Presentation is loading. Please wait.

Presentation is loading. Please wait.

CORRECTNESS CRITERIA FOR CONCURRENCY & PARALLELISM 6/16/2010 Correctness Criteria for Parallelism & Concurrency 1.

Published byAugustus Chapman Modified over 9 years ago

Similar presentations

Presentation on theme: "CORRECTNESS CRITERIA FOR CONCURRENCY & PARALLELISM 6/16/2010 Correctness Criteria for Parallelism & Concurrency 1."— Presentation transcript:

1 CORRECTNESS CRITERIA FOR CONCURRENCY & PARALLELISM 6/16/2010 Correctness Criteria for Parallelism & Concurrency 1

2 Contracts – Correctness for Sequential Code 6/16/2010Correctness Criteria for Parallelism & Concurrency 2

3 Contracts – Correctness for Sequential Code Assertions A predicate expected to hold at a particular program point Precondition A predicate expected to hold at a function call A failure can be blamed on the caller Postcondition A predicate expected to hold at a function return A failure can be blamed on the callee 6/16/2010Correctness Criteria for Parallelism & Concurrency 3

4 int Divide(int n, int d) { return n/d; } Code Contracts for.Net 6/16/2010Correctness Criteria for Parallelism & Concurrency 4

5 int Divide(int n, int d) { Contract.Requires( 0 != d ); return n/d; } Preconditions using Requires 6/16/2010Correctness Criteria for Parallelism & Concurrency 5

6 int Divide(int n, int d) { Contract.Requires( 0 != d ); Contract.Ensures( Contract.Result () * d <= n && Contract.Result () * d > n-d ); return n/d; } Preconditions using Ensures 6/16/2010Correctness Criteria for Parallelism & Concurrency 6

7 Example: Library APIs 6/16/2010Correctness Criteria for Parallelism & Concurrency 7

8 Example: System Call API 6/16/2010Correctness Criteria for Parallelism & Concurrency 8

9 Correctness for Concurrency & Parallelism Reuse contracts written for sequential code Relate correctness of concurrent/parallel executions to correctness of appropriate sequential executions 6/16/2010Correctness Criteria for Parallelism & Concurrency 9

10 Coin Sorting Example Vending Machine Sort Coins accept reject 6/16/2010Correctness Criteria for Parallelism & Concurrency 10

11 Use Contracts for Correctness Criteria SortCoins accepts a set of coins and returns a set of bad ones Parallelizing SortCoins should not change the contract SortCoins(…) { Contract.Requires(…); Contract.Ensures(…); } Sequential Implementation SortCoins(…) { Contract.Requires(…); Contract.Ensures(…); } Parallel Implementation 6/16/2010Correctness Criteria for Parallelism & Concurrency 11

12 Parallelizing can sometimes produce correct but different outputs Sequential SortCoins accept reject Parallel SortCoins accept reject The order of coins can change 6/16/2010Correctness Criteria for Parallelism & Concurrency 12

13 Restrictive Contracts Can Limit Parallelism The order of coins returned by SortCoins might be different from the input order Do care about the total amount returned If the contracts enforce the ordering, resulting parallelization might be unacceptably slow Design interfaces in such a way that contracts are not restrictive 6/16/2010Correctness Criteria for Parallelism & Concurrency 13

14 Strategies For Reasoning About Parallel Code How do we know if a parallel loop satisfies its contract? Reasoning about parallel executions is hard General Strategy: 1. Make sure that every parallel behavior is equal to some sequential behavior 2. Convince that the sequential behavior satisfies the contract 6/16/2010Correctness Criteria for Parallelism & Concurrency 14

15 Independent Loops Let m(1) … m(n) be the loop iterations Two iterations m(j) and m(k) (j ≠ k) are dependent if they access the same memory location and at least one of them is a write. Loop iterations are independent if no two of them are dependent 6/16/2010Correctness Criteria for Parallelism & Concurrency 15

16 Dependent Loops Dependencies need to be made explicit No data races Reason that order of dependent operations don’t matter e.g. These operations are commutative and associative Recall: reduce/scan 6/16/2010Correctness Criteria for Parallelism & Concurrency 16

17 Determinism: A New Correctness Criteria Pre and post conditions do two things Specify how the function behaves sequentially Enforce the same behavior when parallelized int ComputeSum ( IEnumerable input) { Contract.Requires ( input != null); Contract.Ensures ( Contract.Result () == input.Sum(i => i) )); //implementation } int ComputeSum ( IEnumerable input) { Contract.Requires ( input != null); Contract.Ensures ( Contract.Result () == input.Sum(i => i) )); //implementation } 6/16/2010Correctness Criteria for Parallelism & Concurrency 17

