sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures...
TRANSCRIPT
![Page 1: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/1.jpg)
sequential verificationfor serializability
H. Attiya
Queen Mary
POPL’10 Madrid, Spain 20-January-2010
G. Ramalingam N. Rinetzky
Technion MSR India
Monday, 12 April 2010
![Page 2: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/2.jpg)
• goal verify concurrent data structures
• problem interleaving
• solution ignore problem
Monday, 12 April 2010
![Page 3: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/3.jpg)
• goal verify concurrent data structures
• problem interleaving
• solution ignore problem
1. verify assuming single-threaded contexts
2. conclude results hold in multithread contexts
Monday, 12 April 2010
![Page 4: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/4.jpg)
• goal verify concurrent data structures
• problem interleaving
• solution ignore problem
1. verify assuming single-threaded contexts
2. conclude results hold in multithread contexts
Monday, 12 April 2010
![Page 5: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/5.jpg)
main idea
• sequential verification for serializability
• use serilizability for sequential verification
• memory safety, assertions, data invariants, ...
⇒data structure “behaves well”
when used by a single thread
any concurrent execution of the data structure operations is
serializable
Monday, 12 April 2010
![Page 6: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/6.jpg)
this talk
• sequential verification for serializability
⇒data structure “behaves well”
when used by a single thread
any concurrent execution of the data structure operations is
serializable
Monday, 12 April 2010
![Page 7: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/7.jpg)
preliminaries
• executions
• concurrent, sequential, non-interleaved
• completability
• conflict-serializability (CS)
• CS-locking protocols
Monday, 12 April 2010
![Page 8: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/8.jpg)
executions
complete operation operation
operation
|| ||(concurrent) execution
complete operation operation complete operation
; ;sequential execution
add s and e
Monday, 12 April 2010
![Page 9: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/9.jpg)
non-interleaved executions
• a thread is given only one chance to run
• several operations may not complete
• total order between operations complete operation operation operation
|; |;non-interleaved execution
Monday, 12 April 2010
![Page 10: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/10.jpg)
non-interleaved executions
• a thread is given only one chance to run
• several operations may not complete
• total order between operations complete operation operation operation
|; |;non-interleaved execution
Monday, 12 April 2010
![Page 11: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/11.jpg)
non-interleaved executions
• a thread is given only one chance to run
• several operations may not complete
• total order between operations complete operation operation operation
|; |;non-interleaved execution
complete operation operation complete operation
; ;sequential execution
Monday, 12 April 2010
![Page 12: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/12.jpg)
completability
• termination => completability
Monday, 12 April 2010
![Page 13: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/13.jpg)
conflict-serializability (CS)
complete operation operation
operation
read Ywrite Y|| ||
write Xwrite X
conflict conflict
Monday, 12 April 2010
![Page 14: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/14.jpg)
conflict-serializability (CS)
complete operation operation
operation
read Ywrite Y|| ||
write Xwrite X
conflict conflict
complete operation operation operation
|; |;non-interleaved execution
Monday, 12 April 2010
![Page 15: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/15.jpg)
conflict-serializability (CS)
complete operation operation
operation
read Ywrite Y|| ||
write Xwrite X
conflict conflict
complete operation operation operation
|; |;non-interleaved execution
Monday, 12 April 2010
![Page 16: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/16.jpg)
conflict-serializability (CS)
complete operation operation
operation
read Ywrite Y|| ||
write Xwrite X
conflict conflict
complete operation operation operation
non-interleaved execution
~~~ conflict
|; |;
Monday, 12 April 2010
![Page 17: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/17.jpg)
• CS-locking protocols
• common programming discipline to obtain conflict-serializability
• lock-protected accesses
• special locking patterns
• ...
