Concurrent Objects MIT 6.05s by Maurice Herlihy & Nir Shavit

Concurrent Objects

MIT 6.05sby Maurice Herlihy & Nir

Shavit

Art of Multiprocessor Programming

2

Concurrent Computaton

memory

object object


3

Objectivism

• What is a concurrent object?– How do we describe one?– How do we implement one?– How do we tell if we’re right?


4

Objectivism

• What is a concurrent object?– How do we describe one?

– How do we tell if we’re right?

(later)


5

FIFO Queue: Enqueue Method

q.enq( )


6

FIFO Queue: Dequeue Method

q.deq()/


7

A Lock-Based Queue

class LockBasedQueue<T> { int head, tail; T[] items; Lock lock; public LockBasedQueue(int capacity) { head = 0; tail = 0; lock = new ReentrantLock(); items = (T[]) new Object[capacity]; }


8

A Lock-Based Queue


Queue fields protected by single shared lock

head tail

y z


9

A Lock-Based Queue


Initially head = tail

head tail

y z


10

Implementation: Deq

public T deq() throws EmptyException { lock.lock(); try { if (tail == head) throw new EmptyException(); T x = items[head % items.length]; head++; return x; } finally { lock.unlock(); } }

head tail

y z


11

Implementation: Deq


Method calls mutually exclusive

head tail

y z


12

Implementation: Deq


If queue emptythrow exception

head tail

y z


13

Implementation: Deq


Queue not empty:remove item and

update head

head tail

y z


14

Implementation: Deq


Return result

head tail

y z


15

Implementation: Deq

public T deq() throws EmptyException { lock.lock(); try { if (tail == head) throw new EmptyException(); T x = items[head % items.length]; head++; return x; } finally { lock.unlock(); } } Release lock no matter

what!

head tail

y z


16

Implementation: Deq


Should be correct because

modifications are mutually

exclusive…


17

Now consider the following implementation

• The same thing without mutual exclusion

• For simplicity, only two threads – One thread enq only– The other deq only


18

Lock-free 2-Thread Queuepublic class WaitFreeQueue { int head = 0, tail = 0; items = (T[]) new Object[capacity];

public void enq(Item x) { while (tail-head == capacity); // busy-wait items[tail % capacity] = x; tail++; }

public Item deq() { while (tail == head); // busy-wait Item item = items[head % capacity]; head++; return item;}}


19




head tail

y z


20




Queue is updated without a lock!

head tail

y z

How do we define

“correct” when

modifications are not

mutually exclusive?


21

Defining concurrent queue implementations

• Need a way to specify a concurrent queue object

• Need a way to prove that an algorithm implements the object’s specification

• Lets talk about object specifications …

Correctness and Progress

• In a concurrent setting, we need to specify both the safety and the liveness properties of an object

• Need a way to define – when an implementation is correct– the conditions under which it

guarantees progress


22

Lets begin with correctness


23

Sequential Objects

• Each object has a state– Usually given by a set of fields– Queue example: sequence of items

• Each object has a set of methods– Only way to manipulate state– Queue example: enq and deq

methods


24

Sequential Specifications• If (precondition)

– the object is in such-and-such a state– before you call the method,

• Then (postcondition)– the method will return a particular value– or throw a particular exception.

• and (postcondition, con’t)– the object will be in some other state– when the method returns,


25

Pre and PostConditions for Dequeue

• Precondition:– Queue is non-empty

• Postcondition:– Returns first item in queue

• Postcondition:– Removes first item in queue


26

Pre and PostConditions for Dequeue

• Precondition:– Queue is empty

• Postcondition:– Throws Empty exception

• Postcondition:– Queue state unchanged


27

Why Sequential Specifications Totally Rock

• Interactions among methods captured by side-effects on object state– State meaningful between method calls

• Documentation size linear in number of methods– Each method described in isolation

• Can add new methods– Without changing descriptions of old

methods


28

What About Concurrent Specifications?

• Methods? • Documentation?• Adding new methods?


29

Methods Take Time

timetime


30

Methods Take Time

time

invocation 12:00

q.enq(...

)

time


31

Methods Take Time

time

Method call

invocation 12:00

q.enq(...

)

time


32

Methods Take Time

time

Method call

invocation 12:00

q.enq(...

)

time


33

Methods Take Time

time

Method call

invocation 12:00

q.enq(...

)

time

void

response 12:01


34

Sequential vs Concurrent

• Sequential– Methods take time? Who knew?

• Concurrent– Method call is not an event– Method call is an interval.


35

time

Concurrent Methods Take Overlapping Time

time


36

time


time

Method call


37

time


time

Method call

Method call


38

time


time

Method call Method call

Method call


39


• Sequential:– Object needs meaningful state only

between method calls

• Concurrent– Because method calls overlap, object

might never be between method calls


40


• Sequential:– Each method described in isolation

• Concurrent– Must characterize all possible

interactions with concurrent calls • What if two enqs overlap?• Two deqs? enq and deq? …


41


• Sequential:– Can add new methods without

affecting older methods

• Concurrent:– Everything can potentially interact

with everything else


42


• Sequential:– Can add new methods without

affecting older methods

• Concurrent:– Everything can potentially interact

with everything else Panic!


43

The Big Question

• What does it mean for a concurrent object to be correct?– What is a concurrent FIFO queue?– FIFO means strict temporal order– Concurrent means ambiguous

temporal order


44

Intuitively…



45

Intuitively…


All modifications of queue are done mutually exclusive


46

time

Intuitively

q.deq

q.enq

enq deq

lock() unlock()

lock() unlock() Behavior is “Sequential”

enq

deq

Lets capture the idea of describing the concurrent via the sequential


47

Linearizability

• Each method should– “Take effect”– Instantaneously– Between invocation and response

events


48

Example

timetime

(6)


49

Example

time

q.enq(x)

time

(6)


50

Example

time

q.enq(x)

q.enq(y)

time

(6)


51

Example

time

q.enq(x)

q.enq(y) q.deq(x)

time

(6)


52

Example

time

q.enq(x)

q.enq(y) q.deq(x)

q.deq(y)

time

(6)


53

Example

time

q.enq(x)

q.enq(y) q.deq(x)

q.deq(y)

linearizableq.enq(x)

q.enq(y) q.deq(x)

q.deq(y)

time

(6)


54

Example

time

(5)


55

Example

time

q.enq(x)

(5)


56

Example

time

q.enq(x) q.deq(y)

(5)


57

Example

time

q.enq(x)

q.enq(y)

q.deq(y)

(5)


58

Example

time

q.enq(x)

q.enq(y)

q.deq(y)q.enq(x)

q.enq(y)

(5)


59

Example

time

q.enq(x)

q.enq(y)

q.deq(y)q.enq(x)

q.enq(y)

(5)

not

linearizable


60

Example

timetime

(4)


61

Example

time

q.enq(x)

time

(4)


62

Example

time

q.enq(x)

q.deq(x)

time

(4)


63

Example

time

q.enq(x)

q.deq(x)

q.enq(x)

q.deq(x)

time

(4)


64

Example

time

q.enq(x)

q.deq(x)

q.enq(x)

q.deq(x)

linearizable

time

(4)


65

Example

time

q.enq(x)

time

(8)


66

Example

time

q.enq(x)

q.enq(y)

time

(8)


67

Example

time

q.enq(x)

q.enq(y)

q.deq(y)

time

(8)


68

Example

time

q.enq(x)

q.enq(y)

q.deq(y)

q.deq(x)

time

(8)


69

q.enq(x)

q.enq(y)

q.deq(y)

q.deq(x)

Comme ci Example

time

Comme ça multiple orders

OKlinearizable


70

Read/Write Register Example

time

read(1)write(0)

write(1)

write(2)

time

read(0)

(4)


71


time

read(1)write(0)

write(1)

write(2)

time

read(0)write(1) already

happened(4)


72


time

read(1)write(0)

write(1)

write(2)

time

read(0)write(1)write(1) already

happened(4)


73


time

read(1)write(0)

write(1)

write(2)

time

read(0)write(1)write(1) already

happened(4)

not

linearizable


74


time

read(1)write(0)

write(1)

write(2)

time

read(1)write(1) already

happened(4)


75


time

read(1)write(0)

write(1)

write(2)

time

read(1)write(1)

write(2)

(4)

write(1) already

happened


76


time

read(1)write(0)

write(1)

write(2)

time

read(1)write(1)

write(2)

not

linearizable

(4)

write(1) already

happened


77


time

write(0)

write(1)

write(2)

time

read(1)

(4)


78


time

write(0)

write(1)

write(2)

time

read(1)write(1)

write(2)

(4)


79


time

write(0)

write(1)

write(2)

time

read(1)write(1)

write(2)

linearizable

(4)


80


time

read(1)write(0)

write(1)

write(2)

time

read(1)

(2)


81


time

read(1)write(0)

write(1)

write(2)

time

read(1)write(1)

(2)


82


time

read(1)write(0)

write(1)

write(2)

time

read(1)write(1)

write(2)

(2)


83


time

read(1)write(0)

write(1)

write(2)

time

read(2)write(1)

write(2)

Not

linearizable

(2)


84

Executions

• Define precisely what we mean– Ambiguity is bad when intuition is

weak

• Allow reasoning– Formal– But mostly informal

• In the long run, actually more important


85

Split Method Calls into Two Events

• Invocation– method name & args– q.enq(x)

• Response– result or exception– q.enq(x) returns void– q.deq() returns x– q.deq() throws empty


86

Invocation Notation

A q.enq(x)

(4)


87

Invocation Notation

A q.enq(x)

thread

(4)


88

Invocation Notation

A q.enq(x)

thread method

(4)


89

Invocation Notation

A q.enq(x)

thread

object(4)

method


90

Invocation Notation

A q.enq(x)

thread

object

method

arguments(4)


91

Response Notation

A q: void

(2)


92

Response Notation

A q: void

thread

(2)


93

Response Notation

A q: void

thread result

(2)


94

Response Notation

A q: void

thread

object

result

(2)


95

Response Notation

A q: void

thread

object

result

(2)

Met

hod

is

impl

icit


96

Response Notation

A q: empty()

thread

object(2)

Met

hod

is

impl

icit

exception


97

History - Describing an Execution

A q.enq(3)A q:voidA q.enq(5)B p.enq(4)B p:voidB q.deq()B q:3

Sequence of invocations and

responses

H =


98

Definition

• Invocation & response match if

A q.enq(3)

A q:void

Thread names agree

Object names agree

Method call

(1)


99

Object Projections

A q.enq(3)A q:voidB p.enq(4)B p:voidB q.deq()B q:3

H =


100

Object Projections


H|q =


101

Thread Projections


H =


102

Thread Projections


H|B =


103

Complete Subhistory


An invocation is pending if it has

no matching respnse

H =


104

Complete Subhistory


May or may not have taken effect

H =


105

Complete Subhistory


discard pending invocations

H =


106

Complete Subhistory

A q.enq(3)A q:void B p.enq(4)B p:voidB q.deq()B q:3

Complete(H) =


107

Sequential Histories

A q.enq(3)A q:voidB p.enq(4)B p:voidB q.deq()B q:3A q:enq(5)

(4)


108



match

(4)


109



match

match

(4)


110



match

match

match

(4)


111



match

match

match

Final pending invocation OK

(4)


112



match

match

match

Final pending invocation OK

(4)

Method calls of

different threads

do not interleave


113

Well-Formed Histories

H=

A q.enq(3)B p.enq(4)B p:voidB q.deq()A q:voidB q:3


114


H=


H|B=B p.enq(4)B p:voidB q.deq()B q:3

Per-thread projections sequential


115


H=


H|B=B p.enq(4)B p:voidB q.deq()B q:3

A q.enq(3)A q:void

H|A=

Per-thread projections sequential


116

Equivalent Histories

H=


Threads see the same thing in both


G=

H|A = G|AH|B = G|B


117

Sequential Specifications

• A sequential specification is some way of telling whether a– Single-thread, single-object history– Is legal

• For example:– Pre and post-conditions– But plenty of other techniques exist

…


118

Legal Histories

• A sequential (multi-object) history H is legal if– For every object x– H|x is in the sequential spec for x


119

Precedence

A q.enq(3)B p.enq(4)B p.voidA q:voidB q.deq()B q:3

A method call precedes another if

response event precedes invocation

event

Method call Method call

(1)


120

Non-Precedence

A q.enq(3)B p.enq(4)B p.voidB q.deq()A q:voidB q:3

Some method calls overlap one

anotherMethod call

Method call

(1)


121

Notation

• Given – History H– method executions m0 and m1 in H

• We say m0 Hm1, if– m0 precedes m1

• Relation m0 Hm1 is a– Partial order – Total order if H is sequential

m0 m1


122

Linearizability

• History H is linearizable if it can be extended to G by– Appending zero or more responses to

pending invocations– Discarding other pending invocations

• So that G is equivalent to– Legal sequential history S – where G S


123

What is G S

time

a

b

time

(8)

G

S

cG

G = {ac,bc}

S = {ab,ac,bc}

A limita

tion on th

e

Choice of S

!


124

Remarks

• Some pending invocations– Took effect, so keep them– Discard the rest

• Condition G S

– Means that S respects “real-time order” of G


125

A q.enq(3)B q.enq(4)B q:voidB q.deq()B q:4B q:enq(6)

Example

time

B.q.enq(4)

A. q.enq(3)

B.q.deq(4) B. q.enq(6)


126

Example

Complete this pending

invocation

time

B.q.enq(4) B.q.deq(3) B. q.enq(6)

A q.enq(3)B q.enq(4)B q:voidB q.deq()B q:4B q:enq(6)

A. q.enq(3)


127

Example

Complete this pending

invocation

time


B.q.enq(3)

A q.enq(3)B q.enq(4)B q:voidB q.deq()B q:4B q:enq(6)A q:void


128

Example

time


B.q.enq(3)

A q.enq(3)B q.enq(4)B q:voidB q.deq()B q:4B q:enq(6)A q:void

discard this one


129

Example

time

B.q.enq(4) B.q.deq(4)

B.q.enq(3)

A q.enq(3)B q.enq(4)B q:voidB q.deq()B q:4

A q:void

discard this one


130

A q.enq(3)B q.enq(4)B q:voidB q.deq()B q:4A q:void

Example

time


B.q.enq(3)


131


Example

time

B q.enq(4)B q:voidA q.enq(3)A q:voidB q.deq()B q:4


B.q.enq(3)


132


B.q.enq(3)


Example

time

B q.enq(4)B q:voidA q.enq(3)A q:voidB q.deq()B q:4

Equivalent sequential history


133

Linearization Points

• Identify one atomic step where method “happens”– Critical section?– Machine instruction?

• Usually straightforward• Sometimes not

– E.g., Successful vs unsuccessful search …

– Stay tuned …


134

Linearization Points : Locking



135

Linearization Points: Locking


Linearization pointsare when locks are

released

0 1capacity-1

2

head tail

y z


136

Linearization Points : Lock-free

public class LockFreeQueue {

int head = 0, tail = 0; items = (T[]) new Object[capacity];

public void enq(Item x) { while (tail-head == capacity); // busy-wait items[tail % capacity] = x; tail++; } public Item deq() { while (tail == head); // busy-wait Item item = items[head % capacity]; head++; return item;}}

0 1capacity-1

2

head tail

y z


137

public class LockFreeQueue {

int head = 0, tail = 0; items = (T[]) new Object[capacity];

public void enq(Item x) { while (tail-head == capacity); // busy-wait items[tail % capacity] = x; tail++; } public Item deq() { while (tail == head); // busy-wait Item item = items[head % capacity]; head++; return item;}}

Linearization order is order head and tail fields modified

Remem

ber that t

here

is only

one e

nqueuer

and only

one d

equeuer

Linearization Points : Lock-free


138

Concurrency

• How much concurrency does linearizability allow?

• When must a method invocation block?


139

Technicality

• Focus on total methods– Defined for every state

• Example:– deq() that throws EmptyException– Versus deq() that waits …

• Why?– Otherwise, blocking unrelated to

synchronization


140

Concurrency

• Question:– When does linearizability require a

method invocation to block?

• Answer:– never.– Linearizability is non-blocking

Radical, Dude!

• Linearizability permits lock-free implementations …

• Where no thread is ever blocked waiting for another …

• How to do so is another story!


142

Composability

• A system is linearizable if and only if each individual object is linearizable.

Modular, Dude!

• You can contract out pieces of your system.

• If each contractor individually guarantees that module’s linearizability …

• Then your entire system is linearizable.• Do not take this property for granted!


144

Linearizability

• Each method should– “Take effect”– Instantaneously– Between invocation and response

events


145

Sequential Consistency

• Each method should– “Take effect”– Instantaneously– In program order.


146


• No need to preserve real-time order– Cannot re-order same-thread operations– Can re-order different-thread operations

all you want

• Often used to describe multiprocessor memory architectures


147

Composability

• Sequential consistency is not composable.

• Composing sequentially-consistent modules does not guarantee a sequentially consistent system.

• Sequential consistency is useful, but maybe not for software.


148

FIFO Queue Example

time

p.enq(x) p.deq(y)q.enq(x)

q.enq(y) q.deq(x)p.enq(y)

History H

time


149

H|p Sequentially Consistent

time

p.enq(x) p.deq(y)

p.enq(y)

q.enq(x)

q.enq(y) q.deq(x)

time


150

H|q Sequentially Consistent

time



time


151

Ordering imposed by p

time



time


152

Ordering imposed by q

time



time


153

p.enq(x)

Ordering imposed by both

time

q.enq(x)

q.enq(y) q.deq(x)

time

p.deq(y)

p.enq(y)


154

p.enq(x)

Combining orders

time

q.enq(x)

q.enq(y) q.deq(x)

time

p.deq(y)

p.enq(y)


155

Fact

• Most hardware architectures don’t support sequential consistency

• Because they think it’s too strong• Here’s another story …


156

The Flag Example

time

x.write(1) y.read(0)

y.write(1) x.read(0)

time


157

The Flag Example

time



• Each thread’s view is sequentially consistent– It went first


158

The Flag Example

time



• Entire history isn’t sequentially consistent– Can’t both go first


159

The Flag Example

time



• Is this behavior really so wrong?– We can argue either way …


160

Opinion1: It’s Wrong

• This pattern– Write mine, read yours

• Is exactly the flag principle– Beloved of Alice and Bob– Heart of mutual exclusion

• Peterson• Bakery, etc.

• It’s non-negotiable!


161

Opinion2: But It Feels So Right …

• Many hardware architects think that sequential consistency is too strong

• Too expensive to implement in modern hardware

• OK if flag principle– violated by default– Honored by explicit request


162

Memory Hierarchy

• On modern multiprocessors, processors do not read and write directly to memory.

• Memory accesses are very slow compared to processor speeds,

• Instead, each processor reads and writes directly to a cache


163

Memory Operations

• To read a memory location,– load data into cache.

• To write a memory location– update cached copy,– Lazily write cached data back to

memory


164

While Writing to Memory

• A processor can execute hundreds, or even thousands of instructions

• Why delay on every memory write?

• Instead, write back in parallel with rest of the program.


165

Revisionist History

• Flag violation history is actually OK– processors delay writing to memory– Until after reads have been issued.

• Otherwise unacceptable delay between read and write instructions.

• Who knew you wanted to synchronize?


166

Memory Hierarchy

• Writing to memory = mailing a letter

• Most of the time,– No need to wait at the post office

• If you want to synchronize– Announce it explicitly– Pay for it only when you need it


167

Explicit Synchronization

• Memory barrier instruction– Flush unwritten caches– Bring caches up to date

• Compilers often do this for you– Entering and leaving critical sections

• Expensive


168

Volatile

• In Java, can ask compiler to keep a variable up-to-date with volatile keyword

• Also inhibits reordering, removing from loops, & other “optimizations”

• Stay tuned …


169


• Not composable• Harder to work with• Good way to think about hardware

models

Summary

• Linearizability is the gold standard for software object correctness– Non-blocking– Composable

• Not always what you want– But it’s the condition you’re not

satisfying …


171

This work is licensed under a Creative Commons Attribution-ShareAlike 2.5 License.

• You are free:– to Share — to copy, distribute and transmit the work – to Remix — to adapt the work

• Under the following conditions:– Attribution. You must attribute the work to “The Art of

Multiprocessor Programming” (but not in any way that suggests that the authors endorse you or your use of the work).

– Share Alike. If you alter, transform, or build upon this work, you may distribute the resulting work only under the same, similar or a compatible license.

• For any reuse or distribution, you must make clear to others the license terms of this work. The best way to do this is with a link to– http://creativecommons.org/licenses/by-sa/3.0/.

• Any of the above conditions can be waived if you get permission from the copyright holder.

• Nothing in this license impairs or restricts the author's moral rights.

http://creativecommons.org/licenses/by-sa/2.5/





Documents

Concurrent Objects MIT 6.05s by Maurice Herlihy & Nir Shavit