O N T HE F LY G ARBAGE C OLLECTOR Edger W. Dijkstra Leslie Lamport A. J. Martin C. S. Scholten E.F.M. Steffens Presented by: Dana Drachsler 1
roots G ARBAGE C OLLECTION – P ROBLEM DESCRIPTION Directed graph The number of nodes is fixed, M The edges may change Each node has two outgoing edges: left edge, right edge Either of them can be missing We have a set of “root nodes” A node is reachable if it is reachable from some root The data structure consists of all reachable nodes and their interconnections Nodes that are not reachable are called “garbage nodes ” 2
G ARBAGE C OLLECTION – P ROBLEM DESCRIPTION Operations we can apply on reachable nodes: 1. Redirecting an edge towards an already reachable one 2. Redirecting an edge towards a not yet reachable node that doesn’t have outgoing edges 3. Adding an edge towards an already reachable one 4. Adding an edge towards a not yet reachable node that doesn’t have outgoing edges 5. Removing an edge After applying operations of type 1, 2 or 5 a node may become a garbage node. 3
I MPLEMENTING A G ARBAGE C OLLECTOR We maintain a list of “free list” of nodes that have been identified as garbage nodes These nodes are available to be added to the data structure 4
I MPLEMENTING A G ARBAGE C OLLECTOR The trivial solution for a garbage collector: 1. While (free list is not empty) continue 2. Halt every processor, and start collecting garbage: Starting from the roots, mark all reachable nodes The “marking phase” Append all unmarked nodes to the free list and remove the marking The “sweeping phase” Goto 1 5 roots
D ISADVANTAGES OF THIS S OLUTION In 1978, the minor disadvantage was the delay of the computation The major disadvantage was the unpredicted interludes caused by the garbage collector This led to difficulties upon designing real-time systems. To this end, we study the case where we have two processors: The “mutator” – responsible only for the computation The collector – responsible for collecting garbage They both operate concurrently 6
S OLUTIONS We present three solutions to the garbage collection problem We start with a coarse grained solution and we next refine it. 7
R EFORMULATION OF THE P ROBLEM S TEP 1 We have a special root node named NIL Its two outgoing edges point to it A missing edge will be replaced with an edge to NIL Thus, we are left with only two possible operations: 1. Redirecting an edge towards an already reachable one 2. Redirecting an edge towards a not yet reachable node 88 NI L
R EFORMULATION OF THE P ROBLEM S TEP 2 We add special root nodes that NIL and all garbage nodes will be reachable from them but no other node will be reachable from them. Thus, all nodes are now part of the data structure 9 NI L roots
R EFORMULATION OF THE P ROBLEM S TEP 2 We are left with a single type of operation: 1. Redirecting an edge towards an already reachable one Operation of type 2 is translated into two modifications of type 1: Redirect an edge towards a node in the free list Redirect edges of free list’s nodes to remove this node from the free list 10 NI L roots
R EFORMULATION OF THE P ROBLEM S TEP 2 Now, the activities of the mutator and collector are repeated executions of: Mutator: Redirect an outgoing edge of a reachable node towards an already reachable one Collector: Marking phase: Mark all reachable nodes Appending phase: Append all unmarked nodes to the free list Remove the marking from all marked nodes 11
C ORRECTNESS C RITERIA The mutator and collector keep throughout the execution the following correctness criteria: 12 CC1 (Liveness): Every garbage node is eventually appended to the free list. CC2 (Safety) : Appending a garbage node to the free list is the collector’s only modification of the data structure.
