functional pearl: four slot asynchronous communication mechanismmrd45/dtp2013-slides.pdf · 2016....
TRANSCRIPT
![Page 1: Functional Pearl: Four slot asynchronous communication mechanismmrd45/dtp2013-slides.pdf · 2016. 4. 19. · Four slot fully asynchronous communication mechanism. reader writer latest](https://reader036.vdocuments.site/reader036/viewer/2022071501/612023425fecbe03a36739b5/html5/thumbnails/1.jpg)
Functional Pearl: Four slot asynchronouscommunication mechanism
Matthew Danish
September 17, 2013
![Page 2: Functional Pearl: Four slot asynchronous communication mechanismmrd45/dtp2013-slides.pdf · 2016. 4. 19. · Four slot fully asynchronous communication mechanism. reader writer latest](https://reader036.vdocuments.site/reader036/viewer/2022071501/612023425fecbe03a36739b5/html5/thumbnails/2.jpg)
Introduction
I Low-level systems programming with dependent types
I Simpson, 1989. Four slot fully asynchronous communicationmechanism.
reader writer
latestcoherentdata
I No synchronization or delay caused to reader or writer
I Reader sees single piece of coherent data from writer
I Requires a “four slot array” to operate safely
![Page 3: Functional Pearl: Four slot asynchronous communication mechanismmrd45/dtp2013-slides.pdf · 2016. 4. 19. · Four slot fully asynchronous communication mechanism. reader writer latest](https://reader036.vdocuments.site/reader036/viewer/2022071501/612023425fecbe03a36739b5/html5/thumbnails/3.jpg)
Four slot mechanism: state
Global state
I The ’reading’ variable, R : bit.
I The ’latest’ variable, L : bit.
I The 2-slot bit array of indices, slot : {bit, bit}.I The 4-slot array of data, array : {{α, α}, {α, α}}.
Local state
I The ’pair’ chosen by writer or reader wp, rp : bit.
I The ’index’ chosen by writer or reader wi , ri : bit.
![Page 4: Functional Pearl: Four slot asynchronous communication mechanismmrd45/dtp2013-slides.pdf · 2016. 4. 19. · Four slot fully asynchronous communication mechanism. reader writer latest](https://reader036.vdocuments.site/reader036/viewer/2022071501/612023425fecbe03a36739b5/html5/thumbnails/4.jpg)
Four slot mechanism: dataflow
'pair'
'index' reader
011001010001001000101001011010100001000100101000010000100010101111100100001100100001000101000010010111100011001100001110111011101111001011110001101101101011110001101111100
writer
011001010001001000101001011010100001000100101000010000100010101111100100001100100001000101000010010111100011001100001110111011101111011000101100011001101011110001101111100
array[0,0]
array[1,0]
array[0,1]
array[1,1]
1 0slot[]:
'reading'
'latest'
![Page 5: Functional Pearl: Four slot asynchronous communication mechanismmrd45/dtp2013-slides.pdf · 2016. 4. 19. · Four slot fully asynchronous communication mechanism. reader writer latest](https://reader036.vdocuments.site/reader036/viewer/2022071501/612023425fecbe03a36739b5/html5/thumbnails/5.jpg)
Four slot mechanism: incoherence
'pair'
'index'
reader
011001010001001000101001011010100001000100101000010000100010101111100100001100100001000101000010010111100011001100001110111011101111001011110001101101101011110001101111100
writer
011001010001001000101001011010100001000100101000010000100010101111100100001100100001000101000010010111100011001100001110111011101111011000101100011001101011110001101111100
array[0,0]
array[1,0]
array[0,1]
array[1,1]
1 0slot[]:
'reading'
'latest'
incoherent!
![Page 6: Functional Pearl: Four slot asynchronous communication mechanismmrd45/dtp2013-slides.pdf · 2016. 4. 19. · Four slot fully asynchronous communication mechanism. reader writer latest](https://reader036.vdocuments.site/reader036/viewer/2022071501/612023425fecbe03a36739b5/html5/thumbnails/6.jpg)
Four slot mechanism
Writer
WS1 wp ← ¬R
WS2 wi ← ¬slot [wp]
WS3 write data (wp,wi , item)
WS4 slot [wp]← wi
WS5 L← wp
Reader
RS1 rp ← L
RS2 R ← rp
RS3 ri ← slot [rp]
RS4 item← read data (rp, ri )
RS5 return item
![Page 7: Functional Pearl: Four slot asynchronous communication mechanismmrd45/dtp2013-slides.pdf · 2016. 4. 19. · Four slot fully asynchronous communication mechanism. reader writer latest](https://reader036.vdocuments.site/reader036/viewer/2022071501/612023425fecbe03a36739b5/html5/thumbnails/7.jpg)
Four slot mechanism
Writer
WS1 wp ← ¬R
WS2 wi ← ¬slot [wp]
WS3 write data (wp,wi , item)
WS4 slot [wp]← wi
WS5 L← wp
Reader
RS1 rp ← L
RS2 R ← rp
RS3 ri ← slot [rp]
RS4 item← read data (rp, ri )
RS5 return item
![Page 8: Functional Pearl: Four slot asynchronous communication mechanismmrd45/dtp2013-slides.pdf · 2016. 4. 19. · Four slot fully asynchronous communication mechanism. reader writer latest](https://reader036.vdocuments.site/reader036/viewer/2022071501/612023425fecbe03a36739b5/html5/thumbnails/8.jpg)
Arbitrary interleaving
I Suppose L = 1 and R = 0
WS1 wp ← ¬R RS1 rp ← L
I Now wp = rp
WS2 wi ← ¬slot [wp] RS2 R ← rp
RS3 ri ← slot [rp]
I And wi 6= ri
WS3 write data (wp,wi , item) RS4 item← read data (rp, ri )
I . . .
![Page 9: Functional Pearl: Four slot asynchronous communication mechanismmrd45/dtp2013-slides.pdf · 2016. 4. 19. · Four slot fully asynchronous communication mechanism. reader writer latest](https://reader036.vdocuments.site/reader036/viewer/2022071501/612023425fecbe03a36739b5/html5/thumbnails/9.jpg)
Arbitrary interleaving
I Suppose L = 1 and R = 0
WS1 wp ← ¬R RS1 rp ← L
I Now wp = rp
WS2 wi ← ¬slot [wp] RS2 R ← rp
RS3 ri ← slot [rp]
I And wi 6= ri
WS3 write data (wp,wi , item) RS4 item← read data (rp, ri )
I . . .
![Page 10: Functional Pearl: Four slot asynchronous communication mechanismmrd45/dtp2013-slides.pdf · 2016. 4. 19. · Four slot fully asynchronous communication mechanism. reader writer latest](https://reader036.vdocuments.site/reader036/viewer/2022071501/612023425fecbe03a36739b5/html5/thumbnails/10.jpg)
Arbitrary interleaving
I Suppose L = 1 and R = 0
WS1 wp ← ¬R RS1 rp ← L
I Now wp = rp
WS2 wi ← ¬slot [wp] RS2 R ← rp
RS3 ri ← slot [rp]
I And wi 6= ri
WS3 write data (wp,wi , item) RS4 item← read data (rp, ri )
I . . .
![Page 11: Functional Pearl: Four slot asynchronous communication mechanismmrd45/dtp2013-slides.pdf · 2016. 4. 19. · Four slot fully asynchronous communication mechanism. reader writer latest](https://reader036.vdocuments.site/reader036/viewer/2022071501/612023425fecbe03a36739b5/html5/thumbnails/11.jpg)
Arbitrary interleaving
I Suppose L = 1 and R = 0
WS1 wp ← ¬R RS1 rp ← L
I Now wp = rp
WS2 wi ← ¬slot [wp] RS2 R ← rp
RS3 ri ← slot [rp]
I And wi 6= ri
WS3 write data (wp,wi , item) RS4 item← read data (rp, ri )
I . . .
