CDSSPEC: Checking Concurrent Data Structures Under the C...
Transcript of CDSSPEC: Checking Concurrent Data Structures Under the C...
![Page 1: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/1.jpg)
CDSSPEC: Checking Concurrent DataStructures Under the C/C++11 Memory
Model
Peizhao Ou and Brian Demsky
University of California, Irvine
Feb 6, 2017
![Page 2: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/2.jpg)
Programming Multi-core Systems
![Page 3: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/3.jpg)
Concurrent Data Structures with Atomics
![Page 4: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/4.jpg)
Concurrent Data Structure Correctness
![Page 5: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/5.jpg)
Concurrent Data Structure Correctness
![Page 6: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/6.jpg)
Linearizability Example
SomeQueue x, y; // Initially empty
// Thread 1 // Thread 2
x.enq(1); y.enq(2);r1=y.deq(); // → 2 r2=x.deq(); // → -1
![Page 7: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/7.jpg)
Linearizability Example
SomeQueue x, y; // Initially empty
// Thread 1 // Thread 2
x.enq(1); y.enq(2);r1=y.deq(); // → 2 r2=x.deq(); // → -1
x.enq(1)
y.enq(2)// T1
// T2x.deq()
y.deq()
![Page 8: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/8.jpg)
Linearizability Example
SomeQueue x, y; // Initially empty
// Thread 1 // Thread 2
x.enq(1); y.enq(2);r1=y.deq(); // → 2 r2=x.deq(); // → -1
x.enq(1)
y.enq(2)// T1
// T2x.deq()
y.deq()
![Page 9: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/9.jpg)
Linearizability Example
SomeQueue x, y; // Initially empty
// Thread 1 // Thread 2
x.enq(1); y.enq(2);r1=y.deq(); // → 2 r2=x.deq(); // → -1
x.enq(1)
y.enq(2)// T1
// T2x.deq()
y.deq()
y.enq(2)
![Page 10: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/10.jpg)
Linearizability Example
SomeQueue x, y; // Initially empty
// Thread 1 // Thread 2
x.enq(1); y.enq(2);r1=y.deq(); // → 2 r2=x.deq(); // → -1
x.enq(1)
y.enq(2)// T1
// T2x.deq()
y.deq()
y.enq(2) x.deq() → -1
![Page 11: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/11.jpg)
Linearizability Example
SomeQueue x, y; // Initially empty
// Thread 1 // Thread 2
x.enq(1); y.enq(2);r1=y.deq(); // → 2 r2=x.deq(); // → -1
x.enq(1)
y.enq(2)// T1
// T2x.deq()
y.deq()
y.enq(2) x.deq() → -1 x.enq(1)
![Page 12: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/12.jpg)
Linearizability Example
SomeQueue x, y; // Initially empty
// Thread 1 // Thread 2
x.enq(1); y.enq(2);r1=y.deq(); // → 2 r2=x.deq(); // → -1
x.enq(1)
y.enq(2)// T1
// T2x.deq()
y.deq()
y.enq(2) x.deq() → -1 x.enq(1) y.deq() → 2
![Page 13: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/13.jpg)
Linearizability Example
SomeQueue x, y; // Initially empty
// Thread 1 // Thread 2
x.enq(1); y.enq(2);r1=y.deq(); // → 2 r2=x.deq(); // → -1
x.enq(1)
y.enq(2)// T1
// T2x.deq()
y.deq()
y.enq(2) x.deq() → -1 x.enq(1) y.deq() → 2
![Page 14: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/14.jpg)
Linearizability Highlights
Analogy tosequential executions
Composability
![Page 15: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/15.jpg)
![Page 16: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/16.jpg)
C++11 SPSC Queue Example
struct Node {atomic<Node*> next;int data;
};
Head Tail
![Page 17: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/17.jpg)
C++11 SPSC Queue Example
struct Node {atomic<Node*> next;int data;
};
Head Tail
void enq(int val) { Node *n = new Node(val); Node *t = Tail.load(relaxed); t->next.store(n, release); Tail.store(n, relaxed);}
![Page 18: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/18.jpg)
C++11 SPSC Queue Example
void enq(int val) { Node *n = new Node(val); Node *t = Tail.load(relaxed); t->next.store(n, release); Tail.store(n, relaxed);}
struct Node {atomic<Node*> next;int data;
};
Head Tail
![Page 19: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/19.jpg)
C++11 SPSC Queue Example
void enq(int val) { Node *n = new Node(val); Node *t = Tail.load(relaxed); t->next.store(n, release); Tail.store(n, relaxed);}
struct Node {atomic<Node*> next;int data;
};
Head Tail
![Page 20: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/20.jpg)
C++11 SPSC Queue Example
void enq(int val) { Node *n = new Node(val); Node *t = Tail.load(relaxed); t->next.store(n, release); Tail.store(n, relaxed);}
struct Node {atomic<Node*> next;int data;
};
Head Tail
![Page 21: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/21.jpg)
C++11 SPSC Queue Example
void enq(int val) { Node *n = new Node(val); Node *t = Tail.load(relaxed); t->next.store(n, release); Tail.store(n, relaxed);}
struct Node {atomic<Node*> next;int data;
};
Head Tail
![Page 22: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/22.jpg)
C++11 SPSC Queue Example
void enq(int val) { Node *n = new Node(val); Node *t = Tail.load(relaxed); t->next.store(n, release); Tail.store(n, relaxed);}
struct Node {atomic<Node*> next;int data;
};
Head Tail
TailHead
int deq() { Node *h = Head.load(relaxed), Node *n = h->next.load(acquire); if (!n) return -1; Head.store(n, relaxed); return h->data;}
![Page 23: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/23.jpg)
C++11 SPSC Queue Example
void enq(int val) { Node *n = new Node(val); Node *t = Tail.load(relaxed); t->next.store(n, release); Tail.store(n, relaxed);}
struct Node {atomic<Node*> next;int data;
};
Head Tail
int deq() { Node *h = Head.load(relaxed), Node *n = h->next.load(acquire); if (!n) return -1; Head.store(n, relaxed); return h->data;}
TailHead
![Page 24: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/24.jpg)
C++11 SPSC Queue Example
void enq(int val) { Node *n = new Node(val); Node *t = Tail.load(relaxed); t->next.store(n, release); Tail.store(n, relaxed);}
struct Node {atomic<Node*> next;int data;
};
Head Tail
TailHead
int deq() { Node *h = Head.load(relaxed), Node *n = h->next.load(acquire); if (!n) return -1; Head.store(n, relaxed); return h->data;}
![Page 25: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/25.jpg)
C++11 SPSC Queue Example
void enq(int val) { Node *n = new Node(val); Node *t = Tail.load(relaxed); t->next.store(n, release); Tail.store(n, relaxed);}
struct Node {atomic<Node*> next;int data;
};
Head Tail
Tail
int deq() { Node *h = Head.load(relaxed), Node *n = h->next.load(acquire); if (!n) return -1; Head.store(n, relaxed); return h->data;}NULL
![Page 26: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/26.jpg)
C++11 SPSC Queue Example
void enq(int val) { Node *n = new Node(val); Node *t = Tail.load(relaxed); t->next.store(n, release); Tail.store(n, relaxed);}
struct Node {atomic<Node*> next;int data;
};
Head Tail
TailHead
int deq() { Node *h = Head.load(relaxed), Node *n = h->next.load(acquire); if (!n) return -1; Head.store(n, relaxed); return h->data;}
![Page 27: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/27.jpg)
C++11 SPSC Queue Example
void enq(int val) { Node *n = new Node(val); Node *t = Tail.load(relaxed); t->next.store(n, release); Tail.store(n, relaxed);}
struct Node {atomic<Node*> next;int data;
};
Head Tail
int deq() { Node *h = Head.load(relaxed), Node *n = h->next.load(acquire); if (!n) return -1; Head.store(n, relaxed); return h->data;}
TailHead
![Page 28: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/28.jpg)
C++11 SPSC Queue Example
void enq(int val) { Node *n = new Node(val); Node *t = Tail.load(relaxed); t->next.store(n, release); Tail.store(n, relaxed);}
struct Node {atomic<Node*> next;int data;
};
Head Tail
int deq() { Node *h = Head.load(relaxed), Node *n = h->next.load(acquire); if (!n) return -1; Head.store(n, relaxed); return h->data;}
TailHead
![Page 29: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/29.jpg)
Release-Acquire for Synchronization
// T1
ptr = new Object();x.enq(ptr);
// T2r1 = x.deq();if (r1 != -1)
r2 = r1->field;
Ensures reading afully initialized object
synchronization
![Page 30: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/30.jpg)
Non-linearizable SPSC Execution
SPSCQueue x, y; // Initially empty
// Thread 1 // Thread 2
x.enq(1); y.enq(2);r1=y.deq(); // → -1 r2=x.deq(); // → -1
![Page 31: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/31.jpg)
Non-linearizable SPSC Execution
SPSCQueue x, y; // Initially empty
// Thread 1 // Thread 2
x.enq(1); y.enq(2);r1=y.deq(); // → -1 r2=x.deq(); // → -1
![Page 32: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/32.jpg)
Non-linearizable SPSC Execution
SPSCQueue x, y; // Initially empty
// Thread 1 // Thread 2
x.enq(1); y.enq(2);r1=y.deq(); // → -1 r2=x.deq(); // → -1
x.enq(1)
y.enq(2)// T1
// T2x.deq()
y.deq()
y.enq(2) x.deq() → -1 x.enq(1) y.deq() → -1
![Page 33: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/33.jpg)
Non-linearizable SPSC Execution
SPSCQueue x, y; // Initially empty
// Thread 1 // Thread 2
x.enq(1); y.enq(2);r1=y.deq(); // → -1 r2=x.deq(); // → -1
// Thread 1 // Thread 2
next1.store(n1, release); next2.store(n2, release);… ...next2->load(acquire); //0 next1->load(acquire); //0return -1; return -1;
Under the hood:
![Page 34: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/34.jpg)
Alternative 1: Use the “seq_cst” ordering
Only SC executions (in absence of data races)
SPSCQueue x, y; // Initially empty
// Thread 1 // Thread 2
x.enq(1); y.enq(2);r1=y.deq(); // → -1 r2=x.deq(); // → -1
![Page 35: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/35.jpg)
Alternative 1: Use the “seq_cst” ordering
SPSCQueue x, y; // Initially empty
// Thread 1 // Thread 2
x.enq(1); y.enq(2);r1=y.deq(); // → -1 r2=x.deq(); // → -1
Problematic execution not allowed
Only SC executions (in absence of data races)
![Page 36: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/36.jpg)
Alternative 1: Use the “seq_cst” ordering
Only SC executions (in absence of data races)
Problematic execution not allowed
Linearizability applies
SPSCQueue x, y; // Initially empty
// Thread 1 // Thread 2
x.enq(1); y.enq(2);r1=y.deq(); // → -1 r2=x.deq(); // → -1
Performance loss
![Page 37: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/37.jpg)
Alternative 2: Constrain Usage Patterns
enq() and deq() on the same queue mustconflict with each other
SPSCQueue x, y; // Initially empty
// Thread 1 // Thread 2
x.enq(1); y.enq(2);r1=y.deq(); // → -1 r2=x.deq(); // → -1
![Page 38: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/38.jpg)
Alternative 2: Constrain Usage Patterns
Problematic execution not allowedconflict with each other
![Page 39: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/39.jpg)
Alternative 2: Constrain Usage Patterns
Linearizability appliesLimited usefulness
SPSCQueue x, y; // Initially empty
// Thread 1 // Thread 2
x.enq(1); y.enq(2);r1=y.deq(); // → -1 r2=x.deq(); // → -1
Problematic execution not allowed
enq() and deq() on the same queue mustconflict with each other
![Page 40: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/40.jpg)
Alternative 3: Weaken the Specification
deq() of the sequential FIFO canspuriously return empty (-1)
SPSCQueue x, y; // Initially empty
// Thread 1 // Thread 2
x.enq(1); y.enq(2);r1=y.deq(); // → -1 r2=x.deq(); // → -1
![Page 41: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/41.jpg)
Alternative 3: Weaken the Specification
SPSCQueue x, y; // Initially empty
// Thread 1 // Thread 2
x.enq(1); y.enq(2);r1=y.deq(); // → -1 r2=x.deq(); // → -1
x.enq(1)
y.enq(2)
// T1
// T2x.deq()
y.deq()
y.enq(2) x.deq() → -1 x.enq(1) y.deq() → -1
![Page 42: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/42.jpg)
Trade-off between Alternatives
![Page 43: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/43.jpg)
Our Correctness Model
● Admissibility
➢ Explicit condition under which the datastructure's semantics is well defined
![Page 44: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/44.jpg)
Admissibility – Option 1
enq() and deq() are not required to
conflict with each other
x.enq(1)
y.deq()
y.enq(2)
x.deq()
// Thread 1 // Thread 2
![Page 45: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/45.jpg)
Admissibility – Option 2
enq() and deq() must conflict with each other
x.enq(1)
y.deq()
y.enq(2)
x.deq()
// Thread 1 // Thread 2
![Page 46: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/46.jpg)
Our Correctness Model
● Non-deterministic specification
➢ Concurrent execution → equivalent sequentialexecution
➢ Non-deterministic equivalent sequential datastructure
![Page 47: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/47.jpg)
Our Correctness Model
● Non-deterministic specification
➢ Concurrent execution → equivalent sequentialexecution
➢ Non-deterministic equivalent sequential data
![Page 48: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/48.jpg)
Problem: Too Weak Specification
The spec can become too weak
// Same thread
x.enq(1);r1=x.deq(); // → Spuriously return -1
Can go beyond developer's expectation
![Page 49: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/49.jpg)
Solution: Tighten the Weakened Spec
// Same thread
x.enq(1);r1=x.deq(); // → Spuriously return -1
Specify when deq() can spuriously returnempty (-1)!!
![Page 50: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/50.jpg)
Tighten Spec with Justifying Prefix
x.enq(1) x.deq()
x.init()hb
x.enq(1)
x.deq()
x.init()
hbhb
hb
Justifying prefix→ sequence of method calls that are ordered
by happens-before and that happen before a method call m
![Page 51: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/51.jpg)
Tighten Spec with Justifying Prefix
x.enq(1)
x.deq()
x.init()hb
hb
Justifying Prefix ofx.deq()
Justifying prefix→ sequence of method calls that are ordered
by happens-before and that happen before a method call m
![Page 52: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/52.jpg)
Tighten Spec with Justifying Prefix
deq() spuriously return -1 only when one ofits justifying prefix empties the queue
// Same thread
x.enq(1);r1=x.deq(); // → Return -1
x.enq(1)
x.deq()
x.init()hb
hb
![Page 53: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/53.jpg)
Tighten Spec with Justifying Prefix
deq() spuriously return -1 only when one ofits justifying prefix empties the queue
// Same thread
x.enq(1);r1=x.deq(); // → Return -1
Justifying prefix enqueues 1 tothe queue
![Page 54: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/54.jpg)
Non-deterministic Linearizability
● Admissibility
● Non-deterministic specification
● Constrain non-determinism withjustifying prefix
Composability!
![Page 55: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/55.jpg)
CDSSPEC Specification Language
●A concurrent data structurespecification language
➢ Based on non-deterministic linearizability
![Page 56: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/56.jpg)
Admissibility
void enq(int val) { Node *n = new Node(val); Node *t = Tail.load(relaxed); t->next.store(n, release); Tail.store(n, relaxed);}
/** @Admit: deq <-> deq (true); @Admit: enq <-> enq (true) */
![Page 57: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/57.jpg)
Equivalent Sequential Data Structure
void enq(int val) { Node *n = new Node(val); Node *t = Tail.load(relaxed); t->next.store(n, release); Tail.store(n, relaxed);}
/** @DeclareState: IntList *q; */
![Page 58: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/58.jpg)
Ordering Points to Order Method Calls
/** … */int deq() {
Node *h = Head.load(relaxed), *n = h->next.load(acquire);
/** @OPDefine: true */ if (!n) return -1; Head.store(n, relaxed); return h->data;}
/** @DeclareState: IntList *q; */
![Page 59: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/59.jpg)
Dequeue – Side Effect
/** @SideEffect: if (C_RET==-1) return;S_RET = STATE(q)->pop_front();
*/int deq() { Node *h = Head.load(relaxed), *n = h->next.load(acquire); if (!n) return -1; Head.store(n, relaxed); return h->data;}
/** @DeclareState: IntList *q; */
![Page 60: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/60.jpg)
Dequeue – Postcondition
/** ...@PostCondition: return C_RET==-1 || C_RET==S_RET;*/int deq() { Node *h = Head.load(relaxed), *n = h->next.load(acquire); if (!n) return -1; Head.store(n, relaxed); return h->data;}
/** @DeclareState: IntList *q; */
![Page 61: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/61.jpg)
CDSSPEC Checker
●Back-end analysis of theCDSChecker model checker
➢ Exhaustively check a given test caseagainst CDSSPEC specifications (undersome constraints)
![Page 62: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/62.jpg)
Expressiveness of CDSSPEC
10 real-world data structures
➢ 3 concurrent queues: SPSC, M&S queue & MPMC
➢ 4 locks: Linux RW lock, Seqlock, MCS lock & Ticketlock
➢ A read-copy-update implementation
➢ Chase-Lev deque
➢ Concurrent hashtable
![Page 63: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/63.jpg)
CDSSEPEC Checker Performance
Benchmarks Total Time (sec)
Linux RW lock 13.71
MPMC queue 4.83
MCS lock 3.00
Ticket lock 0.17
Chase-Lev deque 0.10
M&S queue 0.03
SPSC queue 0.01
Seqlock 0.01
RCU 0.01
Concurrent hashtable 0.01
within 15sec
9/10 within5 sec
Ubuntu 14.04 (Intel Xeon E3-1246 v3)
![Page 64: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/64.jpg)
Finding Know Bugs
Found 3 known bugs in 2benchmarks
➢Weaker than necessary orderingparameters
![Page 65: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/65.jpg)
Finding Injected Bugs
![Page 66: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/66.jpg)
Finding Injected Bugs
Benchmarks#
Injection#
Built-in#
CDSSpec#
Rate
MPMC queue 8 0 4 50%
Linux RW lock 8 0 8 100%
MCS lock 8 4 4 100%
Ticket lock 2 0 2 100%
Chase-Lev deque 7 3 4 100%
M&S Queue 10 3 7 100%
SPSC queue 2 0 2 100%
Seqlock 5 0 5 100%
RCU 3 3 0 100%
Hashtable 4 2 2 100%
Total 57 15 38 93%
100% for 9/10benchmarks
![Page 67: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/67.jpg)
Finding Injected Bugs
Benchmarks#
Injection#
Built-in#
CDSSpec#
Rate
MPMC queue 8 0 4 50%
Linux RW lock 8 0 8 100%
MCS lock 8 4 4 100%
Ticket lock 2 0 2 100%
Chase-Lev deque 7 3 4 100%
M&S Queue 10 3 7 100%
SPSC queue 2 0 2 100%
Seqlock 5 0 5 100%
RCU 3 3 0 100%
Hashtable 4 2 2 100%
Total 57 15 38 93%
threads & a16-bit counterrollover
![Page 68: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/68.jpg)
Ease of Use
● On average:
➢ 11.5 lines per data structure
➢ 1.22 lines per API method for ordering points
![Page 69: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/69.jpg)
Related Work
● Concurrent data structure specifications➢ Refinement mapping, Commit atomicity, Concurrit, NDetermin➢ Relaxed memory model: Batty el al., Tassarotti el al.➢ Bounded relaxation
● Approaches based on linearizability➢ Linearizability, Lineup, Paraglider, VYRD, ➢ Techniques to automatically prove linearizability➢ Others: Concurrency-aware objects, list-based set
● Enforce code to only admit SC behaviors➢ Under TSO & PSO (Burckhardt el al., Burnim el al.➢ For C/C++11: Meshman el al., AutoMO➢ Dfence (infer fences for hardware memory model)
● Others: GAMBIT, RELAXED, CheckFence
![Page 70: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/70.jpg)
Conclusion
●CDSSPEC
A specification checker that allows developers tospecify and check a range of concurrent datastructures written with C/C++11
![Page 71: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/71.jpg)
Questions
![Page 72: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/72.jpg)
Enqueue – Side Effect
/** @SideEffect: STATE(q)->push_back(val); */
void enq(int val) {
Node *n = new Node(val); Node *t = Tail.load(relaxed); t->next.store(n, release); Tail.store(n, relaxed);}
/** @DeclareState: IntList *q; */
![Page 73: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/73.jpg)
Ordering Points to Order Method Calls
/** ... */
void enq(int val) {
Node *n = new Node(val); Node *t = Tail.load(relaxed); t->next.store(n, release);
/** @OPDefine: true */ Tail.store(n, relaxed);}
/** @DeclareState: IntList *q; */
![Page 74: CDSSPEC: Checking Concurrent Data Structures Under the C ...plrg.eecs.uci.edu/~peizhaoo/profile/presentations/... · Structures Under the C/C++11 Memory Model Peizhao Ou and Brian](https://reader036.fdocuments.net/reader036/viewer/2022080717/5f7824a7e0d06207b3661ccd/html5/thumbnails/74.jpg)
Dequeue – Justifying Postcondition
/** ...;@JustifyingPostcondition: if (C_RET==-1) return S_RET == -1; */int deq() { Node *h = Head.load(relaxed), *n = h->next.load(acquire); if (!n) return -1; Head.store(n, relaxed); return h->data;}
/** @DeclareState: IntList *q; */