A Safety-First Approach to Memory Models

Recent efforts to standardize concurrency semantics for programming languages require programmers to explicitly annotate all memory accesses that can participate in a data race ("unsafe" accesses). This requirement allows the compiler and hardware to aggressively optimize unannotated accesses, which are assumed to be data-race-free ("safe" accesses), while still preserving the intuitive thread interleaving semantics known as sequential consistency (SC). However, unannotated data races are easy for programmers to accidentally introduce and difficult to detect, and thus the safety and correctness of programs can be significantly compromised. The authors argue instead for a safety-first approach, whereby the compiler and hardware treat every memory access as potentially unsafe unless it is proven otherwise. In this way, SC semantics is guaranteed for all programs, whether data-race-free or not. The authors show that the performance and design cost of this approach is insignificant in practice, because the majority of accesses can be proven safe through a simple static or dynamic analysis, and memory ordering constraints can be ignored for such accesses without violating SC. Together with their earlier work on an efficient SC-preserving compiler, their SC hardware provides end-to-end SC semantics at the language level with low overhead.