1 Beyond Reduction.... 2 Busy Acquire atomic void busy_acquire() { while (true) { if (CAS(m,0,1)) break; } } if (m == 0) { m = 1; return true; } else.

Slides:



Advertisements
Similar presentations
Concurrent programming for dummies (and smart people too) Tim Harris & Keir Fraser.
Advertisements

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
Transactions - Concurrent access & System failures - Properties of Transactions - Isolation Levels 4/13/2015Databases21.
A Program Transformation For Faster Goal-Directed Search Akash Lal, Shaz Qadeer Microsoft Research.
Principles of Transaction Management. Outline Transaction concepts & protocols Performance impact of concurrency control Performance tuning.
Ch 7 B.
Verifying Executable Object-Oriented Specifications with Separation Logic Stephan van Staden, Cristiano Calcagno, Bertrand Meyer.
Reduction, abstraction, and atomicity: How much can we prove about concurrent programs using them? Serdar Tasiran Koç University Istanbul, Turkey Tayfun.
Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 11.
Expressions and Statements. 2 Contents Side effects: expressions and statements Expression notations Expression evaluation orders Conditional statements.
Background Concurrent access to shared data can lead to inconsistencies Maintaining data consistency among cooperating processes is critical What is wrong.
1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.
Chair of Software Engineering Software Verification Stephan van Staden Lecture 10: Model Checking.
Part IV: Exploiting Purity for Atomicity. Busy Acquire atomic void busy_acquire() { while (true) { if (CAS(m,0,1)) break; } } CAS(m,0,1) (fails) (succeeds)
/ PSWLAB Atomizer: A Dynamic Atomicity Checker For Multithreaded Programs By Cormac Flanagan, Stephen N. Freund 24 th April, 2008 Hong,Shin.
Summarizing Procedures in Concurrent Programs Shaz Qadeer Sriram K. Rajamani Jakob Rehof Microsoft Research.
PARALLEL PROGRAMMING with TRANSACTIONAL MEMORY Pratibha Kona.
Transaction Processing Lecture ACID 2 phase commit.
CS510 Concurrent Systems Class 2 A Lock-Free Multiprocessor OS Kernel.
Programming Language Semantics Mooly SagivEran Yahav Schrirber 317Open space html://
Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.
Synchronization in Java Fawzi Emad Chau-Wen Tseng Department of Computer Science University of Maryland, College Park.
1 Sharing Objects – Ch. 3 Visibility What is the source of the issue? Volatile Dekker’s algorithm Publication and Escape Thread Confinement Immutability.
Semantics with Applications Mooly Sagiv Schrirber html:// Textbooks:Winskel The.
Verifying Commit-Atomicity Using Model Checking Cormac Flanagan University of California, Santa Cruz.
Cormac Flanagan UC Santa Cruz Velodrome: A Sound and Complete Dynamic Atomicity Checker for Multithreaded Programs Jaeheon Yi UC Santa Cruz Stephen Freund.
Synchronization CSCI 444/544 Operating Systems Fall 2008.
11 Chapter 4 LOOPS AND FILES. 22 THE INCREMENT AND DECREMENT OPERATORS To increment a variable means to increase its value by one. To decrement a variable.
Memory Consistency Models Some material borrowed from Sarita Adve’s (UIUC) tutorial on memory consistency models.
Transactions and Reliability. File system components Disk management Naming Reliability  What are the reliability issues in file systems? Security.
1 Thread Synchronization: Too Much Milk. 2 Implementing Critical Sections in Software Hard The following example will demonstrate the difficulty of providing.
