mark batty
play

Mark Batty University of Kent It is time for mechanised industrial - PowerPoint PPT Presentation

Jan 11, 2024 •590 likes •1.11k views

Mechanised industrial concurrency specification: C/C++ and GPUs Mark Batty University of Kent It is time for mechanised industrial standards Specifications are written in English prose: this is insufficient Write mechanised specs instead

  1. Mechanised industrial concurrency specification: C/C++ and GPUs Mark Batty 
 University of Kent 


  2. It is time for mechanised industrial standards Specifications are written in English prose: this is insufficient Write mechanised specs instead (formal, machine-readable, executable) This enables verification, and can identify important research questions Writing mechanised specifications is practical now 2

  3. A case study: industrial concurrency specification 3

  4. Shared memory concurrency Multiple threads communicate through a shared memory Thread Thread … … Shared memory 4

  5. Shared memory concurrency Multiple threads communicate through a shared memory Thread Thread … … Shared memory Most systems use a form of shared memory concurrency: 5

  6. An example programming idiom data , flag , r initially zero Thread 1: Thread 2: data = 1; while (flag==0) flag = 1; {}; r = data; In the end r==1 Sequential consistency: … Thread 1 Thread 2 simple interleaving of concurrent accesses … data, flag, r Reality: more complex 6

  7. An example programming idiom data , flag , r initially zero Thread 1: Thread 2: data = 1; while (flag==0) flag = 1; {}; r = data; In the end r==1 Sequential consistency: … Thread 1 Thread 2 simple interleaving of concurrent accesses … data, flag, r Reality: more complex 7

  8. Relaxed concurrency Memory is slow, so it is optimised (buffers, caches, reordering…) e.g. IBM’s machines allow reordering of unrelated writes (so do compilers, ARM, Nvidia…) data , flag , r initially zero Thread 1: Thread 2: data = 1; while (flag==0) flag = 1; {}; r = data; In the end r==1 Sometimes, in the end r==0 , a relaxed behaviour Many other behaviours like this, some far more subtle, leading to trouble 8

  9. Relaxed concurrency Memory is slow, so it is optimised (buffers, caches, reordering…) e.g. IBM’s machines allow reordering of unrelated writes (so do compilers, ARM, Nvidia…) data , flag , r initially zero Thread 1: Thread 2: flag = 1; while (flag==0) data = 1; {}; r = data; In the end r==1 Sometimes, in the end r==0 , a relaxed behaviour Many other behaviours like this, some far more subtle, leading to trouble 9

  10. Relaxed behaviour leads to problems Bugs in deployed processors Power/ARM processors: unintended relaxed behaviour Many bugs in compilers observable on shipped machines Bugs in language specifications [AMSS10] Bugs in operating systems 10

  11. Relaxed behaviour leads to problems Bugs in deployed processors Errors in key compilers (GCC, LLVM): compiled programs could Many bugs in compilers behave outside of spec. Bugs in language specifications [MPZN13, CV16] Bugs in operating systems 11

  12. Relaxed behaviour leads to problems The C and C++ standards had Bugs in deployed processors bugs that made unintended behaviour allowed. Many bugs in compilers Bugs in language specifications More on this later. Bugs in operating systems [BOS+11, BMN+15] 12

  13. Relaxed behaviour leads to problems Bugs in deployed processors Confusion among operating system engineers leads to Many bugs in compilers bugs in the Linux kernel Bugs in language specifications [McK11, SMO+12] Bugs in operating systems 13

  14. Relaxed behaviour leads to problems Bugs in deployed processors Many bugs in compilers Bugs in language specifications Bugs in operating systems Current engineering practice is severely lacking! 14

  15. Vague specifications are at fault Relaxed behaviours are subtle, difficult to test for and often unexpected, yet allowed for performance Specifications try to define what is allowed, but English prose is untestable, ambiguous, and hides errors 15

  16. A diverse and continuing effort Modelling of hardware and languages Simulation tools and reasoning principles Build mechanised executable formal models of specifications Empirical testing of current hardware Verification of language design goals [AFI+09,BOS+11,BDW16] Test and verify compilers [FGP+16,LDGK08,OSP09] Feedback to industry: specs and test suites 16

  17. A diverse and continuing effort Provide tools to simulate the Modelling of hardware and languages formal models, to explain their Simulation tools and reasoning principles behaviours to non-experts Empirical testing of current hardware Verification of language design goals Provide reasoning principles to help in the verification of code Test and verify compilers Feedback to industry: specs and test suites [BOS+11,SSP+,BDG13] 17

  18. A diverse and continuing effort Modelling of hardware and languages Run a battery of tests to Simulation tools and reasoning principles understand the observable Empirical testing of current hardware behaviour of the system and Verification of language design goals check it against the model Test and verify compilers [AMSS’11] Feedback to industry: specs and test suites 18

  19. A diverse and continuing effort Modelling of hardware and languages Simulation tools and reasoning principles Explicitly stated design goals Empirical testing of current hardware should be proved to hold Verification of language design goals [BMN+15] Test and verify compilers Feedback to industry: specs and test suites 19

  20. A diverse and continuing effort Modelling of hardware and languages Test to find the relaxed Simulation tools and reasoning principles behaviours introduced by Empirical testing of current hardware compilers and verify that Verification of language design goals optimisations are correct Test and verify compilers [MPZN13, CV16] Feedback to industry: specs and test suites 20

  21. A diverse and continuing effort Modelling of hardware and languages Specifications should be fixed Simulation tools and reasoning principles when problems are found Empirical testing of current hardware Test suites can ensure Verification of language design goals conformance to formal models Test and verify compilers Feedback to industry: specs and test suites [B11] 21

  22. A diverse and continuing effort Modelling of hardware and languages Simulation tools and reasoning principles Empirical testing of current hardware Verification of language design goals Test and verify compilers Feedback to industry: specs and test suites I will describe my part: 22

  23. The C and C++ memory model 23

  24. Acknowledgements M. Dodds A. Gotsman K. Memarian K. Nienhuis S. Owens J. Pichon-Pharabod S. Sarkar P . Sewell T. Weber 24

  25. C and C++ The medium for system implementation Defined by WG14 and WG21 of the International Standards Organisation The ’11 and ’14 revisions of the standards define relaxed memory behaviour I worked with WG21, formalising and improving their concurrency design 25

  26. C and C++ The medium for system implementation Defined by WG14 and WG21 of the International Standards Organisation The ’11 and ’14 revisions of the standards define relaxed memory behaviour We worked with the ISO, formalising and improving their concurrency design 26

  27. C++11 concurrency design A contract with the programmer: they must avoid data races , two threads competing for simultaneous access to a single variable data initially zero Thread 1: Thread 2: data = 1; r = data; Beware: Violate the contract and the compiler is free to allow anything: catch fire! 27

  28. C++11 concurrency design A contract with the programmer: they must avoid data races , two threads competing for simultaneous access to a single variable data initially zero Thread 1: Thread 2: data = 1; r = data; Beware: Violate the contract and the compiler is free to allow anything: catch fire! 28

  29. C++11 concurrency design A contract with the programmer: they must avoid data races , two threads competing for simultaneous access to a single variable data initially zero Thread 1: Thread 2: data = 1; r = data; Beware: Violate the contract and the compiler is free to allow anything: catch fire! Atomics are excluded from the requirement, and can order non-atomics, preventing simultaneous access and races 29

  30. C++11 concurrency design A contract with the programmer: they must avoid data races , two threads competing for simultaneous access to a single variable data , r , atomic flag , initially zero Thread 1: Thread 2: data = 1; while (flag==0) flag = 1; {}; r = data; Beware: Violate the contract and the compiler is free to allow anything: catch fire! Atomics are excluded from the requirement, and can order non-atomics, preventing simultaneous access and races 30

  31. Design goals in the standard The design is complex but the standard claims a powerful simplification: C++11/14: §1.10p21 It can be shown that programs that correctly use mutexes and memory_order_seq_cst operations to prevent all data races and use no other synchronization operations behave [according to] “sequential consistency”. This is the central design goal of the model, called DRF-SC 31

  32. Implicit design goals Compilers like GCC, LLVM map C/C++ to pieces of machine code C/C++ Power ARM x86 Load acquire ld; cmp; bc; isync ldr; dmb MOV (from memory) Each mapping should preserve the behaviour of the original program C/C++11 x86 Power ARM 32

Recommend

The C Language: It Is Not What You Think It Is! Mark Batty and Peter Sewell University of

The C Language: It Is Not What You Think It Is! Mark Batty and Peter Sewell University of

The C Language: It Is Not What You Think It Is! Mark Batty and Peter Sewell University of Cambridge Joint work of Jade Alglave, Mark Batty, Luc Maranget, Robin Morisset, Justus Matthiesen, Kayvan Memarian, Paul McKenney, Scott Owens, Pankaj

515 views • 36 slides
Multicore Programming: C++0x Mark Batty University of Cambridge in collaboration with Scott

Multicore Programming: C++0x Mark Batty University of Cambridge in collaboration with Scott

Multicore Programming: C++0x Mark Batty University of Cambridge in collaboration with Scott Owens, Susmit Sarkar, Peter Sewell, Tjark Weber November, 2010 p. 1 C++0x: the next C++ Specified by the C++ Standards Committee Defined in The

550 views • 38 slides
Compositional C11 Program Transformation Mark Batty - Mike Dodds - Alexey Gotsman

Compositional C11 Program Transformation Mark Batty - Mike Dodds - Alexey Gotsman

Compositional C11 Program Transformation Mark Batty - Mike Dodds - Alexey Gotsman Imperial Concurrency Workshop, July 2015 @miike Overview The C11 model is (arguably) broken: we omit problem features, most importantly no RLX.

544 views • 42 slides
Synchronising C/C++ and POWER Susmit Sarkar 1 Kayvan Memarian 1 Scott Owens 1 Mark Batty 1 Peter

Synchronising C/C++ and POWER Susmit Sarkar 1 Kayvan Memarian 1 Scott Owens 1 Mark Batty 1 Peter

Synchronising C/C++ and POWER Susmit Sarkar 1 Kayvan Memarian 1 Scott Owens 1 Mark Batty 1 Peter Sewell 1 Luc Maranget 2 Jade Alglave 3 , 4 Derek Williams 5 1 University of Cambridge 2 INRIA 3 Oxford University 4 Queen Mary London 5 IBM Austin June

856 views • 41 slides
Automatically Comparing Memory Consistency Models John Wickerson Mark Batty Tyler Sorensen

Automatically Comparing Memory Consistency Models John Wickerson Mark Batty Tyler Sorensen

C++ x86 Automatically Comparing Memory Consistency Models John Wickerson Mark Batty Tyler Sorensen George A. Constantinides Imperial U Kent Imperial Imperial S-REPLS @ Imperial Tuesday 27 September 2016 1 Contents Context: memory

1.72k views • 76 slides
The team! Miss Higson Mr Kilkenny Mr Batty Mr Harrison Mrs Bargery Mrs

The team! Miss Higson Mr Kilkenny Mr Batty Mr Harrison Mrs Bargery Mrs

The team! Miss Higson Mr Kilkenny Mr Batty Mr Harrison Mrs Bargery Mrs Burgess Mrs Baxter Mrs Coney Mrs Harding Miss Daulby In Year 7 you will be taught as a form group until October half-term, then we will

534 views • 28 slides
Discrete Differential Geometry Operators for Triangulated 2-Manifolds Mark Meyer, Mathieu

Discrete Differential Geometry Operators for Triangulated 2-Manifolds Mark Meyer, Mathieu

Discrete Differential Geometry Operators for Triangulated 2-Manifolds Mark Meyer, Mathieu Desbrun, Peter Schroder, and Alan H. Barr Presented by Christopher Batty Basic Premise How can we extend differential geometry to meshes? Goal

735 views • 31 slides
Modelling a New Normal Social Distancings Impact on Land Use Michael Batty Centre for

Modelling a New Normal Social Distancings Impact on Land Use Michael Batty Centre for

Cities Adapting to a Disruptive World University College London Modelling a New Normal Social Distancings Impact on Land Use Michael Batty Centre for Advanced Spatial Analysis CASA-UCL 18 June, Thursday | 4.00pm - 4.40pm

943 views • 41 slides
Holomorphic functions which preserve holomorphic semigroups Charles Batty (University of Oxford)

Holomorphic functions which preserve holomorphic semigroups Charles Batty (University of Oxford)

Holomorphic functions which preserve holomorphic semigroups Charles Batty (University of Oxford) joint work with Alexander Gomilko (Torun) and Yuri Tomilov (IMPAN, Warsaw) Mini-symposium on Functional Calculus, IWOTA Chemnitz, 17 August 2017

323 views • 15 slides
Reading in EYFS OCTOBER 2017 What is Batty Phonics? A program for teaching letter sounds.

