Formal specification of the x86 instruction set architecture

In this thesis we specify the x86 instruction set architecture (ISA) by developing an abstract machine that models the behaviour of a modern computer with multiple x86 processors. Our model enables reasoning about low-level system software by providing formal interpretation of thousand pages of the processor vendor documentation written in informal prose. We show how to reduce the problem of ISA formalization to two simpler problems: memory model specification and instruction semantics specification. We solve the former problem by extending the classical Total Store Ordering memory model with caches, translation-lookaside buffers, memory fences, locks, and other features of the x86 processor. For the latter problem we design a new domain-specific language which makes instruction semantics specification readable and compact.In dieser Arbeit spezifizieren wir den x86-Befehlssatz durch die Definition einer abstrakten Maschine, die das Verhalten eines modernen Computers mit mehreren x86-Prozessoren modeliert. Unser Modell bietet eine formale Interpretation der Prozessorherstellerdokumentationen, die über Tausend Seiten von informellen Spezifikationen enthalten. Wir zeigen, wie das Problem der Befehlssatz-Formalisierung in zwei einfachere Probleme zerlegt werden kann: Spezifikation von dem Speichermodell und spezifikation von der Maschinenbefehlsemantik. Wir lösen das erste Problem durch die Erweiterung des klassischen “Total Store Ordering” Speichermodells mit Caches, Translation-Lookaside Buffers, Memory Fences und Locks. Um die Maschinenbefehlsemantikspezifikation lesbar und kompakt zu machen, entwerfen wir ein neue domänenspezifische Sprache

Unified concurrent write barrier

In a programming language with support for garbage collection, a write barrier is a code snippet that maintains the key invariants of the garbage collector. The write barrier is typically executed after a write operation. The write barrier is computationally expensive and can impact program performance. This is true to a greater extent for languages where garbage collectors need to maintain multiple sets of invariants. For example, languages that employ garbage collection schemes with two collectors may maintain their invariants using multiple different write barriers. The techniques of this disclosure address the problem of maintaining multiple invariants by unifying the write barriers and by executing computationally expensive parts of the write barrier in a concurrent thread

Formelle Spezifizierung von dem x86-Befehlssatz

In this thesis we specify the x86 instruction set architecture (ISA) by developing an abstract machine that models the behaviour of a modern computer with multiple x86 processors. Our model enables reasoning about low-level system software by providing formal interpretation of thousand pages of the processor vendor documentation written in informal prose. We show how to reduce the problem of ISA formalization to two simpler problems: memory model specification and instruction semantics specification. We solve the former problem by extending the classical Total Store Ordering memory model with caches, translation-lookaside buffers, memory fences, locks, and other features of the x86 processor. For the latter problem we design a new domain-specific language which makes instruction semantics specification readable and compact.In dieser Arbeit spezifizieren wir den x86-Befehlssatz durch die Definition einer abstrakten Maschine, die das Verhalten eines modernen Computers mit mehreren x86-Prozessoren modeliert. Unser Modell bietet eine formale Interpretation der Prozessorherstellerdokumentationen, die über Tausend Seiten von informellen Spezifikationen enthalten. Wir zeigen, wie das Problem der Befehlssatz-Formalisierung in zwei einfachere Probleme zerlegt werden kann: Spezifikation von dem Speichermodell und spezifikation von der Maschinenbefehlsemantik. Wir lösen das erste Problem durch die Erweiterung des klassischen “Total Store Ordering” Speichermodells mit Caches, Translation-Lookaside Buffers, Memory Fences und Locks. Um die Maschinenbefehlsemantikspezifikation lesbar und kompakt zu machen, entwerfen wir ein neue domänenspezifische Sprache

Invariants, Modularity, and Rights

The quest for modular concurrency reasoning has led to recent proposals that extend program assertions to include not just knowledge about the state, but rights to access the state. We argue that these rights are really just sugar for knowledge that certain updates preserve certain invariants