Is Parallel Programming Hard, And, If So, What Can You Do About It?

More documents

Recommendations

Info

$TeX op Mac OS X, met teTeX en TeXShop - Nluug$

254 APPENDIX E. FORMAL VERIFICATION4. Therefore, at any given point in time, either oneof the counters will be at least 2, or both of thecounters will be at least one.5. However, the synchronize_qrcu() fastpathcodecanreadonlyoneofthecountersatagiventime. <strong>It</strong> is therefore possible for the fastpathcode to fetch the first counter while zero, butto race with a counter flip so that the secondcounter is seen as one.6. There can be at most one reader persistingthrough such a race condition, as otherwise thesumwouldbetwoorgreater, whichwouldcausethe updater to take the slowpath.7. Butiftheraceoccursonthefastpath’sfirstreadof the counters, and then again on its secondread, there have to have been two counter flips.8. Because a given updater flips the counter onlyonce, and because the update-side lock preventsapairofupdatersfromconcurrentlyflippingthecounters, the only way that the fastpath codecan race with a flip twice is if the first updatercompletes.9. But the first updater will not complete untilafter all pre-existing readers have completed.10. Therefore, if the fastpath races with a counterflip twice in succession, all pre-existing readersmust have completed, so that it is safe to takethe fastpath.Of course, not all parallel algorithms have suchsimple proofs. In such cases, it may be necessary toenlist more capable tools.E.6.4 Alternative Approach: MoreCapable ToolsAlthough Promela and Spin are quite useful, muchmorecapabletoolsareavailable, particularlyforverifyinghardware. This means that if it is possibleto translate your algorithm to the hardware-designVHDL language, as it often will be for low-level parallelalgorithms, then it is possible to apply thesetools to your code (for example, this was done forthe first realtime RCU algorithm). However, suchtools can be quite expensive.Although the advent of commodity multiprocessingmight eventually result in powerful freesoftwaremodel-checkers featuring fancy state-spacereductioncapabilities,thisdoesnothelpmuchinthehere and now.As an aside, there are Spin features that supportapproximate searches that require fixed amounts ofmemory, however, I have never been able to bringmyself to trust approximations when verifying parallelalgorithms.Anotherapproachmightbetodivideandconquer.E.6.5 Alternative Approach: Divideand Conquer<strong>It</strong> is often possible to break down a larger parallelalgorithm into smaller pieces, which can then beproven separately. For example, a 10-billion-statemodel might be broken into a pair of 100,000-statemodels. Taking this approach not only makes iteasier for tools such as Promela to verify your algorithms,it can also make your algorithms easier tounderstand.E.7 Promela Parable: dynticksand Preemptable RCUIn early 2008, a preemptable variant of RCU wasaccepted into mainline Linux in support of realtimeworkloads, a variant similar to the RCU implementationsin the -rt patchset [Mol05] since August2005. Preemptable RCU is needed for real-timeworkloads because older RCU implementations disablepreemption across RCU read-side critical sections,resulting in excessive real-time latencies.However, one disadvantage of the older -rt implementation(described in Appendix D.4) was thateach grace period requires work to be done on eachCPU, even if that CPU is in a low-power “dynticksidle”state, and thus incapable of executing RCUread-side critical sections. The idea behind thedynticks-idle state is that idle CPUs should be physicallypowered down in order to conserve energy.In short, preemptable RCU can disable a valuableenergy-conservation feature of recent Linux kernels.Although JoshTriplett andPaulMcKenneyhaddiscussedsomeapproachesforallowingCPUstoremainin low-power state throughout an RCU grace period(thus preserving the Linux kernel’s ability to conserveenergy), matters did not come to a head untilSteve Rostedt integrated a new dyntick implementationwith preemptable RCU in the -rt patchset.This combination caused one of Steve’s systemsto hang on boot, so in October, Paul codedup a dynticks-friendly modification to preemptableRCU’s grace-period processing. Steve coded uprcu_irq_enter() and rcu_irq_exit() interfaces
E.7. PROMELA PARABLE: DYNTICKS AND PREEMPTABLE RCU 255called from the irq_enter() and irq_exit() interruptentry/exit functions. These rcu_irq_enter()and rcu_irq_exit() functions are needed to allowRCU to reliably handle situations where a dynticksidleCPUs is momentarily powered up for an interrupthandler containing RCU read-side critical sections.With these changes in place, Steve’s systembooted reliably, but Paul continued inspecting thecode periodically on the assumption that we couldnot possibly have gotten the code right on the firsttry.Paul reviewed the code repeatedly from October2007 to February 2008, and almost always found atleast one bug. In one case, Paul even coded andtestedafixbeforerealizingthatthebugwasillusory,and in fact in all cases, the “bug” turned out to beillusory.Near the end of February, Paul grew tired ofthis game. He therefore decided to enlist the aidof Promela and spin [Hol03], as described in AppendixE.ThefollowingpresentsaseriesofsevenincreasinglyrealisticPromelamodels,thelastofwhichpasses, consuming about 40GB of main memory forthe state space.More important, Promela and Spin did find a verysubtle bug for me!!!Quick Quiz E.6: Yeah, that’s great!!! Now, justwhat am I supposed to do if I don’t happen to havea machine with 40GB of main memory???Still better would be to come up with a simplerand faster algorithm that has a smaller state space.Even better would be an algorithm so simple thatits correctness was obvious to the casual observer!Section E.7.1 gives an overview of preemptableRCU’s dynticks interface, Section E.7.2, and SectionE.7.3 lists lessons (re)learned during this effort.E.7.1 Introduction to PreemptableRCU and dynticksThe per-CPU dynticks_progress_counter variableis central to the interface between dynticks andpreemptable RCU. This variable has an even valuewhenever the corresponding CPU is in dynticks-idlemode, and an odd value otherwise. A CPU exitsdynticks-idle mode for the following three reasons:1. to start running a task,2. when entering the outermost of a possiblynested set of interrupt handlers, and3. when entering an NMI handler.Preemptable RCU’s grace-period machinery samplesthe value of the dynticks_progress_countervariable in order to determine when a dynticks-idleCPU may safely be ignored.The following three sections give an overview ofthe task interface, the interrupt/NMI interface, andthe use of the dynticks_progress_counter variableby the grace-period machinery.E.7.1.1 Task InterfaceWhen a given CPU enters dynticks-idle mode becauseit has no more tasks to run, it invokes rcu_enter_nohz():1 static inline void rcu_enter_nohz(void)2 {3 mb();4 __get_cpu_var(dynticks_progress_counter)++;5 WARN_ON(__get_cpu_var(dynticks_progress_counter) & 0x1);6 }This function simply increments dynticks_progress_counter and checks that the result iseven, but first executing a memory barrier to ensurethat any other CPU that sees the new value ofdynticks_progress_counter will also see the completionof any prior RCU read-side critical sections.Similarly, when a CPU that is in dynticks-idlemode prepares to start executing a newly runnabletask, it invokes rcu_exit_nohz:1 static inline void rcu_exit_nohz(void)2 {3 __get_cpu_var(dynticks_progress_counter)++;4 mb();5 WARN_ON(!(__get_cpu_var(dynticks_progress_counter) &6 0x1));7 }This function again increments dynticks_progress_counter, but follows it with a memorybarrier to ensure that if any other CPU sees theresult of any subsequent RCU read-side criticalsection, then that other CPU will also see the incrementedvalue of dynticks_progress_counter.Finally, rcu_exit_nohz() checks that the result ofthe increment is an odd value.The rcu_enter_nohz() and rcu_exit_nohzfunctions handle the case where a CPU enters andexits dynticks-idle mode due to task execution, butdoes not handle interrupts, which are covered in thefollowing section.E.7.1.2 Interrupt InterfaceThe rcu_irq_enter() and rcu_irq_exit() functionshandle interrupt/NMI entry and exit, respectively.Of course, nested interrupts must also beproperly accounted for. The possibility of nestedinterrupts is handled by a second per-CPU variable,rcu_update_flag, which is incremented upon
Page 1 and 2:
Is Parallel Programming Hard, And,
Page 3 and 4:
Contents1 Introduction 11.1 Histori
Page 5 and 6:
CONTENTSv6 Locking 676.1 Staying Al
Page 7 and 8:
CONTENTSviiB Synchronization Primit
Page 9 and 10:
CONTENTSixE.7.1 Introduction to Pre
Page 11 and 12:
PrefaceThe purpose of this book is
Page 13 and 14:
Chapter 1IntroductionParallel progr
Page 15 and 16:
1.2. PARALLEL PROGRAMMING GOALS 3CP
Page 17 and 18:
1.3. ALTERNATIVES TO PARALLEL PROGR
Page 19 and 20:
1.4. WHAT MAKES PARALLEL PROGRAMMIN
Page 21 and 22:
1.5. GUIDE TO THIS BOOK 9other hand
Page 23 and 24:
Chapter 2Hardware and its HabitsMos
Page 25:
2.1. OVERVIEW 13Therefore, as shown
Page 28 and 29:
16 CHAPTER 2. HARDWARE AND ITS HABI
Page 30 and 31:
18 CHAPTER 2. HARDWARE AND ITS HABI
Page 32 and 33:
20 CHAPTER 3. TOOLS OF THE TRADE1 p
Page 34 and 35:
22 CHAPTER 3. TOOLS OF THE TRADE1 p
Page 36 and 37:
24 CHAPTER 3. TOOLS OF THE TRADE1.1
Page 38 and 39:
26 CHAPTER 3. TOOLS OF THE TRADEQui
Page 40 and 41:
28 CHAPTER 3. TOOLS OF THE TRADE
Page 42 and 43:
30 CHAPTER 4. COUNTING1 atomic_t co
Page 44 and 45:
32 CHAPTER 4. COUNTING4.2.3 Eventua
Page 46 and 47:
34 CHAPTER 4. COUNTINGvanish when t
Page 48 and 49:
36 CHAPTER 4. COUNTINGper-thread va
Page 50 and 51:
38 CHAPTER 4. COUNTING1 unsigned lo
Page 52 and 53:
Page 54 and 55:
42 CHAPTER 4. COUNTING1 #define THE
Page 56 and 57:
Page 58 and 59:
46 CHAPTER 4. COUNTINGReadsAlgorith
Page 60 and 61:
48 CHAPTER 5. PARTITIONING AND SYNC
Page 62 and 63:
Page 64 and 65:
Page 66 and 67:
Page 68 and 69:
Page 70 and 71:
Page 72 and 73:
Page 74 and 75:
Page 76 and 77:
Page 78 and 79:
Page 80 and 81:
68 CHAPTER 6. LOCKING1 int delete(i
Page 82 and 83:
70 CHAPTER 7. DATA OWNERSHIP
Page 84 and 85:
72 CHAPTER 8. DEFERRED PROCESSINGfo
Page 86 and 87:
74 CHAPTER 8. DEFERRED PROCESSINGth
Page 88 and 89:
76 CHAPTER 8. DEFERRED PROCESSING
Page 90 and 91:
78 CHAPTER 8. DEFERRED PROCESSINGfi
Page 92 and 93:
80 CHAPTER 8. DEFERRED PROCESSINGti
Page 94 and 95:
82 CHAPTER 8. DEFERRED PROCESSINGNo
Page 96 and 97:
84 CHAPTER 8. DEFERRED PROCESSING12
Page 98 and 99:
Page 100 and 101:
88 CHAPTER 8. DEFERRED PROCESSINGvo
Page 102 and 103:
90 CHAPTER 8. DEFERRED PROCESSINGLi
Page 104 and 105:
92 CHAPTER 8. DEFERRED PROCESSINGpe
Page 106 and 107:
94 CHAPTER 8. DEFERRED PROCESSINGCa
Page 108 and 109:
96 CHAPTER 8. DEFERRED PROCESSINGTh
Page 110 and 111:
Page 112 and 113:
Page 114 and 115:
Page 116 and 117:
104 CHAPTER 8. DEFERRED PROCESSINGs
Page 118 and 119:
106 CHAPTER 8. DEFERRED PROCESSINGo
Page 120 and 121:
108 CHAPTER 8. DEFERRED PROCESSING
Page 122 and 123:
110 CHAPTER 9. APPLYING RCU1 struct
Page 124 and 125:
112 CHAPTER 9. APPLYING RCU
Page 126 and 127:
114 CHAPTER 10. VALIDATION: DEBUGGI
Page 128 and 129:
116 CHAPTER 11. DATA STRUCTURES
Page 130 and 131:
118 CHAPTER 12. ADVANCED SYNCHRONIZ
Page 132 and 133:
Page 134 and 135:
Page 136 and 137:
Page 138 and 139:
Page 140 and 141:
Page 142 and 143:
Page 144 and 145:
Page 146 and 147:
Page 148 and 149:
Page 150 and 151:
138 CHAPTER 13. EASE OF USEFigure 1
Page 152 and 153:
140 CHAPTER 13. EASE OF USE
Page 154 and 155:
142 CHAPTER 14. TIME MANAGEMENT
Page 156 and 157:
144 CHAPTER 15. CONFLICTING VISIONS
Page 158 and 159:
Page 160 and 161:
Page 162 and 163:
Page 164 and 165:
Page 166 and 167:
154 APPENDIX A. IMPORTANT QUESTIONS
Page 168 and 169:
156 APPENDIX A. IMPORTANT QUESTIONS
Page 170 and 171:
158 APPENDIX B. SYNCHRONIZATION PRI
Page 172 and 173:
160 APPENDIX B. SYNCHRONIZATION PRI
Page 174 and 175:
162 APPENDIX C. WHY MEMORY BARRIERS
Page 176 and 177:
Page 178 and 179:
Page 180 and 181:
Page 182 and 183:
Page 184 and 185:
Page 186 and 187:
Page 188 and 189:
Page 190 and 191:
Page 192 and 193:
Page 194 and 195:
Page 196 and 197:
184 APPENDIX D. READ-COPY UPDATE IM
Page 198 and 199:
Page 200 and 201:
Page 202 and 203:
Page 204 and 205:
Page 206 and 207:
Page 208 and 209:
Page 210 and 211:
Page 212 and 213:
Page 214 and 215:
Page 216 and 217: 204 APPENDIX D. READ-COPY UPDATE IM
Page 256 and 257: 244 APPENDIX E. FORMAL VERIFICATION
Page 284 and 285: 272 APPENDIX F. ANSWERS TO QUICK QU
Page 316 and 317:
304 APPENDIX F. ANSWERS TO QUICK QU
Page 318 and 319:
Page 320 and 321:
Page 322 and 323:
Page 324 and 325:
Page 326 and 327:
Page 328 and 329:
Page 330 and 331:
Page 332 and 333:
Page 334 and 335:
Page 336 and 337:
Page 338 and 339:
Page 340 and 341:
Page 342 and 343:
330 APPENDIX G. GLOSSARY(2) A physi
Page 344 and 345:
332 APPENDIX G. GLOSSARYnear by. Th
Page 346 and 347:
334 APPENDIX G. GLOSSARY
Page 348 and 349:
336 BIBLIOGRAPHY[But97]USA, March 2
Page 350 and 351:
338 BIBLIOGRAPHY[HMB06][Hol03][HP95
Page 352 and 353:
340 BIBLIOGRAPHY[McK06] Paul E. McK
Page 354 and 355:
342 BIBLIOGRAPHYtor. Software - Pra
Page 356 and 357:
344 BIBLIOGRAPHY[UoC08][VGS08]Berke
Page 358:
346 APPENDIX H. CREDITSH.4 Original
show all

Is Parallel Programming Hard, And, If So, What Can You Do About It?

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?