p.f=0p.g=1
p.g=1p.f=0
Redundant read eliminationx=p.fp.g=1y=p.freturn y
x=p.fp.g=1return x
Roach motelx=p.fk.acquire()
k.acquire()x=p.f
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 3 / 32
Concurrency and program transformation
Transformation correct: no new behaviorExpect p.h incremented at most once (Dijkstra, 1965)
write g, read fp.g = 1x = p.fif(x == 0)p.h ++
write f, read gp.f = 1y = p.gif(y == 0)p.h ++
Non-conflict reordering
p.f=0 p.g=0 p.h=0
x = p.fp.g = 1if(x == 0)p.h ++
p.f = 1y = p.gif(y == 0)p.h ++
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 4 / 32
Concurrency and program transformation
Transformation correct: no new behaviorExpect p.h incremented at most once (Dijkstra, 1965)
write f, read gx = p.fp.g = 1if(x == 0)p.h ++
write f, read gp.f = 1y = p.gif(y == 0)p.h ++
Non-conflict reordering
p.f=0 p.g=0 p.h=0
x = p.fp.g = 1if(x == 0)p.h ++
p.f = 1y = p.gif(y == 0)p.h ++
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 4 / 32
Concurrency and program transformation
Transformation correct: no new behaviorExpect p.h incremented at most once (Dijkstra, 1965)
write g, read fp.g = 1x = p.fif(x == 0)p.h ++
write f, read gp.f = 1y = p.gif(y == 0)p.h ++
Non-conflict reordering
p.f=0 p.g=0 p.h=0
x = p.fp.g = 1if(x == 0)p.h ++
p.f = 1y = p.gif(y == 0)p.h ++
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 4 / 32
Concurrency and program transformation
Transformation correct: no new behaviorExpect p.h incremented at most once (Dijkstra, 1965)
write g, read fp.g = 1x = p.fif(x == 0)p.h ++
write f, read gp.f = 1y = p.gif(y == 0)p.h ++
Non-conflict reordering
p.f=0 p.g=0 p.h=0
x = p.fp.g = 1if(x == 0)p.h ++
p.f = 1y = p.gif(y == 0)p.h ++
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 4 / 32
Concurrency and program transformation
Transformation correct: no new behaviorExpect p.h incremented at most once (Dijkstra, 1965)
write g, read fp.g = 1x = p.fif(x == 0)p.h ++
write f, read gp.f = 1y = p.gif(y == 0)p.h ++
Non-conflict reordering
p.f=0 p.g=0 p.h=0
0 = p.fp.g = 1if(0 == 0)p.h ++
p.f = 1y = p.gif(y == 0)p.h ++
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 4 / 32
Concurrency and program transformation
Transformation correct: no new behaviorExpect p.h incremented at most once (Dijkstra, 1965)
write g, read fp.g = 1x = p.fif(x == 0)p.h ++
write f, read gp.f = 1y = p.gif(y == 0)p.h ++
Non-conflict reordering
p.f=1 p.g=0 p.h=0
0 = p.fp.g = 1if(0 == 0)p.h ++
p.f = 1y = p.gif(y == 0)p.h ++
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 4 / 32
Concurrency and program transformation
Transformation correct: no new behaviorExpect p.h incremented at most once (Dijkstra, 1965)
write g, read fp.g = 1x = p.fif(x == 0)p.h ++
write f, read gp.f = 1y = p.gif(y == 0)p.h ++
Non-conflict reordering
p.f=1 p.g=0 p.h=0
0 = p.fp.g = 1if(0 == 0)p.h ++
p.f = 10 = p.gif(0 == 0)p.h ++
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 4 / 32
Concurrency and program transformation
Transformation correct: no new behaviorExpect p.h incremented at most once (Dijkstra, 1965)
write g, read fp.g = 1x = p.fif(x == 0)p.h ++
write f, read gp.f = 1y = p.gif(y == 0)p.h ++
Non-conflict reordering
p.f=1 p.g=0 p.h=1
0 = p.fp.g = 1if(0 == 0)p.h ++
p.f = 10 = p.gif(0 == 0)p.h ++
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 4 / 32
Concurrency and program transformation
Transformation correct: no new behaviorExpect p.h incremented at most once (Dijkstra, 1965)
write g, read fp.g = 1x = p.fif(x == 0)p.h ++
write f, read gp.f = 1y = p.gif(y == 0)p.h ++
Non-conflict reordering
p.f=1 p.g=1 p.h=1
0 = p.fp.g = 1if(0 == 0)p.h ++
p.f = 10 = p.gif(0 == 0)p.h ++
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 4 / 32
Concurrency and program transformation
Transformation correct: no new behaviorExpect p.h incremented at most once (Dijkstra, 1965)
write g, read fp.g = 1x = p.fif(x == 0)p.h ++
write f, read gp.f = 1y = p.gif(y == 0)p.h ++
Non-conflict reordering
p.f=1 p.g=1 p.h=2
0 = p.fp.g = 1if(0 == 0)p.h ++
p.f = 10 = p.gif(0 == 0)p.h ++
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 4 / 32
1 BackgroundSequential ConsistencyData Race Free ModelJava Memory Model
2 Speculative semanticsEmpirical and speculative actionsDesirable executions allowedUndesirable executions prevented
3 Summary of resultsRelation to Java Memory ModelSimulation precongruence
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 5 / 32
Sequential Consistency (SC)Ops appear to execute in some sequential orderOps of individual threads appear in program order(Lamport 1977)
Program: write f twicep.f = 0p.f = 1return
read f twicex = p.fy = p.freturn(x,y)
Memory:
p.f=0
Threads: p.f = 0p.f = 1return
x = p.fy = p.freturn(x,y)
return (1,1) possiblereturn (0,1) possiblereturn (0,0) possiblereturn (1,0) impossible
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 6 / 32
Sequential Consistency (SC)Ops appear to execute in some sequential orderOps of individual threads appear in program order(Lamport 1977)
Program: write f twicep.f = 0p.f = 1return
read f twicex = p.fy = p.freturn(x,y)
Memory:
p.f=0
Threads: p.f = 0p.f = 1return
x = p.fy = p.freturn(x,y)
return (1,1) possiblereturn (0,1) possiblereturn (0,0) possiblereturn (1,0) impossible
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 6 / 32
Sequential Consistency (SC)Ops appear to execute in some sequential orderOps of individual threads appear in program order(Lamport 1977)
Program: write f twicep.f = 0p.f = 1return
read f twicex = p.fy = p.freturn(x,y)
Memory: p.f=0
Threads: p.f = 0p.f = 1return
x = p.fy = p.freturn(x,y)
return (1,1) possiblereturn (0,1) possiblereturn (0,0) possiblereturn (1,0) impossible
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 6 / 32
Sequential Consistency (SC)Ops appear to execute in some sequential orderOps of individual threads appear in program order(Lamport 1977)
Program: write f twicep.f = 0p.f = 1return
read f twicex = p.fy = p.freturn(x,y)
Memory: p.f=0
Threads: p.f = 0p.f = 1return
x = p.fy = p.freturn(x,y)
return (1,1) possiblereturn (0,1) possiblereturn (0,0) possiblereturn (1,0) impossible
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 6 / 32
Sequential Consistency (SC)Ops appear to execute in some sequential orderOps of individual threads appear in program order(Lamport 1977)
Program: write f twicep.f = 0p.f = 1return
read f twicex = p.fy = p.freturn(x,y)
Memory: p.f=1
Threads: p.f = 0p.f = 1return
x = p.fy = p.freturn(x,y)
return (1,1) possiblereturn (0,1) possiblereturn (0,0) possiblereturn (1,0) impossible
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 6 / 32
Sequential Consistency (SC)Ops appear to execute in some sequential orderOps of individual threads appear in program order(Lamport 1977)
Program: write f twicep.f = 0p.f = 1return
read f twicex = p.fy = p.freturn(x,y)
Memory: p.f=1
Threads: p.f = 0p.f = 1return
1 = p.fy = p.freturn(1,y)
return (1,1) possiblereturn (0,1) possiblereturn (0,0) possiblereturn (1,0) impossible
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 6 / 32
Sequential Consistency (SC)Ops appear to execute in some sequential orderOps of individual threads appear in program order(Lamport 1977)
Program: write f twicep.f = 0p.f = 1return
read f twicex = p.fy = p.freturn(x,y)
Memory: p.f=1
Threads: p.f = 0p.f = 1return
1 = p.f1 = p.freturn(1,1)
return (1,1) possiblereturn (0,1) possiblereturn (0,0) possiblereturn (1,0) impossible
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 6 / 32
Sequential Consistency (SC)Ops appear to execute in some sequential orderOps of individual threads appear in program order(Lamport 1977)
Program: write f twicep.f = 0p.f = 1return
read f twicex = p.fy = p.freturn(x,y)
Memory: p.f=0
Threads: p.f = 0p.f = 1return
x = p.fy = p.freturn(x,y)
return (1,1) possiblereturn (0,1) possiblereturn (0,0) possiblereturn (1,0) impossible
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 6 / 32
Sequential Consistency (SC)Ops appear to execute in some sequential orderOps of individual threads appear in program order(Lamport 1977)
Program: write f twicep.f = 0p.f = 1return
read f twicex = p.fy = p.freturn(x,y)
Memory: p.f=0
Threads: p.f = 0p.f = 1return
x = p.fy = p.freturn(x,y)
return (1,1) possiblereturn (0,1) possiblereturn (0,0) possiblereturn (1,0) impossible
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 6 / 32
Sequential Consistency (SC)Ops appear to execute in some sequential orderOps of individual threads appear in program order(Lamport 1977)
Program: write f twicep.f = 0p.f = 1return
read f twicex = p.fy = p.freturn(x,y)
Memory: p.f=0
Threads: p.f = 0p.f = 1return
x = p.fy = p.freturn(x,y)
return (1,1) possiblereturn (0,1) possiblereturn (0,0) possiblereturn (1,0) impossible
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 6 / 32
Sequential Consistency (SC)Ops appear to execute in some sequential orderOps of individual threads appear in program order(Lamport 1977)
Program: write f twicep.f = 0p.f = 1return
read f twicex = p.fy = p.freturn(x,y)
Memory: p.f=1
Threads: p.f = 0p.f = 1return
0 = p.fy = p.freturn(0,y)
return (1,1) possiblereturn (0,1) possiblereturn (0,0) possiblereturn (1,0) impossible
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 6 / 32
Sequential Consistency (SC)Ops appear to execute in some sequential orderOps of individual threads appear in program order(Lamport 1977)
Program: write f twicep.f = 0p.f = 1return
read f twicex = p.fy = p.freturn(x,y)
Memory: p.f=1
Threads: p.f = 0p.f = 1return
0 = p.fy = p.freturn(0,y)
return (1,1) possiblereturn (0,1) possiblereturn (0,0) possiblereturn (1,0) impossible
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 6 / 32
Sequential Consistency (SC)Ops appear to execute in some sequential orderOps of individual threads appear in program order(Lamport 1977)
Program: write f twicep.f = 0p.f = 1return
read f twicex = p.fy = p.freturn(x,y)
Memory: p.f=1
Threads: p.f = 0p.f = 1return
0 = p.f1 = p.freturn(0,1)
