Remote direct memory access (RDMA) allows a machine to directly read from and write to the memory of remote machine, enabling high-throughput, low-latency data transfer. Ensuring correctness of RDMA programs has only recently become possible with the formalisation of RDMATSO semantics (describing the behaviour of RDMA networking over a TSO CPU). However, this semantics currently lacks a formalisation of remote synchronisation, meaning that the implementations of common abstractions such as locks cannot be verified. In this paper, we close this gap by presenting RDMARMWTSO, the first semantics for remote `read-modify-write' (RMW) instructions over TSO. It turns out that remote RMW operations are weak and only ensure atomicity against other remote RMWs. We therefore build a set of composable synchronisation abstractions starting with the RDMARMWWAIT library. Underpinned by RDMARMWWAIT, we then specify, implement and verify three classes of remote locks that are suitable for different scenarios. Additionally, we develop the notion of a strong RDMA model, RDMARMWSC, which is akin to sequential consistency in shared memory architectures. Our libraries are built to be compatible with an existing set of high-performance libraries called LOCO, which ensures compositionality and verifiability.
Cite
@article{arxiv.2601.14642,
title = {Specifying and Verifying RDMA Synchronisation (Extended Version)},
author = {Guillaume Ambal and Max Stupple and Brijesh Dongol and Azalea Raad},
journal= {arXiv preprint arXiv:2601.14642},
year = {2026}
}
Comments
95 pages, extended version of ESOP 2026 paper, replaced to fix a tikz opacity problem