reduction: a method of proving properties of parallel programs
DESCRIPTION
Reduction: A Method of Proving Properties of Parallel Programs. By Richard J. Lipton Presented at the Second ACM Symposium of Principles of Programming Languages, Palo Alto, Calif. 1975. acq(this). X. j=bal. bal=j+n. Z. Y. rel(this). S 1. S 0. S 2. S 3. S 5. S 6. S 4. S 7. - PowerPoint PPT PresentationTRANSCRIPT
1
Reduction: A Method of Proving Properties of Parallel Programs
By Richard J. LiptonPresented at the Second ACM Symposium of Principles of Programming Languages, Palo
Alto, Calif. 1975
2
Motivation Prove that a Parallel Program does not halt
acq(this) S1
X S2
j=bal S3
Y S4
bal=j+n S5
Z S6
rel(this) S7 S0
3
X T1
Y T2
acq(this) T3
j=bal S4
bal=j+n S5
rel(this) T6
Z S7 S0
acq(this) S1
X S2
j=bal S3
Y S4
bal=j+n S5
Z S6
rel(this) S7 S0
Motivation Prove that a Parallel Program does not halt
4
Goal
• When proving that a system of processes has a given property it is often convenient to assume that a routine is atomic
• The paper presents a reduction that preserves basic properties such as halting.
• Thus correctness proofs of a system of processes can often be greatly simplified
5
Definitions
6
uninterruptible
• A statement is atomic provided it is never interleaved with the rest of the program.– For instance: A statement might be the three
actions:
Assuming it is uninterruptible reduces it to the single action :
X T1
Y T2𝒙→𝒓 T3
inc r S4𝒓→ 𝒙 S5
Z S7 S0
7
Reduction of P by R
• Reduction of P by R is defined to be the parallel program obtained from P by reducing R to one uninterruptible action.
• Notation: P/R• Two ways in which the reduced Q=P/R program
is simpler than P: 1) Q has fewer actions than P2) Assertions about Q are often simpler than
assertions about P.
8
parbegin…parend
• parbegin parend is to interleave the statements in some arbitrary order until no further execution is possible.
• The statement of each form a distinct process
9
A computation
• A computation is a sequence of statements such that is executed first, then is executed, and so on until the last statement is executed. Since an may be a compound statement, m>k is possible.
• For example if is:
then might be the statement or the statement or even “part” of these statements.
10
Indivisible statement
• Notation:– We assume S has a single entry and a single exit.
• The semantics of are:– In a given state of the parallel program, can execute
provided in this state control is ready to enter S and after S is applied control has left S
– In a given state of the parallel program, the effect of the applying provided it can execute, is the same as that of S.
• The key to the definition of is that we can never apply it when we cannot fully complete its execution
11
P(a), V(a)
• P(a) = • V(a) = • Without closing in brackets is it possible to
“lose counts”.– Example:
value of a can be 1 or 2.
12
• is a computation provided is a computation and can execute in the state that results after is executed.
When is a computation?
13
• Example:
When is a computation? – cont.
a=0 T1
B:V(a) T2 S0
a=0 T1
B:V(a) T2
A:P(a) T3 S0
a=0 T1
A:P(a) T2
B:V(a) T3 S0
14
Halt
• Intuitively halt is like deadlock• Usually want to show that a program does not
halt.• A program halts if there is some computation
such that is not a computation for all statements f.
15
What is the relationship between P and P/S?
16
P/S halts iff P halts?• This is false.• Consider:
• This program halts: Let both repeat’s execute their first P’s; then
a=b=0 and the program has halted.
17
P/S halts iff P halts? – cont.• Now consider the following program P/S:
• leaves both a and b fixed.
18
Why is the assertion false?• It is possible to enter S and not to ever be able
to leave it.• This leads to one restriction on statement S:• (R1) If a statement S is ever entered, then it
must be possible eventually to exit S.
19
Is (R1) enough?• No.• Consider:
• The program halts.• Also, the statement satisfies (R1)
20
Is (R1) enough? – cont.• The program P/S is:
• always sets y to 1.• This program does not halt.
21
Why is the assertion false?• This example fails to satisfy assertion because
the effect and when separated and when together is not the same.
• This observation leads to further restriction:• (R2) The effect of the statement in S when
together and separated must be the same.
22
Right Moverb c
c b
b is right mover
23
Right MoverACQ(l,t) c
c ACQ(l,t)
24
Left Moverb c
c b
c is left mover
25
Left Moverb REL(l,t)
bREL(l,t)
26
Right and Left Moversacq(this) S1
X S2
j=bal S3
Y S4
bal=j+n S5
Z S6
rel(this) S7 S0
Red thread holds lock Blue thread does not hold lock operation y does not access balance
( assuming balance protected by lock) operations commute
27
Right and Left Moversacq(this) S1
X S2
j=bal S3
Y S4
bal=j+n S5
Z S6
rel(this) S7 S0
acq(this) S1
X S2
Y T3
j=bal S4
bal=j+n S5
Z S6
rel(this) S7 S0
Red thread holds lock after acquire operation x does not modify lock operations commute
28
Right and Left Moversacq(this) S1
X S2
j=bal S3
Y S4
bal=j+n S5
Z S6
rel(this) S7 S0
acq(this) S1
X S2
Y T3
j=bal S4
bal=j+n S5
Z S6
rel(this) S7 S0
X T1
acq(this) S2
Y T3
j=bal S4
bal=j+n S5
Z S6
rel(this) S7 S0
29
Right and Left Moversacq(this) S1
X S2
j=bal S3
Y S4
bal=j+n S5
Z S6
rel(this) S7 S0
acq(this) S1
X S2
Y T3
j=bal S4
bal=j+n S5
Z S6
rel(this) S7 S0
X T1
acq(this) S2
Y T3
j=bal S4
bal=j+n S5
Z S6
rel(this) S7 S0
X T1
Y T2
acq(this) T3
j=bal S4
bal=j+n S5
Z S6
rel(this) S7 S0
30
Right and Left Movers
X T1
Y T2
acq(this) T3
j=bal S4
bal=j+n S5
rel(this) T6
Z S7 S0
acq(this) S1
X S2
j=bal S3
Y S4
bal=j+n S5
Z S6
rel(this) S7 S0
acq(this) S1
X S2
Y T3
j=bal S4
bal=j+n S5
Z S6
rel(this) S7 S0
X T1
acq(this) S2
Y T3
j=bal S4
bal=j+n S5
Z S6
rel(this) S7 S0
X T1
Y T2
acq(this) T3
j=bal S4
bal=j+n S5
Z S6
rel(this) S7 S0
31
Right and left movers
• f is a right mover provided – for any a computation where f and h lie in different
processes, then is also a computation– The values of all the program variables in and are the
same.• f is a left mover provided– For any a computation where h and g lie in different
processes, then is also a computation – The values of all the program variables in and are the
same.
32
PV parallel program
• A program is a PV parallel program provided there is a distinguished subset of the program variables called semaphores with integer values such that they can be used only in either or .
33
D-reduction • Replacing with is a D-reduction provided, for
some i, are right movers and are left movers ( is unconstrained) and each can always execute.
34
Theorem 1.In any PV parallel program all P(a)’s are right
movers, and all V(a)’s are left movers.Theorem 2.
Suppose that S is a D-reduction in P. Then P halts iff P/S halts.
35
Proof of Theorem 2
• If P/S halts then P halts • This is true because for every scheduling in
which P/S halts, p halts since the same scheduling can be applied to it.
36
Proof of Theorem 2
• If P halts then P/S halts • Proof outline:– Assume P halts– Let be a computation that halts in P.– Assume that – Construct a computation such that all the
program variables agree after and are executed, and always occur atomically in .
– Assume that there are no goto’s in
37
Proof of Theorem 2
• LEMMA 1. Suppose that is a computation in P with i>1. Then where no statement from the process of is in .
• This follows because S has a single entry and no goto’s.
38
Proof of Theorem 2
• LEMMA 2. Suppose that is a computation that halts in P with i<n. Then where no statement from the process of is in .
• This follows because:– If any f occurs in where f is in the process of then the
first such f must be .– Assume that no such f is in . In control must be ready
to enter ; therefore is a computation (because by definition D-reduction can always execute), which is a contradiction because halts.
39
Proof of Theorem 2
• If no is in
then is already in the desired form. (let )
A S1
X S2
𝑩 S3
Y S4
C S5
Z S6
D S7 S0
40
Proof of Theorem 2Thus suppose that some is in .
𝝀 S1
𝑺𝒊−𝟏 S2
𝝁 S3
𝑺𝒊 S4
𝜷 ′ S5 S0
S1
𝜶 ′ S2
𝑺𝒊 S3
𝜷 ′ S4
𝝀 S1 S2
𝝁 S3
𝑺𝒊 S4
𝝀 S5
𝑺𝒊+𝟏 S6
𝝁 ′ S7 S0
By definition of D-reduction𝝀 S1 S2
𝑺𝟏 S3
… S4
𝑺𝒏 S5
𝝀 S6
𝝁 ′ S7 S0
𝝀 S1 S2
𝝁 S3
𝑺𝟐 S4
… S5
𝑺𝒏 S6
𝝁 ′ S7 S0
41
Proof of Theorem 2
• This can be repeated to for the desired computation . Now is a computation where no is in any and and agree on all program variables.
• If halts in P\S then the theorem is proved. • Assume that does not halt in P\S, and that is a
computation in P\S.• Then is a computation in P, since and agree on
all program variables. This is a contradiction.
42
Applications
43
Example 1
• By theorem 1 and 2, the aforementioned halts iff the following program halts:
44
Example 1 – cont.
• Therefore Example 1 halts iff the following halts:
45
Example 1 – cont.• Once again theorem 1 and 2 can be applied;
hence the aforementioned halts iff the following halts:
46
Example 1 – cont.
• Therefore the aforementioned halts iff the following halts:
• This program never halts! Thus Example 1 never halts
47
Example 2
• After applying theorem 1 and 2, Example 2 halts iff the following halts:
48
Example 2 – cont.• The effect of is to decrement a by 1 and
increment b by 1.• The effect of is to decrement b by 1 and
increment a by 1.• Thus a+b is conserved and is always equal to
N.
49
Example 2 – cont.• can execute iff a>0 and can execute iff b>0. • Since a+b=N>0, it is not possible for the
program to halt. • Hence Example 2 does not halt.
50
Conclusion
• In a wide number of nontrivial instances reduction preserves important properties.
• Reduction aids in correctness proof• Note theorem 2 proved that for every computation
that halts in P there’s a computation that halts in P/S that agrees on all program variables.
• Thus if S is a D-reduction the final states of P equal the final states of P/S
• D-reduction then preserves any property that depends only on a program’s final state.
51
Questions?