CS in practice
Monday, 12 April 2010
![Page 18: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/18.jpg)
CS-locking protocols• common programming discipline to obtain
conflict-serializability
• two-phase locking [Papadimitiriou ’79]
• tree (hand-over-hand) locking [Kedem et al. ’81]
• dag locking [Chaudhri et al. ’95]
⊨concurrent execution
locking protocol
concurrent execution:
⇒ ⊨ CSconcurrent execution
∀
Monday, 12 April 2010
![Page 19: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/19.jpg)
our contributions
Monday, 12 April 2010
![Page 20: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/20.jpg)
sequential reductions for CS-locking protocols
• two-phase locking
• tree (hand-over-hand) locking
• dag locking
• progressive local CS-locking protocols
⇒∀⊨sequential execution∀ ⊨concurrent
executionlocking
protocol
locking protocol
completable∧
Monday, 12 April 2010
![Page 21: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/21.jpg)
sequential verificationfor conflict-serializability
⇒∀⊨sequential execution∀ ⊨concurrent
executionlocking
protocol
⊨concurrent execution
locking protocol
concurrent execution:
⇒ ⊨ CSconcurrent execution
∀
locking protocol
completable∧
Monday, 12 April 2010
![Page 22: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/22.jpg)
sequential verificationfor conflict-serializability
∀ ⊨concurrent execution
locking protocol
⇒∀⊨concurrent execution
locking protocol∀ ⊨concurrent
execution CS
⇒⇒⊨sequential execution∀
locking protocol
completable∧
Monday, 12 April 2010
![Page 23: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/23.jpg)
⇒sequential verificationfor conflict-serializability
∀ ⊨concurrent execution
locking protocol
∀ ⊨concurrent execution CS
⇒⊨sequential execution∀
locking protocol
completable∧
Monday, 12 April 2010
![Page 24: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/24.jpg)
⇒ ⇒sequential verificationfor conflict-serializability
∀ ⊨concurrent execution
locking protocol
∀ ⊨concurrent execution CS
⇒⊨sequential
execution∀ locking protocol
finite sequence of operations terminates
∧
⊨sequential execution∀
locking protocol
completable∧
∀
Monday, 12 April 2010
![Page 25: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/25.jpg)
example
• dynamic tree (hand-over-hand) locking
• heap-allocated tree-like data structures
• hand-over-hand traversal
• lock object before using its fields
• lock child before unlock parent
• never lock object twice
• ...
Monday, 12 April 2010
![Page 26: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/26.jpg)
1. verify hand-over-hand list implementation using the most general single-thread client
1. correctly follows the protocol
2. every call terminates ⇒ completability
2. apply sequential reduction theorem
3. conclude hand-over-hand list correctly follows the protocol
verification outline
Monday, 12 April 2010
![Page 27: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/27.jpg)
bool find(int v){ ACQUIRE H; if (H != null){ Node p = H; acquire(p); RELEASE H; Node c = p.n; if (c != null){ acquire(c);
while (c & c.d<v){ release(p); p = c; c = p.n; acquire(c); }
hand-over-hand locking
if (c & c.d==v){ Node y = c.n; c.n = null; p.n = y; }
release(p); if (c) release(c); } else { ...
bool b = false; if (c & c.d==v) b = true;
release(p); if (c) release(c); return b; } else { ...
insert(int v){ ACQUIRE H; if (H != null){ Node p = H; acquire(p); RELEASE H; Node c = p.n; if (c != null){ acquire(c);
while (c & c.d<v){ release(p); p = c; c = p.n; acquire(c); }
if (c & c.d<v){ Node x = alloc Node; p.n = x; x.d = v; x.n = c; }
release(p); if (c) release(c); } else { ...
Type Node { int d; Node n;}Node H = null;
remove(int v){ ACQUIRE H; if (H != null){ Node p = H; acquire(p); RELEASE H; Node c = p.n; if (c != null){ acquire(c);
while (c & c.d<v){ release(p); p = c; c = p.n; acquire(c); }
Monday, 12 April 2010
![Page 28: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/28.jpg)
hand-over-hand locking
-4 7 18 25 33-9Hn n n n n
if (c & c.d==v){ Node y = c.n; c.n = null; p.n = y; }
release(p); if (c) release(c); } else { ...
remove(int v) { ACQUIRE H; if (H != null) { Node p = H; acquire(p); RELEASE H; Node c = p.n; if (c != null) { acquire(c);
while (c & c.d<v){ release(p); p = c; c = p.n; acquire(c); }
: remove(18)
Monday, 12 April 2010
![Page 29: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/29.jpg)
hand-over-hand locking
-4 7 18 25 33-9Hn n n n n
: remove(18)
if (c & c.d==v){ Node y = c.n; c.n = null; p.n = y; }
release(p); if (c) release(c); } else { ...