18 Determinism Contract Allows you to check parallel correctness Without having to specify the sequential contract The output of the function does not depend on task interleavings for a given input int ComputeSum ( IEnumerable input) { Contract.Requires ( input != null); IsDeterministic ( Contract.Result (), input ); //implementation } int ComputeSum ( IEnumerable input) { Contract.Requires ( input != null); IsDeterministic ( Contract.Result (), input ); //implementation } 6/16/2010Correctness Criteria for Parallelism & Concurrency 18

19 Determinism Checking Is same as saying For some deterministic function F Very useful when specifying F is tedious Contract.IsDeterministic ( output, {input1, input2, … }) Contract.IsDeterministic ( output, {input1, input2, … }) Contract.Ensures ( output == F ( input1, input2, … ) ) Contract.Ensures ( output == F ( input1, input2, … ) ) 6/16/2010Correctness Criteria for Parallelism & Concurrency 19

20 Determinism Checking Is same as saying For some deterministic function F Contract.IsDeterministic ( output, {input1, input2, … }, comp) Contract.IsDeterministic ( output, {input1, input2, … }, comp) Contract.Ensures ( comp(output, F ( input1, input2, … ) ) Contract.Ensures ( comp(output, F ( input1, input2, … ) ) 6/16/2010Correctness Criteria for Parallelism & Concurrency 20

21 Strategies for Checking Determinism 6/16/2010Correctness Criteria for Parallelism & Concurrency 21

22 Concurrent Objects Can be called concurrently by many threads Examples Work Stealing Queue 6/16/2010Correctness Criteria for Parallelism & Concurrency 22

23 Concurrent Objects Can be called concurrently by many entities Examples Work Stealing Queue C Runtime library Operating System Data bases 6/16/2010Correctness Criteria for Parallelism & Concurrency 23

24 Correctness Criteria Informally called “thread safety” What does “thread safety” mean to you? 6/16/2010Correctness Criteria for Parallelism & Concurrency 24

25 A Simple Concurrent Object Sequential Queue Add(item) TryTake() returns an item or “empty” Size() returns # of items in queue Consider ConcurrentQueue and its relationship to Queue 6/16/2010Correctness Criteria for Parallelism & Concurrency 25

26 Let’s Write a Test q = new ConcurrentQueue(); q.Add(10) t=q.TryTake() Assert( ? )

27 q = new ConcurrentQueue(); q.Add(10) t=q.TryTake() Assert: q.Size() is 0 or 1 Assert: q.Size() is 0 or 1 Let’s Write a Test

28 q = new ConcurrentQueue(); q.Add(10); t=q.TryTake(); Assert: t = fail && q.size() = 1 || t = 10 && q.size() = 0 Assert: t = fail && q.size() = 1 || t = 10 && q.size() = 0 Let’s Write a Test

29 q = new ConcurrentQueue(); q.Add(10) t=q.TryTake() q.Add(10) t=q.TryTake() q.Add(20) u = q.TryTake() q.Add(20) u = q.TryTake() Assert ( ? ) Let’s Write a Test

30 q = new ConcurrentQueue(); Assert: q.Size() == 0 t = 10 || t = 20 u = 10 || t = 20 u != t Assert: q.Size() == 0 t = 10 || t = 20 u = 10 || t = 20 u != t q.Add(10) t=q.TryTake() q.Add(10) t=q.TryTake() q.Add(20) u = q.TryTake() q.Add(20) u = q.TryTake() Let’s Write a Test

31 Linearizability The correctness notion closest to “thread safety” A concurrent component behaves as if only one thread can enter the component at a time 6/16/2010Correctness Criteria for Parallelism & Concurrency 31

32 “Expected” Behavior? Client 1 Client 2 Client 3 Add 10returnAdd 20return TryTakereturn10 TryTake return “empty” 6/16/2010Correctness Criteria for Parallelism & Concurrency 32

33 “Expected” Behavior? Client 1 Client 2 Client 3 Add 10returnAdd 20return TryTakereturn10 TryTake return “empty” Client 1 Client 2 Client 3 Add 10return Add 20return TryTakereturn20 TryTakereturn “empty” 6/16/2010Correctness Criteria for Parallelism & Concurrency 33

34 Linearizability Component is linearizable if all operations Appear to take effect atomically at a single temporal point And that point is between the call and the return “As if the requests went to the queue one at a time” Client 1 Client 2 Client 3 Add 10returnAdd 20return TryTakereturn10 TryTake return “empty” 6/16/2010Correctness Criteria for Parallelism & Concurrency 34

35 Linearizability vs Seriazliability? Serializability All operations (transactions) appear to take effect atomically at a single temporal point 6/16/2010Correctness Criteria for Parallelism & Concurrency 35

36 Linearizability vs Seriazliability? Serializability All operations (transactions) appear to take effect atomically at a single temporal point Linearizability All operations to take effect atomically at a single temporal point That point is between the call and return 6/16/2010Correctness Criteria for Parallelism & Concurrency 36

37 Serializable behavior that is not Linearizable Linearizability assumes that there is a global observer that can observe that Thread 1 finished before Thread 2 started Thread 1 Thread 2 Add 10return TryTakereturn “empty” 6/16/2010Correctness Criteria for Parallelism & Concurrency 37

38 Serializability does not compose The behavior of the blue queue and green queue are individually serializable But, together, the behavior is not serializable Thread 1 Thread 2 Add 10return TryTakereturn “empty”Add 10return TryTakereturn “empty” 6/16/2010Correctness Criteria for Parallelism & Concurrency 38

39 Formalizing Linearizability Define the set of observables for each operation Call operation: value of all the arugments Return operation: An event: Thread Id, Object Id, Call/Return, Operation, Observables 6/16/2010Correctness Criteria for Parallelism & Concurrency 39 Add 10return

40 A Concurrent History Sequence of Events 6/16/2010Correctness Criteria for Parallelism & Concurrency 40 Thread 1 Thread 2 Add 10return TryTake return “empty”

41 A Concurrent History Sequence of Events 6/16/2010Correctness Criteria for Parallelism & Concurrency 41 Thread 1 Thread 2 Add 10return TryTake return “empty” We will only focus on single object histories

42 A Concurrent History Sequence of Events 6/16/2010Correctness Criteria for Parallelism & Concurrency 42 Thread 1 Thread 2 Add 10return TryTake return “empty” Also, we will only focus on complete histories – every call has a return Also, we will only focus on complete histories – every call has a return

43 A Serial History A concurrent history where every call is followed by its matching return 6/16/2010Correctness Criteria for Parallelism & Concurrency 43 Thread 1 Thread 2 Add 10return TryTake return “empty”

44 Sequential Specification of an Object The set of all serial histories define the sequential behavior of an object Assume we have a mechanism to enumerate this set and store the set in a database 6/16/2010Correctness Criteria for Parallelism & Concurrency 44

45 Equivalent Histories Two concurrent histories are equivalent if Each thread performs operations in the same order And sees the same observations 6/16/2010Correctness Criteria for Parallelism & Concurrency 45 Client 1 Client 2 Add 10returnAdd 20return TryTakereturn10 Client 1 Client 2 Add 10returnAdd 20return TryTake return10

46 Concurrent Operations in a History Two operations p and q are concurrent in a history if their duration overlap ! (p.ret < q.call || q.ret < p.call) 6/16/2010Correctness Criteria for Parallelism & Concurrency 46 Thread 1 Thread 2 Add 10return TryTake return “empty”

47 Concurrent Operations in a History Two operations p and q are concurrent in a history if their duration overlap ! (p.ret < q.call || q.ret < p.call) Non-Concurrent operations define a “performed- before” order 6/16/2010Correctness Criteria for Parallelism & Concurrency 47 Client 1 Client 2 Add 10returnAdd 20return TryTake return10

48 Linearizability A concurrent history is linearizable if it is equivalent to a (serial) history in the sequential specification, Such that all operations that are “performed before” in the concurrent history are also “performed before” in the serial history 6/16/2010Correctness Criteria for Parallelism & Concurrency 48

49 6/16/2010Correctness Criteria for Parallelism & Concurrency 49

Download ppt "CORRECTNESS CRITERIA FOR CONCURRENCY & PARALLELISM 6/16/2010 Correctness Criteria for Parallelism & Concurrency 1."

Similar presentations

Bounded Model Checking of Concurrent Data Types on Relaxed Memory Models: A Case Study Sebastian Burckhardt Rajeev Alur Milo M. K. Martin Department of.

Bounded Model Checking of Concurrent Data Types on Relaxed Memory Models: A Case Study Sebastian Burckhardt Rajeev Alur Milo M. K. Martin Department of.
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Copyright W. Howden1 Programming by Contract CSE 111 6/4/2014.

Copyright W. Howden1 Programming by Contract CSE 111 6/4/2014.
Addressing the Challenges of Current Software. Questions to Address Why? What? Where? How?

Addressing the Challenges of Current Software. Questions to Address Why? What? Where? How?
Transaction Management: Concurrency Control CS634 Class 17, Apr 7, 2014 Slides based on “Database Management Systems” 3 rd ed, Ramakrishnan and Gehrke.

Transaction Management: Concurrency Control CS634 Class 17, Apr 7, 2014 Slides based on “Database Management Systems” 3 rd ed, Ramakrishnan and Gehrke.
TRANSACTION PROCESSING SYSTEM ROHIT KHOKHER. TRANSACTION RECOVERY TRANSACTION RECOVERY TRANSACTION STATES SERIALIZABILITY CONFLICT SERIALIZABILITY VIEW.

TRANSACTION PROCESSING SYSTEM ROHIT KHOKHER. TRANSACTION RECOVERY TRANSACTION RECOVERY TRANSACTION STATES SERIALIZABILITY CONFLICT SERIALIZABILITY VIEW.
Chapter 15: Transactions Transaction Concept Transaction Concept Concurrent Executions Concurrent Executions Serializability Serializability Testing for.

Chapter 15: Transactions Transaction Concept Transaction Concept Concurrent Executions Concurrent Executions Serializability Serializability Testing for.
COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 7: Consistency 4/13/20151Distributed Systems - COMP 655.

COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 7: Consistency 4/13/20151Distributed Systems - COMP 655.
Lecture 8: Three-Level Architectures CS 344R: Robotics Benjamin Kuipers.

Lecture 8: Three-Level Architectures CS 344R: Robotics Benjamin Kuipers.
Concurrency Important and difficult (Ada slides copied from Ed Schonberg)

Concurrency Important and difficult (Ada slides copied from Ed Schonberg)
Annoucements  Next labs 9 and 10 are paired for everyone. So don’t miss the lab.  There is a review session for the quiz on Monday, November 4, at 8:00.

Annoucements  Next labs 9 and 10 are paired for everyone. So don’t miss the lab.  There is a review session for the quiz on Monday, November 4, at 8:00.
LineUp: Automatic Thread Safety Checking

LineUp: Automatic Thread Safety Checking
Consistency Models Based on Tanenbaum/van Steen’s “Distributed Systems”, Ch. 6, section 6.2.

Consistency Models Based on Tanenbaum/van Steen’s “Distributed Systems”, Ch. 6, section 6.2.
1/25 Concurrency and asynchronous computing How do we deal with evaluation when we have a bunch of processors involved?

1/25 Concurrency and asynchronous computing How do we deal with evaluation when we have a bunch of processors involved?
SEERE, Neum 2009 Runtime verification of Java programs using ITL Vladimir Valkanov, Damyan Mitev Plovdiv, Bulgaria.

SEERE, Neum 2009 Runtime verification of Java programs using ITL Vladimir Valkanov, Damyan Mitev Plovdiv, Bulgaria.
Interface Automata 29-September-2011. Modeling Temporal Behavior of Component Component behaves with Environment Traditional (pessimistic) approach –

Interface Automata 29-September Modeling Temporal Behavior of Component Component behaves with Environment Traditional (pessimistic) approach –
Transaction Processing Lecture 2005 09 22 ACID 2 phase commit.

Transaction Processing Lecture ACID 2 phase commit.
Copyright W. Howden1 Lecture 13: Programming by Contract.

Copyright W. Howden1 Lecture 13: Programming by Contract.
CPSC 668Set 16: Distributed Shared Memory1 CPSC 668 Distributed Algorithms and Systems Fall 2006 Prof. Jennifer Welch.

CPSC 668Set 16: Distributed Shared Memory1 CPSC 668 Distributed Algorithms and Systems Fall 2006 Prof. Jennifer Welch.
1 Specifying Object Interfaces. 2 Major tasks in this stage: --are there any missing attributes or operations? --how can we reduce coupling, make interface.

1 Specifying Object Interfaces. 2 Major tasks in this stage: --are there any missing attributes or operations? --how can we reduce coupling, make interface.

Similar presentations

Ads by Google