Replication and Consistency Setting: Concurrent threads accessing - - PowerPoint PPT Presentation
Replication and Consistency in and hardware general memory consistency models in particular Roland Meyer Technische Universit at Kaiserslautern Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 1 / 32
∗ in and hardware general memory consistency models in particular
Roland Meyer
Technische Universit¨ at Kaiserslautern
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 1 / 32
Setting: Concurrent threads accessing shared data
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 2 / 32
Setting: Concurrent threads accessing shared data
Shared Data Thread 1 Thread 2
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 2 / 32
Setting: Concurrent threads accessing shared data
Shared Data Thread 1 Thread 2
Problem 1: Access to shared data is slow
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 2 / 32
Setting: Concurrent threads accessing shared data
Shared Data Thread 1 Thread 2
Problem 1: Access to shared data is slow
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 2 / 32
Setting: Concurrent threads accessing shared data
Shared Data Thread 1 Thread 2
Problem 1: Access to shared data is slow Solution 1: Replicate data so that every thread has a copy
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 2 / 32
Setting: Concurrent threads accessing shared data
Shared Data Thread 1 Thread 2
Problem 1: Access to shared data is slow Solution 1: Replicate data so that every thread has a copy
Thread 1 Thread 2 Replica 1 Replica 2
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 2 / 32
Problem 2: Announce updates to other replicas
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 3 / 32
Problem 2: Announce updates to other replicas Solution 2: Halt the system and inform everybody
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 3 / 32
Problem 2: Announce updates to other replicas Solution 2: Halt the system and inform everybody Ruins all performance benefits (back to Problem 1)
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 3 / 32
Problem 2: Announce updates to other replicas Solution 2: Halt the system and inform everybody Ruins all performance benefits (back to Problem 1) Solution 2’: Inform other threads in a delayed fashion
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 3 / 32
Problem 2: Announce updates to other replicas Solution 2: Halt the system and inform everybody Ruins all performance benefits (back to Problem 1) Solution 2’: Inform other threads in a delayed fashion Thread 1 Thread 2 Replica 1 Replica 2
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 3 / 32
Problem 3: Inconsistent replicas while updates travel
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 4 / 32
Problem 3: Inconsistent replicas while updates travel Thread 1 Thread 2 State x = 1 State x = 0 x = 1
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 4 / 32
Problem 3: Inconsistent replicas while updates travel Thread 1 Thread 2 State x = 1 State x = 0 x = 1 Solution 3: Live with it, inconsistency is here to stay!
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 4 / 32
Weaker Consistency Higher Performance/Availability CAP Undesirable Hardware
Geo SC TSO (x86) C++11 Causal EC (Dynamo)
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 5 / 32
Problem 3: Inconsistent replicas while updates travel Solution 3: Live with it
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 6 / 32
Problem 3: Inconsistent replicas while updates travel Solution 3: Live with it Solution 3’: Architectures give guarantees about updates
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 6 / 32
Problem 3: Inconsistent replicas while updates travel Solution 3: Live with it Solution 3’: Architectures give guarantees about
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 6 / 32
Problem 3: Inconsistent replicas while updates travel Solution 3: Live with it Solution 3’: Architectures give guarantees about
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 6 / 32
Problem 3: Inconsistent replicas while updates travel Solution 3: Live with it Solution 3’: Architectures give guarantees about
Problem 4: But there are so many architectures
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 6 / 32
Problem 3: Inconsistent replicas while updates travel Solution 3: Live with it Solution 3’: Architectures give guarantees about
Problem 4: But there are so many architectures Solution 4: Yes, but there are underlying principles
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 6 / 32
Problem 3: Inconsistent replicas while updates travel Solution 3: Live with it Solution 3’: Architectures give guarantees about
Problem 4: But there are so many architectures Solution 4: Yes, but there are underlying principles ... at least in hardware
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 6 / 32
Principles in hardware memory consistency models
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 7 / 32
Principles in hardware memory consistency models Guarantees in the update mechanism [Alglave, TOPLAS’14]:
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 7 / 32
Principles in hardware memory consistency models Guarantees in the update mechanism [Alglave, TOPLAS’14]: SC per thread: For one thread running in isolation the system looks consistent
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 7 / 32
Principles in hardware memory consistency models Guarantees in the update mechanism [Alglave, TOPLAS’14]: SC per thread: For one thread running in isolation the system looks consistent Consequence: We can always rely on address and data dependencies
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 7 / 32
Principles in hardware memory consistency models Guarantees in the update mechanism [Alglave, TOPLAS’14]: SC per thread: For one thread running in isolation the system looks consistent Consequence: We can always rely on address and data dependencies Coherence: For every variable all threads will see the stores to this variable in the same order
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 7 / 32
Principles in hardware memory consistency models Guarantees in the update mechanism [Alglave, TOPLAS’14]: SC per thread: For one thread running in isolation the system looks consistent Consequence: We can always rely on address and data dependencies Coherence: For every variable all threads will see the stores to this variable in the same order Why? Programmability
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 7 / 32
Principles in hardware memory consistency models Guarantees in the update mechanism [Alglave, TOPLAS’14]: SC per thread: For one thread running in isolation the system looks consistent Consequence: We can always rely on address and data dependencies Coherence: For every variable all threads will see the stores to this variable in the same order Why? Programmability + historical reasons
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 7 / 32
Principles in hardware memory consistency models
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 8 / 32
Principles in hardware memory consistency models What can be relaxed: Program order
TSO+W/R
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 8 / 32
Principles in hardware memory consistency models What can be relaxed: Program order
TSO+W/R PSO +W/W
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 8 / 32
Principles in hardware memory consistency models What can be relaxed: Program order
TSO+W/R PSO PGAS +W/W +R/R
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 8 / 32
Principles in hardware memory consistency models What can be relaxed: Program order
TSO+W/R PSO PGAS RMO +W/W +R/R +R/W
Very strange (and not in this talk):
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 8 / 32
Principles in hardware memory consistency models What can be relaxed: Program order
TSO+W/R PSO PGAS RMO +W/W +R/R +R/W
Very strange (and not in this talk): Out-of-thin-air values — arise when threads consistently lie to each other
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 8 / 32
Principles in hardware memory consistency models What can be relaxed: Program order + store order
TSO+W/R PSO PGAS RMO +W/W +R/R +R/W +NSA
Very strange (and not in this talk): Out-of-thin-air values — arise when threads consistently lie to each other
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 8 / 32
Principles in hardware memory consistency models What can be relaxed: Program order + store order
TSO+W/R PSO PGAS RMO Power +W/W +R/R +R/W +NSA
Very strange (and not in this talk): Out-of-thin-air values — arise when threads consistently lie to each other
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 8 / 32
Consistency models Axiomatic, programming language (herd) for consistency models (Alglave)
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 9 / 32
Consistency models Axiomatic, programming language (herd) for consistency models (Alglave) Geo-replicated consistency Conflict-free replicated data types (Shapiro)
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 9 / 32
Consistency models Axiomatic, programming language (herd) for consistency models (Alglave) Geo-replicated consistency Conflict-free replicated data types (Shapiro) C++11 Compilation (COMPCERT, ADVENT)
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 9 / 32
Consistency models Axiomatic, programming language (herd) for consistency models (Alglave) Geo-replicated consistency Conflict-free replicated data types (Shapiro) C++11 Compilation (COMPCERT, ADVENT) Linearizability Semantics and algorithmics (Paderborn, Paris, Uppsala)
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 9 / 32
Consistency models Axiomatic, programming language (herd) for consistency models (Alglave) Geo-replicated consistency Conflict-free replicated data types (Shapiro) C++11 Compilation (COMPCERT, ADVENT) Linearizability Semantics and algorithmics (Paderborn, Paris, Uppsala) Verification under relaxed consistency models Reachability and robustness (Paris, Uppsala, MSR, KL)
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 9 / 32
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 10 / 32
Finite number of shared variables {x, y, x1, . . .} Finite data domain {d, d0, d1, . . .} Finite number of finite-control threads T1, . . . , Tn with operations: w(x, d), r(x, d)
x = y = 0
Thread 1
a : x = 1 b : if (y == 0){ c :
d : }
Thread 2
p : y = 1 q : if (x == 0){ r :
s : }
Dekker’s mutual exclusion protocol.
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 11 / 32
Threads directly write to and read from memory Classical interleaving semantics
◮ Computations of different threads are shuffled ◮ Program order is preserved for each thread
x = y = 0
Thread 1
a : x = 1 b : if (y == 0){ c :
d : }
Thread 2
p : y = 1 q : if (x == 0){ r :
s : }
Thread 1 pc = a Thread 2 pc = p Mem
x y
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 12 / 32
Threads directly write to and read from memory Classical interleaving semantics
◮ Computations of different threads are shuffled ◮ Program order is preserved for each thread
x = y = 0
Thread 1
a : x = 1 b : if (y == 0){ c :
d : }
Thread 2
p : y = 1 q : if (x == 0){ r :
s : }
Thread 1 pc = b Thread 2 pc = p Mem
x 1 y
isu · w(x, 1)
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 12 / 32
Threads directly write to and read from memory Classical interleaving semantics
◮ Computations of different threads are shuffled ◮ Program order is preserved for each thread
x = y = 0
Thread 1
a : x = 1 b : if (y == 0){ c :
d : }
Thread 2
p : y = 1 q : if (x == 0){ r :
s : }
Thread 1 pc = c Thread 2 pc = p Mem
x 1 y
isu · w(x, 1) · r(y, 0)
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 12 / 32
Threads directly write to and read from memory Classical interleaving semantics
◮ Computations of different threads are shuffled ◮ Program order is preserved for each thread
x = y = 0
Thread 1
a : x = 1 b : if (y == 0){ c :
d : }
Thread 2
p : y = 1 q : if (x == 0){ r :
s : }
Thread 1 pc = c Thread 2 pc = q Mem
x 1 y 1
isu · w(x, 1) · r(y, 0) · isu · w(y, 1)
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 12 / 32
Threads directly write to and read from memory Classical interleaving semantics
◮ Computations of different threads are shuffled ◮ Program order is preserved for each thread
x = y = 0
Thread 1
a : x = 1 b : if (y == 0){ c :
d : }
Thread 2
p : y = 1 q : if (x == 0){ r :
s : }
Thread 1 pc = c Thread 2 pc = q Mem
x 1 y 1
isu · w(x, 1) · r(y, 0) · isu · w(y, 1) ·
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 12 / 32
Sequential Consistency forbids compiler and hardware optimizations Hence is not implemented by any processor Processors have various buffers to reduce latency of memory accesses Behavior captured by relaxed memory models Here: Total Store Ordering (TSO) memory model
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 13 / 32
TSO architectures have write buffers (FIFO) Read takes value from memory if no write to that variable is buffered Otherwise read value of last write to that variable in the buffer
x = y = 0
Thread 1
a : x = 1 b : if (y == 0){ c :
d : }
Thread 2
p : y = 1 q : if (x == 0){ r :
s : }
Thread 1 pc = a Thread 2 pc = p Mem
x y
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 14 / 32
TSO architectures have write buffers (FIFO) Read takes value from memory if no write to that variable is buffered Otherwise read value of last write to that variable in the buffer
x = y = 0
Thread 1
a : x = 1 b : if (y == 0){ c :
d : }
Thread 2
p : y = 1 q : if (x == 0){ r :
s : }
Thread 1 pc = b Thread 2 pc = p w(x, 1) Mem
x y
isu
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 14 / 32
TSO architectures have write buffers (FIFO) Read takes value from memory if no write to that variable is buffered Otherwise read value of last write to that variable in the buffer
x = y = 0
Thread 1
a : x = 1 b : if (y == 0){ c :
d : }
Thread 2
p : y = 1 q : if (x == 0){ r :
s : }
Thread 1 pc = c Thread 2 pc = p w(x, 1) Mem
x y
isu · r(y, 0)
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 14 / 32
TSO architectures have write buffers (FIFO) Read takes value from memory if no write to that variable is buffered Otherwise read value of last write to that variable in the buffer
x = y = 0
Thread 1
a : x = 1 b : if (y == 0){ c :
d : }
Thread 2
p : y = 1 q : if (x == 0){ r :
s : }
Thread 1 pc = c Thread 2 pc = q w(x, 1) w(y, 1) Mem
x y
isu · r(y, 0) · isu
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 14 / 32
TSO architectures have write buffers (FIFO) Read takes value from memory if no write to that variable is buffered Otherwise read value of last write to that variable in the buffer
x = y = 0
Thread 1
a : x = 1 b : if (y == 0){ c :
d : }
Thread 2
p : y = 1 q : if (x == 0){ r :
s : }
Thread 1 pc = c Thread 2 pc = q w(x, 1) Mem
x y 1
isu · r(y, 0) · isu · w(y, 1)
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 14 / 32
TSO architectures have write buffers (FIFO) Read takes value from memory if no write to that variable is buffered Otherwise read value of last write to that variable in the buffer
x = y = 0
Thread 1
a : x = 1 b : if (y == 0){ c :
d : }
Thread 2
p : y = 1 q : if (x == 0){ r :
s : }
Thread 1 pc = c Thread 2 pc = r w(x, 1) Mem
x y 1
isu · r(y, 0) · isu · w(y, 1) · r(x, 0)
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 14 / 32
TSO architectures have write buffers (FIFO) Read takes value from memory if no write to that variable is buffered Otherwise read value of last write to that variable in the buffer
x = y = 0
Thread 1
a : x = 1 b : if (y == 0){ c :
d : }
Thread 2
p : y = 1 q : if (x == 0){ r :
s : }
Thread 1 pc = c Thread 2 pc = r Mem
x 1 y 1
isu · r(y, 0) · isu · w(y, 1) · r(x, 0) · w(x, 1)
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 14 / 32
TSO architectures have write buffers (FIFO) Read takes value from memory if no write to that variable is buffered Otherwise read value of last write to that variable in the buffer
x = y = 0
Thread 1
a : x = 1 b : if (y == 0){ c :
d : }
Thread 2
p : y = 1 q : if (x == 0){ r :
s : }
Thread 1 pc = c Thread 2 pc = r Mem
x y 1
isu · r(y, 0) · isu · w(y, 1) · r(x, 0) · w(x, 1)
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 14 / 32
TSO architectures have write buffers (FIFO) Read takes value from memory if no write to that variable is buffered Otherwise read value of last write to that variable in the buffer
x = y = 0
Thread 1
a : x = 1 b : if (y == 0){ c :
d : }
Thread 2
p : y = 1 q : if (x == 0){ r :
s : }
Thread 1 pc = c Thread 2 pc = r Mem
x y 1
isu · r(y, 0) · isu · w(y, 1) · r(x, 0) · w(x, 1)
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 14 / 32
Relaxed executions may lead to bad behavior
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 15 / 32
Relaxed executions may lead to bad behavior
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 15 / 32
Relaxed executions may lead to bad behavior
Theorem [Adve, Hill 1993]: If a program is data-race-free, then SC and TSO semantics coincide.
