Kilim - malhar.net filecommunicating sequential procs message passing everywhere shared nothing ==...
Transcript of Kilim - malhar.net filecommunicating sequential procs message passing everywhere shared nothing ==...
![Page 1: Kilim - malhar.net filecommunicating sequential procs message passing everywhere shared nothing == failure isolation easy to reason about, debug unified view of concurrent and distributed](https://reader030.fdocuments.net/reader030/viewer/2022041300/5e0ecb7165cc5073a20a4986/html5/thumbnails/1.jpg)
Kilim
Sriram Srinivasan University of Cambridge, Opera Group
http://kilim.malhar.net
Isolation-typed actors for Java
![Page 2: Kilim - malhar.net filecommunicating sequential procs message passing everywhere shared nothing == failure isolation easy to reason about, debug unified view of concurrent and distributed](https://reader030.fdocuments.net/reader030/viewer/2022041300/5e0ecb7165cc5073a20a4986/html5/thumbnails/2.jpg)
background
processors increasingly distributed
Multiple cores, processors, boxes, data centers
isolation
concurrency: how to get safety and speed?
memory-models and consistency
problems with shared memory concurrency
incorporating external actions
server applications are data-flow networks
![Page 3: Kilim - malhar.net filecommunicating sequential procs message passing everywhere shared nothing == failure isolation easy to reason about, debug unified view of concurrent and distributed](https://reader030.fdocuments.net/reader030/viewer/2022041300/5e0ecb7165cc5073a20a4986/html5/thumbnails/3.jpg)
communicating sequential procs
message passing everywhere
shared nothing == failure isolation
easy to reason about, debug
unified view of concurrent and distributed
lightweight threads
automatic stack management
maps to user-level concurrent tasks
![Page 4: Kilim - malhar.net filecommunicating sequential procs message passing everywhere shared nothing == failure isolation easy to reason about, debug unified view of concurrent and distributed](https://reader030.fdocuments.net/reader030/viewer/2022041300/5e0ecb7165cc5073a20a4986/html5/thumbnails/4.jpg)
objections to message passing
async programming is hard
verbose, inversion of control
heavyweight threads
message passing is expensive
copying
context switching
![Page 5: Kilim - malhar.net filecommunicating sequential procs message passing everywhere shared nothing == failure isolation easy to reason about, debug unified view of concurrent and distributed](https://reader030.fdocuments.net/reader030/viewer/2022041300/5e0ecb7165cc5073a20a4986/html5/thumbnails/5.jpg)
Kilim
Ultra-lightweight threads
Message-passing
Messages distinct from objects
No internal aliasing
Linear ownership transfer
Safe, zero-copy message passing
Run-time library (scheduler, typed mailboxes, timer)
![Page 6: Kilim - malhar.net filecommunicating sequential procs message passing everywhere shared nothing == failure isolation easy to reason about, debug unified view of concurrent and distributed](https://reader030.fdocuments.net/reader030/viewer/2022041300/5e0ecb7165cc5073a20a4986/html5/thumbnails/6.jpg)
Programming model
![Page 7: Kilim - malhar.net filecommunicating sequential procs message passing everywhere shared nothing == failure isolation easy to reason about, debug unified view of concurrent and distributed](https://reader030.fdocuments.net/reader030/viewer/2022041300/5e0ecb7165cc5073a20a4986/html5/thumbnails/7.jpg)
kilim tasks
class HttpConn extends Task { @pausable
public void execute() { while (true) { HttpMsg m = readReq(); processMsg(m); }}
@pausable public HttpMsg readReq() {
.... } }
new HttpConn(mbox).start();
![Page 8: Kilim - malhar.net filecommunicating sequential procs message passing everywhere shared nothing == failure isolation easy to reason about, debug unified view of concurrent and distributed](https://reader030.fdocuments.net/reader030/viewer/2022041300/5e0ecb7165cc5073a20a4986/html5/thumbnails/8.jpg)
mailboxes for messaging
class MyTask extends Task { Mailbox<Msg> mb, outmb; public @pausable void execute() { while (true) { Msg m = mb.get(); process(m); outmb.put(m); } }}
![Page 9: Kilim - malhar.net filecommunicating sequential procs message passing everywhere shared nothing == failure isolation easy to reason about, debug unified view of concurrent and distributed](https://reader030.fdocuments.net/reader030/viewer/2022041300/5e0ecb7165cc5073a20a4986/html5/thumbnails/9.jpg)
weavingjava kilim.tools.Weaver -d ./classes HttpConn
-or-
java kilim.tools.Weaver -d ./classes ./classes
![Page 10: Kilim - malhar.net filecommunicating sequential procs message passing everywhere shared nothing == failure isolation easy to reason about, debug unified view of concurrent and distributed](https://reader030.fdocuments.net/reader030/viewer/2022041300/5e0ecb7165cc5073a20a4986/html5/thumbnails/10.jpg)
Internals
![Page 11: Kilim - malhar.net filecommunicating sequential procs message passing everywhere shared nothing == failure isolation easy to reason about, debug unified view of concurrent and distributed](https://reader030.fdocuments.net/reader030/viewer/2022041300/5e0ecb7165cc5073a20a4986/html5/thumbnails/11.jpg)
CPS transformation
public @pausable void foo(Object o ) { for (int i = .... ) { bar(o); print(i, o); }}}
![Page 12: Kilim - malhar.net filecommunicating sequential procs message passing everywhere shared nothing == failure isolation easy to reason about, debug unified view of concurrent and distributed](https://reader030.fdocuments.net/reader030/viewer/2022041300/5e0ecb7165cc5073a20a4986/html5/thumbnails/12.jpg)
CPS transformation
public @pausable void foo(Object o, Fiber f) { goto f.pc; for (int i = ... ) {
L1: bar(o, f); if f.isPausing f.store: pc=L1, i, o return else if f.needsRestoring f.restore o, i print(i, o);
}}}
![Page 13: Kilim - malhar.net filecommunicating sequential procs message passing everywhere shared nothing == failure isolation easy to reason about, debug unified view of concurrent and distributed](https://reader030.fdocuments.net/reader030/viewer/2022041300/5e0ecb7165cc5073a20a4986/html5/thumbnails/13.jpg)
n tasks, n2 messages
![Page 14: Kilim - malhar.net filecommunicating sequential procs message passing everywhere shared nothing == failure isolation easy to reason about, debug unified view of concurrent and distributed](https://reader030.fdocuments.net/reader030/viewer/2022041300/5e0ecb7165cc5073a20a4986/html5/thumbnails/14.jpg)
task creation
![Page 15: Kilim - malhar.net filecommunicating sequential procs message passing everywhere shared nothing == failure isolation easy to reason about, debug unified view of concurrent and distributed](https://reader030.fdocuments.net/reader030/viewer/2022041300/5e0ecb7165cc5073a20a4986/html5/thumbnails/15.jpg)
options for message safety
Immutable messages
copies
locks (?)
linear type systems
ownership types
![Page 16: Kilim - malhar.net filecommunicating sequential procs message passing everywhere shared nothing == failure isolation easy to reason about, debug unified view of concurrent and distributed](https://reader030.fdocuments.net/reader030/viewer/2022041300/5e0ecb7165cc5073a20a4986/html5/thumbnails/16.jpg)
mutable messages in Kilim
philosophically different from objects
Implement Message
Primitives, refs to Message, arrays
no internal aliasing allowed
public structure encouraged
ownership passed linearly
![Page 17: Kilim - malhar.net filecommunicating sequential procs message passing everywhere shared nothing == failure isolation easy to reason about, debug unified view of concurrent and distributed](https://reader030.fdocuments.net/reader030/viewer/2022041300/5e0ecb7165cc5073a20a4986/html5/thumbnails/17.jpg)
capabilities
Modifiable Unmodifiable Unusable
![Page 18: Kilim - malhar.net filecommunicating sequential procs message passing everywhere shared nothing == failure isolation easy to reason about, debug unified view of concurrent and distributed](https://reader030.fdocuments.net/reader030/viewer/2022041300/5e0ecb7165cc5073a20a4986/html5/thumbnails/18.jpg)
capabilities
Modifiable Unmodifiable Unusable
![Page 19: Kilim - malhar.net filecommunicating sequential procs message passing everywhere shared nothing == failure isolation easy to reason about, debug unified view of concurrent and distributed](https://reader030.fdocuments.net/reader030/viewer/2022041300/5e0ecb7165cc5073a20a4986/html5/thumbnails/19.jpg)
capabilities
free
cuttable
safe invalid
Modifiable Unmodifiable Unusable
![Page 20: Kilim - malhar.net filecommunicating sequential procs message passing everywhere shared nothing == failure isolation easy to reason about, debug unified view of concurrent and distributed](https://reader030.fdocuments.net/reader030/viewer/2022041300/5e0ecb7165cc5073a20a4986/html5/thumbnails/20.jpg)
assignment
x y
x.f = y
![Page 21: Kilim - malhar.net filecommunicating sequential procs message passing everywhere shared nothing == failure isolation easy to reason about, debug unified view of concurrent and distributed](https://reader030.fdocuments.net/reader030/viewer/2022041300/5e0ecb7165cc5073a20a4986/html5/thumbnails/21.jpg)
assignment
x y
x.f = y
f
![Page 22: Kilim - malhar.net filecommunicating sequential procs message passing everywhere shared nothing == failure isolation easy to reason about, debug unified view of concurrent and distributed](https://reader030.fdocuments.net/reader030/viewer/2022041300/5e0ecb7165cc5073a20a4986/html5/thumbnails/22.jpg)
assignment
x y
x.f = y
![Page 23: Kilim - malhar.net filecommunicating sequential procs message passing everywhere shared nothing == failure isolation easy to reason about, debug unified view of concurrent and distributed](https://reader030.fdocuments.net/reader030/viewer/2022041300/5e0ecb7165cc5073a20a4986/html5/thumbnails/23.jpg)
assignment
x y
x.f = y
![Page 24: Kilim - malhar.net filecommunicating sequential procs message passing everywhere shared nothing == failure isolation easy to reason about, debug unified view of concurrent and distributed](https://reader030.fdocuments.net/reader030/viewer/2022041300/5e0ecb7165cc5073a20a4986/html5/thumbnails/24.jpg)
capability inference
class Event implements Message { Event a; Event b [ ];}
void foo(@free Event ev, @safe Event msg) { p = new Event(); msg.a = p; ev.a = p; ev.b[2] = p; ev.a = msg; }
ev msg
![Page 25: Kilim - malhar.net filecommunicating sequential procs message passing everywhere shared nothing == failure isolation easy to reason about, debug unified view of concurrent and distributed](https://reader030.fdocuments.net/reader030/viewer/2022041300/5e0ecb7165cc5073a20a4986/html5/thumbnails/25.jpg)
capability inference
class Event implements Message { Event a; Event b [ ];}
void foo(@free Event ev, @safe Event msg) { p = new Event(); msg.a = p; ev.a = p; ev.b[2] = p; ev.a = msg; }
ev msg
p
![Page 26: Kilim - malhar.net filecommunicating sequential procs message passing everywhere shared nothing == failure isolation easy to reason about, debug unified view of concurrent and distributed](https://reader030.fdocuments.net/reader030/viewer/2022041300/5e0ecb7165cc5073a20a4986/html5/thumbnails/26.jpg)
capability inference
class Event implements Message { Event a; Event b [ ];}
void foo(@free Event ev, @safe Event msg) { p = new Event(); msg.a = p; ✗ not modifiable ev.a = p; ev.b[2] = p; ev.a = msg; }
ev msg
p
![Page 27: Kilim - malhar.net filecommunicating sequential procs message passing everywhere shared nothing == failure isolation easy to reason about, debug unified view of concurrent and distributed](https://reader030.fdocuments.net/reader030/viewer/2022041300/5e0ecb7165cc5073a20a4986/html5/thumbnails/27.jpg)
capability inference
class Event implements Message { Event a; Event b [ ];}
void foo(@free Event ev, @safe Event msg) { p = new Event(); msg.a = p; ✗ not modifiable ev.a = p; ✓ ev.b[2] = p; ev.a = msg; }
ev msg
p
![Page 28: Kilim - malhar.net filecommunicating sequential procs message passing everywhere shared nothing == failure isolation easy to reason about, debug unified view of concurrent and distributed](https://reader030.fdocuments.net/reader030/viewer/2022041300/5e0ecb7165cc5073a20a4986/html5/thumbnails/28.jpg)
capability inference
class Event implements Message { Event a; Event b [ ];}
void foo(@free Event ev, @safe Event msg) { p = new Event(); msg.a = p; ✗ not modifiable ev.a = p; ✓ ev.b[2] = p; ✗ p not free ev.a = msg; ✗ safe, cannot be assigned}
ev msg
p
![Page 29: Kilim - malhar.net filecommunicating sequential procs message passing everywhere shared nothing == failure isolation easy to reason about, debug unified view of concurrent and distributed](https://reader030.fdocuments.net/reader030/viewer/2022041300/5e0ecb7165cc5073a20a4986/html5/thumbnails/29.jpg)
void foo (@free p) { q = p.f; print(q); ✓ mb.put(q); mb.put (p); print(p); }
method calls
p
q
![Page 30: Kilim - malhar.net filecommunicating sequential procs message passing everywhere shared nothing == failure isolation easy to reason about, debug unified view of concurrent and distributed](https://reader030.fdocuments.net/reader030/viewer/2022041300/5e0ecb7165cc5073a20a4986/html5/thumbnails/30.jpg)
void foo (@free p) { q = p.f; print(q); ✓ mb.put(q); ✗ q not root mb.put (p); print(p); }
method calls
p
q
![Page 31: Kilim - malhar.net filecommunicating sequential procs message passing everywhere shared nothing == failure isolation easy to reason about, debug unified view of concurrent and distributed](https://reader030.fdocuments.net/reader030/viewer/2022041300/5e0ecb7165cc5073a20a4986/html5/thumbnails/31.jpg)
void foo (@free p) { q = p.f; print(q); ✓ mb.put(q); ✗ q not root mb.put (p); ✓ print(p); }
method calls
p
q
![Page 32: Kilim - malhar.net filecommunicating sequential procs message passing everywhere shared nothing == failure isolation easy to reason about, debug unified view of concurrent and distributed](https://reader030.fdocuments.net/reader030/viewer/2022041300/5e0ecb7165cc5073a20a4986/html5/thumbnails/32.jpg)
void foo (@free p) { q = p.f; print(q); ✓ mb.put(q); ✗ q not root mb.put (p); ✓ print(p); ✗ p, q invalid }
method calls
p
q
![Page 33: Kilim - malhar.net filecommunicating sequential procs message passing everywhere shared nothing == failure isolation easy to reason about, debug unified view of concurrent and distributed](https://reader030.fdocuments.net/reader030/viewer/2022041300/5e0ecb7165cc5073a20a4986/html5/thumbnails/33.jpg)
cut operator
foo(@free root, @cuttable mid) {
if ( ...)
r = root
else
r = cut(mid.f)
mb.put(r)
}
![Page 34: Kilim - malhar.net filecommunicating sequential procs message passing everywhere shared nothing == failure isolation easy to reason about, debug unified view of concurrent and distributed](https://reader030.fdocuments.net/reader030/viewer/2022041300/5e0ecb7165cc5073a20a4986/html5/thumbnails/34.jpg)
static analysis
Shape Analysis for heap abstraction
Transfer of Ownership between tasks
== TOI between methods
![Page 35: Kilim - malhar.net filecommunicating sequential procs message passing everywhere shared nothing == failure isolation easy to reason about, debug unified view of concurrent and distributed](https://reader030.fdocuments.net/reader030/viewer/2022041300/5e0ecb7165cc5073a20a4986/html5/thumbnails/35.jpg)
Kilim summary
Tasks
lightweightautomatic stack mgmtfailure isolationstate Isolation
cooperative tasking
Messaging
fastsaferequest reorderingflow controlopen structures
tree-shaped structures (only when mutable)
Ease
uniform syntax for distr. & conc. progmonitorableuse existing classes
fixed task granulariy
![Page 36: Kilim - malhar.net filecommunicating sequential procs message passing everywhere shared nothing == failure isolation easy to reason about, debug unified view of concurrent and distributed](https://reader030.fdocuments.net/reader030/viewer/2022041300/5e0ecb7165cc5073a20a4986/html5/thumbnails/36.jpg)
referencesKilim: Isolation-typed Actors for Java.Sriram Srinivasan, Alan Mycroft. In ECOOP 2008
A Thread of Ones Own.Sriram Srinivasan. New Horizons in Compilers Wkshp (2005)
Making Reliable Distributed Systems in the Presence of Software Errors.Armstrong, J, PhD thesis, RIT Stockholm (2003)
Alias Burying: Unique Variables without Destructive Reads.Boyland, J. In Soft. Pract. & Exper. (2001)
Shape Analysis.Wilhelm, R., Sagiv, S., Reps, T.W. In ETAPS (2000)