szumo a compositional contract model for safe multi
play

Szumo: A Compositional Contract Model for Safe Multi- Threaded - PowerPoint PPT Presentation

Jun 26, 2023 •282 likes •960 views

Szumo: A Compositional Contract Model for Safe Multi- Threaded Applications LASER 2005 Laura K. Dillon Software Engineering & Network Systems Laboratory Michigan State University ldillon@cse.msu.edu Laser 2005 - Summer School on 1

  1. Szumo: A Compositional Contract Model for Safe Multi- Threaded Applications LASER 2005 Laura K. Dillon Software Engineering & Network Systems Laboratory Michigan State University ldillon@cse.msu.edu Laser 2005 - Summer School on 1 Software Engineering

  2. Credits ♦ Creators: Reimer Behrends, R. E. Kurt Stirewalt ♦ Financial Support: – US Department of the Navy, ONR grant N00014-01- 1-0744 – National Science Foundation grants EIA-0000433, CCR-9901017, CCR-9984727, CDA-9617310, and CCR-9896190 – US Defense Advance Research Projects Agency, DASADA program Laser 2005 - Summer School on 2 Software Engineering

  3. Synchronization Units Model ♦ Problem: Synchronization concerns in multi- threaded object-oriented programs complicate designs – Difficult to modularize – A source of brittleness ♦ Goal: Facilitate extension, maintenance and evolution through better modularization of synchronization concerns ♦ Idea: Associate synchronization contracts with modules and automatically infer necessary synchronization logic from the contracts Laser 2005 - Summer School on 3 Software Engineering

  4. Overview of lecture series ♦ Background ♦ Introduction to Szumo ♦ Case study ♦ Semantic and implementation details ♦ Related concurrency models ♦ Ongoing and future work Laser 2005 - Summer School on 4 Software Engineering

  5. Overview of lecture series ♦ Background – Contracts – Multi-threaded OO programs – Concurrency problems ♦ Introduction to Szumo ♦ Case study ♦ Semantic and implementation details ♦ Related concurrency models ♦ Ongoing and future work Laser 2005 - Summer School on 5 Software Engineering

  6. Contracts Formal Agreement between a supplier and its clients ♦ Parties have rights and responsibilities ♦ Improved documentation, verification, separation of concerns ♦ Can enable optimizations sqrt( x : REAL ) : REAL is Zen and the art of sw reliability: require guarantee more by checking less! x >= 0 do … end Laser 2005 - Summer School on 6 Software Engineering

  7. Contract awareness ♦ Different degrees of strength [Beugnard et al.’99]: Degree of Contract Awareness Level 1: Level 2: Level 3: Level 4: Syntactic Behavioral Synchronization QOS Higher degrees: – Support contracting over non-functional properties – Enable dynamic client-supplier negotiation of services Laser 2005 - Summer School on 7 Software Engineering

  8. Overview of lecture series ♦ Background – Contracts – Multi-threaded OO programs – Concurrency problems ♦ Introduction to Szumo ♦ Case study ♦ Semantic and implementation details ♦ Related concurrency models ♦ Ongoing and future work Laser 2005 - Summer School on 8 Software Engineering

  9. Multi-threaded OO Program ♦ Multiple threads manipulate passive objects in shared memory ♦ Major concurrency concern: Threads within critical regions require exclusive access to shared objects ♦ Designer must identify and protect these critical regions without introducing concurrency errors (e.g., deadlock, starvation). Laser 2005 - Summer School on 9 Software Engineering

  10. Example: Dining Philosophers Three philosophers sit around a circular table set with three forks and a large bowl of spaghetti. Each philosopher alternates between thinking and eating ad infinitum . To eat, a philosopher picks up the fork to her left and then the fork to her right. After eating, she returns the forks to their places and then proceeds to think. Laser 2005 - Summer School on 10 Software Engineering

  11. Example: Dining Philosophers in Java Class Phil extends Thread { private Fork left; f0: Fork p0: Phil right private Fork right; left . . . left public void run( ) { p0: Phil f2: Fork while (true) { think(); left.get(this); right right.get(this); f1: Fork p1: Phil eat(); // using left & right left right right.put(this); left.put(this); } } . . . } Laser 2005 - Summer School on 11 Software Engineering