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 15 / 32
Relaxed executions may lead to bad behavior
Theorem [Adve, Hill 1993]: If a program is data-race-free, then SC and TSO semantics coincide.
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 15 / 32
Relaxed executions may lead to bad behavior
Theorem [Adve, Hill 1993]: If a program is data-race-free, then SC and TSO semantics coincide.
Works in 90% of the cases
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 15 / 32
Relaxed executions may lead to bad behavior
Theorem [Adve, Hill 1993]: If a program is data-race-free, then SC and TSO semantics coincide.
Works in 90% of the cases
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 15 / 32
Relaxed executions may lead to bad behavior
Theorem [Adve, Hill 1993]: If a program is data-race-free, then SC and TSO semantics coincide.
Works in 90% of the cases
Concurrency libraries Operating systems HPC@Fraunhofer ITWM
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 15 / 32
Relaxed executions may lead to bad behavior
Theorem [Adve, Hill 1993]: If a program is data-race-free, then SC and TSO semantics coincide.
Works in 90% of the cases
Concurrency libraries Operating systems HPC@Fraunhofer ITWM
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 15 / 32
[MSR, Oxford, Paris, Uppsala]
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 16 / 32
Consider a memory model MM State Reachability Problem for MM Input: Program P and a (control + memory) state s. Problem: Is s reachable when P is run under MM?
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 17 / 32
Consider a memory model MM State Reachability Problem for MM Input: Program P and a (control + memory) state s. Problem: Is s reachable when P is run under MM? Decidability / Complexity ? Each thread is finite-state For the SC memory model, this problem is PSPACE-complete
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 17 / 32
Consider a memory model MM State Reachability Problem for MM Input: Program P and a (control + memory) state s. Problem: Is s reachable when P is run under MM? Decidability / Complexity ? Each thread is finite-state For the SC memory model, this problem is PSPACE-complete Non-trivial for relaxed memory models: PathsTSO(P) = ClosureTSO(PathsSC(P)) is non-regular
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 17 / 32
[IMDEA, Oxford, Paris, Uppsala] [ICALP’11, ESOP’13, ICALP’14, ACM TECS’15]
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 18 / 32
[IMDEA, Oxford, Paris, Uppsala] [ICALP’11, ESOP’13, ICALP’14, ACM TECS’15]
Decision procedure for robustness that
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 18 / 32
[IMDEA, Oxford, Paris, Uppsala] [ICALP’11, ESOP’13, ICALP’14, ACM TECS’15]
Decision procedure for robustness that applies to most memory models (checked TSO, PSO, PGAS, Power)
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 18 / 32
[IMDEA, Oxford, Paris, Uppsala] [ICALP’11, ESOP’13, ICALP’14, ACM TECS’15]
Decision procedure for robustness that applies to most memory models (checked TSO, PSO, PGAS, Power) gives precise complexity
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 18 / 32
[IMDEA, Oxford, Paris, Uppsala] [ICALP’11, ESOP’13, ICALP’14, ACM TECS’15]
Decision procedure for robustness that applies to most memory models (checked TSO, PSO, PGAS, Power) gives precise complexity ... but relies on a new automaton model and lots of guessing
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 18 / 32
Idea: SC semantics is specification
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 19 / 32
Idea: SC semantics is specification Relaxed behavior may contain bugs because programmers only had SC in mind
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 19 / 32
Idea: SC semantics is specification Relaxed behavior may contain bugs because programmers only had SC in mind Every relaxed behavior has an SC equivalent (up to traces)
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 19 / 32
Idea: SC semantics is specification Relaxed behavior may contain bugs because programmers only had SC in mind Every relaxed behavior has an SC equivalent (up to traces) Every relaxed behavior that deviates from SC is a programming error
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 19 / 32
Idea: SC semantics is specification Relaxed behavior may contain bugs because programmers only had SC in mind Every relaxed behavior has an SC equivalent (up to traces) Every relaxed behavior that deviates from SC is a programming error Robustness Problem against relaxed memory model RMM
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 19 / 32
Idea: SC semantics is specification Relaxed behavior may contain bugs because programmers only had SC in mind Every relaxed behavior has an SC equivalent (up to traces) Every relaxed behavior that deviates from SC is a programming error Robustness Problem against relaxed memory model RMM Input: Program P.
