tracelets : a model for the laws of concurrent programming
DESCRIPTION
Tracelets : a Model for the Laws of Concurrent Programming . Tony Hoare OxfordFeb 2012. Our Universe. E is a set of events that can occur in or around a computer during execution of a program drawn as boxes. D is a set of dependencies between the events drawn as arrows between boxes - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Tracelets : a Model for the Laws of Concurrent Programming](https://reader035.vdocument.in/reader035/viewer/2022062323/56816766550346895ddc48a5/html5/thumbnails/1.jpg)
Tracelets:a Model for the
Laws of Concurrent Programming
Tony Hoare
Oxford Feb 2012
![Page 2: Tracelets : a Model for the Laws of Concurrent Programming](https://reader035.vdocument.in/reader035/viewer/2022062323/56816766550346895ddc48a5/html5/thumbnails/2.jpg)
Our Universe
• E is a set of events that can occur in or around a computer during execution of a program– drawn as boxes.
• D is a set of dependencies between the events– drawn as arrows between boxes– e --> f means f depends on e
• source, target: D --> E• source(d) --> target(d)
![Page 3: Tracelets : a Model for the Laws of Concurrent Programming](https://reader035.vdocument.in/reader035/viewer/2022062323/56816766550346895ddc48a5/html5/thumbnails/3.jpg)
Labels
• P are sets of properties of D or E– e.g., the type of command executed– the objects involved in the event– the value of the data transmitted on the arrow
• labels:E + D --> P– labels(e) are drawn in the box, – labels(d) on top of the arrow
![Page 4: Tracelets : a Model for the Laws of Concurrent Programming](https://reader035.vdocument.in/reader035/viewer/2022062323/56816766550346895ddc48a5/html5/thumbnails/4.jpg)
A tracelet
is a subset of E , denoted by p, q, r . For example:• a trace of a single execution of a program• or of a single execution of a command • or of a single object used in the execution• I = { }, the tracelet that contains no event
![Page 5: Tracelets : a Model for the Laws of Concurrent Programming](https://reader035.vdocument.in/reader035/viewer/2022062323/56816766550346895ddc48a5/html5/thumbnails/5.jpg)
An object
• is used by a program to store or transmit data– e.g., a variable, a semaphore, a channel, …
• Its behaviour is modelled by a tracelet – containing some or all events
in which it has engaged• A trace of a complete program execution– is the union of all the tracelets
for every resource that it has used
![Page 6: Tracelets : a Model for the Laws of Concurrent Programming](https://reader035.vdocument.in/reader035/viewer/2022062323/56816766550346895ddc48a5/html5/thumbnails/6.jpg)
Pictorially
ν δ
ν labels the allocation of an object.δ labels its disposal.
All other events of its tracelet lie in between
![Page 7: Tracelets : a Model for the Laws of Concurrent Programming](https://reader035.vdocument.in/reader035/viewer/2022062323/56816766550346895ddc48a5/html5/thumbnails/7.jpg)
A variable
ν δ
:=4 labels an assignment of value 4=4 labels a fetch of value 4
:=3:=2:=4
=4 =3=2
=2
![Page 8: Tracelets : a Model for the Laws of Concurrent Programming](https://reader035.vdocument.in/reader035/viewer/2022062323/56816766550346895ddc48a5/html5/thumbnails/8.jpg)
Object names
νx δx
may be added to the labels
x:=3x:=2x:=4
x= 4 x=3x=2
x=2
![Page 9: Tracelets : a Model for the Laws of Concurrent Programming](https://reader035.vdocument.in/reader035/viewer/2022062323/56816766550346895ddc48a5/html5/thumbnails/9.jpg)
A variable
ν δ
The arrows from each fetch to the next assignment ensures prompt overwriting
:=3:=2:=4
=4 =3=2
=2
![Page 10: Tracelets : a Model for the Laws of Concurrent Programming](https://reader035.vdocument.in/reader035/viewer/2022062323/56816766550346895ddc48a5/html5/thumbnails/10.jpg)
Weak memory
ν δ
… which does not occur in modern weak memories.
