causal atomicity correctness conditions for weak memory
play

Causal Atomicity: Correctness conditions for weak memory Heike - PowerPoint PPT Presentation

Feb 14, 2024 •243 likes •445 views

Causal Atomicity: Correctness conditions for weak memory Heike Wehrheim Joint work with Simon Doherty, Brijesh Dongol, John Derrick Paderborn University Germany Our interest Proving correctness of algorithms allowing seemingly atomic access

  1. Causal Atomicity: Correctness conditions for weak memory Heike Wehrheim Joint work with Simon Doherty, Brijesh Dongol, John Derrick Paderborn University Germany

  2. Our interest Proving correctness of algorithms allowing seemingly atomic access to shared state  concurrent data structures  software transactional memory Correctness conditions:  linearizability  opacity Heike Wehrheim - University of Paderborn 2

  3. Proof technique Proof of refinement: Opacity Intermediate TMS2 specification v (shown via simulation) STM implementation Simulation shown with interactive verifier (KIV, Isabelle) Heike Wehrheim - University of Paderborn 3

  4. Opacity & linearizability I Defs based on histories:  Sequence of invocations and returns Concurrent history: h 1 : inv t1 (enq,3) inv t2 (deq) ret t2 (deq,3) ret t1 (enq) Sequential history: h 2 : inv t1 (enq,3) ret t1 (enq) inv t2 (deq) ret t2 (deq,3) Real-time order: t 1 < h2 t 2 return of t 1 in history h before invocation of t 2 Heike Wehrheim - University of Paderborn 4

  5. Opacity & linearizability II i.e. linearizable or opaque Def.: Concurrent history hc atomic if there exists sequential legal history hs s.t. 1. 8 t: hc| t = hs| t (preservation of thread events and thread order) 2. < hc µ < hs (preservation of real-time order) legal = adheres to semantics of object ( Enq(4) Deq( ? ) – not legal, Enq(4) Deq(4) – legal) Heike Wehrheim - University of Paderborn 5

  6. Question What correctness condition to use when executions are not histories, but partial orders? e.g. weak memory model (happens-before relation) Heike Wehrheim - University of Paderborn 6

  7. Example TMWr – Trans.Memory write TMRd – Trans.Memory read History: inv(TMWr(x,0)) ret(TMWr) inv(TMWr(x,42)) ret(TMWr) inv(TMRd(x)) ret(TMRd(x,0)) Not atomic But partial order: TMWr(x,42) TMWr(x,0) TMRd(x,0) OK! Heike Wehrheim - University of Paderborn 7

  8. PO-atomicity Def.: Partial order hc po-atomic if there exists sequential legal history hs s.t. 1. 8 t: hc | t = hs | t (preservation of thread events and thread order) 2. < po µ < hs (preservation of partial order) po- atomic TMWr(x,42) TMWr(x,0) hs hs TMRd(x,0) Heike Wehrheim - University of Paderborn 8

  9. Compositionality Clients using more than one such concurrent object Objective: Individual accesses po-atomic iff combined accesses po-atomic Fails to hold: Conflict # Deq( ? ) Thread1: TMRd(x,42) # # Thread2: Enq(11) TMWr(x,42) Heike Wehrheim - University of Paderborn 9

  10. Conflicts Conflicts between actions # = {(a,a´) j 9 w 1 ,w 2 : w 1 aa´w 2 is legal, w 1 a´aw 2 is not legal } Orderings between conflicting actions cannot be arbitrarily chosen Heike Wehrheim - University of Paderborn 10

  11. Execution structures Def.: [Lamport, 1986] Execution structure (E, ! , Ã ) with  E: finite set of events  ! µ E £ E „precedes“  Ã µ E £ E „communicates with“, „affects“ A1. ! irreflexive partial order A2. e 1 ! e 2 implies e 1 Ã e 2 and e 2 Ã e 1 A3. e 1 ! e 2 Ã e 3 or e 1 Ã e 2 ! e 3 implies e 1 Ã e 3 A4. e 1 ! e 2 Ã e 3 ! e 4 implies e 1 ! e 4 Heike Wehrheim - University of Paderborn 11

  12. Non-atomicity and ! e ! e´ iff 8 f 2 ¹ (e), 8 f´ 2 ¹ (e´): f < hb f´ ¹ ¹ Impl. execution „happens-before“ Heike Wehrheim - University of Paderborn 12

  13. Non-atomicity and à e ! e´ iff 9 f 2 ¹ (e), 9 f´ 2 ¹ (e´): f < hb f´ à ¹ ¹ Impl. execution „happens-before“ Heike Wehrheim - University of Paderborn 13

  14. Causal atomicity Def. Execution structure (E, ! , Ã ) is causally atomic if there exists sequential legal history hs s.t. 1. events( hs ) = E 2. ! µ < hs (preservation of partial order) 3. e 1 < hs e 2 and e 1 # e 2 implies e 1 Ã e 2 Heike Wehrheim - University of Paderborn 14

  15. Back to example Individual accesses not causally atomic Conflict # Deq( ? ) Thread1: TMRd(x,42) # # Thread2: Enq(11) TMWr(x,42) Queue part: Deq( ? ) < hs Enq(11) + Enq(11) # Deq( ? ) ) Deq( ? ) Ã Enq(11) Similarly, we need: TMWr(x,42) Ã TMRd(x,42) (no proper execution structure anymore) Heike Wehrheim - University of Paderborn 15

  16. Result Causal atomicity is compositional: Theorem. E execution structure over concurrent objects O i , 1 · i · n 8 i: E i causally atomic iff E causally atomic Heike Wehrheim - University of Paderborn 16

  17. Causal atomicity vs linearizability Concurrent history hc to execution structure exec(hc)  e ! e´ if ret(e) < hc inv(e´) e e´  e à e´ if inv(e) < hc ret(e´) e e e´ e´ Theorem. hc linearizable iff exec(hc) causally atomic Heike Wehrheim - University of Paderborn 17

  18. Proof technique (in progress) Proof of execution structure refinement: Causal Atomicity Intermediate CTMS specification library v (shown via simulation) STM Implementation implementation library Heike Wehrheim - University of Paderborn 18

  19. Summary New correctness condition for concurrent objects  Compositional  Adequate for weak memory models Heike Wehrheim - University of Paderborn 19

Recommend

On abstraction and compositionality for weak-memory linearisability Brijesh Dongol Radha

On abstraction and compositionality for weak-memory linearisability Brijesh Dongol Radha

On abstraction and compositionality for weak-memory linearisability Brijesh Dongol Radha Jagadeesan James Riely Alasdair Armstrong Atomicity abstraction and weak memory How do we provide reliable atomicity abstractions? Concurrent

1.03k views • 59 slides
Causal Atomicity Heike Wehrheim Joint work with Simon Doherty, Brijesh Dongol, John Derrick,

Causal Atomicity Heike Wehrheim Joint work with Simon Doherty, Brijesh Dongol, John Derrick,

Causal Atomicity Heike Wehrheim Joint work with Simon Doherty, Brijesh Dongol, John Derrick, Alastair Armstrong Paderborn University Germany Access to shared state I Software transactional memory (STM) Synchronization of parallel

615 views • 19 slides
Weak memory models INF4140 - Models of concurrency Weak memory models Fall 2016 30. 10. 2016

Weak memory models INF4140 - Models of concurrency Weak memory models Fall 2016 30. 10. 2016

Weak memory models INF4140 - Models of concurrency Weak memory models Fall 2016 30. 10. 2016 Overview Weak memory models 1 Introduction 2 Hardware architectures Compiler optimizations Sequential consistency Weak memory models 3 TSO

1.3k views • 87 slides
Proving Correctness of Graph Programs Relative to Recursively Nested Conditions Nils Erik Flick

Proving Correctness of Graph Programs Relative to Recursively Nested Conditions Nils Erik Flick

Proving Correctness of Graph Programs Relative to Recursively Nested Conditions Nils Erik Flick Universitt Oldenburg February 2017 Intro Correctness Results Rel. Work Conclusion Extras Outline Correctness and Graph Programs 1

354 views • 24 slides
Testing atomicity Finding race conditions by random testing John Hughes &quot;We know there is a

Testing atomicity Finding race conditions by random testing John Hughes &quot;We know there is a

Testing atomicity Finding race conditions by random testing John Hughes &quot;We know there is a lurking bug somewhere in the dets code. We have got 'bad object' and 'premature eof' every other month the last year. We have not been able to

584 views • 29 slides
Weak memory models Mai Thuong Tran PMA Group, University of Oslo, Norway 31 Oct. 2014 Overview

Weak memory models Mai Thuong Tran PMA Group, University of Oslo, Norway 31 Oct. 2014 Overview

Weak memory models Mai Thuong Tran PMA Group, University of Oslo, Norway 31 Oct. 2014 Overview 1 Introduction Hardware architectures Compiler optimizations Sequential consistency Weak memory models 2 TSO memory model (Sparc, x86-TSO)

1.04k views • 64 slides
Evaluating Atomicity, and Integrity of Correct Memory Acquisition Methods Michael Gruhn , Felix

Evaluating Atomicity, and Integrity of Correct Memory Acquisition Methods Michael Gruhn , Felix

Evaluating Atomicity, and Integrity of Correct Memory Acquisition Methods Michael Gruhn , Felix Freiling 2016-30-03 Department Computer Science IT Security Infrastructures Friedrich-Alexander-University Erlangen-Nrnberg Erlangen, Germany

592 views • 30 slides
Reasoning about the C/C++ weak memory model Viktor Vafeiadis Max Planck Institute for Software

Reasoning about the C/C++ weak memory model Viktor Vafeiadis Max Planck Institute for Software

Reasoning about the C/C++ weak memory model Viktor Vafeiadis Max Planck Institute for Software Systems (MPI-SWS) 23 September 2014 Understanding weak memory consistency Read the architecture/language specs? Too informal, often wrong. Read

378 views • 35 slides
Reasoning about the C/C++ weak memory model Viktor Vafeiadis Max Planck Institute for Software

Reasoning about the C/C++ weak memory model Viktor Vafeiadis Max Planck Institute for Software

Reasoning about the C/C++ weak memory model Viktor Vafeiadis Max Planck Institute for Software Systems (MPI-SWS) 17 July 2014 Understanding weak memory consistency Read the architecture/language specs? Too informal, often wrong. Read the

430 views • 40 slides
the complexity of predicting atomicity violations Azadeh Farzan Univ of Toronto P. Madhusudan

the complexity of predicting atomicity violations Azadeh Farzan Univ of Toronto P. Madhusudan

the complexity of predicting atomicity violations Azadeh Farzan Univ of Toronto P. Madhusudan Univ of Illinois at Urbana Champaign . Motivation: Interleaving explosion problem Testing is the main technique for correctness in the industry

407 views • 26 slides
Week 4 Video 7 Memory Algorithms Is future correctness enough? Up until this point weve

Week 4 Video 7 Memory Algorithms Is future correctness enough? Up until this point weve

Week 4 Video 7 Memory Algorithms Is future correctness enough? Up until this point weve been talking about predicting future correctness But what if you forget it tomorrow? Another way to look at knowledge is how long will you

404 views • 15 slides
Few-shot learning of weak supervision sources in Snorkel (or, learning weakly supervised weak

Few-shot learning of weak supervision sources in Snorkel (or, learning weakly supervised weak

Few-shot learning of weak supervision sources in Snorkel (or, learning weakly supervised weak supervisors) Jesse Mu Project Outline Replicate Snorkel causal relation extraction system Learn weak supervision sources from tiny sets of

364 views • 12 slides
Persistence Semantics for Weak Memory Integrating Epoch Persistency with the TSO Memory Model

Persistence Semantics for Weak Memory Integrating Epoch Persistency with the TSO Memory Model

Persistence Semantics for Weak Memory Integrating Epoch Persistency with the TSO Memory Model Azalea Raad Viktor Vafeiadis Max Planck Institute for Software Systems (MPI-SWS) Thursday 8 November OOPSLA 2018 Boston, USA azalea@mpi-sws.org

1.21k views • 88 slides
Owicki-Gries for Weak Memory Models Ori Lahav Viktor Vafeiadis Max Planck Institute for Software

Owicki-Gries for Weak Memory Models Ori Lahav Viktor Vafeiadis Max Planck Institute for Software

Owicki-Gries for Weak Memory Models Ori Lahav Viktor Vafeiadis Max Planck Institute for Software Systems (MPI-SWS) Uppsala, 23 February 2015 Weak memory models Sequential consistency (a.k.a. interleaving semantics&quot;) is the standard

602 views • 36 slides
Design and Implementation Issues for Atomicity Dan Grossman University of Washington Workshop

Design and Implementation Issues for Atomicity Dan Grossman University of Washington Workshop

Design and Implementation Issues for Atomicity Dan Grossman University of Washington Workshop on Declarative Programming Languages for Multicore Architectures 15 January 2006 Atomicity Overview Atomicity: what, why, and why relevant

605 views • 17 slides
Formal reasoning about the C11 weak memory model Invited talk @ CPP15 Viktor Vafeiadis Max

Formal reasoning about the C11 weak memory model Invited talk @ CPP15 Viktor Vafeiadis Max

Formal reasoning about the C11 weak memory model Invited talk @ CPP15 Viktor Vafeiadis Max Planck Institute for Software Systems (MPI-SWS) 13 January 2015 What is a weak memory model? Viktor Vafeiadis Formal reasoning about the C11 weak

389 views • 38 slides
Program Correctness OOSC2 Chapter 11 EECS3311: Software Design Fall 2017 C HEN -W EI W ANG Weak

Program Correctness OOSC2 Chapter 11 EECS3311: Software Design Fall 2017 C HEN -W EI W ANG Weak

Program Correctness OOSC2 Chapter 11 EECS3311: Software Design Fall 2017 C HEN -W EI W ANG Weak vs. Strong Assertions Describe each assertion as a set of satisfying value . x &gt; 3 has satisfying values { 4 , 5 , 6 , 7 ,... } x &gt; 4 has

1.35k views • 43 slides
From weak to weedy Effective use of memory barriers in the ARM Linux Kernel Will Deacon

From weak to weedy Effective use of memory barriers in the ARM Linux Kernel Will Deacon

Introduction ARMs memory model Linuxs memory model Finer-grained control Questions Future work From weak to weedy Effective use of memory barriers in the ARM Linux Kernel Will Deacon will.deacon@arm.com Embedded Linux Conference

540 views • 52 slides
Checking &amp; Spot-Checking the Correctness of Priority Queues Matthew Chu &amp; Sampath Kannan

Checking &amp; Spot-Checking the Correctness of Priority Queues Matthew Chu &amp; Sampath Kannan

Checking &amp; Spot-Checking the Correctness of Priority Queues Matthew Chu &amp; Sampath Kannan (UPenn) Andrew McGregor (UCSD) Memory Checking Memory Checking Your resources: A lot of cheap unreliable memory and a little expensive reliable

1.11k views • 70 slides
Correctness of an STM Haskell Implementation Manfred Schmidt-Schau, David Sabel

Correctness of an STM Haskell Implementation Manfred Schmidt-Schau, David Sabel

Correctness of an STM Haskell Implementation Manfred Schmidt-Schau, David Sabel Goethe-University, Frankfurt, Germany ICFP 13, Boston, USA 1 Introduction Software Transactional Memory (STM) treats shared memory operations as transactions

424 views • 16 slides
ACID and BASE 1 ACID Atomicity: a transaction happens or it does not 2 ACID Atomicity: a

ACID and BASE 1 ACID Atomicity: a transaction happens or it does not 2 ACID Atomicity: a

ACID and BASE 1 ACID Atomicity: a transaction happens or it does not 2 ACID Atomicity: a transaction happens or it does not Consistency: a correct database is still correct afterwards i.e. money balanced, no dangling pointers 3 ACID

712 views • 29 slides
Message Transmission and Key Establishment: Conditions for Equality of Weak and Strong Capacities

Message Transmission and Key Establishment: Conditions for Equality of Weak and Strong Capacities

Message Transmission and Key Establishment: Conditions for Equality of Weak and Strong Capacities Hadi Ahmadi University of Calgary (joint work with Reihaneh Safavi-Naini) October 25, 2012 1 / 20 Overview Secrecy capacity Secure message

407 views • 19 slides
Atomicity Bailu Ding Oct 18, 2012 Bailu Ding Atomicity Oct 18, 2012 1 / 38 Outline 1

Atomicity Bailu Ding Oct 18, 2012 Bailu Ding Atomicity Oct 18, 2012 1 / 38 Outline 1

Atomicity Bailu Ding Oct 18, 2012 Bailu Ding Atomicity Oct 18, 2012 1 / 38 Outline 1 Introduction 2 State Machine 3 Sinfonia 4 Dangers of Replication Bailu Ding Atomicity Oct 18, 2012 2 / 38 Introduction Introduction Implementing

723 views • 43 slides
Arrays LAST TODAY NEXT Integers Array mechanics Searching arrays Memory model Correctness

Arrays LAST TODAY NEXT Integers Array mechanics Searching arrays Memory model Correctness

Arrays LAST TODAY NEXT Integers Array mechanics Searching arrays Memory model Correctness Aliasing Safety Dataypes so far Basic (a.k.a. small types) : int, string, bool, char Integers represent numbers (rendered using 2s

712 views • 33 slides

More recommend