testing for linearizability
play

Testing for Linearizability Gavin Lowe Testing for Linearizability - PowerPoint PPT Presentation

Mar 30, 2023 •381 likes •577 views

Testing for Linearizability 01 Testing for Linearizability Gavin Lowe Testing for Linearizability 02 Linearizability Linearizability is a well-established and accepted correctness condition for concurrent datatypes. Informally, a concurrent

  1. Testing for Linearizability 01 Testing for Linearizability Gavin Lowe

  2. Testing for Linearizability 02 Linearizability Linearizability is a well-established and accepted correctness condition for concurrent datatypes. Informally, a concurrent datatype C is linearizable with respect to a sequential (specification) datatype S if every history c of C (i.e. a sequence of operation calls and returns) is linearizable to a history s of S : c can be reordered to produce s , but this reordering respects the order of non-overlapping operation calls.

  3. Testing for Linearizability 03 Testing for linearizabilty But how can we be sure that C is linearizable with respect to S ? Standard answer: formal verification. But this is hard work and time-consuming, and often requires various (sometimes dubious) abstractions. Alternative answer: testing. • This is quick (creating a testing framework takes a few minutes; bugs are normally found within 20 seconds); • It’s easy (students have no difficulty with it); • It gives quite strong guarantees of correctness (but not as strong as for verification).

  4. Testing for Linearizability 04 Testing framework Basic idea: • Create an immutable sequential specification datatype S , often by adapting a standard datatype in an API; for each operation op : A on the concurrent datatype, we need a corresponding function seqOp : S = > (A, S) ; • Run several workers on the concurrent datatype C , recording the history of operation calls and returns; • Apply a suitable algorithm to decide whether the history is a linearization of a history of S . • Repeat.

  5. Testing for Linearizability 05 Example testing program object QueueTest { type C = LockFreeQueue[String]; type S = scala. collection .immutable.Queue[String] def seqEnqueue(x: String)(q: S) : (Unit, S) = ((), q.enqueue(x)) def seqDequeue(q: S) : (String , S) = if (q.isEmpty) ( null ,q) else q.dequeue def worker(me: Int , tester : LinearizabilityTester [S, C]) = for (i < − 0 until 200) if (Random.nextFloat < = 0.3) { val x = Random.nextInt(20).toString tester .log(me, .enqueue(x), ”enqueue(”+x+”)”, seqEnqueue(x)) } else tester .log(me, .dequeue, ”dequeue”, seqDequeue) def main(args: Array[ String ]) = for (i < − 0 until 1000) { val concQueue = new LockFreeQueue[String] // The shared concurrent queue val seqQueue = Queue[String]() // The sequential specification queue val tester = new LinearizabilityTester (seqQueue, concQueue, 4, worker, 800) assert ( tester () > 0) } }

  6. Testing for Linearizability 06 The Linear Tester algorithm The Linear Tester algorithm takes a history of the concurrent datatype C , and tests whether it is linearizable with respect to S . It traverses the history linearly, maintaining a set of configurations consistent with the history to date. Here, a configuration is a tuple ( s , calls , rets ), where • s is a state of the sequential specification object; • calls records the set of operation calls that have been made but not yet been linearized; • rets records the set of operation calls that have been linearized but not returned.

  7. Testing for Linearizability 07 The Linear Tester Algorithm The algorithm traverses the recorded history. • When the algorithm encounters a call event, it is added to calls of each configuration in the current set; • When the algorithm encounters a return event of operation op , for each configuration in the current set: – If op has already been linearized, it checks that it gave the recorded result; if not, the configuration is removed. – Otherwise, the algorithm chooses some other pending calls to linearize in some order (in all possible ways), updating the sequential specification s . It then tests whether op can be linearized, at this point, updating the configuration if so. Thus this operation is linearized just before it returns (a form of partial-order reduction). If no configuration remains, the history is not linearizable.

