520 likes | 667 Views
Reduction: A Method of Proving Properties of Parallel Programs. By Richard J. Lipton Presented at the Second ACM Symposium of Principles of Programming Languages, Palo Alto, Calif. 1975. acq(this). X. j=bal. bal=j+n. Z. Y. rel(this). S 1. S 0. S 2. S 3. S 5. S 6. S 4. S 7.
E N D
Reduction: A Method of Proving Properties of Parallel Programs By Richard J. Lipton Presented at the Second ACM Symposium of Principles of Programming Languages, Palo Alto, Calif. 1975
acq(this) X j=bal bal=j+n Z Y rel(this) S1 S0 S2 S3 S5 S6 S4 S7 Motivation Prove that a Parallel Program does not halt
acq(this) X j=bal bal=j+n Z Y rel(this) S1 S0 S2 S3 S5 S6 S4 S7 X Y acq(this) bal=j+n rel(this) j=bal Z S0 T1 T2 T3 S5 T6 S4 S7 Motivation Prove that a Parallel Program does not halt
Goal • When proving that a system of processes has a given property it is often convenient to assume that a routine is atomic • The paper presents a reduction that preserves basic properties such as halting. • Thus correctness proofs of a system of processes can often be greatly simplified
X Y inc r Z S0 T1 T2 T3 S5 S4 S7 uninterruptible • A statement is atomic provided it is never interleaved with the rest of the program. • For instance: A statement might be the three actions: Assuming it is uninterruptible reduces it to the single action:
Reduction of P by R • Reduction of P by R is defined to be the parallel program obtained from P by reducing R to one uninterruptible action. • Notation: P/R • Two ways in which the reduced Q=P/R program is simpler than P: • Q has fewer actions than P • Assertions about Q are often simpler than assertions about P.
parbegin…parend • parbeginparend is to interleave the statements in some arbitrary order until no further execution is possible. • The statement of each form a distinct process
A computation • A computation is a sequence of statements such that is executed first, then is executed, and so on until the last statement is executed. Since an may be a compound statement, m>k is possible. • For example if is: then might be the statement or the statement or even “part” of these statements.
Indivisible statement • Notation: • We assume S has a single entry and a single exit. • The semantics of are: • In a given state of the parallel program, can execute provided in this state control is ready to enter S and after S is applied control has left S • In a given state of the parallel program, the effect of the applying provided it can execute, is the same as that of S. • The key to the definition of is that we can never apply it when we cannot fully complete its execution
P(a), V(a) • P(a) = • V(a) = • Without closing in brackets is it possible to “lose counts”. • Example: value of a can be 1 or 2.
When is a computation? • is a computation provided is a computation and can execute in the state that results after is executed.
a=0 a=0 a=0 B:V(a) B:V(a) A:P(a) B:V(a) A:P(a) S0 S0 S0 T1 T1 T1 T2 T2 T2 T3 T3 When is a computation? – cont. • Example:
Halt • Intuitively halt is like deadlock • Usually want to show that a program does not halt. • A program halts if there is some computation such that is not a computation for all statements f.
P/S halts iff P halts? • This is false. • Consider: • This program halts: Let both repeat’s execute their first P’s; then a=b=0 and the program has halted.
P/S halts iff P halts? – cont. • Now consider the following program P/S: • leaves both a and b fixed.
Why is the assertion false? • It is possible to enter S and not to ever be able to leave it. • This leads to one restriction on statement S: • (R1) If a statement S is ever entered, then it must be possible eventually to exit S.
Is (R1) enough? • No. • Consider: • The program halts. • Also, the statement satisfies (R1)
Is (R1) enough? – cont. • The program P/S is: • always sets y to 1. • This program does not halt.
Why is the assertion false? • This example fails to satisfy assertion because the effect and when separated and when together is not the same. • This observation leads to further restriction: • (R2) The effect of the statement in S when together and separated must be the same.
Right Mover b c c b b is right mover
Right Mover ACQ(l,t) c c ACQ(l,t)
Left Mover b c c b c is left mover
Left Mover b REL(l,t) REL(l,t) b
acq(this) X j=bal bal=j+n Z Y rel(this) S1 S0 S2 S3 S5 S6 S4 S7 Red thread holds lock Blue thread does not hold lock operation y does not access balance (assuming balance protected by lock) operations commute Right and Left Movers
acq(this) X j=bal bal=j+n Z Y rel(this) S1 S0 S2 S3 S5 S6 S4 S7 acq(this) X Y bal=j+n Z j=bal rel(this) S1 S0 S2 T3 S5 S6 S4 S7 Red thread holds lock after acquire operation x does not modify lock operations commute Right and Left Movers
acq(this) X j=bal bal=j+n Z Y rel(this) S1 S0 S2 S3 S5 S6 S4 S7 acq(this) X Y bal=j+n Z j=bal rel(this) S1 S0 S2 T3 S5 S6 S4 S7 X acq(this) Y bal=j+n Z j=bal rel(this) T1 S0 S2 T3 S5 S6 S4 S7 Right and Left Movers
acq(this) X j=bal bal=j+n Z Y rel(this) S1 S0 S2 S3 S5 S6 S4 S7 acq(this) X Y bal=j+n Z j=bal rel(this) S1 S0 S2 T3 S5 S6 S4 S7 X acq(this) Y bal=j+n Z j=bal rel(this) T1 S0 S2 T3 S5 S6 S4 S7 X Y acq(this) bal=j+n Z j=bal rel(this) T1 S0 T2 T3 S5 S6 S4 S7 Right and Left Movers
acq(this) X j=bal bal=j+n Z Y rel(this) S1 S0 S2 S3 S5 S6 S4 S7 acq(this) X Y bal=j+n Z j=bal rel(this) S1 S0 S2 T3 S5 S6 S4 S7 X acq(this) Y bal=j+n Z j=bal rel(this) T1 S0 S2 T3 S5 S6 S4 S7 X Y acq(this) bal=j+n Z j=bal rel(this) T1 S0 T2 T3 S5 S6 S4 S7 X Y acq(this) bal=j+n rel(this) j=bal Z S0 T1 T2 T3 S5 T6 S4 S7 Right and Left Movers
Right and left movers • f is a right mover provided • for any a computation where f and h lie in different processes, then is also a computation • The values of all the program variables in and are the same. • f is a left mover provided • For any a computation where h and g lie in different processes, then is also a computation • The values of all the program variables in and are the same.
PV parallel program • A program is a PV parallel program provided there is a distinguished subset of the program variables called semaphores with integer values such that they can be used only in either or .
D-reduction • Replacing with is a D-reduction provided, for some i, are right movers and are left movers ( is unconstrained) and each can always execute.
Theorem 1. In any PV parallel program all P(a)’s are right movers, and all V(a)’s are left movers. Theorem 2. Suppose that S is a D-reduction in P. Then P halts iff P/S halts.
Proof of Theorem 2 • If P/S halts then P halts • This is true because for every scheduling in which P/S halts, p halts since the same scheduling can be applied to it.
Proof of Theorem 2 • If P halts then P/Shalts • Proof outline: • Assume P halts • Let be a computation that halts in P. • Assume that • Construct a computation such that all the program variables agree after and are executed, and always occur atomically in . • Assume that there are no goto’s in
Proof of Theorem 2 • LEMMA 1. Suppose that is a computation in P with i>1. Then where no statement from the process of is in . • This follows because S has a single entry and no goto’s.
Proof of Theorem 2 • LEMMA 2. Suppose that is a computation that halts in P with i<n. Then where no statement from the process of is in . • This follows because: • If any f occurs in where f is in the process of then the first such f must be . • Assume that no such f is in . In control must be ready to enter ; therefore is a computation (because by definition D-reduction can always execute), which is a contradiction because halts.
A X C Z Y D S1 S0 S2 S3 S5 S6 S4 S7 Proof of Theorem 2 • If no is in then is already in the desired form. (let )
… S1 S1 S1 S1 S1 S0 S0 S0 S0 S2 S2 S2 S2 S2 S3 S3 S3 S3 S3 S5 S5 S5 S5 S6 S6 S6 S4 S4 S4 S4 S4 S7 S7 S7 Proof of Theorem 2 Thus suppose that some is in . By definition of D-reduction
Proof of Theorem 2 • This can be repeated to for the desired computation . Now is a computation where no is in any and and agree on all program variables. • If halts in P\S then the theorem is proved. • Assume that does not halt in P\S, and that is a computationin P\S. • Then is a computation in P, since and agree on all program variables. This is a contradiction.
Example 1 • By theorem 1 and 2, the aforementioned halts iff the following program halts:
Example 1 – cont. • Therefore Example 1 halts iff the following halts:
Example 1 – cont. • Once again theorem 1 and 2 can be applied; hence the aforementioned halts iff the following halts:
Example 1 – cont. • Therefore the aforementioned halts iff the following halts: • This program never halts! Thus Example 1 never halts
Example 2 • After applying theorem 1 and 2, Example 2 halts iff the following halts:
Example 2 – cont. • The effect of is to decrement a by 1 and increment b by 1. • The effect of is to decrement b by 1 and increment a by 1. • Thus a+b is conserved and is always equal to N.
Example 2 – cont. • can execute iff a>0 and can execute iff b>0. • Since a+b=N>0, it is not possible for the program to halt. • Hence Example 2 does not halt.
Conclusion • In a wide number of nontrivial instances reduction preserves important properties. • Reduction aids in correctness proof • Note theorem 2 proved that for every computation that halts in P there’s a computation that halts in P/S that agrees on all program variables. • Thus if S is a D-reduction the final states of P equal the final states of P/S • D-reduction then preserves any property that depends only on a program’s final state.