:=3:=2:=4
=4 =3=2
=2
![Page 11: Tracelets : a Model for the Laws of Concurrent Programming](https://reader035.vdocument.in/reader035/viewer/2022062323/56816766550346895ddc48a5/html5/thumbnails/11.jpg)
A Semaphore
ν
δ
• P is an acquisition of the semaphore• V is a release (by the same owner)
V P V
P
![Page 12: Tracelets : a Model for the Laws of Concurrent Programming](https://reader035.vdocument.in/reader035/viewer/2022062323/56816766550346895ddc48a5/html5/thumbnails/12.jpg)
A buffered channel
ν δ
!4 labels an output of value 4?4 labels an input of value 4
!=3!2!4
?4 ?3?2
![Page 13: Tracelets : a Model for the Laws of Concurrent Programming](https://reader035.vdocument.in/reader035/viewer/2022062323/56816766550346895ddc48a5/html5/thumbnails/13.jpg)
A single-buffered channel
δ!3!2!4
?4 ?3?2
Each output depends on prior input of the previous message
ν
![Page 14: Tracelets : a Model for the Laws of Concurrent Programming](https://reader035.vdocument.in/reader035/viewer/2022062323/56816766550346895ddc48a5/html5/thumbnails/14.jpg)
A complete program trace
is the union of the tracelets for every command that it contains. • The tracelet of a command can be analysed
into sub-tracelets for each of its immediate sub-commands.
• The analysis determines whether the trace is a valid trace for the program.
![Page 15: Tracelets : a Model for the Laws of Concurrent Programming](https://reader035.vdocument.in/reader035/viewer/2022062323/56816766550346895ddc48a5/html5/thumbnails/15.jpg)
Concurrent Composition
• p|q = p q, provided that p q = { }– otherwise the analysis is invalid, because no event
is an execution of two distinct commands.
• Theorem: | is associative and commutative with unit
![Page 16: Tracelets : a Model for the Laws of Concurrent Programming](https://reader035.vdocument.in/reader035/viewer/2022062323/56816766550346895ddc48a5/html5/thumbnails/16.jpg)
Definitions
• p --> q = e є p, f є q . e --> f
• p => q = p = q or p is undefined.
![Page 17: Tracelets : a Model for the Laws of Concurrent Programming](https://reader035.vdocument.in/reader035/viewer/2022062323/56816766550346895ddc48a5/html5/thumbnails/17.jpg)
Sequential Composition
• p ; q = p|q provided not q --> p– otherwise the analysis is invalid, because no event
in execution of the first command can depend on any event in the execution of the second.
• Theorem:; is associative with unit
![Page 18: Tracelets : a Model for the Laws of Concurrent Programming](https://reader035.vdocument.in/reader035/viewer/2022062323/56816766550346895ddc48a5/html5/thumbnails/18.jpg)
Example
x := 3
x := 4
If x is a shared variable
x := 3 ; x:=4 =
![Page 19: Tracelets : a Model for the Laws of Concurrent Programming](https://reader035.vdocument.in/reader035/viewer/2022062323/56816766550346895ddc48a5/html5/thumbnails/19.jpg)
Or,
x := 3 x := 4
if blue arrows are equal,x := 3 ; x:=4 =
![Page 20: Tracelets : a Model for the Laws of Concurrent Programming](https://reader035.vdocument.in/reader035/viewer/2022062323/56816766550346895ddc48a5/html5/thumbnails/20.jpg)
Theorems• p;q => p|q– Proof: they are equal whenever not q --> p– otherwise, lhs is undefined
• (p|p’);q => p|(p’;q)– they are equal when they are both defined– if rhs is undefined, then q --> p’– which implies that q --> (p’|q), – therefore the lhs is also undefined.
![Page 21: Tracelets : a Model for the Laws of Concurrent Programming](https://reader035.vdocument.in/reader035/viewer/2022062323/56816766550346895ddc48a5/html5/thumbnails/21.jpg)
Exchange laws
• p;(q|q’) => (p;q)|q’– proof similar
• (p|p’);(q|q’) => (p;q)|(p’;q’)– proof similar
• All exchange laws are derivable from the last,– by substituting for p’, or q’,– or for both q and q’
![Page 22: Tracelets : a Model for the Laws of Concurrent Programming](https://reader035.vdocument.in/reader035/viewer/2022062323/56816766550346895ddc48a5/html5/thumbnails/22.jpg)
Separating concurrency?
