mark batty
play

Mark Batty University of Kent It is time for mechanised industrial - PowerPoint PPT Presentation

Jan 11, 2024 •590 likes •1.11k views

Mechanised industrial concurrency specification: C/C++ and GPUs Mark Batty University of Kent It is time for mechanised industrial standards Specifications are written in English prose: this is insufficient Write mechanised specs instead

  1. Mechanised industrial concurrency specification: C/C++ and GPUs Mark Batty 
 University of Kent 


  2. It is time for mechanised industrial standards Specifications are written in English prose: this is insufficient Write mechanised specs instead (formal, machine-readable, executable) This enables verification, and can identify important research questions Writing mechanised specifications is practical now 2

  3. A case study: industrial concurrency specification 3

  4. Shared memory concurrency Multiple threads communicate through a shared memory Thread Thread … … Shared memory 4

  5. Shared memory concurrency Multiple threads communicate through a shared memory Thread Thread … … Shared memory Most systems use a form of shared memory concurrency: 5

  6. An example programming idiom data , flag , r initially zero Thread 1: Thread 2: data = 1; while (flag==0) flag = 1; {}; r = data; In the end r==1 Sequential consistency: … Thread 1 Thread 2 simple interleaving of concurrent accesses … data, flag, r Reality: more complex 6

  7. An example programming idiom data , flag , r initially zero Thread 1: Thread 2: data = 1; while (flag==0) flag = 1; {}; r = data; In the end r==1 Sequential consistency: … Thread 1 Thread 2 simple interleaving of concurrent accesses … data, flag, r Reality: more complex 7

  8. Relaxed concurrency Memory is slow, so it is optimised (buffers, caches, reordering…) e.g. IBM’s machines allow reordering of unrelated writes (so do compilers, ARM, Nvidia…) data , flag , r initially zero Thread 1: Thread 2: data = 1; while (flag==0) flag = 1; {}; r = data; In the end r==1 Sometimes, in the end r==0 , a relaxed behaviour Many other behaviours like this, some far more subtle, leading to trouble 8

  9. Relaxed concurrency Memory is slow, so it is optimised (buffers, caches, reordering…) e.g. IBM’s machines allow reordering of unrelated writes (so do compilers, ARM, Nvidia…) data , flag , r initially zero Thread 1: Thread 2: flag = 1; while (flag==0) data = 1; {}; r = data; In the end r==1 Sometimes, in the end r==0 , a relaxed behaviour Many other behaviours like this, some far more subtle, leading to trouble 9

  10. Relaxed behaviour leads to problems Bugs in deployed processors Power/ARM processors: unintended relaxed behaviour Many bugs in compilers observable on shipped machines Bugs in language specifications [AMSS10] Bugs in operating systems 10

  11. Relaxed behaviour leads to problems Bugs in deployed processors Errors in key compilers (GCC, LLVM): compiled programs could Many bugs in compilers behave outside of spec. Bugs in language specifications [MPZN13, CV16] Bugs in operating systems 11

  12. Relaxed behaviour leads to problems The C and C++ standards had Bugs in deployed processors bugs that made unintended behaviour allowed. Many bugs in compilers Bugs in language specifications More on this later. Bugs in operating systems [BOS+11, BMN+15] 12

  13. Relaxed behaviour leads to problems Bugs in deployed processors Confusion among operating system engineers leads to Many bugs in compilers bugs in the Linux kernel Bugs in language specifications [McK11, SMO+12] Bugs in operating systems 13

  14. Relaxed behaviour leads to problems Bugs in deployed processors Many bugs in compilers Bugs in language specifications Bugs in operating systems Current engineering practice is severely lacking! 14

  15. Vague specifications are at fault Relaxed behaviours are subtle, difficult to test for and often unexpected, yet allowed for performance Specifications try to define what is allowed, but English prose is untestable, ambiguous, and hides errors 15

  16. A diverse and continuing effort Modelling of hardware and languages Simulation tools and reasoning principles Build mechanised executable formal models of specifications Empirical testing of current hardware Verification of language design goals [AFI+09,BOS+11,BDW16] Test and verify compilers [FGP+16,LDGK08,OSP09] Feedback to industry: specs and test suites 16