return (1,1) possiblereturn (0,1) possiblereturn (0,0) possiblereturn (1,0) impossible
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 6 / 32
Sequential Consistency (SC)Ops appear to execute in some sequential orderOps of individual threads appear in program order(Lamport 1977)
Program: write f twicep.f = 0p.f = 1return
read f twicex = p.fy = p.freturn(x,y)
Memory: p.f=1
Threads: p.f = 0p.f = 1return
0 = p.f1 = p.freturn(0,1)
return (1,1) possiblereturn (0,1) possiblereturn (0,0) possiblereturn (1,0) impossible
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 6 / 32
Sequential Consistency (SC)Ops appear to execute in some sequential orderOps of individual threads appear in program order(Lamport 1977)
Program: write f twicep.f = 0p.f = 1return
read f twicex = p.fy = p.freturn(x,y)
Memory: p.f=1
Threads: p.f = 0p.f = 1return
0 = p.f1 = p.freturn(0,1)
return (1,1) possiblereturn (0,1) possiblereturn (0,0) possiblereturn (1,0) impossible
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 6 / 32
Caching model
Indirection between action and memory
Program: write f twicep.f = 0p.f = 1return
read f twicex = p.fy = p.freturn(x,y)
Memory: p.f=0
Pending actions:
p.f=0 p.f=1
Threads: p.f = 0p.f = 1return
x = p.fy = p.freturn(x,y)
return (1,0) possibleThe execution has a data race: conflicting ops not totally ordered
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 7 / 32
Caching model
Indirection between action and memory
Program: write f twicep.f = 0p.f = 1return
read f twicex = p.fy = p.freturn(x,y)
Memory: p.f=0
Pending actions: p.f=0
p.f=1
Threads: p.f = 0p.f = 1return
x = p.fy = p.freturn(x,y)
return (1,0) possibleThe execution has a data race: conflicting ops not totally ordered
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 7 / 32
Caching model
Indirection between action and memory
Program: write f twicep.f = 0p.f = 1return
read f twicex = p.fy = p.freturn(x,y)
Memory: p.f=0
Pending actions: p.f=0 p.f=1
Threads: p.f = 0p.f = 1return
x = p.fy = p.freturn(x,y)
return (1,0) possibleThe execution has a data race: conflicting ops not totally ordered
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 7 / 32
Caching model
Indirection between action and memory
Program: write f twicep.f = 0p.f = 1return
read f twicex = p.fy = p.freturn(x,y)
Memory: p.f=1
Pending actions: p.f=0
Threads: p.f = 0p.f = 1return
x = p.fy = p.freturn(x,y)
return (1,0) possibleThe execution has a data race: conflicting ops not totally ordered
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 7 / 32
Caching model
Indirection between action and memory
Program: write f twicep.f = 0p.f = 1return
read f twicex = p.fy = p.freturn(x,y)
Memory: p.f=1
Pending actions: p.f=0
Threads: p.f = 0p.f = 1return
1 = p.fy = p.freturn(1,y)
return (1,0) possibleThe execution has a data race: conflicting ops not totally ordered
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 7 / 32
Caching model
Indirection between action and memory
Program: write f twicep.f = 0p.f = 1return
read f twicex = p.fy = p.freturn(x,y)
Memory: p.f=0
Pending actions:
Threads: p.f = 0p.f = 1return
1 = p.fy = p.freturn(1,y)
return (1,0) possibleThe execution has a data race: conflicting ops not totally ordered
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 7 / 32
Caching model
Indirection between action and memory
Program: write f twicep.f = 0p.f = 1return
read f twicex = p.fy = p.freturn(x,y)
Memory: p.f=0
Pending actions:
Threads: p.f = 0p.f = 1return
1 = p.f0 = p.freturn(1,0)
return (1,0) possibleThe execution has a data race: conflicting ops not totally ordered
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 7 / 32
Data-Race Free (DRF) Semantics
DRF programs: SC executionPrograms with races: no commentOk for C++ (Boehm and Adve, 2008)
no benign racesno safety guarantees
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 8 / 32
Java
Defines semantics for programs with races (type safety)Defined (Gosling, Joy, Steele, 1996)Caching semantics with “prescient reads”Criticized (Pugh 1999)
invalidates redundant read eliminationx=p.f
y=q.f
z=p.f
x=p.f
y=q.fz=x
invalidates non-conflict reordering!x=p.g
y=p.f
z=q.f
p.x=1
y=p.fx=p.g
z=q.f
p.x=1
Replaced by JMM (JSR 133, 2004)Semantics based on series of executions,each “committing” a data race
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 9 / 32
Java
Defines semantics for programs with races (type safety)Defined (Gosling, Joy, Steele, 1996)Caching semantics with “prescient reads”Criticized (Pugh 1999)
invalidates redundant read eliminationx=p.f
y=q.f
z=p.f
x=p.f
y=q.fz=x
invalidates non-conflict reordering!x=p.g
y=p.f
z=q.f
p.x=1
y=p.fx=p.g
z=q.f
p.x=1
Replaced by JMM (JSR 133, 2004)Semantics based on series of executions,each “committing” a data race
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 9 / 32
Java
Defines semantics for programs with races (type safety)Defined (Gosling, Joy, Steele, 1996)Caching semantics with “prescient reads”Criticized (Pugh 1999)
invalidates redundant read eliminationx=p.f
y=q.f
z=p.f
x=p.f
y=q.fz=x
invalidates non-conflict reordering!x=p.g
y=p.f
z=q.f
p.x=1
y=p.fx=p.g
z=q.f
p.x=1
Replaced by JMM (JSR 133, 2004)Semantics based on series of executions,each “committing” a data race
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 9 / 32
Java
Defines semantics for programs with races (type safety)Defined (Gosling, Joy, Steele, 1996)Caching semantics with “prescient reads”Criticized (Pugh 1999)
invalidates redundant read eliminationx=p.f
y=q.f
z=p.f
x=p.f
y=q.fz=x
invalidates non-conflict reordering!x=p.g
y=p.f
z=q.f
p.x=1
y=p.fx=p.g
z=q.f
p.x=1
Replaced by JMM (JSR 133, 2004)Semantics based on series of executions,each “committing” a data race
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 9 / 32
Prescient read: seeing the future
Caching not enoughProgram A:
copy f to gx = p.fp.g = xreturn x
read g, write fy = p.gp.f = 1return y
In SC semantics, return 1 impossibleCan result from non-conflict reordering
Memory: p.f=0 p.g=0
Threads: x = p.fp.g = xreturn x
p.f = 1y = p.greturn y
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 10 / 32
Prescient read: seeing the future
Caching not enoughProgram A:
copy f to gx = p.fp.g = xreturn x
read g, write fy = p.gp.f = 1return y
In SC semantics, return 1 impossibleCan result from non-conflict reordering
Memory: p.f=0 p.g=0
Threads: x = p.fp.g = xreturn x
p.f = 1y = p.greturn y
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 10 / 32
Prescient read: seeing the future
Caching not enoughProgram A:
copy f to gx = p.fp.g = xreturn x
write f, read gp.f = 1y = p.greturn y
In SC semantics, return 1 impossibleCan result from non-conflict reordering
Memory: p.f=0 p.g=0
Threads: x = p.fp.g = xreturn x
p.f = 1y = p.greturn y
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 10 / 32
Prescient read: seeing the future
Caching not enoughProgram A:
copy f to gx = p.fp.g = xreturn x
read g, write fy = p.gp.f = 1return y
In SC semantics, return 1 impossibleCan result from non-conflict reordering
Memory: p.f=0 p.g=0
Threads: x = p.fp.g = xreturn x
p.f = 1y = p.greturn y
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 10 / 32
Prescient read: seeing the future
Caching not enoughProgram A:
copy f to gx = p.fp.g = xreturn x
read g, write fy = p.gp.f = 1return y
In SC semantics, return 1 impossibleCan result from non-conflict reordering
Memory: p.f=1 p.g=0
Threads: x = p.fp.g = xreturn x
p.f = 1y = p.greturn y
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 10 / 32
Prescient read: seeing the future
Caching not enoughProgram A:
copy f to gx = p.fp.g = xreturn x
read g, write fy = p.gp.f = 1return y
In SC semantics, return 1 impossibleCan result from non-conflict reordering
Memory: p.f=1 p.g=0
Threads: 1 = p.fp.g = 1return 1
p.f = 1y = p.greturn y
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 10 / 32
Prescient read: seeing the future
Caching not enoughProgram A:
copy f to gx = p.fp.g = xreturn x
read g, write fy = p.gp.f = 1return y
In SC semantics, return 1 impossibleCan result from non-conflict reordering
Memory: p.f=1 p.g=1
Threads: 1 = p.fp.g = 1return 1
p.f = 11 = p.greturn 1
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 10 / 32
Thin-air read: making things up
Need to be carefulProgram B:
copy f to gx = p.fp.g = xreturn x
copy g to fy = p.gp.f = yreturn y
return 1 undesirable — out of “thin air”
Memory:
p.f=0 p.g=0
Threads: x = p.fp.g = xreturn x
y = p.gp.f = yreturn y
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 11 / 32
Thin-air read: making things up
Need to be carefulProgram B:
copy f to gx = p.fp.g = xreturn x
copy g to fy = p.gp.f = yreturn y
return 1 undesirable — out of “thin air”
Memory: p.f=0 p.g=0
Threads: x = p.fp.g = xreturn x
y = p.gp.f = yreturn y
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 11 / 32
Thin-air read: making things up
Need to be carefulProgram B:
copy f to gx = p.fp.g = xreturn x
copy g to fy = p.gp.f = yreturn y
return 1 undesirable — out of “thin air”
Memory: p.f=0 p.g=0
Threads: x = p.fp.g = xreturn x
0 = p.gp.f = 0return 0
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 11 / 32
Thin-air read: making things up
Need to be carefulProgram B:
copy f to gx = p.fp.g = xreturn x
copy g to fy = p.gp.f = yreturn y
return 1 undesirable — out of “thin air”
Memory: p.f=0 p.g=0
Threads: x = p.fp.g = xreturn x
0 = p.gp.f = 0return 0
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 11 / 32
Thin-air read: making things up
Need to be carefulProgram B:
copy f to gx = p.fp.g = xreturn x
copy g to fy = p.gp.f = yreturn y
return 1 undesirable — out of “thin air”
Memory: p.f=0 p.g=0
Threads: 0 = p.fp.g = 0return 0
0 = p.gp.f = 0return 0
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 11 / 32
Thin-air read: making things up
Need to be carefulProgram B:
copy f to gx = p.fp.g = xreturn x
copy g to fy = p.gp.f = yreturn y
return 1 undesirable — out of “thin air”
Memory: p.f=0 p.g=0
Threads: 0 = p.fp.g = 0return 0
0 = p.gp.f = 0return 0
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 11 / 32
Java Memory Model (JMM)
Program A:
copy f to gx = p.fp.g = xreturn x
read g, write fy = p.gp.f = 1return y
JMM allows both threads to return 1Critism of JMM:
Language acceptor, not generatorDifficult to understand (still)Invalidates useful optimizations (still)
Redundant read eliminationRoach motel
Execution 1:
W (p.f=0)W (p.g=0)
R(0=p.f)
W (p.g=0)
R(0=p.g)
W (p.f=1)
Execution 2:
W (p.f=0)W (p.g=0)
R(1=p.f)
W (p.g=1)
R(0=p.g)
W (p.f=1)
Execution 3:
W (p.f=0)W (p.g=0)
R(1=p.f)
W (p.g=1)
R(1=p.g)
W (p.f=1)
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 12 / 32
Java Memory Model (JMM)
Program A:
copy f to gx = p.fp.g = xreturn x
read g, write fy = p.gp.f = 1return y
JMM allows both threads to return 1Critism of JMM:
Language acceptor, not generatorDifficult to understand (still)Invalidates useful optimizations (still)
Redundant read eliminationRoach motel
Execution 1:
W (p.f=0)W (p.g=0)
R(0=p.f)
W (p.g=0)
R(0=p.g)
W (p.f=1)
Execution 2:
W (p.f=0)W (p.g=0)
R(1=p.f)
W (p.g=1)
R(0=p.g)
W (p.f=1)
Execution 3:
W (p.f=0)W (p.g=0)
R(1=p.f)
W (p.g=1)
R(1=p.g)
W (p.f=1)
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 12 / 32
Java Memory Model (JMM)
Program A:
copy f to gx = p.fp.g = xreturn x
read g, write fy = p.gp.f = 1return y
JMM allows both threads to return 1Critism of JMM:
Language acceptor, not generatorDifficult to understand (still)Invalidates useful optimizations (still)
Redundant read eliminationRoach motel
Execution 1:
W (p.f=0)W (p.g=0)
R(0=p.f)
W (p.g=0)
R(0=p.g)
W (p.f=1)
Execution 2:
W (p.f=0)W (p.g=0)
R(1=p.f)
W (p.g=1)
R(0=p.g)
W (p.f=1)
Execution 3:
W (p.f=0)W (p.g=0)
R(1=p.f)
W (p.g=1)
R(1=p.g)
W (p.f=1)
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 12 / 32
Our goals
New formalization of JMMGenerative modelStandard guarantees
DRF — DRF programs have SC executionsno TAR — no “Thin Air Reads”
Strictly more expressive than JMMEvery outcome allowed by JMM allowed by our semanticsOnly for lockless programs
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 13 / 32
Our goals
New formalization of JMMGenerative modelStandard guarantees
DRF — DRF programs have SC executionsno TAR — no “Thin Air Reads”
Strictly more expressive than JMMEvery outcome allowed by JMM allowed by our semanticsOnly for lockless programs
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 13 / 32
Our goals
New formalization of JMMGenerative modelStandard guarantees
DRF — DRF programs have SC executionsno TAR — no “Thin Air Reads”
Strictly more expressive than JMMEvery outcome allowed by JMM allowed by our semanticsOnly for lockless programs
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 13 / 32
Related Work
The Java Memory ModelManson (PhD Thesis 2004)Also Manson, Pugh, Adve, (POPL 2005)Foundations of the C++ Concurrency Memory ModelBoehm and Adve (PLDI 2008)Program Transformations in Weak Memory ModelsSevcík (PhD Thesis, 2008)Also Sevcík and Aspinall (ECOOP 2008)The semantics of x86-CC multiprocessor machine codeSarkar, Sewell, Nardelli, Owens, Ridge, Braibant, Myreen,Alglave (POPL 2009)Relaxed memory models: an operational approachBoudol and Petri (POPL 2009)Also Boudol and Petri (ESOP 2010)
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 14 / 32
1 BackgroundSequential ConsistencyData Race Free ModelJava Memory Model
2 Speculative semanticsEmpirical and speculative actionsDesirable executions allowedUndesirable executions prevented
3 Summary of resultsRelation to Java Memory ModelSimulation precongruence
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 15 / 32
Memory as action sequence
No conventional memoryWrite action: !p.f=1Aquire action: ykRelease action: kxRead value determined by context (Boudol and Petri, 2009)Context is a sequence of actions
yk !p.f=1 !p.g=1 kx
!p.f=2 yk !p.g=2 [ ]
Visibility standard from JMM p.f visible at 1 and 2p.g visible at 2 only, due to k
Threads may reorder non-conflict actions privately (see paper)
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 16 / 32
Memory as action sequence
No conventional memoryWrite action: !p.f=1Aquire action: ykRelease action: kxRead value determined by context (Boudol and Petri, 2009)Context is a sequence of actions
yk !p.f=1 !p.g=1 kx
!p.f=2 yk !p.g=2 [ ]
Visibility standard from JMM p.f visible at 1 and 2p.g visible at 2 only, due to k
Threads may reorder non-conflict actions privately (see paper)
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 16 / 32
Memory as action sequence
No conventional memoryWrite action: !p.f=1Aquire action: ykRelease action: kxRead value determined by context (Boudol and Petri, 2009)Context is a sequence of actions
yk !p.f=1 !p.g=1 kx
!p.f=2 yk !p.g=2 [ ]
Visibility standard from JMM p.f visible at 1 and 2p.g visible at 2 only, due to k
Threads may reorder non-conflict actions privately (see paper)
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 16 / 32
Memory as action sequence
No conventional memoryWrite action: !p.f=1Aquire action: ykRelease action: kxRead value determined by context (Boudol and Petri, 2009)Context is a sequence of actions
yk !p.f=1 !p.g=1 kx
!p.f=2 yk !p.g=2 [ ]
Visibility standard from JMM p.f visible at 1 and 2p.g visible at 2 only, due to k
Threads may reorder non-conflict actions privately (see paper)
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 16 / 32
Speculative action
Speculation ?p.f=1 causes branchingWorlds execute independently: initial and final
Speculation visible in final branch, not initialInitial branch must produce justifying empirical write !p.f=1
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 17 / 32
Initiality not too restrictive: Program A
Initial branch must justify speculationAfterwards, only final copy remains
copy f to gx = p.fp.g = xreturn x
read g, write fy = p.fp.g = 1return y
!p.g=0 !p.f=1
x = p.fp.g = xreturn x
y = p.gp.f = 1return y
initial
?p.f=1
!p.g=1 !p.f=1
x = p.fp.g = xreturn x
y = p.gp.f = 1return y
final
?p.f=1
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 18 / 32
Initiality not too restrictive: Program A
Initial branch must justify speculationAfterwards, only final copy remains
copy f to gx = p.fp.g = xreturn x
read g, write fy = p.fp.g = 1return y
!p.g=0 !p.f=1
x = p.fp.g = xreturn x
y = p.gp.f = 1return y
initial
?p.f=1
!p.g=1 !p.f=1
x = p.fp.g = xreturn x
y = p.gp.f = 1return y
final
?p.f=1
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 18 / 32
Initiality not too restrictive: Program A
Initial branch must justify speculationAfterwards, only final copy remains
copy f to gx = p.fp.g = xreturn x
read g, write fy = p.fp.g = 1return y
!p.g=0 !p.f=1
0 = p.fp.g = 0return 0
y = p.gp.f = 1return y
initial
?p.f=1
!p.g=1 !p.f=1
1 = p.fp.g = 1return 1
y = p.gp.f = 1return y
final
?p.f=1
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 18 / 32
Initiality not too restrictive: Program A
Initial branch must justify speculationAfterwards, only final copy remains
copy f to gx = p.fp.g = xreturn x
read g, write fy = p.fp.g = 1return y
!p.g=0
!p.f=1
0 = p.fp.g = 0return 0
y = p.gp.f = 1return y
initial
?p.f=1
!p.g=1
!p.f=1
1 = p.fp.g = 1return 1
y = p.gp.f = 1return y
final
?p.f=1
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 18 / 32
Initiality not too restrictive: Program A
Initial branch must justify speculationAfterwards, only final copy remains
copy f to gx = p.fp.g = xreturn x
read g, write fy = p.fp.g = 1return y
!p.g=0
!p.f=1
0 = p.fp.g = 0return 0
0 = p.gp.f = 1return 0
initial
?p.f=1
!p.g=1
!p.f=1
1 = p.fp.g = 1return 1
1 = p.gp.f = 1return 1
final
?p.f=1
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 18 / 32
Initiality not too restrictive: Program A
Initial branch must justify speculationAfterwards, only final copy remains
copy f to gx = p.fp.g = xreturn x
read g, write fy = p.fp.g = 1return y
!p.g=0 !p.f=1
0 = p.fp.g = 0return 0
0 = p.gp.f = 1return 0
initial
?p.f=1
!p.g=1 !p.f=1
1 = p.fp.g = 1return 1
1 = p.gp.f = 1return 1
final
?p.f=1
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 18 / 32
Initiality not too restrictive: Program A
Initial branch must justify speculationAfterwards, only final copy remains
copy f to gx = p.fp.g = xreturn x
read g, write fy = p.fp.g = 1return y
!p.g=0 !p.f=1
0 = p.fp.g = 0return 0
0 = p.gp.f = 1return 0
initial
?p.f=1
!p.g=1 !p.f=1
1 = p.fp.g = 1return 1
1 = p.gp.f = 1return 1
final
?p.f=1
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 18 / 32
Initiality not too restrictive: Program A
Initial branch must justify speculationAfterwards, only final copy remains
copy f to gx = p.fp.g = xreturn x
read g, write fy = p.fp.g = 1return y
!p.g=0 !p.f=1
0 = p.fp.g = 0return 0
0 = p.gp.f = 1return 0
initial
?p.f=1
!p.g=1 !p.f=1
1 = p.fp.g = 1return 1
1 = p.gp.f = 1return 1
final
?p.f=1
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 18 / 32
Initiality necessary: Program B
Initial branch must justify speculationOtherwise, execution is stuck
copy f to gx = p.fp.g = xreturn x
copy g to fy = p.gp.f = yreturn y
!p.g=0 !p.f=0
x = p.fp.g = xreturn x
y = p.gp.f = yreturn y
initial
?p.f=1
!p.g=1 !p.f=1
x = p.fp.g = xreturn x
y = p.gp.f = yreturn y
final
?p.f=1
STUCK!
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 19 / 32
Initiality necessary: Program B
Initial branch must justify speculationOtherwise, execution is stuck
copy f to gx = p.fp.g = xreturn x
copy g to fy = p.gp.f = yreturn y
!p.g=0 !p.f=0
x = p.fp.g = xreturn x
y = p.gp.f = yreturn y
initial
?p.f=1
!p.g=1 !p.f=1
x = p.fp.g = xreturn x
y = p.gp.f = yreturn y
final
?p.f=1
STUCK!
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 19 / 32
Initiality necessary: Program B
Initial branch must justify speculationOtherwise, execution is stuck
copy f to gx = p.fp.g = xreturn x
copy g to fy = p.gp.f = yreturn y
!p.g=0 !p.f=0
0 = p.fp.g = 0return 0
y = p.gp.f = yreturn y
initial
?p.f=1
!p.g=1 !p.f=1
1 = p.fp.g = 1return 1
y = p.gp.f = yreturn y
final
?p.f=1
STUCK!
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 19 / 32
Initiality necessary: Program B
Initial branch must justify speculationOtherwise, execution is stuck
copy f to gx = p.fp.g = xreturn x
copy g to fy = p.gp.f = yreturn y
!p.g=0
!p.f=0
0 = p.fp.g = 0return 0
y = p.gp.f = yreturn y
initial
?p.f=1
!p.g=1
!p.f=1
1 = p.fp.g = 1return 1
y = p.gp.f = yreturn y
final
?p.f=1
STUCK!
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 19 / 32
Initiality necessary: Program B
Initial branch must justify speculationOtherwise, execution is stuck
copy f to gx = p.fp.g = xreturn x
copy g to fy = p.gp.f = yreturn y
!p.g=0
!p.f=0
0 = p.fp.g = 0return 0
0 = p.gp.f = 0return 0
initial
?p.f=1
!p.g=1
!p.f=1
1 = p.fp.g = 1return 1
1 = p.gp.f = 1return 1
final
?p.f=1
STUCK!
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 19 / 32
Initiality necessary: Program B
Initial branch must justify speculationOtherwise, execution is stuck
copy f to gx = p.fp.g = xreturn x
copy g to fy = p.gp.f = yreturn y
!p.g=0 !p.f=0
0 = p.fp.g = 0return 0
0 = p.gp.f = 0return 0
initial
?p.f=1
!p.g=1 !p.f=1
1 = p.fp.g = 1return 1
1 = p.gp.f = 1return 1
final
?p.f=1
STUCK!
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 19 / 32
Initiality necessary: Program B
Initial branch must justify speculationOtherwise, execution is stuck
copy f to gx = p.fp.g = xreturn x
copy g to fy = p.gp.f = yreturn y
!p.g=0 !p.f=0
0 = p.fp.g = 0return 0
0 = p.gp.f = 0return 0
initial
?p.f=1
!p.g=1 !p.f=1
1 = p.fp.g = 1return 1
1 = p.gp.f = 1return 1
final
?p.f=1
STUCK!
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 19 / 32
Initiality necessary: Program B
Initial branch must justify speculationOtherwise, execution is stuck
copy f to gx = p.fp.g = xreturn x
copy g to fy = p.gp.f = yreturn y
!p.g=0 !p.f=0
0 = p.fp.g = 0return 0
0 = p.gp.f = 0return 0
initial
?p.f=1
!p.g=1 !p.f=1
1 = p.fp.g = 1return 1
1 = p.gp.f = 1return 1
final
?p.f=1STUCK!
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 19 / 32
Avoiding thin air reads
X Initiality? No self-justification? Consistency? Timeliness
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 20 / 32
Self justification: a degenerate case
Impossible in SC execution: return 1
This execution prevented by definition of visiblity:Thread can not see self-speculation
x = p.fp.f = 1return x
!p.f=1
x = p.fp.f = 1return x
?p.f=1
!p.f=1
x = p.fp.f = 1return x
?p.f=1
ILLEGAL!
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 21 / 32
Self justification: a degenerate case
Impossible in SC execution: return 1
This execution prevented by definition of visiblity:Thread can not see self-speculation
x = p.fp.f = 1return x
!p.f=1
x = p.fp.f = 1return x
?p.f=1
!p.f=1
x = p.fp.f = 1return x
?p.f=1
ILLEGAL!
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 21 / 32
Self justification: a degenerate case
Impossible in SC execution: return 1
This execution prevented by definition of visiblity:Thread can not see self-speculation
x = p.fp.f = 1return x
!p.f=1
0 = p.fp.f = 1return 0
?p.f=1
!p.f=1
1 = p.fp.f = 1return 1
?p.f=1
ILLEGAL!
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 21 / 32
Self justification: a degenerate case
Impossible in SC execution: return 1
This execution prevented by definition of visiblity:Thread can not see self-speculation
x = p.fp.f = 1return x
!p.f=1
0 = p.fp.f = 1return 0
?p.f=1
!p.f=1
1 = p.fp.f = 1return 1
?p.f=1
ILLEGAL!
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 21 / 32
Self justification: a degenerate case
Impossible in SC execution: return 1
This execution prevented by definition of visiblity:Thread can not see self-speculation
x = p.fp.f = 1return x
!p.f=1
0 = p.fp.f = 1return 0
?p.f=1
!p.f=1
1 = p.fp.f = 1return 1
?p.f=1
ILLEGAL!
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 21 / 32
Self justification: a degenerate case
Impossible in SC execution: return 1
This execution prevented by definition of visiblity:Thread can not see self-speculation
x = p.fp.f = 1return x
!p.f=1
0 = p.fp.f = 1return 0
?p.f=1
!p.f=1
1 = p.fp.f = 1return 1
?p.f=1ILLEGAL!
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 21 / 32
Self justification: a degenerate case
Impossible in SC execution: return 1
This execution prevented by definition of visiblity:Thread can not see self-speculation
x = p.fp.f = 1return x
!p.f=1
x = p.fp.f = 1return x
?p.f=1
!p.f=1
x = p.fp.f = 1return x
?p.f=1
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 22 / 32
Self justification: a degenerate case
Impossible in SC execution: return 1
This execution prevented by definition of visiblity:Thread can not see self-speculation
x = p.fp.f = 1return x
!p.f=1
x = p.fp.f = 1return x
?p.f=1
!p.f=1
x = p.fp.f = 1return x
?p.f=1
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 22 / 32
Self justification: a degenerate case
Impossible in SC execution: return 1
This execution prevented by definition of visiblity:Thread can not see self-speculation
x = p.fp.f = 1return x
!p.f=1
0 = p.fp.f = 1return 0
?p.f=1
!p.f=1
0 = p.fp.f = 1return 0
?p.f=1
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 22 / 32
Self justification: a degenerate case
Impossible in SC execution: return 1
This execution prevented by definition of visiblity:Thread can not see self-speculation
x = p.fp.f = 1return x
!p.f=1
0 = p.fp.f = 1return 0
?p.f=1
!p.f=1
0 = p.fp.f = 1return 0
?p.f=1
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 22 / 32
Self justification: a degenerate case
Impossible in SC execution: return 1
This execution prevented by definition of visiblity:Thread can not see self-speculation
x = p.fp.f = 1return x
!p.f=1
0 = p.fp.f = 1return 0
?p.f=1
!p.f=1
0 = p.fp.f = 1return 0
?p.f=1
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 22 / 32
Controlling speculation: consistencyk.acquire()x = p.fif(x==0)p.f = 1
k.release()
k.acquire()x = p.fif(x==0)p.f = 2
k.release()
k.acquire()x = p.fp.g = x
k.release()
k.acquire()x = p.fy = p.g
k.release()return(x,y)
Impossible in SC execution: return(1,2)Possible in final branch with speculation ?p.f=2
Initial branch can produce justifying writeInconsistent use of locks between speculation and justifying write
Initial branch
!p.f=0 !p.g=0 ?p.f=2
yk !p.g=0 kx
yk !p.f=2 kx
yk kx
yk kx
Final branch
!p.f=0 !p.g=0 ?p.f=2
yk !p.g=2 kx
yk !p.f=1 kx
yk kx
yk kx
STUCK!
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 23 / 32
Controlling speculation: consistencyk.acquire()x = p.fif(x==0)p.f = 1
k.release()
k.acquire()x = p.fif(x==0)p.f = 2
k.release()
k.acquire()x = p.fp.g = x
k.release()
k.acquire()x = p.fy = p.g
k.release()return(x,y)
Impossible in SC execution: return(1,2)Possible in final branch with speculation ?p.f=2
Initial branch can produce justifying writeInconsistent use of locks between speculation and justifying write
Initial branch
!p.f=0 !p.g=0 ?p.f=2
yk !p.g=0 kx
yk !p.f=2 kx
yk kx
yk kx
Final branch
!p.f=0 !p.g=0 ?p.f=2
yk !p.g=2 kx
yk !p.f=1 kx
yk kx
yk kx
STUCK!
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 23 / 32
Controlling speculation: consistencyk.acquire()x = p.fif(x==0)p.f = 1
k.release()
k.acquire()x = p.fif(x==0)p.f = 2
k.release()
k.acquire()x = p.fp.g = x
k.release()
k.acquire()x = p.fy = p.g
k.release()return(x,y)
Impossible in SC execution: return(1,2)Possible in final branch with speculation ?p.f=2
Initial branch can produce justifying writeInconsistent use of locks between speculation and justifying write
Initial branch
!p.f=0 !p.g=0 ?p.f=2
yk !p.g=0 kx
yk !p.f=2 kx
yk kx
yk kx
Final branch
!p.f=0 !p.g=0 ?p.f=2
yk !p.g=2 kx
yk !p.f=1 kx
yk kx
yk kx
STUCK!
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 23 / 32
Controlling speculation: consistencyk.acquire()x = p.fif(x==0)p.f = 1
k.release()
k.acquire()x = p.fif(x==0)p.f = 2
k.release()
k.acquire()x = p.fp.g = x
k.release()
k.acquire()x = p.fy = p.g
k.release()return(x,y)
Impossible in SC execution: return(1,2)Possible in final branch with speculation ?p.f=2
Initial branch can produce justifying writeInconsistent use of locks between speculation and justifying write
Initial branch
!p.f=0 !p.g=0 ?p.f=2
yk !p.g=0 kx
yk !p.f=2 kx
yk kx
yk kx
Final branch
!p.f=0 !p.g=0 ?p.f=2
yk !p.g=2 kx
yk !p.f=1 kx
yk kx
yk kx
STUCK!
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 23 / 32
Controlling speculation: timeliness
k.acquire()x = p.fp.f = x+1p.g = 1
k.release()return x
k.acquire()x = p.fp.f = x+1p.g = 2
k.release()return x
k.acquire()
y = p.gk.release()return y
Impossible SC: return 0; return 1; return 1;
Possible in final branch with speculation ?p.g=1
Initial and final branches produce same actionsSpeculation used to introduce data race in final branch
!p.f=0 !p.g=0
yk !p.f=1 !p.g=1 kx ?p.g=1
yk !p.f=2 !p.g=2 kx
yk kx
STUCK!
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 24 / 32
Controlling speculation: timeliness
k.acquire()x = p.fp.f = x+1p.g = 1
k.release()return x
k.acquire()x = p.fp.f = x+1p.g = 2
k.release()return x
k.acquire()
y = p.gk.release()return y
Impossible SC: return 0; return 1; return 1;
Possible in final branch with speculation ?p.g=1
Initial and final branches produce same actionsSpeculation used to introduce data race in final branch
!p.f=0 !p.g=0
yk !p.f=1 !p.g=1 kx ?p.g=1
yk !p.f=2 !p.g=2 kx
yk kx
STUCK!
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 24 / 32
Controlling speculation: timeliness
k.acquire()x = p.fp.f = x+1p.g = 1
k.release()return x
k.acquire()x = p.fp.f = x+1p.g = 2
k.release()return x
k.acquire()
y = p.gk.release()return y
Impossible SC: return 0; return 1; return 1;
Possible in final branch with speculation ?p.g=1
Initial and final branches produce same actionsSpeculation used to introduce data race in final branch
!p.f=0 !p.g=0
yk !p.f=1 !p.g=1 kx ?p.g=1
yk !p.f=2 !p.g=2 kx
yk kx
STUCK!
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 24 / 32
Controlling speculation: timeliness
k.acquire()x = p.fp.f = x+1p.g = 1
k.release()return x
k.acquire()x = p.fp.f = x+1p.g = 2
k.release()return x
k.acquire()
y = p.gk.release()return y
Impossible SC: return 0; return 1; return 1;
Possible in final branch with speculation ?p.g=1
Initial and final branches produce same actionsSpeculation used to introduce data race in final branch
!p.f=0 !p.g=0
yk !p.f=1 !p.g=1 kx ?p.g=1
yk !p.f=2 !p.g=2 kx
yk kx
STUCK!
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 24 / 32
1 BackgroundSequential ConsistencyData Race Free ModelJava Memory Model
2 Speculative semanticsEmpirical and speculative actionsDesirable executions allowedUndesirable executions prevented
3 Summary of resultsRelation to Java Memory ModelSimulation precongruence
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 25 / 32
Relation to JMM
TheoremDRF program ⇒ SC execution
TheoremLockless program ⇒ every JMM execution allowed
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 26 / 32
Simulation
Simulation defined in paperPrecongruenceUseful
p.f=1; p.g=1;& p.g=1; p.f=1;
p.f=1; k.acquire();& k.acquire(); p.f=1;
x=p.f; y=p.f; M & x=p.f; M{x/y}
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 27 / 32
Summary
New model based on speculation
Data Races Locks New vs. JMMX - =- X >X X 6≷
Simulation precongruenceBetter behaved:Validates redundant-read-elimination, roach-motel, etcThank you
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 28 / 32
Summary
New model based on speculation
Data Races Locks New vs. JMMX - =- X >X X 6≷
Simulation precongruenceBetter behaved:Validates redundant-read-elimination, roach-motel, etcThank you
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 28 / 32
Appendix
The rest of the slides animate the execution of a few examples.
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 29 / 32
Controlling speculation: consistency
!p.f=0 !p.g=0 ?p.f=2 yk !p.g=0 kx
yk !p.f=2 kx yk kx yk kx
k.acquire()x = p.fif(x==0)p.f = 1
k.release()
k.acquire()x = p.fif(x==0)p.f = 2
k.release()
k.acquire()x = p.fp.g = x
k.release()
k.acquire()x = p.fy = p.g
k.release()return(x,y)
!p.f=0 !p.g=0 ?p.f=2 yk !p.g=2 kx
yk !p.f=1 kx yk kx yk kx
k.acquire()x = p.fif(x==0)p.f = 1
k.release()
k.acquire()x = p.fif(x==0)p.f = 2
k.release()
k.acquire()x = p.fp.g = x
k.release()
k.acquire()x = p.fy = p.g
k.release()return(x,y)
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 30 / 32
Controlling speculation: consistency
!p.f=0 !p.g=0 ?p.f=2
yk !p.g=0 kx
yk !p.f=2 kx yk kx yk kx
k.acquire()x = p.fif(x==0)p.f = 1
k.release()
k.acquire()x = p.fif(x==0)p.f = 2
k.release()
k.acquire()x = p.fp.g = x
k.release()
k.acquire()x = p.fy = p.g
k.release()return(x,y)
!p.f=0 !p.g=0 ?p.f=2
yk !p.g=2 kx
yk !p.f=1 kx yk kx yk kx
k.acquire()x = p.fif(x==0)p.f = 1
k.release()
k.acquire()x = p.fif(x==0)p.f = 2
k.release()
k.acquire()x = p.fp.g = x
k.release()
k.acquire()x = p.fy = p.g
k.release()return(x,y)
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 30 / 32
Controlling speculation: consistency
!p.f=0 !p.g=0 ?p.f=2 yk
!p.g=0 kx
yk !p.f=2 kx yk kx yk kx
k.acquire()x = p.fif(x==0)p.f = 1
k.release()
k.acquire()x = p.fif(x==0)p.f = 2
k.release()
k.acquire()x = p.fp.g = x
k.release()
k.acquire()x = p.fy = p.g
k.release()return(x,y)
!p.f=0 !p.g=0 ?p.f=2 yk
!p.g=2 kx
yk !p.f=1 kx yk kx yk kx
k.acquire()x = p.fif(x==0)p.f = 1
k.release()
k.acquire()x = p.fif(x==0)p.f = 2
k.release()
k.acquire()x = p.fp.g = x
k.release()
k.acquire()x = p.fy = p.g
k.release()return(x,y)
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 30 / 32
Controlling speculation: consistency
!p.f=0 !p.g=0 ?p.f=2 yk
!p.g=0 kx
yk !p.f=2 kx yk kx yk kx
k.acquire()x = p.fif(x==0)p.f = 1
k.release()
k.acquire()x = p.fif(x==0)p.f = 2
k.release()
k.acquire()0 = p.fp.g = 0
k.release()
k.acquire()x = p.fy = p.g
k.release()return(x,y)
!p.f=0 !p.g=0 ?p.f=2 yk
!p.g=2 kx
yk !p.f=1 kx yk kx yk kx
k.acquire()x = p.fif(x==0)p.f = 1
k.release()
k.acquire()x = p.fif(x==0)p.f = 2
k.release()
k.acquire()2 = p.fp.g = 2
k.release()
k.acquire()x = p.fy = p.g
k.release()return(x,y)
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 30 / 32
Controlling speculation: consistency
!p.f=0 !p.g=0 ?p.f=2 yk !p.g=0
kx
yk !p.f=2 kx yk kx yk kx
k.acquire()x = p.fif(x==0)p.f = 1
k.release()
k.acquire()x = p.fif(x==0)p.f = 2
k.release()
k.acquire()0 = p.fp.g = 0
k.release()
k.acquire()x = p.fy = p.g
k.release()return(x,y)
!p.f=0 !p.g=0 ?p.f=2 yk !p.g=2
kx
yk !p.f=1 kx yk kx yk kx
k.acquire()x = p.fif(x==0)p.f = 1
k.release()
k.acquire()x = p.fif(x==0)p.f = 2
k.release()
k.acquire()2 = p.fp.g = 2
k.release()
k.acquire()x = p.fy = p.g
k.release()return(x,y)
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 30 / 32
Controlling speculation: consistency
!p.f=0 !p.g=0 ?p.f=2 yk !p.g=0 kx
yk !p.f=2 kx yk kx yk kx
k.acquire()x = p.fif(x==0)p.f = 1
k.release()
k.acquire()x = p.fif(x==0)p.f = 2
k.release()
k.acquire()0 = p.fp.g = 0
k.release()
k.acquire()x = p.fy = p.g
k.release()return(x,y)
!p.f=0 !p.g=0 ?p.f=2 yk !p.g=2 kx
yk !p.f=1 kx yk kx yk kx
k.acquire()x = p.fif(x==0)p.f = 1
k.release()
k.acquire()x = p.fif(x==0)p.f = 2
k.release()
k.acquire()2 = p.fp.g = 2
k.release()
k.acquire()x = p.fy = p.g
k.release()return(x,y)
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 30 / 32
Controlling speculation: consistency
!p.f=0 !p.g=0 ?p.f=2 yk !p.g=0 kx
yk
!p.f=2 kx yk kx yk kx
k.acquire()x = p.fif(x==0)p.f = 1
k.release()
k.acquire()x = p.fif(x==0)p.f = 2
k.release()
k.acquire()0 = p.fp.g = 0
k.release()
k.acquire()x = p.fy = p.g
k.release()return(x,y)
!p.f=0 !p.g=0 ?p.f=2 yk !p.g=2 kx
yk
!p.f=1 kx yk kx yk kx
k.acquire()x = p.fif(x==0)p.f = 1
k.release()
k.acquire()x = p.fif(x==0)p.f = 2
k.release()
k.acquire()2 = p.fp.g = 2
k.release()
k.acquire()x = p.fy = p.g
k.release()return(x,y)
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 30 / 32
Controlling speculation: consistency
!p.f=0 !p.g=0 ?p.f=2 yk !p.g=0 kx
yk
!p.f=2 kx yk kx yk kx
k.acquire()x = p.fif(x==0)p.f = 1
k.release()
k.acquire()0 = p.fif(0==0)p.f = 2
k.release()
k.acquire()0 = p.fp.g = 0
k.release()
k.acquire()x = p.fy = p.g
k.release()return(x,y)
!p.f=0 !p.g=0 ?p.f=2 yk !p.g=2 kx
yk
!p.f=1 kx yk kx yk kx
k.acquire()0 = p.fif(0==0)p.f = 1
k.release()
k.acquire()x = p.fif(x==0)p.f = 2
k.release()
k.acquire()2 = p.fp.g = 2
k.release()
k.acquire()x = p.fy = p.g
k.release()return(x,y)
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 30 / 32
Controlling speculation: consistency
!p.f=0 !p.g=0 ?p.f=2 yk !p.g=0 kx
yk !p.f=2
kx yk kx yk kx
k.acquire()x = p.fif(x==0)p.f = 1
k.release()
k.acquire()0 = p.fif(0==0)p.f = 2
k.release()
k.acquire()0 = p.fp.g = 0
k.release()
k.acquire()x = p.fy = p.g
k.release()return(x,y)
!p.f=0 !p.g=0 ?p.f=2 yk !p.g=2 kx
yk !p.f=1
kx yk kx yk kx
k.acquire()0 = p.fif(0==0)p.f = 1
k.release()
k.acquire()x = p.fif(x==0)p.f = 2
k.release()
k.acquire()2 = p.fp.g = 2
k.release()
k.acquire()x = p.fy = p.g
k.release()return(x,y)
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 30 / 32
Controlling speculation: consistency
!p.f=0 !p.g=0 ?p.f=2 yk !p.g=0 kx
yk !p.f=2 kx
yk kx yk kx
k.acquire()x = p.fif(x==0)p.f = 1
k.release()
k.acquire()0 = p.fif(0==0)p.f = 2
k.release()
k.acquire()0 = p.fp.g = 0
k.release()
k.acquire()x = p.fy = p.g
k.release()return(x,y)
!p.f=0 !p.g=0 ?p.f=2 yk !p.g=2 kx
yk !p.f=1 kx
yk kx yk kx
k.acquire()0 = p.fif(0==0)p.f = 1
k.release()
k.acquire()x = p.fif(x==0)p.f = 2
k.release()
k.acquire()2 = p.fp.g = 2
k.release()
k.acquire()x = p.fy = p.g
k.release()return(x,y)
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 30 / 32
Controlling speculation: consistency
!p.f=0 !p.g=0 ?p.f=2 yk !p.g=0 kx
yk !p.f=2 kx yk
kx yk kx
k.acquire()x = p.fif(x==0)p.f = 1
k.release()
k.acquire()0 = p.fif(0==0)p.f = 2
k.release()
k.acquire()0 = p.fp.g = 0
k.release()
k.acquire()x = p.fy = p.g
k.release()return(x,y)
!p.f=0 !p.g=0 ?p.f=2 yk !p.g=2 kx
yk !p.f=1 kx yk
kx yk kx
k.acquire()0 = p.fif(0==0)p.f = 1
k.release()
k.acquire()x = p.fif(x==0)p.f = 2
k.release()
k.acquire()2 = p.fp.g = 2
k.release()
k.acquire()x = p.fy = p.g
k.release()return(x,y)
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 30 / 32
Controlling speculation: consistency
!p.f=0 !p.g=0 ?p.f=2 yk !p.g=0 kx
yk !p.f=2 kx yk
kx yk kx
k.acquire()2 = p.fif(2==0)p.f = 1
k.release()
k.acquire()0 = p.fif(0==0)p.f = 2
k.release()
k.acquire()0 = p.fp.g = 0
k.release()
k.acquire()x = p.fy = p.g
k.release()return(x,y)
!p.f=0 !p.g=0 ?p.f=2 yk !p.g=2 kx
yk !p.f=1 kx yk
kx yk kx
k.acquire()0 = p.fif(0==0)p.f = 1
k.release()
k.acquire()1 = p.fif(1==0)p.f = 2
k.release()
k.acquire()2 = p.fp.g = 2
k.release()
k.acquire()x = p.fy = p.g
k.release()return(x,y)
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 30 / 32
Controlling speculation: consistency
!p.f=0 !p.g=0 ?p.f=2 yk !p.g=0 kx
yk !p.f=2 kx yk kx
yk kx
k.acquire()2 = p.fif(2==0)p.f = 1
k.release()
k.acquire()0 = p.fif(0==0)p.f = 2
k.release()
k.acquire()0 = p.fp.g = 0
k.release()
k.acquire()x = p.fy = p.g
k.release()return(x,y)
!p.f=0 !p.g=0 ?p.f=2 yk !p.g=2 kx
yk !p.f=1 kx yk kx
yk kx
k.acquire()0 = p.fif(0==0)p.f = 1
k.release()
k.acquire()1 = p.fif(1==0)p.f = 2
k.release()
k.acquire()2 = p.fp.g = 2
k.release()
k.acquire()x = p.fy = p.g
k.release()return(x,y)
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 30 / 32
Controlling speculation: consistency
!p.f=0 !p.g=0 ?p.f=2 yk !p.g=0 kx
yk !p.f=2 kx yk kx yk
kx
k.acquire()2 = p.fif(2==0)p.f = 1
k.release()
k.acquire()0 = p.fif(0==0)p.f = 2
k.release()
k.acquire()0 = p.fp.g = 0
k.release()
k.acquire()x = p.fy = p.g
k.release()return(x,y)
!p.f=0 !p.g=0 ?p.f=2 yk !p.g=2 kx
yk !p.f=1 kx yk kx yk
kx
k.acquire()0 = p.fif(0==0)p.f = 1
k.release()
k.acquire()1 = p.fif(1==0)p.f = 2
k.release()
k.acquire()2 = p.fp.g = 2
k.release()
k.acquire()x = p.fy = p.g
k.release()return(x,y)
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 30 / 32
Controlling speculation: consistency
!p.f=0 !p.g=0 ?p.f=2 yk !p.g=0 kx
yk !p.f=2 kx yk kx yk
kx
k.acquire()2 = p.fif(2==0)p.f = 1
k.release()
k.acquire()0 = p.fif(0==0)p.f = 2
k.release()
k.acquire()0 = p.fp.g = 0
k.release()
k.acquire()2 = p.fy = p.g
k.release()return(2,y)
!p.f=0 !p.g=0 ?p.f=2 yk !p.g=2 kx
yk !p.f=1 kx yk kx yk
kx
k.acquire()0 = p.fif(0==0)p.f = 1
k.release()
k.acquire()1 = p.fif(1==0)p.f = 2
k.release()
k.acquire()2 = p.fp.g = 2
k.release()
k.acquire()1 = p.fy = p.g
k.release()return(1,y)
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 30 / 32
Controlling speculation: consistency
!p.f=0 !p.g=0 ?p.f=2 yk !p.g=0 kx
yk !p.f=2 kx yk kx yk
kx
k.acquire()2 = p.fif(2==0)p.f = 1
k.release()
k.acquire()0 = p.fif(0==0)p.f = 2
k.release()
k.acquire()0 = p.fp.g = 0
k.release()
k.acquire()2 = p.f0 = p.g
k.release()return(2,0)
!p.f=0 !p.g=0 ?p.f=2 yk !p.g=2 kx
yk !p.f=1 kx yk kx yk
kx
k.acquire()0 = p.fif(0==0)p.f = 1
k.release()
k.acquire()1 = p.fif(1==0)p.f = 2
k.release()
k.acquire()2 = p.fp.g = 2
k.release()
k.acquire()1 = p.f2 = p.g
k.release()return(1,2)
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 30 / 32
Controlling speculation: consistency
!p.f=0 !p.g=0 ?p.f=2 yk !p.g=0 kx
yk !p.f=2 kx yk kx yk kx
k.acquire()2 = p.fif(2==0)p.f = 1
k.release()
k.acquire()0 = p.fif(0==0)p.f = 2
k.release()
k.acquire()0 = p.fp.g = 0
k.release()
k.acquire()2 = p.f0 = p.g
k.release()return(2,0)
!p.f=0 !p.g=0 ?p.f=2 yk !p.g=2 kx
yk !p.f=1 kx yk kx yk kx
k.acquire()0 = p.fif(0==0)p.f = 1
k.release()
k.acquire()1 = p.fif(1==0)p.f = 2
k.release()
k.acquire()2 = p.fp.g = 2
k.release()
k.acquire()1 = p.f2 = p.g
k.release()return(1,2)
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 30 / 32
Controlling speculation: timeliness
!p.f=0 !p.g=0 yk !p.f=1 !p.g=1 kx
?p.g=1 yk !p.f=2 !p.g=2 kx yk kx
k.acquire()x = p.fp.f = x+1p.g = 1
k.release()return x
k.acquire()x = p.fp.f = x+1p.g = 2
k.release()return x
k.acquire()
y = p.gk.release()return y
!p.f=0 !p.g=0 yk !p.f=1 !p.g=1 kx
?p.g=1 yk !p.f=2 !p.g=2 kx yk kx
k.acquire()x = p.fp.f = x+1p.g = 1
k.release()return x
k.acquire()x = p.fp.f = x+1p.g = 2
k.release()return x
k.acquire()
y = p.gk.release()return y
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 31 / 32
Controlling speculation: timeliness
!p.f=0 !p.g=0
yk !p.f=1 !p.g=1 kx
?p.g=1 yk !p.f=2 !p.g=2 kx yk kx
k.acquire()x = p.fp.f = x+1p.g = 1
k.release()return x
k.acquire()x = p.fp.f = x+1p.g = 2
k.release()return x
k.acquire()
y = p.gk.release()return y
!p.f=0 !p.g=0
yk !p.f=1 !p.g=1 kx
?p.g=1 yk !p.f=2 !p.g=2 kx yk kx
k.acquire()x = p.fp.f = x+1p.g = 1
k.release()return x
k.acquire()x = p.fp.f = x+1p.g = 2
k.release()return x
k.acquire()
y = p.gk.release()return y
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 31 / 32
Controlling speculation: timeliness
!p.f=0 !p.g=0 yk
!p.f=1 !p.g=1 kx
?p.g=1 yk !p.f=2 !p.g=2 kx yk kx
k.acquire()x = p.fp.f = x+1p.g = 1
k.release()return x
k.acquire()x = p.fp.f = x+1p.g = 2
k.release()return x
k.acquire()
y = p.gk.release()return y
!p.f=0 !p.g=0 yk
!p.f=1 !p.g=1 kx
?p.g=1 yk !p.f=2 !p.g=2 kx yk kx
k.acquire()x = p.fp.f = x+1p.g = 1
k.release()return x
k.acquire()x = p.fp.f = x+1p.g = 2
k.release()return x
k.acquire()
y = p.gk.release()return y
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 31 / 32
Controlling speculation: timeliness
!p.f=0 !p.g=0 yk
!p.f=1 !p.g=1 kx
?p.g=1 yk !p.f=2 !p.g=2 kx yk kx
k.acquire()0 = p.fp.f = 0+1p.g = 1
k.release()return 0
k.acquire()x = p.fp.f = x+1p.g = 2
k.release()return x
k.acquire()
y = p.gk.release()return y
!p.f=0 !p.g=0 yk
!p.f=1 !p.g=1 kx
?p.g=1 yk !p.f=2 !p.g=2 kx yk kx
k.acquire()0 = p.fp.f = 0+1p.g = 1
k.release()return 0
k.acquire()x = p.fp.f = x+1p.g = 2
k.release()return x
k.acquire()
y = p.gk.release()return y
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 31 / 32
Controlling speculation: timeliness
!p.f=0 !p.g=0 yk !p.f=1
!p.g=1 kx
?p.g=1 yk !p.f=2 !p.g=2 kx yk kx
k.acquire()0 = p.fp.f = 0+1p.g = 1
k.release()return 0
k.acquire()x = p.fp.f = x+1p.g = 2
k.release()return x
k.acquire()
y = p.gk.release()return y
!p.f=0 !p.g=0 yk !p.f=1
!p.g=1 kx
?p.g=1 yk !p.f=2 !p.g=2 kx yk kx
k.acquire()0 = p.fp.f = 0+1p.g = 1
k.release()return 0
k.acquire()x = p.fp.f = x+1p.g = 2
k.release()return x
k.acquire()
y = p.gk.release()return y
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 31 / 32
Controlling speculation: timeliness
!p.f=0 !p.g=0 yk !p.f=1 !p.g=1
kx
?p.g=1 yk !p.f=2 !p.g=2 kx yk kx
k.acquire()0 = p.fp.f = 0+1p.g = 1
k.release()return 0
k.acquire()x = p.fp.f = x+1p.g = 2
k.release()return x
k.acquire()
y = p.gk.release()return y
!p.f=0 !p.g=0 yk !p.f=1 !p.g=1
kx
?p.g=1 yk !p.f=2 !p.g=2 kx yk kx
k.acquire()0 = p.fp.f = 0+1p.g = 1
k.release()return 0
k.acquire()x = p.fp.f = x+1p.g = 2
k.release()return x
k.acquire()
y = p.gk.release()return y
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 31 / 32
Controlling speculation: timeliness
!p.f=0 !p.g=0 yk !p.f=1 !p.g=1 kx
?p.g=1 yk !p.f=2 !p.g=2 kx yk kx
k.acquire()0 = p.fp.f = 0+1p.g = 1
k.release()return 0
k.acquire()x = p.fp.f = x+1p.g = 2
k.release()return x
k.acquire()
y = p.gk.release()return y
!p.f=0 !p.g=0 yk !p.f=1 !p.g=1 kx
?p.g=1 yk !p.f=2 !p.g=2 kx yk kx
k.acquire()0 = p.fp.f = 0+1p.g = 1
k.release()return 0
k.acquire()x = p.fp.f = x+1p.g = 2
k.release()return x
k.acquire()
y = p.gk.release()return y
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 31 / 32
Controlling speculation: timeliness
!p.f=0 !p.g=0 yk !p.f=1 !p.g=1 kx
?p.g=1
yk !p.f=2 !p.g=2 kx yk kx
k.acquire()0 = p.fp.f = 0+1p.g = 1
k.release()return 0
k.acquire()x = p.fp.f = x+1p.g = 2
k.release()return x
k.acquire()
y = p.gk.release()return y
!p.f=0 !p.g=0 yk !p.f=1 !p.g=1 kx
?p.g=1
yk !p.f=2 !p.g=2 kx yk kx
k.acquire()0 = p.fp.f = 0+1p.g = 1
k.release()return 0
k.acquire()x = p.fp.f = x+1p.g = 2
k.release()return x
k.acquire()
y = p.gk.release()return y
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 31 / 32
Controlling speculation: timeliness
!p.f=0 !p.g=0 yk !p.f=1 !p.g=1 kx
?p.g=1
yk !p.f=2 !p.g=2 kx yk kx
k.acquire()0 = p.fp.f = 0+1p.g = 1
k.release()return 0
k.acquire()x = p.fp.f = x+1p.g = 2
k.release()return x
k.acquire()
y = p.gk.release()return y
!p.f=0 !p.g=0 yk !p.f=1 !p.g=1 kx
?p.g=1
yk !p.f=2 !p.g=2 kx yk kx
k.acquire()0 = p.fp.f = 0+1p.g = 1
k.release()return 0
k.acquire()x = p.fp.f = x+1p.g = 2
k.release()return x
k.acquire()
y = p.gk.release()return y
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 31 / 32
Controlling speculation: timeliness
!p.f=0 !p.g=0 yk !p.f=1 !p.g=1 kx
?p.g=1 yk
!p.f=2 !p.g=2 kx yk kx
k.acquire()0 = p.fp.f = 0+1p.g = 1
k.release()return 0
k.acquire()x = p.fp.f = x+1p.g = 2
k.release()return x
k.acquire()
y = p.gk.release()return y
!p.f=0 !p.g=0 yk !p.f=1 !p.g=1 kx
?p.g=1 yk
!p.f=2 !p.g=2 kx yk kx
k.acquire()0 = p.fp.f = 0+1p.g = 1
k.release()return 0
k.acquire()x = p.fp.f = x+1p.g = 2
k.release()return x
k.acquire()
y = p.gk.release()return y
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 31 / 32
Controlling speculation: timeliness
!p.f=0 !p.g=0 yk !p.f=1 !p.g=1 kx
?p.g=1 yk
!p.f=2 !p.g=2 kx yk kx
k.acquire()0 = p.fp.f = 0+1p.g = 1
k.release()return 0
k.acquire()1 = p.fp.f = 1+1p.g = 2
k.release()return 1
k.acquire()
y = p.gk.release()return y
!p.f=0 !p.g=0 yk !p.f=1 !p.g=1 kx
?p.g=1 yk
!p.f=2 !p.g=2 kx yk kx
k.acquire()0 = p.fp.f = 0+1p.g = 1
k.release()return 0
k.acquire()1 = p.fp.f = 1+1p.g = 2
k.release()return 1
k.acquire()
y = p.gk.release()return y
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 31 / 32
Controlling speculation: timeliness
!p.f=0 !p.g=0 yk !p.f=1 !p.g=1 kx
?p.g=1 yk !p.f=2
!p.g=2 kx yk kx
k.acquire()0 = p.fp.f = 0+1p.g = 1
k.release()return 0
k.acquire()1 = p.fp.f = 1+1p.g = 2
k.release()return 1
k.acquire()
y = p.gk.release()return y
!p.f=0 !p.g=0 yk !p.f=1 !p.g=1 kx
?p.g=1 yk !p.f=2
!p.g=2 kx yk kx
k.acquire()0 = p.fp.f = 0+1p.g = 1
k.release()return 0
k.acquire()1 = p.fp.f = 1+1p.g = 2
k.release()return 1
k.acquire()
y = p.gk.release()return y
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 31 / 32
Controlling speculation: timeliness
!p.f=0 !p.g=0 yk !p.f=1 !p.g=1 kx
?p.g=1 yk !p.f=2 !p.g=2
kx yk kx
k.acquire()0 = p.fp.f = 0+1p.g = 1
k.release()return 0
k.acquire()1 = p.fp.f = 1+1p.g = 2
k.release()return 1
k.acquire()
y = p.gk.release()return y
!p.f=0 !p.g=0 yk !p.f=1 !p.g=1 kx
?p.g=1 yk !p.f=2 !p.g=2
kx yk kx
k.acquire()0 = p.fp.f = 0+1p.g = 1
k.release()return 0
k.acquire()1 = p.fp.f = 1+1p.g = 2
k.release()return 1
k.acquire()
y = p.gk.release()return y
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 31 / 32
Controlling speculation: timeliness
!p.f=0 !p.g=0 yk !p.f=1 !p.g=1 kx
?p.g=1 yk !p.f=2 !p.g=2 kx
yk kx
k.acquire()0 = p.fp.f = 0+1p.g = 1
k.release()return 0
k.acquire()1 = p.fp.f = 1+1p.g = 2
k.release()return 1
k.acquire()
y = p.gk.release()return y
!p.f=0 !p.g=0 yk !p.f=1 !p.g=1 kx
?p.g=1 yk !p.f=2 !p.g=2 kx
yk kx
k.acquire()0 = p.fp.f = 0+1p.g = 1
k.release()return 0
k.acquire()1 = p.fp.f = 1+1p.g = 2
k.release()return 1
k.acquire()
y = p.gk.release()return y
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 31 / 32
Controlling speculation: timeliness
!p.f=0 !p.g=0 yk !p.f=1 !p.g=1 kx
?p.g=1 yk !p.f=2 !p.g=2 kx yk
kx
k.acquire()0 = p.fp.f = 0+1p.g = 1
k.release()return 0
k.acquire()1 = p.fp.f = 1+1p.g = 2
k.release()return 1
k.acquire()
y = p.gk.release()return y
!p.f=0 !p.g=0 yk !p.f=1 !p.g=1 kx
?p.g=1 yk !p.f=2 !p.g=2 kx yk
kx
k.acquire()0 = p.fp.f = 0+1p.g = 1
k.release()return 0
k.acquire()1 = p.fp.f = 1+1p.g = 2
k.release()return 1
k.acquire()
y = p.gk.release()return y
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 31 / 32
Controlling speculation: timeliness
!p.f=0 !p.g=0 yk !p.f=1 !p.g=1 kx
?p.g=1 yk !p.f=2 !p.g=2 kx yk
kx
k.acquire()0 = p.fp.f = 0+1p.g = 1
k.release()return 0
k.acquire()1 = p.fp.f = 1+1p.g = 2
k.release()return 1
k.acquire()
2 = p.gk.release()return 2
!p.f=0 !p.g=0 yk !p.f=1 !p.g=1 kx
?p.g=1 yk !p.f=2 !p.g=2 kx yk
kx
k.acquire()0 = p.fp.f = 0+1p.g = 1
k.release()return 0
k.acquire()1 = p.fp.f = 1+1p.g = 2
k.release()return 1
k.acquire()
1 = p.gk.release()return 1
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 31 / 32
Controlling speculation: timeliness
!p.f=0 !p.g=0 yk !p.f=1 !p.g=1 kx
?p.g=1 yk !p.f=2 !p.g=2 kx yk kx
k.acquire()0 = p.fp.f = 0+1p.g = 1
k.release()return 0
k.acquire()1 = p.fp.f = 1+1p.g = 2
k.release()return 1
k.acquire()
2 = p.gk.release()return 2
!p.f=0 !p.g=0 yk !p.f=1 !p.g=1 kx
?p.g=1 yk !p.f=2 !p.g=2 kx yk kx
k.acquire()0 = p.fp.f = 0+1p.g = 1
k.release()return 0
k.acquire()1 = p.fp.f = 1+1p.g = 2
k.release()return 1
k.acquire()
1 = p.gk.release()return 1
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 31 / 32
Roach Motel
!p.f=0 !p.g=0 !p.h=0 yk !p.f=2 kx yk
!p.f=1 kx yk ?p.h=1 !p.g=1 !p.h=1 kx
k.acquire()p.f = 2
k.release()
k.acquire()p.f = 1
k.release()
x = p.fk.acquire()z = p.hif(x==2) p.g = 1else p.g = z
k.release()return(x,z)
y = p.gp.h = yreturn y
!p.f=0 !p.g=0 !p.h=0 yk !p.f=2 kx yk
!p.f=1 kx yk ?p.h=1 !p.g=1 !p.h=1 kx
k.acquire()p.f = 2
k.release()
k.acquire()p.f = 1
k.release()
x = p.fk.acquire()z = p.hif(x==2) p.g = 1else p.g = z
k.release()return(x,z)
y = p.gp.h = yreturn y
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 32 / 32
Roach Motel
!p.f=0 !p.g=0 !p.h=0
yk !p.f=2 kx yk
!p.f=1 kx yk ?p.h=1 !p.g=1 !p.h=1 kx
k.acquire()p.f = 2
k.release()
k.acquire()p.f = 1
k.release()
x = p.fk.acquire()z = p.hif(x==2) p.g = 1else p.g = z
k.release()return(x,z)
y = p.gp.h = yreturn y
!p.f=0 !p.g=0 !p.h=0
yk !p.f=2 kx yk
!p.f=1 kx yk ?p.h=1 !p.g=1 !p.h=1 kx
k.acquire()p.f = 2
k.release()
k.acquire()p.f = 1
k.release()
x = p.fk.acquire()z = p.hif(x==2) p.g = 1else p.g = z
k.release()return(x,z)
y = p.gp.h = yreturn y
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 32 / 32
Roach Motel
!p.f=0 !p.g=0 !p.h=0 yk
!p.f=2 kx yk
!p.f=1 kx yk ?p.h=1 !p.g=1 !p.h=1 kx
k.acquire()p.f = 2
k.release()
k.acquire()p.f = 1
k.release()
x = p.fk.acquire()z = p.hif(x==2) p.g = 1else p.g = z
k.release()return(x,z)
y = p.gp.h = yreturn y
!p.f=0 !p.g=0 !p.h=0 yk
!p.f=2 kx yk
!p.f=1 kx yk ?p.h=1 !p.g=1 !p.h=1 kx
k.acquire()p.f = 2
k.release()
k.acquire()p.f = 1
k.release()
x = p.fk.acquire()z = p.hif(x==2) p.g = 1else p.g = z
k.release()return(x,z)
y = p.gp.h = yreturn y
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 32 / 32
Roach Motel
!p.f=0 !p.g=0 !p.h=0 yk !p.f=2
kx yk
!p.f=1 kx yk ?p.h=1 !p.g=1 !p.h=1 kx
k.acquire()p.f = 2
k.release()
k.acquire()p.f = 1
k.release()