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 19 / 32
Idea: SC semantics is specification Relaxed behavior may contain bugs because programmers only had SC in mind Every relaxed behavior has an SC equivalent (up to traces) Every relaxed behavior that deviates from SC is a programming error Robustness Problem against relaxed memory model RMM Input: Program P. Problem: Does TracesRMM(P) ⊆ TracesSC(P) hold?
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 19 / 32
Idea: SC semantics is specification Relaxed behavior may contain bugs because programmers only had SC in mind Every relaxed behavior has an SC equivalent (up to traces) Every relaxed behavior that deviates from SC is a programming error Robustness Problem against relaxed memory model RMM Input: Program P. Problem: Does TracesRMM(P) ⊆ TracesSC(P) hold? Decidability / Complexity ?
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 19 / 32
RMM-computations Robust Computations Minimal Violations = ∅ ?
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 20 / 32
RMM-computations Robust Computations Minimal Violations = ∅ ? Combinatorics: Violations can be assumed to be in normal form
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 20 / 32
RMM-computations Robust Computations Minimal Violations = ∅ ? Combinatorics: Violations can be assumed to be in normal form Algorithmics: Check whether normal form violations exist
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 20 / 32
Together: Reduce robustness to an emptiness check Lnf ∩ Rcyc
?
= ∅.
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 21 / 32
Together: Reduce robustness to an emptiness check Lnf ∩ Rcyc
?
= ∅. Combinatorics:
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 21 / 32
Together: Reduce robustness to an emptiness check Lnf ∩ Rcyc
?
= ∅. Combinatorics: Violations to SC (if any) have a representative in normal form.
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 21 / 32
Together: Reduce robustness to an emptiness check Lnf ∩ Rcyc
?
= ∅. Combinatorics: Violations to SC (if any) have a representative in normal form. Algorithmics:
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 21 / 32
Together: Reduce robustness to an emptiness check Lnf ∩ Rcyc
?
= ∅. Combinatorics: Violations to SC (if any) have a representative in normal form. Algorithmics: Language Lnf consists of all normal-form computations.
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 21 / 32
Together: Reduce robustness to an emptiness check Lnf ∩ Rcyc
?
= ∅. Combinatorics: Violations to SC (if any) have a representative in normal form. Algorithmics: Language Lnf consists of all normal-form computations. ∩ Rcyc filters only violating computations.
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 21 / 32
Together: Reduce robustness to an emptiness check Lnf ∩ Rcyc
?
= ∅. Combinatorics: Violations to SC (if any) have a representative in normal form. Algorithmics: Language Lnf consists of all normal-form computations. ∩ Rcyc filters only violating computations. Decide Lnf ∩ Rcyc
?
= ∅.
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 21 / 32
Reduce robustness to an emptiness check Lnf ∩ Rcyc
?
= ∅. Combinatorics: Violations to SC (if any) have a representative in normal form. Algorithmics: Language Lnf consists of all normal-form computations. ∩ Rcyc filters only violating computations. Decide Lnf ∩ Rcyc
?
= ∅.
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 22 / 32
Lemma (Shasha and Snir, 1988) A computation violates SC iff it has a cyclic happens-before relation. Thread 1 Thread 2 initx a: w(x, 1) d : r(x, 0) inity b: r(y, 0) c : w(y, 1)
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 23 / 32
Lemma (Shasha and Snir, 1988) A computation violates SC iff it has a cyclic happens-before relation. Happens-before relation of computation τ = isu · r(y, 0) · isu · w(y, 1) · r(x, 0) · w(x, 1) : Thread 1 Thread 2 initx a: w(x, 1) d : r(x, 0) inity b: r(y, 0) c : w(y, 1)
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 23 / 32
Lemma (Shasha and Snir, 1988) A computation violates SC iff it has a cyclic happens-before relation. Happens-before relation of computation τ = isu · r(y, 0) · isu · w(y, 1) · r(x, 0) · w(x, 1) : Thread 1 Thread 2 initx a: w(x, 1) d : r(x, 0) inity b: r(y, 0) c : w(y, 1) po po Program order
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 23 / 32
Lemma (Shasha and Snir, 1988) A computation violates SC iff it has a cyclic happens-before relation. Happens-before relation of computation τ = isu · r(y, 0) · isu · w(y, 1) · r(x, 0) · w(x, 1) : Thread 1 Thread 2 initx a: w(x, 1) d : r(x, 0) inity b: r(y, 0) c : w(y, 1) po po st st Program order, store order
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 23 / 32
Lemma (Shasha and Snir, 1988) A computation violates SC iff it has a cyclic happens-before relation. Happens-before relation of computation τ = isu · r(y, 0) · isu · w(y, 1) · r(x, 0) · w(x, 1) : Thread 1 Thread 2 initx a: w(x, 1) d : r(x, 0) inity b: r(y, 0) c : w(y, 1) po po st st src src Program order, store order, source relation
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 23 / 32
