Pattern-based Synthesis of Synchronization for the C++ Memory Model Yuri Meshman, Noam Rinetzky, Eran Yahav 1.

Slides:

Advertisements

Similar presentations

Symmetric Multiprocessors: Synchronization and Sequential Consistency.

Advertisements

1 Interprocess Communication 1. Ways of passing information 2. Guarded critical activities (e.g. updating shared data) 3. Proper sequencing in case of.

Operating Systems Part III: Process Management (Process Synchronization)

Greta YorshEran YahavMartin Vechev IBM Research. { ……………… …… …………………. ……………………. ………………………… } P1() Challenge: Correct and Efficient Synchronization { ……………………………

Greta YorshEran YahavMartin Vechev IBM Research. { ……………… …… …………………. ……………………. ………………………… } T1() Challenge: Correct and Efficient Synchronization { ……………………………

Synchronization. How to synchronize processes? – Need to protect access to shared data to avoid problems like race conditions – Typical example: Updating.

Concurrency: Mutual Exclusion and Synchronization Chapter 5.

1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.

Memory Models (1) Xinyu Feng University of Science and Technology of China.

Architecture-aware Analysis of Concurrent Software Rajeev Alur University of Pennsylvania Amir Pnueli Memorial Symposium New York University, May 2010.

CS 162 Memory Consistency Models. Memory operations are reordered to improve performance Hardware (e.g., store buffer, reorder buffer) Compiler (e.g.,

“FENDER” AUTOMATIC MEMORY FENCE INFERENCE Presented by Michael Kuperstein, Technion Joint work with Martin Vechev and Eran Yahav, IBM Research 1.

D u k e S y s t e m s Time, clocks, and consistency and the JMM Jeff Chase Duke University.

Ch. 7 Process Synchronization (1/2) I Background F Producer - Consumer process :  Compiler, Assembler, Loader, · · · · · · F Bounded buffer.

Chapter 6 Process Synchronization Bernard Chen Spring 2007.

Chapter 6: Process Synchronization

Background Concurrent access to shared data can lead to inconsistencies Maintaining data consistency among cooperating processes is critical What is wrong.

Silberschatz, Galvin and Gagne ©2013 Operating System Concepts – 9 th Edition Chapter 5: Process Synchronization.

5.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Chapter 5: CPU Scheduling.

Concurrent Programming James Adkison 02/28/2008. What is concurrency? “happens-before relation – A happens before B if A and B belong to the same process.

Process Synchronization. Module 6: Process Synchronization Background The Critical-Section Problem Peterson’s Solution Synchronization Hardware Semaphores.

Operating System Concepts and Techniques Lecture 12 Interprocess communication-1 M. Naghibzadeh Reference M. Naghibzadeh, Operating System Concepts and.

CH7 discussion-review Mahmoud Alhabbash. Q1 What is a Race Condition? How could we prevent that? – Race condition is the situation where several processes.

PARTIAL-COHERENCE ABSTRACTIONS FOR RELAXED MEMORY MODELS Presented by Michael Kuperstein, Technion Joint work with Martin Vechev, IBM Research and Eran.

Parallel Processing (CS526) Spring 2012(Week 6).  A parallel algorithm is a group of partitioned tasks that work with each other to solve a large problem.

Today’s Agenda  Midterm: Nov 3 or 10  Finish Message Passing  Race Analysis Advanced Topics in Software Engineering 1.

Martin Vechev IBM Research Michael Kuperstein Technion Eran Yahav Technion (FMCAD’10, PLDI’11) 1.

Martin Vechev IBM Research Michael Kuperstein Technion Eran Yahav Technion (FMCAD’10, PLDI’11) 1.

Lock-free Cache-friendly Software Queue for Decoupled Software Pipelining Student: Chen Wen-Ren Advisor: Wuu Yang 學生 : 陳韋任指導教授 : 楊武 Abstract Multicore.

Silberschatz, Galvin and Gagne ©2007 Operating System Concepts with Java – 7 th Edition, Nov 15, 2006 Process Synchronization (Or The “Joys” of Concurrent.

1 Sharing Objects – Ch. 3 Visibility What is the source of the issue? Volatile Dekker’s algorithm Publication and Escape Thread Confinement Immutability.

Race Conditions CS550 Operating Systems. Review So far, we have discussed Processes and Threads and talked about multithreading and MPI processes by example.