Reading in EYFS OCTOBER 2017 What is Batty Phonics? A program for teaching letter sounds.

Reading in EYFS OCTOBER 2017 What is Batty Phonics? A program for teaching letter sounds. Order the letters are taught: 1. i, l, t, u, y 2. c, o, a, d, g, q, e 3. h, n, m, r, b, p, k 4. v, w, x 5. z, j, f, s Each letter sound has

204 views • 19 slides
Multicore Programming Java Memory Model Jaroslav ev Peter Sewell ck Tim Harris

Multicore Programming Java Memory Model Jaroslav ev Peter Sewell ck Tim Harris

Multicore Programming Java Memory Model Jaroslav ev Peter Sewell ck Tim Harris University of Cambridge MSR with thanks to Francesco Zappa Nardelli, Susmit Sarkar, Tom Ridge, Scott Owens, Magnus O. Myreen, Luc Maranget, Mark Batty,

901 views • 74 slides
Inventing Abstractions An Academic Perspective on Industrial Memory Models Susmit Sarkar with:

Inventing Abstractions An Academic Perspective on Industrial Memory Models Susmit Sarkar with:

Inventing Abstractions An Academic Perspective on Industrial Memory Models Susmit Sarkar with: Scott Owens, Kayvan Memarian, Mark Batty, Peter Sewell, Magnus Myreen, Jade Alglave, Luc Maranget, Francesco Zappa Nardelli, Derek Williams, Sela

473 views • 30 slides
SCHEME (CJRS) MARK II 1. Summary of CJRS Mark I and CJRS Mark II 2. Key Dates of CJRS 3.

SCHEME (CJRS) MARK II 1. Summary of CJRS Mark I and CJRS Mark II 2. Key Dates of CJRS 3.

CORONAVIRUS JOB RETENTION SCHEME (CJRS) MARK II 1. Summary of CJRS Mark I and CJRS Mark II 2. Key Dates of CJRS 3. Tapering of Government Support OVERVIEW 4. CJRS Mark II Key Concepts 5. CJRS Mark II - Calculations 6. Spreadsheets 7.

389 views • 17 slides
MARK I Duplicator 9 WANHAO PRODUCT BROCHURE DUPLICATOR 9 MARK I DUPLICATOR 9 MARK I

MARK I Duplicator 9 WANHAO PRODUCT BROCHURE DUPLICATOR 9 MARK I DUPLICATOR 9 MARK I

you can MARK I Duplicator 9 WANHAO PRODUCT BROCHURE DUPLICATOR 9 MARK I DUPLICATOR 9 MARK I Technical Specifi cations Primary attributes PLA printer, entrance level printer. of the technology Full assembled. Developped from Prusa i3.

445 views • 9 slides
The Gospel of Mark When Pigs Fly Mark 5:1-20 (NIV) They went across the lake to the region of

The Gospel of Mark When Pigs Fly Mark 5:1-20 (NIV) They went across the lake to the region of

The Gospel of Mark When Pigs Fly Mark 5:1-20 (NIV) They went across the lake to the region of the Gerasenes. 2 When Jesus got out of the boat, a man with an impure spirit came from the tombs to meet him. Mark 5:1-20 (NIV) 3 This man lived in

593 views • 15 slides
The Gospel of Mark Mark 2:13-17 (ESV) He went out again beside the sea, and all the crowd was

The Gospel of Mark Mark 2:13-17 (ESV) He went out again beside the sea, and all the crowd was

The Gospel of Mark Mark 2:13-17 (ESV) He went out again beside the sea, and all the crowd was coming to him, and he was teaching them. 14 And as he passed by, he saw Levi the son of Alphaeus sittjng at the tax booth, and he said to him,

767 views • 10 slides
Mark 3:1-6 The Servants True Family Mark 3:7-35 Crushing Crowds Follow Jesus (Mark 3:7-12) The

Mark 3:1-6 The Servants True Family Mark 3:7-35 Crushing Crowds Follow Jesus (Mark 3:7-12) The

Mark 3:1-6 The Servants True Family Mark 3:7-35 Crushing Crowds Follow Jesus (Mark 3:7-12) The Situation: Jesus is forced get into a boat on the Sea of Galilee in order to escape the great crowd of people that was pressing in all around Him to

190 views • 6 slides
The Gospel of Mark Traditjon Mark 7:1-23 (ESV) Now when the Pharisees gathered to him, with

The Gospel of Mark Traditjon Mark 7:1-23 (ESV) Now when the Pharisees gathered to him, with

The Gospel of Mark Traditjon Mark 7:1-23 (ESV) Now when the Pharisees gathered to him, with some of the scribes who had come from Jerusalem, 2 they saw that some of his disciples ate with hands that were defjled, that is, unwashed. Mark

814 views • 15 slides
Sin: to miss the mark. Walk the talk. Sin: to miss the mark. Walk the talk. The Mark: the

Sin: to miss the mark. Walk the talk. Sin: to miss the mark. Walk the talk. The Mark: the

Sin: to miss the mark. Walk the talk. Sin: to miss the mark. Walk the talk. The Mark: the standard of holiness established by God and evidenced by Jesus. We can never live deeply until we Walk the talk. deal with our sin. The ethical test

662 views • 26 slides
Transformed to Transform Mark 5:1-20 Mark 5:1-13 They came to the other side of the sea, to the

Transformed to Transform Mark 5:1-20 Mark 5:1-13 They came to the other side of the sea, to the

8/23/2016 Transformed to Transform Mark 5:1-20 Mark 5:1-13 They came to the other side of the sea, to the country of the Gerasenes. 2 And when Jesus had stepped out of the boat, immediately there met him out of the tombs a man with an unclean

420 views • 6 slides
Mark Gerling for the WATCHMAN Collaboration Background at Depth Gerling Mark Gerling Mark

Mark Gerling for the WATCHMAN Collaboration Background at Depth Gerling Mark Gerling Mark

WATer CHerenkov Monitoring of Anti-Neutrinos MARS Measurements of the Fast Neutron Mark Gerling for the WATCHMAN Collaboration Background at Depth Gerling Mark Gerling Mark Sandia National Laboratories, California Sandia National

467 views • 29 slides
Software Measurement and Complexity Mark C. Paulk, Ph.D. Mark.Paulk@utdallas.edu,

Software Measurement and Complexity Mark C. Paulk, Ph.D. Mark.Paulk@utdallas.edu,

Software Measurement and Complexity Mark C. Paulk, Ph.D. Mark.Paulk@utdallas.edu, Mark.Paulk@ieee.org http://mark.paulk123.com/ Measurement & Complexity Topics Goal-driven measurement Operational definitions Driving behavior What is

784 views • 36 slides
Mark 7:24-30 Blue Bible pg 1072 Mark 7:24-30 Blue Bible pg 1072 Mark 7:24 30 ESV 24 And from

Mark 7:24-30 Blue Bible pg 1072 Mark 7:24-30 Blue Bible pg 1072 Mark 7:24 30 ESV 24 And from

Mark 7:24-30 Blue Bible pg 1072 Mark 7:24-30 Blue Bible pg 1072 Mark 7:24 30 ESV 24 And from there he arose and went away to the region of Tyre and Sidon. And he entered a house and did not want anyone to know, yet he could not be hidden.

215 views • 18 slides
Mark 4:26-34 Blue Bible pg 1067 Mark 4:26-34 Blue Bible pg 1067 Mark 4:33 34 ESV 33 With

Mark 4:26-34 Blue Bible pg 1067 Mark 4:26-34 Blue Bible pg 1067 Mark 4:33 34 ESV 33 With

Mark 4:26-34 Blue Bible pg 1067 Mark 4:26-34 Blue Bible pg 1067 Mark 4:33 34 ESV 33 With many such parables he spoke the word to them, as they were able to hear it. 34 He did not speak to them without a parable, but privately to his own

607 views • 14 slides

More recommend