A TOMIC O PERATIONS We will assume that the following operations are atomic: Redirecting an edge Finding the left or right successor of a node Testing and/ or setting certain attributes of a node Appending node to the free list This is simple, provided that the free list remains long enough and then the mutator does not interfere with the collector’s appending operation. 13
T HE C OARSE G RAINED S OLUTION Can we eliminate the overhead of the mutator? No, consider the following scenario. 14 roots A B C
T HE C OARSE G RAINED S OLUTION Can we eliminate the overhead of the mutator? No, consider the following scenario. The collector observes nodes one at a time Hence, it may never discover that C is reachable Thus, the mutator must mark in some way the target nodes of edges it redirects 15 roots A B C
M ARKING THE N ODES We will use colors for marking We start with all nodes white During the marking phase all reachable nodes will be marked black At the end of the marking phase, all white nodes are garbage nodes 16
M ARKING THE N ODES During the marking phase we keep the following invariants: 17 No node will become lighter No edge points from a black node to a white node
M ARKING THE N ODES Suppose the mutator wants to redirect one of its edge to a white node It will violate our invariant Can it mark it black? No, the white node may have white successors Thus, we need to introduce another color Gray 18 No edge points from a black node to a white node
T HE MUTATOR We define “shading a node” as marking it gray if it was white, and leave it unchanged otherwise The mutator repeatedly performs the following atomic operation: Redirect an outgoing edge of a reachable node towards an already reachable one and Shade it 19
T HE COLLECTOR The collector will also use the gray color in order to ensure it doesn’t violate the invariant Upon encountering a gray node, the collector will: Mark it black and Shade its left successor and Shade its right successor The marking phase will terminate once there are no gray nodes This will be detected after scanning all nodes without finding gray ones 20
T HE M ARKING P HASE 1. Shade all roots 2. i = 0, k = M 3. While (k > 0) 1. If (node i is gray) 1. k = M 2. Shade all successors of node i and make node i black 2. Else // node i isn’t gray 1. k = k – 1 3. i = (i + 1) mod M 21 roots i = 0k = i = 1 3 i = 2 4 i = 3 i = 4 i = 5 5 k = 5k = 4k = 3 k = 2k = 1 k = 0
T HE M ARKING P HASE 22 roots NI L
A PPENDING P HASE 1. i = 0 2. While (i < M) 1. If (node i is white) 1. Append it to the free list 2. Else if (node i is black) 1. Mark it white 3. Else 1. Error 4. i = i
P ROVING C ORRECTNESS C RITERIA Proof: It suffices to show that in the appending phase we append only garbage nodes to the free list To this end, we prove the invariant: a white node with a number ≥ i is garbage 24 CC2: Appending a garbage node to the free list is the collector’s only modification of the data structure.
P ROVING C ORRECTNESS C RITERIA “A white node with a number ≥ i is garbage” Proof: This is held between the appending cycles: Throughout the appending phase i only increases Thus, the collector may violate it only if it makes a non garbage node white or by making a white node non garbage This is violated only with respect to node i, but then the subsequent increase i = i + 1 restores the invariant 25
P ROVING C ORRECTNESS C RITERIA “A white node with a number ≥ i is garbage” Proof: This is held between the appending cycles: The mutator cannot violate this invariant It doesn’t update i It doesn’t color nodes in white (only gray) It can’t redirect edges to non reachable nodes thus, it can’t make a white node non garbage because it is not reachable 26
P ROVING C ORRECTNESS C RITERIA “A white node with a number ≥ i is garbage” Proof: This is held when we enter the appending phase: We need to show that the marking phase has established that “all white nodes are garbage” To prove this, we assume that at the beginning of the marking phase there are no black nodes At the end of the appending phase, there are no black nodes The mutator doesn’t color nodes in black Recall the mutator and collector maintain the following: 27 No edge points from a black node to a white node
P ROVING C ORRECTNESS C RITERIA “A white node with a number ≥ i is garbage” Proof: This is held when we enter the appending phase: Thus, when there are no more gray nodes all black nodes are reachable and all white node are garbage We determine that there are no gray nodes after scanning all nodes without encountering gray nodes If only the collector would have colored nodes in gray, this was trivially correct Can the mutator also color nodes in gray? Not white nodes, since they are not reachable Not black nodes, since it only shades nodes 28
P ROVING C ORRECTNESS C RITERIA “A white node with a number ≥ i is garbage” Proof: This is held when we enter the appending phase: Thus if a collector has scanned all nodes and didn’t encounter a gray node, it implies that at the beginning of that scan there were no gray nodes If there was a gray node at the beginning of the scan the collector must have encountered it The mutator leaves gray nodes gray Thus, we can safely determine that there are no gray nodes and all white nodes are garbage 29
P ROVING C ORRECTNESS C RITERIA Proof: We first show that the collector’s two phases terminate properly The appending phase terminates unless it encounters a gray node At the end of the marking phase there are no gray nodes Also, every white node is garbage, thus the mutator cannot shade them Thus, there are no gray nodes during this phase 30 CC1: Every garbage node is eventually appended to the free list. 1.While (i < M) 1.If (node i is white) … 2.Else if (node i is black) … 3.Else Error 4.i = i + 1
P ROVING C ORRECTNESS C RITERIA Proof: The marking phase terminates since the quantity k + M * (number of nonblack nodes) decreases by at least one in each iteration of the marking phase 31 1.… 2.i = 0, k = M 3.While (k > 0) 1.If (node i is gray) 1.k = M 2.… 2.Else 1.k = k – 1 3.… CC1: Every garbage node is eventually appended to the free list.
D nodes P ROVING C ORRECTNESS C RITERIA At the beginning of the appending phase we have 3 sets: The set of reachable nodes which are black The set of white garbage nodes which will be appended to the free list The set of black garbage nodes We name them D-nodes We want to show that D-nodes will be appended to the free list in the next appending phase 32
P ROVING C ORRECTNESS C RITERIA We say that an edge “leads into D” if its source is not in D and its target is in D. Because D-nodes are garbage, the sources of edges that lead into D are white. Since D-nodes are garbage, the mutator will not redirect edges towards them Since they are black they will not be appended during this appending phase 33 D nodes
P ROVING C ORRECTNESS C RITERIA But the collector will append all white nodes to the free list, thus redirect their edges Thus at the end of this phase: There will be no edges leading into D All D nodes will be white No new edges that lead into D until the next appending phase The mutator surely cannot create new ones The collector doesn’t redirect edges during the marking phase 34 D nodes
P ROVING C ORRECTNESS C RITERIA Thus, at the next marking round they will remain white And will be appended to the free list in the next appending phase 35
T OWARDS A F INER G RAINED S OLUTION Recall the mutator atomic operation: Redirect an outgoing edge of a reachable node towards an already reachable one Shade it We want to split it into two atomic operations We also want to maintain our old invariant The trivial solution: shade the new target and then redirect the edge 36 No edge points from a black node to a white node
T OWARDS A F INER G RAINED S OLUTION Consider the following scenario: The mutator shades B and goes to sleep The collector performs a marking phase Then, it performs an appending phase Afterwards B’s color is white! The collector begins another marking phase and color A in black and goes to sleep The mutator redirect A’s edge towards B The mutator redirects all edges that their target is B The collector completes the marking phase, and in the appending phase identifies B as garbage! 37 A B B A No node points from a black node to a white node
T OWARDS A F INER G RAINED S OLUTION Thus, we must change the mutator’s atomic operation Thus, before introducing a finer grained solution we need a new coarse grained solution The collector will remain the same 38
A N EW C OARSE G RAINED S OLUTION The pervious invariant allowed us to deduce that if we encountered a reachable white node then there exists a gray node Propagation path: A path that begins with a gray node and all other nodes are white We used the old invariant to conclude that if there are no gray nodes, all white nodes are garbage The new invariant suffices for this conclusion 39 For each white reachable node, there exists a propagation path leading to it
A N EW C OARSE G RAINED S OLUTION Corollary: If each root is gray or black, the absence of edges from black to white implies our invariant. In particular it is true at the beginning of the marking cycle because all nodes have been shaded and there are no black nodes 40 For each white reachable node, there exists a propagation path leading to it roots
A N EW C OARSE G RAINED S OLUTION Thus, we only need to show that we keep our new invariant 41 For each white reachable node, there exists a propagation path leading to it roots
A N EW C OARSE G RAINED S OLUTION To prove this, we need to maintain another invariant Note that in the absence of black nodes, this clearly holds Thus, at the beginning of the marking phase, this holds We now show that both invariants are held during the marking phase 42 Only the last edge placed by the mutator may lead from a black node to a white one
T HE N EW I NVARIANTS Recall the collector’s atomic operation: Shade all successors of node i and make node i black 43 For each white reachable node, there exists a propagation path leading to it Only the last edge placed by the mutator may lead from a black node to a white one
T HE N EW I NVARIANTS Shading the successors means that: The node’s edges are not part of any propagation path, thus, making the node black doesn’t violate the first invariant There is no black-to-white edge, thus the second invariant is held 44 For each white reachable node, there exists a propagation path leading to it Only the last edge placed by the mutator may lead from a black node to a white one
T HE N EW I NVARIANTS The mutator’s new atomic operation: Shade the target of the previously redirected edge redirect an outgoing edge of a reachable node towards a reachable node This clearly holds 45 roots A B C C 3 D Only the last edge placed by the mutator may lead from a black node to a white one B
T HE N EW I NVARIANTS We only redirect to reachable nodes, thus, if they are white they had a propagation path before this operation. If the source node is black, then its outgoing edge was not part of any propagation path 46 For each white reachable node, there exists a propagation path leading to it roots NI L
T HE N EW I NVARIANTS If the source node was white or gray, then after this operation, there will be no edges from a black node to a white node The roots must be gray of black, thus, according to the corollary, the invariant holds 47 For each white reachable node, there exists a propagation path leading to it roots NI L