  17. A diverse and continuing effort Provide tools to simulate the Modelling of hardware and languages formal models, to explain their Simulation tools and reasoning principles behaviours to non-experts Empirical testing of current hardware Verification of language design goals Provide reasoning principles to help in the verification of code Test and verify compilers Feedback to industry: specs and test suites [BOS+11,SSP+,BDG13] 17

  18. A diverse and continuing effort Modelling of hardware and languages Run a battery of tests to Simulation tools and reasoning principles understand the observable Empirical testing of current hardware behaviour of the system and Verification of language design goals check it against the model Test and verify compilers [AMSS’11] Feedback to industry: specs and test suites 18

  19. A diverse and continuing effort Modelling of hardware and languages Simulation tools and reasoning principles Explicitly stated design goals Empirical testing of current hardware should be proved to hold Verification of language design goals [BMN+15] Test and verify compilers Feedback to industry: specs and test suites 19

  20. A diverse and continuing effort Modelling of hardware and languages Test to find the relaxed Simulation tools and reasoning principles behaviours introduced by Empirical testing of current hardware compilers and verify that Verification of language design goals optimisations are correct Test and verify compilers [MPZN13, CV16] Feedback to industry: specs and test suites 20

  21. A diverse and continuing effort Modelling of hardware and languages Specifications should be fixed Simulation tools and reasoning principles when problems are found Empirical testing of current hardware Test suites can ensure Verification of language design goals conformance to formal models Test and verify compilers Feedback to industry: specs and test suites [B11] 21

  22. A diverse and continuing effort Modelling of hardware and languages Simulation tools and reasoning principles Empirical testing of current hardware Verification of language design goals Test and verify compilers Feedback to industry: specs and test suites I will describe my part: 22

  23. The C and C++ memory model 23

  24. Acknowledgements M. Dodds A. Gotsman K. Memarian K. Nienhuis S. Owens J. Pichon-Pharabod S. Sarkar P . Sewell T. Weber 24

  25. C and C++ The medium for system implementation Defined by WG14 and WG21 of the International Standards Organisation The ’11 and ’14 revisions of the standards define relaxed memory behaviour I worked with WG21, formalising and improving their concurrency design 25

  26. C and C++ The medium for system implementation Defined by WG14 and WG21 of the International Standards Organisation The ’11 and ’14 revisions of the standards define relaxed memory behaviour We worked with the ISO, formalising and improving their concurrency design 26

  27. C++11 concurrency design A contract with the programmer: they must avoid data races , two threads competing for simultaneous access to a single variable data initially zero Thread 1: Thread 2: data = 1; r = data; Beware: Violate the contract and the compiler is free to allow anything: catch fire! 27

  28. C++11 concurrency design A contract with the programmer: they must avoid data races , two threads competing for simultaneous access to a single variable data initially zero Thread 1: Thread 2: data = 1; r = data; Beware: Violate the contract and the compiler is free to allow anything: catch fire! 28

  29. C++11 concurrency design A contract with the programmer: they must avoid data races , two threads competing for simultaneous access to a single variable data initially zero Thread 1: Thread 2: data = 1; r = data; Beware: Violate the contract and the compiler is free to allow anything: catch fire! Atomics are excluded from the requirement, and can order non-atomics, preventing simultaneous access and races 29

  30. C++11 concurrency design A contract with the programmer: they must avoid data races , two threads competing for simultaneous access to a single variable data , r , atomic flag , initially zero Thread 1: Thread 2: data = 1; while (flag==0) flag = 1; {}; r = data; Beware: Violate the contract and the compiler is free to allow anything: catch fire! Atomics are excluded from the requirement, and can order non-atomics, preventing simultaneous access and races 30

  31. Design goals in the standard The design is complex but the standard claims a powerful simplification: C++11/14: §1.10p21 It can be shown that programs that correctly use mutexes and memory_order_seq_cst operations to prevent all data races and use no other synchronization operations behave [according to] “sequential consistency”. This is the central design goal of the model, called DRF-SC 31

