View-Centric Reasoning in Modern Computing Systems Marc L. Smith (Colby College) Rebecca J. Parsons...

View-Centric Reasoning in Modern Computing Systems

Marc L. Smith (Colby College)

Rebecca J. Parsons (ThoughtWorks, Inc.)

Charles E. Hughes (U. of Central Florida)

Third International Conference on

Communications in Computing

June 24-27, 2002

24 June 2002 VCR in Modern Computing Systems - Smith, Parsons, Hughes

2

The greatest problem with communication is the illusion it has been accomplished.

- George Bernard Shaw


3

Divide and Conquer

• Traditional Domains– algorithm design– system decomposition

• Traditional Assumptions– sequential computation– one “step” at a time

• Traditional Role of Communication– Interprocess? Program I/O (only one thread of execution)– Intraprocess? parameter passing, global/instance variables– No additional need for coordination

• But, nothing to preclude…


4

Concurrent Divide and Conquer

• D&C imposes no sequential restrictions

• Could have concurrently computing sub-processes!– parallel / distributed computing

– P2P / n-Tier / Middleware - based architectures

– i.e., Modern Computing Systems

• But, consequences of concurrency include– nondeterminism (what might happen)

– need for true interprocess communication (and coordination)

– communication events are observable behavior

– possibility of simultaneously occurring events


5

View-Centric Reasoning(VCR)

• Observation-based model– reasoning via observation

• For a Modern Computing System– sub-processes represent the observers of a computation– communications represent the events of a computation– observers may each see a different view– observers might not be perfect (why?)

• In VCR, represent– what might happen (nondeterminism)– what did happen (history)– what appeared to happen (views)


6

VCR Inspired by CSP

• Communicating Sequential Processes (CSP)– seminal work by [Hoare 1985], demonstrated

reasoning about computation via trace– process described by its observable events– observer records the history of a computation– what about event simultaneity?

• synchronization? (record one event in trace)• otherwise record arbitrary interleaving of all events

– history is a sequentialized trace of events


7

Reasoning about what?

• Properties of computation [Andrews 2000]– a program property is an attribute that is true for every

possible execution of that program

• Categories of program properties– safety: nothing bad ever happens

• program never enters a state in which some variables have undesirable values (e.g., partial correctness)

– liveness: something good eventually happens• program will enter a state in which variables have desirable

values (e.g., termination)

– combination of both (e.g., total correctness)


8

VCR about what?

• Questions that do not arise in sequential computation– critical sections– mutual exclusion – race conditions– deadlock– finite postponement


9

VCR Abstractions

• Events and un-events• Two new event aggregates

– parallel event (unordered)– ROPE (Randomly Ordered Parallel Event)

• Event aggregates – serve as trace primitives– provide context for event simultaneity

• Two new types of traces– history (sequence of parallel events)– view (sequence of ROPEs)


10

VCR Implications

• One history may have many corresponding views!• History and views permit us to reason about

properties we couldn’t with sequentialized traces– we can generate all possible views from a history– the reverse is not true

• Consider sequentialized trace: A, A, A, A– assume perfect observation, and that this trace

represents all possible interleavings– possible histories: <{A,A,A},{A}> or

<{A,A},{A,A}> or other parallel event traces?


11

Linda and Tuple Space

• Pioneered by [Gelernter 1985]– Distinct from shared memory and message passing– Exhibits “communication orthogonality.” Decoupled in

• destination (anonymous senders and receivers)• space (heterogeneous architectures / OSs)• time (processes need not run at same time to communicate)

• Tuple Space (the container)– chalkboard architecture– a shared, associative memory– contains tuples


12

Linda and Tuple Space

• Tuples (the contents)– sequences of values / value-yielding computations

– may be active or passive

– matched, not addressed

• Linda (the language)– primitives augment an existing computational language

• rd(template), in(template) //synchronous

• out(tuple), eval(tuple) //asynchronous

• rdp(template), inp(template) //trouble…


13

JavaSpaces

• From Sun Microsystems, Inc. – a service provided by the Jini architecture– an implementation of Linda and tuple space– for more information, see [Freeman, et al 1999]

• Provides predicate versions of rd() and in()• JavaSpaces Service Specification

– includes section on Operation Ordering– “Operations on a space are unordered. …”– example given is our case study


14

Case Study: Linda predicate ambiguity(an interaction point in tuple space)

Tuple Space

rdp(t’).U inp(t’).V out(t).T

t:

? ?


