reference capabilities for concurrency and scalability
play

Reference Capabilities for Concurrency and Scalability An - PowerPoint PPT Presentation

Mar 11, 2024 •337 likes •857 views

Reference Capabilities for Concurrency and Scalability An Experience Report Elias Castegren , Tobias Wrigstad OCAP, Vancouver October 24th 2017 sa Structured Aliasing What the CAP? Object capability An unforgeable reference to an

  1. Reference Capabilities for Concurrency and Scalability An Experience Report Elias Castegren , Tobias Wrigstad OCAP, Vancouver October 24th 2017 sa Structured Aliasing

  2. What the CAP? • Object capability — An unforgeable reference to an object 
 — The permission to perform (one or more) operations on that object { f oo, ba r } • Reference capability — An (unforgeable) object capability 
 — The permission to perform (one or more) operations on that reference { f oo, ba r } {...}

  3. This Talk • Reference capabilities for data-race freedom { f oo} {ba r } • Reference capabilities for atomic ownership transfer ∅ { f oo, ba r }

  4. Warning: Aliasing May Cause Data-Races Boom!

  5. Warning: Aliasing May Cause Data-Races ???

  6. Warning: Aliasing May Cause Data-Races Aliasing doesn’t ??? Lack of mutual cause data-races! exclusion causes data-races!

  7. Object Capabilities Are Not Enough • An object capability tells you something about what you can do with an object { f oo, ba r } • A reference capability implicitly tells you something about what others can do { f oo, ba r } {mo v e}

  8. Kappa [ECOOP ’16]

  9. Reference Capabilities for Concurrency Control • A capability grants access to some object reference • The type of a capability defines the interface to its object • A capability assumes exclusive access Thread-safety ⇒ No data-races 
 • How thread-safety is achieved is 
 x : T li nea r controlled by the capability’s mode

  10. Reference Capabilities á la Mode • Exclusive modes li nea r l o c a l Globally unique Thread-local • Sharable modes ! r ead l o ck ed a ctiv e Precludes mutating Implicit locking Asynchronous actor aliases

  11. ⎭ Reference Capabilities á la Mode ⎫ li nea r l o c a l ⎬ Guarantee mutual exclusion l o ck ed a ctiv e r ead subo r d i na t e Precludes mutating Encapsulated aliases

  12. Encore • Actor-based programming language

  13. Encore • Actor-based programming language

  14. Encore • Actor-based programming language • Uses reference capabilities to enforce safe sharing between actors

  15. Encore • Actor-based programming language • Uses reference capabilities to enforce safe sharing between actors

  16. Switching to a Delegating Model

  17. Switching to a Delegating Model

  18. Switching to a Delegating Model

  19. Far References with Reference Capabilities { c op y } { f oo, ba r } ”a ctiv e” l o c a l { ! f oo, ! ba r } { c op y Nea r , c op y Fa r }

  20. Taking Far References Further • Safely breaking encapsulation !

  21. Taking Far References Further • Safely breaking encapsulation !

  22. Actors without Borders [PLACES’17] !

  23. Safe Object Sharing • Any two aliases are e.g. composable, synchronised, thread-local, encapsulated… 
 ⇒ No data-races ! . . . • Whoever controls the aliasing controls the concurrency!

  24. Pony [AGERE ’15] and Orca [OOPSLA’17] Thursday@OOPSLA 11:15-11:37

  25. f Recap • Object capabilities specify the permitted operations on an object • Reference capabilities specify the permitted operations on a reference • Strictly following the reference capability model gives global guarantees : — Encapsulation — Thread-locality — Uniqueness — Absence of mutable aliases — …

  26. Refcap > Ocap? Refcap ⇒ Ocap? Refcap ⊆ Ocap? • Reference capabilities can be a compliment to object capabilities • Reference capabilities allow specifying how object capabilities may be further shared — Shallow/transitive permission — Local/distributed permission • Can object capabilities ”emulate” reference capabilities? — Only partially • Can a reference capability be revoked? — Weak references

  27. eliasc.github.io @CartesianGlee EliasC

  28. Ensuring Mutual Exclusion • Relying on locks... • Relying on isolation… • Relying on immutability… • …bans shared mutable state altogether

