Applied Unified Ownership. Capabilities for Sharing Across Threads

Similar documents
Tackling Concurrency With STM. Mark Volkmann 10/22/09

Tackling Concurrency With STM

Persistent Data Structures and Managed References

Identity, State and Values

Plural and : Protocols in Practice. Jonathan Aldrich Workshop on Behavioral Types April School of Computer Science

Practical Affine Types and Typestate-Oriented Programming

+ Today. Lecture 26: Concurrency 3/31/14. n Reading. n Objectives. n Announcements. n P&C Section 7. n Race conditions.

Actors without Borders: Amnesty for Imprisoned State

Guaranteeing memory safety in Rust

Aaron Turon! Mozilla Research

Executive Summary. It is important for a Java Programmer to understand the power and limitations of concurrent programming in Java using threads.

A Transactional Model and Platform for Designing and Implementing Reactive Systems

Atomicity via Source-to-Source Translation

CSE332: Data Abstractions Lecture 23: Programming with Locks and Critical Sections. Tyler Robison Summer 2010

Manchester University Transactions for Scala

Nicholas Matsakis! Mozilla Research

Dealing with Issues for Interprocess Communication

Advances in Programming Languages

Typed Assembly Language for Implementing OS Kernels in SMP/Multi-Core Environments with Interrupts

objects

It turns out that races can be eliminated without sacrificing much in terms of performance or expressive power.

First-Class Synchronization Barriers. Franklyn Turbak Wellesley College

Reminder from last time

Advanced concurrent programming in Java Shared objects

RustBelt: Securing the Foundations of the Rust Programming Language

Design of Thread-Safe Classes

CSE 230. Concurrency: STM. Slides due to: Kathleen Fisher, Simon Peyton Jones, Satnam Singh, Don Stewart

The Java Memory Model

Grafting Functional Support on Top of an Imperative Language

Agenda. Designing Transactional Memory Systems. Why not obstruction-free? Why lock-based?

New Programming Abstractions for Concurrency in GCC 4.7. Torvald Riegel Red Hat 12/04/05

Clojure. A Dynamic Programming Language for the JVM. Rich Hickey

A Sophomoric Introduction to Shared-Memory Parallelism and Concurrency Lecture 5 Programming with Locks and Critical Sections

CMSC 330: Organization of Programming Languages. Ownership, References, and Lifetimes in Rust

High-level languages

Safe Dynamic Memory Management in Ada and SPARK

Concept of a process

Modular Reasoning about Aliasing using Permissions

Seminar on Languages for Scientific Computing Aachen, 6 Feb Navid Abbaszadeh.

Sharing Objects Ch. 3

Multi-core Parallelization in Clojure - a Case Study

Storage. Outline. Variables and Updating. Composite Variables. Storables Lifetime : Programming Languages. Course slides - Storage

CS527 Software Security

Summary: Open Questions:

Capabilities for Uniqueness and Borrowing

The New Java Technology Memory Model

Clojure Lisp for the Real #clojure

Process Management And Synchronization

Rely-Guarantee Protocols for Safe Interference over Shared Memory

3/25/14. Lecture 25: Concurrency. + Today. n Reading. n P&C Section 6. n Objectives. n Concurrency

Kotlin/Native concurrency model. nikolay

Thread-Local. Lecture 27: Concurrency 3. Dealing with the Rest. Immutable. Whenever possible, don t share resources

Stuart

From IMP to Java. Andreas Lochbihler. parts based on work by Gerwin Klein and Tobias Nipkow ETH Zurich

Software LEIC/LETI. Lecture 20

Hoare logic. A proof system for separation logic. Introduction. Separation logic

Concurrency in Object Oriented Programs 1. Object-Oriented Software Development COMP4001 CSE UNSW Sydney Lecturer: John Potter

Object-Oriented Design

Rust for C++ Programmers

Hybrid Static-Dynamic Analysis for Statically Bounded Region Serializability

Shared state model. April 3, / 29

Favoring Isolated Mutability The Actor Model of Concurrency. CSCI 5828: Foundations of Software Engineering Lecture 24 04/11/2012

Why you should take a look at

RCU. ò Walk through two system calls in some detail. ò Open and read. ò Too much code to cover all FS system calls. ò 3 Cases for a dentry:

Written Presentation: JoCaml, a Language for Concurrent Distributed and Mobile Programming

VFS, Continued. Don Porter CSE 506

Thread Safety. Review. Today o Confinement o Threadsafe datatypes Required reading. Concurrency Wrapper Collections

Ownership Transfer in Universe Types

Combining Concurrency Abstractions

Design Patterns. SE3A04 Tutorial. Jason Jaskolka

Agenda. Highlight issues with multi threaded programming Introduce thread synchronization primitives Introduce thread safe collections

An overview of Mezzo

Advanced MEIC. (Lesson #18)

Problems with Concurrency. February 19, 2014

Synchronization SPL/2010 SPL/20 1

A Deterministic Concurrent Language for Embedded Systems

Javarifier: inference of reference immutability

Concurrent ML. John Reppy January 21, University of Chicago

Advances in Programming Languages

Static Lock Capabilities for Deadlock-Freedom

Composition of State Machines

CSE 451: Operating Systems Winter Lecture 7 Synchronization. Steve Gribble. Synchronization. Threads cooperate in multithreaded programs

Compiler Construction

Outline. Java Models for variables Types and type checking, type safety Interpretation vs. compilation. Reasoning about code. CSCI 2600 Spring

CS558 Programming Languages

Program logics for relaxed consistency

CS558 Programming Languages

C++ Memory Model. Don t believe everything you read (from shared memory)

Races. Example. A race condi-on occurs when the computa-on result depends on scheduling (how threads are interleaved)

RCU in the Linux Kernel: One Decade Later

Programming Languages (PL)

Goal of Concurrency Control. Concurrency Control. Example. Solution 1. Solution 2. Solution 3

Subclass Gist Example: Chess Super Keyword Shadowing Overriding Why? L10 - Polymorphism and Abstract Classes The Four Principles of Object Oriented

Synchronising Threads

CS510 Advanced Topics in Concurrency. Jonathan Walpole

Lecture Overview. [Scott, chapter 7] [Sebesta, chapter 6]

Formal Verification Techniques for GPU Kernels Lecture 1

The Java Memory Model

Hoare Logic and Model Checking

CS558 Programming Languages

Transcription:

Applied Unified Ownership or Capabilities for Sharing Across Threads Elias Castegren Tobias Wrigstad

DRF transfer parallel programming AppliedUnified Ownership memory management placement in pools (previous talk) pool dependencies (previous talk) GC (coming up)

many forms of ownership many forms of uniqueness capabilities Applied Unified Ownership substructural types behavioural types regions effects read-only coordination lock-freedom

Ownership Variants dominators modifiers threads ombudsmen T 1 T 2 Uniqueness Variants Mix classical external local / refined ownership fractional permissions x y z or normal read-only disallowed

Static Control of Side-Effects regions effect systems Dynamic Control of Side-Effects active object isolation locks or transactions readers-writer lock A 1 A 2!! or!! normal read-only disallowed access read access

Capabilities Replaces References A capability is a token governing access to a particular resource >1 capability governs access to single resource = aliasing / sharing Capabilities control their own flow through a system Copy semantics : aliasing of resources Transfer semantics : linear access to resources Proliferation of ways in which resources are accessed Focus on interaction with objects shared across multiple threads of control

Hierarchy of Capabilities for (Non)Sharing Capability Exclusive Subordinate Shared Linear ThreadLocal Safe Unsafe Optimistic Pessimistic Oblivious Atomic Lock-Free Locked Actor Read-Only Immutable

Hierarchy of Capabilities for (Non)Sharing Capability Linear Exclusive Not shared between threads ThreadLocal Shared Shared between threads (maybe) Subordinate Coordinates concurrent Safe Unsafe accessed by design? Optimistic Pessimistic Oblivious Atomic Detect conflict Interleave Will not and roll back Lock-Free accesses Locked Actor change Read-Only Immutable

Hierarchy of Capabilities for (Non)Sharing Capability Exclusive Subordinate Shared Rep and Owner in Ownership Types Linear ThreadLocal Unique references Loci @Thread Safe Unsafe References & pointers Optimistic Pessimistic Oblivious Atomic Lock-Free Locked Actor Read-Only Immutable Clojure Ref Clojure Atom Fully sync d Java classes Active classes Const Value types

