Precise and Sound Automatic Fence Insertion Procedure under PSO

(1)

NETYS’15|Morocco

Precise and Sound Automatic Fence

Insertion Procedure under PSO

1 1

Mohamed Faouzi Atig

Parosh Aziz Abdulla

Tuan Phong Ngo

(2)

Concurrent Programs

•

Write to/read from

shared

memory

•

Sequential consistency

(SC)

• Interleaving operations

P1

P2

y

x

write read

(3)

Safe program under SC

Process 1 1. x = 1; 2. done = 1; 3. Process 2 1. if (done) { 2. if (x==0) 3. print ERROR; 4. } x=0 done=0 Shared memory

(4)

Safe program under SC

x=0 done=0 Shared memory

1

Process 1 1. x = 1; 2. done = 1; 3. Process 2 1. if (done) { 2. if (x==0) 3. print ERROR; 4. }

(5)

Safe program under SC

x=1 done=0 Shared memory

2

1

Process 1 1. x = 1; 2. done = 1; 3. Process 2 1. if (done) { 2. if (x==0) 3. print ERROR; 4. } w(x,1)

(6)

Safe program under SC

x=1 done=1 Shared memory

3

1

Process 1 1. x = 1; 2. done = 1; 3. Process 2 1. if (done) { 2. if (x==0) 3. print ERROR; 4. } w(done,1)

(7)

Safe program under SC

3

2

Process 1 1. x = 1; 2. done = 1; 3. Process 2 1. if (done) { 2. if (x==0) 3. print ERROR; 4. } r(done,1)

(8)

Safe program under SC

3

4

Process 1 1. x = 1; 2. done = 1; 3. Process 2 1. if (done) { 2. if (x==0) 3. print ERROR; 4. } r(x,1) 3.

(9)

x y

y x

Weak Memory Models

•

Modern architectures:

• Caches and buffers: performance

• Described by weak memory models

•

Partial Store Ordering (

PSO

):

• Buffer per variable

P1

P2

x

(10)

Potentially Unsafe Behaviours

Shared memory Init: x=0 done=0

1

x x done done

x=0

done=0

(11)

Potentially Unsafe Behaviours

Init: x=0 done=0

2

1

x x done done 1 Buffer write Shared memory

x=0

done=0

w(x,1)

(12)

1

Potentially Unsafe Behaviours

Init: x=0 done=0

3

1

x x done done 1 1 Shared memory

x=0

done=0

w(done,1)

(13)

Shared memory

x=0

done=1

1

Potentially Unsafe Behaviours

Init: x=0 done=0

3

1

x x done done 1

mem

update

1 Memory update Process 1 1. x = 1; 2. done = 1; 3. Process 2 1. if (done) { 2. if (x==0) 3. print ERROR; 4. }

ₒ

(14)

Shared memory

x=0

done=1

1

Potentially Unsafe Behaviours

Init: x=0 done=0

3

2

x x done done 1

_r(done,1)

Read Process 1 1. x = 1; 2. done = 1; 3. Process 2 1. if (done) { 2. if (x==0) 3. print ERROR; 4. }

(15)

1

Potentially Unsafe Behaviours

Init: x=0 done=0

3

x x done done 1

r(x,0)

Shared memory

x=0

done=1

Process 1 1. x = 1; 2. done = 1; 3. Process 2 1. if (done) { 2. if (x==0) 3. print ERROR; 4. } 3.

(16)

4. 1. 2. 3.

Correctness Problem

• How to make program run correctly under PSO?

•

Insert memory fences

1. x = 1; 2. sfence; 3. done = 1; 4. sfence 4. 1. x = 1; 2. mfence; 3. done = 1; 4. mfence

(17)

Correctness Problem

• How to make program run correctly under PSO?

•

Insert memory fences

1. x = 1; 2. sfence; 3. done = 1; 4. sfence memory update to x BEFORE

memory update to done

4. 1. 2. 3.

(18)

1

Write-write Fence Semantics

Process 1 Init: x=0 done=0

2

1

x x done done 1 2. 3. Shared memory

x=0

done=0

Process 2 1. if (done) { 2. if (x==0) 3. print ERROR; 4. } 1. x = 1; 2. sfence; 3. done = 1; 4.