  8. Testing for Linearizability 08 The Linear Tester Algorithm: optimizations For efficiency, the Linear Tester memoizes: • Results of equality tests between sequential specification objects, using a union-find datatype; • Results of inequality tests; • Results of previously performed operations on sequential objects.

  9. Testing for Linearizability 09 The Wing & Gong Algorithm Wing and Gong a presented an algorithm for linearizability testing. The algorithm assumes a mutable sequential object with undo-ing of previous operations. The algorithm performs an exhaustive search: it (potentially) considers every sequential history consistent with the concurrent history (regarding ordering of operations), and tests whether it is a valid sequential execution. a J. M. Wing and C. Gong. Testing and verifying concurrent objects. Journal of Parallel and Distributed Computing , 17:164–182, 1993.

  10. Testing for Linearizability 10 The Wing & Gong Algorithm The algorithm maintains a sequential object corresponding to the sub-history linearized so far, and a linked list representing the sub-history not yet linearized. At each step, it selects an suitable operation from the history to linearize next; if it gave the same result as on the sequential history, it is linearized, and the events removed from the linked list. If no operation can be linearized next, the algorithm back-tracks, undoing each operation on the sequential object, and reinserting it into the linked list.

  11. Testing for Linearizability 11 Depth-First Search Algorithm The Wing & Gong Algorithm sometimes performs very poorly. The reason for this is that it fails to identify when it returns to a previously seen configuration; it therefore repeats previous work (sometimes to an exponential degree). The Depth-First Search Algorithm overcomes this by storing previously-seen configurations in a hash table. In order for this to work, configurations must not share sequential objects. Instead, we use the same approach as for the Linear Tester: we require the sequential object to be immutable and for operations on it to return a resulting sequential object. In addition, the Depth-First Search tester uses the same memoization optimisations as the Linear Tester.

  12. Testing for Linearizability 12 Competition Parallel The Competition Parallel Tester runs the Wing & Gong and Depth-First Search Algorithms in parallel. When one terminates, the other is interrupted.

  13. Testing for Linearizability 13 Experimental set-up Each run constitutes a single test on the concurrent datatype, with some number of workers performing some number of operations. Each observation constituted a number of runs, chosen to be close to a typical use case. Multiple observations were made and timed; 95% confidence intervals were calculated. Unfortunately the Wing & Gong Algorithm proved impossible to profile in a meaningful way. In most observations, it was faster than the other algorithms. However, sometimes it was much slower, sometimes failing to terminate after several hours! The reason is that it normally gets lucky, and finds a correct linearization early in its search space. But when it doesn’t get lucky (or the history is not linearizable) it explores a huge amount of the search space, with an exponential blow-up.

  14. Testing for Linearizability 14 Experiment on a queue Four worker threads, each performing 2 5 – 2 13 operations per run; each observation constituted runs with a total of 2 20 operations. 14 Linear 12 DFS Competition 10 Time (s) 8 6 4 2 2 5 2 6 2 7 2 8 2 9 2 10 2 11 2 12 2 13 Number of operations per worker per run

  15. Testing for Linearizability 15 Experimental results Other experiments show similar results. The Competition Parallel algorithm seems to work well. • On most runs, the Wing & Gong Algorithm terminates quickly. • When the Wing & Gong Algorithm encounters a bad case, the DFS Algorithm still finishes within a reasonable time. Thus the two algorithms complement one another well.

  16. Testing for Linearizability 16 Finding bugs The approach can find some quite subtle bugs. Here’s the relevant part of the output when the debugger is run on a map. All five operations seem to be necessary. 369 1 invokes update(0, 0) 370 0 invokes delete 0 371 0 returns () 372 0 invokes update(0, 2) 373 0 returns () 374 0 invokes delete 0 375 0 returns () 376 1 returns () 378 1 invokes getOrElse(0, X) 379 -- Previous event not linearized 380 1 returns 2 381 -- Previous event not linearized 382 -- Allowed return values: 0, X

  17. Testing for Linearizability 17 Finding bugs The approach is fast, particularly with well-crafted tests. The bug on the previous slide is found in average time 12 . 4 ± 2 . 1 s. A different bug in a hash map, related to resizing, is found in average time 15 . 7 ± 2 . 5 s. A bug in a skiplist, related to hash collisions, is found in average time 100 ± 22 ms. A bug in a sharded map with lock-free reads is found in average time 499 ± 71 ms.

