1 / 16

Joint work with Byron Cook, Matthew Parkinson, and Viktor Vafeiadis

Proving that non-blocking algorithms don't block. Alexey Gotsman University of Cambridge. Joint work with Byron Cook, Matthew Parkinson, and Viktor Vafeiadis. TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: A A A A A A A A A A A A.

hinto
Télécharger la présentation

Joint work with Byron Cook, Matthew Parkinson, and Viktor Vafeiadis

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Proving that non-blocking algorithms don't block Alexey Gotsman University of Cambridge Joint work with Byron Cook, Matthew Parkinson, and Viktor Vafeiadis TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: AAAAAAAAAAAA

  2. Proving that non-blocking algorithms don't block • Automatically proving liveness properties of non-blocking concurrent algorithms • Stay awake: nice links between programming, logic, and automatic verification • Pick a class of programs • Pick an appropriate logic • Observe that proofs are simple and follow the same pattern • Infer proofs automatically • Best of both worlds: automatic tool + understanding of the algorithms

  3. Coarse-grained locking 42 13 1 4 Top NULL Inefficient as only one thread operates on the list at a time

  4. Non-blocking concurrency • Multiple threads operating on the data structure at the same time • Typical programming idiom: ... L: read from a part of the data structure do some work on the results try to change the data structure if interference is detected go to L ...

  5. Non-blocking concurrency • Stacks, queues, skip lists, hash tables, etc. • Used in practice: e.g., java.util.concurrent • Complicated and hard to get right • Formal verification: • Safety properties • [Yahav+ 2003, Calcagno+ 2007, Amit+ 2007, Manevich+ 2008, Vafeiadis 2009] • Termination  ?

  6. Non-blocking concurrency: Treiber's stack 42 13 1 4 6 42 13 12 structNode { Node *next; data_t val; } *Top; void push(data_t v) { Node *t, *x; x = new Node(); x->val = v; do { t = Top; x->next = t; } while(!CAS(&Top,t,x)); } data_t pop() { Node *t, *x; do { t = Top; if (t == NULL) return EMPTY; x = t->next; } while(!CAS(&Top,t,x)); return t->val; } Top NULL

  7. Treiber's non-blocking stack: termination structNode { Node *next; data_t val; } *Top; void push(data_t v) { Node *t, *x; x = new Node(); x->val = v; do { t = Top; x->next = t; } while(!CAS(&Top,t,x)); } data_t pop() { Node *t, *x; do { t = Top; if (t == NULL) return EMPTY; x = t->next; } while(!CAS(&Top,t,x)); return t->val; } • push or pop may not terminate if other threads continually modify Top • However: some operation will always terminate • This talk: logic & tool for proving lock-freedom lock-freedom

  8. From lock-freedom to termination

  9. Lock-freedom of Treiber's stack data_t pop() { Node *t, *x; do { t = Top; if (t == NULL) return EMPTY; x = t->next; } while(!CAS(&Top,t,x)); return t->val; } structNode { Node *next; data_t val; } *Top; void push(data_t v) { Node *t, *x; x = new Node(); x->val = v; do { t = Top; x->next = t; } while(!CAS(&Top,t,x)); } Pushor Id Pop or Id Shared state Rely/guarantee + separation logic for safety [Vafeiadis-Parkinson 2007]

  10. Lock-freedom of Treiber's stack data_t pop() { Node *t, *x; do { t = Top; if (t == NULL) return EMPTY; x = t->next; } while(!CAS(&Top,t,x)); return t->val; } structNode { Node *next; data_t val; } *Top; void push(data_t v) { Node *t, *x; x = new Node(); x->val = v; do { t = Top; x->next = t; } while(!CAS(&Top,t,x)); } Pushor Id Pop or Id

  11. Lock-freedom of Treiber's stack data_t pop() { Node *t, *x; do { t = Top; if (t == NULL) return EMPTY; x = t->next; } while(!CAS(&Top,t,x)); return t->val; } structNode { Node *next; data_t val; } *Top; void push(data_t v) { Node *t, *x; x = new Node(); x->val = v; do { t = Top; x->next = t; } while(!CAS(&Top,t,x)); } Pushor Id Pop or Id • The do loops terminate if no-one else executes Push or Pop infinitely often • No-one executes PushorPop infinitely often • Hence, push and popterminate

  12. Layered proof “I execute only Push, Pop, or Id” “I execute only Push, Pop, or Id” “I don’t execute Push or Pop infinitely often” “I don’t execute Push or Pop infinitely often” “I terminate” “I terminate”

  13. Layered proof Formalised in a logic for liveness and heaps Guarantees of the form

  14. Proof search strategy Proof valid for an arbitrary number of threads • Run the safety checker: • Iteratively eliminate actions:         

  15. Case studies • Treiber's stack [Treiber 1986] • HSY stack [Hendler+ 2004] • Non-blocking queue [Michael, Scott 1996] • Linked list [Michael 2002] • RDCSS [Harris+ 2002]

  16. Conclusion • Automatic method with proofs reflecting algorithm structure • Hope the general approach can be reused • Lock-based lock-free algorithms require more complex environment assumptions

More Related