x = p.fk.acquire()z = p.hif(x==2) p.g = 1else p.g = z
k.release()return(x,z)
y = p.gp.h = yreturn y
!p.f=0 !p.g=0 !p.h=0 yk !p.f=2
kx yk
!p.f=1 kx yk ?p.h=1 !p.g=1 !p.h=1 kx
k.acquire()p.f = 2
k.release()
k.acquire()p.f = 1
k.release()
x = p.fk.acquire()z = p.hif(x==2) p.g = 1else p.g = z
k.release()return(x,z)
y = p.gp.h = yreturn y
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 32 / 32
Roach Motel
!p.f=0 !p.g=0 !p.h=0 yk !p.f=2 kx
yk
!p.f=1 kx yk ?p.h=1 !p.g=1 !p.h=1 kx
k.acquire()p.f = 2
k.release()
k.acquire()p.f = 1
k.release()
x = p.fk.acquire()z = p.hif(x==2) p.g = 1else p.g = z
k.release()return(x,z)
y = p.gp.h = yreturn y
!p.f=0 !p.g=0 !p.h=0 yk !p.f=2 kx
yk
!p.f=1 kx yk ?p.h=1 !p.g=1 !p.h=1 kx
k.acquire()p.f = 2
k.release()
k.acquire()p.f = 1
k.release()
x = p.fk.acquire()z = p.hif(x==2) p.g = 1else p.g = z
k.release()return(x,z)
y = p.gp.h = yreturn y
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 32 / 32
Roach Motel
!p.f=0 !p.g=0 !p.h=0 yk !p.f=2 kx
yk
!p.f=1 kx yk ?p.h=1 !p.g=1 !p.h=1 kx
k.acquire()p.f = 2
k.release()
k.acquire()p.f = 1
k.release()
2 = p.fk.acquire()z = p.hif(2==2) p.g = 1else p.g = z
k.release()return(2,z)
y = p.gp.h = yreturn y
!p.f=0 !p.g=0 !p.h=0 yk !p.f=2 kx yk
!p.f=1 kx yk ?p.h=1 !p.g=1 !p.h=1 kx
k.acquire()p.f = 2
k.release()
k.acquire()p.f = 1
k.release()
x = p.fk.acquire()z = p.hif(x==2) p.g = 1else p.g = z
k.release()return(x,z)
y = p.gp.h = yreturn y
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 32 / 32
Roach Motel
!p.f=0 !p.g=0 !p.h=0 yk !p.f=2 kx yk
!p.f=1 kx yk ?p.h=1 !p.g=1 !p.h=1 kx
k.acquire()p.f = 2
k.release()
k.acquire()p.f = 1
k.release()
2 = p.fk.acquire()z = p.hif(2==2) p.g = 1else p.g = z
k.release()return(2,z)
y = p.gp.h = yreturn y
!p.f=0 !p.g=0 !p.h=0 yk !p.f=2 kx yk
!p.f=1
kx yk ?p.h=1 !p.g=1 !p.h=1 kx
k.acquire()p.f = 2
k.release()
k.acquire()p.f = 1
k.release()
x = p.fk.acquire()z = p.hif(x==2) p.g = 1else p.g = z
k.release()return(x,z)
y = p.gp.h = yreturn y
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 32 / 32
Roach Motel
!p.f=0 !p.g=0 !p.h=0 yk !p.f=2 kx yk
!p.f=1
kx yk ?p.h=1 !p.g=1 !p.h=1 kx
k.acquire()p.f = 2
k.release()
k.acquire()p.f = 1
k.release()
2 = p.fk.acquire()z = p.hif(2==2) p.g = 1else p.g = z
k.release()return(2,z)
y = p.gp.h = yreturn y
!p.f=0 !p.g=0 !p.h=0 yk !p.f=2 kx yk
!p.f=1 kx
yk ?p.h=1 !p.g=1 !p.h=1 kx
k.acquire()p.f = 2
k.release()
k.acquire()p.f = 1
k.release()
x = p.fk.acquire()z = p.hif(x==2) p.g = 1else p.g = z
k.release()return(x,z)
y = p.gp.h = yreturn y
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 32 / 32
Roach Motel
!p.f=0 !p.g=0 !p.h=0 yk !p.f=2 kx yk
!p.f=1 kx
yk ?p.h=1 !p.g=1 !p.h=1 kx
k.acquire()p.f = 2
k.release()
k.acquire()p.f = 1
k.release()
2 = p.fk.acquire()z = p.hif(2==2) p.g = 1else p.g = z
k.release()return(2,z)
y = p.gp.h = yreturn y
!p.f=0 !p.g=0 !p.h=0 yk !p.f=2 kx yk
!p.f=1 kx
yk ?p.h=1 !p.g=1 !p.h=1 kx
k.acquire()p.f = 2
k.release()
k.acquire()p.f = 1
k.release()
1 = p.fk.acquire()z = p.hif(1==2) p.g = 1else p.g = z
k.release()return(1,z)
y = p.gp.h = yreturn y
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 32 / 32
Roach Motel
!p.f=0 !p.g=0 !p.h=0 yk !p.f=2 kx yk
!p.f=1 kx yk
?p.h=1 !p.g=1 !p.h=1 kx
k.acquire()p.f = 2
k.release()
k.acquire()p.f = 1
k.release()
2 = p.fk.acquire()z = p.hif(2==2) p.g = 1else p.g = z
k.release()return(2,z)
y = p.gp.h = yreturn y
!p.f=0 !p.g=0 !p.h=0 yk !p.f=2 kx yk
!p.f=1 kx yk
?p.h=1 !p.g=1 !p.h=1 kx
k.acquire()p.f = 2
k.release()
k.acquire()p.f = 1
k.release()
1 = p.fk.acquire()z = p.hif(1==2) p.g = 1else p.g = z
k.release()return(1,z)
y = p.gp.h = yreturn y
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 32 / 32
Roach Motel
!p.f=0 !p.g=0 !p.h=0 yk !p.f=2 kx yk
!p.f=1 kx yk ?p.h=1
!p.g=1 !p.h=1 kx
k.acquire()p.f = 2
k.release()
k.acquire()p.f = 1
k.release()
2 = p.fk.acquire()z = p.hif(2==2) p.g = 1else p.g = z
k.release()return(2,z)
y = p.gp.h = yreturn y
!p.f=0 !p.g=0 !p.h=0 yk !p.f=2 kx yk
!p.f=1 kx yk ?p.h=1
!p.g=1 !p.h=1 kx
k.acquire()p.f = 2
k.release()
k.acquire()p.f = 1
k.release()
1 = p.fk.acquire()z = p.hif(1==2) p.g = 1else p.g = z
k.release()return(1,z)
y = p.gp.h = yreturn y
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 32 / 32
Roach Motel
!p.f=0 !p.g=0 !p.h=0 yk !p.f=2 kx yk
!p.f=1 kx yk ?p.h=1
!p.g=1 !p.h=1 kx
k.acquire()p.f = 2
k.release()
k.acquire()p.f = 1
k.release()
2 = p.fk.acquire()z = p.hif(2==2) p.g = 1else p.g = z
k.release()return(2,z)
y = p.gp.h = yreturn y
!p.f=0 !p.g=0 !p.h=0 yk !p.f=2 kx yk
!p.f=1 kx yk ?p.h=1
!p.g=1 !p.h=1 kx
k.acquire()p.f = 2
k.release()
k.acquire()p.f = 1
k.release()
1 = p.fk.acquire()z = p.hif(1==2) p.g = 1else p.g = z
k.release()return(1,z)
y = p.gp.h = yreturn y
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 32 / 32
Roach Motel
!p.f=0 !p.g=0 !p.h=0 yk !p.f=2 kx yk
!p.f=1 kx yk ?p.h=1
!p.g=1 !p.h=1 kx
k.acquire()p.f = 2
k.release()
k.acquire()p.f = 1
k.release()
2 = p.fk.acquire()0 = p.hif(2==2) p.g = 1else p.g = 0
k.release()return(2,0)
y = p.gp.h = yreturn y
!p.f=0 !p.g=0 !p.h=0 yk !p.f=2 kx yk
!p.f=1 kx yk ?p.h=1
!p.g=1 !p.h=1 kx
k.acquire()p.f = 2
k.release()
k.acquire()p.f = 1
k.release()
1 = p.fk.acquire()1 = p.hif(1==2) p.g = 1else p.g = 1
k.release()return(1,1)
y = p.gp.h = yreturn y
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 32 / 32
Roach Motel
!p.f=0 !p.g=0 !p.h=0 yk !p.f=2 kx yk
!p.f=1 kx yk ?p.h=1 !p.g=1
!p.h=1 kx
k.acquire()p.f = 2
k.release()
k.acquire()p.f = 1
k.release()
2 = p.fk.acquire()0 = p.hif(2==2) p.g = 1else p.g = 0
k.release()return(2,0)
y = p.gp.h = yreturn y
!p.f=0 !p.g=0 !p.h=0 yk !p.f=2 kx yk
!p.f=1 kx yk ?p.h=1 !p.g=1
!p.h=1 kx
k.acquire()p.f = 2
k.release()
k.acquire()p.f = 1
k.release()
1 = p.fk.acquire()1 = p.hif(1==2) p.g = 1else p.g = 1
k.release()return(1,1)
y = p.gp.h = yreturn y
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 32 / 32
Roach Motel
!p.f=0 !p.g=0 !p.h=0 yk !p.f=2 kx yk
!p.f=1 kx yk ?p.h=1 !p.g=1
!p.h=1 kx
k.acquire()p.f = 2
k.release()
k.acquire()p.f = 1
k.release()
2 = p.fk.acquire()0 = p.hif(2==2) p.g = 1else p.g = 0
k.release()return(2,0)
1 = p.gp.h = 1return 1
!p.f=0 !p.g=0 !p.h=0 yk !p.f=2 kx yk
!p.f=1 kx yk ?p.h=1 !p.g=1
!p.h=1 kx
k.acquire()p.f = 2
k.release()
k.acquire()p.f = 1
k.release()
1 = p.fk.acquire()1 = p.hif(1==2) p.g = 1else p.g = 1
k.release()return(1,1)
1 = p.gp.h = 1return 1
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 32 / 32
Roach Motel
!p.f=0 !p.g=0 !p.h=0 yk !p.f=2 kx yk
!p.f=1 kx yk ?p.h=1 !p.g=1 !p.h=1
kx
k.acquire()p.f = 2
k.release()
k.acquire()p.f = 1
k.release()
2 = p.fk.acquire()0 = p.hif(2==2) p.g = 1else p.g = 0
k.release()return(2,0)
1 = p.gp.h = 1return 1
!p.f=0 !p.g=0 !p.h=0 yk !p.f=2 kx yk
!p.f=1 kx yk ?p.h=1 !p.g=1 !p.h=1
kx
k.acquire()p.f = 2
k.release()
k.acquire()p.f = 1
k.release()
1 = p.fk.acquire()1 = p.hif(1==2) p.g = 1else p.g = 1
k.release()return(1,1)
1 = p.gp.h = 1return 1
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 32 / 32
Roach Motel
!p.f=0 !p.g=0 !p.h=0 yk !p.f=2 kx yk
!p.f=1 kx yk ?p.h=1 !p.g=1 !p.h=1 kx
k.acquire()p.f = 2
k.release()
k.acquire()p.f = 1
k.release()
2 = p.fk.acquire()0 = p.hif(2==2) p.g = 1else p.g = 0
k.release()return(2,0)
1 = p.gp.h = 1return 1
!p.f=0 !p.g=0 !p.h=0 yk !p.f=2 kx yk
!p.f=1 kx yk ?p.h=1 !p.g=1 !p.h=1 kx
k.acquire()p.f = 2
k.release()
k.acquire()p.f = 1
k.release()
1 = p.fk.acquire()1 = p.hif(1==2) p.g = 1else p.g = 1
k.release()return(1,1)
1 = p.gp.h = 1return 1
Generative Operational Semantics for Relaxed Memory Models ESOP 2010 32 / 32