  12. Example: Dining Philosophers in Java Class Fork { private boolean taken = false; . . . f0: Fork p2: Phil right synchronized void get(Phil p) { while (taken) wait (); left left taken = true; …println( p.toString() + p0: Phil f2: Fork “ picked up ” + toString()); } right synchronized void put(Phil p) { f1: Fork p1: Phil …println( p.toString() + “ put down ” + toString()); left right taken = false; notifyAll(); } . . . } Laser 2005 - Summer School on 12 Software Engineering

  13. Overview of lecture series ♦ Background – Contracts – Multi-threaded OO programs – Concurrency problems ♦ Introduction to Szumo ♦ Case study ♦ Semantic and implementation details ♦ Related concurrency models ♦ Ongoing and future work Laser 2005 - Summer School on 13 Software Engineering

  14. Problem: Interleaving of concurrency logic with “functional” logic Class Fork { Class Phil extends Thread { private boolean taken = false; private Fork left; . . . private Fork right; synchronized void put(Phil p) { . . . …println( p.toString() + public void run( ) { “ put down ” + while (true) { this.toString(); think(); taken = false; left.get(this); notifyAll(); right.get(this); } eat(); right.put(this); synchronized void get(Phil p) { left.put(this); while (taken) wait (); } taken = true; } …println( p.toString() + . . . “ picked up ” + } this.toString(); } Laser 2005 - Summer School on 14 Software Engineering

  15. Problem: Undocumented synchronization rights and responsibilities ♦ Philosopher’s right / Fork’s responsibility: – A philosopher has exclusive access to a fork after calling “get” until the next call to “put” ♦ Philosopher’s responsibility / Fork’s right: – A philosopher alternates in first calling “get” and then “put” – A philosopher uses a fork only between a call to “get” and the next call to “put” Unstated correctness criteria produce brittle designs Laser 2005 - Summer School on 15 Software Engineering

  16. Behavior contracts can express limited synchronization rights and responsibilities ♦ Here, only clients’ responsibilities / suppliers’ rights Class Fork { private Philosopher holder; synchronized void get(Phil p) . . . require (holder != p) synchronized void put(Phil p) { require (holder == p) while (holder != null) wait (); { holder = p; …println( p.toString() + …println( p.toString() + “ put down ” + “ picked up ” + this.toString(); this.toString(); holder = null; } notifyAll(); } ♦ Cannot express the mutual exclusion right / responsibility Laser 2005 - Summer School on 16 Software Engineering

  17. Problem: Failure to “protect” critical regions ♦ E.g ., omit call(s) to “…get(…)” or omit f0: Fork p2: Phil right assignment to “taken” in left left “get” method p0: Phil f2: Fork ♦ Data race : uncoordinated access to shared data (in right this case, f 2 ) f1: Fork p1: Phil left right ♦ Data races are difficult to detect and isolate Laser 2005 - Summer School on 17 Software Engineering

  18. Problem: Potential for starvation f0: Fork p2: Phil f0: Fork p2: Phil right right left left left left p0: Phil f2: Fork p0: Phil f2: Fork right right f1: Fork p1: Phil f1: Fork p1: Phil left right left right Laser 2005 - Summer School on 18 Software Engineering

  19. Problem: Potential for deadlock ♦ Root cause: incrementally f0: Fork p2: Phil right acquiring multiple shared objects for some critical left left region p0: Phil f2: Fork ♦ Well-known solution: Impose an acquisition right order on the objects f1: Fork p1: Phil ♦ Requires: Global left right agreement on the acquisition order Laser 2005 - Summer School on 19 Software Engineering

  20. Detour: Enforcing an acquisition order Class Phil extends Thread { . . . private Fork left; public void run( ) { private Fork right; while (true) { . . . think(); private void reserveTwo( ) { reserveTwo(); if (left < right) { left.get(this); left.reserve(); right.get(this); right.reserve(); eat(); } else { right.put(this); right.reserve(); left.put(this); left.reserve(); unreserveTwo(); } } } } private void unreserveTwo() { . . . left.unreserve(); } right.unreserve(); } Laser 2005 - Summer School on 20 Software Engineering