A F INE G RAINED S OLUTION We split the mutator’s atomic operation: Shade the target of the previously redirected edge Redirect an outgoing edge of a reachable node towards a reachable node We split the collector’s atomic operation: Shade the left-hand successor of node i Shade the right-hand successor of node i Make node i black We need to show that our invariants still hold during the marking phase We will show stronger invariants 48
A F INE G RAINED S OLUTION A C-edge is an edge whose source has been detected as gray by the collector during the marking phase Note that a C-edge remains a C-edge even if the target is changed by the mutator At the beginning, the set of C-edges is empty We create C-edges when we shade a node’s successors The c-edges are the node’s edges 49
A F INE G RAINED S OLUTION The strengthened invariants: 50 Every root is gray or black, and for each white reachable node, there exists a propagation path leading to it, containing no C-edges There exists at most one edge E satisfying E is a black to white edge or E is a C-edge with a white target
U NDERSTANDING THE I NVARIANTS 51 Every root is gray or black, and for each white reachable node, there exists a propagation path leading to it, containing no C-edges roots There exists at most one edge E satisfying E is a black to white edge or E is a C-edge with a white target 6 3
P ROVING THE I NVARIANTS At the beginning, There are no C-edges and all roots are gray, thus the first invariant holds There are no black nodes or C-edges, thus the second invariant holds 52 Every root is gray or black, and for each white reachable node, there exists a propagation path leading to it, containing no C-edges There exists at most one edge E satisfying E is a black to white edge or E is a C-edge with a white target
P ROVING THE I NVARIANTS None of the atomic operations introduces a new reachable white node Thus, it suffices to show that if we have a propagation path before applying any of the operations, we have one afterwards 53 Every root is gray or black, and for each white reachable node, there exists a propagation path leading to it, containing no C-edges There exists at most one edge E satisfying E is a black to white edge or E is a C-edge with a white target
P ROVING THE I NVARIANTS The mutator’s atomic operation: Shade the target of the previously redirected edge Redirect an outgoing edge of a reachable node towards a reachable node The collector’s atomic operation: Shade the left-hand successor of node i Shade the right-hand successor of node i Make node i black If we had propagation path without C-edges before these operations, we will have the same paths or shortened paths
P ROVING THE I NVARIANTS The collector’s shading operations create C-edges but their targets are black or gray, thus they did not belong to a propagation path The mutator’s shading operation may only remove edge E if existed 55 There exists at most one edge E satisfying E is a black to white edge or E is a C-edge with a white target
P ROVING THE I NVARIANTS The collector’s atomic operation: Shade the left-hand successor of node i Shade the right-hand successor of node i Make node i black Node i is gray, thus all its outgoing edges are C- edges, thus they are not part of any propagation path 56 Every root is gray or black, and for each white reachable node, there exists a propagation path leading to it, containing no C-edges
P ROVING THE I NVARIANTS The collector’s atomic operation: Shade the left-hand successor of node i Shade the right-hand successor of node i Make node i black It may introduce a black to white edge, but then this edge was already a C-edge with a white target 57 There exists at most one edge E satisfying E is a black to white edge or E is a C-edge with a white target
P ROVING THE I NVARIANTS The mutator’s atomic operation: Shade the target of the previously redirected edge Redirect an outgoing edge of a reachable node towards a reachable node If this invariant was held before, then there could not have been a black to white edge or a C-edge with a white target. This operation creates at most one edge of this type 58 There exists at most one edge E satisfying E is a black to white edge or E is a C-edge with a white target
P ROVING THE I NVARIANTS The mutator’s atomic operation: Shade the target of the previously redirected edge Redirect an outgoing edge of a reachable node towards a reachable node If the source is black, or the edge is C-edge then the edge didn’t belong to any propagation path Thus, since this operation does not create other C-edges, the same paths exist 59 Every root is gray or black, and for each white reachable node, there exists a propagation path leading to it, containing no C-edges
P ROVING THE I NVARIANTS Otherwise, the edge to be redirected is not a C- edge and has a white or gray source Since there is at most one black-to-white edge or a C edge, we know that there are no C-edges and no black-to-white edges at all, using the corollary we get our invariant 60 Every root is gray or black, and for each white reachable node, there exists a propagation path leading to it, containing no C-edges
S UMMARY We have shown three solutions We first showed a simple coarse grained-solution Which its invariants were quite straight-forward We aimed to refine this solution This turned out to be not a simple task We needed to change our implementation and the invariants Afterwards we could refine the solution, and “fix” the proof of the coarse grained solution 61
Q UESTIONS ? 62