  32. Implicit design goals Compilers like GCC, LLVM map C/C++ to pieces of machine code C/C++ Power ARM x86 Load acquire ld; cmp; bc; isync ldr; dmb MOV (from memory) Each mapping should preserve the behaviour of the original program C/C++11 x86 Power ARM 32

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The C Language: It Is Not What You Think It Is! Mark Batty and Peter Sewell University of

The C Language: It Is Not What You Think It Is! Mark Batty and Peter Sewell University of

The C Language: It Is Not What You Think It Is! Mark Batty and Peter Sewell University of Cambridge Joint work of Jade Alglave, Mark Batty, Luc Maranget, Robin Morisset, Justus Matthiesen, Kayvan Memarian, Paul McKenney, Scott Owens, Pankaj

515 views • 36 slides
Multicore Programming: C++0x Mark Batty University of Cambridge in collaboration with Scott

Multicore Programming: C++0x Mark Batty University of Cambridge in collaboration with Scott

Multicore Programming: C++0x Mark Batty University of Cambridge in collaboration with Scott Owens, Susmit Sarkar, Peter Sewell, Tjark Weber November, 2010 p. 1 C++0x: the next C++ Specified by the C++ Standards Committee Defined in The

550 views • 38 slides
Compositional C11 Program Transformation Mark Batty - Mike Dodds - Alexey Gotsman

Compositional C11 Program Transformation Mark Batty - Mike Dodds - Alexey Gotsman

Compositional C11 Program Transformation Mark Batty - Mike Dodds - Alexey Gotsman Imperial Concurrency Workshop, July 2015 @miike Overview The C11 model is (arguably) broken: we omit problem features, most importantly no RLX.

544 views • 42 slides
Synchronising C/C++ and POWER Susmit Sarkar 1 Kayvan Memarian 1 Scott Owens 1 Mark Batty 1 Peter

Synchronising C/C++ and POWER Susmit Sarkar 1 Kayvan Memarian 1 Scott Owens 1 Mark Batty 1 Peter

Synchronising C/C++ and POWER Susmit Sarkar 1 Kayvan Memarian 1 Scott Owens 1 Mark Batty 1 Peter Sewell 1 Luc Maranget 2 Jade Alglave 3 , 4 Derek Williams 5 1 University of Cambridge 2 INRIA 3 Oxford University 4 Queen Mary London 5 IBM Austin June

856 views • 41 slides
Automatically Comparing Memory Consistency Models John Wickerson Mark Batty Tyler Sorensen

Automatically Comparing Memory Consistency Models John Wickerson Mark Batty Tyler Sorensen

C++ x86 Automatically Comparing Memory Consistency Models John Wickerson Mark Batty Tyler Sorensen George A. Constantinides Imperial U Kent Imperial Imperial S-REPLS @ Imperial Tuesday 27 September 2016 1 Contents Context: memory

1.72k views • 76 slides
The team! Miss Higson Mr Kilkenny Mr Batty Mr Harrison Mrs Bargery Mrs

The team! Miss Higson Mr Kilkenny Mr Batty Mr Harrison Mrs Bargery Mrs

The team! Miss Higson Mr Kilkenny Mr Batty Mr Harrison Mrs Bargery Mrs Burgess Mrs Baxter Mrs Coney Mrs Harding Miss Daulby In Year 7 you will be taught as a form group until October half-term, then we will

534 views • 28 slides
Discrete Differential Geometry Operators for Triangulated 2-Manifolds Mark Meyer, Mathieu

Discrete Differential Geometry Operators for Triangulated 2-Manifolds Mark Meyer, Mathieu

Discrete Differential Geometry Operators for Triangulated 2-Manifolds Mark Meyer, Mathieu Desbrun, Peter Schroder, and Alan H. Barr Presented by Christopher Batty Basic Premise How can we extend differential geometry to meshes? Goal

735 views • 31 slides
Modelling a New Normal Social Distancings Impact on Land Use Michael Batty Centre for