Exclusive Capabilities Denote objects exclusive to a thread x = y.f; // assign from x.bar(); // dereference y.f = this; // self type Linear Only one active/usable reference to an object at any point in the program Strong properties (see previous talk) Thread-Local All references to an object are only reachable from one thread Weaker, but simpler to program with

Shared Capabilities (1/2) Denote objects (that can be) shared across multiple threads Optimistic detect conflicts and roll back Atomic wrap operations in transactions x = y.f; // assign from x.bar(); // dereference y.f = this; // self type Lock-Free enforce a protocol that gives rise to exclusivity Pessimistic enforce interleaved accesses Locked Actor require (some kind of) lock to be acquired before access only allow asynchronous communication (object processes messages)

Shared Capabilities (2/2) Denote objects (that can be) shared across multiple threads Oblivious object cannot change, so sharing is safe (wrt DRF) Read-only Read-Only Immutable Immutable a reference that cannot be used to observe/trigger mutation a reference to an object that cannot change x = y.f; // assign from x.bar(); // dereference y.f = this; // self type

Misc. Capabilities Denote objects (that can be) shared across multiple threads Subordinate a reference to an object governed by another capability Inside exclusive or shared DRF Inside unsafe? Unsafe x = y.f; // assign from x.bar(); // dereference y.f = this; // self type Alt. 1: move coordination to use-site Alt. 2: escape hatch to allow data races

Polymorphic Concurrency Control [work in progress] Safe require DRF, don t care how it is achieved def summarise(es:[safe T]) : int let sum = 0 in { repeat i <- es sum += es[i].operation(); sum; } Safe Some interesting cases involving actors due to changing to async computations. Atomic Optimistic Pessimistic Oblivious Lock-Free Locked Actor Read-Only Immutable

Capability = Trait + Mode trait Add { require var first : Link; require var last : Link; def prepend(o:t) : void this.first = new Link(o, this.first); def append(o:t) : void this.last = new Link(o, null); } Linear Atomic Locked Read-Only Subordinate ThreadLocal Lock-Free Actor Immutable Unsafe? class List = Add +... { var first : Link; var last : Link; }

Capability = Trait + Mode trait Add { require var first : Link; require var last : Link; def prepend(o:t) : void this.first = new Link(o, this.first); def append(o:t) : void this.last = new Link(o, null); } Linear Atomic Locked Read-Only Subordinate ThreadLocal Lock-Free Actor Immutable Unsafe? class List = Add +... { var first : Link; var last : Link; }

Traits Assume Race-Freedom Every trait may safely assume race-freedom How it is achieved is controlled by its mode Extending trait reuse to concurrent & parallel programming Creating classes from the same set of traits with different modes Cf. ArrayList (unsafe/linear/local) vs. Vector (safe, possibly read-locked) in Java APIs Capability composition using and follow simple rules to exclude races

Classes are Built from Traits trait Add { require var first : Link; require var last : Link;... } trait Remove { require var first : Link; require var last : Link;... } OK! class List = Add Remove { var first : Link; var last : Link; }

Classes are Built from Traits trait Add { require var first : Link; require var last : Link;... } trait Remove { require var first : Link; require var last : Link;... } Rejected at compile-time class List = Add Remove { var first : Link; var last : Link; }

Classes are Built from Traits trait Left { require var left : Tree;... } trait Right { require var right : Tree;... } OK! class Tree = Left Right... { var left : Tree; var right : Tree;... }

Capability Composition and State Sharing ` ` h i T- COMPOSITION 2 ` K ` K 9 K K T- COMPOSITION may-alias(fd 1, Fd 2 ) =) =) ` K 1 ` K 2 9 k.k(k 1 K 2 ) 8 Fd 1 2 fields (K 1 ), Fd 2 2 fields (K 2 ). Fd 1 Fd 2 prevents indirect sharing ` K 1 K 2 Fd 1 Fd 2 (sharing fields across traits) C - DETERMINISTIC stable(t) val f : t val f : t C - VA L- VA L ` K 1 K 2 val f : K 1 val f : K 2 C - DISJOINT f 1 6= f 2 mod 1 f 1 : t 1 mod 2 f 2 : t 2 C - NONDETERMINISTIC safe(t) stable(t) val f : t val f : t C - VA R- VA L t 1 <: t 2 var f : t 1 val f : t 2 C - DISJUNCTION mod 1 f : t mod 2 f : t

Constructing A Type: Tree Example Individual traits (in this example linear), quite possibly too many Left Right Key Value Lookup class Tree = (Left Right Key Value) Lookup { } Possible to operate on left and right subtrees, key and value in parallel E.g., t : Tree allows a : Left + b : Right = t; Mediate between mutable (unaliased) and read-only (aliased) views (cf. fractional perms.) E.g., t : Tree allows a :!(Left Right Key Value) + b : Lookup = t; Jail

Co-Encapsulation class Tree<K> = (Left<K> Value<K>) Lookup<K> { } Exposing nested capabilities in type, allows top-level operations on them E.g. t : Tree<Person> where Person = Name Age allows l : Lookup<Person> tmp :!( ) = t; nl : Lookup<Name> al : Lookup<Age> = l; t = nl al tmp; Two forms of unpacking, depending on mode of co-encapsulating capability readonly Lookup<K> only external ops allowed by reverse borrowing class Tree<Person> = linear Lookup<Name> linear Lookup<Age> internal ops allowed

Unpacking and Packing (what I omitted on the previous slide) class List<T> = Take<T> Put<T> Look<T> { Link<T> first; } List<Pair> a; Must keep track of forgotten parts of type!![take<pair> Put<Pair>] j, Look<Pair> b = consume a; j.foo(); // rejected @ CT! Look<Pair> c = b; // rejected @ CT Look<Cell> d, e = consume b; finish { async { operate on d } async { operate on e } } Use jail to re-pack type b = d + e; a = b + j;

Structured (Scoped) Equivalent (logically desugars to the code on the previous slide) class List<T> = Take<T> Put<T> Look<T> { Link<T> first; } List<Pair> a; temporary unpacking finish(d, e : Look<Cell> = a) { async { operate on d } async { operate on e } } implicit repacking

Unpacking Composite Capabilities must not be linear Pair<A B> unpack Pair <A> Pair <B> unpack unpack Fst<A B> Snd<A B> unpack Fst <A> Fst <B> Snd <A> Snd <B>

[Arrays] and (Tuples) array of structures unpack & write-protect [A B] (A) (B) structures of arrays split split [A B] [A B] unpack & write-protect (A) (B) (A) (B)

Capabilities are Dominators Subordinate objects are dominated by the exclusive bridge

Encapsulation of State under Bridge Sh not part of aggregate Sh not part of aggregate Li Sh Li Li effectively part of the aggregate effectively part of the aggregate

Aliasing of Bridge Objects Li Th Pe Op Ob Un

DR(F) under Bridge only one thread has access interaction serialised Ex Pe racy Op Ob Un conflicts rolled-back no mutable state ( or require sync at use-site )

Identifiable (Non-)Determinism Pe Un Ex Deterministic Ob Op

Ownership & Synchronisation owners-as-dominators owners-as-coordinators full ownership model part of the aggregate Pe Pe Pe! Pe Pe Pe Pe not part of the aggregate Sh Sh enforces lock order all sharing immediate from code leaked internal pointers become synchronised works for all shared capabilities sharing less immediate in code no longer allowed

Ownership Variants dominators modifiers threads ombudsmen T 1 T 2 Uniqueness Variants Mix classical external local / refined ownership fractional permissions x y z or normal read-only disallowed

Ownership Variants dominators modifiers threads ombudsmen T 1 T 2 Subordinate Subordinate +! Thread Local Uniqueness Variants Mix classical external local / refined ownership fractional permissions x y z or Linear Oblivious Linear Linear Subordinate Linear

Static Control of Side-Effects normal regions effect systems immutability read-only disallowed access read access Dynamic Control of Side-Effects active object isolation locks or transactions readers-writer lock A 1 A 2!! or!!

Static Control of Side-Effects normal regions effect systems immutability read-only disallowed access capabilities Immutable read access Dynamic Control of Side-Effects active object isolation locks or transactions readers-writer lock A 1 A 2!! or!! Actor Locked Atomic Locked Oblivious

Thank you. Questions?

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback