checking linearizability using hitting families
play

Checking Linearizability Using Hitting Families Burcu Kulahcioglu - PowerPoint PPT Presentation

Feb 09, 2024 •183 likes •456 views

Checking Linearizability Using Hitting Families Burcu Kulahcioglu Ozkan 1 , Rupak Majumdar 1 , Filip Niksic 2 1 Max Planck Institute for Software Systems (MPI-SWS) 2 University of Pennsylvania Linearizability as a correctness condition Two

  1. Checking Linearizability 
 Using Hitting Families Burcu Kulahcioglu Ozkan 1 , Rupak Majumdar 1 , Filip Niksic 2 1 Max Planck Institute for Software Systems (MPI-SWS) 2 University of Pennsylvania

  2. Linearizability as a correctness condition Two execution histories on a concurrent list: addAll(1, 2): true isEmpty(): true clear() toString(): “[1]” 1: 1: clear() addAll(1, 2): true 2: 2: Linearizable history: Concurrent operations can be totally ordered in a consistent way Linearizable concurrent object: All of its execution histories are linearizable

  3. Linearizability as a correctness condition Two execution histories on a concurrent list: addAll(1, 2): true isEmpty(): true clear() toString(): “[1]” 1: 1: clear() addAll(1, 2): true 2: 2: linearizable Linearizable history: Concurrent operations can be totally ordered in a consistent way Linearizable concurrent object: All of its execution histories are linearizable

  4. Linearizability as a correctness condition Two execution histories on a concurrent list: addAll(1, 2): true isEmpty(): true clear() toString(): “[1]” 1: 1: clear() addAll(1, 2): true 2: 2: linearizable non-linearizable Linearizable history: Concurrent operations can be totally ordered in a consistent way Linearizable concurrent object: All of its execution histories are linearizable

  5. Checking linearizability Linearizability of a concurrent object • Pertains to verification • Undecidable • Approaches: Program logics, proof rules, semi-automated procedures Linearizability of a single execution history • Pertains to testing • NP-complete • Approaches: Exhaustive search for a linearizability witness with space-time trade-offs

  6. Checking linearizability Linearizability of a concurrent object • Pertains to verification • Undecidable • Approaches: Program logics, proof rules, semi-automated procedures Linearizability of a single execution history • Pertains to testing • NP-complete • Approaches: Exhaustive search for a linearizability witness with space-time trade-offs

  7. Our contribution In a nutshell: • Prioritize the search space to quickly find linearizability witnesses (if they exist) In more detail: • Introduce linearizability depth of a history • For a history of linearizability depth d , with n operations on k threads: 
 Suffices to explore a strong d -hitting family of at most O(kn d-1 ) linearizations • Experiments on java.util.concurrent : 
 In most cases linearizability witnessed by strong d -hitting families with d ≤ 5 !

  8. Linearizability Execution history induces a partial order of operations op 1 (args 1 ): res 1 op 1 (args 1 ): res 1 op 2 (args 2 ): res 2 op 2 (args 2 ): res 2 op 1 happens before op 2 op 1 and op 2 are concurrent Schedule: A total order of operations that extends the happens-before relation Linearizability witness: A schedule in which the results of operations satisfy the sequential specification Linearizable history: A history that has a linearizability witness

  9. Testing concurrent objects [Wing and Gong ’93] Sequential object 
 Concurrent object (specification) history 1 linearizable Simulator history 2 linearizable ⋮ ⋮ history m non-linearizable

  10. Testing concurrent objects [Wing and Gong ’93] Sequential object 
 Concurrent object (specification) history 1 linearizable Simulator history 2 linearizable Jepsen (distributed systems) ⋮ ⋮ Violat ( java.util.concurrent ) history m non-linearizable

  11. Testing concurrent objects [Wing and Gong ’93] Sequential object 
 Concurrent object (specification) Observation 1: history 1 linearizable Simulator Most histories are linearizable history 2 linearizable Jepsen (distributed systems) ⋮ ⋮ Violat ( java.util.concurrent ) history m non-linearizable

  12. Execution history generated by Violat 
 for ConcurrentLinkedQueue toString(): “[]” poll(): null 1: size(): 0 isEmpty(): true 2: clear() addAll(1, 2): true 3: removeAll(1, 0): false retainAll(2, 0): true 4: retainAll(0, 0): false poll(): null 5: poll(): 2 toArray(): [] 6: remove(0): false containsAll(1, 1): false 7:

  13. Execution history generated by Violat 
 for ConcurrentLinkedQueue toString(): “[]” poll(): null 1: total schedules: 1,004,640 lin. witnesses: 134,400 size(): 0 isEmpty(): true 2: clear() addAll(1, 2): true 3: removeAll(1, 0): false retainAll(2, 0): true 4: retainAll(0, 0): false poll(): null 5: poll(): 2 toArray(): [] 6: remove(0): false containsAll(1, 1): false 7:

  14. Execution history generated by Violat 
 for ConcurrentLinkedQueue toString(): “[]” poll(): null 1: total schedules: 1,004,640 lin. witnesses: 134,400 size(): 0 isEmpty(): true 2: addAll(1, 2): true clear() 3: removeAll(1, 0): false retainAll(2, 0): true 4: retainAll(0, 0): false poll(): null 5: poll(): 2 toArray(): [] 6: remove(0): false containsAll(1, 1): false 7:

  15. Execution history generated by Violat 
 for ConcurrentLinkedQueue toString(): “[]” poll(): null 1: total schedules: 1,004,640 lin. witnesses: 134,400 size(): 0 isEmpty(): true 2: addAll(1, 2): true clear() 3: removeAll(1, 0): false retainAll(2, 0): true 4: retainAll(0, 0): false poll(): null 5: poll(): 2 toArray(): [] 6: remove(0): false containsAll(1, 1): false 7:

  16. Linearizability depth Strong hitting: 
 Given d ≥ 1 , a schedule 𝛃 strongly hits a d -tuple of operations (op 0 , …, op d-1 ) if it • maximally delays each op i • while maintaining the relative order op 0 < 𝛃 … < 𝛃 op d-1 d-Linearizable history: 
 There exist operations op 0 , …, op d-1 such that every schedule that strongly hits 
 (op 0 , …, op d-1 ) is a witness to linearizability Linearizability depth of a history: 
 Smallest d ≥ 1 such that the history is d -linearizable

  17. History from the example has linearizability depth 1 toString(): “[]” poll(): null 1: total schedules: 1,004,640 lin. witnesses: 134,400 size(): 0 isEmpty(): true 2: clear() addAll(1, 2): true 3: removeAll(1, 0): false retainAll(2, 0): true 4: retainAll(0, 0): false poll(): null 5: poll(): 2 toArray(): [] 6: remove(0): false containsAll(1, 1): false 7:

  18. History from the example has linearizability depth 1 toString(): “[]” poll(): null 1: total schedules: 1,004,640 lin. witnesses: 134,400 size(): 0 isEmpty(): true 2: clear() addAll(1, 2): true 3: Observation 2: removeAll(1, 0): false retainAll(2, 0): true 4: Most linearizable histories have small linearizability depth retainAll(0, 0): false poll(): null 5: poll(): 2 toArray(): [] 6: remove(0): false containsAll(1, 1): false 7:

  19. Checking d-linearizability Recall: A history is d -linearizable if there exist operations op 0 , …, op d-1 such that every schedule that strongly hits (op 0 , …, op d-1 ) is a witness to linearizability Strong d-hitting family: A set of schedules 𝓖 is a strong d -hitting family if it strongly hits every d -tuple of operations Conclusion: To check d -linearizability, it suffices to explore schedules from 
 a strong d -hitting family

  20. Size of strong hitting families [OOPSLA ’18] Given a history of n operations on k threads, and d ≥ 1 : • There is a strong d -hitting family of size O(n d ) • There is a strong d -hitting family of size O(kn d-1 ) : 
 A single schedule can strongly hit all operations in a thread

