szumo a compositional contract model for safe multi
play

Szumo: A Compositional Contract Model for Safe Multi- Threaded - PowerPoint PPT Presentation

Jun 26, 2023 •282 likes •960 views

Szumo: A Compositional Contract Model for Safe Multi- Threaded Applications LASER 2005 Laura K. Dillon Software Engineering & Network Systems Laboratory Michigan State University ldillon@cse.msu.edu Laser 2005 - Summer School on 1

  1. Szumo: A Compositional Contract Model for Safe Multi- Threaded Applications LASER 2005 Laura K. Dillon Software Engineering & Network Systems Laboratory Michigan State University ldillon@cse.msu.edu Laser 2005 - Summer School on 1 Software Engineering

  2. Credits ♦ Creators: Reimer Behrends, R. E. Kurt Stirewalt ♦ Financial Support: – US Department of the Navy, ONR grant N00014-01- 1-0744 – National Science Foundation grants EIA-0000433, CCR-9901017, CCR-9984727, CDA-9617310, and CCR-9896190 – US Defense Advance Research Projects Agency, DASADA program Laser 2005 - Summer School on 2 Software Engineering

  3. Synchronization Units Model ♦ Problem: Synchronization concerns in multi- threaded object-oriented programs complicate designs – Difficult to modularize – A source of brittleness ♦ Goal: Facilitate extension, maintenance and evolution through better modularization of synchronization concerns ♦ Idea: Associate synchronization contracts with modules and automatically infer necessary synchronization logic from the contracts Laser 2005 - Summer School on 3 Software Engineering

  4. Overview of lecture series ♦ Background ♦ Introduction to Szumo ♦ Case study ♦ Semantic and implementation details ♦ Related concurrency models ♦ Ongoing and future work Laser 2005 - Summer School on 4 Software Engineering

  5. Overview of lecture series ♦ Background – Contracts – Multi-threaded OO programs – Concurrency problems ♦ Introduction to Szumo ♦ Case study ♦ Semantic and implementation details ♦ Related concurrency models ♦ Ongoing and future work Laser 2005 - Summer School on 5 Software Engineering

  6. Contracts Formal Agreement between a supplier and its clients ♦ Parties have rights and responsibilities ♦ Improved documentation, verification, separation of concerns ♦ Can enable optimizations sqrt( x : REAL ) : REAL is Zen and the art of sw reliability: require guarantee more by checking less! x >= 0 do … end Laser 2005 - Summer School on 6 Software Engineering

  7. Contract awareness ♦ Different degrees of strength [Beugnard et al.’99]: Degree of Contract Awareness Level 1: Level 2: Level 3: Level 4: Syntactic Behavioral Synchronization QOS Higher degrees: – Support contracting over non-functional properties – Enable dynamic client-supplier negotiation of services Laser 2005 - Summer School on 7 Software Engineering

  8. Overview of lecture series ♦ Background – Contracts – Multi-threaded OO programs – Concurrency problems ♦ Introduction to Szumo ♦ Case study ♦ Semantic and implementation details ♦ Related concurrency models ♦ Ongoing and future work Laser 2005 - Summer School on 8 Software Engineering

  9. Multi-threaded OO Program ♦ Multiple threads manipulate passive objects in shared memory ♦ Major concurrency concern: Threads within critical regions require exclusive access to shared objects ♦ Designer must identify and protect these critical regions without introducing concurrency errors (e.g., deadlock, starvation). Laser 2005 - Summer School on 9 Software Engineering

  10. Example: Dining Philosophers Three philosophers sit around a circular table set with three forks and a large bowl of spaghetti. Each philosopher alternates between thinking and eating ad infinitum . To eat, a philosopher picks up the fork to her left and then the fork to her right. After eating, she returns the forks to their places and then proceeds to think. Laser 2005 - Summer School on 10 Software Engineering

  11. Example: Dining Philosophers in Java Class Phil extends Thread { private Fork left; f0: Fork p0: Phil right private Fork right; left . . . left public void run( ) { p0: Phil f2: Fork while (true) { think(); left.get(this); right right.get(this); f1: Fork p1: Phil eat(); // using left & right left right right.put(this); left.put(this); } } . . . } Laser 2005 - Summer School on 11 Software Engineering