![Page 12: Functional Pearl: Four slot asynchronous communication mechanismmrd45/dtp2013-slides.pdf · 2016. 4. 19. · Four slot fully asynchronous communication mechanism. reader writer latest](https://reader036.vdocuments.site/reader036/viewer/2022071501/612023425fecbe03a36739b5/html5/thumbnails/12.jpg)
Coherency property
Theorem (Coherency)
The writer and the reader do not access the same data slot at thesame time. More precisely, this assertion must be satisfied atpotentially conflicting program points WS3 and RS4:
wp 6= rp ∨ wi 6= ri
Problem:wp and rp (wi and ri ) are local variables in separate processes
![Page 13: Functional Pearl: Four slot asynchronous communication mechanismmrd45/dtp2013-slides.pdf · 2016. 4. 19. · Four slot fully asynchronous communication mechanism. reader writer latest](https://reader036.vdocuments.site/reader036/viewer/2022071501/612023425fecbe03a36739b5/html5/thumbnails/13.jpg)
Coherency property
Theorem (Coherency)
The writer and the reader do not access the same data slot at thesame time. More precisely, this assertion must be satisfied atpotentially conflicting program points WS3 and RS4:
wp 6= rp ∨ wi 6= ri
Problem:wp and rp (wi and ri ) are local variables in separate processes
![Page 14: Functional Pearl: Four slot asynchronous communication mechanismmrd45/dtp2013-slides.pdf · 2016. 4. 19. · Four slot fully asynchronous communication mechanism. reader writer latest](https://reader036.vdocuments.site/reader036/viewer/2022071501/612023425fecbe03a36739b5/html5/thumbnails/14.jpg)
Static dependent types to the rescue!
I Observed values of atomic variables R, L, slot [] can tell usfacts about unseen state, for instance:
IRS2 R ← rp
WS1 wp ← ¬R
}wp 6= rp at WS1
IWS1 wp ← ¬R
RS2 R ← rp
}wp
?= rp at WS1
Property (Interaction of WS1 and RS2)
If wp = rp at WS1 then WS1 preceded RS2.
![Page 15: Functional Pearl: Four slot asynchronous communication mechanismmrd45/dtp2013-slides.pdf · 2016. 4. 19. · Four slot fully asynchronous communication mechanism. reader writer latest](https://reader036.vdocuments.site/reader036/viewer/2022071501/612023425fecbe03a36739b5/html5/thumbnails/15.jpg)
Static dependent types to the rescue!
I Observed values of atomic variables R, L, slot [] can tell usfacts about unseen state, for instance:
IRS2 R ← rp
WS1 wp ← ¬R
}wp 6= rp at WS1
IWS1 wp ← ¬R
RS2 R ← rp
}wp
?= rp at WS1
Property (Interaction of WS1 and RS2)
If wp = rp at WS1 then WS1 preceded RS2.
![Page 16: Functional Pearl: Four slot asynchronous communication mechanismmrd45/dtp2013-slides.pdf · 2016. 4. 19. · Four slot fully asynchronous communication mechanism. reader writer latest](https://reader036.vdocuments.site/reader036/viewer/2022071501/612023425fecbe03a36739b5/html5/thumbnails/16.jpg)
Static dependent types to the rescue!
I Observed values of atomic variables R, L, slot [] can tell usfacts about unseen state, for instance:
IRS2 R ← rp
WS1 wp ← ¬R
}wp 6= rp at WS1
IWS1 wp ← ¬R
RS2 R ← rp
}wp
?= rp at WS1
Property (Interaction of WS1 and RS2)
If wp = rp at WS1 then WS1 preceded RS2.
![Page 17: Functional Pearl: Four slot asynchronous communication mechanismmrd45/dtp2013-slides.pdf · 2016. 4. 19. · Four slot fully asynchronous communication mechanism. reader writer latest](https://reader036.vdocuments.site/reader036/viewer/2022071501/612023425fecbe03a36739b5/html5/thumbnails/17.jpg)
Static dependent types to the rescue!
TheoremIf WS1 precedes RS2 then it also precedes RS3 ri ← slot [rp].
reader
writercontrols
L, slot[]
controlsR
usesuses
I The writer controls the values of slot [] and L
I The reader has only one choice for rp, ri .
I Therefore, the writer merely needs to pick the opposite index.
I Let’s encode these kind of properties into types.
![Page 18: Functional Pearl: Four slot asynchronous communication mechanismmrd45/dtp2013-slides.pdf · 2016. 4. 19. · Four slot fully asynchronous communication mechanism. reader writer latest](https://reader036.vdocuments.site/reader036/viewer/2022071501/612023425fecbe03a36739b5/html5/thumbnails/18.jpg)
WS1
wp ← ¬R
absview ws1_read_v (R: bit, rstep: int, rp: bit)
fun get_reading_state ():[rstep: nat]
[R, rp: bit | R == rp || (R <> rp ==> rstep < 2)]
(ws1_read_v (R, rstep, rp) | bit R)
![Page 19: Functional Pearl: Four slot asynchronous communication mechanismmrd45/dtp2013-slides.pdf · 2016. 4. 19. · Four slot fully asynchronous communication mechanism. reader writer latest](https://reader036.vdocuments.site/reader036/viewer/2022071501/612023425fecbe03a36739b5/html5/thumbnails/19.jpg)
WS2
wi ← ¬slot [wp]
absview ws2_slot_v (s: bit, rp: bit, ri: bit)
fun get_write_slot_index {R, wp, rp: bit} {rstep: nat} (
pfr: !ws1_read_v (R, rstep, rp) |
wp: bit wp
): [s, ri: bit | (rstep < 3 && wp == rp) ==> s == ri)]
(ws2_slot_v (s, rp, ri) | bit s)
![Page 20: Functional Pearl: Four slot asynchronous communication mechanismmrd45/dtp2013-slides.pdf · 2016. 4. 19. · Four slot fully asynchronous communication mechanism. reader writer latest](https://reader036.vdocuments.site/reader036/viewer/2022071501/612023425fecbe03a36739b5/html5/thumbnails/20.jpg)
WS3
write data (wp,wi , item)
fun{a: t@ype} write_data
{R, s, wp, wi, rp, ri: bit | wp <> rp || wi <> ri} {rstep: nat} (
pfr: !ws1_read_v (R, rstep, rp),
pfs: !ws2_slot_v (s, rp, ri) |
wp: bit wp, wi: bit wi, item: a
): void
![Page 21: Functional Pearl: Four slot asynchronous communication mechanismmrd45/dtp2013-slides.pdf · 2016. 4. 19. · Four slot fully asynchronous communication mechanism. reader writer latest](https://reader036.vdocuments.site/reader036/viewer/2022071501/612023425fecbe03a36739b5/html5/thumbnails/21.jpg)
WS4
slot [wp]← wi
absview ws4_fresh_v (p: bit)
fun save_write_slot_index
{R, s, wp, wi, rp, ri: bit | wi <> s} {rstep: nat} (
pfr: !ws1_read_v (R, rstep, rp),
pfs: ws2_slot_v (s, rp, ri) |
wp: bit wp, wi: bit wi
): (ws4_fresh_v wp | void)
![Page 22: Functional Pearl: Four slot asynchronous communication mechanismmrd45/dtp2013-slides.pdf · 2016. 4. 19. · Four slot fully asynchronous communication mechanism. reader writer latest](https://reader036.vdocuments.site/reader036/viewer/2022071501/612023425fecbe03a36739b5/html5/thumbnails/22.jpg)
WS5
L← wp
fun save_latest_state
{R, rp, wp: bit | wp <> R} {rstep: nat} (
pfr: ws1_read_v (R, rstep, rp),
pff: ws4_fresh_v wp |
wp: bit wp
): void
![Page 23: Functional Pearl: Four slot asynchronous communication mechanismmrd45/dtp2013-slides.pdf · 2016. 4. 19. · Four slot fully asynchronous communication mechanism. reader writer latest](https://reader036.vdocuments.site/reader036/viewer/2022071501/612023425fecbe03a36739b5/html5/thumbnails/23.jpg)
write
(* Step 1 *)
val (pfr | R) = get_reading_state ()
val wp = not R
(* Step 2 *)
val (pfs | s) = get_write_slot_index (pfr | wp)
val wi = not s
(* Step 3 *)
val _ = write_data (pfr, pfs | wp, wi, item)
(* Step 4 *)
val (pff | _) = save_write_slot_index (pfr, pfs | wp, wi)
(* Step 5 *)
val _ = save_latest_state (pfr, pff | wp)
WS1 wp ← ¬R
WS2 wi ← ¬slot[wp
]
WS3 write data(wp ,wi , item
)
WS4 slot[wp
]← wi
WS5 L← wp
![Page 24: Functional Pearl: Four slot asynchronous communication mechanismmrd45/dtp2013-slides.pdf · 2016. 4. 19. · Four slot fully asynchronous communication mechanism. reader writer latest](https://reader036.vdocuments.site/reader036/viewer/2022071501/612023425fecbe03a36739b5/html5/thumbnails/24.jpg)
Conclusion
I No overhead: Types erased during compilation.
I Each step compiles to a line or two of C code.
I Dependent types mixed with systems programming.
I Stronger specifications, more confidence, fewer bugs.