  21. For the history from the example, 1-linearizability is shown by exploring 7 schedules! toString(): “[]” poll(): null total schedules: 1,004,640 1: lin. witnesses: 134,400 size(): 0 isEmpty(): true 2: strong 1-hit. family: 7 clear() addAll(1, 2): true 3: removeAll(1, 0): false retainAll(2, 0): true 4: retainAll(0, 0): false poll(): null 5: poll(): 2 toArray(): [] 6: remove(0): false containsAll(1, 1): false 7:

  22. Experiments Observation 1: Most execution histories are linearizable Observation 2: Most linearizable histories have small linearizability depth Goal: Validate the observations for the histories generated by Violat on java.util.concurrent

  23. Breakdown of histories generated by Violat 
 for ConcurrentLinkedQueue non-linearizable: 3 linearizable: 616 sequential: 161 Total: 780 histories

  24. Breakdown of histories generated by Violat non-linearizable linearizable sequential ArrayBlockingQueue ConcurrentHashMap ConcurrentLinkedDeque ConcurrentLinkedQueue ConcurrentSkipListMap ConcurrentSkipListSet LinkedBlockingDeque LinkedBlockingQueue LinkedTransferQueue PriorityBlockingQueue 0 377 753 1130 1506 Total number of histories

  25. Linearizable histories whose linearizability is shown by exploring strong d-hitting families 100% 87.5% 75% 62.5% 50% 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 d = ArrayBlockingQueue ConcurrentHashMap ConcurrentLinkedDeque ConcurrenLinkedQueue ConcurrentSkipListMap ConcurrentSkipListSet LinkedBlockingDeque LinkedBlockingQueue LinkedTransferQueue PriorityBlockingQueue

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Testing for Linearizability Gavin Lowe Testing for Linearizability 02 Linearizability

Testing for Linearizability Gavin Lowe Testing for Linearizability 02 Linearizability

Testing for Linearizability 01 Testing for Linearizability Gavin Lowe Testing for Linearizability 02 Linearizability Linearizability is a well-established and accepted correctness condition for concurrent datatypes. Informally, a concurrent

577 views • 18 slides
Hitting Families of Schedules for Asynchronous Programs Dmitry Chistikov 1,2 , Rupak Majumdar 1 ,

Hitting Families of Schedules for Asynchronous Programs Dmitry Chistikov 1,2 , Rupak Majumdar 1 ,

Hitting Families of Schedules for Asynchronous Programs Dmitry Chistikov 1,2 , Rupak Majumdar 1 , Filip Niksic 1 1 Max Planck Institute for Software Systems (MPI-SWS), Germany 2 University of Oxford, UK Ninjas at a conference banquet 1 2 n

654 views • 36 slides
Between Linearizability and Quiescent Consistency Radha Jagadeesan James Riely DePaul

Between Linearizability and Quiescent Consistency Radha Jagadeesan James Riely DePaul

Between Linearizability and Quiescent Consistency Radha Jagadeesan James Riely DePaul University Chicago, USA ICALP 2014 Between Linearizability and Quiescent Consistency ICALP 2014 1 Linearizability (Herlihy/Wing 1990) Each method call

1.09k views • 92 slides
Linearizability &amp; CAP Announcements No hours this week. Sorry am traveling starting

Linearizability &amp; CAP Announcements No hours this week. Sorry am traveling starting

Linearizability &amp; CAP Announcements No hours this week. Sorry am traveling starting tomorrow. Lab 1 goes out next week. On requiring summaries vs adding labs. Linearizability Concurrency not Distributed Systems?

532 views • 42 slides
2PC, Linearizability, Spanner 2020-04-17 Nikita Borisov - UIUC 12 Topics for Today

2PC, Linearizability, Spanner 2020-04-17 Nikita Borisov - UIUC 12 Topics for Today

2PC, Linearizability, Spanner 2020-04-17 Nikita Borisov - UIUC 12 Topics for Today Two-phase commit Atomic commit protocol Crash-recovery, durability External consistency / linearizability Spanner Multi-version database

440 views • 16 slides
Review: Linearizability Defini3on Given some component C (say,

Review: Linearizability Defini3on Given some component C (say,

Review: Linearizability Defini3on Given some component C (say, a class) And some opera3ons O1, O2, .. (say, methods) An opera)on is linearizable

808 views • 56 slides
Sequential Consistency Versus Linearizability Hagit A(ya, and

Sequential Consistency Versus Linearizability Hagit A(ya, and

Sequential Consistency Versus Linearizability Hagit A(ya, and Jennifer L. Welch (ACM Transac&lt;ons on Computer Systems 1994) Presented by: Haonan Lu 0

299 views • 8 slides
Higher-Order Model Checking I: Relating Families of Generators of Infinite Structures Luke Ong

Higher-Order Model Checking I: Relating Families of Generators of Infinite Structures Luke Ong

Higher-Order Model Checking I: Relating Families of Generators of Infinite Structures Luke Ong University of Oxford http://www.cs.ox.ac.uk/people/luke.ong/personal/ http://mjolnir.cs.ox.ac.uk Estonia Winter School in Computer Science, 3-8 Mar

277 views • 27 slides
RIFL: Implementing Linearizability at Large Scale and Low Latency Jiaxin Wang Motivation

RIFL: Implementing Linearizability at Large Scale and Low Latency Jiaxin Wang Motivation

RIFL: Implementing Linearizability at Large Scale and Low Latency Jiaxin Wang Motivation Consistency Important issue in large-scale storage systems Linearizability Strongest form of consistency for concurrent systems

1.24k views • 21 slides
PII Oliveira Peres S Theorem 2 2012 t act for all ca and 7 positive constants reversible s.t ca

PII Oliveira Peres S Theorem 2 2012 t act for all ca and 7 positive constants reversible s.t ca

and hitting times for Markov chains Mixing between mixing times and Overview 1 up to constants Equivalence of large sets times hitting different sizes of sets comparison for times 2 flitting Refined mixing and hitting equivalence 3 in

176 views • 4 slides
Hitting sets and VC-dimension Nicolas Bousquet 1 e 2 Joint work with St ephan Thomass 1

Hitting sets and VC-dimension Nicolas Bousquet 1 e 2 Joint work with St ephan Thomass 1

Hitting sets and VC-dimension Nicolas Bousquet 1 e 2 Joint work with St ephan Thomass 1 Universit e Montpellier II, LIRMM 2 LIP, ENS Lyon Hitting sets and packings Integrality gap VC-dimension k -majority tournaments Erd os-P osa

852 views • 83 slides
Linearizability, revisited Radha Jagadeesan Gustavo Petri Corin Pitcher James Riely

Linearizability, revisited Radha Jagadeesan Gustavo Petri Corin Pitcher James Riely

Linearizability, revisited Radha Jagadeesan Gustavo Petri Corin Pitcher James Riely DePaul University Purdue University ESOP 2010, FOSSACS 2012, TLDI 2012, ESOP 2013 Linearizability, revisited ESOP 2010, FOSSACS 2012,

1.24k views • 70 slides
Linearizability of Persistent Memory Objects Michael L. Scott Joint work with Joseph

Linearizability of Persistent Memory Objects Michael L. Scott Joint work with Joseph

Linearizability of Persistent Memory Objects Michael L. Scott Joint work with Joseph Izraelevitz &amp; Hammurabi Mendes www.cs.rochester.edu / research/synchronization/ Dagstuhl seminar on New Challenges in Parallelism November 2017 based on

303 views • 18 slides
Proving linearizability &amp; lock-freedom Viktor Vafeiadis MPI-SWS Michael &amp; Scott

Proving linearizability &amp; lock-freedom Viktor Vafeiadis MPI-SWS Michael &amp; Scott

Proving linearizability &amp; lock-freedom Viktor Vafeiadis MPI-SWS Michael &amp; Scott non-blocking queue head tail null X 1 2 3 CAS compare &amp; swap CAS (address, expectedValue, newValue) { atomic { if ( *address ==

1.03k views • 49 slides
3. Satisfiability Checking 3.1 SAT-Checking Procedures Verification Technology

3. Satisfiability Checking 3.1 SAT-Checking Procedures Verification Technology

Fachgebiet RechnerSysteme Technische Universitt Verification Technology Darmstadt 3. Satisfiability Checking Computer Systems Lab 1 3. Satisfiability Checking 3 3. Satisfiability Checking 3.1 SAT-Checking Procedures Verification