  12. Example: Dining Philosophers in Java Class Fork { private boolean taken = false; . . . f0: Fork p2: Phil right synchronized void get(Phil p) { while (taken) wait (); left left taken = true; …println( p.toString() + p0: Phil f2: Fork “ picked up ” + toString()); } right synchronized void put(Phil p) { f1: Fork p1: Phil …println( p.toString() + “ put down ” + toString()); left right taken = false; notifyAll(); } . . . } Laser 2005 - Summer School on 12 Software Engineering

  13. Overview of lecture series ♦ Background – Contracts – Multi-threaded OO programs – Concurrency problems ♦ Introduction to Szumo ♦ Case study ♦ Semantic and implementation details ♦ Related concurrency models ♦ Ongoing and future work Laser 2005 - Summer School on 13 Software Engineering

  14. Problem: Interleaving of concurrency logic with “functional” logic Class Fork { Class Phil extends Thread { private boolean taken = false; private Fork left; . . . private Fork right; synchronized void put(Phil p) { . . . …println( p.toString() + public void run( ) { “ put down ” + while (true) { this.toString(); think(); taken = false; left.get(this); notifyAll(); right.get(this); } eat(); right.put(this); synchronized void get(Phil p) { left.put(this); while (taken) wait (); } taken = true; } …println( p.toString() + . . . “ picked up ” + } this.toString(); } Laser 2005 - Summer School on 14 Software Engineering

  15. Problem: Undocumented synchronization rights and responsibilities ♦ Philosopher’s right / Fork’s responsibility: – A philosopher has exclusive access to a fork after calling “get” until the next call to “put” ♦ Philosopher’s responsibility / Fork’s right: – A philosopher alternates in first calling “get” and then “put” – A philosopher uses a fork only between a call to “get” and the next call to “put” Unstated correctness criteria produce brittle designs Laser 2005 - Summer School on 15 Software Engineering

  16. Behavior contracts can express limited synchronization rights and responsibilities ♦ Here, only clients’ responsibilities / suppliers’ rights Class Fork { private Philosopher holder; synchronized void get(Phil p) . . . require (holder != p) synchronized void put(Phil p) { require (holder == p) while (holder != null) wait (); { holder = p; …println( p.toString() + …println( p.toString() + “ put down ” + “ picked up ” + this.toString(); this.toString(); holder = null; } notifyAll(); } ♦ Cannot express the mutual exclusion right / responsibility Laser 2005 - Summer School on 16 Software Engineering

  17. Problem: Failure to “protect” critical regions ♦ E.g ., omit call(s) to “…get(…)” or omit f0: Fork p2: Phil right assignment to “taken” in left left “get” method p0: Phil f2: Fork ♦ Data race : uncoordinated access to shared data (in right this case, f 2 ) f1: Fork p1: Phil left right ♦ Data races are difficult to detect and isolate Laser 2005 - Summer School on 17 Software Engineering

  18. Problem: Potential for starvation f0: Fork p2: Phil f0: Fork p2: Phil right right left left left left p0: Phil f2: Fork p0: Phil f2: Fork right right f1: Fork p1: Phil f1: Fork p1: Phil left right left right Laser 2005 - Summer School on 18 Software Engineering

  19. Problem: Potential for deadlock ♦ Root cause: incrementally f0: Fork p2: Phil right acquiring multiple shared objects for some critical left left region p0: Phil f2: Fork ♦ Well-known solution: Impose an acquisition right order on the objects f1: Fork p1: Phil ♦ Requires: Global left right agreement on the acquisition order Laser 2005 - Summer School on 19 Software Engineering

  20. Detour: Enforcing an acquisition order Class Phil extends Thread { . . . private Fork left; public void run( ) { private Fork right; while (true) { . . . think(); private void reserveTwo( ) { reserveTwo(); if (left < right) { left.get(this); left.reserve(); right.get(this); right.reserve(); eat(); } else { right.put(this); right.reserve(); left.put(this); left.reserve(); unreserveTwo(); } } } } private void unreserveTwo() { . . . left.unreserve(); } right.unreserve(); } Laser 2005 - Summer School on 20 Software Engineering

  21. Detour: Enforcing an acquisition order Class Fork { . . . synchronized void reserve() { while (taken) wait (); taken = true; } synchronized void unreserve() { taken = false; notifyAll(); } synchronized void get(Phil p) { …println( p.toString() + “ picked up ” + toString() ); } synchronized void put(Phil p) { …println( p.toString() + “ put down ” + toString() ); } . . . } Laser 2005 - Summer School on 21 Software Engineering

  22. Problem: Potential for deadlock The “ordered-acquisition solution” may not apply: ♦ If suppliers are not known a priori, but can change during execution ♦ If a client has indirect suppliers (transitive access dependences) c 0 ’s direct supplier, s 0 , c0: C c1: C should encapsulate its indirect supplier, s 1 ; similarly for c 1 Thus, c 0 acquires s 0 and s0: S s1: S then s 1 ; but c 1 acquires s 1 and then s 0 ! Laser 2005 - Summer School on 22 Software Engineering

Recommend

1 FLP Partial Intuition Implication for fair exchange Quote from paper: Need a trusted

1 FLP Partial Intuition Implication for fair exchange Quote from paper: Need a trusted

TECS Week 2005 Contract Signing Two parties want to sign a contract Contract-Signing Protocols Multi-party signing is more complicated The contract is known to both parties The protocols we will look at are not for contract

402 views • 7 slides
Overview of lecture series Background Introduction to Szumo Case study Semantic and

Overview of lecture series Background Introduction to Szumo Case study Semantic and

Overview of lecture series Background Introduction to Szumo Case study Semantic and implementation details Related concurrency models Ongoing and future work Laser 2005 - Summer School on 1 Software Engineering Goal

822 views • 56 slides
Compositional Real-Time Scheduling Framework Insik Shin 1 , Insup Lee 1 1 University of

Compositional Real-Time Scheduling Framework Insik Shin 1 , Insup Lee 1 1 University of

Compositional Framework Bounded Delay Resource Model Schedulability Analysis Utilization Bounds Component Abstraction Conclusion Compositional Real-Time Scheduling Framework Insik Shin 1 , Insup Lee 1 1 University of Pennsylvania 15 November

362 views • 33 slides
Four Parts to the Solicitation Addendum Appendix D Model Contract o Contract text

Four Parts to the Solicitation Addendum Appendix D Model Contract o Contract text

CalHEERS Solicitation Addendum Four Parts to the Solicitation Addendum Appendix D Model Contract o Contract text Exhibit C -- Service Level Agreements and Liquidated Damages Attachment 8 Cost Schedules o Updated program

210 views • 5 slides
Embedded implicatures as pragmatic inferences under compositional lexical uncertainty Christopher

Embedded implicatures as pragmatic inferences under compositional lexical uncertainty Christopher

Overview Scalar implicature Grammar-driven models Our model Experiment Model assessment Conclusion Appendix Embedded implicatures as pragmatic inferences under compositional lexical uncertainty Christopher Potts Stanford Linguistics

1.2k views • 87 slides
Multi- -gas Model Analysis on gas Model Analysis on Multi stabilization scenarios

Multi- -gas Model Analysis on gas Model Analysis on Multi stabilization scenarios

Multi- -gas Model Analysis on gas Model Analysis on Multi stabilization scenarios stabilization scenarios Junichi Fujino NIES, Japan The 9th AIM International Workshop; 12-13, March 2004 National Institute for Environmental Studies,

547 views • 20 slides
Compositional Software Model Checking Dan R. Ghica Oxford University Computing Laboratory

Compositional Software Model Checking Dan R. Ghica Oxford University Computing Laboratory

Compositional Software Model Checking Dan R. Ghica Oxford University Computing Laboratory October 18, 2002 Outline of talk program verification issues the semantic challenge programming languages the logical challenge

854 views • 38 slides
Improved multi-party contract signing Aybek Mukhamedov and Mark Ryan March 2, 2007 Digital

Improved multi-party contract signing Aybek Mukhamedov and Mark Ryan March 2, 2007 Digital

Improved multi-party contract signing Aybek Mukhamedov and Mark Ryan March 2, 2007 Digital Contract Signing Use digital signatures to sign a pre-agreed contract over a computer network Potentially useful for e-commerce Why it is not simple:

1.08k views • 27 slides
XL2B: Excel2013: Model Trendline Multi 4/05/2019 V0P XL2B: V0P Excel2013 Model Trendline Multi

XL2B: Excel2013: Model Trendline Multi 4/05/2019 V0P XL2B: V0P Excel2013 Model Trendline Multi

XL2B: Excel2013: Model Trendline Multi 4/05/2019 V0P XL2B: V0P Excel2013 Model Trendline Multi 1 XL2B: V0P Excel2013 Model Trendline Multi 2 Model Using Trendline Assignment: Multiple Models in Excel 2013 1. Goal: Generate six charts. Use

477 views • 14 slides
BusyBees Safe Controllers for Multi-Agent Swarms Joshua Durham 1/24 Overview Motivation

BusyBees Safe Controllers for Multi-Agent Swarms Joshua Durham 1/24 Overview Motivation

BusyBees Safe Controllers for Multi-Agent Swarms Joshua Durham 1/24 Overview Motivation Prior Work System Model 1D Case 2D Cases Applications 2/24 Robotics is Hard

248 views • 24 slides
Compositional reasoning about concurrent libraries on the axiomatic TSO memory model Artem

Compositional reasoning about concurrent libraries on the axiomatic TSO memory model Artem

Compositional reasoning about concurrent libraries on the axiomatic TSO memory model Artem Khyzha IMDEA Software Institute, Madrid, Spain Joint work with Alexey Gotsman (IMDEA Software) Weak memory x = y = 0; x = 1; y = 1; a = y; b = x;

689 views • 38 slides
RTEMS-SMP Improvement for LEON multi-core Contract No: 4000116175/ 15/ NL/ FE/ as

RTEMS-SMP Improvement for LEON multi-core Contract No: 4000116175/ 15/ NL/ FE/ as

RTEMS-SMP Improvement for LEON multi-core Contract No: 4000116175/ 15/ NL/ FE/ as Contractor: embedded brains GmbH (Germany) TRP (95k Euro) Duration: 12 months (KO: Feb 2016, FR: May 2017) TO: M. Verhoef / T.

1.12k views • 35 slides
Certifying Compositional Model Checking Algorithms in ACL2 Sandip Ray John Matthews Mark Tuttle

Certifying Compositional Model Checking Algorithms in ACL2 Sandip Ray John Matthews Mark Tuttle

Certifying Compositional Model Checking Algorithms in ACL2 Sandip Ray John Matthews Mark Tuttle ACL2 Workshop Presentation July 14, 2003 Outline Motivation and Goals Technical Background Comments on Our Work Issues and

609 views • 31 slides
US National Multi-Model (NMME) Intra- Seasonal to Inter-Annual (ISI) Prediction System 1 Why

US National Multi-Model (NMME) Intra- Seasonal to Inter-Annual (ISI) Prediction System 1 Why

US National Multi-Model (NMME) Intra- Seasonal to Inter-Annual (ISI) Prediction System 1 Why Multi-Model? Multi-Model Methodologies Are a Practical Approach to Quantifying Forecast Uncertainty Due to Uncertainty in Model Formulation

817 views • 25 slides
Analysis of optimistic multi-party contract signing Rohit Chadha 1,2 , Steve Kremer 3 , Andre

Analysis of optimistic multi-party contract signing Rohit Chadha 1,2 , Steve Kremer 3 , Andre

Analysis of optimistic multi-party contract signing Rohit Chadha 1,2 , Steve Kremer 3 , Andre Scedrov 1 1 University of Pennsylvania 2 University of Sussex 3 Universit Libre de Bruxelles Digital Contract signing Use dig ita l sig na ture s

623 views • 31 slides
A Compositional Logic A Compositional Logic for Control Flow for Control Flow Gang Tan, Boston

