Presentation is loading. Please wait.

Presentation is loading. Please wait.

K. Rustan M. Leino Peter Müller IFIP WG 2.3 meeting 49 10 June 2009 Boston, MA.

Published byNick Kerrick Modified over 10 years ago

Similar presentations

Presentation on theme: "K. Rustan M. Leino Peter Müller IFIP WG 2.3 meeting 49 10 June 2009 Boston, MA."— Presentation transcript:

1 K. Rustan M. Leino Peter Müller IFIP WG 2.3 meeting 49 10 June 2009 Boston, MA

2 Locks are objects, objects are locks thread local shared, available shared, locked newshareacquire release

3 Every lock has an associated locking level Locks have to be acquired in ascending order, which avoids deadlocks

4 Locking order is a dense semi-lattice (Mu, <<,, ) << is the strict version of << The locking level of an object o is stored in a mutable ghost field o.mu Accessing o.mu requires appropriate permissions

5 method M(o: C) requires rd(o.mu) maxlock << o.mu … { acquire o … release o } ( l Held l.mu)

6 o := new C … o.mu := … share o between L and H assert CanWrite(o,mu) o.mu = ; assert L << H; havoc μ; assume L << μ << H; o.mu := μ; Exhale MonitorInv(o); acquire o assert CanRead(o,mu); assert maxlock << o.mu; Held := Held {o}; Inhale MonitorInv(o); release o assert o Held; Exhale MonitorInv(o); Held := Held – {o}; thread local shared, available shared, locked newshareacquire release

7 reorder o between L and H assert CanWrite(o,mu) o.mu ; assert L << H; assert o Held; havoc μ; assume L << μ << H; o.mu := μ; method M(o: C) requires rd(o.mu) maxlock << o.mu … { acquire o … release o } ( l Held l.mu)

8 fork tk := o.M() join tk

9 Thread 0: fork tk := o.M() acquire p join tk release p Thread 1: method M() … { acquire p … release p }

10 Tokens record the initial maxlock of the new thread fork tk := o.M() tk.forkMaxlock := maxlock; … join tk assert maxlock << tk.forkMaxlock; …

11 Thread 0: fork tk := o.M() acquire p join tk release p Thread 1: method M() requires rd(p.mu) maxlock << p.mu { acquire p … release p }

12 channel Name(signature) where predicate Example: channel Ch(t: T) where acc(t.x) 0 t.x < 100 Channels have unbounded slack that is: sends are non-blocking ch := new Ch send ch(E) Exhale Where(ch); receive x := ch Inhale Where(ch);

13 Thread 0: receive x := ch acquire o receive x := ch Thread 1: /* No send. Ever. */ acquire o send ch(E) or:or:

14 Channels have associated credits cf. memory locations have associated permissions receive requires a credit send produces a credit Specification syntax: credit(ch, n) where n is an integer, denotes n credits for channel ch If omitted, n defaults to 1 Negative credits are debits

15 Introduce a per-activation-record credits counter C : channel int cf. per-activation-record permissions mask P in Peters talk Inhale credit(ch,n)C[ch] := C[ch] + n Exhale credit(ch,n)C[ch] := C[ch] – n

16 ch := new Ch … C[ch] := 0; … send ch(E) Inhale credit(ch,1); Exhale Where(ch); receive x := E assert C[ch] > 0; Inhale Where(ch); Exhale credit(ch,1); sell where clause, obtain 1 credit pay 1 credit, receive where clause

17 Associate a locking level also with every channel ch, recorded in a field ch.mu ch := new Ch between L and H … receive x := ch assert CanRead(ch,mu) maxlock << ch.mu; … // as before send ch(E) assert CanRead(ch,mu);? … // as before reorder – not yet worked out

18 maxlock ( l Held l.mu) ( ch | C[ch] < 0 ch.mu) Inhale credit(ch,n) Exhale credit(ch,-n) Exhale credit(ch,n) assert C[ch] – n < 0 C[ch] maxlock << ch.mu; C[ch] := C[ch] – n;

19 At the end of every activation record: assert ( ch 0 C[ch]);

20 class Cell { var val: int; … } channel Ch(x: Cell) where x null acc(x.val) 0 x.val credit(this) class Program { method Main() … method Producer(ch: Ch) … method Consumer(ch: Ch) … }

21 method Main() { var ch := new Ch fork tk0 := Producer(ch) fork tk1 := Consumer(ch) join tk0 join tk1 }

22 method Producer(ch: Ch) requires rd(ch.mu) ensures credit(ch, 1) { while (…) invariant rd(ch.mu) { var x := … send ch(x) } send ch(null) } requires rd(ch.mu) requires credit(ch, -1) ensures true requires rd(ch.mu) requires credit(ch, -1) ensures true or:or:

23 method Consumer(ch: Ch) requires rd(ch.mu) maxlock << ch.mu requires credit(ch) ensures rd(ch.mu) { receive x := ch while (x null) invariant x null credit(ch) { … receive x := ch}

Download ppt "K. Rustan M. Leino Peter Müller IFIP WG 2.3 meeting 49 10 June 2009 Boston, MA."

Similar presentations

Automatic verification of summations K. Rustan M. Leino IFIP WG 2.3 meeting 46 Sydney, Australia 11 January 2007.

Automatic verification of summations K. Rustan M. Leino IFIP WG 2.3 meeting 46 Sydney, Australia 11 January 2007.
Technische universität dortmund fakultät für informatik informatik 12 Models of computation Peter Marwedel TU Dortmund Informatik 12 Graphics: © Alexandra.

Technische universität dortmund fakultät für informatik informatik 12 Models of computation Peter Marwedel TU Dortmund Informatik 12 Graphics: © Alexandra.
020 10 30504060807090100 Percent of Shot % Injection Velocity End fill at 95% Normal Start of Pack Profiling Injection Speeds 0.

Percent of Shot % Injection Velocity End fill at 95% Normal Start of Pack Profiling Injection Speeds 0.
A SAT characterization of boolean-program correctness K. Rustan M. Leino Microsoft Research, Redmond, WA 14 Nov 2002 IFIP WG 2.4 meeting, Schloβ Dagstuhl,

A SAT characterization of boolean-program correctness K. Rustan M. Leino Microsoft Research, Redmond, WA 14 Nov 2002 IFIP WG 2.4 meeting, Schloβ Dagstuhl,
1 Lecture 5 Towards a Verifying Compiler: Multithreading Wolfram Schulte Microsoft Research Formal Methods 2006 Race Conditions, Locks, Deadlocks, Invariants,

1 Lecture 5 Towards a Verifying Compiler: Multithreading Wolfram Schulte Microsoft Research Formal Methods 2006 Race Conditions, Locks, Deadlocks, Invariants,
Database System Concepts 5 th Ed. © Silberschatz, Korth and Sudarshan, 2005 See www.db-book.com for conditions on re-usewww.db-book.com Chapter 16 : Concurrency.

Database System Concepts 5 th Ed. © Silberschatz, Korth and Sudarshan, 2005 See for conditions on re-usewww.db-book.com Chapter 16 : Concurrency.
Hoare-style program verification K. Rustan M. Leino Guest lecturer Rob DeLines CSE 503, Software Engineering University of Washington 28 Apr 2004.

Hoare-style program verification K. Rustan M. Leino Guest lecturer Rob DeLines CSE 503, Software Engineering University of Washington 28 Apr 2004.
1 Copyright © 2009, Oracle. All rights reserved. B Table Descriptions.

1 Copyright © 2009, Oracle. All rights reserved. B Table Descriptions.
Bor-Yuh Evan Chang Daan Leijen Peter Müller David A. Naumann The Spec# programming system Mike Barnett Rob DeLine Manuel Fähndrich Bart Jacobs K. Rustan.

Bor-Yuh Evan Chang Daan Leijen Peter Müller David A. Naumann The Spec# programming system Mike Barnett Rob DeLine Manuel Fähndrich Bart Jacobs K. Rustan.
Checking correctness properties of object-oriented programs K. Rustan M. Leino Microsoft Research, Redmond, WA Lecture 3 EEF summer school on Specification,

Checking correctness properties of object-oriented programs K. Rustan M. Leino Microsoft Research, Redmond, WA Lecture 3 EEF summer school on Specification,
Technologies for finding errors in object-oriented software K. Rustan M. Leino Microsoft Research, Redmond, WA Lecture 2 Summer school on Formal Models.

Technologies for finding errors in object-oriented software K. Rustan M. Leino Microsoft Research, Redmond, WA Lecture 2 Summer school on Formal Models.
Checking correctness properties of object-oriented programs K. Rustan M. Leino Microsoft Research, Redmond, WA Lecture 2 EEF summer school on Specification,

Checking correctness properties of object-oriented programs K. Rustan M. Leino Microsoft Research, Redmond, WA Lecture 2 EEF summer school on Specification,
Grid Standards and the Finance Industry John Barr Research Director Financial Markets OGF22 Boston.

Grid Standards and the Finance Industry John Barr Research Director Financial Markets OGF22 Boston.
Tutorial 3 Sync or sink! presented by: Antonio Maiorano Paul Di Marco.

Tutorial 3 Sync or sink! presented by: Antonio Maiorano Paul Di Marco.
Program synthesis with Jennisys K. Rustan M. Leino Research in Software Engineering (RiSE), Microsoft Research, Redmond Aleksandar Milicevic MIT IFIP Working.

Program synthesis with Jennisys K. Rustan M. Leino Research in Software Engineering (RiSE), Microsoft Research, Redmond Aleksandar Milicevic MIT IFIP Working.
EXAMPLE 1 Expressing a Number in Different Ways a. Write 20 hundredths using only tenths.

EXAMPLE 1 Expressing a Number in Different Ways a. Write 20 hundredths using only tenths.
Copyright © 2000, Daniel W. Lewis. All Rights Reserved. CHAPTER 8 SCHEDULING.

Copyright © 2000, Daniel W. Lewis. All Rights Reserved. CHAPTER 8 SCHEDULING.
Technische universität dortmund fakultät für informatik informatik 12 Limits of von-Neumann (thread-based) computing Jian-Jia Chen (Slides are based on.

Technische universität dortmund fakultät für informatik informatik 12 Limits of von-Neumann (thread-based) computing Jian-Jia Chen (Slides are based on.
Parallel Programming – Barriers, Locks, and Continued Discussion of Parallel Decomposition David Monismith Jan. 27, 2015 Based upon notes from the LLNL.

Parallel Programming – Barriers, Locks, and Continued Discussion of Parallel Decomposition David Monismith Jan. 27, 2015 Based upon notes from the LLNL.
Operating Systems Mehdi Naghavi Winter 1385.

Operating Systems Mehdi Naghavi Winter 1385.

Similar presentations

Ads by Google