278 views • 11 slides
Hoare Logic and Model Checking Model Checking Lecture 11: Model checking for Computation Tree

Hoare Logic and Model Checking Model Checking Lecture 11: Model checking for Computation Tree

Hoare Logic and Model Checking Model Checking Lecture 11: Model checking for Computation Tree Logic Dominic Mulligan Based on previous slides by Alan Mycroft and Mike Gordon Programming, Logic, and Semantics Group University of Cambridge

402 views • 25 slides
Cloud Index Tracking: Enabling Predictable Costs in Cloud Spot Markets Supreeth Shastri and David

Cloud Index Tracking: Enabling Predictable Costs in Cloud Spot Markets Supreeth Shastri and David

Cloud Index Tracking: Enabling Predictable Costs in Cloud Spot Markets Supreeth Shastri and David Irwin University of Massachusetts Amherst Spot Servers are gaining significance in the cloud Servers that may terminate anytime after an advance

979 views • 54 slides
Homeless Emergency Assistance and Rapid Transition to Housing: Defining Chronically

Homeless Emergency Assistance and Rapid Transition to Housing: Defining Chronically

Homeless Emergency Assistance and Rapid Transition to Housing: Defining Chronically Homeless Final Rule Webinar Format At least 30 minutes will be reserved for Q&amp;A Due to the high volume of participants, everyone will be muted

344 views • 30 slides
Do wnlo ad a c o py o f the Family Pe e r Ad vo c ate Pro visio nal Cre d e ntial so yo u c

Do wnlo ad a c o py o f the Family Pe e r Ad vo c ate Pro visio nal Cre d e ntial so yo u c

Do wnlo ad a c o py o f the Family Pe e r Ad vo c ate Pro visio nal Cre d e ntial so yo u c an fo llo w alo ng as we g o thro ug h the applic atio n. Family Peer Advocate Provisional Credential Application Review P re s e n t e d

396 views • 38 slides
Performance Funding Dilemma: Developmental Education Bret Appleton Director, Institutional

Performance Funding Dilemma: Developmental Education Bret Appleton Director, Institutional

National Benchmarking Conference: May 3-5, 2016 Performance Funding Dilemma: Developmental Education Bret Appleton Director, Institutional Research and Data Analysis, State Fair Community College Kelli Burns Director, Institutional Research

631 views • 24 slides
The construction of troubled families as a social problem Stephen Crossley PhD

The construction of troubled families as a social problem Stephen Crossley PhD

The construction of troubled families as a social problem Stephen Crossley PhD Candidate School of Applied Social Sciences The long history. 1880s Victorian residuum 1910s The unemployables 1930s Social Problem

424 views • 14 slides
Case Preparation and Review The Maryland Department of Health and Mental Hygiene Preparing for

Case Preparation and Review The Maryland Department of Health and Mental Hygiene Preparing for

FIMR Basics Training Case Preparation and Review The Maryland Department of Health and Mental Hygiene Preparing for Case Review Choose Case Review Team members Gather information Decide which cases to review Prepare for review

475 views • 22 slides
Obtaining Medical Information under Title I of the ADA Amanda Maisels Deputy Chief, Disability

Obtaining Medical Information under Title I of the ADA Amanda Maisels Deputy Chief, Disability

11/2/2019 Obtaining Medical Information under Title I of the ADA Amanda Maisels Deputy Chief, Disability Rights Section U.S. Department of Justice 1 Learning Objectives Who, What, Where, When and Why? What is a medical exam or

109 views • 8 slides
Volume 30 No. 09 April 2020 All providers For Action TO: Health Maintenance Organizations

Volume 30 No. 09 April 2020 All providers For Action TO: Health Maintenance Organizations

State of New Jersey Department of Human Services Division of Medical Assistance &amp; Health Services Volume 30 No. 09 April 2020 All providers For Action TO: Health Maintenance Organizations For Information Only SUBJECT: Temporary

229 views • 3 slides

More recommend