A Compositional Logic A Compositional Logic for Control Flow for Control Flow Gang Tan, Boston

A Compositional Logic A Compositional Logic for Control Flow for Control Flow Gang Tan, Boston College g , g Andrew W. Appel, Princeton University Jan 8 2006 Jan 8, 2006 1 Mobile Code Security Protect trusted system against

561 views • 26 slides
Contract tractor or Safe afety ty Meeti ting ng October ber 2017 fcx.com INT NTRODUCTION

Contract tractor or Safe afety ty Meeti ting ng October ber 2017 fcx.com INT NTRODUCTION

D R I V E N B Y V A L U E Contract tractor or Safe afety ty Meeti ting ng October ber 2017 fcx.com INT NTRODUCTION ODUCTION Facilities lities Emerg ergen ency y Exits its Cell ll Phones es Safety

542 views • 42 slides
Multi-core model checking for biological applications Jaco van de Pol 22 November 2013

Multi-core model checking for biological applications Jaco van de Pol 22 November 2013

UNIVERSITY OF TWENTE. Formal Methods &amp; Tools. Multi-core model checking for biological applications Jaco van de Pol 22 November 2013 NWPT13, Tallinn ... Multi-core Reachability Multi-core LTL model checking Timed Automata

1.24k views • 119 slides
and Enrollee Contract Protections Refresher February 14, 2018 2 February 2018 Medicaid

and Enrollee Contract Protections Refresher February 14, 2018 2 February 2018 Medicaid

Behavioral Health Provider and Enrollee Contract Protections Refresher February 14, 2018 2 February 2018 Medicaid Managed Care Model Contract This presentation outlines contractual requirements (Medicaid Managed Care Model Contract) that

267 views • 16 slides
Compositional C11 Program Transformation Mark Batty - Mike Dodds - Alexey Gotsman

Compositional C11 Program Transformation Mark Batty - Mike Dodds - Alexey Gotsman

Compositional C11 Program Transformation Mark Batty - Mike Dodds - Alexey Gotsman Imperial Concurrency Workshop, July 2015 @miike Overview The C11 model is (arguably) broken: we omit problem features, most importantly no RLX.

544 views • 42 slides
Bruno Gavranovi c SYCO2 Compositional Deep Learning December 18, 2018 1 / 36 Compositional

Bruno Gavranovi c SYCO2 Compositional Deep Learning December 18, 2018 1 / 36 Compositional

Bruno Gavranovi c SYCO2 Compositional Deep Learning December 18, 2018 1 / 36 Compositional Deep Learning Bruno Gavranovi c Faculty of Electrical Engineering and Computing (FER) University of Zagreb, Croatia bruno.gavranovic@fer.hr

1.22k views • 102 slides
Statussen in snapshot voor premiejaar 2019 Used contract: Not used Used Request

Statussen in snapshot voor premiejaar 2019 Used contract: Not used Used Request

INFOSS Statussen snapshot (UC15) Leen Van Looveren 05/05/2020 1 Definities herhaling (UC02) Used contract: contract on which the NIHDI premium will be transferred if nothing would change before the payment day Valid contract: a contract

377 views • 16 slides
H Multi-objective and Multi-Model MIMO control design for Broadband noise attenuation in a 3D

H Multi-objective and Multi-Model MIMO control design for Broadband noise attenuation in a 3D

H Multi-objective and Multi-Model MIMO control design for Broadband noise attenuation in a 3D enclosure Paul LOISEAU, Philippe CHEVREL, Mohamed YAGOUBI, Jean-Marc DUFFAL Mines Nantes, IRCCyN &amp; Renault SAS March 2016 Content 1

414 views • 26 slides
Contract Termination / Renewal Decisions Life of a contract Contract life Contract Execution

Contract Termination / Renewal Decisions Life of a contract Contract life Contract Execution

Contract Termination / Renewal Decisions Life of a contract Contract life Contract Execution period Reporting Time Implementation closure activities period Warranty Contract period Signature (supply) or defect liability period

289 views • 12 slides

More recommend