DOCSLIB.ORG

Shared Objects & Mutual Exclusion

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Shared Objects & Mutual Exclusion Chapter 4 Shared Objects & Mutual Exclusion Shared Objects & Concepts: process interference. Mutual Exclusion mutual exclusion and locks. Models: model checking for interference modelling mutual exclusion Practice: thread interference in shared Java objects mutual exclusion in Java (synchronized objects/methods). 1 2 2015 Concurrency: shared objects & mutual exclusion ©Magee/Kramer 2nd Edition 2015 Concurrency: shared objects & mutual exclusion ©Magee/Kramer 2nd Edition A Concert Hall Booking System Concert Hall Booking System const False = 0 A central computer connected to remote terminals via communication links const True = 1 is used to automate seat reservations for a concert hall. range Bool = False..True To book a seat, a client chooses a free seat and the clerk enters the number SEAT = SEAT[False], of the chosen seat at the terminal and issues a ticket, if it is free. SEAT[reserved:Bool] = ( when (!reserved) reserve -> SEAT[True] A system is required which avoids double bookings of the same seat whilst | query[reserved] -> SEAT[reserved] allowing clients free choice of the available seats. | when (reserved) reserve -> ERROR //error of reserved twice Construct an abstract model of the system and demonstrate that your model does ). not permit double bookings. Like STOP, ERROR range Seats = 1..2 is a predefined FSP ||SEATS = (seat[Seats]:SEAT). local process (state), numbered -1 in the 3 equivalent LTS. 4 2015 Concurrency: shared objects & mutual exclusion ©Magee/Kramer 2nd Edition 2015 Concurrency: shared objects & mutual exclusion ©Magee/Kramer 2nd Edition Concert Hall Booking System Concert Hall Booking System – no interference? LOCK = (acquire -> release -> LOCK). TERMINAL = (choose[s:Seats] //lock for the booking system -> seat[s].query[reserved:Bool] -> if (!reserved) then TERMINAL = (choose[s:Seats] -> acquire (seat[s].reserve -> TERMINAL) -> seat[s].query[reserved:Bool] else -> if (!reserved) then TERMINAL (seat[s].reserve -> release-> TERMINAL) ). else (release -> TERMINAL) set Terminals = {a,b} ). ||CONCERT = ( Terminals:TERMINAL || Terminals::SEATS ). set Terminals = {a,b} ||CONCERT = (Terminals:TERMINAL || Terminals::SEATS Does this system allow double booking of a seat? || Terminals::LOCK). 5 Would locking at the seat level permit more concurrency? 6 2015 Concurrency: shared objects & mutual exclusion ©Magee/Kramer 2nd Edition 2015 Concurrency: shared objects & mutual exclusion ©Magee/Kramer 2nd Edition 4.1 Interference ornamental garden Program - class diagram Ornamental garden problem: Apple t Thread People enter an ornamental garden through either of two turnstiles. Management wish to know how many are in the garden east,west Turnstile people Counter at any time. Garden Garden init() run() increment() go() eastD, display display West people East westD, NumberCanvas counterD Turnstile Turnstile setvalue() The Turnstile thread simulates the periodic arrival of a visitor to The concurrent program consists of two concurrent threads and a the garden every second by sleeping for a second and then invoking shared counter object. the increment() method of the counter object. 7 8 2015 Concurrency: shared objects & mutual exclusion ©Magee/Kramer 2nd Edition 2015 Concurrency: shared objects & mutual exclusion ©Magee/Kramer 2nd Edition ornamental garden program Turnstile class The Counter object and Turnstile threads are created by the class Turnstile extends Thread { NumberCanvas display; go() method of the Garden applet: Counter people; The run() private void go() { Turnstile(NumberCanvas n,Counter c) method exits counter = new Counter(counterD); { display = n; people = c; } and the thread terminates after west = new Turnstile(westD,counter); public void run() { Garden.MAX east = new Turnstile(eastD,counter); try{ visitors have west.start(); display.setvalue(0); entered. east.start(); for (int i=1;i<=Garden.MAX;i++){ Thread.sleep(500); //0.5 second between arrivals } display.setvalue(i); people.increment(); Note that counterD, westD and eastD are objects of } NumberCanvas used in chapter 2. } catch (InterruptedException e) {} } 9 } 10 2015 Concurrency: shared objects & mutual exclusion ©Magee/Kramer 2nd Edition 2015 Concurrency: shared objects & mutual exclusion ©Magee/Kramer 2nd Edition Counter class ornamental garden program - display class Counter { int value=0; NumberCanvas display; Counter(NumberCanvas n) { Hardware interrupts can occur display=n; at arbitrary times. display.setvalue(value); } The counter simulates a hardware interrupt during an void increment() { increment(), between int temp = value; //read value reading and writing to the Simulate.HWinterrupt(); shared counter value. value=temp+1; //write value Interrupt randomly calls After the East and West turnstile threads have each incremented display.setvalue(value); Thread.sleep() to force its counter 20 times, the garden people counter is not the sum } a thread switch. of the counts displayed. Counter increments have been lost. } Why? 11 12 2015 Concurrency: shared objects & mutual exclusion ©Magee/Kramer 2nd Edition 2015 Concurrency: shared objects & mutual exclusion ©Magee/Kramer 2nd Edition concurrent method activation ornamental garden Model go Java method activations are not atomic - thread objects east go end GARDEN and west may be executing the code for the increment method end arrive at the same time. value east: value:VAR TURNSTILE display read go west write shared code east end PC arrive value PC increment: west: program TURNSTILE counter program read value counter Process VAR models read and write access to the shared counter value. write value + 1 Increment is modeled inside TURNSTILE since Java method activations are not atomic i.e. thread objects east and west may interleave their read and write actions. 13 14 2015 Concurrency: shared objects & mutual exclusion ©Magee/Kramer 2nd Edition 2015 Concurrency: shared objects & mutual exclusion ©Magee/Kramer 2nd Edition ornamental garden model checking for errors - animation const N = 4 range T = 0..N The alphabet of shared Scenario checking - set VarAlpha = { value.{read[T],write[T]} } process VAR is declared use animation to explicitly as a set produce a trace. VAR = VAR[0], constant, VarAlpha. VAR[u:T] = (read[u] ->VAR[u] |write[v:T]->VAR[v]). The TURNSTILE TURNSTILE = (go -> RUN), alphabet is extended Is this trace RUN = (arrive-> INCREMENT with VarAlpha to correct? |end -> TURNSTILE), ensure no unintended INCREMENT = (value.read[x:T] free (autonomous) -> value.write[x+1]->RUN )+VarAlpha. actions in VAR such as value.write[0]. ||GARDEN = (east:TURNSTILE || west:TURNSTILE || { east,west,display}::value:VAR) All actions in the /{ go /{ east,west} .go, shared must be end/{ east,west} .end} . VAR controlled (shared) by 15 16 2015 Concurrency: shared objects & mutual exclusion a TURNSTILE©Magee/Kramer 2nd Edition. 2015 Concurrency: shared objects & mutual exclusion ©Magee/Kramer 2nd Edition checking for errors - exhaustive analysis ornamental garden model - checking for errors Exhaustive checking - compose the model with a TEST process which ||TESTGARDEN = (GARDEN || TEST). sums the arrivals and checks against the display value: Use LTSA to perform an exhaustive search for ERROR. Trace to property violation in TEST: TEST = TEST[0], go TEST[v:T] = east.arrive (when (v<N){east.arrive,west.arrive}->TEST[v+1] east.value.read.0 |end->CHECK[v] west.arrive ), west.value.read.0 CHECK[v:T] = Like STOP, ERROR east.value.write.1 LTSA produces the (display.value.read[u:T] -> is a predefined FSP west.value.write.1 shortest path to (when (u==v) right -> TEST[v] local process (state), end reach ERROR. |when (u!=v) wrong -> ERROR numbered -1 in the display.value.read.1 ) equivalent LTS. wrong )+{display.VarAlpha}. 17 18 2015 Concurrency: shared objects & mutual exclusion ©Magee/Kramer 2nd Edition 2015 Concurrency: shared objects & mutual exclusion ©Magee/Kramer 2nd Edition Interference and Mutual Exclusion (mutex) 4.2 Mutual exclusion in Java Concurrent activations of a method in Java can be made Destructive update, caused by the arbitrary interleaving of mutually exclusive by prefixing the method with the keyword read and write actions, is termed interference. synchronized, which uses a lock on the object. We correct COUNTER class by deriving a class from it and making the increment method synchronized: Interference bugs are extremely difficult to locate. The class SynchronizedCounter extends Counter { general solution is to give methods mutually exclusive access to shared objects. Mutual exclusion (often referred SynchronizedCounter(NumberCanvas n) acquire {super(n);} lock to as “mutex”)can be modeled as atomic actions. synchronized void increment() { super.increment(); release } lock } 19 20 2015 Concurrency: shared objects & mutual exclusion ©Magee/Kramer 2nd Edition 2015 Concurrency: shared objects & mutual exclusion ©Magee/Kramer 2nd Edition mutual exclusion - the ornamental garden Java synchronized statement Access to an object may also be made mutually exclusive by using the synchronized statement: synchronized (object) { statements } A less elegant way to correct the example would be to modify the Turnstile.run() method: synchronized(people) {people.increment();} Why is this less elegant? Java associates a lock with every object. The Java compiler inserts code to acquire the lock before executing the body of the synchronized method and code to release the lock before the To ensure mutually exclusive access to an object, method returns. Concurrent threads are blocked until the lock is all object methods
Load more

Recommended publications
  • Multithreading (Concurrency) in Java “Some People, When Confronted
    Multithreading (Concurrency) in Java “Some people, when confronted with a problem, think, "I know, I’ll use threads," and then two they hav erpoblesms.” — Ned Batchelder Multi-tasking In the beginning, computers ran in batch mode: a single program with total access to all resources. Later, a multi-tasking operating system enabled multiple (independent) jobs to run (more or less) simultaneously, even though there was only a single CPU. The jobs take turns running some of their code at one time. This type of interleaving of jobs is called concurrency. Multitasking is performing two or more tasks (or jobs) at roughly the same time. Nearly all operating systems are capable of multitasking by using one of two multitasking techniques: process-based multitasking and thread-based multitasking. Each running job was (and sometimes still is) called a process, which has state (a collection of data and handles to system resources such as files and devices) and a single sequence of instructions. It turns out that many tasks are easier to write, debug, and manage if organized as multiple copies of a process (e.g., a web server). Processes are sometimes called tasks, threads, or jobs. (Although there are some distinctions between these concepts, we will ignore them for now.) Time slice, (context) switching, and scheduling are operating system (“OS”) terms related to multi-tasking. The amount of time a task is allowed to use the CPU exclusively is called a time slice, typically 10ms (a hundredth of a second) but can vary depending on your OS and other factors from 1ms to more than 120ms.
    [Show full text]
  • Actor-Based Concurrency by Srinivas Panchapakesan
    Concurrency in Java and Actor- based concurrency using Scala By, Srinivas Panchapakesan Concurrency Concurrent computing is a form of computing in which programs are designed as collections of interacting computational processes that may be executed in parallel. Concurrent programs can be executed sequentially on a single processor by interleaving the execution steps of each computational process, or executed in parallel by assigning each computational process to one of a set of processors that may be close or distributed across a network. The main challenges in designing concurrent programs are ensuring the correct sequencing of the interactions or communications between different computational processes, and coordinating access to resources that are shared among processes. Advantages of Concurrency Almost every computer nowadays has several CPU's or several cores within one CPU. The ability to leverage theses multi-cores can be the key for a successful high-volume application. Increased application throughput - parallel execution of a concurrent program allows the number of tasks completed in certain time period to increase. High responsiveness for input/output-intensive applications mostly wait for input or output operations to complete. Concurrent programming allows the time that would be spent waiting to be used for another task. More appropriate program structure - some problems and problem domains are well-suited to representation as concurrent tasks or processes. Process vs Threads Process: A process runs independently and isolated of other processes. It cannot directly access shared data in other processes. The resources of the process are allocated to it via the operating system, e.g. memory and CPU time. Threads: Threads are so called lightweight processes which have their own call stack but an access shared data.
    [Show full text]
  • Sec9on 6: Mutual Exclusion
    Sec$on 6: Mutual Exclusion Michelle Ku5el [email protected] Toward sharing resources (memory) Have been studying parallel algorithms using fork- join – Lower span via parallel tasks Algorithms all had a very simple structure to avoid race condi$ons – Each thread had memory “only it accessed” • Example: array sub-range – On fork, “loaned” some of its memory to “forkee” and did not access that memory again un$l aer join on the “forkee” slide adapted from: Sophomoric Parallelism & 2 Concurrency, Lecture 4 Toward sharing resources (memory) Strategy won’t work well when: – Memory accessed by threads is overlapping or unpredictable – Threads are doing independent tasks needing access to same resources (rather than implemen$ng the same algorithm) slide adapted from: Sophomoric Parallelism & 3 Concurrency, Lecture 4 Race Condi$ons A race condi*on is a bug in a program where the output and/or result of the process is unexpectedly and cri$cally dependent on the relave sequence or $ming of other events. The idea is that the events race each other to influence the output first. Examples Mul$ple threads: 1. Processing different bank-account operaons – What if 2 threads change the same account at the same $me? 2. Using a shared cache (e.g., hashtable) of recent files – What if 2 threads insert the same file at the same $me? 3. Creang a pipeline (think assembly line) with a queue for handing work to next thread in sequence? – What if enqueuer and dequeuer adjust a circular array queue at the same $me? Sophomoric Parallelism & 5 Concurrency, Lecture 4 Concurrent
    [Show full text]
  • Java Concurrency Framework by Sidartha Gracias
    Java Concurrency Framework Sidartha Gracias Executive Summary • This is a beginners introduction to the java concurrency framework • Some familiarity with concurrent programs is assumed – However the presentation does go through a quick background on concurrency – So readers unfamiliar with concurrent programming should still get something out of this • The structure of the presentation is as follows – A brief history into concurrent programming is provided – Issues in concurrent programming are explored – The framework structure with all its major components are covered in some detail – Examples are provided for each major section to reinforce some of the major ideas Concurrency in Java - Overview • Java like most other languages supports concurrency through thread – The JVM creates the Initial thread, which begins execution from main – The main method can then spawn additional threads Thread Basics • All modern OS support the idea of processes – independently running programs that are isolated from each other • Thread can be thought of as light weight processes – Like processes they have independent program counters, call stacks etc – Unlike Processes they share main memory, file pointers and other process state – This means thread are easier for the OS to maintain and switch between – This also means we need to synchronize threads for access to shared resources Threads Continued… • So why use threads ? – Multi CPU systems: Most modern systems host multiple CPU’s, by splitting execution between them we can greatly speed up execution – Handling Asynchronous Events: Servers handle multiple clients. Processing each client is best done through a separate thread, because the Server blocks until a new message is received – UI or event driven Processing: event handlers that respond to user input are best handled through separate threads, this makes code easier to write and understand Synchronization Primitives in Java • How does the java language handle synchronization – Concurrent execution is supported through the Thread class.
    [Show full text]
  • Java Concurrency in Practice
    Java Concurrency in practice Chapters: 1,2, 3 & 4 Bjørn Christian Sebak ([email protected]) Karianne Berg ([email protected]) INF329 – Spring 2007 Chapter 1 - Introduction Brief history of concurrency Before OS, a computer executed a single program from start to finnish But running a single program at a time is an inefficient use of computer hardware Therefore all modern OS run multiple programs (in seperate processes) Brief history of concurrency (2) Factors for running multiple processes: Resource utilization: While one program waits for I/O, why not let another program run and avoid wasting CPU cycles? Fairness: Multiple users/programs might have equal claim of the computers resources. Avoid having single large programs „hog“ the machine. Convenience: Often desirable to create smaller programs that perform a single task (and coordinate them), than to have one large program that do ALL the tasks What is a thread? A „lightweight process“ - each process can have many threads Threads allow multiple streams of program flow to coexits in a single process. While a thread share process-wide resources like memory and files with other threads, they all have their own program counter, stack and local variables Benefits of threads 1) Exploiting multiple processors 2) Simplicity of modeling 3) Simplified handling of asynchronous events 4) More responsive user interfaces Benefits of threads (2) Exploiting multiple processors The processor industry is currently focusing on increasing number of cores on a single CPU rather than increasing clock speed. Well-designed programs with multiple threads can execute simultaneously on multiple processors, increasing resource utilization.
    [Show full text]
  • Java Concurrency in Practice
    Advance praise for Java Concurrency in Practice I was fortunate indeed to have worked with a fantastic team on the design and implementation of the concurrency features added to the Java platform in Java 5.0 and Java 6. Now this same team provides the best explanation yet of these new features, and of concurrency in general. Concurrency is no longer a subject for advanced users only. Every Java developer should read this book. —Martin Buchholz JDK Concurrency Czar, Sun Microsystems For the past 30 years, computer performance has been driven by Moore’s Law; from now on, it will be driven by Amdahl’s Law. Writing code that effectively exploits multiple processors can be very challenging. Java Concurrency in Practice provides you with the concepts and techniques needed to write safe and scalable Java programs for today’s—and tomorrow’s—systems. —Doron Rajwan Research Scientist, Intel Corp This is the book you need if you’re writing—or designing, or debugging, or main- taining, or contemplating—multithreaded Java programs. If you’ve ever had to synchronize a method and you weren’t sure why, you owe it to yourself and your users to read this book, cover to cover. —Ted Neward Author of Effective Enterprise Java Brian addresses the fundamental issues and complexities of concurrency with uncommon clarity. This book is a must-read for anyone who uses threads and cares about performance. —Kirk Pepperdine CTO, JavaPerformanceTuning.com This book covers a very deep and subtle topic in a very clear and concise way, making it the perfect Java Concurrency reference manual.
    [Show full text]
  • Testing Atomicity of Composed Concurrent Operations
    Testing Atomicity of Composed Concurrent Operations Ohad Shacham Nathan Bronson Alex Aiken Tel Aviv University Stanford University Stanford University [email protected] [email protected] [email protected] Mooly Sagiv Martin Vechev Eran Yahav ∗ Tel Aviv University ETH Zurich and IBM Research Technion [email protected] [email protected] [email protected] Abstract 1. Introduction We address the problem of testing atomicity of composed Concurrent data structures are becoming critical components concurrent operations. Concurrent libraries help program- of many systems [27] but are notoriously hard to get right mers exploit parallel hardware by providing scalable concur- (e.g., [11]). To shield programmers from the complexity of rent operations with the illusion that each operation is exe- concurrent data structures, modern languages hide their im- cuted atomically. However, client code often needs to com- plementations in libraries (e.g., [1, 3, 19]). Data structures pose atomic operations in such a way that the resulting com- provided by the library usually guarantee that their opera- posite operation is also atomic while preserving scalability. tions are atomic. That is, every individual operation appears We present a novel technique for testing the atomicity of to take place instantaneously at some point between its invo- client code composing scalable concurrent operations. The cation and its return, and the implementation details of the challenge in testing this kind of client code is that a bug may operation can be ignored by the programmer. occur very rarely and only on a particular interleaving with a specific thread configuration.
    [Show full text]
  • Verifying a Compiler for Java Threads*
    Verifying a Compiler for Java Threads? Andreas Lochbihler Karlsruher Institut f¨urTechnologie (KIT), Karlsruhe, Germany [email protected] Abstract. A verified compiler is an integral part of every security infra- structure. Previous work has come up with formal semantics for sequen- tial and concurrent variants of Java and has proven the correctness of compilers for the sequential part. This paper presents a rigorous formal- isation (in the proof assistant Isabelle/HOL) of concurrent Java source and byte code together with an executable compiler and its correctness proof. It guarantees that the generated byte code shows exactly the same observable behaviour as the semantics for the multithreaded source code. 1 Introduction In a recent \research highlights" article in CACM [14], the CompCert C compiler [13] by Leroy was praised as follows: \I think we are on the verge of a new paradigm for safety-critical systems, where we rely upon formal, machine checked verification, instead of human audits. Leroy's compiler is an impressive step toward this goal." And indeed, Leroy's work can be seen as a door opener, in particular because his verification includes various optimisations and generates assembler code for a real machine. However, concurrent programs call for formal methods even louder, because many bugs show up only in some interleavings of the threads' executions, which makes the bugs nearly impossible to find and reproduce. But so far, nobody has ever never included the compilation of thread primitives and multithreaded (imperative) programs. In this paper, we present a compiler from a substantial subset of multi- threaded Java source code to byte code and show semantic preservation w.r.t.
    [Show full text]
  • Concurrent Programming in Java Examples
    Concurrent Programming In Java Examples Sully usually wisps irremovably or pull-out familiarly when unmasculine Pattie justifying alway and amorally. Anapaestic and fou Jens sizes so presumptively that Edmond expects his perfecter. Telegenic Nicolas collude slantly while Carlton always miniaturise his snib arrives loose, he lightens so adumbratively. Coding standards encourage programmers to cloud a uniform set of guidelines determined purchase the requirements of team project and organization, rather be by the programmerfamiliarity or preference. Interacting with concurrency programming and program and is not. Note round the subclass initialization consists of obtaining an alter of the default logger. What java concurrency is similar to show there are strictly deterministic system and example starts the graph, and is no more responsive graphical user actions. As how to each other thread is organized as its class are instantiated with dennard scaling this lecture, message passing is threadsafe; each lambda expressions. This example programs that concurrency also necessary for reducing lock on the examples cover their actors. The java compiler is pot of the parameter types so you can enclose them burn well. List of tutorials that help perhaps learn multi-threading concurrency programming with Java. Hence, wire a programmer, the ability to write code in parallel environments is a critical skill. In java program has to. Into the ist of erialization yths. Concurrent programming with really simple server Code Review. Once a java examples throughout help either. To chart a class immutable define the class and celebrate its fields as final. Because jdbc connections, such as incrementing a pipeline, prevented from colliding.
    [Show full text]
  • Investigating Different Concurrency Mechanisms in Java Master Thesis
    View metadata, citation and similar papers at core.ac.uk brought to you by CORE provided by NORA - Norwegian Open Research Archives UNIVERSITY OF OSLO Department of Informatics Investigating Different Concurrency Mechanisms in Java Master thesis Petter Andersen Busterud August 2012 Abstract With the continual growth in number of cores on the Central Processing Unit (CPU), developers will need to focus more and more on concurrent programming to get the desired performance boost that in the past have come logically with the increased clock-rate. Today there are numerous of different libraries and mechanisms for synchronization and parallelization in Java, and in this thesis we will attempt to test the efficiency and run time of two different types of sorting algorithms on machines with multi-core processors using the concurrent tools provided by Java. We will also be looking into the overhead that occur by using the various mechanisms, to help establish the correlations between the mechanisms overhead and performance gain. i ii Acknowledgement This thesis concludes my Master’s Degree in Informatics: Programming and Networks with the Department of Informatics at the University of Oslo. It has been a long and different, but positive experience. First I want to thank my supervisor Arne Maus, who offered me this thesis and have been providing valuable feedback along the way. I also like to thank my friends and family who has been patient with me all these years, and the support and encouragement they given me throughout this period. University of Oslo, August 2012 Petter Andersen Busterud iii iv Contents 1 Introduction 1 1.1 Background .
    [Show full text]
  • A Comparison of the Concurrency Features of Ada 95 and Java Benjamin M
    A Comparison of the Concurrency Features of Ada 95 and Java Benjamin M. Brosgol Aonix 200 Wheeler Road Burlington, MA 01803 USA +1.781.221.7317 (Phone) +1.781.270.6882 (FAX) [email protected] 1. ABSTRACT 2. INTRODUCTION Ada [1] and Java [2] [3] are unusual in providing direct Both Ada and Java support concurrent pro- language support for concurrency: the task in Ada and the gramming, but through quite different thread in Java. Although they offer roughly equivalent functionality – the ability to define units of concurrent approaches. Ada has built-in tasking features execution and to control mutual exclusion, synchron- with concurrency semantics, independent of ization, communication, and timing – the two languages have some major differences. This paper compares and the language’s OOP model, whereas Java’s contrasts the concurrency-related facilities in Ada and Java, thread support is based on special execution focusing on their expressive power, support for sound software engineering, and performance. properties of methods in several predefined A brief comparison of concurrency support in Ada and Java classes. Ada achieves mutual exclusion may be found in [4]; this paper extends those results. A through protected objects with encapsulated comprehensive discussion of Ada tasking appears in [5]; components; Java relies on the classical references targeting Java concurrency include [6] and [7]. The term “concurrent” is used here to mean “potentially “monitor” construct with “synchronized” parallel.” Issues related to multiprocessor environments or methods. Ada models condition-based distributed systems are beyond the scope of this paper. synchronization and communication through Section 3 summarizes the Java language and technology.
    [Show full text]
  • Model Checking of Linearizability of Concurrent List Implementations*
    Model Checking of Linearizability of Concurrent List Implementations! Pavol Cern´yˇ 1, Arjun Radhakrishna1, Damien Zufferey1, Swarat Chaudhuri2, and Rajeev Alur3 1 IST Austria 2 Pennsylvania State University 3 University of Pennsylvania Abstract. Concurrent data structures with fine-grained synchroniza- tion are notoriously difficult to implement correctly. The difficulty of reasoning about these implementations does not stem from the number of variables or the program size, but rather from the large number of pos- sible interleavings. These implementations are therefore prime candidates for model checking. We introduce an algorithm for verifying linearizabil- ity of singly-linked heap-based concurrent data structures. We consider a model consisting of an unbounded heap where each vertex stores an element from an unbounded data domain, with a restricted set of oper- ations for testing and updating pointers and data elements. Our main result is that linearizability is decidable for programs that invoke a fixed number of methods, possibly in parallel. This decidable fragment covers many of the common implementation techniques — fine-grained locking, lazy synchronization, and lock-free synchronization. We also show how the technique can be used to verify optimistic implementations with the help of programmer annotations. We developed a verification tool CoLT and evaluated it on a representative sample of Java implementations of the concurrent set data structure. The tool verified linearizability of a number of implementations, found a known error in a lock-free imple- mentation and proved that the corrected version is linearizable. 1 Introduction Concurrency libraries such as the java.util.concurrent package JSR-166 [13] or the Intel Threading Building Blocks support the development of efficient multi- threaded programs by providing concurrent data structures, that is, concurrent implementations of familiar data abstractions such as queues, sets, and stacks.
    [Show full text]