  21. Detour: Enforcing an acquisition order Class Fork { . . . synchronized void reserve() { while (taken) wait (); taken = true; } synchronized void unreserve() { taken = false; notifyAll(); } synchronized void get(Phil p) { …println( p.toString() + “ picked up ” + toString() ); } synchronized void put(Phil p) { …println( p.toString() + “ put down ” + toString() ); } . . . } Laser 2005 - Summer School on 21 Software Engineering

  22. Problem: Potential for deadlock The “ordered-acquisition solution” may not apply: ♦ If suppliers are not known a priori, but can change during execution ♦ If a client has indirect suppliers (transitive access dependences) c 0 ’s direct supplier, s 0 , c0: C c1: C should encapsulate its indirect supplier, s 1 ; similarly for c 1 Thus, c 0 acquires s 0 and s0: S s1: S then s 1 ; but c 1 acquires s 1 and then s 0 ! Laser 2005 - Summer School on 22 Software Engineering

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

1 FLP Partial Intuition Implication for fair exchange Quote from paper: Need a trusted

1 FLP Partial Intuition Implication for fair exchange Quote from paper: Need a trusted

TECS Week 2005 Contract Signing Two parties want to sign a contract Contract-Signing Protocols Multi-party signing is more complicated The contract is known to both parties The protocols we will look at are not for contract

402 views • 7 slides
Overview of lecture series Background Introduction to Szumo Case study Semantic and

Overview of lecture series Background Introduction to Szumo Case study Semantic and

Overview of lecture series Background Introduction to Szumo Case study Semantic and implementation details Related concurrency models Ongoing and future work Laser 2005 - Summer School on 1 Software Engineering Goal

822 views • 56 slides
Compositional Real-Time Scheduling Framework Insik Shin 1 , Insup Lee 1 1 University of

Compositional Real-Time Scheduling Framework Insik Shin 1 , Insup Lee 1 1 University of

Compositional Framework Bounded Delay Resource Model Schedulability Analysis Utilization Bounds Component Abstraction Conclusion Compositional Real-Time Scheduling Framework Insik Shin 1 , Insup Lee 1 1 University of Pennsylvania 15 November

362 views • 33 slides
Four Parts to the Solicitation Addendum Appendix D Model Contract o Contract text

Four Parts to the Solicitation Addendum Appendix D Model Contract o Contract text

CalHEERS Solicitation Addendum Four Parts to the Solicitation Addendum Appendix D Model Contract o Contract text Exhibit C -- Service Level Agreements and Liquidated Damages Attachment 8 Cost Schedules o Updated program

210 views • 5 slides
Embedded implicatures as pragmatic inferences under compositional lexical uncertainty Christopher

Embedded implicatures as pragmatic inferences under compositional lexical uncertainty Christopher

Overview Scalar implicature Grammar-driven models Our model Experiment Model assessment Conclusion Appendix Embedded implicatures as pragmatic inferences under compositional lexical uncertainty Christopher Potts Stanford Linguistics

1.2k views • 87 slides
Multi- -gas Model Analysis on gas Model Analysis on Multi stabilization scenarios

Multi- -gas Model Analysis on gas Model Analysis on Multi stabilization scenarios

Multi- -gas Model Analysis on gas Model Analysis on Multi stabilization scenarios stabilization scenarios Junichi Fujino NIES, Japan The 9th AIM International Workshop; 12-13, March 2004 National Institute for Environmental Studies,

547 views • 20 slides
Compositional Software Model Checking Dan R. Ghica Oxford University Computing Laboratory

Compositional Software Model Checking Dan R. Ghica Oxford University Computing Laboratory

Compositional Software Model Checking Dan R. Ghica Oxford University Computing Laboratory October 18, 2002 Outline of talk program verification issues the semantic challenge programming languages the logical challenge

854 views • 38 slides
Improved multi-party contract signing Aybek Mukhamedov and Mark Ryan March 2, 2007 Digital

Improved multi-party contract signing Aybek Mukhamedov and Mark Ryan March 2, 2007 Digital

Improved multi-party contract signing Aybek Mukhamedov and Mark Ryan March 2, 2007 Digital Contract Signing Use digital signatures to sign a pre-agreed contract over a computer network Potentially useful for e-commerce Why it is not simple:

1.08k views • 27 slides
XL2B: Excel2013: Model Trendline Multi 4/05/2019 V0P XL2B: V0P Excel2013 Model Trendline Multi

XL2B: Excel2013: Model Trendline Multi 4/05/2019 V0P XL2B: V0P Excel2013 Model Trendline Multi

XL2B: Excel2013: Model Trendline Multi 4/05/2019 V0P XL2B: V0P Excel2013 Model Trendline Multi 1 XL2B: V0P Excel2013 Model Trendline Multi 2 Model Using Trendline Assignment: Multiple Models in Excel 2013 1. Goal: Generate six charts. Use

477 views • 14 slides
BusyBees Safe Controllers for Multi-Agent Swarms Joshua Durham 1/24 Overview Motivation

BusyBees Safe Controllers for Multi-Agent Swarms Joshua Durham 1/24 Overview Motivation

BusyBees Safe Controllers for Multi-Agent Swarms Joshua Durham 1/24 Overview Motivation Prior Work System Model 1D Case 2D Cases Applications 2/24 Robotics is Hard

248 views • 24 slides
Compositional reasoning about concurrent libraries on the axiomatic TSO memory model Artem

Compositional reasoning about concurrent libraries on the axiomatic TSO memory model Artem

Compositional reasoning about concurrent libraries on the axiomatic TSO memory model Artem Khyzha IMDEA Software Institute, Madrid, Spain Joint work with Alexey Gotsman (IMDEA Software) Weak memory x = y = 0; x = 1; y = 1; a = y; b = x;

689 views • 38 slides
RTEMS-SMP Improvement for LEON multi-core Contract No: 4000116175/ 15/ NL/ FE/ as

RTEMS-SMP Improvement for LEON multi-core Contract No: 4000116175/ 15/ NL/ FE/ as

RTEMS-SMP Improvement for LEON multi-core Contract No: 4000116175/ 15/ NL/ FE/ as Contractor: embedded brains GmbH (Germany) TRP (95k Euro) Duration: 12 months (KO: Feb 2016, FR: May 2017) TO: M. Verhoef / T.

1.12k views • 35 slides
Certifying Compositional Model Checking Algorithms in ACL2 Sandip Ray John Matthews Mark Tuttle

Certifying Compositional Model Checking Algorithms in ACL2 Sandip Ray John Matthews Mark Tuttle

Certifying Compositional Model Checking Algorithms in ACL2 Sandip Ray John Matthews Mark Tuttle ACL2 Workshop Presentation July 14, 2003 Outline Motivation and Goals Technical Background Comments on Our Work Issues and

609 views • 31 slides
US National Multi-Model (NMME) Intra- Seasonal to Inter-Annual (ISI) Prediction System 1 Why

US National Multi-Model (NMME) Intra- Seasonal to Inter-Annual (ISI) Prediction System 1 Why

US National Multi-Model (NMME) Intra- Seasonal to Inter-Annual (ISI) Prediction System 1 Why Multi-Model? Multi-Model Methodologies Are a Practical Approach to Quantifying Forecast Uncertainty Due to Uncertainty in Model Formulation

817 views • 25 slides
Analysis of optimistic multi-party contract signing Rohit Chadha 1,2 , Steve Kremer 3 , Andre

Analysis of optimistic multi-party contract signing Rohit Chadha 1,2 , Steve Kremer 3 , Andre

Analysis of optimistic multi-party contract signing Rohit Chadha 1,2 , Steve Kremer 3 , Andre Scedrov 1 1 University of Pennsylvania 2 University of Sussex 3 Universit Libre de Bruxelles Digital Contract signing Use dig ita l sig na ture s

623 views • 31 slides
A Compositional Logic A Compositional Logic for Control Flow for Control Flow Gang Tan, Boston

A Compositional Logic A Compositional Logic for Control Flow for Control Flow Gang Tan, Boston

A Compositional Logic A Compositional Logic for Control Flow for Control Flow Gang Tan, Boston College g , g Andrew W. Appel, Princeton University Jan 8 2006 Jan 8, 2006 1 Mobile Code Security Protect trusted system against

561 views • 26 slides
Detecting optimality and extracting minimizers in polynomial optimization based on the Lasserre

Detecting optimality and extracting minimizers in polynomial optimization based on the Lasserre

Detecting optimality and extracting minimizers in polynomial optimization based on the Lasserre relaxation and the truncated GNS construction Mara Lpez Quijorna University of Konstanz Graz, 7 September 2018 1/12 Notation: Let n , k N 0

642 views • 40 slides
TTC 2018 CASE PRESENTATION Quality-based Software-Selection and Hardware-Mapping as a Model T

TTC 2018 CASE PRESENTATION Quality-based Software-Selection and Hardware-Mapping as a Model T

, TTC 2018 CASE PRESENTATION Quality-based Software-Selection and Hardware-Mapping as a Model T ransformation Problem Sebastian Gtz, Johannes Mey, Rene Schne and Uwe Amann TTC 2018 Case Presentation Slide 1 of 30 , The TTC Case

630 views • 32 slides
Operating Systems Tutorial 2 &amp; 16 Michael Tnzer os-tut@nhng.de http://os-tut.nhng.de

Operating Systems Tutorial 2 &amp; 16 Michael Tnzer os-tut@nhng.de http://os-tut.nhng.de

Review RAGs &amp; WFGs Deadlocks Deadlock Avoidance Searching for Deadlocks Finish Operating Systems Tutorial 2 &amp; 16 Michael Tnzer os-tut@nhng.de http://os-tut.nhng.de Calendar Week 50 OS-Tutorial Week 50 Michael Tnzer

555 views • 17 slides
Deadlocks: 4 1 def __init__(mynum) self.id = mynum Prevention, Avoidance, 2 4 def eat(): 2 3

Deadlocks: 4 1 def __init__(mynum) self.id = mynum Prevention, Avoidance, 2 4 def eat(): 2 3

Dining Philosophers 0 1 0 class Philosopher: chopsticks[N] = [Semaphore(1),] Deadlocks: 4 1 def __init__(mynum) self.id = mynum Prevention, Avoidance, 2 4 def eat(): 2 3 right = self.id Detection, Recovery left = (self.id+1) % N

991 views • 11 slides
trt tt s

trt tt s

tt st s trt stt sts s trt

1.07k views • 65 slides
Abilene Observatory Datasets Matt Zekauskas, matt@internet2.edu 03-Jun-2004 Major Datasets,

Abilene Observatory Datasets Matt Zekauskas, matt@internet2.edu 03-Jun-2004 Major Datasets,

Abilene Observatory Datasets Matt Zekauskas, matt@internet2.edu 03-Jun-2004 Major Datasets, roughly size order Flow data (last 11bits of IP zeroed) Latency (one-way, 2*11^2 paths (v4, v6)) Near future: IGP (IS-IS updates/node)

736 views • 14 slides
Our New Concept We have developed and patented a technology to treat, store, monitor and

Our New Concept We have developed and patented a technology to treat, store, monitor and

Research Capabilities bebhinn.daly@rainsafewater.com Our New Concept We have developed and patented a technology to treat, store, monitor and distribute pressurised water to drinking water quality. Its simple to use and has low running costs

402 views • 4 slides
Watersheds () August 24, 2017 16 / 30 A Watershed decomposition () August 24, 2017 17 / 30

Watersheds () August 24, 2017 16 / 30 A Watershed decomposition () August 24, 2017 17 / 30

Watersheds () August 24, 2017 16 / 30 A Watershed decomposition () August 24, 2017 17 / 30 Decomposition Objective: Divide the p1 A1 domain into R1 A2 p2 A4 A5 sub-domains, each of R2 reasonable size. A3 Select suitable points

555 views • 14 slides

More recommend