aicas Technology                   Multicore for Real-Time              and Safety-Critical Software:                     ...
AgendaRace conditions                          Reaching peakSynchronization                          performance          ...
Typical Problems on Multicoretypical code sequence (C/C++ or Java)int counter; void increment(){  counter++; }     Multi-C...
Typical Problems on Multicoretypical code sequence (C/C++ or Java)int counter; void increment(){  counter++; }            ...
Typical Problems on Multicoretypical code sequence (C/C++ or Java)int counter; void increment()              Thread 1     ...
Typical Problems on Multicoretypical code sequence (C/C++ or Java)int counter; void increment()              Thread 1     ...
Typical Problems on Multicoretypical code sequence (C/C++ or Java)                      int counter; void increment(){  c...
Typical Problems on Multicoretypical code sequence (C/C++ or Java)                      int counter; void increment(){  c...
Synchronizationsolution: synchronizeint counter; synchronized void increment(){  counter++; }Easy, problem solved.Right? S...
Atomic OperationsWhat is the result ofint a, b;  /* 32 bit, initially 0 */Thread 1                    Thread 2b = a;      ...
Atomic OperationsWhat is the result ofint a, b;  /* 32 bit, initially 0 */Thread 1                    Thread 2b = a;      ...
Atomic OperationsWhat is the result oflong a, b;  /* 64 bit, initially 0 */Thread 1                    Thread 2b = a;     ...
Atomic OperationsWhat is the result oflong a, b;  /* 64 bit, initially 0 */Thread 1                    Thread 2b = a;     ...
Cache StructureCPUs may have local caches for performance                       Main Memory      L2 Cache                 ...
Cache Structure                                 Main Memory                      L2 Cache                 L2 Cache        ...
Typical Problems on Multicorepolling updatelong counter;[..]do   {    doSomething();   }while (counter < MAX);counter is i...
Typical Problems on Multicorepolling updatelong counter;  [..]do   {    doSomething();   }while (counter < MAX);counter i...
Solution: volatile?polling updatevolatile long counter;[..]do   {    doSomething();   }while (counter < MAX);works for Jav...
Solution: volatile?polling updatevolatile long counter;[..]do   {    doSomething();   }                             while...
Understanding the Memory Model Memory model specifies what optimizations are permitted by the compiler or underlying hardw...
Javas Memory Modelordering operations are  synchronized block  accessing a volatile variableThe presence of an ordering op...
Javas Memory Model: Defined Order  all reads are completed before    entering synchronized block, or    reading a volatile...
Javas Memory Model: Data Races data races are not forbidden in Java   you can use shared memory variables   your code has ...
Memory Model ExampleShared memory communicationPtr     p;boolean p_valid;Thread 1p = new Ptr();        p_valid = true;    ...
Memory Model ExampleShared memory communicationPtr     p;boolean p_valid;Thread 1                             Thread 2p = ...
Memory Model ExampleShared memory communicationPtr     p;boolean p_valid;Thread 1                             Thread 2p = ...
Memory Model ExampleShared memory communicationThread 1                             Thread 2p = new Ptr();          if (p_...
Memory Model ExampleShared memory communicationThread 1                             Thread 2p = new Ptr();          if (p_...
Memory Model ExampleShared memory communicationThread 1                             Thread 2p = new Ptr();          if (p_...
Memory Model ExampleShared memory communicationThread 1                             Thread 2p = new Ptr();          if (p_...
Memory Model ExampleShared memory communicationThread 1                              Thread 2p = new Ptr();          if (...
Memory Model ExampleShared memory communicationThread 1                              Thread 2p = new Ptr();          if (...
Memory Model Example Shared memory communicationThread 1                              Thread 2p = new Ptr();          if...
Example Use of Javas Memory Model    Shared memory communication   volatile Ptr     p;    volatile boolean p_valid;    Th...
Example Use of Javas Memory Model  Shared memory communication  volatile Ptr     p;  volatile boolean p_valid;  Thread 1  ...
Example Use of Javas Memory Model  Shared memory communication  volatile Ptr     p;  volatile boolean p_valid;  Thread 1  ...
Example Use of Cs Memory Model Shared memory communication volatile Obj    *p; volatile boolean p_valid; Thread 1         ...
Example Use of Cs Memory Model Shared memory communication volatile Obj    *p; volatile boolean p_valid; Thread 1         ...
Example Use of Cs Memory Model Shared memory communication volatile Obj    *p; volatile boolean p_valid;  Thread 1       ...
Example Use of Cs Memory Model Shared memory communication volatile Obj    *p; volatile boolean p_valid;   Thread 1     ...