A. Frank - P. Weisberg Operating Systems Introduction to Cooperating Processes.

Memory Consistency Models Some material borrowed from Sarita Adve’s (UIUC) tutorial on memory consistency models.

Maria-Cristina Marinescu Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology A Synthesis Algorithm for Modular Design of.

1 Thread Synchronization: Too Much Milk. 2 Implementing Critical Sections in Software Hard The following example will demonstrate the difficulty of providing.

Shared Memory Consistency Models: A Tutorial Sarita V. Adve Kouroush Ghrachorloo Western Research Laboratory September 1995.

Memory Consistency Models Alistair Rendell See “Shared Memory Consistency Models: A Tutorial”, S.V. Adve and K. Gharachorloo Chapter 8 pp of Wilkinson.

By Sarita Adve & Kourosh Gharachorloo Slides by Jim Larson Shared Memory Consistency Models: A Tutorial.

Shared Memory Consistency Models. SMP systems support shared memory abstraction: all processors see the whole memory and can perform memory operations.

Chapter 7 -1 CHAPTER 7 PROCESS SYNCHRONIZATION CGS Operating System Concepts UCF, Spring 2004.

Memory Consistency Models. Outline Review of multi-threaded program execution on uniprocessor Need for memory consistency models Sequential consistency.

Fundamentals of Parallel Computer Architecture - Chapter 71 Chapter 7 Introduction to Shared Memory Multiprocessors Yan Solihin Copyright.

CIS 842: Specification and Verification of Reactive Systems Lecture INTRO-Examples: Simple BIR-Lite Examples Copyright 2004, Matt Dwyer, John Hatcliff,

Silberschatz, Galvin and Gagne  2002 Modified for CSCI 399, Royden, Operating System Concepts Operating Systems Lecture 24 Critical Regions.

CS533 Concepts of Operating Systems Jonathan Walpole.

CGS 3763 Operating Systems Concepts Spring 2013 Dan C. Marinescu Office: HEC 304 Office hours: M-Wd 11: :30 AM.

/ PSWLAB Thread Modular Model Checking by Cormac Flanagan and Shaz Qadeer (published in Spin’03) Hong,Shin Thread Modular Model.

Specifying Multithreaded Java semantics for Program Verification Abhik Roychoudhury National University of Singapore (Joint work with Tulika Mitra)

Abstractions for Relaxed Memory Models Andrei Dan, Yuri Meshman, Martin Vechev, Eran Yahav 1.

1 Critical Section Problem CIS 450 Winter 2003 Professor Jinhua Guo.

Homework-6 Questions : 2,10,15,22.

Chapter 6 Synchronization Dr. Yingwu Zhu. The Problem with Concurrent Execution Concurrent processes (& threads) often access shared data and resources.

Multiprocessors – Locks

Memory Consistency Models

Memory Consistency Models

Chapter 5: Process Synchronization

Background and Motivation

Synthesis of Memory Fences via Refinement Propagation

Lecture 10: Consistency Models

Xinyu Feng University of Science and Technology of China

CSE 153 Design of Operating Systems Winter 19

Chapter 6: Synchronization Tools

Lecture: Coherence and Synchronization

Abstraction-Guided Synthesis of synchronization

Operating Systems {week 10}

Lecture 11: Consistency Models

Presentation transcript:

Pattern-based Synthesis of Synchronization for the C++ Memory Model Yuri Meshman, Noam Rinetzky, Eran Yahav 1

Goal 2 SynSynCpp P P S S

Thread 1: store (flag1, 1); while(load (flag0) = 1 ){ if(load (turn) = 0 ){ store (flag1, 0); while(load (turn) = 0 )yield(); store (flag1, 1); }... // critical section store (turn, 0); store(flag1, 0); store (flag0, 0); store (flag1, 0); store (turn, 0); Thread 0: store(flag0, 1); while(load (flag1) = 1 ){ if(load (turn) =1 ){ store (flag0, 0); while(load (turn) = 1 ) yield(); store (flag0, 1); } }... // critical section store (turn, 1); store (flag0, 0); Dekker’s Algorithm sequential consistency Yes spec: mutual exclusion over critical section 3