(19)

1 Init: x=0 done=0

3

1

x x done done 1

✪

sfence

sfence Process 1 2. 3. Process 2 1. if (done) { 2. if (x==0) 3. print ERROR; 4. } 1. x = 1; 2. sfence; 3. done = 1; 4. Shared memory

x=0

done=0

(20)

1 Init: x=0 done=0

4

1

x x done done 2. 3.

w(done,1)

1 Process 1 Process 2 1. if (done) { 2. if (x==0) 3. print ERROR; 4. } 1. x = 1; 2. sfence; 3. done = 1; 4. 1

✪

Shared memory

x=0

done=0

(21)

Process 1 Process 2 1. if (done) { 2. if (x==0) 3. print ERROR; 4. } 1. x = 1; 2. sfence; 3. done = 1; 4. 1 1 Init: x=0 done=0

4

1

x x done done

mem

update

1

✪

1 Shared memory

x=1

done=0

ₒ

(22)

Process 1 Process 2 1. if (done) { 2. if (x==0) 3. print ERROR; 4. } 1. x = 1; 2. sfence; 3. done = 1; 4. done=0 1 Init: x=0 done=0

4

1

x x done done

fence

update

fence

update

Fence update 1

✪

Shared memory

x=1

done=0

ₒ

(23)

1 Init: x=0 done=0

4

1

x x done done 1 Process 1 Process 2 1. if (done) { 2. if (x==0) 3. print ERROR; 4. } 1. x = 1; 2. sfence; 3. done = 1; 4. Shared memory

x=1

done=1

mem

update

ₒ

(24)

1 Init: x=0 done=0

4

2

x x done done Process 1 Process 2 1. if (done) { 2. if (x==0) 3. print ERROR; 4. } 1. x = 1; 2. sfence; 3. done = 1; 4. Shared memory

x=1

done=1

r(done,1)

(25)

1 Init: x=0 done=0

4

x x done done

r(x,1)

Process 1 Process 2 1. if (done) { 2. if (x==0) 3. print ERROR; 4. } 1. x = 1; 2. sfence; 3. done = 1; 4.4. Shared memory

x=1

done=1

(26)

Problem of Interest

• Given program P running correctly under SC

• Task:

Procedure

inserts fences in P:

•

P runs correctly wrt. safety properties under PSO

(27)

Challenges

•

Unbounded perfect FIFO buffers ☞ _{Turing power}

•

Unbounded lossy FIFO buffers (channels) ☞ _Decidable

•

How to simulate PSO by lossy channels?

•

Difficult: ✪ cannot be lost ☞ remove ✪?

(28)

Contributions

• A new semantics for PSO (

HSB

)

• Reachability algorithm for HSB:

sound

and

complete

• Automatic

minimal

fence insertion algorithm

• A

prototype

implemented within Memorax*

(29)

Hierarchy Single Buffer Semantics

P1

P2

x x done done Init: x=0 done=0

done=0

x=0

• Memory is

channel

:

•

element is memory snapshot

_done=0

(30)

done=0

x=0

Hierarchy Single Buffer Semantics

P1

P2

x x done done Init: x=0 done=0

done=0

x=0

• Memory is

channel

:

(31)

HSB execution Init: x=0 done=0

1

x x done done

Hierarchy Single Buffer Semantics

z1 z2 Process 1 Process 2 1. if (done) { 2. if (x==0) 3. print ERROR; 4. } 1. x = 1; 2. sfence; 3. done = 1; 4.

done=0

x=0

(32)

2

1

x x done done 1

w(x,1)

Buffer

write

Hierarchy Single Buffer Semantics

z1 z2 Process 1 Process 2 1. if (done) { 2. if (x==0) 3. print ERROR; 4. } 1. x = 1; 2. sfence; 3. done = 1; 4.

done=0

x=0

(33)

Hierarchy Single Buffer Semantics

2

1

x x done done 1

s(x,1)

Serialise Process 1 Process 2 1. if (done) { 2. if (x==0) 3. print ERROR; 4. } 1. x = 1; 2. sfence; 3. done = 1; 4.

done=0

x=0

z1 z2

done=0

x=1

ₒ

(34)

3

1

x x done done

empty?

empty

sfence

Hierarchy Single Buffer Semantics

Process 1 Process 2 1. if (done) { 2. if (x==0) 3. print ERROR; 4. } 1. x = 1; 2. sfence; 3. done = 1; 4.

done=0

x=0

z1 z2

done=0

x=1

(35)

3

4

x x done done

r(done,0)

Hierarchy Single Buffer Semantics

Read Process 1 Process 2 1. if (done) { 2. if (x==0) 3. print ERROR; 4. } 1. x = 1; 2. sfence; 3. done = 1; 4.

done=0

x=0

z1 z2

done=0

x=1

4.

(36)

PSO vs HSB Reachability Problems

Reachability problems under PSO and HSB are equivalent.

Theorem 1:

Reachability problem under HSB is decidable.

Theorem 2: “Extended”

(37)

Experimental Results

Program #P Memorax Remmex Musketeer

#F #T #F #T #F #T SimDek 2 2 1.0 2 2.2 6 1.0 Dekker 2 4 2.2 4 4.8 10 1.0 LamBak 2 6 1253.7 6 9.3 8 1.0 Dijkstra 2 2 5.0 2 5.5 8 1.0 LamFast2 2 6 241.6 6 12.9 12 1.0 Peterson 2 4 4.1 4 7.6 6 1.0 Burns 2 2 1.0 2 4.2 6 1.0 IncSeq 2 0 1.0 0 104.3 0 1.0 Szymanski 2 3 3.3 3 5.8 10 1.0 AltBit 2 0 49.4 0 2.2 4 1.0 CLHQLock 2 _• OM 0 3.1 _• TO TaskSched 2 0 153.2 0 3.0 0 1.0 Pgsql 2 3 5.4 3 22.82 4 1.0 TickSLock 2 0 24.5 0 5.03 2 1.0 RevBarrier 2 0 2.4 0 1.5 4 1.0 SpinLock 2 0 1.0 0 1.4 1 1.0

(38)

Experimental Results

Fastest BUT

redundant fences

(39)

Experimental Results

Same fences

(40)

Experimental Results

Memorax better

(41)

Experimental Results

Remmex better

(42)

Conclusion

• Sound

and

complete

PSO reachability solution

• Automatic fence insertion algorithm

(43)

Thank you!

Question?

(44)

(45)

1

Fence Instructions - mfence

Process 1 1. x = 1; 2. //fence 3. done = 1; 1. if (done) { 2. if (x==0) 3. ERROR; 4. } Process 2 PSO execution

Safety: not (ERROR)

Init: x=0 done=0

2

1

x x done done 1 2. 3. Full fence

[Linden et al, TACAS’13]

mfence;

Shared memory

x=0

(46)

1

Fence Instructions - mfence

Process 1 1. x = 1; 2. //fence 3. done = 1; 1. if (done) { 2. if (x==0) 3. ERROR; 4. } Process 2 PSO execution

Init: x=0 done=0

2

1

mfence;

Shared memory

x=0

(47)

Shared memory

x=0

done=0

1

Fence Instructions - mfence

Process 1 1. if (done) { 2. if (x==0) 3. ERROR; 4. } Process 2 PSO execution

Init: x=0 done=0

2

1 empty?

empty?

mfence

1. x = 1;

2. //fence

(48)

Shared memory

1

Fence Instructions - mfence

Init: x=0 done=0

2

1 mem

update

x=1

done=0

1. x = 1; 2. //fence 3. done = 1;mfence;

(49)

Shared memory

x=1

done=0

1

Fence Instructions - mfence

Init: x=0 done=0

3

1

x x done done 2. 3. Full fence

empty?

empty

1. x = 1;

2. //fence

(50)

Process 1 1. x = 1; 2. sfence; 3. done = 1; 1. if (done) { 2. if (x==0) 3. ERROR; 4. } Process 2 HSB execution

Init: x=0 done=0

2

1

x x done done Channel mfence;

Hierarchy Single Buffer Semantics

x=1,d=0,

V=x,P=1

x=0,d=0,

V=,P=

(51)

Process 1 1. x = 1; 2. sfence; 3. done = 1; 1. if (done) { 2. if (x==0) 3. ERROR; 4. } Process 2 HSB execution

Init: x=0 done=0

2

1 Hierarchy Single Buffer Semantics

x=1,d=0,

V=x,P=1

x=0,d=0,

V=,P=

(52)

Init: x=0 done=0

2

1 empty?

empty?

Hierarchy Single Buffer Semantics

mfence

x=1,d=0,

V=x,P=1

x=0,d=0,

V=,P=

z1 z2

z1

here?

(53)

Init: x=0 done=0

2

1 update

Hierarchy Single Buffer Semantics

Pointer update

x=1,d=0,

V=x,P=1

x=0,d=0,

V=,P=

z1 z2

(54)

Init: x=0 done=0

3

1 empty?

empty

Hierarchy Single Buffer Semantics

x=1,d=0,

V=x,P=1

x=0,d=0,

V=,P=

z1 z2

z1

here

(55)

Init: x=0 done=0

3

4 r(done,0)

Hierarchy Single Buffer Semantics

Read

x=1,d=0,

V=x,P=1

x=0,d=0,

V=,P=

z1 z2

(56)

Well-structured Transition System

• Well-quasi order

⊑

☞

this talk

• HSB:

effectively monotonic

wrt.

⊑

(57)

Well-quasi Order and Subword

Well-quasi order ⊑ Subword relation is a subword of

_{aaabbcbabcaabc}

aabbcab

c1 c2 … ci … cj … cn

∃

i<j:

ci

⊑

cj

…

a

aa

b

c

b

ab

ca

a

b

c

(58)

WQO for HSB Configurations

z1 z2 x=0,d=0, V=*,P=* x=1,d=0, V=x,P=1 x=0,d=5, V=d,P=1 x=0,d=0, V=d,P=1

2

3

x y x y 1 2 3 6 3 7 4 Configuration c2

2

3

x y x y 1 4 2 3 Configuration c1 z1 z2 x=0,d=0, V=*,P=* x=1,d=0, V=x,P=1 x=0,d=5, V=d,P=1

c1

⊑

c2

(59)

2

3

2

3 WQO for HSB Configurations

c1

⊑

c2

(60)

2

3

2

3 WQO for HSB Configurations

c1

⊑

c2

(61)

2

3

2

3 WQO for HSB Configurations

c1

⊑

c2

(62)

2

3

2

3 WQO for HSB Configurations

c1

⊑

c2

Active part

(63)

2

3

2

3 WQO for HSB Configurations

c1

⊑

c2

(64)

WQO for HSB Configurations

c1

⊑

c2

c1

c2

2

3

x y x y 1 4 2 3 4

2

3

x y x y 1 2 3 6 7 4 Active part of P1 Active part of P1 z1 z2 x=0,d=0, V=*,P=* x=1,d=0, V=x,P=1 z1 z2 x=0,d=0, V=*,P=* x=1,d=0, V=x,P=1 x=0,d=5, V=d,P=1 x=0,d=0, V=d,P=1

(65)

WQO for HSB Configurations

c1

⊑

c2

c1

c2

2

3

x y x y 1 4 2 3 4

2

3

x y x y 1 2 3 6

The same newest element written by P1

for variable done

in P1’s active parts 7 4 Active part of P1 Active part of P1 z1 z2 x=0,d=0, V=*,P=* x=1,d=0, V=x,P=1 z1 z2 x=0,d=0, V=*,P=* x=1,d=0, V=x,P=1 x=0,d=5, V=d,P=1 x=0,d=0, V=d,P=1

(66)

WQO for HSB Configurations

c1

⊑

c2

c1

c2

2

3

x y x y 1 4 2 3 4

2

3

x y x y 1 2 3 6

The same newest element written by P1 for variable x in P1’s active parts 7 4 Active part of P1 Active part of P1 z1 z2 x=0,d=0, V=*,P=* x=1,d=0, V=x,P=1 z1 z2 x=0,d=0, V=*,P=* x=1,d=0, V=x,P=1 x=0,d=5, V=d,P=1 x=0,d=0, V=d,P=1

(67)

WQO for HSB Configurations

c1

⊑

c2

c1

c2

2

3

x y z1 z2 x=0,d=0, V=*,P=* x=1,d=0, V=x,P=1 x y 1 4 2 3 4

2

3

x y x y 1 2 3 z1 z2 x=0,d=0, V=*,P=* x=1,d=0, V=x,P=1 x=0,d=5, V=d,P=1 x=0,d=0, V=d,P=1 6

The same newest element written by P2

for variable done

in P2’s active parts 7 4 Active part of P2 Active part of P2

(68)

WQO for HSB Configurations

c1

⊑

c2

c1

c2

2

3

x y x y 1 4 2 3 4

2

3

x y x y 1 2 3 6

The same newest element written by P2 for variable x in P2’s active parts 7 4 Active part of P2 Active part of P2 z1 z2 x=0,d=0, V=*,P=* x=1,d=0, V=x,P=1 z1 z2 x=0,d=0, V=*,P=* x=1,d=0, V=x,P=1 x=0,d=5, V=d,P=1 x=0,d=0, V=d,P=1