Modelling a New Normal Social Distancings Impact on Land Use Michael Batty Centre for

Cities Adapting to a Disruptive World University College London Modelling a New Normal Social Distancings Impact on Land Use Michael Batty Centre for Advanced Spatial Analysis CASA-UCL 18 June, Thursday | 4.00pm - 4.40pm

943 views • 41 slides
Holomorphic functions which preserve holomorphic semigroups Charles Batty (University of Oxford)

Holomorphic functions which preserve holomorphic semigroups Charles Batty (University of Oxford)

Holomorphic functions which preserve holomorphic semigroups Charles Batty (University of Oxford) joint work with Alexander Gomilko (Torun) and Yuri Tomilov (IMPAN, Warsaw) Mini-symposium on Functional Calculus, IWOTA Chemnitz, 17 August 2017

323 views • 15 slides
Reading in EYFS OCTOBER 2017 What is Batty Phonics? A program for teaching letter sounds.

Reading in EYFS OCTOBER 2017 What is Batty Phonics? A program for teaching letter sounds.

Reading in EYFS OCTOBER 2017 What is Batty Phonics? A program for teaching letter sounds. Order the letters are taught: 1. i, l, t, u, y 2. c, o, a, d, g, q, e 3. h, n, m, r, b, p, k 4. v, w, x 5. z, j, f, s Each letter sound has

204 views • 19 slides
Multicore Programming Java Memory Model Jaroslav ev Peter Sewell ck Tim Harris

Multicore Programming Java Memory Model Jaroslav ev Peter Sewell ck Tim Harris

Multicore Programming Java Memory Model Jaroslav ev Peter Sewell ck Tim Harris University of Cambridge MSR with thanks to Francesco Zappa Nardelli, Susmit Sarkar, Tom Ridge, Scott Owens, Magnus O. Myreen, Luc Maranget, Mark Batty,

901 views • 74 slides
Inventing Abstractions An Academic Perspective on Industrial Memory Models Susmit Sarkar with:

Inventing Abstractions An Academic Perspective on Industrial Memory Models Susmit Sarkar with:

Inventing Abstractions An Academic Perspective on Industrial Memory Models Susmit Sarkar with: Scott Owens, Kayvan Memarian, Mark Batty, Peter Sewell, Magnus Myreen, Jade Alglave, Luc Maranget, Francesco Zappa Nardelli, Derek Williams, Sela

473 views • 30 slides
SCHEME (CJRS) MARK II 1. Summary of CJRS Mark I and CJRS Mark II 2. Key Dates of CJRS 3.

SCHEME (CJRS) MARK II 1. Summary of CJRS Mark I and CJRS Mark II 2. Key Dates of CJRS 3.

CORONAVIRUS JOB RETENTION SCHEME (CJRS) MARK II 1. Summary of CJRS Mark I and CJRS Mark II 2. Key Dates of CJRS 3. Tapering of Government Support OVERVIEW 4. CJRS Mark II Key Concepts 5. CJRS Mark II - Calculations 6. Spreadsheets 7.

389 views • 17 slides
MARK I Duplicator 9 WANHAO PRODUCT BROCHURE DUPLICATOR 9 MARK I DUPLICATOR 9 MARK I

MARK I Duplicator 9 WANHAO PRODUCT BROCHURE DUPLICATOR 9 MARK I DUPLICATOR 9 MARK I

you can MARK I Duplicator 9 WANHAO PRODUCT BROCHURE DUPLICATOR 9 MARK I DUPLICATOR 9 MARK I Technical Specifi cations Primary attributes PLA printer, entrance level printer. of the technology Full assembled. Developped from Prusa i3.