15

Nondeterminism

• Two levels– Success or failure of the predicates– Observer’s order of interleaving

• First level– Suppose process U and V’s predicate operations fail.– Parallel event: {¬inp(t’), ¬rdp(t’), out(t)}

• Second level– six possible interleavings!– assuming perfect observation


16

Sequentialized Trace Possibilities

– …, ¬inp(t’), ¬rdp(t’), out(t), …– …, ¬inp(t’), out(t), ¬rdp(t’), …– …, ¬rdp(t’), ¬inp(t’), out(t), …– …, ¬rdp(t’), out(t), ¬inp(t’), …– …, out(t), ¬inp(t’), ¬rdp(t’), …– …, out(t), ¬rdp(t’), ¬inp(t’), …

• What can we say about the state of TS immediately after a failed predicate operation?

• What is the meaning of a failed predicate operation?– ambiguous [Jensen 1994]– the two levels of nondeterminism are entangled


17

As the ith ROPE in a View

…[ROPEi-1], [¬inp(t’),¬rdp(t’), out(t) ], [ROPEi+1]…

…[ROPEi-1], [¬inp(t’), out(t), ¬rdp(t’)], [ROPEi+1]…

…[ROPEi-1], [¬rdp(t’),¬inp(t’), out(t) ], [ROPEi+1]…

…[ROPEi-1], [¬rdp(t’), out(t), ¬inp(t’)], [ROPEi+1]…

…[ROPEi-1], [ out(t), ¬inp(t’),¬rdp(t’)], [ROPEi+1]…

…[ROPEi-1], [ out(t), ¬rdp(t’),¬inp(t’)], [ROPEi+1]…

• What is the meaning of a failed predicate operation now?

– not ambiguous

– ROPEs detangle the two levels of nondeterminism

– all six orderings preserve the same meaning


18

Conclusions

• Reasoning about event simultaneity– difficult using interleaved traces– higher level of abstraction desired

• View-Centric Reasoning introduces– event aggregates

• parallel events (unordered)• ROPEs (ordered)

– two types of traces• history (perfect, one per computation)• views (possibly imperfect, multiple per history)


19

Conclusions

• View-Centric Reasoning provides– a new framework for reasoning about properties of

modern computing systems

• Demonstrated usefulness of VCR– by disambiguating the meaning of Linda predicate

operations

• Reasoning about meaning of Linda predicate operations is relevant due to– commercial TS implementations by Sun, IBM,

GigaSpaces, and others


20

Formal Work / Future

• VCR instantiated for – Actors (message passing)– Linda (generative communication)

• Equivalence proofs (via bisimulation)– restricted VCR instances (transition density = 1)– vs. Actor Theories [Mason and Talcott, 1997]– vs. TSspec [Jensen, 1994]

• Next VCR instantiation?– publish / subscribe metaphor– reason about DES (e.g., HLA’s RTI)


21

Formal Work / Future

• Composition– Flipside of divide and conquer

• build new systems by composing existing systems

– How?• parameter of VCR’s operational semantics• trees, graphs to represent• grammars to generate

– So far, for multiple tuple spaces– In general, heterogeneous systems…


22

References• Smith, M. L. (2000). View-centric Reasoning about Parallel and

Distributed Computation. Ph.D. thesis, University of Central Florida.• Gelernter, D. (1985). Generative Communication in Linda. ACM

Transactions on Programming Languages and Systems, 7(1).• Freeman, E., Hupfer, S., and Arnold, K. (1999). JavaSpaces:

Principles, Patterns, and Practice. The Jini Technology Series. Addison Wesley.

• Hoare, C. (1985). Communicating Sequential Processes. Prentice Hall International Series in Computer Science.

• Andrews, G. R. (2000). Foundations of Multithreaded, Parallel, and Distributed Programming. Addison-Wesley.

• Jensen, K. K. (1994). Towards a Multiple Tuple Space Model. Ph.D. thesis, Aalborg University.

• Mason, I., and Talcott, C. (1997). “A Semantics Preserving Actor Translation.” LNCS, 1256:369-378.

View-Centric Reasoning in Modern Computing Systems Marc L. Smith (Colby College) Rebecca J. Parsons...

Documents

Transcript of View-Centric Reasoning in Modern Computing Systems Marc L. Smith (Colby College) Rebecca J. Parsons...