Lemma (Shasha and Snir, 1988) A computation violates SC iff it has a cyclic happens-before relation. Happens-before relation of computation τ = isu · r(y, 0) · isu · w(y, 1) · r(x, 0) · w(x, 1) : Thread 1 Thread 2 initx a: w(x, 1) d : r(x, 0) inity b: r(y, 0) c : w(y, 1) po po st st src src cf cf Program order, store order, source relation, conflict relation
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 23 / 32
Normal Form:
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 24 / 32
Normal Form: Computation has two parts τ = τ1 · τ2
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 24 / 32
Normal Form: Computation has two parts τ = τ1 · τ2 No delays within a part
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 24 / 32
Normal Form: Computation has two parts τ = τ1 · τ2 No delays within a part Delays in τ2 respect ordering in τ1
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 24 / 32
Normal Form: Computation has two parts τ = τ1 · τ2 No delays within a part Delays in τ2 respect ordering in τ1 In normal form . . . isu . . . isu . . . ⏟ ⏞
τ1
. . . w(x, 1) . . . w(y, 1) . . . ⏟ ⏞
τ2
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 24 / 32
Normal Form: Computation has two parts τ = τ1 · τ2 No delays within a part Delays in τ2 respect ordering in τ1 In normal form . . . isu . . . isu . . . ⏟ ⏞
τ1
. . . w(x, 1) . . . w(y, 1) . . . ⏟ ⏞
τ2
Not in normal form . . . isu . . . isu . . . ⏟ ⏞
τ1
. . . w(y, 1) . . . w(x, 1) . . . ⏟ ⏞
τ2
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 24 / 32
Theorem (Normal form): If a program is not robust, it has a violation in normal form.
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 25 / 32
Theorem (Normal form): If a program is not robust, it has a violation in normal form. Proof: Take a shortest computation τ with cyclic happens-before relation.
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 25 / 32
Theorem (Normal form): If a program is not robust, it has a violation in normal form. Proof: Take a shortest computation τ with cyclic happens-before relation. There is (may be non-trivial, depending on RMM) an event that can be cancelled: τ = τ1 · a · τ2 .
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 25 / 32
Theorem (Normal form): If a program is not robust, it has a violation in normal form. Proof: Take a shortest computation τ with cyclic happens-before relation. There is (may be non-trivial, depending on RMM) an event that can be cancelled: τ = τ1 · a · τ2 . Computation τ1 · τ2 is shorter
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 25 / 32
Theorem (Normal form): If a program is not robust, it has a violation in normal form. Proof: Take a shortest computation τ with cyclic happens-before relation. There is (may be non-trivial, depending on RMM) an event that can be cancelled: τ = τ1 · a · τ2 . Computation τ1 · τ2 is shorter, hence not violating.
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 25 / 32
Theorem (Normal form): If a program is not robust, it has a violation in normal form. Proof: Take a shortest computation τ with cyclic happens-before relation. There is (may be non-trivial, depending on RMM) an event that can be cancelled: τ = τ1 · a · τ2 . Computation τ1 · τ2 is shorter, hence not violating. There is an SC computation σ with same happens-before relation.
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 25 / 32
Theorem (Normal form): If a program is not robust, it has a violation in normal form. Proof: Take a shortest computation τ with cyclic happens-before relation. There is (may be non-trivial, depending on RMM) an event that can be cancelled: τ = τ1 · a · τ2 . Computation τ1 · τ2 is shorter, hence not violating. There is an SC computation σ with same happens-before relation. Now (σ ↓ τ1) · a · (σ ↓ τ2)
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 25 / 32
Theorem (Normal form): If a program is not robust, it has a violation in normal form. Proof: Take a shortest computation τ with cyclic happens-before relation. There is (may be non-trivial, depending on RMM) an event that can be cancelled: τ = τ1 · a · τ2 . Computation τ1 · τ2 is shorter, hence not violating. There is an SC computation σ with same happens-before relation. Now (σ ↓ τ1) · a · (σ ↓ τ2) is in normal form
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 25 / 32
Theorem (Normal form): If a program is not robust, it has a violation in normal form. Proof: Take a shortest computation τ with cyclic happens-before relation. There is (may be non-trivial, depending on RMM) an event that can be cancelled: τ = τ1 · a · τ2 . Computation τ1 · τ2 is shorter, hence not violating. There is an SC computation σ with same happens-before relation. Now (σ ↓ τ1) · a · (σ ↓ τ2) is in normal form and violating.
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 25 / 32
Reduce robustness to an emptiness check Lnf ∩ Rcyc
?
= ∅. Combinatorics: Violations to SC (if any) have a representative in normal form. Algorithmics: Language Lnf consists of all normal-form computations. ∩ Rcyc filters only violating computations. Decide Lnf ∩ Rcyc
?
= ∅.