445 views • 9 slides
The Gospel of Mark When Pigs Fly Mark 5:1-20 (NIV) They went across the lake to the region of

The Gospel of Mark When Pigs Fly Mark 5:1-20 (NIV) They went across the lake to the region of

The Gospel of Mark When Pigs Fly Mark 5:1-20 (NIV) They went across the lake to the region of the Gerasenes. 2 When Jesus got out of the boat, a man with an impure spirit came from the tombs to meet him. Mark 5:1-20 (NIV) 3 This man lived in

593 views • 15 slides
The Gospel of Mark Mark 2:13-17 (ESV) He went out again beside the sea, and all the crowd was

The Gospel of Mark Mark 2:13-17 (ESV) He went out again beside the sea, and all the crowd was

The Gospel of Mark Mark 2:13-17 (ESV) He went out again beside the sea, and all the crowd was coming to him, and he was teaching them. 14 And as he passed by, he saw Levi the son of Alphaeus sittjng at the tax booth, and he said to him,

767 views • 10 slides
Disclaimer Nursing Student Attitudes toward Mental Illness: This presenter has no conflicts of

Disclaimer Nursing Student Attitudes toward Mental Illness: This presenter has no conflicts of

APNA 29th Annual Conference Session 4014: October 31, 2015 Disclaimer Nursing Student Attitudes toward Mental Illness: This presenter has no conflicts of interest, A Quantitative Quasi-Experimental Study commercial support, or off-label use

368 views • 5 slides
Green Growth and Behavioral Economics Green Growth and Behavioral Economics Elke U Weber &

Green Growth and Behavioral Economics Green Growth and Behavioral Economics Elke U Weber &

Green Growth and Behavioral Economics Green Growth and Behavioral Economics Elke U Weber & Eric J Johnson Elke U. Weber & Eric J. Johnson Center for Research on Environmental Decisions (CRED) ( ) Center for Decision Sciences (CDS)

343 views • 22 slides
Edge Bundling for Visualizing Communication Behavior Ronny Brendel, Michael Heyde, Holger Brunst,

Edge Bundling for Visualizing Communication Behavior Ronny Brendel, Michael Heyde, Holger Brunst,

Center for Information Services and High Performance Computing Edge Bundling for Visualizing Communication Behavior Ronny Brendel, Michael Heyde, Holger Brunst, Tobias Hilbrich and Matthias Weber Presenter: Jens Domke VPA Workshop, Salt Lake

421 views • 29 slides
Improving Manufacturing Plants Through Big Data Analytics SDS2019 14 June 2019 Prof. Dr. Kurt

Improving Manufacturing Plants Through Big Data Analytics SDS2019 14 June 2019 Prof. Dr. Kurt

Improving Manufacturing Plants Through Big Data Analytics SDS2019 14 June 2019 Prof. Dr. Kurt Stockinger Martin Weber Marc Schni Agenda Use Case Goals Architecture Blueprint Experiment Conclusions Evaluation

533 views • 29 slides
Building Large-Scale Internet Services Jeff Dean jeff@google.com Plan for Today Googles

Building Large-Scale Internet Services Jeff Dean jeff@google.com Plan for Today Googles

Building Large-Scale Internet Services Jeff Dean jeff@google.com Plan for Today Googles computational environment hardware system software stack & its evolution Techniques for building large-scale systems decomposition

1.27k views • 80 slides
Graphical Perception Nam Wook Kim Mini-Courses January @ GSAS 2018 What is graphical

Graphical Perception Nam Wook Kim Mini-Courses January @ GSAS 2018 What is graphical

Graphical Perception Nam Wook Kim Mini-Courses January @ GSAS 2018 What is graphical perception? The visual decoding of information encoded on graphs Why? Visualization is really about external cognition, that is, how resources

1.17k views • 85 slides
rts t t rsss

rts t t rsss

rts t t rsss P rs t st

865 views • 69 slides
ECON 626: Applied Microeconomics Lecture 5: Regression Discontinuity Professors: Pamela Jakiela

ECON 626: Applied Microeconomics Lecture 5: Regression Discontinuity Professors: Pamela Jakiela

ECON 626: Applied Microeconomics Lecture 5: Regression Discontinuity Professors: Pamela Jakiela and Owen Ozier Regression discontinuity - basic idea A precise rule based on a continuous characteristic determines participation in a program. UMD

1.19k views • 75 slides

More recommend