Is Parallel Programming Hard, And, If So, What Can You Do About It?

More documents

Recommendations

Info

$TeX op Mac OS X, met teTeX en TeXShop - Nluug$

260 APPENDIX E. FORMAL VERIFICATION32 shouldexit = 0;33 snap = dynticks_progress_counter;34 grace_period_state = GP_WAITING;35 }36 do37 :: 1 ->38 atomic {39 assert(!shouldexit);40 shouldexit = dyntick_nohz_done;41 curr = dynticks_progress_counter;42 if43 :: (curr == snap) && ((curr & 1) == 0) ->44 break;45 :: (curr != snap) ->46 break;47 :: else -> skip;48 fi;49 }50 od;51 grace_period_state = GP_DONE;52 }We have added the shouldexit variable on line 5,which we initialize to zero on line 10. Line 17asserts that shouldexit is not set, while line 18sets shouldexit to the dyntick_nohz_done variablemaintained by dyntick_nohz(). This assertionwill therefore trigger if we attempt to take morethan one pass through the wait-for-counter-flipacknowledgementloop after dyntick_nohz() hascompleted execution. After all, if dyntick_nohz()isdone, thentherecannotbeanymorestatechangesto force us out of the loop, so going through twicein this state means an infinite loop, which in turnmeans no end to the grace period.Lines 32, 39, and 40 operate in a similar mannerfor the second (memory-barrier) loop.However, running this model(dyntickRCU-base-sl-busted.spin) resultsin failure, as line 23 is checking that the wrong variableis even. Upon failure, spin writes out a “trail”file (dyntickRCU-base-sl-busted.spin.trail)file, which records the sequence of states thatlead to the failure. Use the spin -t -p -g -ldyntickRCU-base-sl-busted.spin command tocause spin to retrace this sequence of state, printingthe statements executed and the values of variables(dyntickRCU-base-sl-busted.spin.trail.txt).Note that the line numbers do not matchthe listing above due to the fact that spintakes both functions in a single file. However,the line numbers do match the full model(dyntickRCU-base-sl-busted.spin).We see that the dyntick_nohz() process completedat step 34 (search for “34:”), but that thegrace_period() process nonetheless failed to exitthe loop. The value of curr is 6 (see step 35) andthat the value of snap is 5 (see step 17). Thereforethe first condition on line 21 above does not holdbecause curr!=snap, and the second condition online 23 does not hold either because snap is odd andbecause curr is only one greater than snap.So one of these two conditions has to be incorrect.Referring to the comment block in rcu_try_flip_waitack_needed() for the first condition:If the CPU remained in dynticks mode forthe entire time and didn’t take any interrupts,NMIs, SMIs, or whatever, then itcannot be in the middle of an rcu_read_lock(), so the next rcu_read_lock() itexecutes must use the new value of thecounter. So we can safely pretend that thisCPU already acknowledged the counter.The first condition does match this, because ifcurr==snap and if curr is even, then the correspondingCPU has been in dynticks-idle mode theentire time, as required. So let’s look at the commentblock for the second condition:If the CPU passed through or entered adynticks idle phase with no active irq handlers,then, as above, we can safely pretendthat this CPU already acknowledged thecounter.The first part of the condition is correct, becauseif curr and snap differ by two, there will be at leastone even number in between, corresponding to havingpassed completely through a dynticks-idle phase.However, the second part of the condition correspondsto having started in dynticks-idle mode, nothaving finished in this mode. We therefore need tobe testing curr rather than snap for being an evennumber.The corrected C code is as follows:1 static inline int2 rcu_try_flip_waitack_needed(int cpu)3 {4 long curr;5 long snap;67 curr = per_cpu(dynticks_progress_counter, cpu);8 snap = per_cpu(rcu_dyntick_snapshot, cpu);9 smp_mb();10 if ((curr == snap) && ((curr & 0x1) == 0))11 return 0;12 if ((curr - snap) > 2 || (curr & 0x1) == 0)13 return 0;14 return 1;15 }Lines 10-13 can now be combined and simplified,resulting in the following. A similar simplificationcan be applied to rcu_try_flip_waitmb_needed.1 static inline int2 rcu_try_flip_waitack_needed(int cpu)3 {4 long curr;5 long snap;6
E.7. PROMELA PARABLE: DYNTICKS AND PREEMPTABLE RCU 2617 curr = per_cpu(dynticks_progress_counter, cpu);8 snap = per_cpu(rcu_dyntick_snapshot, cpu);9 smp_mb();10 if ((curr - snap) >= 2 || (curr & 0x1) == 0)11 return 0;12 return 1;13 }Making the corresponding correction in the model(dyntickRCU-base-sl.spin) results in a correctverification with 661 states that passes without errors.However, it is worth noting that the first versionof the liveness verification failed to catch thisbug, due to a bug in the liveness verification itself.This liveness-verification bug was located by insertingan infinite loop in the grace_period() process,and noting that the liveness-verification code failedto detect this problem!We have now successfully verified both safety andliveness conditions, but only for processes runningand blocking. We also need to handle interrupts, atask taken up in the next section.E.7.2.4 InterruptsThere are a couple of ways to model interrupts inPromela:1. using C-preprocessor tricks to insert the interrupthandler between each and every statementof the dynticks_nohz() process, or2. modeling the interrupt handler with a separateprocess.A bit of thought indicated that the second approachwould have a smaller state space, thoughit requires that the interrupt handler somehowrun atomically with respect to the dynticks_nohz() process, but not with respect to the grace_period() process.Fortunately, it turns out that Promela permitsyou to branch out of atomic statements. This trickallowsustohavetheinterrupthandlersetaflag, andrecode dynticks_nohz() to atomically check thisflag and execute only when the flag is not set. Thiscan be accomplished with a C-preprocessor macrothat takes a label and a Promela statement as follows:1 #define EXECUTE_MAINLINE(label, stmt) \2 label: skip; \3 atomic { \4 if \5 :: in_dyntick_irq -> goto label; \6 :: else -> stmt; \7 fi; \8 } \One might use this macro as follows:EXECUTE_MAINLINE(stmt1,tmp = dynticks_progress_counter)Line 2 of the macro creates the specified statementlabel. Lines 3-8 are an atomic block that teststhe in_dyntick_irq variable, and if this variable isset (indicating that the interrupt handler is active),branches out of the atomic block back to the label.Otherwise, line 6 executes the specified statement.The overall effect is that mainline execution stallsany time an interrupt is active, as required.E.7.2.5 Validating Interrupt HandlersThe first step is to convert dyntick_nohz() toEXECUTE_MAINLINE() form, as follows:1 proctype dyntick_nohz()2 {3 byte tmp;4 byte i = 0;5 bit old_gp_idle;67 do8 :: i >= MAX_DYNTICK_LOOP_NOHZ -> break;9 :: i < MAX_DYNTICK_LOOP_NOHZ ->10 EXECUTE_MAINLINE(stmt1,11 tmp = dynticks_progress_counter)12 EXECUTE_MAINLINE(stmt2,13 dynticks_progress_counter = tmp + 1;14 old_gp_idle = (grace_period_state == GP_IDLE);15 assert((dynticks_progress_counter & 1) == 1))16 EXECUTE_MAINLINE(stmt3,17 tmp = dynticks_progress_counter;18 assert(!old_gp_idle ||19 grace_period_state != GP_DONE))20 EXECUTE_MAINLINE(stmt4,21 dynticks_progress_counter = tmp + 1;22 assert((dynticks_progress_counter & 1) == 0))23 i++;24 od;25 dyntick_nohz_done = 1;26 }It is important to note that when a group ofstatements is passed to EXECUTE_MAINLINE(), as inlines 11-14, all statements in that group executeatomically.Quick Quiz E.14: But what would you do ifyou needed the statements in a single EXECUTE_MAINLINE() group to execute non-atomically?Quick Quiz E.15: But what if the dynticks_nohz() process had “if” or “do” statements withconditions, where the statement bodies of these constructsneeded to execute non-atomically?Thenextstepistowriteadyntick_irq()processto model an interrupt handler:1 proctype dyntick_irq()2 {3 byte tmp;4 byte i = 0;5 bit old_gp_idle;67 do8 :: i >= MAX_DYNTICK_LOOP_IRQ -> break;9 :: i < MAX_DYNTICK_LOOP_IRQ ->10 in_dyntick_irq = 1;
Page 1 and 2:
Is Parallel Programming Hard, And,
Page 3 and 4:
Contents1 Introduction 11.1 Histori
Page 5 and 6:
CONTENTSv6 Locking 676.1 Staying Al
Page 7 and 8:
CONTENTSviiB Synchronization Primit
Page 9 and 10:
CONTENTSixE.7.1 Introduction to Pre
Page 11 and 12:
PrefaceThe purpose of this book is
Page 13 and 14:
Chapter 1IntroductionParallel progr
Page 15 and 16:
1.2. PARALLEL PROGRAMMING GOALS 3CP
Page 17 and 18:
1.3. ALTERNATIVES TO PARALLEL PROGR
Page 19 and 20:
1.4. WHAT MAKES PARALLEL PROGRAMMIN
Page 21 and 22:
1.5. GUIDE TO THIS BOOK 9other hand
Page 23 and 24:
Chapter 2Hardware and its HabitsMos
Page 25:
2.1. OVERVIEW 13Therefore, as shown
Page 28 and 29:
16 CHAPTER 2. HARDWARE AND ITS HABI
Page 30 and 31:
18 CHAPTER 2. HARDWARE AND ITS HABI
Page 32 and 33:
20 CHAPTER 3. TOOLS OF THE TRADE1 p
Page 34 and 35:
22 CHAPTER 3. TOOLS OF THE TRADE1 p
Page 36 and 37:
24 CHAPTER 3. TOOLS OF THE TRADE1.1
Page 38 and 39:
26 CHAPTER 3. TOOLS OF THE TRADEQui
Page 40 and 41:
28 CHAPTER 3. TOOLS OF THE TRADE
Page 42 and 43:
30 CHAPTER 4. COUNTING1 atomic_t co
Page 44 and 45:
32 CHAPTER 4. COUNTING4.2.3 Eventua
Page 46 and 47:
34 CHAPTER 4. COUNTINGvanish when t
Page 48 and 49:
36 CHAPTER 4. COUNTINGper-thread va
Page 50 and 51:
38 CHAPTER 4. COUNTING1 unsigned lo
Page 52 and 53:
Page 54 and 55:
42 CHAPTER 4. COUNTING1 #define THE
Page 56 and 57:
Page 58 and 59:
46 CHAPTER 4. COUNTINGReadsAlgorith
Page 60 and 61:
48 CHAPTER 5. PARTITIONING AND SYNC
Page 62 and 63:
Page 64 and 65:
Page 66 and 67:
Page 68 and 69:
Page 70 and 71:
Page 72 and 73:
Page 74 and 75:
Page 76 and 77:
Page 78 and 79:
Page 80 and 81:
68 CHAPTER 6. LOCKING1 int delete(i
Page 82 and 83:
70 CHAPTER 7. DATA OWNERSHIP
Page 84 and 85:
72 CHAPTER 8. DEFERRED PROCESSINGfo
Page 86 and 87:
74 CHAPTER 8. DEFERRED PROCESSINGth
Page 88 and 89:
76 CHAPTER 8. DEFERRED PROCESSING
Page 90 and 91:
78 CHAPTER 8. DEFERRED PROCESSINGfi
Page 92 and 93:
80 CHAPTER 8. DEFERRED PROCESSINGti
Page 94 and 95:
82 CHAPTER 8. DEFERRED PROCESSINGNo
Page 96 and 97:
84 CHAPTER 8. DEFERRED PROCESSING12
Page 98 and 99:
Page 100 and 101:
88 CHAPTER 8. DEFERRED PROCESSINGvo
Page 102 and 103:
90 CHAPTER 8. DEFERRED PROCESSINGLi
Page 104 and 105:
92 CHAPTER 8. DEFERRED PROCESSINGpe
Page 106 and 107:
94 CHAPTER 8. DEFERRED PROCESSINGCa
Page 108 and 109:
96 CHAPTER 8. DEFERRED PROCESSINGTh
Page 110 and 111:
Page 112 and 113:
Page 114 and 115:
Page 116 and 117:
104 CHAPTER 8. DEFERRED PROCESSINGs
Page 118 and 119:
106 CHAPTER 8. DEFERRED PROCESSINGo
Page 120 and 121:
108 CHAPTER 8. DEFERRED PROCESSING
Page 122 and 123:
110 CHAPTER 9. APPLYING RCU1 struct
Page 124 and 125:
112 CHAPTER 9. APPLYING RCU
Page 126 and 127:
114 CHAPTER 10. VALIDATION: DEBUGGI
Page 128 and 129:
116 CHAPTER 11. DATA STRUCTURES
Page 130 and 131:
118 CHAPTER 12. ADVANCED SYNCHRONIZ
Page 132 and 133:
Page 134 and 135:
Page 136 and 137:
Page 138 and 139:
Page 140 and 141:
Page 142 and 143:
Page 144 and 145:
Page 146 and 147:
Page 148 and 149:
Page 150 and 151:
138 CHAPTER 13. EASE OF USEFigure 1
Page 152 and 153:
140 CHAPTER 13. EASE OF USE
Page 154 and 155:
142 CHAPTER 14. TIME MANAGEMENT
Page 156 and 157:
144 CHAPTER 15. CONFLICTING VISIONS
Page 158 and 159:
Page 160 and 161:
Page 162 and 163:
Page 164 and 165:
Page 166 and 167:
154 APPENDIX A. IMPORTANT QUESTIONS
Page 168 and 169:
156 APPENDIX A. IMPORTANT QUESTIONS
Page 170 and 171:
158 APPENDIX B. SYNCHRONIZATION PRI
Page 172 and 173:
160 APPENDIX B. SYNCHRONIZATION PRI
Page 174 and 175:
162 APPENDIX C. WHY MEMORY BARRIERS
Page 176 and 177:
Page 178 and 179:
Page 180 and 181:
Page 182 and 183:
Page 184 and 185:
Page 186 and 187:
Page 188 and 189:
Page 190 and 191:
Page 192 and 193:
Page 194 and 195:
Page 196 and 197:
184 APPENDIX D. READ-COPY UPDATE IM
Page 198 and 199:
Page 200 and 201:
Page 202 and 203:
Page 204 and 205:
Page 206 and 207:
Page 208 and 209:
Page 210 and 211:
Page 212 and 213:
Page 214 and 215:
Page 216 and 217:
Page 218 and 219:
Page 220 and 221:
Page 222 and 223: 210 APPENDIX D. READ-COPY UPDATE IM
Page 256 and 257: 244 APPENDIX E. FORMAL VERIFICATION
Page 284 and 285: 272 APPENDIX F. ANSWERS TO QUICK QU
Page 322 and 323:
310 APPENDIX F. ANSWERS TO QUICK QU
Page 324 and 325:
Page 326 and 327:
Page 328 and 329:
Page 330 and 331:
Page 332 and 333:
Page 334 and 335:
Page 336 and 337:
Page 338 and 339:
Page 340 and 341:
Page 342 and 343:
330 APPENDIX G. GLOSSARY(2) A physi
Page 344 and 345:
332 APPENDIX G. GLOSSARYnear by. Th
Page 346 and 347:
334 APPENDIX G. GLOSSARY
Page 348 and 349:
336 BIBLIOGRAPHY[But97]USA, March 2
Page 350 and 351:
338 BIBLIOGRAPHY[HMB06][Hol03][HP95
Page 352 and 353:
340 BIBLIOGRAPHY[McK06] Paul E. McK
Page 354 and 355:
342 BIBLIOGRAPHYtor. Software - Pra
Page 356 and 357:
344 BIBLIOGRAPHY[UoC08][VGS08]Berke
Page 358:
346 APPENDIX H. CREDITSH.4 Original
show all

Is Parallel Programming Hard, And, If So, What Can You Do About It?

Create successful ePaper yourself

Delete template?

Save as template?