remove(int v) { ACQUIRE H; if (H != null) { Node p = H; acquire(p); RELEASE H; Node c = p.n; if (c != null) { acquire(c);
while (c & c.d<v){ release(p); p = c; c = p.n; acquire(c); }
Monday, 12 April 2010
![Page 30: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/30.jpg)
hand-over-hand locking
-4 7 18 25 33-9Hn n n n n
p
if (c & c.d==v){ Node y = c.n; c.n = null; p.n = y; }
release(p); if (c) release(c); } else { ...
remove(int v) { ACQUIRE H; if (H != null) { Node p = H; acquire(p); RELEASE H; Node c = p.n; if (c != null) { acquire(c);
while (c & c.d<v){ release(p); p = c; c = p.n; acquire(c); }
: remove(18)
Monday, 12 April 2010
![Page 31: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/31.jpg)
hand-over-hand locking
-4 7 18 25 33-9Hn n n n n
p
if (c & c.d==v){ Node y = c.n; c.n = null; p.n = y; }
release(p); if (c) release(c); } else { ...
remove(int v) { ACQUIRE H; if (H != null) { Node p = H; acquire(p); RELEASE H; Node c = p.n; if (c != null) { acquire(c);
while (c & c.d<v){ release(p); p = c; c = p.n; acquire(c); }
: remove(18)
Monday, 12 April 2010
![Page 32: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/32.jpg)
hand-over-hand locking
-4 7 18 25 33-9Hn n n n n
p
if (c & c.d==v){ Node y = c.n; c.n = null; p.n = y; }
release(p); if (c) release(c); } else { ...
remove(int v) { ACQUIRE H; if (H != null) { Node p = H; acquire(p); RELEASE H; Node c = p.n; if (c != null) { acquire(c);
while (c & c.d<v){ release(p); p = c; c = p.n; acquire(c); }
: remove(18)
Monday, 12 April 2010
![Page 33: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/33.jpg)
hand-over-hand locking
-4 7 18 25 33-9Hn n n n n
p c
if (c & c.d==v){ Node y = c.n; c.n = null; p.n = y; }
release(p); if (c) release(c); } else { ...
remove(int v) { ACQUIRE H; if (H != null) { Node p = H; acquire(p); RELEASE H; Node c = p.n; if (c != null) { acquire(c);
while (c & c.d<v){ release(p); p = c; c = p.n; acquire(c); }
: remove(18)
Monday, 12 April 2010
![Page 34: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/34.jpg)
hand-over-hand locking
-4 7 18 25 33-9Hn n n n n
p c
if (c & c.d==v){ Node y = c.n; c.n = null; p.n = y; }
release(p); if (c) release(c); } else { ...
remove(int v) { ACQUIRE H; if (H != null) { Node p = H; acquire(p); RELEASE H; Node c = p.n; if (c != null) { acquire(c);
while (c & c.d<v){ release(p); p = c; c = p.n; acquire(c); }
: remove(18)
Monday, 12 April 2010
![Page 35: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/35.jpg)
hand-over-hand locking
-4 7 18 25 33-9Hn n n n n
p c
if (c & c.d==v){ Node y = c.n; c.n = null; p.n = y; }
release(p); if (c) release(c); } else { ...
remove(int v) { ACQUIRE H; if (H != null) { Node p = H; acquire(p); RELEASE H; Node c = p.n; if (c != null) { acquire(c);
while (c & c.d<v){ release(p); p = c; c = p.n; acquire(c); }
: remove(18)
Monday, 12 April 2010
![Page 36: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/36.jpg)
hand-over-hand locking
-4 7 18 25 33-9Hn n n n n
p c
if (c & c.d==v){ Node y = c.n; c.n = null; p.n = y; }
release(p); if (c) release(c); } else { ...
remove(int v) { ACQUIRE H; if (H != null) { Node p = H; acquire(p); RELEASE H; Node c = p.n; if (c != null) { acquire(c);
while (c & c.d<v){ release(p); p = c; c = p.n; acquire(c); }
: remove(18)
Monday, 12 April 2010
![Page 37: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/37.jpg)
hand-over-hand locking
-4 7 18 25 33-9Hn n n n n
p c
if (c & c.d==v){ Node y = c.n; c.n = null; p.n = y; }
release(p); if (c) release(c); } else { ...