Example Use of Cs Memory Model Shared memory communication volatile Obj    *p; volatile boolean p_valid; Thread 1         ...
Example Use of Cs Memory Model Shared memory communication volatile Obj    *p; volatile boolean p_valid; Thread 1         ...
Example Use of Cs Memory Model Shared memory communication volatile Obj    *p; volatile boolean p_valid; Thread 1         ...
Example Use of Cs Memory Model Shared memory communication volatile Obj    *p; volatile boolean p_valid; Thread 1         ...
Out of Thin Airimagine this codeint x = 0, n = 0;Thread 1                             Thread 2for (i=0; i<n; i++)     x = ...
Out of Thin Airimagine this codeint x = 0, n = 0;Thread 1                             Thread 2for (i=0; i<n; i++)     x = ...
Out of Thin Air: Introduction of Writes   loop optimization in C/C++   int x = 0, n = 0;   Thread 1                       ...
Out of Thin Air: Introduction of Writes   loop optimization in C/C++   int x = 0, n = 0;   Thread 1                       ...
Out of Thin Airimagine this codeint x = 0, y = 0;Thread 1                             Thread 2r1 = x;                 r2 =...
Out of Thin Airimagine this codeint x = 0, y = 0;Thread 1                             Thread 2r1 = x;                 r2 =...
Out of Thin Air: Optimization in C/C++   imagine this code   int x = 0, y = 0;   Thread 1                             Thre...
Performance on Multicore: Example  Single core application, 3 threads  All threads synchronize frequently on same lock    ...
Performance on Multicore: Example  Single core application, 3 threads  All threads synchronize frequently on same lock  wh...
Performance on Multicore: Example  Single core application, 3 threads       Multi-Core for Real-Time and Safety-Critical S...
Performance on Multicore: Example  Single core application, 3 threads  On a multicore       Multi-Core for Real-Time and S...
Performance on a MulticoreFrequent synchronization can kill the performanceTypical non-RTOS will use heuristics to improve...
Performance on a MulticoreThese heuristics introduce priority-inversion andgenerally destroy predictabilityA typical semap...
CPU AffinitiesOSes provide APIs to lock threads certain CPUsThis limits the decision space of the RTOS  a global scheduler...
CPU Affinities: No More interruptsLocking interrupts to a dedicated CPU  protects all other CPUs from interrupts, and  inv...
CPU Affinities: No More interruptsLocking interrupts to a dedicated CPU   protects all other CPUs from interrupts, and   i...
CPU Affinities: Separating Threads Locking thread A to one CPU and threads B, C, ... to other CPUs may increase As perform...
CPU Affinities: Separating Threads Locking thread A to one CPU and threads B, C, ... to other CPUs may increase As perform...
CPU Affinities: Grouping ThreadsLocking threads A and B to the same CPU  will increase shared memory communication between...
CPU Affinities: Grouping ThreadsLocking threads A and B to the same CPU  will increase shared memory communication between...
CPU Affinities: Difficult Decisionswhat if A and B both computation intensive andboth access the same shared memory?How ca...
Multicore Scheduling for Realtime A pure priority based scheduler is not sufficient: Imagine three tasks A, B, C on 2 CPUS...
Multicore Scheduling for Realtime   Priorities will cause deadline missCPU0         A pri=10                       C pri=9...
Multicore Scheduling for Realtime   Priorities will cause deadline missCPU0CPU1             A pri=10             B pri=10 ...
Multicore Scheduling for Realtime   CPU affinities do not helpCPU0    A pri=10, {CPU0}                    C pri=9CPU1    B...
Multicore Scheduling for Realtime   Round robin could helpCPU0   A       C       B       A        C      BCPU1       B    ...
Multicore Scheduling for Realtime   Round robin could helpCPU0   A       C       B       A        C      B                ...
Performance on MulticoreSynchronization is expensiveCan synchronization be avoided?Can lock free algorithms be used?  Use ...
Lock Free AlgorithmsTypical code sequencedo  {    x = counter;    result = CAS(counter,x,x+1);  }while (result != x);     ...
Compare-and-Swap IssuesTypical code sequencedo  {    x = counter;    result = CAS(counter,x,x+1);  }while (result != x);Wh...
Compare-and-Swap Issues                                                            On dual core:Typical code sequencedo  {...
Lock Free Library CodeUsing libraries helpsAtomicInteger counter = new AtomicInteger();void increment(){  (void)counter.in...
Compare-and-Swap SolutionsOne way state changes, without retryBounded number of retries     Multi-Core for Real-Time and S...
One Way State Changes Using CAS Example code for (i=0; i<N; i++)   {     new Thread()        {         public void run()  ...