  18. Testing for Linearizability 18 Future directions • Can the Linear Algorithm be made more depth-first, to allow it to “get lucky”, at least some of the time? • Use task parallelism in the testing framework, running several tests concurrently. • Would more erratic scheduling allow bugs to be found faster? • On datatypes like sets and maps, it is enough to test for linearizability of each key separately. • Support nondeterministic specifications.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Between Linearizability and Quiescent Consistency Radha Jagadeesan James Riely DePaul

Between Linearizability and Quiescent Consistency Radha Jagadeesan James Riely DePaul

Between Linearizability and Quiescent Consistency Radha Jagadeesan James Riely DePaul University Chicago, USA ICALP 2014 Between Linearizability and Quiescent Consistency ICALP 2014 1 Linearizability (Herlihy/Wing 1990) Each method call

1.09k views • 92 slides
Linearizability &amp; CAP Announcements No hours this week. Sorry am traveling starting

Linearizability &amp; CAP Announcements No hours this week. Sorry am traveling starting

Linearizability &amp; CAP Announcements No hours this week. Sorry am traveling starting tomorrow. Lab 1 goes out next week. On requiring summaries vs adding labs. Linearizability Concurrency not Distributed Systems?

532 views • 42 slides
Checking Linearizability Using Hitting Families Burcu Kulahcioglu Ozkan 1 , Rupak Majumdar 1 ,

Checking Linearizability Using Hitting Families Burcu Kulahcioglu Ozkan 1 , Rupak Majumdar 1 ,

Checking Linearizability Using Hitting Families Burcu Kulahcioglu Ozkan 1 , Rupak Majumdar 1 , Filip Niksic 2 1 Max Planck Institute for Software Systems (MPI-SWS) 2 University of Pennsylvania Linearizability as a correctness condition Two

456 views • 26 slides
2PC, Linearizability, Spanner 2020-04-17 Nikita Borisov - UIUC 12 Topics for Today

2PC, Linearizability, Spanner 2020-04-17 Nikita Borisov - UIUC 12 Topics for Today

2PC, Linearizability, Spanner 2020-04-17 Nikita Borisov - UIUC 12 Topics for Today Two-phase commit Atomic commit protocol Crash-recovery, durability External consistency / linearizability Spanner Multi-version database

440 views • 16 slides
Review: Linearizability Defini3on Given some component C (say,

Review: Linearizability Defini3on Given some component C (say,

Review: Linearizability Defini3on Given some component C (say, a class) And some opera3ons O1, O2, .. (say, methods) An opera)on is linearizable

808 views • 56 slides
Sequential Consistency Versus Linearizability Hagit A(ya, and

Sequential Consistency Versus Linearizability Hagit A(ya, and

Sequential Consistency Versus Linearizability Hagit A(ya, and Jennifer L. Welch (ACM Transac&lt;ons on Computer Systems 1994) Presented by: Haonan Lu 0

299 views • 8 slides
RIFL: Implementing Linearizability at Large Scale and Low Latency Jiaxin Wang Motivation

RIFL: Implementing Linearizability at Large Scale and Low Latency Jiaxin Wang Motivation

RIFL: Implementing Linearizability at Large Scale and Low Latency Jiaxin Wang Motivation Consistency Important issue in large-scale storage systems Linearizability Strongest form of consistency for concurrent systems

1.24k views • 21 slides
Linearizability, revisited Radha Jagadeesan Gustavo Petri Corin Pitcher James Riely

Linearizability, revisited Radha Jagadeesan Gustavo Petri Corin Pitcher James Riely

Linearizability, revisited Radha Jagadeesan Gustavo Petri Corin Pitcher James Riely DePaul University Purdue University ESOP 2010, FOSSACS 2012, TLDI 2012, ESOP 2013 Linearizability, revisited ESOP 2010, FOSSACS 2012,

1.24k views • 70 slides
Linearizability of Persistent Memory Objects Michael L. Scott Joint work with Joseph

Linearizability of Persistent Memory Objects Michael L. Scott Joint work with Joseph

Linearizability of Persistent Memory Objects Michael L. Scott Joint work with Joseph Izraelevitz &amp; Hammurabi Mendes www.cs.rochester.edu / research/synchronization/ Dagstuhl seminar on New Challenges in Parallelism November 2017 based on

303 views • 18 slides
Proving linearizability &amp; lock-freedom Viktor Vafeiadis MPI-SWS Michael &amp; Scott

Proving linearizability &amp; lock-freedom Viktor Vafeiadis MPI-SWS Michael &amp; Scott

Proving linearizability &amp; lock-freedom Viktor Vafeiadis MPI-SWS Michael &amp; Scott non-blocking queue head tail null X 1 2 3 CAS compare &amp; swap CAS (address, expectedValue, newValue) { atomic { if ( *address ==

1.03k views • 49 slides
Local Linearizability Ana Sokolova joint work with: Andreas Haas Tom Henzinger Andreas Holzer

Local Linearizability Ana Sokolova joint work with: Andreas Haas Tom Henzinger Andreas Holzer

Local Linearizability Ana Sokolova joint work with: Andreas Haas Tom Henzinger Andreas Holzer Christoph Kirsch Michael Lippautz Hannes Payer Ali Sezgin Helmut Veith Rigorous methods for engineering of and reasoning about reactive

1.32k views • 102 slides
Proving Linearizability Using Partial Orders Artem Khyzha Mike Dodds Alexey Gotsman Matthew

Proving Linearizability Using Partial Orders Artem Khyzha Mike Dodds Alexey Gotsman Matthew

Proving Linearizability Using Partial Orders Artem Khyzha Mike Dodds Alexey Gotsman Matthew Parkinson The Kent Concurrency Workshop July 22 nd 2016 In this talk Algorithms posing challenges for the linearization points method: the

649 views • 36 slides
NON-BLOCKING DATA STRUCTURES AND TRANSACTIONAL MEMORY Tim Harris, 21 November 2014 Lecture 7

NON-BLOCKING DATA STRUCTURES AND TRANSACTIONAL MEMORY Tim Harris, 21 November 2014 Lecture 7

NON-BLOCKING DATA STRUCTURES AND TRANSACTIONAL MEMORY Tim Harris, 21 November 2014 Lecture 7 Linearizability Lock-free progress properties Queues Reducing contention Explicit memory management Linearizability 3

1.07k views • 93 slides
Automatically proving linearizability Viktor Vafeiadis University of Cambridge CAV 2010

Automatically proving linearizability Viktor Vafeiadis University of Cambridge CAV 2010

Automatically proving linearizability Viktor Vafeiadis University of Cambridge CAV 2010 M&amp;S non-blocking queue head tail null X 1 2 3 4 typedef struct Node_s *Node; struct Queue_s *Q; struct Node_s { init() { int val; n = new

379 views • 25 slides
NON-BLOCKING DATA STRUCTURES AND TRANSACTIONAL MEMORY Tim Harris, 18 November 2016 Lecture 7

NON-BLOCKING DATA STRUCTURES AND TRANSACTIONAL MEMORY Tim Harris, 18 November 2016 Lecture 7

NON-BLOCKING DATA STRUCTURES AND TRANSACTIONAL MEMORY Tim Harris, 18 November 2016 Lecture 7 Linearizability Lock-free progress properties Queues Reducing contention Explicit memory management Linearizability 3

1.17k views • 88 slides
Testing Terminology System testing Types of errors Function testing Structure

Testing Terminology System testing Types of errors Function testing Structure

Outline Testing Terminology System testing Types of errors Function testing Structure Testing Dealing with errors Performance testing Quality assurance vs Acceptance testing Testing Installation testing

396 views • 11 slides
Q2 2019 Financial Results August 15, 2019 1 Safe Harbor Some of the statements contained in this

Q2 2019 Financial Results August 15, 2019 1 Safe Harbor Some of the statements contained in this

Q2 2019 Financial Results August 15, 2019 1 Safe Harbor Some of the statements contained in this presentation and the Companys August 15, 2019 earnings conference call may constitute forward looking statements within the meaning of the

437 views • 26 slides
Un Under der Wi Wing ngs s of of Love ove The LORD, the God of Israel, under

Un Under der Wi Wing ngs s of of Love ove The LORD, the God of Israel, under

Un Under der Wi Wing ngs s of of Love ove The LORD, the God of Israel, under whose wings you have come to seek refuge. Ruth 2:12 A. This is how Boaz describes Ruths faith . B. Ruths trust was in the LORD =

456 views • 9 slides
Flapping-wing flight in bird-sized UAVs for the Robur project: from an evolutionary optimization

Flapping-wing flight in bird-sized UAVs for the Robur project: from an evolutionary optimization

Introduction Evolutionary optimization Mechanical design Conclusion Questions Flapping-wing flight in bird-sized UAVs for the Robur project: from an evolutionary optimization to a real flapping-wing mechanism E. de Margerie J.-B. Mouret S.

488 views • 31 slides
DTLS-SRTP Key Transport (KTR) AVT Working Group draft-wing-avt-dtls-srtp-key-transport-03

DTLS-SRTP Key Transport (KTR) AVT Working Group draft-wing-avt-dtls-srtp-key-transport-03

DTLS-SRTP Key Transport (KTR) AVT Working Group draft-wing-avt-dtls-srtp-key-transport-03 Dan Wing, dwing@cisco.com IETF74, San Francisco, March 2009 draft-wing-avt-dtls-srtp-key-transport-03 1 Status Third presentation to AVT

477 views • 10 slides
What is convective self-aggregation and how can we measure it? Allison Wing Assistant Professor

What is convective self-aggregation and how can we measure it? Allison Wing Assistant Professor

Monday July 8, 2019 What is convective self-aggregation and how can we measure it? Allison Wing Assistant Professor Department of Earth, Ocean and Atmospheric Science Florida State University 2 nd ICTP Summer School on Theory, Mechanisms and

599 views • 35 slides
Fluctuation scaling in complex systems Zoltn Eisler 1,2 , Jnos Kertsz 2 1 Capital Fund

Fluctuation scaling in complex systems Zoltn Eisler 1,2 , Jnos Kertsz 2 1 Capital Fund

Fluctuation scaling in complex systems Zoltn Eisler 1,2 , Jnos Kertsz 2 1 Capital Fund Management, Paris, France 2 Department of Theoretical Physics, Budapest University of Technology and Economics arXiv:0708.2053, accepted to Advances in

597 views • 58 slides
2016 New York EB-5 &amp; Investment Immigration Convention EB-5 Attorney Workshop Ethical

2016 New York EB-5 &amp; Investment Immigration Convention EB-5 Attorney Workshop Ethical

7/12/16 2016 New York EB-5 &amp; Investment Immigration Convention EB-5 Attorney Workshop Ethical Considerations in EB-5 Practice Bill Gresser, EB-5 New York State Regional Center Cyrus D. Mehta, Cyrus D. Mehta &amp; Partners PLLC Moderated

1.48k views • 12 slides
HARPO A gas TPC active target for high-performance -ray astronomy Demonstration of the

HARPO A gas TPC active target for high-performance -ray astronomy Demonstration of the

HARPO A gas TPC active target for high-performance -ray astronomy Demonstration of the polarimetry of MeV e + e Denis Bernard, LLR, Ecole Polytechnique and CNRS/IN2P3, France 14th Pisa Meeting on advanced detectors, 27 May - 02 June

511 views • 49 slides

More recommend