Outline 0024 Spring 2010 21 :: 2 Source [1] Talking About - - PowerPoint PPT Presentation

– 21 :: 2 – Source [1] 0024 Spring 2010

Outline

– 21 :: 3 – Source [1] 0024 Spring 2010

Talking About Executions

Why?

Can’t we specify the linearization point of each operation

without describing an execution?

Not Always

In some cases, linearization point depends on the execution

– 21 :: 4 – Source [1] 0024 Spring 2010

Formal Model of Executions

Define precisely what we mean

Ambiguity is bad when intuition is weak

Allow reasoning

Formal But mostly informal

In the long run, actually more important Ask me why!

– 21 :: 5 – Source [1] 0024 Spring 2010

Split Method Calls into Two Events

Invocation

method name & args

• q. enq( x)

Response

result or exception

• q. enq( x) returns voi d
• q. deq( ) returns x
• q. deq( ) throws em

pt y

– 21 :: 6 – Source [1] 0024 Spring 2010

Invocation Notation

A q.enq(x)

(4)

– 21 :: 7 – Source [1] 0024 Spring 2010

Invocation Notation

A q.enq(x) thread

(4)

– 21 :: 8 – Source [1] 0024 Spring 2010

Invocation Notation

A q.enq(x) thread method

(4)

– 21 :: 9 – Source [1] 0024 Spring 2010

Invocation Notation

A q.enq(x) thread

• bject

(4)

method

– 21 :: 10 – Source [1] 0024 Spring 2010

Invocation Notation

A q.enq(x) thread

• bject

method arguments

(4)

– 21 :: 11 – Source [1] 0024 Spring 2010

Response Notation

A q: void

(2)

– 21 :: 12 – Source [1] 0024 Spring 2010

Response Notation

A q: void thread

(2)

– 21 :: 13 – Source [1] 0024 Spring 2010

Response Notation

A q: void thread result

(2)

– 21 :: 14 – Source [1] 0024 Spring 2010

Response Notation

A q: void thread

• bject

result

(2)

– 21 :: 15 – Source [1] 0024 Spring 2010

Response Notation

A q: void thread

• bject

result

(2)

– 21 :: 16 – Source [1] 0024 Spring 2010

Response Notation

A q: empty() thread

• bject

(2)

exception

– 21 :: 17 – Source [1] 0024 Spring 2010

History - Describing an Execution

A q. enq( 3) A q: voi d A q. enq( 5) B p. enq( 4) B p: voi d B q. deq( ) B q: 3 Sequence of invocations and responses H =

– 21 :: 18 – Source [1] 0024 Spring 2010

Definition

Invocation & response match if

A q. enq( 3) A q: voi d Thread names agree Object names agree

Method call

(1)

– 21 :: 19 – Source [1] 0024 Spring 2010

Object Projections

A q. enq( 3) A q: voi d B p. enq( 4) B p: voi d B q. deq( ) B q: 3

H =

– 21 :: 20 – Source [1] 0024 Spring 2010

Object Projections

A q. enq( 3) A q: voi d B p. enq( 4) B p: voi d B q. deq( ) B q: 3

H|q =

– 21 :: 21 – Source [1] 0024 Spring 2010

Thread Projections

A q. enq( 3) A q: voi d B p. enq( 4) B p: voi d B q. deq( ) B q: 3

H =

– 21 :: 22 – Source [1] 0024 Spring 2010

Thread Projections

A q. enq( 3) A q: voi d B p. enq( 4) B p: voi d B q. deq( ) B q: 3

H|B =

– 21 :: 23 – Source [1] 0024 Spring 2010

Complete Subhistory

A q. enq( 3) A q: voi d A q. enq( 5) B p. enq( 4) B p: voi d B q. deq( ) B q: 3 An invocation is pending if it has no matching respnse H =

– 21 :: 24 – Source [1] 0024 Spring 2010

Complete Subhistory

A q. enq( 3) A q: voi d A q. enq( 5) B p. enq( 4) B p: voi d B q. deq( ) B q: 3 May or may not have taken effect H =

– 21 :: 25 – Source [1] 0024 Spring 2010

Complete Subhistory

A q. enq( 3) A q: voi d A q. enq( 5) B p. enq( 4) B p: voi d B q. deq( ) B q: 3 discard pending invocations H =

– 21 :: 26 – Source [1] 0024 Spring 2010

Complete Subhistory

A q. enq( 3) A q: voi d B p. enq( 4) B p: voi d B q. deq( ) B q: 3 Complete(H) =

– 21 :: 27 – Source [1] 0024 Spring 2010

Sequential Histories

A q. enq( 3) A q: voi d B p. enq( 4) B p: voi d B q. deq( ) B q: 3 A q: enq( 5)

(4)

– 21 :: 28 – Source [1] 0024 Spring 2010

Sequential Histories

A q. enq( 3) A q: voi d B p. enq( 4) B p: voi d B q. deq( ) B q: 3 A q: enq( 5) match

(4)

– 21 :: 29 – Source [1] 0024 Spring 2010

Sequential Histories

A q. enq( 3) A q: voi d B p. enq( 4) B p: voi d B q. deq( ) B q: 3 A q: enq( 5) match match

(4)

– 21 :: 30 – Source [1] 0024 Spring 2010

Sequential Histories

A q. enq( 3) A q: voi d B p. enq( 4) B p: voi d B q. deq( ) B q: 3 A q: enq( 5) match match match

(4)

– 21 :: 31 – Source [1] 0024 Spring 2010

Sequential Histories

A q. enq( 3) A q: voi d B p. enq( 4) B p: voi d B q. deq( ) B q: 3 A q: enq( 5) match match match Final pending invocation OK

(4)

– 21 :: 32 – Source [1] 0024 Spring 2010

Sequential Histories

A q. enq( 3) A q: voi d B p. enq( 4) B p: voi d B q. deq( ) B q: 3 A q: enq( 5) match match match Final pending invocation OK

(4)

– 21 :: 33 – Source [1] 0024 Spring 2010

Well-Formed Histories

H=

A q. enq( 3) B p. enq( 4) B p: voi d B q. deq( ) A q: voi d B q: 3

– 21 :: 34 – Source [1] 0024 Spring 2010

Well-Formed Histories

H=

A q. enq( 3) B p. enq( 4) B p: voi d B q. deq( ) A q: voi d B q: 3

H| B=

B p. enq( 4) B p: voi d B q. deq( ) B q: 3 Per-thread projections sequential

– 21 :: 35 – Source [1] 0024 Spring 2010

Well-Formed Histories

H=

A q. enq( 3) B p. enq( 4) B p: voi d B q. deq( ) A q: voi d B q: 3

H| B=

B p. enq( 4) B p: voi d B q. deq( ) B q: 3 A q. enq( 3) A q: voi d

H| A=

Per-thread projections sequential

– 21 :: 36 – Source [1] 0024 Spring 2010

Equivalent Histories

H=

A q. enq( 3) B p. enq( 4) B p: voi d B q. deq( ) A q: voi d B q: 3 Threads see the same thing in both A q. enq( 3) A q: voi d B p. enq( 4) B p: voi d B q. deq( ) B q: 3

G = H| A = G | A H| B = G | B

– 21 :: 37 – Source [1] 0024 Spring 2010

Sequential Specifications

A sequential specification is some way of telling whether a

Single-thread, single-object history Is legal

For example:

Pre and post-conditions But plenty of other techniques exist …

– 21 :: 38 – Source [1] 0024 Spring 2010

Legal Histories

A sequential (multi-object) history H is legal if

For every object x H|x is in the sequential spec for x

– 21 :: 39 – Source [1] 0024 Spring 2010

Precedence

A q. enq( 3) B p. enq( 4) B p. voi d A q: voi d B q. deq( ) B q: 3 A method call precedes another if response event precedes invocation event

Method call Method call

(1)

– 21 :: 40 – Source [1] 0024 Spring 2010

Non-Precedence

A q. enq( 3) B p. enq( 4) B p. voi d B q. deq( ) A q: voi d B q: 3 Some method calls

• verlap one another

Method call Method call

(1)

– 21 :: 41 – Source [1] 0024 Spring 2010

Notation

Given

History H method executions m0 and m1 in H

We say m0 H m1, if

m0 precedes m1

Relation m0 H m1 is a

Partial order Total order if H is sequential

m0 m1

– 21 :: 42 – Source [1] 0024 Spring 2010

Linearizability

History H is linearizable if it can be extended to G by

Appending zero or more responses to pending invocations Discarding other pending invocations

So that G is equivalent to

Legal sequential history S where G S

– 21 :: 43 – Source [1] 0024 Spring 2010

What is G S

time a b time

(8)

S c G

G = { ac, bc} S = { ab, ac, bc}

– 21 :: 44 – Source [1] 0024 Spring 2010

Remarks

Some pending invocations

Took effect, so keep them Discard the rest

Condition G S

Means that S respects “real-time order” of G

– 21 :: 45 – Source [1] 0024 Spring 2010

A q. enq( 3) B q. enq( 4) B q: voi d B q. deq( ) B q: 4 B q: enq( 6)

Example

time B.q.enq(4)

• A. q.enq(3)

B.q.deq(4)

• B. q.enq(6)

– 21 :: 46 – Source [1] 0024 Spring 2010

Example

Complete this pending invocation

time B.q.enq(4) B.q.deq(4)

• B. q.enq(6)

A q. enq( 3) B q. enq( 4) B q: voi d B q. deq( ) B q: 4 B q: enq( 6)

• A. q.enq(3)

– 21 :: 47 – Source [1] 0024 Spring 2010

Example

Complete this pending invocation

time B.q.enq(4) B.q.deq(4)

• B. q.enq(6)

A.q.enq(3)

A q. enq( 3) B q. enq( 4) B q: voi d B q. deq( ) B q: 4 B q: enq( 6) A q: voi d

– 21 :: 48 – Source [1] 0024 Spring 2010

Example

time B.q.enq(4) B.q.deq(4)

• B. q.enq(6)

A.q.enq(3)

A q. enq( 3) B q. enq( 4) B q: voi d B q. deq( ) B q: 4 B q: enq( 6) A q: voi d discard this one

– 21 :: 49 – Source [1] 0024 Spring 2010

Example

time B.q.enq(4) B.q.deq(4) A.q.enq(3)

A q. enq( 3) B q. enq( 4) B q: voi d B q. deq( ) B q: 4 A q: voi d discard this one

– 21 :: 50 – Source [1] 0024 Spring 2010

A q. enq( 3) B q. enq( 4) B q: voi d B q. deq( ) B q: 4 A q: voi d

Example

time B.q.enq(4) B.q.deq(4) A.q.enq(3)

– 21 :: 51 – Source [1] 0024 Spring 2010

A q. enq( 3) B q. enq( 4) B q: voi d B q. deq( ) B q: 4 A q: voi d

Example

time

B q. enq( 4) B q: voi d A q. enq( 3) A q: voi d B q. deq( ) B q: 4

B.q.enq(4) B.q.deq(4) A.q.enq(3)

– 21 :: 52 – Source [1] 0024 Spring 2010

B.q.enq(4) B.q.deq(4) A.q.enq(3)

A q. enq( 3) B q. enq( 4) B q: voi d B q. deq( ) B q: 4 A q: voi d

Example

time

B q. enq( 4) B q: voi d A q. enq( 3) A q: voi d B q. deq( ) B q: 4 Equivalent sequential history

– 21 :: 58 – Source [1] 0024 Spring 2010

Composability Theorem

History H is linearizable if and only if

For every object x H|x is linearizable

We care about objects only!

(Materialism?)

– 21 :: 59 – Source [1] 0024 Spring 2010

Why Does Composability Matter?

Modularity Can prove linearizability of objects in isolation Can compose independently-implemented objects

– 21 :: 60 – Source [1] 0024 Spring 2010

Reasoning About Linearizability: Locking

publ i c O bj ect deq( ) t hr ows Em pt yExcept i on { l ock. l ock( ) ; t r y { i f ( t ai l == head) t hr ow new Em pt yExcept i on( ) ; O bj ect x = i t em s[ head % i t em

• s. l engt h] ;

head++; r et ur n x; } f i nal l y { l ock. unl ock( ) ; } }

1 capaci t y- 1 2

head tail

y z

– 21 :: 61 – Source [1] 0024 Spring 2010

Reasoning About Linearizability: Locking

publ i c O bj ect deq( ) t hr ows Em pt yExcept i on { l ock. l ock( ) ; t r y { i f ( t ai l == head) t hr ow new Em pt yExcept i on( ) ; O bj ect x = i t em s[ head % i t em

• s. l engt h] ;

head++; r et ur n x; } f i nal l y { l ock. unl ock( ) ; } }

Linearization points are when locks are released

– 21 :: 62 – Source [1] 0024 Spring 2010

More Reasoning: Lock-free

publ i c cl ass LockFr eeQ ueue { vol at i l e i nt head = 0, t ai l = 0; i t em s = new O bj ect [ capaci t y] ; publ i c voi d enq( O bj ect x) { whi l e ( t ai l - head == capaci t y) ; / / busy- wai t i t em s[ t ai l % capaci t y] = x; t ai l ++; } publ i c I t em deq( ) { whi l e ( t ai l == head) ; / / busy- wai t O bj ect i t em = i t em s[ head % capaci t y] ; head++; r et ur n i t em ; } }

1 capaci t y- 1 2

head tail

y z

– 21 :: 63 – Source [1] 0024 Spring 2010

publ i c cl ass LockFr eeQ ueue { vol at i l e i nt head = 0, t ai l = 0; i t em s = new O bj ect [ capaci t y] ; publ i c voi d enq( O bj ect x) { whi l e ( t ai l - head == capaci t y) ; / / busy- wai t i t em s[ t ai l % capaci t y] = x; t ai l ++; } publ i c I t em deq( ) { whi l e ( t ai l == head) ; / / busy- wai t O bj ect i t em = i t em s[ head % capaci t y] ; head++; r et ur n i t em ; } }

Linearization order is

• rder head and tail

fields modified

More Reasoning

– 21 :: 64 – Source [1] 0024 Spring 2010

More Reasoning

– 21 :: 65 – Source [1] 0024 Spring 2010

Strategy

Identify one atomic step where method “happens”

Critical section Machine instruction

Doesn’t always work

Might need to define several different steps for a given

method

– 21 :: 66 – Source [1] 0024 Spring 2010

Linearizability: Summary

Powerful specification tool for shared objects Allows us to capture the notion of objects being “atomic” Don’t leave home without it

– 21 :: 67 – Source [1] 0024 Spring 2010

Source