Bounding Retries for CASintroduce long enough code sections in between2 compare-and-swap loopsthen, if a retry is required...
Bounding Retries for CAS: Example     AtomicInteger counter = new AtomicInteger();      static final int GRANULARITY = 64;...
MeasurementsNumber of CAS tries is bounded: 1E+11 1E+10  1E+9  1E+8                                                       ...
CAS Lists   List modifaction using CAS, single linked list             A                          B                       ...
CAS Lists   Add              A                         B                         Chead              next                  ...
CAS Lists   Add              A                         B                         Chead              next                  ...
CAS Lists   Add: CAS(head,A,X)              A                         B                         Chead              next   ...
CAS Lists   Add: CAS(head,A,X)               A                          B                         Chead               nex...
CAS Lists   Add              A                         B                         Chead              next                  ...
CAS Lists   Remove           A                          B                         Chead            next                   ...
CAS Lists   Remove: CAS(head,A,B)           A                          B                         Chead            next    ...
CAS Lists   Remove: CAS(head,A,B)           A                          B                         Chead           next    ...
CAS Lists   Remove                                      B                         Chead                                   ...
CAS Lists, ABA Problem   Now, consider concurrent modifications:Thread 1          head                            A       ...
CAS Lists, ABA ProblemThread 1          head                            A                                next             ...
CAS Lists, ABA ProblemThread 1          head                            A                                next             ...
CAS Lists, ABA ProblemThread 1          head                            A                                next             ...
CAS Lists, ABA ProblemThread 1          head                            A                                next             ...
CAS Lists, ABA ProblemThread 1          head                            A                                next             ...
CAS Lists, ABA ProblemThread 1          head                            A                                next             ...
CAS Lists, ABA ProblemThread 1          head                            A                                next             ...
CAS Lists, ABA ProblemThread 1          head                            A                                next             ...
CAS Lists, ABA ProblemThread 1          head                            A                                next             ...
CAS Lists, ABA ProblemThread 1          head                            A                                next             ...
ABA Problem: SolutionsNon solution: In C: free() after remove  Reason: newly allocated block may be sameSolution: In Java:...
ABA Solved via Modification CounterThread 1        head: 42                            A                                ne...
ABA Solved via Modification CounterThread 1        head: 42                            A                                ne...
ABA Solved via Modification CounterThread 1        head: 42                            A                                ne...
ABA Solved via Modification CounterThread 1        head: 42                            A                                ne...
ABA Solved via Modification CounterThread 1        head: 42                            A                                ne...
ABA Solved via Modification CounterThread 1         head: 42                            A                                n...
ABA Solved via Modification CounterThread 1         head: 42                            A                                n...
ConclusionCode that runs well on single CPU may fail onmulticoreClear semantics of concurrent code is requiredfor function...
Thank you.Please come see us at booth 2306    Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls   ...
Upcoming SlideShare
Loading in...5
×

Multicoreexpo2011 05-05fridiusingtemplate-110518193827-phpapp02

160

Published on

Aicas,Inc.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
160
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Multicoreexpo2011 05-05fridiusingtemplate-110518193827-phpapp02

  1. 1. aicas Technology Multicore for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas Dr. James J. Hunt, CEO aicas MultiCoreExpo 2011, 5th May 2011 Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 1
  2. 2. AgendaRace conditions Reaching peakSynchronization performance CPU affinitiesAtomic operations Multicore schedulingMemory model Lock free algorithmsValues out of thin air Compare and Swap Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 2
  3. 3. Typical Problems on Multicoretypical code sequence (C/C++ or Java)int counter; void increment(){  counter++; } Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 3
  4. 4. Typical Problems on Multicoretypical code sequence (C/C++ or Java)int counter; void increment(){  counter++; }  r1 = counter;  r2 = r1 + 1;  counter = r2;  Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 4
  5. 5. Typical Problems on Multicoretypical code sequence (C/C++ or Java)int counter; void increment() Thread 1 Thread 2{  counter++; }  r1 = counter;  r2 = r1 + 1;  counter = r2;  r1 = counter;  r2 = r1 + 1;  counter = r2;  Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 5
  6. 6. Typical Problems on Multicoretypical code sequence (C/C++ or Java)int counter; void increment() Thread 1 Thread 2{  counter++; }  r1 = counter;  r2 = r1 + 1;  counter = r2;  r1 = counter;  r2 = r1 + 1;  counter = r2;  An increment can get lost! Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 6
  7. 7. Typical Problems on Multicoretypical code sequence (C/C++ or Java) int counter; void increment(){  counter++; } Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 7
  8. 8. Typical Problems on Multicoretypical code sequence (C/C++ or Java) int counter; void increment(){  counter++; }code lacks synchronizationbut on a single core, it practically always works!on a multicore, chances for failure explode! Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 8
  9. 9. Synchronizationsolution: synchronizeint counter; synchronized void increment(){  counter++; }Easy, problem solved.Right? See later. Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 9
  10. 10. Atomic OperationsWhat is the result ofint a, b;  /* 32 bit, initially 0 */Thread 1 Thread 2b = a;         a = ­1; ? Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 10
  11. 11. Atomic OperationsWhat is the result ofint a, b;  /* 32 bit, initially 0 */Thread 1 Thread 2b = a;         a = ­1; ?b == 0b == ­1 Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 11
  12. 12. Atomic OperationsWhat is the result oflong a, b;  /* 64 bit, initially 0 */Thread 1 Thread 2b = a;         a = ­1; ? Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 12
  13. 13. Atomic OperationsWhat is the result oflong a, b;  /* 64 bit, initially 0 */Thread 1 Thread 2b = a;         a = ­1; ?b == 0b == ­1b == ­4294967296b == 4294967295 Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 13
  14. 14. Cache StructureCPUs may have local caches for performance Main Memory L2 Cache L2 CacheL1 Cache L1 Cache L1CPU0 Cache L1CPU1 Cache CPU0 CPU1 CPU2 CPU0 CPU1 CPU3 Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 14
  15. 15. Cache Structure Main Memory L2 Cache L2 Cache L1 Cache L1 Cache L1 Cache L1 Cache CPU0 CPU1 CPU2 CPU3Modifications do not become visible immediatelyModifications may be re-orderedReads may refer to outdated (cached) dataReads may be re-ordered Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 15
  16. 16. Typical Problems on Multicorepolling updatelong counter;[..]do   {    doSomething();   }while (counter < MAX);counter is incremented by parallel threadon a Multicore, changes to counter may notbecome visible! Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 16
  17. 17. Typical Problems on Multicorepolling updatelong counter; [..]do   {    doSomething();   }while (counter < MAX);counter is incremented by parallel threadon a Multicore, changes to counter may notbecome visible! Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 17
  18. 18. Solution: volatile?polling updatevolatile long counter;[..]do   {    doSomething();   }while (counter < MAX);works for Javadoes not work for C! Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 18
  19. 19. Solution: volatile?polling updatevolatile long counter;[..]do   {    doSomething();   } while (counter < MAX);works for Javadoes not work for C! Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 19
  20. 20. Understanding the Memory Model Memory model specifies what optimizations are permitted by the compiler or underlying hardware C/C++ programs have undefined semantics in case of race conditions Java defines a strict memory model Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 20
  21. 21. Javas Memory Modelordering operations are synchronized block accessing a volatile variableThe presence of an ordering operationdetermines the visible state in shared memory Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 21
  22. 22. Javas Memory Model: Defined Order all reads are completed before entering synchronized block, or reading a volatile variable  read fence all writes are completed before exiting a synchronized block, or writing a volatile variable  write fence Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 22
  23. 23. Javas Memory Model: Data Races data races are not forbidden in Java you can use shared memory variables your code has to tolerate optimizations examples collecting debugging / profiling information useful if occasional errors due to data races are tolerable Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 23
  24. 24. Memory Model ExampleShared memory communicationPtr     p;boolean p_valid;Thread 1p = new Ptr();        p_valid = true;                                     Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 24
  25. 25. Memory Model ExampleShared memory communicationPtr     p;boolean p_valid;Thread 1 Thread 2p = new Ptr();          p_valid = true;                                                                   Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 25
  26. 26. Memory Model ExampleShared memory communicationPtr     p;boolean p_valid;Thread 1 Thread 2p = new Ptr();          if (p_valid)p_valid = true;           p.call();                            Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 26
  27. 27. Memory Model ExampleShared memory communicationThread 1 Thread 2p = new Ptr();          if (p_valid)p_valid = true;           p.call();                            Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 27