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 26 / 32
Challenge Describe language Lnf of all normal-form computations
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 27 / 32
Challenge Describe language Lnf of all normal-form computations Need a language class that
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 27 / 32
Challenge Describe language Lnf of all normal-form computations Need a language class that includes Lnf ,
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 27 / 32
Challenge Describe language Lnf of all normal-form computations Need a language class that includes Lnf , is closed under regular intersection (Lnf ∩ Rcyc),
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 27 / 32
Challenge Describe language Lnf of all normal-form computations Need a language class that includes Lnf , is closed under regular intersection (Lnf ∩ Rcyc), has decidable emptiness problem (Lnf ∩ Rcyc
?
= ∅).
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 27 / 32
Challenge Describe language Lnf of all normal-form computations Need a language class that includes Lnf , is closed under regular intersection (Lnf ∩ Rcyc), has decidable emptiness problem (Lnf ∩ Rcyc
?
= ∅). Properties of Lnf
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 27 / 32
Challenge Describe language Lnf of all normal-form computations Need a language class that includes Lnf , is closed under regular intersection (Lnf ∩ Rcyc), has decidable emptiness problem (Lnf ∩ Rcyc
?
= ∅). Properties of Lnf Number of concurrently executed instructions is unbounded
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 27 / 32
Challenge Describe language Lnf of all normal-form computations Need a language class that includes Lnf , is closed under regular intersection (Lnf ∩ Rcyc), has decidable emptiness problem (Lnf ∩ Rcyc
?
= ∅). Properties of Lnf Number of concurrently executed instructions is unbounded May include computations like isun · w(xi, 1)n
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 27 / 32
Challenge Describe language Lnf of all normal-form computations Need a language class that includes Lnf , is closed under regular intersection (Lnf ∩ Rcyc), has decidable emptiness problem (Lnf ∩ Rcyc
?
= ∅). Properties of Lnf Number of concurrently executed instructions is unbounded May include computations like isun · w(xi, 1)n ⇒ not context-free (language σ · σ)
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 27 / 32
Solution Define Lnf as language of a multiheaded automaton . . . isu . . . isu . . . ⏟ ⏞
τ1
. . . w(x, 1) . . . w(y, 1) . . . ⏟ ⏞
τ2
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 28 / 32
Solution Define Lnf as language of a multiheaded automaton Multiheaded automata . . . isu . . . isu . . . ⏟ ⏞
τ1
. . . w(x, 1) . . . w(y, 1) . . . ⏟ ⏞
τ2
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 28 / 32
Solution Define Lnf as language of a multiheaded automaton Multiheaded automata Extension of NFA . . . isu . . . isu . . . ⏟ ⏞
τ1
. . . w(x, 1) . . . w(y, 1) . . . ⏟ ⏞
τ2
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 28 / 32
Solution Define Lnf as language of a multiheaded automaton Multiheaded automata Extension of NFA Generates parts τ1 and τ2 of a computation τ1 · τ2 simultaneously . . . isu . . . isu . . . ⏟ ⏞
τ1
. . . w(x, 1) . . . w(y, 1) . . . ⏟ ⏞
τ2
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 28 / 32
Solution Define Lnf as language of a multiheaded automaton Multiheaded automata Extension of NFA Generates parts τ1 and τ2 of a computation τ1 · τ2 simultaneously Transitions q
1,a
− − → q′ and q
2,b
− − → q′ labeled by head i = 1, 2 . . . isu . . . isu . . . ⏟ ⏞
τ1
. . . w(x, 1) . . . w(y, 1) . . . ⏟ ⏞
τ2
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 28 / 32
Solution Define Lnf as language of a multiheaded automaton Multiheaded automata Extension of NFA Generates parts τ1 and τ2 of a computation τ1 · τ2 simultaneously Transitions q
1,a
− − → q′ and q
2,b
− − → q′ labeled by head i = 1, 2 Example: . . . isu . . . isu . . . ⏟ ⏞
τ1
. . . w(x, 1) . . . w(y, 1) . . . ⏟ ⏞
τ2
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 28 / 32
Solution Define Lnf as language of a multiheaded automaton Multiheaded automata Extension of NFA Generates parts τ1 and τ2 of a computation τ1 · τ2 simultaneously Transitions q
1,a
− − → q′ and q
2,b
− − → q′ labeled by head i = 1, 2 Example:
↑ . . . isu . . . isu . . .
⏟ ⏞
τ1 ↑ . . . w(x, 1) . . . w(y, 1) . . .
⏟ ⏞
τ2
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 28 / 32
Solution Define Lnf as language of a multiheaded automaton Multiheaded automata Extension of NFA Generates parts τ1 and τ2 of a computation τ1 · τ2 simultaneously Transitions q
1,a
− − → q′ and q
2,b
− − → q′ labeled by head i = 1, 2 Example: . . . ↑isu . . . isu . . . ⏟ ⏞
τ1 ↑ . . . w(x, 1) . . . w(y, 1) . . .
⏟ ⏞
τ2
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 28 / 32
Solution Define Lnf as language of a multiheaded automaton Multiheaded automata Extension of NFA Generates parts τ1 and τ2 of a computation τ1 · τ2 simultaneously Transitions q
1,a
− − → q′ and q
2,b
− − → q′ labeled by head i = 1, 2 Example: . . . ↑isu . . . isu . . . ⏟ ⏞
τ1
. . . ↑w(x, 1) . . . w(y, 1) . . . ⏟ ⏞
τ2
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 28 / 32
Solution Define Lnf as language of a multiheaded automaton Multiheaded automata Extension of NFA Generates parts τ1 and τ2 of a computation τ1 · τ2 simultaneously Transitions q
1,a
− − → q′ and q
2,b
− − → q′ labeled by head i = 1, 2 Example: . . . ↑isu . . . isu . . . ⏟ ⏞
τ1
. . . ↑w(x, 1) . . . w(y, 1) . . . ⏟ ⏞
τ2
Transitions: q1
1,isu
− − − → q2
2,w(x,1)
− − − − − → q3
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 28 / 32
Solution Define Lnf as language of a multiheaded automaton Multiheaded automata Extension of NFA Generates parts τ1 and τ2 of a computation τ1 · τ2 simultaneously Transitions q
1,a
− − → q′ and q
2,b
− − → q′ labeled by head i = 1, 2 Example: . . . isu↑ . . . isu . . . ⏟ ⏞
τ1
. . . ↑w(x, 1) . . . w(y, 1) . . . ⏟ ⏞
τ2
Transitions: q1
1,isu
− − − → q2
2,w(x,1)
− − − − − → q3
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 28 / 32
Solution Define Lnf as language of a multiheaded automaton Multiheaded automata Extension of NFA Generates parts τ1 and τ2 of a computation τ1 · τ2 simultaneously Transitions q
1,a
− − → q′ and q
2,b
− − → q′ labeled by head i = 1, 2 Example: . . . isu↑ . . . isu . . . ⏟ ⏞
τ1
. . . w(x, 1)↑ . . . w(y, 1) . . . ⏟ ⏞
τ2
Transitions: q1
1,isu
− − − → q2
2,w(x,1)
− − − − − → q3
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 28 / 32
Reduce robustness to an emptiness check Lnf ∩ Rcyc
?
= ∅. Combinatorics: Violations to SC (if any) have a representative in normal form. Algorithmics: Language Lnf consists of all normal-form computations. ∩ Rcyc filters only violating computations. Decide Lnf ∩ Rcyc
?
= ∅.
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 29 / 32
Happens-before relation from the example: Thread 1 Thread 2 initx a: w(x, 1) d : r(x, 0) inity b: r(y, 0) c : w(y, 1) po po st st src src cf cf
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 30 / 32
Happens-before relation from the example: Thread 1 Thread 2 initx a: w(x, 1) d : r(x, 0) inity b: r(y, 0) c : w(y, 1) po po st st src src cf cf Checking cyclicity
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 30 / 32
Happens-before relation from the example: Thread 1 Thread 2 initx a: w(x, 1) d : r(x, 0) inity b: r(y, 0) c : w(y, 1) po po st st src src cf cf Checking cyclicity Finitely many types of cycles
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 30 / 32
Happens-before relation from the example: Thread 1 Thread 2 initx a: w(x, 1) d : r(x, 0) inity b: r(y, 0) c : w(y, 1) po po st st src src cf cf Checking cyclicity Finitely many types of cycles Guess per thread two instructions in program order
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 30 / 32
Happens-before relation from the example: Thread 1 Thread 2 initx a: w(x, 1) d : r(x, 0) inity b: r(y, 0) c : w(y, 1) po po st st src src cf cf Checking cyclicity Finitely many types of cycles Guess per thread two instructions in program order Finite automata check edges between guessed instructions from different threads
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 30 / 32
Reduce robustness to an emptiness check Lnf ∩ Rcyc
?
= ∅. Combinatorics: Violations to SC (if any) have a representative in normal form. Algorithmics: Language Lnf consists of all normal-form computations. ∩ Rcyc filters only violating computations. Decide Lnf ∩ Rcyc
?
= ∅.
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 31 / 32
Theorem: Assuming finite memory, robustness is PSpace-complete.
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 32 / 32
Theorem: Assuming finite memory, robustness is PSpace-complete. Proof:
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 32 / 32
Theorem: Assuming finite memory, robustness is PSpace-complete. Proof: Upper bound: Lnf ∩ Rcyc
?
= ∅.
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 32 / 32
Theorem: Assuming finite memory, robustness is PSpace-complete. Proof: Upper bound: Lnf ∩ Rcyc
?
= ∅. Lower bound: SC state reachability [Kozen 1977].
Roland Meyer (TU KL) Replication and Consistency IFIP WG 2.2 09/2016 32 / 32