1 Abstraction  Identify important aspects and ignore the details  Permeates software development programming languages are abstractions built on hardware.
Runtime Refinement Checking of Concurrent Data Structures (the VYRD project) Serdar Tasiran Koç University, Istanbul, Turkey Shaz Qadeer Microsoft Research,
CS510 Concurrent Systems Jonathan Walpole. A Lock-Free Multiprocessor OS Kernel.
Correctness requirements. Basic Types of Claims Basic assertions End-state labels Progress-state labels Accept-state labels Never claims Trace assertions.
Operating Systems ECE344 Ashvin Goel ECE University of Toronto Mutual Exclusion.
11/18/20151 Operating Systems Design (CS 423) Elsa L Gunter 2112 SC, UIUC Based on slides by Roy Campbell, Sam.
Shared Memory Consistency Models. SMP systems support shared memory abstraction: all processors see the whole memory and can perform memory operations.
Transactional Coherence and Consistency Presenters: Muhammad Mohsin Butt. (g ) Coe-502 paper presentation 2.
CHARLES UNIVERSITY IN PRAGUE faculty of mathematics and physics Advanced.NET Programming I 5 th Lecture Pavel Ježek
CS510 Concurrent Systems Jonathan Walpole. A Methodology for Implementing Highly Concurrent Data Objects.
Transactions. Transaction: Informal Definition A transaction is a piece of code that accesses a shared database such that each transaction accesses shared.
CS533 – Spring Jeanie M. Schwenk Experiences and Processes and Monitors with Mesa What is Mesa? “Mesa is a strongly typed, block structured programming.
A Methodology for Implementing Highly Concurrent Data Objects by Maurice Herlihy Slides by Vincent Rayappa.
Lecture 4 Introduction to Promela. Promela and Spin Promela - process meta language G. Holzmann, Bell Labs (Lucent) C-like language + concurrency dyamic.
PROGRAMMING PRE- AND POSTCONDITIONS, INVARIANTS AND METHOD CONTRACTS B MODULE 2: SOFTWARE SYSTEMS 13 NOVEMBER 2013.
1 Synchronization via Transactions. 2 Concurrency Quiz If two threads execute this program concurrently, how many different final values of X are there?
Software Systems Verification and Validation Laboratory Assignment 4 Model checking Assignment date: Lab 4 Delivery date: Lab 4, 5.
10 1 Chapter 10 - A Transaction Management Database Systems: Design, Implementation, and Management, Rob and Coronel.
/ PSWLAB Thread Modular Model Checking by Cormac Flanagan and Shaz Qadeer (published in Spin’03) Hong,Shin Thread Modular Model.
Array Size Arrays use static allocation of space. That is, when the array is created, we must specify the size of the array, e.g., int[] grades = new int[100];
Synchronization Questions answered in this lecture: Why is synchronization necessary? What are race conditions, critical sections, and atomic operations?
A Calculus of Atomic Actions Serdar Tasiran Koc University, Istanbul, Turkey Tayfun ElmasShaz Qadeer Koc University Microsoft Research.
Introduction to Programming G50PRO University of Nottingham Unit 6 : Control Flow Statements 2 Paul Tennent
Concurrency 2 CS 2110 – Spring 2016.
Advanced .NET Programming I 11th Lecture
Databases We are particularly interested in relational databases
Part 2: Software-Based Approaches
Atomic Operations in Hardware
Atomic Operations in Hardware
Changing thread semantics
Atomicity in Multithreaded Software
Concurrency Control II (OCC, MVCC)
Programming Languages 2nd edition Tucker and Noonan
A Refinement Calculus for Promela
CSE 153 Design of Operating Systems Winter 19
CIS 720 Lecture 3.
CIS 720 Lecture 3.
Programming Languages 2nd edition Tucker and Noonan
Concurrency control (OCC and MVCC)
Presentation transcript:

