Joint work with Byron Cook, Matthew Parkinson, - PowerPoint PPT Presentation

1 / 35

About This Presentation

Title:

Joint work with Byron Cook, Matthew Parkinson,

Description:

Proving that non-blocking algorithms don't block. Alexey Gotsman. University of Cambridge ... Joint work with Byron Cook, Matthew Parkinson, and Viktor ... – PowerPoint PPT presentation

Number of Views:74

Avg rating:3.0/5.0

Slides: 36

Provided by: alexeyg

Category:

more less

Transcript and Presenter's Notes

Title: Joint work with Byron Cook, Matthew Parkinson,

1
Proving that non-blocking algorithms don't block
Alexey Gotsman University of Cambridge

Joint work with Byron Cook, Matthew Parkinson,
and Viktor Vafeiadis

TexPoint fonts used in EMF. Read the TexPoint
manual before you delete this box. AAAAAAAAAAAA
2
Coarse-grained locking
Top
NULL
Inefficient as only one thread operates on
the list at a time
3
Non-blocking concurrency Treiber's stack
void push(data_t v) Node t, x x new
Node() x-gtval v do t Top
x-gtnext t while(!CAS(Top,t,x))
data_t pop() Node t, x do t Top
if (t NULL) return EMPTY
x t-gtnext while(!CAS(Top,t,x)) return
t-gtval
struct Node Node next data_t val
Top
Top
NULL
4
Non-blocking concurrency

Many non-blocking data structures
queues, skip lists, hash tables
Complicated and hard to get right
Used in practice
Suns java.util.concurrent
Intels Threading Building Blocks
...
Formal verification desirable
memory safety/data structure consistency Yahav
2003, Calcagno 2007
linearizability Amit 2007, Manevich 2008,
Vafeiadis 2009
termination

?
?
?
5
Treiber's non-blocking stack termination
void push(data_t v) Node t, x x new
Node() x-gtval v do t Top
x-gtnext t while(!CAS(Top,t,x))
data_t pop() Node t, x do t Top
if (t NULL) return EMPTY
x t-gtnext while(!CAS(Top,t,x)) return
t-gtval
struct Node Node next data_t val
Top

push or pop may not terminate if other threads
continuously modify Top
However Some operation will always terminate

lock-freedom
6
Liveness properties of non-blocking data
structures

Wait-freedom Any thread is guaranteed to
complete any operation
Lock-freedom Some thread is guaranteed to
complete some operation
Obstruction-freedom Any thread is guaranteed to
complete any operation provided it eventually
executes in isolation
Satisfied under any scheduler

7
From lock-freedom to termination
8
From lock-freedom to termination
9
From lock-freedom to termination
10
Rely/guarantee separation logic
Vafeiadis-Parkinson 2007
data_t pop() Node t, x do t Top
if (t NULL) return EMPTY
x t-gtnext while(!CAS(Top,t,x)) return
t-gtval
void push(data_t v) Node t, x x new
Node() x-gtval v do t Top
x-gtnext t while(!CAS(Top,t,x))
struct Node Node next data_t val
Top
Push or Id
Pop or Id
11
Rely/guarantee separation logic
Vafeiadis-Parkinson 2007
data_t pop() Node t, x do t Top
if (t NULL) return EMPTY
x t-gtnext while(!CAS(Top,t,x)) return
t-gtval
void push(data_t v) Node t, x x new
Node() x-gtval v do t Top
x-gtnext t while(!CAS(Top,t,x))
struct Node Node next data_t val
Top
Push or Id
Pop or Id
12
Lock-freedom of Treiber's stack
data_t pop() Node t, x do t Top
if (t NULL) return EMPTY
x t-gtnext while(!CAS(Top,t,x)) return
t-gtval
void push(data_t v) Node t, x x new
Node() x-gtval v do t Top
x-gtnext t while(!CAS(Top,t,x))
struct Node Node next data_t val
Top
Push or Id
Pop or Id

The do loops terminate if no-one else executes
Push or Pop infinitely often
No-one executes Push or Pop infinitely often
Hence, push and pop terminate

liveness assumption
13
Wish list

Formal system for thread-local judgements
Tool for discharging the judgements
Proof rules for combining the judgements
Strategy for proof search

14
Wish list

Formal system for thread-local judgements
Tool for discharging the judgements
Proof rules for combining the judgements
Strategy for proof search

15
Judgements

P, Q assertions interpreted over
LocalStatesSharedStates
, languages of finite and infinite
words over SharedStatesSharedStates

16
Property specification

push doesnt execute Push or Pop infinitely
often
push terminates if no-one else executes Push or
Pop infinitely often

17
Wish list

Formal system for thread-local judgements
Tool for discharging the judgements
Proof rules for combining the judgements
Strategy for proof search

18
Discharging thread-local assumptions
Automata-theoretic framework Vardi 1991
Fair termination of
SmallfootRG Calcagno 2007
Abstract transition system
Magill 2007
Equiterminating integer program
Terminator with fairness Cook 2007
Yes/No
19
Wish list

Formal system for thread-local judgements
Tool for discharging the judgements
Proof rules for combining the judgements
Strategy for proof search

20
HSY stack Hendler-Shavit-Yerushalmi 2004

push and pop terminate if no-one else executes
Push, Pop, or Xchg infinitely often
No-one executes Push or Pop infinitely often
push and pop dont execute Xchg infinitely often
if no-one else executes Push or Pop infinitely
often
Hence, push and pop terminate

void push(data_t v) Node t, x x new
Node() x-gtval v while(true) t
Top x-gtnext t if(CAS(Top,t,x))
return him colpos
while(!CAS(colpos,him,pid)) him
colpos
Push or Id
Xchg or Id
Others or Id
21
Layered proof
I dont execute Push or Pop infinitely often
I dont execute Push or Pop infinitely often
I dont execute Push, Pop or Xchg infinitely
often
I dont execute Push, Pop or Xchg infinitely
often
I terminate
I terminate
22
Layered proof
I dont execute Push or Pop infinitely often
I dont execute Push or Pop infinitely often
I dont execute Push, Pop or Xchg infinitely
often
I dont execute Push, Pop or Xchg infinitely
often
I terminate
I terminate
23
Proof system