remove(int v) { ACQUIRE H; if (H != null) { Node p = H; acquire(p); RELEASE H; Node c = p.n; if (c != null) { acquire(c);
while (c & c.d<v){ release(p); p = c; c = p.n; acquire(c); }
: remove(18)
Monday, 12 April 2010
![Page 38: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/38.jpg)
hand-over-hand locking
-4 7 18 25 33-9Hn n n n n
p c
if (c & c.d==v){ Node y = c.n; c.n = null; p.n = y; }
release(p); if (c) release(c); } else { ...
remove(int v) { ACQUIRE H; if (H != null) { Node p = H; acquire(p); RELEASE H; Node c = p.n; if (c != null) { acquire(c);
while (c & c.d<v){ release(p); p = c; c = p.n; acquire(c); }
: remove(18)
Monday, 12 April 2010
![Page 39: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/39.jpg)
hand-over-hand locking
-4 7 18 25 33-9Hn n n n n
p c
if (c & c.d==v){ Node y = c.n; c.n = null; p.n = y; }
release(p); if (c) release(c); } else { ...
remove(int v) { ACQUIRE H; if (H != null) { Node p = H; acquire(p); RELEASE H; Node c = p.n; if (c != null) { acquire(c);
while (c & c.d<v){ release(p); p = c; c = p.n; acquire(c); }
: remove(18)
Monday, 12 April 2010
![Page 40: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/40.jpg)
hand-over-hand locking
-4 7 18 25 33-9Hn n n n n
p c
if (c & c.d==v){ Node y = c.n; c.n = null; p.n = y; }
release(p); if (c) release(c); } else { ...
remove(int v) { ACQUIRE H; if (H != null) { Node p = H; acquire(p); RELEASE H; Node c = p.n; if (c != null) { acquire(c);
while (c & c.d<v){ release(p); p = c; c = p.n; acquire(c); }
: remove(18)
Monday, 12 April 2010
![Page 41: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/41.jpg)
hand-over-hand locking
-4 7 18 25 33-9Hn n n n n
p c
if (c & c.d==v){ Node y = c.n; c.n = null; p.n = y; }
release(p); if (c) release(c); } else { ...
remove(int v) { ACQUIRE H; if (H != null) { Node p = H; acquire(p); RELEASE H; Node c = p.n; if (c != null) { acquire(c);
while (c & c.d<v){ release(p); p = c; c = p.n; acquire(c); }
: remove(18)
Monday, 12 April 2010
![Page 42: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/42.jpg)
hand-over-hand locking
-4 7 18 25 33-9Hn n n n n
p c
if (c & c.d==v){ Node y = c.n; c.n = null; p.n = y; }
release(p); if (c) release(c); } else { ...
remove(int v) { ACQUIRE H; if (H != null) { Node p = H; acquire(p); RELEASE H; Node c = p.n; if (c != null) { acquire(c);
while (c & c.d<v){ release(p); p = c; c = p.n; acquire(c); }
: remove(18)
Monday, 12 April 2010
![Page 43: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/43.jpg)
hand-over-hand locking
-4 7 18 25 33-9Hn n n n n
p c
if (c & c.d==v){ Node y = c.n; c.n = null; p.n = y; }
release(p); if (c) release(c); } else { ...
remove(int v) { ACQUIRE H; if (H != null) { Node p = H; acquire(p); RELEASE H; Node c = p.n; if (c != null) { acquire(c);
while (c & c.d<v){ release(p); p = c; c = p.n; acquire(c); }
: remove(18)
Monday, 12 April 2010
![Page 44: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/44.jpg)
hand-over-hand locking
-4 7 18 25 33-9Hn n n n n
p c y
if (c & c.d==v){ Node y = c.n; c.n = null; p.n = y; }
release(p); if (c) release(c); } else { ...
remove(int v) { ACQUIRE H; if (H != null) { Node p = H; acquire(p); RELEASE H; Node c = p.n; if (c != null) { acquire(c);
while (c & c.d<v){ release(p); p = c; c = p.n; acquire(c); }
: remove(18)
Monday, 12 April 2010
![Page 45: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/45.jpg)
hand-over-hand locking
-4 7 18 25 33-9Hn n n n
p c y
if (c & c.d==v){ Node y = c.n; c.n = null; p.n = y; }
release(p); if (c) release(c); } else { ...
remove(int v) { ACQUIRE H; if (H != null) { Node p = H; acquire(p); RELEASE H; Node c = p.n; if (c != null) { acquire(c);
while (c & c.d<v){ release(p); p = c; c = p.n; acquire(c); }
: remove(18)
Monday, 12 April 2010
![Page 46: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/46.jpg)
hand-over-hand locking
-4 7 18 25 33-9Hn n n
p c y
n
if (c & c.d==v){ Node y = c.n; c.n = null; p.n = y; }
release(p); if (c) release(c); } else { ...
remove(int v) { ACQUIRE H; if (H != null) { Node p = H; acquire(p); RELEASE H; Node c = p.n; if (c != null) { acquire(c);
while (c & c.d<v){ release(p); p = c; c = p.n; acquire(c); }
: remove(18)
Monday, 12 April 2010
![Page 47: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/47.jpg)
insert(int v) { ACQUIRE H; if (H != null) { Node p = H; acquire(p); RELEASE H; Node c = p.n; if (c != null) { acquire(c); ...
remove(int v) { ACQUIRE H; if (H != null) { Node p = H; acquire(p); RELEASE H; Node c = p.n; if (c != null) { acquire(c); ...
find(int v) { ACQUIRE H; if (H != null) { Node p = H; acquire(p); RELEASE H; Node c = p.n; if (c != null) { acquire(c); ...
sequential verificationof hand-over-hand-locking
Monday, 12 April 2010
![Page 48: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/48.jpg)
sequential shape reasoning
if (c & c.d==v){ Node y = c.n; c.n = null; p.n = y; }
release(p); if (c) release(c); } else { ...
remove(int v) { ACQUIRE H; if (H != null) { Node p = H; acquire(p); RELEASE H; Node c = p.n; if (c != null) { acquire(c);
while (c & c.d<v){ release(p); p = c; c = p.n; acquire(c); }
-4 7 18 25 33-9Hn n n n n
p c
Monday, 12 April 2010
![Page 49: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/49.jpg)
✓ ✓✓insert(int v) { ACQUIRE H; if (H != null) { Node p = H; acquire(p); RELEASE H; Node c = p.n; if (c != null) { acquire(c); ...
remove(int v) { ACQUIRE H; if (H != null) { Node p = H; acquire(p); RELEASE H; Node c = p.n; if (c != null) { acquire(c); ...
find(int v) { ACQUIRE H; if (H != null) { Node p = H; acquire(p); RELEASE H; Node c = p.n; if (c != null) { acquire(c); ...
∀ sequential execution ⊨hand-over-hand locking
Monday, 12 April 2010
![Page 50: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/50.jpg)
✓ ✓✓insert(int v) { ACQUIRE H; if (H != null) { Node p = H; acquire(p); RELEASE H; Node c = p.n; if (c != null) { acquire(c); ...
remove(int v) { ACQUIRE H; if (H != null) { Node p = H; acquire(p); RELEASE H; Node c = p.n; if (c != null) { acquire(c); ...
find(int v) { ACQUIRE H; if (H != null) { Node p = H; acquire(p); RELEASE H; Node c = p.n; if (c != null) { acquire(c); ...
sequential termination
-4 7 18 25 33-9Hn n n
p c y
nMonday, 12 April 2010
![Page 51: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/51.jpg)
ACNI-reduction
⇒⇒
⊨LP∀ complete operation operation operation
sequential reductionfor hand-over-hand locking
⊨∀ complete operation operation complete operation
NI-reduction
complete operation operation
operation
∀ ⊨
|; |;
; ;
|| || LP
LPsequential
termination+
Monday, 12 April 2010
![Page 52: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/52.jpg)
✓ ✓✓insert(int v) { ACQUIRE H; if (H != null) { Node p = H; acquire(p); RELEASE H; Node c = p.n; if (c != null) { acquire(c); ...
remove(int v) { ACQUIRE H; if (H != null) { Node p = H; acquire(p); RELEASE H; Node c = p.n; if (c != null) { acquire(c); ...
find(int v) { ACQUIRE H; if (H != null) { Node p = H; acquire(p); RELEASE H; Node c = p.n; if (c != null) { acquire(c); ...
∀ concurrent execution ⊨hand-over-hand-locking
Monday, 12 April 2010
![Page 53: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/53.jpg)
“ignoring interleavings”
-4 7 18 25 33-9Hn n
p c y
n
p cp
|| || ||...
Monday, 12 April 2010
![Page 54: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/54.jpg)
sequential reductionfor CS-locking protocols
• NI-reduction
• ACNI-reduction
⇒∀⊨sequential execution
locking protocol∀ ⊨concurrent
executionlocking
protocolcompletable
∧
Monday, 12 April 2010
![Page 55: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/55.jpg)
NI-reduction
LP∀ complete operation operation operation
complete operation operation
operation
∀ ⊨LP
|; |;
|| ||
⊨⇒
Monday, 12 April 2010
![Page 56: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/56.jpg)
complete operation
ACNI-reduction
complete operation operation operation
|; |;
; ;
complete operation operation
LP∀
∀ ⊨LP
⊨⇒
Monday, 12 April 2010
![Page 57: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/57.jpg)
non-interleaved execution ⊭ LP
int Y = 0;
setY(){ ACQUIRE Y; Y = 1; RELEASE Y; while (true) skip;}
|; ACQUIRE Y; Y=1; RELEASE Y; ACQUIRE Y; y=Y; RELEASE Y; violate LP
getY(){ ACQUIRE Y; int y = Y; RELEASE Y; if (y == 1)
violate LP}
Monday, 12 April 2010
![Page 58: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/58.jpg)
∀ sequential execution ⊨ LP
int Y = 0;
setY(){ ACQUIRE Y; Y = 1; RELEASE Y; while (true) skip;}
getY(){ ACQUIRE Y; int y = Y; RELEASE Y; if (y == 1)
violate LP}
ACQUIRE Y; y=Y; RELEASE Y; violate LP|; ACQUIRE Y; Y=1; RELEASE Y; skip; skip; skip; ...
Monday, 12 April 2010
![Page 59: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/59.jpg)
execution not completable
int Y = 0;
setY(){ ACQUIRE Y; Y = 1; RELEASE Y; while (true) skip;}
getY(){ ACQUIRE Y; int y = Y; RELEASE Y; if (y == 1)
violate LP}
ACQUIRE Y; Y=1; RELEASE Y; skip; skip; skip; ...
Monday, 12 April 2010
![Page 60: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/60.jpg)
completability weaker than sequential termination
int Y = 0;
setY(){ ACQUIRE Y; Y = 1; RELEASE Y; while (*) skip;}
getY(){ ACQUIRE Y; int y = Y; RELEASE Y; if (y == 1)
violate LP}
ACQUIRE Y; Y=1; RELEASE Y; skip; skip; skip; ...
Monday, 12 April 2010
![Page 61: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/61.jpg)
int Y = 0;
setY(){ ACQUIRE Y; Y = 1; RELEASE Y; while (*) skip;}
getY(){ ACQUIRE Y; int y = Y; RELEASE Y; if (y == 1)
violate LP}
ACQUIRE Y; Y=1; RELEASE Y; skip; skip; skip; ...
completability weaker than sequential termination
skip; skip
complete operation
Monday, 12 April 2010
![Page 62: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/62.jpg)
complete operation
ACNI-reduction
complete operation operation operation
|; |;
; ;
complete operation operation
LP∀
∀ ⊨LP
⊨⇒completable
∧
Monday, 12 April 2010
![Page 63: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/63.jpg)
ACNI-reduction
⇒⇒
⊨LP∀ complete operation operation operation
sequential reductionfor CS-locking protocols
⊨LP∀
complete operation operation complete operation
NI-reduction
complete operation operation
operation
∀ ⊨LP
|; |;
; ;
|| ||
completable∧
Monday, 12 April 2010
![Page 64: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/64.jpg)
shape analysis
• TVLA [Sagiv et al., TOPLAS’02][Lev-Ami, Sagiv, SAS’00]
• hand-over-hand locking
• termination
singly linked list 4 sec. 4 MB
binary tree 125 sec. 91 MB
Monday, 12 April 2010
![Page 65: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/65.jpg)
main results• sequential reductions for CS-locking
protocols
• local CS-locking protocols
• progressive local CS-locking protocols
• sequential analyses for serializability
• verifiable properties and techniques
• shape analysis adapting TVLA ‘s existing shape analyses of sequential lists & trees
Monday, 12 April 2010
![Page 66: sequential verification formaon/talks/popl10-seqser.pdf•goal verify concurrent data structures • problem interleaving • solution ignore problem 1. verify assuming single-threaded](https://reader031.vdocument.in/reader031/viewer/2022021821/5af4d8337f8b9a92718e15dc/html5/thumbnails/66.jpg)
thank you!
ignore your problemsand they (sometimes) go away ...
Monday, 12 April 2010