1 Beyond Reduction...

2 Busy Acquire atomic void busy_acquire() { while (true) { if (CAS(m,0,1)) break; } } if (m == 0) { m = 1; return true; } else { return false; }

3 Busy Acquire atomic void busy_acquire() { while (true) { if (CAS(m,0,1)) break; } } CAS(m,0,1) (fails) (succeeds)

4  Non-Serial Execution:  Serial Execution:  Atomic but not reducible CAS(m,0,1) (fails) (succeeds) CAS(m,0,1) (succeeds)

5 alloc boolean b[MAX]; // b[i]==true iff block i is free Lock m[MAX]; atomic int alloc() { int i = 0; while (i < MAX) { acquire(m[i]); if (b[i]) { b[i] = false; release(m[i]); return i; } release(m[i]); i++; } return -1; }

6 alloc acq(m[0]) test(b[0]) rel(m[0]) acq(m[1]) test(b[1]) rel(m[1]) b[1]=false

7 alloc is not Atomic  There are non-serial executions with no equivalent serial executions

8 m[0] = m[1] = 0; b[0] = b[1] = false; t = alloc(); || free(0); free(1); void free(int i) { acquire(m[i]); b[i] = true; release(m[i]); }

9  Non-Serial Execution:  Serial Executions: loop for b[0] t = 1 free(0)loop for b[1]free(1) loop for b[0]free(0)loop for b[1]free(1) loop for b[0]free(0)free(1) t = -1 t = 0 loop for b[0]free(0)free(1) t = 0 m[0] = m[1] = 0; b[0] = b[1] = false; t = alloc(); || free(0); free(1);

10 Extending Atomicity  Atomicity doesn't always hold for methods that are "intuitively atomic" –serializable but not reducible (busy_acquire) –not serializable (alloc)  Examples –initialization –resource allocation –wait/notify – caches – commit/retry transactions

11 Pure Code Blocks  Pure block: pure { E } –If E terminates normally, it does not update state visible outside of E –E is reducible  Example while (true) { pure { acquire(mx); if (x == 0) { x = 1; release(mx); break; } release(mx); } }

12 Purity and Abstraction  A pure block's behavior under normal termination is the same as skip  Abstract execution semantics: –pure blocks can be skipped acq(m) test(x) rel(m) acq(m) test(x) rel(m) skip

13 Abstraction  Abstract semantics that admits more behaviors –pure blocks can be skipped –hides "irrelevant" details (ie, failed loop iters) –  Program must still be (sequentially) correct in abstract semantics  Abstract semantics make reduction possible

14 Busy Acquire atomic void busy_acquire() { while (true) { pure { if (CAS(m,0,1)) break; } } }

15 Abstract Execution of Busy Acquire atomic void busy_acquire() { while (true) { pure { if (CAS(m,0,1)) break; } } } CAS(m,0,1) skip CAS(m,0,1) (Concrete) (Abstract) (Reduced Abstract)

16 alloc atomic int alloc() { int i = 0; while (i < MAX) { pure { acquire(m[i]); if (b[i]) { b[i] = false; release(m[i]); return i; } release(m[i]); } i++; } return -1; }

17 Abstract Execution of alloc acq(m[0]) test(b[0]) rel(m[0]) acq(m[1]) test(b[1]) rel(m[1]) b[1]=false skipacq(m[1]) test(b[1]) rel(m[1]) b[1]=false (Abstract) (Reduced Abstract)

18  Abstract semantics admits more executions  Can still reason about important properties –" alloc returns either the index of a freshly allocated block or -1" –cannot guarantee " alloc returns smallest possible index" but what does this really mean anyway??? Abstraction skipacq(m[1]) test(b[1]) rel(m[1]) b[1]=false (Abstract) free(0)free(1)

19 To Atomicity and Beyond...

20

21 Commit-Atomicity  Reduction –Great if can get serial execution via commuting  Reduction + Purity –Great if non-serial execution performs extra pure loops  Commit Atomicity –More heavyweight technique to verify if some corresponding serial execution has same behavior can take different steps

22 Checking Commit Atomicity  Run normal and serial executions of program concurrently, on separate stores  Normal execution runs as normal –threads execute atomic blocks –each atomic block has commit point  Serial execution –runs on separate shadow store –when normal execution commits an atomic block, serial execution runs entire atomic block serially  Check two executions yield same behavior

23 Commit-Atomic commit atomic block... Normal execution Serial execution compare states

24 Preliminary Evaluation  Some small benchmarks –Bluetooth device driver atomicity violation due to error –Busy-waiting lock acquire acquire1: 1 line of code in critical section acquire100: 100 lines of code in critical section  Hand translated to PROMELA code –Two versions, with and without commit-atomic –Model check with SPIN

25 Performance: Bluetooth device driver

26 Performance: acquire1 and acquire100

27 Summary  Atomicity –concise, semantically deep partial specification –aka serializability  Reduction –lightweight technique for verifying atomicity –can verify with types, or dynamically –plus purity, for complex cases  Commit-Atomicity –more general technique

28 Summary  Atomicity –concise, semantically deep partial specification  Reduction –lightweight technique for verifying atomicity  Commit-Atomicity –more general technique  Future work –combine reduction and commit-atomic –generalizing atomicity temporal logics for determinism?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.