Understandable Concurrency

Similar documents
Concurrent Semantics without the Notions of State or State Transitions

Concurrency Demands New Foundations for Computing

Making Concurrency Mainstream

Concurrent Models of Computation

The Problem With Threads

fakultät für informatik informatik 12 technische universität dortmund Specifications Peter Marwedel TU Dortmund, Informatik /11/15

Concurrent Models of Computation

Specifications and Modeling

Disciplined Concurrent Models of Computation for Parallel Software

EE382N.23: Embedded System Design and Modeling

Component Architectures for Time-Sensitive Systems Part 1

The Problem with Treads

Models of computation

EE382V: Embedded System Design and Modeling

Hardware Software Codesign

Concurrent Models of Computation

The Problem with Threads

EC-821 Advanced Embedded Systems (3+0)

Building Unreliable Systems out of Reliable Components: The Real Time Story

Lecture 2: Models of Computation

Introduction to Embedded Systems

Hybrid System Modeling: Operational Semantics Issues

Actor-Oriented Design: Concurrent Models as Programs

Concurrent Models of Computation

Embedded Tutorial CPS Foundations

The Future of the Ptolemy Project

Synchronising Threads

Operating Systems. Lecture 4 - Concurrency and Synchronization. Master of Computer Science PUF - Hồ Chí Minh 2016/2017

Introducing Shared-Memory Concurrency

Imperative model of computation

Concurrent Component Patterns, Models of Computation, and Types

Advanced Tool Architectures. Edited and Presented by Edward A. Lee, Co-PI UC Berkeley. Tool Projects. Chess Review May 10, 2004 Berkeley, CA

Chapter 6: Process Synchronization

CSE 374 Programming Concepts & Tools

CSE 486/586 Distributed Systems

Actor-Oriented Design and The Ptolemy II framework

Overview of the Ptolemy Project

High Performance Computing Course Notes Shared Memory Parallel Programming

Synchronization Lecture 24 Fall 2018

Symmetric Multiprocessors: Synchronization and Sequential Consistency

PROCESS SYNCHRONIZATION

EECE.4810/EECE.5730: Operating Systems Spring 2017 Homework 2 Solution

Implementation of Process Networks in Java

Synchronization II: EventBarrier, Monitor, and a Semaphore. COMPSCI210 Recitation 4th Mar 2013 Vamsi Thummala

CS 450 Exam 2 Mon. 4/11/2016

CS 455: INTRODUCTION TO DISTRIBUTED SYSTEMS [THREADS] Frequently asked questions from the previous class survey

CS510 Advanced Topics in Concurrency. Jonathan Walpole

Performance Throughput Utilization of system resources

Overview. CMSC 330: Organization of Programming Languages. Concurrency. Multiprocessors. Processes vs. Threads. Computation Abstractions

CS 153 Design of Operating Systems Winter 2016

Modal Models in Ptolemy

Reminder from last time

Edward Lee: Concurrency demands new foundations for computing

CS 2112 Lecture 20 Synchronization 5 April 2012 Lecturer: Andrew Myers

Last Class: Synchronization

CS4411 Intro. to Operating Systems Exam 1 Fall points 10 pages

CS 162 Operating Systems and Systems Programming Professor: Anthony D. Joseph Spring Lecture 8: Semaphores, Monitors, & Condition Variables

JAVA CONCURRENCY FRAMEWORK. Kaushik Kanetkar

Models of concurrency & synchronization algorithms

Future Directions. Edward A. Lee. Berkeley, CA May 12, A New Computational Platform: Ubiquitous Networked Embedded Systems. actuate.

CIS Operating Systems Synchronization based on Busy Waiting. Professor Qiang Zeng Spring 2018

Concurrent programming is difficult,1 yet many

Specifications and Modeling

Implementing Mutual Exclusion. Sarah Diesburg Operating Systems CS 3430

Real-Time and Concurrent Programming Lecture 4 (F4): Monitors: synchronized, wait and notify

CS 471 Operating Systems. Yue Cheng. George Mason University Fall 2017

Temporal Semantics in Concurrent and Distributed Software

Synchronization. Announcements. Concurrent Programs. Race Conditions. Race Conditions 11/9/17. Purpose of this lecture. A8 released today, Due: 11/21

Concept of a process

Concurrency & Parallelism. Threads, Concurrency, and Parallelism. Multicore Processors 11/7/17

Chapter 13. Concurrency ISBN

Component-Based Design of Embedded Control Systems

CSE 451: Operating Systems Winter Lecture 7 Synchronization. Steve Gribble. Synchronization. Threads cooperate in multithreaded programs

Introduction to Embedded Systems

Threads, Concurrency, and Parallelism

Deadlock and Monitors. CS439: Principles of Computer Systems September 24, 2018

CS61B, Spring 2003 Discussion #17 Amir Kamil UC Berkeley 5/12/03

Synchronization I. Jo, Heeseung

Results of prelim 2 on Piazza

Synchronization. CS61, Lecture 18. Prof. Stephen Chong November 3, 2011

Dealing with Issues for Interprocess Communication

Concurrency: a crash course

Midterm I October 12 th, 2005 CS162: Operating Systems and Systems Programming

Concurrent Models of Computation for Embedded Software

Need for synchronization: If threads comprise parts of our software systems, then they must communicate.

Concurrent Models of Computation

Advanced Tool Architectures

CSE 153 Design of Operating Systems

2.c Concurrency Mutual exclusion & synchronization mutexes. Unbounded buffer, 1 producer, N consumers

10/17/2011. Cooperating Processes. Synchronization 1. Example: Producer Consumer (3) Example

Parallelism Marco Serafini

Compositionality in system design: interfaces everywhere! UC Berkeley

CS 241 Honors Concurrent Data Structures

fakultät für informatik informatik 12 technische universität dortmund Data flow models Peter Marwedel TU Dortmund, Informatik /10/08

Embedded Software from Concurrent Component Models

COMP 3361: Operating Systems 1 Final Exam Winter 2009

Chapter Machine instruction level 2. High-level language statement level 3. Unit level 4. Program level

Operating Systems (234123) Spring (Homework 3 Wet) Homework 3 Wet

CS 31: Introduction to Computer Systems : Threads & Synchronization April 16-18, 2019

Concurrency, Thread. Dongkun Shin, SKKU

Transcription:

Edward A. Lee Professor, Chair of EE, and Associate Chair of EECS Director, CHESS: Center for Hybrid and Embedded Software Systems Director, Ptolemy Project UC Berkeley Chess Review November 21, 2005 Berkeley, CA

What would it take to make reliable concurrent software? The standard concurrency model, based on: threads, semaphores, and mutual exclusion locks results in programs that are incomprehensible to humans. These methods date to the 1960 s [Dijkstra]. Tauntingly simple rules (e.g. always grab locks in the same order [Lea]) are impossible to apply in practice. Formal methods can expose flaws, but cannot make programs understandable. Lee, Chess Review 2

Red Herrings Training programmers to use threads. Software engineering process improvements. Attention to non-functional properties. Design patterns. Quality of service. None of these deliver a rigorous, analyzable, and understandable model of concurrency. Lee, Chess Review 3

Problems with Threads: Example: Simple Observer Pattern public void addlistener(listener) { public void setvalue(newvalue) { myvalue = newvalue; for (int i = 0; i < mylisteners.length; i++) { mylisteners[i].valuechanged(newvalue) Thanks to Mark S. Miller, HP Labs, for the details of this example. What s wrong with this (in a multithreaded context)? Lee, Chess Review 4

Example: Simple Observer Pattern With Mutual Exclusion (Mutexes) using Monitors public synchronized void addlistener(listener) { public synchronized void setvalue(newvalue) { myvalue = newvalue; for (int i = 0; i < mylisteners.length; i++) { mylisteners[i].valuechanged(newvalue) Javasoft recommends against this. What s wrong with it? Lee, Chess Review 5

Mutexes using Monitors are Minefields public synchronized void addlistener(listener) { public synchronized void setvalue(newvalue) { myvalue = newvalue; for (int i = 0; i < mylisteners.length; i++) { mylisteners[i].valuechanged(newvalue) valuechanged() may attempt to acquire a lock on some other object and stall. If the holder of that lock calls addlistener(), deadlock! Lee, Chess Review 6

We made exactly this mistake when a code review identified exactly this concurrency flaw in Ptolemy II. exactly Understandable this Concurrency concurrency flaw in Ptolemy II. Lee, Chess Review 7

Simple Observer Pattern Becomes Not So Simple public synchronized void addlistener(listener) { public void setvalue(newvalue) { synchronized(this) { myvalue = newvalue; listeners = mylisteners.clone(); for (int i = 0; i < listeners.length; i++) { listeners[i].valuechanged(newvalue) This still isn t perfect. What s wrong with it? while holding lock, make copy of listeners to avoid race conditions notify each listener outside of synchronized block to avoid deadlock Lee, Chess Review 8

Simple Observer Pattern: Is it Even Possible to Make It Right? public synchronized void addlistener(listener) { public void setvalue(newvalue) { synchronized(this) { this.myvalue = newvalue; listeners = mylisteners.clone(); for (int i = 0; i < listeners.length; i++) { listeners[i].valuechanged(newvalue) Suppose two threads call setvalue(). One of them will set the value last, leaving that value in the object, but listeners may be notified in the opposite order. The listeners may be alerted to the value changes in the wrong order! Lee, Chess Review 9

This is Ridiculous One of the simplest, textbook design patterns, commonly used throughout concurrent programs, becomes a potential Masters Thesis! Lee, Chess Review 10

and it Still Gets Worse /** CrossRefList is a list that maintains pointers to other CrossRefLists. @author Geroncio Galicia, Contributor: Edward A. Lee @version $Id: CrossRefList.java,v 1.78 2004/04/29 14:50:00 eal Exp $ @since Ptolemy II 0.2 @Pt.ProposedRating Green (eal) @Pt.AcceptedRating Green (bart) */ public final class CrossRefList implements Serializable { protected class CrossRef implements Serializable{ // NOTE: It is essential that this method not be // synchronized, since it is called by _farcontainer(), // which is. Having it synchronized can lead to // deadlock. Fortunately, it is an atomic action, // so it need not be synchronized. private Object _nearcontainer() { return _container; private synchronized Object _farcontainer() { if (_far!= null) return _far._nearcontainer(); else return null; Code that had been in use for four years, central to Ptolemy II, with an extensive test suite (100% code coverage), design reviewed to yellow, then code reviewed to green in 2000, causes a deadlock during a demo on April 26, 2004. Lee, Chess Review 11

and Doubts Remain /** CrossRefList is a list that maintains pointers to other CrossRefLists. @author Geroncio Galicia, Contributor: Edward A. Lee @version $Id: CrossRefList.java,v 1.78 2004/04/29 14:50:00 eal Exp $ @since Ptolemy II 0.2 @Pt.ProposedRating Green (eal) @Pt.AcceptedRating Green (bart) */ public final class CrossRefList implements Serializable { protected class CrossRef implements Serializable{ private synchronized void _dissociate() { _unlink(); // Remove this. // NOTE: Deadlock risk here! If _far is waiting // on a lock to this CrossRef, then we will get // deadlock. However, this will only happen if // we have two threads simultaneously modifying a // model. At the moment (4/29/04), we have no // mechanism for doing that without first // acquiring write permission the workspace(). // Two threads cannot simultaneously hold that // write access. if (_far!= null) _far._unlink(); // Remove far Safety of this code depends on policies maintained by entirely unconnected classes. The language and synchronization mechanisms provide no way to talk about these systemwide properties. Lee, Chess Review 12

Nontrivial software written with threads, semaphores, and mutexes cannot and should not be trusted! Lee, Chess Review 13

Stronger Synchronization Properties are Delivered by the Rendezvous MoC Model of computation: Processes communicating via rendezvous. Conditional rendezvous marries one of the input processes with the output process. Deadlock is provably avoided Multiway rendezvous requires both consumer processes to be ready to consume. This is a generalization of CSP with multiway and conditional rendezvous, again implemented in a coordination language with a visual syntax. Observer sees values at the same time as the Value Consumer Lee, Chess Review 14

Observer Pattern in Process Networks is Trivial, as it Should Be! Model of computation: Processes communicating via unbounded FIFO queues. Explicit nondeterminism (vs. unexpressed race condition) Deadlock is provably avoided You can think of this as a generalization of Unix Pipes implemented in a Coordination Language with a Visual Syntax. Observer sees values in the same order as the Value Consumer Lee, Chess Review 15

The Lee Principle of Nondeterminism Deterministic behavior should be accomplished with deterministic mechanisms. Only nondeterministic behavior should use nondeterministic mechanisms. This rules out using threads for almost any deterministic behavior! Lee, Chess Review 16

Actor-Oriented Approached Don t Guarantee Good Design The two models at the right implement the same function, but the upper one uses subtle and complex nondeterministic mechanisms, while the one at the bottom uses simple and direct deterministic mechanisms. Lee, Chess Review 17

Make Easy Concurrency Properties Easy, so We Can Focus on the Harder Ones Timing Controlled nondeterminacy Consistency in distributed programs Simultaneity Fairness Lee, Chess Review 18

Example: Coordinating Timing of Independent Processes Lee, Chess Review 19

These Techniques are Examples of a Family of Concurrent Component Technologies The old: Object-oriented: class name data methods What flows through an object is sequential control call return Things happen to objects The new: Actor oriented: actor name data (state) parameters ports Actors make things happen What flows through an object is streams of data Input data Output data Lee, Chess Review 20

Useful Actor-Oriented Models of Computation Synchronous/reactive (SCADE, Esterel, Statecharts, ) Time triggered (Giotto, Simulink, ) Dataflow (Labview, SPW, ) Discrete events (VHDL, Verilog, Opnet, Visualsense, ) Distributed discrete-events (Croquet, Time Warp, ) Continuous time (Simulink, ) Hybrid systems (HyVisual, Charon, ) Event triggered (xgiotto, nesc/tinyos, ) None of these have threads! Lee, Chess Review 21

Conclusion The time is right to create a 21-st century technology for concurrent computing. Lee, Chess Review 22

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback