1 / 21

Reduction Theorems for Proving Serializability with Application to RCU-Based Synchronization

Reduction Theorems for Proving Serializability with Application to RCU-Based Synchronization. Hagit Attiya Technion Work with Ramalingam and Rinetzky (POPL 2010 ) and work in progress with Maya Arbel. H. Sequential Reductions. Design and verify concurrent data structures

asha
Download Presentation

Reduction Theorems for Proving Serializability with Application to RCU-Based Synchronization

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Reduction Theorems for Proving Serializability with Application to RCU-Based Synchronization Hagit AttiyaTechnion Work with Ramalingam and Rinetzky (POPL 2010) and work in progress with Maya Arbel

  2. H Sequential Reductions Design and verify concurrent data structures E.g., linked list with hand-over-hand locking [Kedem & Sliberschatz ‘76] [Smadi ‘76] [Bayer & Scholnick ‘77] t2 t1 t1 t1 Dagstuhl, Feberuary 2013

  3. H Sequential Reductions Design and verify concurrent data structures E.g., linked list with hand-over-hand locking [Kedem & Sliberschatz ‘76] [Smadi ‘76] [Bayer & Scholnick ‘77] Consider only sequentialexecutions, but conclude that properties hold in allexecutions t2 t2 t1 t1 Dagstuhl, Feberuary 2013

  4. ~ ~ ~ ~ ~ ~ ~ ~ ~ Serializability [Papadimitriou ‘79] interleaved execution operation Locally observed by threads complete non-interleaved execution Dagstuhl, Feberuary 2013

  5. Serializability YieldsSequential Reduction Concurrent code M A small subset of all executions How to check M is serializable, w/o considering all executions? If M is serializable, then a local property φ holds in all executions of M iffφ holds in all complete non-interleaved executions Easily derived from [Papadimitriou ‘79] Dagstuhl, Feberuary 2013

  6. Disciplined Programming with Locks Locking protocol ensures conflictserializability • two-phase locking (2PL), tree locking (TL), (dynamic) DAG locking Verify that M followsa locallocking protocols • Depending only on thread’s local variables & global variables locked by it • Not a centralized concurrency control monitor! Local property of an execution holds in every execution indistinguishablefrom it Dagstuhl, Feberuary 2013

  7. Reduction Theorem: Easy Step complete non-interleaved executions of M A local conflict serializable locking policy is respected in all executions iff it is respected in all non-interleaved executions A local property holds in all executions iff it holds in all non-interleaved executions Dagstuhl, Feberuary 2013

  8. Reduction to non-interleaved executions: Proof idea σ is the shortest execution that does not follow LP • σ’ follows LP, guarantees conflict-serializability (t,e) σ σ’ Dagstuhl, Feberuary 2013

  9. σ’ni σ’ Reduction to non-interleaved executions: Proof idea σ is the shortest execution that does not follow LP • σ’ follows LP, guarantees conflict-serializability •  non-interleaved execution σ’ni“indistinguishable” from σ’ (t,e) σ Dagstuhl, Feberuary 2013

  10. σ’ (t,e) Reduction to non-interleaved executions: Proof idea σ is the shortest execution that does not follow LP • σ’ follows LP, guarantees conflict-serializability •  non-interleaved execution σ’ni“indistinguishable” from σ’ •  non-interleaved execution “indistinguishable” from σ’ where LP is violated (t,e) σ σni Dagstuhl, Feberuary 2013

  11. Further Reduction Almost-complete non-interleaved executions Need to argue about termination A local conflict serializable locking policy is respected in all executions iff it is respected in all almost-complete non-interleaved executions Dagstuhl, Feberuary 2013

  12. Acni-reduction: Proof ideas Start from a ni-execution (use previous reduction) Create its equivalent completion, if possible Not always possible, e.g., Does not access variables accessed by later threads v t1:lock(v), t1:lock(u), t2:lock(u) u Dagstuhl, Feberuary 2013

  13. Read-Copy-Update (RCU) Allows read-only operations (transactions) to read data, even when locked for updates Update operations (transactions) synchronize with each other using locks, and with read-only operations using synchronize_rcu RCU usage in the Linux kernel(from Paul McKenney) Dagstuhl, Feberuary 2013

  14. RCU-Based Synchronization WORK IN PROGRESS Not well-understood, especially when there are concurrent update operations  RCU-based scan of a list concurrently with two updates yields an inconsistent view • Consistency of two reads contains on a sorted list has one critical read Dagstuhl, Feberuary 2013

  15. H Wait-Free “Contains” [Heller, Herlihy, Luchangco, Moir, Scherer, Shavit, OPODIS 2005] • Wait-free search operation reads the list unprotected (regardless of locks)… • Lazy write operations start locking only after finding the relevant item t1 t1 Dagstuhl, Feberuary 2013

  16. Principled RCU-Based Synchronization WORK IN PROGRESS RCU-based linked list similar to pessimistic / optimistic / lazy list, which has been verified [Vafeiadis, Herlihy, Hoare, Shapiro, PPoPP 2006] But proof is not simple & what about other data structures, like search trees? Dagstuhl, Feberuary 2013

  17. Our Approach WORK IN PROGRESS • Apply sequential reduction to the sub-execution with only update operations • Read-only transactions do not modify the data • Pessimistic list follows dynamic tree locking • Prove structural properties / sortednessin almost-complete non-interleaved executions (easy) Dagstuhl, Feberuary 2013

  18. Our Approach WORK IN PROGRESS • Then superimposeindividual steps of the read-only operations onto the almost-complete non-interleaved executions • Complete the proof by focusing on the single critical read Dagstuhl, Feberuary 2013

  19. What’s Now? Concurrent updates in search trees  RCU-based balanced search trees, but they • Pessimisticallydisallow concurrent updates, using a big lock (Bonsai) [Clements, Kaashoek, Zeldovich, ASPLOS 2012] • Optimisticallyavoid concurrent updates, using TM (Red/black trees) [Howard, Walpole 2011?] Dagstuhl, Feberuary 2013

  20. What’s Now? • Handle optimistic / lazy hand-over-hand locking, by extending the reduction to • Shared (read) locks • Initial failure and retry • Speculative “contains” beginning the update Dagstuhl, Feberuary 2013

  21. Teaching Help… • EranYahav and I are planning a seminar on papers in the intersection of PL and DC • Please offer suggestions… • Don’t be shy about your own work. • You are also welcome to come and give a talk… Dagstuhl, Feberuary 2013

More Related