The theory of concurrent programming for a seasoned programmer


Published on

Published in: Education, Technology

The theory of concurrent programming for a seasoned programmer

  1. 1. The theory of concurrent programmingfor a seasoned programmer© Roman Elizarov, Devexperts, 2012
  2. 2. What? For whom?• The practical experience in writing concurrent programs is assumed - Here, concurrent == using shared memory - Assuming audience knows and used in practice locks, synchronized sections, compare and set, etc - Knowledge of “Java Concurrency in Practice” is a plus!• The theory behind the practical constructs will be explained - Formal models - Key definitions - Important facts and theorems (without proofs) - Practical corollaries• But some concepts are simplified
  3. 3. Just a reminder: the free lunch is over
  4. 4. Basic definitions• Process owns memory and other resources in OS• Thread of execution defines current instruction pointer, stack pointer and other registers - Threads execute program code - Multiple threads per process are sharing the same memory• However, both terms are often used interchangeably in theory - “Process” seems to be used more often due to historical reasons - And they are typically named P, Q, R, … etc in papers
  5. 5. Why model?• Formal models of computation let you define and prove certain desired properties of you programs• The models let you prove impossibility of achieving certain results under specific constraints - Saving your time trying to find a working solution
  6. 6. The model with shared objects [Shared] Memory Thread 1 [Shared] Object 1 Thread 2 [Shared] Object 2 [Shared] Object M Thread N
  7. 7. Concurrency
  8. 8. Shared objects• Threads (or processes) perform operations on shared memory objects• This model doesn’t care about operations that are internal to threads: - Computations performed by threads - Updates to threads’ CPU registers - Updates to threads’ stacks - Updates to any “thread local” memory regions• Only inter-thread communication matters• The only type of inter-thread communication in this model is via shared objects
  9. 9. [Shared] Registers• Don’t confuse with CPU registers (eax, ebx, etc in x86) - They are just part of “thread state” in concurrent programming theory• In concurrent programming [shared] register is the simplest kind of shared object: - It has some value type (typically boolean or integer) - With read and write operations• Registers are basic building blocks for many practical concurrent algorithms• The model of threads + shared registers is a decent abstraction for modern multicore hardware systems - It abstracts away enough actual complexity to make theoretical reasoning possible
  10. 10. Message passing models• We can model parallel computing by letting threads send messages to each other, instead of giving them shared registers (or other shared objects) - It is closer to how the hardware memory bus actually works on a low level (CPUs send messages to memory via interconnects) - But it is farther from how the programs actually work with• Message passing is typically used to model distributed programs• Both models are theoretically equivalent in their power - But the practical performance of various algorithms will be different - We work with shared objects model where performance matters (taking care to optimize the number of shared objects and the number of operations on them is close to the real practical optimization)
  11. 11. Parallel Concurrent Distributed [shared memory] [message passing]* NOTE: There is no general consensus on this terminology
  12. 12. Properties of concurrent programs• Serial programs are usually deterministic - Unless explicit calls to random number generator are present - Their properties are established by analyzing their state, invariants, pre- and post- conditions• Concurrent programs are inherently nondeterministic - Even when the code for each thread is fully deterministic - Outcome depends on the actual execution history – what operations on shared objects where performed by threads in what order - When you say “program A has property P” it actually means “program A has property P in any execution”
  13. 13. Modeling executions • S is a global state, which includes: - State of all threads S - State of all shared objects or all “in flight” messages (in distributed system) f g • f and g are operations on shared objects f(S) g(S) - for registers it can be either or ri.write(value) - There are as many possible operations in each state as there are active threads • not as simple for distributed case • f(S) is a new state after operation f was performed in state S
  14. 14. Example P0,Q0 x=0shared int x (-, -)thread P: thread Q: 0: x = 1 0: x = 2 1: print x P1,Q0 P0,Q1 1: print x 2: stop x=1 A total of 17 states x=2 2: stop (-, -) (-, -) P2,Q0 P1,Q1 P1,Q1 P0,Q2 x=1 x=2 x=1 x=2 (1, -) (-, -) (-, -) (-, 2) +1 state not shown +2 states not shown +2 states not shown +1 state not shown P2,Q2 P2,Q2 P2,Q2 P2,Q2 x=2 x=2 x=1 x=1 (1, 2) (2, 2) (1, 1) (2, 1)
  15. 15. Discussion of the execution model with states• This model is not truly “parallel” - All operations happen serially (albeit in undefined order)• In reality (on a modern CPU) - A read or write operation is not instantaneous. It takes time - There are multiple memory banks that work in parallel. You have multiple read or write operation happening at the same time.• However, you can safely use this model for atomic registers - Atomic (linearizable) registers work as if each write or read is instantaneous and as if there is no parallelism - Will define what this means precisely later• A more general model of execution is needed to analyze a wider class of primitives
  16. 16. Lamport’s happens before (occurs before) model• An execution history is a pair (H, →H) - “H” is a set of operations e, f, g, … that happened during execution - “→H” is a transitive, irreflexive, antisymmetric relation on a set of operations H (strict partial order relation) - “e → H f” means “e happens before f [in H]” or “occurs before” • H is ommited where it is not ambiguous• In global time model of execution, each operation e has - s(e) and f(e) – times where it has started and finished e f f (e) s( f ) - Albeit convenient to visualize, in reality there is no global time (no central clock) in a modern system (so formal proofs cannot use time)
  17. 17. Legal executions• Execution is legal, if it satisfies specifications of all objects x.w(1) P x.r(1) LEGAL Q x.w(1) P x.r(2) ILLEGAL Q
  18. 18. Serial executions• Execution is serial, if “happens before” is a total order x.w(1) P x.r(1) SERIAL Q x.w(1) P x.r(1) NON-SERIAL Q e and f are called parallel when e f f e
  19. 19. Linearizable executions• Execution is linearizable, if its history (“happens before” relation) can be extended to a legal and serial (total) history x.w(1) P x.r(1) LINEARIZABLE Q x.w(1) P x.r(2) NON-LINEARIZABLE Q
  20. 20. Linearizable (atomic) objects• Object is called linearizable (atomic) if all execution histories with respect to this object are linearizable• Lineriazability is composable. A system execution on linearizable objects is linearizable.• In global time model, each operation in linearizable execution has a linearization point T(e) e : s(e) T (e) f (e) e, f : e f T (e) T ( f ) e f T (e) T ( f ) x.w(1) P x.r(1) Q
  21. 21. Atomic registers and other objects• Atomic register == linearizable register - They work as if read/write operations happen instantaneously at linearization point and in some specific serial order - Thus we can use “global state” model of execution to analyze behavior of a program whose threads are working with shared atomic registers (or with other atomic objects)• volatile fields in Java work like atomic registers - AtomicXXX classes are atomic registers, too (with additional ops)• Thread-safe classes (synchronized, ConcurrentXXX) are atomic (linearizable) unless explicitly specified otherwise - “thread-safe” in practice means “linearizable”, e.g. designed to work as if all operations happen in some serial order without an outside synchronization even if accessed concurrently
  22. 22.
  23. 23. Mutual exclusion (lock)The mutex protocol • The main desired property of protocol is mutual exclusion. Two executions ofthread Pid: critical section cannot be parallel: loop forever: nonCriticalSection i, j : i j CSi CS j CS j CSi mutex.lock criticalSection mutex.unlock • It is also known as correctness requirement for mutual exclusion protocol
  24. 24. Mutex attempt #1 threadlocal int id // 0 or 1 • This protocol does guarantee mutual exclusion shared boolean want[2] • But there is no guarantee of def lock: progress. It can get into live-lock want[id] = true (both threads spinning forever in while want[1 - id]: pass lock) def unlock: • So, the other desired property is want[id] = false progress: critical section should get entered infinitely often
  25. 25. Mutex attempt #2 threadlocal int id // 0 or 1 • This protocol does guarantee mutual exclusion and progress shared int victim • But critical section can be entered def lock: in a turn-by-turn fashion only. One victim = id thread working in isolation will while victim == id: pass starve. def unlock: • So, the stronger progress is pass desired. Freedom from starvation: if one (or more) threads wants to enter critical section, then it’ll enter CS in a finite number of steps
  26. 26. Peterson’s mutual exclusion algorithm threadlocal int id // 0 or 1 • This protocol does guarantee mutual exclusion, progress and shared boolean want[2] shared int victim freedom from starvation • The order of operations in this def lock: pseudo-code is important want[id] = true victim = id • Not the first one invented (1981), while want[1-id] and but the simplest 2-thread one victim == id: pass • Hard to generalize to N threads (can be, but the result is complex) def unlock: want[id] = false
  27. 27. Lamport’s [bakery] mutual exclusion algorithm threadlocal int id // 0 to N-1 • This protocol does guarantee mutual exclusion, progress shared boolean want[N] and freedom from starvation shared int label[N] for N threads def lock: • This protocol has an additional want[id] = true doorway first-come, first-served label[id] = max(label) + 1 (FCFS) property. First thread while exists k: k != i and want[k] and finishing doorway gets lock (label[k], k) < (label[id], id) : first pass • But relies on infinite labels. def unlock: They can be replaced with want[id] = false “concurrent bounded timestamps”
  28. 28. Pros and cons of locks• With mutual exclusion any serial object can be turned into a linearizable shared object. - Just protect all operations as critical sections with a mutex - Using two phase locking (2PL) you can build complex linearizable objects out of smaller building blocks - Nothing more but shared registers are enough to build a mutex - Profit!• But - By using multiple locks you can get into a deadlock - Locks lead to priority inversion - Locks limit concurrency of code by ensuring that critical sections are executed strictly serially with respect to each other
  29. 29. Amdahl’s Law for parallelization• The maximal speedup of code with N threads when S portion of it is serial 1 speedup 1 S S N 1 lim speedup N S• Even when just 5% of code is serial (S=0.05), the maximal possible speedup of the code is 20.
  30. 30. Non-blocking algorithms (objects)• What happens if OS scheduler pauses a thread that is working inside a critical section (is holding a lock)? - No other operation on the corresponding object can proceed• Lock-free: An object or operation (method) is lock-free if one of the active (non-paused) threads can complete an operation in the finite number of steps. - Some threads may starve, but only when some other threads complete their operations• Wait-free: An object or operation (method) is wait-free if any of the active (non-paused) threads can complete an operation in the finite number of steps - No starvation is allowed
  31. 31. Non-atomic registers• Physical register (SRAM) is not atomic - However, it is wait-free, but… - It stores only boolean (bit) values - It can have only a single reader (SR) and single writer (SW) - Trying to read and write at the same time leads to unpredictable results - But it is a safe register • When reading after write completes, the most recent written value is returnedThrough a chain of software constructions on top of safe boolean SRSWregisters it is possible to build wait-free atomic multi valued multi reader(MR) multi writer (MW) register
  32. 32. Atomic shapshot• Just read values of N registers in a loop and return - is not an atomic snapshot (“read N registers atomically”) operation System states r1.w(1) r2.w(2) r1 r2 P r1.r(0) r2.r(2) 0 0 Q ? 1 0 Q tries to take snapshot: 1 2 this execution cannot be linearized Read state r1 r2 0 2
  33. 33. Lock-free atomic snapshot• Add version to each register - On write atomically write a pair (new_version, new_value) to a register where new_version = old_version + 1• To take an atomic shapshot - Read in a loop all versions and values - Reread them to check if versions are still them same • If still same -> snapshot was atomic, return it • If changed -> shapshot was not atomic, repeat• Can loop trying to take snapshot forever (starvation), thus it is not a wait-free algorithm• But it is lock-free. The system as a whole has progress. A loop in snapshot means writes are being completed
  34. 34. Wait-free atomic snapshot• Yes, it is possible to make it wait-free, so that every operation (including snapshot) is guaranteed to complete in a finite number of steps under all circumstances - Threads will have to cooperate - Each updating thread will have to take a snapshot and store it in its own per-thread register to help complete concurrent snapshots • O(N2) storage requirement, O(N) time for each operation• Not practical - This is true about all wait-free algorithms - There are no practical wait-free algorithms • But certain individual non-modifying operations in some algorithms can be implemented wait-free
  35. 35. Wait-free synchronization and consensusThe consensus protocol • What other wait-free objects can we build using atomic wait-free registersthreadlocal int proposal as our primitive? - The question was definitely answeredthread Pid: print consensus by M. Herlihy in 1991 stop - He considered wait-free implementations of consensus protocol • In a consensus protocol all threads have to reach agreement on a value. - It has to be non-trivial - The protocol must be wait-free
  36. 36. Consensus number• Consensus number of a shared object or class of objects is the largest number N, such that a [wait-free] consensus protocol for Lock-based (blocking) N threads can be implemented consensus protocol using these objects as primitive threadlocal int proposal // != 0 building blocks. shared int value• Consensus number of atomic registers is 1 (one, uno, один) def consensus: - Even two threaded [wait-free] lock consensus protocol cannot be if value == 0: reached using any number of value = proposal unlock atomic registers return value - However, it’s trivial with locks!
  37. 37. Read-Modify-Write (RMW) registers• It’s a register that is augmented with additional RMW operation(s) - Each RMW operation has a kernel function F and is typically named “getAndF” RMW register• Common2 class of RMW kernels shared int value - F1(F2(x)) == F1(x) or def getAndF: - F1(F2(x)) == F2(F1(x)) old = value // read• Common2 examples: value = F(old) // modify, write return old - F(x)=a // set to const - F(x)=x+a // add const Non-trivial Common2 RMW registers have consensus number 2
  38. 38. Consensus hierarchy Objects and operations Consensus number Atomic Register with get (read), set (write) operations 1 Atomic snapshot of N registers Common2 Read-Modify-Write Registers: 2 getAndAdd (atomic inc/dec), getAndSet (atomic swap), queue and stack (with enqueue/dequeue, push/pop only) Atomic assignment of any N registers 2n-2 Universal operations: ∞ compareAndSet/compareAndSwap (CAS), queue with peek operation, memory-to-memory swap
  39. 39. Universality of consensus• Any object can be turned into a concurrent wait-free linearizable object for N threads if we have a consensus protocol for N threads using universal construction - Corollary: consensus hierarchy is strict. - However, universal construction is not really efficient for real-life• Lock-free universal construction via CAS is easy and practical shared register<MyObject> value def concurrentOperationX: MyObject is a pointer loop: if it’s state does not fit oldval = value.get into CAS-able newval = oldval.deepCopy machine word newval.serialOperationX until value.CAS(oldval, newval) is successful
  40. 40. Implementing lock-free algorithms• Let’s try to implement CAS-based universal construction in C: typedef struct object { /* my object’s state is here */ } object_t; void serial_operation_X(object_t *ptr); // updates state pointed to by ptr void concurrent_operation_X(object_t **ptr) { object_t *oldval, *newval = malloc(sizeof(object_t)); do { oldval = *ptr; memcpy(newval, oldval, sizeof(object_t)); serial_operation_X(newval); } while (! __sync_bool_compare_and_swap(ptr, oldval, newval)); free(oldval); } Problem: it can copy trash, that was freed, and serial_operation_X will crash
  41. 41. Implementing lock-free algorithms (attempt #2)• Let’s try to implement CAS-based universal construction in C: typedef struct object { /* my object’s state is here */ } object_t; void serial_operation_X(object_t *ptr); // updates state pointed to by ptr void concurrent_operation_X(object_t **ptr) { object_t *oldval, *newval = malloc(sizeof(object_t)); do { oldval = *ptr; memcpy(newval, oldval, sizeof(object_t)); // assume no segfault here __sync_synchronize(); // make sure we see changes of *ptr if (oldval != *ptr) continue; serial_operation_X(newval); } while (! __sync_bool_compare_and_swap(ptr, oldval, newval)); free(oldval); }
  42. 42. Still doesn’t work: ABA problem A, B and C are memory locations start with *ptr == A Thread P: Thread Q: 1: oldval is A 1: oldval == A 2: (newval = malloc()) is B 2: (newval = malloc()) == C 3: CAS(ptr, A, B) is successful 4: free(A) // makes operation_X again // sleeps/slow all that time 5: oldval is B 6: (newval = malloc()) is A 7: CAS(ptr, B, A) is successful 8: free(B) 3: CAS(ptr, A, C) is successful *ptr is going A, B, A
  43. 43. Solving ABA problem• Attach version to a pointer and increment it on every operation - Need to CAS two words at the same - That’s why CPUs have ops like CMPXCHG8B (for 32bit mode) and CMPXCHG16B (for 64bit mode)• Rely on garbage collector (GC) for memory management - In GC runtime environment the ABA problem simply does not exist - Makes your non-blocking concurrent programming much easier!• Use other schemes that rely on coordination between threads (hazard pointers)• Use special hardware support (LL/SC or hardware memory transactions)• Still, universal construction is efficient only if object state is small
  44. 44. Tree-like persistent data structures oldval newval Root Update B Root’ NodeA NodeB NodeB’ NodeC NodeD Reallocate and update only path from updated node to the root
  45. 45.
  46. 46. Lock-free stacks• Use universal construction on linked-list representation of the stack (it’s a trivial tree-like structure!) - root is pointing to the top of stack - push and pop have trivial implementation with minimal overhead• With a lot of cores, root becomes bottleneck. Use elimation-backoff - Threads trying to push and pop at the same time meet elsewhere• But linked data structures are slow on modern machines - No memory locality - Next memory address is not known before reading previous node – code must pay memory latency penalty on each access - Array-based single-threaded stack is many times faster than linked one• Alas, no practical & efficient array-based lock-free algos are known
  47. 47. Lock-free queues• Michael & Scott algo for lock-free unbounded linked queue - Great implementation in java.util.concurrent.ConcurrentLinkedQueue• Array-based bounded cyclic queues cannot be practically & efficiently make lock-free - But limiting to a single producer and single consumer helps (in case of a bounded array-based queue) - Don’t not even need CAS for SPSC queue - Use N of them for MP or MC - Can do MP and MC queue (and even deque) if you additionally keep a version of every slot in the array • but this is not really practical - Or reallocate memory when array is filled (unrolled linked list) • a really practical alternative if needed
  48. 48. More practical notes• Strict FIFO queue will always get contended - Multiple producers will contend for tail - Multiple consumers will contend for head - Does not scale to a lot of cores• In practice, strict FIFO queue is rarely needed - Usually, it does not really matter if first in is really first out • but it needs to be eventually out - See java.util.concurrent.ForkJoinPool for one alternative• Lock-free algorihthms can be faster (and scale better) that their lock-based counterparts, but always slower than serial algos Avoid unnecessary synchronization between threads
  49. 49. Data structures for search• Ordered - Balanced trees are hard to make lock-free (not practical) - But Bill Pugh’s skip lists are practical in lock-free case • Because they are based on order linked sets • which support lock-free implementation • See java.util.concurrent.ConcurrentSkipList for implementation• Unordered - Fixed-size hash-tables are trivial in concurrent case - Resizable hash-table can be implemented lock-free, too • As either ordered linked set with lookup hash-table (recursive split-ordering) • Or fully based on arrays (Cliff Click’s high-scale hash-table)
  50. 50. Hardware transactional memory (HTM)• Is scheduled to debut in Intel Haswell processors - Allows to begin transaction, perform it inside processor cache, then commit to main memory its effects or abort - Enhances existing cache infrastructure - While tracking interference between threads on top of existing cache- coherence protocols• It makes more efficient lock-free algorithms practical - Like LIFO stacks and FIFO queues with any number of participants - Like concurrent hash tables without pain - Hardware just automatically detects conflicts without a code overhead to manage them and rolls back allowing code to start transaction again (just like you’d do in CAS universal construction)
  51. 51. Software Transactional Memory (STM)• Is a simplified programming model - Similar to locks, but use atomic section instead of synchronized - Same problems as locks, but • Without worry to take the right lock • Without worry about deadlocks • Conflicting transaction is transparently restarted by transaction manager• It has poor performance, but makes life easier - when there are few limited places, where threads have to coordinate though shared objects - It is inefficient if there are a lot of shared objects and/or they are accessed very often
  52. 52. There’s much more to it. It is an active area of research
  53. 53. Further reading
  54. 54. Thank you for your attention! Slides will be posted to