• r = p||q = r = p;q & r = q;p– there is no arrow between p and q
• BUT– this would prohibit shared variables– p||q < p;q– p ; (q||q’) < (p;q)||q’ etc.– the wrong way round!
• Let’s postpone this problem
![Page 23: Tracelets : a Model for the Laws of Concurrent Programming](https://reader035.vdocument.in/reader035/viewer/2022062323/56816766550346895ddc48a5/html5/thumbnails/23.jpg)
A command
• is modelled by the set of tracelets of all its possible executions in all its possible environments.
• = { { } }• x := 3 = { p | ‘x :=3’ є labels(p)}• x := y = { p | n. {‘x:= n’, ‘y = n’} labels(p)}
![Page 24: Tracelets : a Model for the Laws of Concurrent Programming](https://reader035.vdocument.in/reader035/viewer/2022062323/56816766550346895ddc48a5/html5/thumbnails/24.jpg)
Let P, Q, R, be commands
• P | Q = { (p|q)| p є P & q є Q }• P ; Q = { (p;q) | p є P & q є Q }• P \/ Q = { r | r є P or r є Q }• P Q = r . r є P => r є Q
All our theorems p => q also hold for P Q,– because every variable appears exactly once on
each side of the inequation.
![Page 25: Tracelets : a Model for the Laws of Concurrent Programming](https://reader035.vdocument.in/reader035/viewer/2022062323/56816766550346895ddc48a5/html5/thumbnails/25.jpg)
Separation
• Let L be the set of red arrows– they must not cross thread boundaries
• Blue arrows must cross thread boundaries• Black arrows may cross either boundaries.
• Definitions of ; and | must be changed to ensure these rules
![Page 26: Tracelets : a Model for the Laws of Concurrent Programming](https://reader035.vdocument.in/reader035/viewer/2022062323/56816766550346895ddc48a5/html5/thumbnails/26.jpg)
Dependency ordering
• Let e < f mean that there is a path of arrows from e to f .
• e <L f means the path consists of red arrows• p <L q means e --> f, for some e є p , f є q
![Page 27: Tracelets : a Model for the Laws of Concurrent Programming](https://reader035.vdocument.in/reader035/viewer/2022062323/56816766550346895ddc48a5/html5/thumbnails/27.jpg)
Interfaces of a tracelet p
• arrows(p) = s(p) u t(p)• ins(p) = t(p) - s(p)• outs(p) = s(p) - t(p)
– where s(p) = {d| source(d) є p} t(p) = {d| target(d) є p}
![Page 28: Tracelets : a Model for the Laws of Concurrent Programming](https://reader035.vdocument.in/reader035/viewer/2022062323/56816766550346895ddc48a5/html5/thumbnails/28.jpg)
In pictures…
outs
ins
![Page 29: Tracelets : a Model for the Laws of Concurrent Programming](https://reader035.vdocument.in/reader035/viewer/2022062323/56816766550346895ddc48a5/html5/thumbnails/29.jpg)
Separating ;
• p;q = p|q provided that not q < p & outs(p) L = ins(q) L
– outs(p;q) L = outs(q) L– ins(p;q) L = ins(p) L
• Theorem:; is associative and has unit
![Page 30: Tracelets : a Model for the Laws of Concurrent Programming](https://reader035.vdocument.in/reader035/viewer/2022062323/56816766550346895ddc48a5/html5/thumbnails/30.jpg)
Ok
is a set of tracelets that are always preferred – e.g., no overflow, no races, no divergence, etc.
• p => q means p = q or p is not defined or not q є ok
• є ok• p;q є ok = p є ok & q є ok
![Page 31: Tracelets : a Model for the Laws of Concurrent Programming](https://reader035.vdocument.in/reader035/viewer/2022062323/56816766550346895ddc48a5/html5/thumbnails/31.jpg)
Separating concurrency
• e < f = there is a path of red dependencies from e to f
• p*q є ok = p є ok & q є ok & not p < q & not q < p
• p*q = p|qif p*q є ok– because that’s the way it will be implemented!
![Page 32: Tracelets : a Model for the Laws of Concurrent Programming](https://reader035.vdocument.in/reader035/viewer/2022062323/56816766550346895ddc48a5/html5/thumbnails/32.jpg)
Lift to sets
• P => Q means p є P. p є ok => p є Q otherwise q є Q . not q є ok
& ins(q) = ins(p)