  28. 28. Memory Model ExampleShared memory communicationThread 1 Thread 2p = new Ptr();          if (p_valid)p_valid = true;           p.call();What may happen: Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 28
  29. 29. Memory Model ExampleShared memory communicationThread 1 Thread 2p = new Ptr();          if (p_valid)p_valid = true;           p.call();What may happen:t1 = new Ptr();         t2 = true;                p_valid = t2;               p = t1;                    Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 29
  30. 30. Memory Model ExampleShared memory communicationThread 1 Thread 2p = new Ptr();          if (p_valid)p_valid = true;           p.call();What may happen:t1 = new Ptr();         t2 = true;                p_valid = t2;               p = t1;                   Writes reordered! Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 30
  31. 31. Memory Model ExampleShared memory communicationThread 1 Thread 2p = new Ptr();          if (p_valid)p_valid = true;           p.call();What may happen:t1 = new Ptr();         t2 = true;                p_valid = t2;              p = t1;                                    Writes reordered! Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 31
  32. 32. Memory Model ExampleShared memory communicationThread 1 Thread 2p = new Ptr();          if (p_valid)p_valid = true;           p.call();What may happen:t1 = new Ptr();         t3 = p;t2 = true;              if (p_valid)  p_valid = t2;             t3.call();  p = t1;                                    Writes reordered! Reads reordered! Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 32
  33. 33. Memory Model Example Shared memory communicationThread 1 Thread 2p = new Ptr();          if (p_valid)p_valid = true;           p.call();What may happen:t1 = new Ptr();         t3 = p;t2 = true;              if (p_valid)  p_valid = t2;             t3.call();  p = t1;                                    Writes reordered! Reads reordered! Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 33
  34. 34. Example Use of Javas Memory Model Shared memory communication volatile Ptr     p; volatile boolean p_valid; Thread 1 Thread 2 p = new Ptr();          if (p_valid) p_valid = true;           p.call(); in Java Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 34
  35. 35. Example Use of Javas Memory Model Shared memory communication volatile Ptr     p; volatile boolean p_valid; Thread 1 Thread 2 p = new Ptr();          if (p_valid)  p_valid = true;           p.call(); in Java Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 35
  36. 36. Example Use of Javas Memory Model Shared memory communication volatile Ptr     p; volatile boolean p_valid; Thread 1 Thread 2   p = new Ptr();          if (p_valid) p_valid = true;           p.call(); in Java Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 36
  37. 37. Example Use of Cs Memory Model Shared memory communication volatile Obj    *p; volatile boolean p_valid; Thread 1 Thread 2 p = malloc(..);         if (p_valid) p_valid = TRUE;           p­>f = ..;(); in C? Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 37
  38. 38. Example Use of Cs Memory Model Shared memory communication volatile Obj    *p; volatile boolean p_valid; Thread 1 Thread 2 p = malloc(..);         if (p_valid) p_valid = TRUE;           p­>f = ..;(); in C? CPU may reorder memory accesses!   Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 38
  39. 39. Example Use of Cs Memory Model Shared memory communication volatile Obj    *p; volatile boolean p_valid;  Thread 1 Thread 2 p = malloc(..);         if (p_valid) p_valid = TRUE;           p­>f = ..;(); in C? CPU may reorder memory accesses!   Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 39
  40. 40. Example Use of Cs Memory Model Shared memory communication volatile Obj    *p; volatile boolean p_valid;   Thread 1 Thread 2 p = malloc(..);         if (p_valid) p_valid = TRUE;           p­>f = ..;(); in C? CPU may reorder memory accesses!    Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 40
  41. 41. Example Use of Cs Memory Model Shared memory communication volatile Obj    *p; volatile boolean p_valid; Thread 1 Thread 2 p = malloc(..);         if (p_valid) p_valid = TRUE;           p­>f = ..; How to fix it? Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 41
  42. 42. Example Use of Cs Memory Model Shared memory communication volatile Obj    *p; volatile boolean p_valid; Thread 1 Thread 2 p = malloc(..);         if (p_valid) asm volatile(             p­>f = ..;   "sfence":::"memory");      p_valid = TRUE;            How to fix it? Add memory fences! Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 42
  43. 43. Example Use of Cs Memory Model Shared memory communication volatile Obj    *p; volatile boolean p_valid; Thread 1 Thread 2 p = malloc(..);         if (p_valid) asm volatile(             {   "sfence":::"memory");     asm volatile( p_valid = TRUE;             "lfence":::"memory");                             p­>f = ..;                           } How to fix it? Add memory fences! Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 43
  44. 44. Example Use of Cs Memory Model Shared memory communication volatile Obj    *p; volatile boolean p_valid; Thread 1 Thread 2 p = malloc(..);         if (p_valid) asm volatile(             {    "sfence":::"memory");     asm volatile(  p_valid = TRUE;             "lfence":::"memory");                             p­>f = ..;                           } How to fix it? Add memory fences! Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 44
  45. 45. Out of Thin Airimagine this codeint x = 0, n = 0;Thread 1 Thread 2for (i=0; i<n; i++)     x = 42;  x += f(i);            print(x); Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 45
  46. 46. Out of Thin Airimagine this codeint x = 0, n = 0;Thread 1 Thread 2for (i=0; i<n; i++)     x = 42;  x += f(i);            print(x);can only print 42 in Java Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 46
  47. 47. Out of Thin Air: Introduction of Writes loop optimization in C/C++ int x = 0, n = 0; Thread 1 Thread 2 tmp = x;                 for (i=0; i<n; i++)     x = 42;   tmp += f(i); x = tmp;                                         print(x); Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 47
  48. 48. Out of Thin Air: Introduction of Writes loop optimization in C/C++ int x = 0, n = 0; Thread 1 Thread 2 tmp = x;                 for (i=0; i<n; i++)     x = 42;   tmp += f(i); x = tmp;                                         print(x); can print 0 in C/C++ Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 48
  49. 49. Out of Thin Airimagine this codeint x = 0, y = 0;Thread 1 Thread 2r1 = x;                 r2 = y;y = r1;                 x = r2; Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 49
  50. 50. Out of Thin Airimagine this codeint x = 0, y = 0;Thread 1 Thread 2r1 = x;                 r2 = y;y = r1;                 x = r2;Expected result  x == 0; y == 0;Only possible result in Java Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 50
  51. 51. Out of Thin Air: Optimization in C/C++ imagine this code int x = 0, y = 0; Thread 1 Thread 2 y = 42;                 r2 = y; r1 = x;                 x = r2; if (r1 != 42)   y = r1; Possible results in upcoming C++ MM   x == 42; y == 42; Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 51
  52. 52. Performance on Multicore: Example Single core application, 3 threads All threads synchronize frequently on same lock Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 52
  53. 53. Performance on Multicore: Example Single core application, 3 threads All threads synchronize frequently on same lock while (true)   {     synchronized (lock)       {         counter++;        }     doSomething();    } Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 53
  54. 54. Performance on Multicore: Example Single core application, 3 threads Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 54
  55. 55. Performance on Multicore: Example Single core application, 3 threads On a multicore Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 55
  56. 56. Performance on a MulticoreFrequent synchronization can kill the performanceTypical non-RTOS will use heuristics to improveaverage performance spin-lock for a short time blocking for longer periods Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 56
  57. 57. Performance on a MulticoreThese heuristics introduce priority-inversion andgenerally destroy predictabilityA typical semaphore implementation does not take thread priority into account does not limit worst-case-execution-time Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 57
  58. 58. CPU AffinitiesOSes provide APIs to lock threads certain CPUsThis limits the decision space of the RTOS a global scheduler for n CPUs would always run the n highest priority threads with affinities, this may not be possible, e.g., if the two highest priority threads are locked to the same CPU CPU affinities can introduce priority inversion!So what are CPU affinities good for? Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 58
  59. 59. CPU Affinities: No More interruptsLocking interrupts to a dedicated CPU protects all other CPUs from interrupts, and invalidated cashesWCETA is simplified considerably Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 59
  60. 60. CPU Affinities: No More interruptsLocking interrupts to a dedicated CPU protects all other CPUs from interrupts, and invalidated cashesWCETA is simplified considerably Interrupt CPU0 non-RT Task CPU1 A A A A A A A A A A A RT Task Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 60
  61. 61. CPU Affinities: Separating Threads Locking thread A to one CPU and threads B, C, ... to other CPUs may increase As performance. A will not be preempted by B, C, .. A will not see its caches invalidated by B, C, ... Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 61
  62. 62. CPU Affinities: Separating Threads Locking thread A to one CPU and threads B, C, ... to other CPUs may increase As performance. A will not be preempted by B, C, .. A will not see its caches invalidated by B, C, ... CPU0 B B B B B non-RT Task CPU1 A A A A A A A A A A A RT Task CPU2 B C B C B C Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 62
  63. 63. CPU Affinities: Grouping ThreadsLocking threads A and B to the same CPU will increase shared memory communication between A and B will avoid performance degradation on locking will enable simple scheduling analysis (RMA) Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 63
  64. 64. CPU Affinities: Grouping ThreadsLocking threads A and B to the same CPU will increase shared memory communication between A and B will avoid performance degradation on locking will enable simple schedule feasibility analysis (RMA)CPU0 C D C DC D E G D RT Task ACPU1 A B A BA B A RT Task BCPU2 E E G E E C E Other Task Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 64
  65. 65. CPU Affinities: Difficult Decisionswhat if A and B both computation intensive andboth access the same shared memory?How can we use idle time?... Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 65
  66. 66. Multicore Scheduling for Realtime A pure priority based scheduler is not sufficient: Imagine three tasks A, B, C on 2 CPUS A B C Release Deadline Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 66
  67. 67. Multicore Scheduling for Realtime Priorities will cause deadline missCPU0 A pri=10 C pri=9CPU1 B pri=10 Release Deadline Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 67
  68. 68. Multicore Scheduling for Realtime Priorities will cause deadline missCPU0CPU1 A pri=10 B pri=10  C pri=9 Release Deadline Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 68
  69. 69. Multicore Scheduling for Realtime CPU affinities do not helpCPU0 A pri=10, {CPU0} C pri=9CPU1 B pri=10, {CPU1} Release Deadline Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 69
  70. 70. Multicore Scheduling for Realtime Round robin could helpCPU0 A C B A C BCPU1 B A C B A C Release Deadline Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 70
  71. 71. Multicore Scheduling for Realtime Round robin could helpCPU0 A C B A C B CPU1 B A C B A C Release Deadline Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 71
  72. 72. Performance on MulticoreSynchronization is expensiveCan synchronization be avoided?Can lock free algorithms be used? Use compare and swap (CAS) instructions instead Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 72
  73. 73. Lock Free AlgorithmsTypical code sequencedo  {    x = counter;    result = CAS(counter,x,x+1);  }while (result != x); Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 73
  74. 74. Compare-and-Swap IssuesTypical code sequencedo  {    x = counter;    result = CAS(counter,x,x+1);  }while (result != x);What is the WCET? ∞? Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 74
  75. 75. Compare-and-Swap Issues On dual core:Typical code sequencedo  {    x = counter;    result = CAS(counter,x,x+1);  } frequencywhile (result != x);What is the WCET? ∞? # iterations Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 75
  76. 76. Lock Free Library CodeUsing libraries helpsAtomicInteger counter = new AtomicInteger();void increment(){  (void)counter.incrementAndGet();}Code is easier and saferHand made lock free algorithms are not fornormal application development Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 76
  77. 77. Compare-and-Swap SolutionsOne way state changes, without retryBounded number of retries Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 77
  78. 78. One Way State Changes Using CAS Example code for (i=0; i<N; i++)   {     new Thread()        {         public void run()           {             CAS(state,INIT,STARTING);              [..]           }       }.start();    } Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 78
  79. 79. Bounding Retries for CASintroduce long enough code sections in between2 compare-and-swap loopsthen, if a retry is required, one other CPU wassuccessfulafter n-1 conflicts, one can be sure that all otherCPUs are outside the CAS loop Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 79
  80. 80. Bounding Retries for CAS: Example     AtomicInteger counter = new AtomicInteger();      static final int GRANULARITY = 64;     [..]     new Thread(){       int local_counter;        public void incCounter() {         local_counter++;         if (local_counter >= GRANULARITY) {           local_counter = 0;           counter.addAndSet(GRANULARITY);         }       }     }.start();  Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 80
  81. 81. MeasurementsNumber of CAS tries is bounded: 1E+11 1E+10 1E+9 1E+8 1 1E+7 2 3 1E+6 4 1E+5 5 6 1E+4 7 1E+3 8 1E+2 9 1E+1 1E+0 1E-1 alloc free sweep available MemoryOn 8-CPU x86 system (Linux) Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 81
  82. 82. CAS Lists List modifaction using CAS, single linked list A B Chead next next next data data data Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 82
  83. 83. CAS Lists Add A B Chead next next next data data data X next data Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 83
  84. 84. CAS Lists Add A B Chead next next next data data data X next data Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 84
  85. 85. CAS Lists Add: CAS(head,A,X) A B Chead next next next data data data X next data Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 85
  86. 86. CAS Lists Add: CAS(head,A,X) A B Chead  next next next data data data X next data Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 86
  87. 87. CAS Lists Add A B Chead next next next data data data X next data Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 87
  88. 88. CAS Lists Remove A B Chead next next next data data data Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 88
  89. 89. CAS Lists Remove: CAS(head,A,B) A B Chead next next next data data data Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 89
  90. 90. CAS Lists Remove: CAS(head,A,B) A B Chead  next next next data data data Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 90
  91. 91. CAS Lists Remove B Chead next next data data Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 91
  92. 92. CAS Lists, ABA Problem Now, consider concurrent modifications:Thread 1 head A next B next C next Thread 2 data data data Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 92
  93. 93. CAS Lists, ABA ProblemThread 1 head A next B next C next Thread 2remove: data data dataCAS(head,A,B) Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 93
  94. 94. CAS Lists, ABA ProblemThread 1 head A next B next C next Thread 2remove: data data datapre e mp tedCAS(head,A,B) Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 94
  95. 95. CAS Lists, ABA ProblemThread 1 head A next B next C next Thread 2remove: data data data remove: CAS(head,A,B)pre e mp tedCAS(head,A,B) Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 95
  96. 96. CAS Lists, ABA ProblemThread 1 head A next B next C next Thread 2remove: data data data remove: CAS(head,A,B) B Cpre head next next data data e mp tedCAS(head,A,B) Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 96
  97. 97. CAS Lists, ABA ProblemThread 1 head A next B next C next Thread 2remove: data data data remove: CAS(head,A,B) B Cpre head next next data data remove: e CAS(head,B,C) mp tedCAS(head,A,B) Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 97
  98. 98. CAS Lists, ABA ProblemThread 1 head A next B next C next Thread 2remove: data data data remove: CAS(head,A,B) B Cpre head next next data data remove: e CAS(head,B,C) mp C head next t data edCAS(head,A,B) Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 98
  99. 99. CAS Lists, ABA ProblemThread 1 head A next B next C next Thread 2remove: data data data remove: CAS(head,A,B) B Cpre head next next data data remove: e CAS(head,B,C) mp C head next t data ed add A: CAS(head,C,A)CAS(head,A,B) Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 99
  100. 100. CAS Lists, ABA ProblemThread 1 head A next B next C next Thread 2remove: data data data remove: CAS(head,A,B) B Cpre head next next data data remove: e CAS(head,A,B) mp C head next t data ed A C add A: head next next CAS(head,C,A) data dataCAS(head,A,B) Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 100
  101. 101. CAS Lists, ABA ProblemThread 1 head A next B next C next Thread 2remove: data data data remove: CAS(head,A,B) B Cpre head next next data data remove: e CAS(head,A,B) mp C head next t data ed A C add A: head next next CAS(head,C,A) data dataCAS(head,A,B) B A C head next next next data data data Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 101
  102. 102. CAS Lists, ABA ProblemThread 1 head A next B next C next Thread 2remove: data data data remove: CAS(head,A,B) B Cpre head next next data data remove: e CAS(head,A,B) mp C head next  t data ed A C add A: head next next CAS(head,C,A) data dataCAS(head,A,B) B A C head next next next data data data B was re-introduced! Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 102
  103. 103. ABA Problem: SolutionsNon solution: In C: free() after remove Reason: newly allocated block may be sameSolution: In Java: only add new references Reason: GC ensures old values no longer visibleSolution: Sync all threads before reuse Example: Phase 1 moves elements from List1 to List2, Phase 2 moves elements backSolution: Use 64-/128-bit CAS and mod. counter Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 103
  104. 104. ABA Solved via Modification CounterThread 1 head: 42 A next B next C next Thread 2remove: data data datapre e mp ted Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 104
  105. 105. ABA Solved via Modification CounterThread 1 head: 42 A next B next C next Thread 2remove: data data data remove: CAS(head,A:42, B:43)pre e mp ted Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 105
  106. 106. ABA Solved via Modification CounterThread 1 head: 42 A next B next C next Thread 2remove: data data data remove: CAS(head,A:42, B C B:43) head: 43 next next data data Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 106
  107. 107. ABA Solved via Modification CounterThread 1 head: 42 A next B next C next Thread 2remove: data data data remove: CAS(head,A:42, B C B:43) head: 43 next next data data remove: C CAS(head,B:43, head: 44 next C:44) data Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 107
  108. 108. ABA Solved via Modification CounterThread 1 head: 42 A next B next C next Thread 2remove: data data data remove: CAS(head,A:42, B C B:43) head: 43 next next data data remove: C CAS(head,B:43, head: 44 next C:44) data A C add A: head: 45 next next CAS(head,C:44, data data A:45) Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 108
  109. 109. ABA Solved via Modification CounterThread 1 head: 42 A next B next C next Thread 2remove: data data data remove: CAS(head,A:42, B C B:43) head: 43 next next data data remove: C CAS(head,B:43, head: 44 next C:44) data A C add A: head: 45 next next CAS(head,C:44,CAS(head,A:42, data data A:45) B:43)retry! Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 109
  110. 110. ABA Solved via Modification CounterThread 1 head: 42 A next B next C next Thread 2remove: data data data remove: CAS(head,A:42, B C B:43) head: 43 next next data data remove: C CAS(head,B:43, head: 44 next C:44) data A C add A: head: 45 next next CAS(head,C:44,CAS(head,A:42, data data A:45) B:43) Cretry! head: 46 nextCAS(head,A:45, data C:46) Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 110
  111. 111. ConclusionCode that runs well on single CPU may fail onmulticoreClear semantics of concurrent code is requiredfor functional correctnessCost of locking may be prohibitiveCPU affinities may help, but it is difficult to makethe application more efficientLock free code is very hard to get rightA reliable memory model and good concurrentlibraries are basis to avoid pitfalls. Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 111
  112. 112. Thank you.Please come see us at booth 2306 Multi-Core for Real-Time and Safety-Critical Software: Avoid the Pitfalls Dr. Fridtjof Siebert, CTO, aicas GmbH Dr. James J. Hunt, CEO, aicas GmbH 112
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×