  29. Too restrictive? Ensuring Mutual Exclusion • Relying on locks... • Relying on isolation… • Relying on immutability… • …bans shared mutable state altogether

  30. Example: A Treiber Stack s tr u ct Node { s tr u ct S t a ck { v a r e l em : T; v a r t op : Node; v a l nex t : Node; } } top next Stack N N N elem T T T

  31. Example: A Treiber Stack de f pop(s : S t a ck ) : T { wh il e ( tr ue) { v a l o l dTop = s. t op; if ( C AS(s. t op, o l dTop, o l dTop.nex t )) r e t u r n o l dTop.e l em; } } top Stack N N N T T T

  32. Example: A Treiber Stack de f pop(s : S t a ck ) : T { wh il e ( tr ue) { v a l o l dTop = s. t op; if ( C AS(s. t op, o l dTop, o l dTop.nex t )) r e t u r n o l dTop.e l em; } } oldTop top Stack N N N T T T

  33. Example: A Treiber Stack de f pop(s : S t a ck ) : T { wh il e ( tr ue) { v a l o l dTop = s. t op; if ( C AS(s. t op, o l dTop, o l dTop.nex t )) r e t u r n o l dTop.e l em; oldTop } } oldTop top Stack N N N T T T

  34. Example: A Treiber Stack de f pop(s : S t a ck ) : T { wh il e ( tr ue) { v a l o l dTop = s. t op; if ( C AS(s. t op, o l dTop, o l dTop.nex t )) r e t u r n o l dTop.e l em; oldTop } } oldTop top Stack N N N T T T

  35. Example: A Treiber Stack de f pop(s : S t a ck ) : T { wh il e ( tr ue) { v a l o l dTop = s. t op; if ( C AS(s. t op, o l dTop, o l dTop.nex t )) r e t u r n o l dTop.e l em; oldTop } } oldTop top Stack N N N T T T

  36. Example: A Treiber Stack de f pop(s : S t a ck ) : T { wh il e ( tr ue) { v a l o l dTop = s. t op; if ( C AS(s. t op, o l dTop, o l dTop.nex t )) r e t u r n o l dTop.e l em; oldTop } } oldTop top Stack N N N T T T

  37. Example: A Treiber Stack de f pop(s : S t a ck ) : T { wh il e ( tr ue) { v a l o l dTop = s. t op; if ( C AS(s. t op, o l dTop, o l dTop.nex t )) r e t u r n o l dTop.e l em; oldTop } } oldTop top Stack N N N T T T

  38. Example: A Treiber Stack de f pop(s : S t a ck ) : T { wh il e ( tr ue) { v a l o l dTop = s. t op; if ( C AS(s. t op, o l dTop, o l dTop.nex t )) r e t u r n o l dTop.e l em; oldTop } } oldTop top Stack N N N T T T

  39. Example: A Treiber Stack de f pop(s : S t a ck ) : T { wh il e ( tr ue) { v a l o l dTop = s. t op; if ( C AS(s. t op, o l dTop, o l dTop.nex t )) r e t u r n o l dTop.e l em; oldTop } } oldTop top Stack N N N T T T

  40. Fine-Grained Concurrency ≠ Mutual Exclusion de f pop(s : S t a ck ) : T { wh il e ( tr ue) { v a l o l dTop = s. t op; if ( C AS(s. t op, o l dTop, o l dTop.nex t )) r e t u r n o l dTop.e l em; } } Shared Mutable state! Stack N N N T T T

  41. Treiber Stack with Reference Capabilities and swap} { c ompa r e ∅ { r eadE l em} N {spe c u l a t e} Stack de f pop(s : S t a ck ) : T { wh il e ( tr ue) { v a l o l dTop = s. t op; if ( C AS(s. t op, o l dTop, o l dTop.nex t )) r e t u r n o l dTop.e l em; } }

  42. Treiber Stack with Reference Capabilities { c ompa r e … } ∅ { r eadE l em} N { … } and swap {spe c u l a t e} Stack de f pop(s : S t a ck ) : T { wh il e ( tr ue) { v a l o l dTop = s. t op; if ( C AS(s. t op, o l dTop, o l dTop.nex t )) r e t u r n o l dTop.e l em; } }

  43. Capability Transfer with Compare-and-Swap de f pop(s : S t a ck ) : T { wh il e ( tr ue) { v a l o l dTop = s. t op; if ( C AS(s. t op, o l dTop, o l dTop.nex t )) r e t u r n o l dTop.e l em; } } top {…} {…} Stack N N N T T T

  44. Capability Transfer with Compare-and-Swap de f pop(s : S t a ck ) : T { wh il e ( tr ue) { v a l o l dTop = s. t op; if ( C AS(s. t op, o l dTop, o l dTop.nex t )) r e t u r n o l dTop.e l em; } } ∅ top {…} {…} Stack N N N T T T

  45. Capability Transfer with Compare-and-Swap de f pop(s : S t a ck ) : T { wh il e ( tr ue) { v a l o l dTop = s. t op; if ( C AS(s. t op, o l dTop, o l dTop.nex t )) r e t u r n o l dTop.e l em; } } ∅ top {…} {…} Stack N N N T T T

  46. Capability Transfer with Compare-and-Swap de f pop(s : S t a ck ) : T { wh il e ( tr ue) { v a l o l dTop = s. t op; if ( C AS(s. t op, o l dTop, o l dTop.nex t )) r e t u r n o l dTop.e l em; } } {…} top {…} Stack N N N T T T

  47. Capability Transfer with Compare-and-Swap de f pop(s : S t a ck ) : T { wh il e ( tr ue) { v a l o l dTop = s. t op; if ( C AS(s. t op, o l dTop, o l dTop.nex t )) r e t u r n o l dTop.e l em; } } {…} {…} ∅ top Stack N N N T T T

  48. Capability Transfer with Compare-and-Swap de f pop(s : S t a ck ) : T { wh il e ( tr ue) { v a l o l dTop = s. t op; if ( C AS(s. t op, o l dTop, o l dTop.nex t )) r e t u r n o l dTop.e l em; N } } ∅ {…} top Stack N N T T

  49. LOLCAT [ECOOP ’17] • Linear Ownership: — At most one capability may access an object’s mutable fields • Three fundamental lock-free data-structures — Treiber Stack 
 — Michael—Scott Queue 
 — Tim Harris List • No uncontrolled data-races!

  50. A Taxonomy of Reference Capabilities Capability Subordinate Exclusive Linear Local Shared Safe Unsafe … Pessimistic Oblivious Optimistic Atomic Lock-Free Locked Active Read Immutable

  51. eliasc.github.io @CartesianGlee EliasC

Recommend

Capable: Capabilities for Scalability Current state of design Elias Castegren , Tobias Wrigstad

Capable: Capabilities for Scalability Current state of design Elias Castegren , Tobias Wrigstad

Capable: Capabilities for Scalability Current state of design Elias Castegren , Tobias Wrigstad forename.surname@it.uu.se IWACO 2014, Uppsala 1 / 22 Introduction Safe parallel programming using capabilities Scalability and performance

992 views • 70 slides
Advanced Concurrency Department of Computer Science University of Maryland, College Park

Advanced Concurrency Department of Computer Science University of Maryland, College Park

CMSC 132: Object-Oriented Programming II Advanced Concurrency Department of Computer Science University of Maryland, College Park Excellent Reference on Concurrency Reference: Java Concurrency in Practice by Brian Goetz Concurrency

309 views • 17 slides
Scalability and Replication Marco Serafini COMPSCI 532 Lecture 13 Scalability 2 Scalability

Scalability and Replication Marco Serafini COMPSCI 532 Lecture 13 Scalability 2 Scalability

Scalability and Replication Marco Serafini COMPSCI 532 Lecture 13 Scalability 2 Scalability Ideal world Linear scalability Speedup Reality Ideal Bottlenecks For example: central coordinator When do we stop

938 views • 36 slides
Concurrency What is concurrency? In computer science, concurrency is a property of systems which

Concurrency What is concurrency? In computer science, concurrency is a property of systems which

C Concurrency and Synchronization Concurrency What is concurrency? In computer science, concurrency is a property of systems which consist of computations that execute overlapped in time, and which may permit the sharing of common resources

621 views • 34 slides
Asynchronous Programming Model for Concurrency concurrency Concurrency is when two or more tasks

Asynchronous Programming Model for Concurrency concurrency Concurrency is when two or more tasks

Asynchronous Programming Model for Concurrency concurrency Concurrency is when two or more tasks can start, run, and complete in overlapping time periods. It doesn't necessarily mean they'll ever both be running at the same instant. For

915 views • 24 slides
Connecting the Dot Dots Model Checking Concurrency in Capsicum ASA-4 21 July 2010 Robert N. M.

Connecting the Dot Dots Model Checking Concurrency in Capsicum ASA-4 21 July 2010 Robert N. M.

Connecting the Dot Dots Model Checking Concurrency in Capsicum ASA-4 21 July 2010 Robert N. M. Watson Jonathan Anderson Introduction UNIX File System (UFS) Capsicum: practical capabilities for UNIX Whoops, a concurrency

548 views • 31 slides
Concurrency Control Ensuring Isolation 354 Concurrency control Concurrency To increase

Concurrency Control Ensuring Isolation 354 Concurrency control Concurrency To increase

Concurrency Control Ensuring Isolation 354 Concurrency control Concurrency To increase throughput and response time, a DBMS will execute multiple trans- actions at the same time. Concurrency control ensures that transactions have the same e ff

628 views • 29 slides
Concurrency: Mutual Exclusion and Synchronization Chapter 5 1 Concurrency Concurrency arises

Concurrency: Mutual Exclusion and Synchronization Chapter 5 1 Concurrency Concurrency arises

Concurrency: Mutual Exclusion and Synchronization Chapter 5 1 Concurrency Concurrency arises in 3 different contexts: Multiple applications Multiprogramming: time slicing Structured applications Develop a single application

1.09k views • 62 slides
Scalability of web applications CSCI 470: Web Science Keith Vertanen Overview Scalability

Scalability of web applications CSCI 470: Web Science Keith Vertanen Overview Scalability

Scalability of web applications CSCI 470: Web Science Keith Vertanen Overview Scalability questions What's important in order to build scalable web sites? High availability vs. load balancing Approaches to scaling

600 views • 26 slides
Root zone scalability model Bart Gijsen October 28, 2009 Root zone scalability model

Root zone scalability model Bart Gijsen October 28, 2009 Root zone scalability model

Root zone scalability model Bart Gijsen October 28, 2009 Root zone scalability model Introduction Development of the model by TNO as part of the Root Scalability Study Team Why quantify? Scalability is a quantitative topic

674 views • 18 slides
Concurrency: Mutual Exclusion and Synchronization Chapter 5 1 Concurrency Multiple

Concurrency: Mutual Exclusion and Synchronization Chapter 5 1 Concurrency Multiple

2/24/10 Concurrency: Mutual Exclusion and Synchronization Chapter 5 1 Concurrency Multiple applications Structured applications Operating system structure 2 1 2/24/10 Concurrency 3 Difficulties of Concurrency Sharing of

217 views • 11 slides
Performance and Scalability (Chapter 11) Performance and Scalability Performance: How long

Performance and Scalability (Chapter 11) Performance and Scalability Performance: How long

Performance and Scalability (Chapter 11) Performance and Scalability Performance: How long is the latency? Scalability: Do we get higher throughput if we add more resources? Performance and Scalability Performance: How long is the

210 views • 17 slides
B3CC: Concurrency 08: Parallelism from Concurrency Trevor L. McDonell Utrecht University, B2

B3CC: Concurrency 08: Parallelism from Concurrency Trevor L. McDonell Utrecht University, B2

B3CC: Concurrency 08: Parallelism from Concurrency Trevor L. McDonell Utrecht University, B2 2020-2021 Recap Concurrency: dealing with lots of things at once - Collection of independently executing processes - Two or more threads are

501 views • 39 slides
Concurrency, 2PL, and 2PC Todays Topics Continue concurrency Review two-phase locking

Concurrency, 2PL, and 2PC Todays Topics Continue concurrency Review two-phase locking

Concurrency, 2PL, and 2PC Todays Topics Continue concurrency Review two-phase locking (2PL) 2PL with shared locks Deadlocks Timestamped concurrency Implementing distributed transactions Transaction manager

610 views • 19 slides
Introduction to Concurrency Why Study Concurrency? We are well into the era of concurrent

Introduction to Concurrency Why Study Concurrency? We are well into the era of concurrent

CS510 Concurrent Systems Jonathan Walpole Introduction to Concurrency Why Study Concurrency? We are well into the era of concurrent hardware - Moores law still holds (more or less) - processor cycles per sec is not increasing - cores per

1.01k views • 46 slides
Threads and Concurrency Threads and Concurrency A First Look at Some Key Concepts A First Look

Threads and Concurrency Threads and Concurrency A First Look at Some Key Concepts A First Look

Threads and Concurrency Threads and Concurrency A First Look at Some Key Concepts A First Look at Some Key Concepts kernel The software component that controls the hardware directly, and implements the core privileged OS functions. Modern

208 views • 10 slides
Versioning of Topic Map Templates Structuring Versioning and Scalability Scalability Proc.

Versioning of Topic Map Templates Structuring Versioning and Scalability Scalability Proc.

Versioning of TM Templates and Scalability M. Ueberall, O. Drobnik Introduction Versioning of Topic Map Templates Structuring Versioning and Scalability Scalability Proc. Model Ongoing Work M. Ueberall, O. Drobnik Telematics Group,

550 views • 28 slides
Improved Surveillance and Diagnosis Capabilities in Mexico after the Influenza Pandemics Dra.

Improved Surveillance and Diagnosis Capabilities in Mexico after the Influenza Pandemics Dra.

Improved Surveillance and Diagnosis Capabilities in Mexico after the Influenza Pandemics Dra. Celia M. Alpuche Aranda Director MC Hiram Olivera Diaz Head of molecular Biology Department Institute for Epidemiological Diagnosis and Reference

824 views • 20 slides
COMP 213 Advanced Object-oriented Programming Lecture 21 Concurrency What is Concurrency?

COMP 213 Advanced Object-oriented Programming Lecture 21 Concurrency What is Concurrency?

COMP 213 Advanced Object-oriented Programming Lecture 21 Concurrency What is Concurrency? Concurrency is when two or more programs execute at the same time, either: sharing the same processor ( multi-threading ), or on different

934 views • 71 slides
NGN OAM Capabilities NGN OAM Capabilities Dinesh Mohan CTO S r. Advisor, Nortel I TU-T W

NGN OAM Capabilities NGN OAM Capabilities Dinesh Mohan CTO S r. Advisor, Nortel I TU-T W

I nternational Telecom m unication Union ITU-T NGN OAM Capabilities NGN OAM Capabilities Dinesh Mohan CTO S r. Advisor, Nortel I TU-T W orkshop NGN and its Transport Netw orks Kobe, 2 0 -2 1 April 2 0 0 6 NGN OAM Activities Update

777 views • 15 slides
Redirection Capabilities in SIP Redirection Capabilities in SIP

Redirection Capabilities in SIP Redirection Capabilities in SIP

Redirection Capabilities in SIP Redirection Capabilities in SIP draft-bharatia-sipping-redirect-00.txt Authors: J. Bharatia, S. Sen, R. Yuhanna, S. Orton, M. Watson Presenter: Mark Watson mwatson@nortelnetworks.com General Motivation SIP

478 views • 5 slides
Concurrency and Memory Models Filip Sieczkowski Why concurrency? Moores law Every two

Concurrency and Memory Models Filip Sieczkowski Why concurrency? Moores law Every two

Concurrency and Memory Models Filip Sieczkowski Why concurrency? Moores law Every two years, the number of transistors in a dense integrated circuit doubles The keystone of microprocessor industry Physical limitations Finite

374 views • 20 slides
Concurrency Control II and Distributed Transactions CS 240: Computing Systems and Concurrency

Concurrency Control II and Distributed Transactions CS 240: Computing Systems and Concurrency

Concurrency Control II and Distributed Transactions CS 240: Computing Systems and Concurrency Lecture 18 Marco Canini Credits: Michael Freedman and Kyle Jamieson developed much of the original material. Serializability Execution of a set of

646 views • 45 slides
But why is Synchronous Java was designed THREADS concurrency coordination in the

But why is Synchronous Java was designed THREADS concurrency coordination in the

Modeling Concurrency with Actors A Journey into Erlang Land Eugne Delacroix, Hamlet and Horatio in the Graveyard Functional and Interactive concurrency Coordination is the new imperative The Free Lunch is Over What I will Tell You Develop

330 views • 5 slides

More recommend