Thread 1: store (flag1, 1); while(load (flag0) = 1 ){ if(load (turn) = 0 ){ store (flag1, 0); while(load (turn) = 0 )yield(); store (flag1, 1); }... // critical section store (turn, 0); store(flag1, 0); store (flag0, 0); store (flag1, 0); store (turn, 0); Thread 0: store(flag0, 1); while(load (flag1) = 1 ){ if(load (turn) =1 ){ store (flag0, 0); while(load (turn) = 1 ) yield(); store (flag0, 1); } }... // critical section store (turn, 1); store (flag0, 0); Dekker’s Algorithm sequential consistency C++ relaxed model Yes No rf spec: mutual exclusion over critical section 4

Thread 1: store SC (flag1, 1); while(load SC (flag0) = 1 ){ if(load SC (turn) = 0 ){ store RLX (flag1, 0); while(load RLX (turn) = 0 )yield(); store RLX (flag1, 1); }... // critical section store SC (turn, 0); store REL (flag1, 0); store SC (flag0, 0); store SC (flag1, 0); store SC (turn, 0); Thread 0: store SC (flag0, 1); while(load SC (flag1) = 1 ){ if(load SC (turn) =1 ){ store RLX (flag0, 0); while(load RLX (turn) = 1 ) yield(); store RLX (flag0, 1); } }... // critical section store SC (turn, 1); store REL (flag0, 0); Dekker’s Algorithm sequential consistency C++ relaxed model Yes No spec: mutual exclusion over critical section 5 Yes

In a nutshell Goal Automatic inference of efficient and correct synchronization under C++ memory model. finite-state programs with bounded executions. Challenge Adding minimal and correct synchronization. Solution 1.Assume maximally relaxed parameters setting and 2.Iteratively remove behaviors until specification satisfied. 6

Dekker’s Algorithm 7 Thread 1: store RLX (flag1, 1); while(load RLX (flag0) = 1 ){ if(load RLX (turn) = 0 ){ store RLX (flag1, 0); while(load RLX (turn) = 0 )yield(); store RLX (flag1, 1); }... // critical section store RLX (turn, 0); store REL (flag1, 0); store RLX (flag0, 0); store RLX (flag1, 0); store RLX (turn, 0); Thread 0: store RLX (flag0, 1); while(load RLX (flag1) = 1 ){ if(load RLX (turn) =1 ){ store RLX (flag0, 0); while(load RLX (turn) = 1 ) yield(); store RLX (flag0, 1); } }... // critical section store RLX (turn, 1); store RLX (flag0, 0); store flag0, 0 store flag1, 0 store turn, 0 store flag0, 1 load flag1 store flag1, 1 store turn, 1 load flag0 sb asw store flag1, 0store flag0, 0 sb rf store turn, 0 sb critical section

What is an execution Execution trace is: – Instructions – relations: total/partial orders – Axioms on those relations 8 store flag0, 0 store flag1, 0 store turn, 0 store flag0, 1 load flag1 store flag1, 1 store turn, 1 load flag0 sb asw store flag1, 0store flag0, 0 sb rf store turn, 0 sb critical section *rf – read from sb – sequence before asw – additionally synchronize with sw – synchronize with

Error trace 1  find pattern LB *rf – read from sb – sequence before asw – additionally synchronize with sw – synchronize with 9 store flag0, 0 store flag1, 0 store turn, 0 store flag0, 1 load flag1 store flag1, 1 store turn, 1 load flag0 sb asw store flag1, 0store flag0, 0 sb rf store turn, 0 sb critical section load buffering

10 Error trace 1 prevented store flag0, 0 store flag1, 0 store turn, 0 store flag0, 1 load ACQ flag1 store flag1, 1 store turn, 1 load flag0 sb asw store REL flag1, 0store flag0, 0 sb rf store turn, 0 sb critical section sw *rf – read from sb – sequence before asw – additionally synchronize with sw – synchronize with

Dekker’s Algorithm sequential consistency C++ relaxed model Yes No spec: mutual exclusion over critical section 11 Thread 1: store RLX (flag1, 1); while(load RLX (flag0) = 1 ){ if(load RLX (turn) = 0 ){ store RLX (flag1, 0); while(load RLX (turn) = 0 )yield(); store RLX (flag1, 1); }... // critical section store RLX (turn, 0); store REL (flag1, 0); store RLX (flag0, 0); store RLX (flag1, 0); store RLX (turn, 0); Thread 0: store RLX (flag0, 1); while(load ACQ (flag1) = 1 ){ if(load RLX (turn) =1 ){ store RLX (flag0, 0); while(load RLX (turn) = 1 ) yield(); store RLX (flag0, 1); } }... // critical section store RLX (turn, 1); store RLX (flag0, 0);

Thread 1: store SC (flag1, 1); while(load SC (flag0) = 1 ){ if(load SC (turn) = 0 ){ store RLX (flag1, 0); while(load RLX (turn) = 0 )yield(); store RLX (flag1, 1); }... // critical section store SC (turn, 0); store REL (flag1, 0); store SC (flag0, 0); store SC (flag1, 0); store SC (turn, 0); Thread 0: store SC (flag0, 1); while(load SC (flag1) = 1 ){ if(load SC (turn) =1 ){ store RLX (flag0, 0); while(load RLX (turn) = 1 ) yield(); store RLX (flag0, 1); } }... // critical section store SC (turn, 1); store REL (flag0, 0); Dekker’s Algorithm sequential consistency C++ relaxed model Yes No spec: mutual exclusion over critical section 12 Yes

Goal 13 SynSynCpp P P S S

Synthesis of Synchronization for the C++ Memory Model 14 SynSynCpp P P S S Model Checker Detect patterns and avoid traces implement

Challenges 1.ModelChecker: Enumerate error traces? 2.How to detect patterns and avoid traces? 3.How to collect all blocked bad traces and produce a solution? 15 CDSchecker

Step 1: Get an error trace 16 store flag0, 0 store flag1, 0 store turn, 0 store flag0, 1 load flag1 store flag1, 1 store turn, 1 load flag0 sb asw store flag1, 0store flag0, 0 sb rf store turn, 0 sb critical section

Step 2: Find a pattern 17 load flag1 load flag0 store flag1, 0store flag0, 0 sb rf sb Load Buffering pattern

18 Step 3: block the pattern repeat 1-3 for all error traces Load Buffering pattern REL -- store flag0, 1 ACQ -- load flag1 REL -- store flag1, 1 ACQ -- load flag0

19 REL -- store flag0, 1 ACQ -- load flag1 REL -- store flag1, 1 ACQ -- load flag0

Step 5: Constructing Program Solution 20 sol1 sol2 REL -- store flag0, 1 ACQ -- load flag1 REL -- store flag1, 1 ACQ -- load flag0

Litmus test patterns First approach: From litmus tests to patterns 21 (Store Buffering) (Message Passing) (Write Read Causality) (Independent Reads Independent Writes) (Load Buffering)

Patterns relaxation 22 (Load Buffering) Unwinding the cycle Abstraction Generalization

Abstract patterns 23 RD_CL RD_MS Missed Store based on C++RMM RD property Cycle R one of two: 1.R = hb U rf --- preventable with Rel-Acq synchronization 2.R = possible order of instruction – preventable with SC

Benchmarks 9 concurrent algorithms – Mutual exclusion algorithms – RCU where an update waits only for the reads whose consistency it affects Safety specifications – mutual exclusion and reachability invariants – stack/RCU coherence invariants 24

Results 25 Algorithm Time (s) # mini mal soluti ons Inferred synchronization (SC, REL, ACQ, RLX) abp20s.895(5, 0, 0, 1), (4, 0, 0, 2), … dekker3m:2213(10, 1, 0, 8), (13, 0, 1, 5), … d-prcu-v13m:147(7, 2, 1, 0), (7, 1, 0, 2), … d-prcu-v23h:53m17(9, 2, 1, 4), (12, 1, 1, 2),... Kessel57m:162(13, 1, 0, 0), (14, 0, 0, 0) peterson26m:412(11, 1, 0, 1), *(12, 1, 0, 0), (13, 0, 0, 0) bakery10m:216(16, 1, 1, 0), (17, 0, 1, 0), … ticket1m:084(9, 0, 0, 1), (8, 0, 0, 2), … treiber stack1h:051(0, 5, 3, 4) SC RLX ACQREL Memory access patterns hierarchy

Synthesis of Synchronization for the C++ Memory Model 26 SynSynCpp P P S S Model Checker Detect patterns and avoid traces implement avoidance

Summary Synthesis procedure for inferring memory order synchronizations for C++ RMM Searching for violation patterns Generalized concrete patterns to abstract ones Successfully synthesized nontrivial memory order synchronization for challenging algorithms Future Work: Violation patterns and avoidance templates are not complete Finite-state programs with bounded executions. 27 Tool: