

T. HOEFLER, M. PUESCHEL

## **Lecture 3: Memory Models**

Teaching assistant: Salvatore Di Girolamo

Motivational video: <a href="https://www.youtube.com/watch?v=tW2hT0q40Us">https://www.youtube.com/watch?v=tW2hT0q40Us</a>

































Based on the presented data, one may conclude that using **-03** is always a good idea.



ct of GCC -O3 opt

The presented data set contains only **a subset** of the Mantevo benchmark suite.

#### · Miniapps:

- \*CloverLeaf: Version 1.1, Reference Version 1.1
- \*\*CloverLeaf3D: Version 1.0, Reference Version 1.0
- CoMD: Reference Version 1.1
- HPCCG: Reference Version 1.0
- \*\*MiniAero: Version 1.0
- \*\*MiniAMR: Version 1.0, Reference Version 1.0
- \*MiniFE: Version 2.0.1 (new openmp\_opt version), Reference Version 2.0
- MiniGhost: Version 1.0.1, Reference Version 1.0.1
- \*MiniMD: Version 1.2 (update in upcoming minor suite release), Reference Version 2.0
- \*MiniSMAC2D: Reference Version 2.0 (5kx5k, 7kx7k test inputs)
- MiniXyce: Reference Version 1.0
- \*\*Pathfinder: Version 1.0.0
- \*\*TeaLeaf: Version 1.0, Reference Version 1.0

#### Minidrivers:

- \*CleverLeaf: Version 2.0, Reference Version 2.0
- EpetraBenchmarkTest: Version 1.0

The incompleteness of data may lead to wrong conclusions.

Sometimes **-03** may not be a good idea for a code: e.g., vectorization (enabled by **-03**) may segfault on a loop which does unaligned memory access on some x86. But this is not demonstrated by the presented dataset.









Based on the presented data, one may conclude that using **-O3** is always a good idea.

ct of GCC -O3 opt

The presented data set contains only **a subset** of the Mantevo benchmark suite.

- Miniapps:
  - \*CloverLeaf: Version 1.1, Reference Version 1.1
  - \*\*CloverLeaf3D: Version 1.0, Reference Version 1.0
  - CoMD: Reference Version 1.1
  - HPCCG: Reference Version 1.0

**Rule 2**: Specify the reason for only reporting subsets of standard benchmarks or applications or not using all system resources.

on 1.0

version), Reference Version 2.0

ion 1.0

minor suite release), Reference Version 2.0

x5k, 7kx7k test input

n 1.0

- \*CleverLeaf: Version 2.0, Reference Version 2.0
- EpetraBenchmarkTest: Version 1.

This implies: Show results even if your code/approach stops scaling!

The incompleteness of data may lead to wrong conclusions.

Sometimes -03 may not be a good idea for a code: e.g., vectorization (enabled by -03) may segfault on a loop which does unaligned memory coess on some x86. But this is not demonstrated by the presented dataset

miniAMR





#### **Review of last lecture**

#### Architecture case studies

- Memory performance is often the bottleneck
- Parallelism grows with compute performance
- Caching is important
- Several issues to address for parallel systems

#### Cache Coherence

- Hardware support to aid programmers
- Two guarantees:
  - Write propagation (updates are eventually visible to all readers)
  - Write serialization (writes to the same location are observed in global order)
- Two major mechanisms:
  - Snooping
  - *Directory-based continuing today*
- Protocols: MESI (MOESI, MESIF)







#### **DPHPC Overview**









#### Goals of this lecture

#### Don't forget the projects!

- Project ideas shared on Thursday (send email to Salvatore for group formations)
- Project progress presentations on 10/29 (three weeks from now)!

#### Cache-coherence is not enough

Many more subtle issues for parallel programs

#### Memory Models

- Sequential consistency
- Why threads cannot be implemented as a library ©
- Relaxed consistency models

#### Linearizability

More complex objects







#### **Directory-based cache coherence**

- Snooping does not scale
  - Bus transactions must be globally visible
  - Implies broadcast
- Typical solution: tree-based (hierarchical) snooping
  - Root becomes a bottleneck
- Directory-based schemes are more scalable
  - Directory (entry for each CL) keeps track of all owning caches
  - Point-to-point update to involved processors No broadcast

Can use specialized (high-bandwidth) network, e.g., HT, QPI ...







#### **Basic Scheme**

- System with N processors P<sub>i</sub>
- For each memory block (size: cache line)
   maintain a directory entry
  - N presence bits (light blue)
     Set if block in cache of P<sub>i</sub>
  - 1 dirty bit (red)

First proposed by Censier and Feautrier (1978)









P<sub>0</sub> intends to read, misses









P<sub>0</sub> intends to read, misses









- P<sub>0</sub> intends to read, misses
- If dirty bit (in directory) is off









- P<sub>0</sub> intends to read, misses
- If dirty bit (in directory) is off
  - Read from main memory









- P<sub>0</sub> intends to read, misses
- If dirty bit (in directory) is off
  - Read from main memory
  - Set presence[i]









- P<sub>0</sub> intends to read, misses
- If dirty bit (in directory) is off
  - Read from main memory
  - Set presence[i]









- P<sub>0</sub> intends to read, misses
- If dirty bit (in directory) is off
  - Read from main memory
  - Set presence[i]
  - Supply data to reader









P<sub>0</sub> intends to read, misses









P<sub>0</sub> intends to read, misses









- P<sub>0</sub> intends to read, misses
- If dirty bit is on









- P<sub>0</sub> intends to read, misses
- If dirty bit is on
  - Recall cache line from P<sub>j</sub> (determine by presence[])









- P<sub>0</sub> intends to read, misses
- If dirty bit is on
  - Recall cache line from P<sub>j</sub> (determine by presence[])









- P<sub>0</sub> intends to read, misses
- If dirty bit is on
  - Recall cache line from P<sub>j</sub> (determine by presence[])
  - Update memory









- P<sub>0</sub> intends to read, misses
- If dirty bit is on
  - Recall cache line from P<sub>j</sub> (determine by presence[])
  - Update memory









- P<sub>0</sub> intends to read, misses
- If dirty bit is on
  - Recall cache line from P<sub>j</sub> (determine by presence[])
  - Update memory
  - Unset dirty bit, block shared









- P<sub>0</sub> intends to read, misses
- If dirty bit is on
  - Recall cache line from P<sub>j</sub> (determine by presence[])
  - Update memory
  - Unset dirty bit, block shared









- P<sub>0</sub> intends to read, misses
- If dirty bit is on
  - Recall cache line from P<sub>j</sub> (determine by presence[])
  - Update memory
  - Unset dirty bit, block shared
  - Set presence[i]









- P<sub>0</sub> intends to read, misses
- If dirty bit is on
  - Recall cache line from P<sub>j</sub> (determine by presence[])
  - Update memory
  - Unset dirty bit, block shared
  - Set presence[i]









- P<sub>0</sub> intends to read, misses
- If dirty bit is on
  - Recall cache line from P<sub>j</sub> (determine by presence[])
  - Update memory
  - Unset dirty bit, block shared
  - Set presence[i]
  - Supply data to reader









- P<sub>0</sub> intends to read, misses
- If dirty bit is on
  - Recall cache line from P<sub>j</sub> (determine by presence[])
  - Update memory
  - Unset dirty bit, block shared
  - Set presence[i]
  - Supply data to reader









P<sub>0</sub> intends to write, misses









P<sub>0</sub> intends to write, misses









- P<sub>0</sub> intends to write, misses
- If dirty bit (in directory) is off









- P<sub>0</sub> intends to write, misses
- If dirty bit (in directory) is off
  - Send invalidations to all processors P<sub>j</sub> with presence[j] turned on









- P<sub>0</sub> intends to write, misses
- If dirty bit (in directory) is off
  - Send invalidations to all processors P<sub>j</sub> with presence[j] turned on









- P<sub>0</sub> intends to write, misses
- If dirty bit (in directory) is off
  - Send invalidations to all processors P<sub>j</sub> with presence[j] turned on









- P<sub>0</sub> intends to write, misses
- If dirty bit (in directory) is off
  - Send invalidations to all processors P<sub>j</sub> with presence[j] turned on
  - Unset presence bit for all processors









- P<sub>0</sub> intends to write, misses
- If dirty bit (in directory) is off
  - Send invalidations to all processors P<sub>j</sub> with presence[j] turned on
  - Unset presence bit for all processors









- P<sub>0</sub> intends to write, misses
- If dirty bit (in directory) is off
  - Send invalidations to all processors P<sub>j</sub> with presence[j] turned on
  - Unset presence bit for all processors
  - Set dirty bit









- P<sub>0</sub> intends to write, misses
- If dirty bit (in directory) is off
  - Send invalidations to all processors P<sub>j</sub> with presence[j] turned on
  - Unset presence bit for all processors
  - Set dirty bit









- P<sub>0</sub> intends to write, misses
- If dirty bit (in directory) is off
  - Send invalidations to all processors P<sub>j</sub> with presence[j] turned on
  - Unset presence bit for all processors
  - Set dirty bit
  - Set presence[i], owner P<sub>i</sub>









- P<sub>0</sub> intends to write, misses
- If dirty bit (in directory) is off
  - Send invalidations to all processors P<sub>j</sub> with presence[j] turned on
  - Unset presence bit for all processors
  - Set dirty bit
  - Set presence[i], owner P<sub>i</sub>









- P<sub>0</sub> intends to write, misses
- If dirty bit (in directory) is off
  - Send invalidations to all processors P<sub>j</sub> with presence[j] turned on
  - Unset presence bit for all processors
  - Set dirty bit
  - Set presence[i], owner P<sub>i</sub>









P<sub>0</sub> intends to write, misses









P<sub>0</sub> intends to write, misses









- P<sub>0</sub> intends to write, misses
- If dirty bit is on









- P<sub>0</sub> intends to write, misses
- If dirty bit is on
  - Recall cache line from owner P<sub>i</sub>









- P<sub>0</sub> intends to write, misses
- If dirty bit is on
  - Recall cache line from owner P<sub>i</sub>









- P<sub>0</sub> intends to write, misses
- If dirty bit is on
  - Recall cache line from owner P<sub>i</sub>
  - Update memory









- P<sub>0</sub> intends to write, misses
- If dirty bit is on
  - Recall cache line from owner P<sub>i</sub>
  - Update memory









- P<sub>0</sub> intends to write, misses
- If dirty bit is on
  - Recall cache line from owner P<sub>i</sub>
  - Update memory
  - Unset presence[j]









- P<sub>0</sub> intends to write, misses
- If dirty bit is on
  - Recall cache line from owner P<sub>i</sub>
  - Update memory
  - Unset presence[j]









- P<sub>0</sub> intends to write, misses
- If dirty bit is on
  - Recall cache line from owner P<sub>i</sub>
  - Update memory
  - Unset presence[j]
  - Set presence[i], dirty bit remains set









- P<sub>0</sub> intends to write, misses
- If dirty bit is on
  - Recall cache line from owner P<sub>i</sub>
  - Update memory
  - Unset presence[j]
  - Set presence[i], dirty bit remains set









- P<sub>0</sub> intends to write, misses
- If dirty bit is on
  - Recall cache line from owner P<sub>i</sub>
  - Update memory
  - Unset presence[j]
  - Set presence[i], dirty bit remains set
  - Acknowledge to writer









### **Discussion**

#### Scaling of memory bandwidth

No centralized memory

#### Directory-based approaches scale with restrictions

- Require presence bit for each cache and cache line address
- Number of bits determined at design time
- Directory requires memory (size scales linearly)
- Shared vs. distributed directory

#### Software-emulation

- Distributed shared memory (DSM)
- Emulate cache coherence in software (e.g., TreadMarks)
- Often on a per-page basis, utilizes memory virtualization and paging







## Open Problems (for projects, theses, research)

- Tune algorithms to cache-coherence schemes
  - What is the optimal parallel algorithm for a given scheme?
  - Parameterize for an architecture
- Measure and classify hardware
  - Read Maranget et al. "A Tutorial Introduction to the ARM and POWER Relaxed Memory Models" and have fun!
  - RDMA consistency is barely understood!
  - GPU memories are not well understood!
     Huge potential for new insights!
- Can we program (easily) without cache coherence?
  - How to fix the problems with inconsistent values?
  - Compiler support (issues with arrays)?
- Invent new semi-coherent schemes?







# **Case Study: Intel Xeon Phi**









# **Case Study: Intel Xeon Phi**

Core

• • •

Core

Core



Core

• • •

Core

Core







# **Case Study: Intel Xeon Phi**

























## **Communication?**







## **Communication?**



















## **Single-Line Ping Pong**



Prediction for both in E state: 479 ns

Measurement: 497 ns (O=18)







## **Multi-Line Ping Pong**

More complex due to prefetch





## **Multi-Line Ping Pong**

$$\mathcal{T}_N = o \cdot N + q - \frac{p}{N}$$

### E state:

- o=76 ns
- q=1,521ns
- p=1,096ns

### I state:

- o=95ns
- q=2,750ns
- p=2,017ns









# **DTD Contention**



#### E state:

- a=0ns
- $\mathcal{T}_C(n_{th}) = c \cdot n_{th} + b \frac{a}{n_{th}}$
- b=320ns
- c=56.2ns









## **Optimizations against vendor libraries**



## Barrier (7x faster than OpenMP)







## **Optimizations against vendor libraries**



Barrier (7x faster than OpenMP)

Reduce (5x faster then OpenMP)







- Coherence is concerned with behavior of individual locations
- Consider the program (initial X,Y,Z = 0)







- Coherence is concerned with behavior of individual locations
- Consider the program (initial X,Y,Z = 0)









- Coherence is concerned with behavior of individual locations
- Consider the program (initial X,Y,Z = 0)









- Coherence is concerned with behavior of individual locations
- Consider the program (initial X,Y,Z = 0)









- Coherence is concerned with behavior of individual locations
- Consider the program (initial X,Y,Z = 0)









- Coherence is concerned with behavior of individual locations
- Consider the program (initial X,Y,Z = 0)









- Coherence is concerned with behavior of individual locations
- Consider the program (initial X,Y,Z = 0)









- Coherence is concerned with behavior of individual locations
- Consider the program (initial X,Y,Z = 0)









- Coherence is concerned with behavior of individual locations
- Consider the program (initial X,Y,Z = 0)









- Coherence is concerned with behavior of individual locations
- Consider the program (initial X,Y,Z = 0)









- Coherence is concerned with behavior of individual locations
- Consider the program (initial X,Y,Z = 0)









- Coherence is concerned with behavior of individual locations
- Consider the program (initial X,Y,Z = 0)

- Class question: what value will Z on P2 have?
- Y=10 does not need to have completed before X=2 is visible to P2!
  - This allows P2 to exit the loop and read Y=0
  - This may not be the intent of the programmer!
  - This may be due to congestion (imagine X is pushed to a remote cache while Y misses to main memory) and or due to write buffering, or ...









- Coherence is concerned with behavior of individual locations
- Consider the program (initial X,Y,Z = 0)

- Class question: what value will Z on P2 have?
- Y=10 does not need to have completed before X=2 is visible to P2!
  - This allows P2 to exit the loop and read Y=0
  - This may not be the intent of the programmer!
  - This may be due to congestion (imagine X is pushed to a remote cache while Y misses to main memory) and or due to write buffering, or ...
- Bonus class question: what happens when Y and X are on the same cache line (assume simple MESI and no write buffer)?









- Need to define what it means to "read a location" and "to write a location" and the respective ordering!
  - What values should be seen by a processor
- First thought: extend the abstractions seen by a sequential processor:
  - Compiler and hardware maintain data and control dependencies at all levels:

# Two operations to the same location Y=10 .... T = 14 Y=15

One operation controls
execution of others

Y = 5
X = 5
T = 3
Y = 3
if (X==Y)
Z = 5
....







- Need to define what it means to "read a location" and "to write a location" and the respective ordering!
  - What values should be seen by a processor
- First thought: extend the abstractions seen by a sequential processor:
  - Compiler and hardware maintain data and control dependencies at all levels:



One operation controls
execution of others

Y = 5
X = 5
T = 3
Y = 3
if (X==Y)
Z = 5
....







- Need to define what it means to "read a location" and "to write a location" and the respective ordering!
  - What values should be seen by a processor
- First thought: extend the abstractions seen by a sequential processor:
  - Compiler and hardware maintain data and control dependencies at all levels:









## **Sequential Processor**

#### Correctness condition:

- The result of the execution is the same as if the operations had been executed in the order specified by the program "program order"
- A read returns the value last written to the same location "last" is determined by program order!
- Consider only memory operations (e.g., a trace)

#### N Processors

■ P1, P2, ...., PN

#### Operations

Read, Write on shared variables (initial state: most often all 0)

#### Notation:

- P1: R(x):3 P1 reads x and observes the value 3
- P2: W(x,5) P2 writes 5 to variable x





## **Terminology**

#### Program order

- Deals with a single processor
- Per-processor order of memory accesses, determined by program's Control flow
- Often represented as trace

#### Visibility order

- Deals with operations on all processors
- Order of memory accesses observed by one or more processors
- E.g., "every read of a memory location returns the value that was written last"
   Defined by memory model







Contract at each level between programmer and processor

Programmer

High-level language (API/PL)

**Compiler Frontend** 

Optimizing transformations

Intermediate Language (IR)

Compiler Backend/JIT

Reordering

Machine code (ISA)

Processor

Operation overlap OOO Execution VLIW, Vector ISA





## **Sequential Consistency**

#### Extension of sequential processor model

### The execution happens as if

- 1. The operations of all processes were executed in some sequential order (atomicity requirement), and
- 2. The operations of each individual processor appear in this sequence in the order specified by the program (program order requirement)

#### Applies to all layers!

- Disallows many compiler optimizations (e.g., reordering of any memory instruction)
- Disallows many hardware optimizations (e.g., store buffers, nonblocking reads, invalidation buffers)







- Globally consistent view of memory operations (atomicity)
- Strict ordering in program order





- Globally consistent view of memory operations (atomicity)
- Strict ordering in program order







- Globally consistent view of memory operations (atomicity)
- Strict ordering in program order







- Globally consistent view of memory operations (atomicity)
- Strict ordering in program order







- Globally consistent view of memory operations (atomicity)
- Strict ordering in program order







- Globally consistent view of memory operations (atomicity)
- Strict ordering in program order







- Globally consistent view of memory operations (atomicity)
- Strict ordering in program order







- Globally consistent view of memory operations (atomicity)
- Strict ordering in program order







- Globally consistent view of memory operations (atomicity)
- Strict ordering in program order









- Globally consistent view of memory operations (atomicity)
- Strict ordering in program order







- Globally consistent view of memory operations (atomicity)
- Strict ordering in program order









- Globally consistent view of memory operations (atomicity)
- Strict ordering in program order









- Globally consistent view of memory operations (atomicity)
- Strict ordering in program order







- Globally consistent view of memory operations (atomicity)
- Strict ordering in program order







- Globally consistent view of memory operations (atomicity)
- Strict ordering in program order







- Globally consistent view of memory operations (atomicity)
- Strict ordering in program order









- Globally consistent view of memory operations (atomicity)
- Strict ordering in program order









- Globally consistent view of memory operations (atomicity)
- Strict ordering in program order









- Globally consistent view of memory operations (atomicity)
- Strict ordering in program order









- Globally consistent view of memory operations (atomicity)
- Strict ordering in program order







- Globally consistent view of memory operations (atomicity)
- Strict ordering in program order







- Globally consistent view of memory operations (atomicity)
- Strict ordering in program order







- Globally consistent view of memory operations (atomicity)
- Strict ordering in program order







### **Original SC Definition**

"The result of any execution is the same as if the operations of all the processes were executed in some sequential order and the operations of each individual process appear in this sequence in the order specified by its program"

(Lamport, 1979)





### **Alternative SC Definition**

- **Textbook: Hennessy/Patterson Computer Architecture**
- A sequentially consistent system maintains three invariants:
  - 1. A load L from memory location A issued by processor P<sub>i</sub> obtains the value of the previous store to A by P<sub>i</sub>, unless another processor has to stored a value to A in between
  - 2. A load L from memory location A obtains the value of a store S to A by another processor  $P_k$  if S and L are "sufficiently separated in time" and if no other store occurred between S and L
  - 3. Stores to the same location are serialized (defined as in (2))
- "Sufficiently separated in time" not precise
  - Works but is not formal (a formalization must include all possibilities)







### **Example Operation Reordering**

- Recap: "normal" sequential assumption:
  - Compiler and hardware can reorder instructions as long as control and data dependencies are met
- **Examples:**
- Register allocation Compiler
  - Code motion
  - Common subexpression elimination
  - Loop transformations
  - Pipelining
  - Multiple issue (OOO)
  - Write buffer bypassing
  - Nonblocking reads







## Simple compiler optimization

Initially, all values are zero

| P1                      | P2                                   |
|-------------------------|--------------------------------------|
| input = 23<br>ready = 1 | while (ready == 0) {} compute(input) |

Assume P1 and P2 are compiled separately!







### Simple compiler optimization

Initially, all values are zero

P1 P2

input = 23 while (ready == 0) {}

ready = 1 compute(input)

- Assume P1 and P2 are compiled separately!
- What optimizations can a compiler perform for P1?
   Register allocation or even replace with constant, or
   Switch statements







### Simple compiler optimization

Initially, all values are zero

P1 P2

input = 23 while (ready == 0) {}

ready = 1 compute(input)

- Assume P1 and P2 are compiled separately!
- What optimizations can a compiler perform for P1?
   Register allocation or even replace with constant, or
   Switch statements
- What happens?P2 may never terminate, orCompute with wrong input







- Relying on program order: Dekker's algorithm
  - Initially, all zero









- Relying on program order: Dekker's algorithm
  - Initially, all zero









- Relying on program order: Dekker's algorithm
  - Initially, all zero









- Relying on program order: Dekker's algorithm
  - Initially, all zero









- Relying on program order: Dekker's algorithm
  - Initially, all zero









- Relying on program order: Dekker's algorithm
  - Initially, all zero









- Relying on program order: Dekker's algorithm
  - Initially, all zero

What can happen at compiler and hardware level?



Without SC, both writes may have went to a write buffer, in which case both Ps would read 0 and enter the critical section together.







Relying on single sequential order (atomicity): three sharers

a = 5 a = 1 P2

P3

What can be printed if visibility is not atomic?

### What each **P** thinks the order is:









Relying on single sequential order (atomicity): three sharers

P2

P3

What can be printed if visibility is not atomic?

### What each **P** thinks the order is:



P<sub>1</sub>: W(a,5)



 $P_3$ 







Relying on single sequential order (atomicity): three sharers

P2

P3

What can be printed if visibility is not atomic?

### What each **P** thinks the order is:



















 Relying on single sequential order (atomicity): three sharers

P2

P3

What can be printed if visibility is not atomic?

### What each **P** thinks the order is:



















Relying on single sequential order (atomicity): three sharers

P2

P3

What can be printed if visibility is not atomic?

#### What each **P** thinks the order is:



P<sub>1</sub>: W(a,5)





 $P_3$ 

P<sub>1</sub>: W(a,5)

P<sub>1</sub>: W(a,1)

P<sub>2</sub>: R(a): 1

P<sub>1</sub>: W(a,5)







Relying on single sequential order (atomicity): three sharers

P2

P3

What can be printed if visibility is not atomic?

#### What each **P** thinks the order is:



P<sub>1</sub>: W(a,5)





 $P_3$ 

P<sub>1</sub>: W(a,5)







 Relying on single sequential order (atomicity): three sharers

P2

P3

What can be printed if visibility is not atomic?

#### What each **P** thinks the order is:



P<sub>1</sub>: W(a,5)













Relying on single sequential order (atomicity): three sharers

P2

P3

What can be printed if visibility is not atomic?

#### What each **P** thinks the order is:



P<sub>1</sub>: W(a,5)

P<sub>1</sub>: W(a,1)

 $P_3$ 

P<sub>1</sub>: W(a,5)

P<sub>1</sub>: W(a,1)

P<sub>2</sub>: R(a): 1

P<sub>2</sub>: W(b,1)

P<sub>1</sub>: W(a,5)

P<sub>2</sub>: W(b,1)

P<sub>3</sub>: R(b): 1

P<sub>3</sub>: R(a): 5

P3 has not seen P1: W(a,1) yet!







Relying on single sequential order (atomicity): three sharers

P2

P3

What can be printed if visibility is not atomic?

#### What each **P** thinks the order is:

 $P_1$ 

P<sub>1</sub>: W(a,5)

P<sub>1</sub>: W(a,1)

 $P_3$ 

P<sub>1</sub>: W(a,5)

P<sub>1</sub>: W(a,1)

P<sub>2</sub>: R(a): 1

P<sub>2</sub>: W(b,1)

P<sub>1</sub>: W(a,5)

P<sub>2</sub>: W(b,1)

P<sub>3</sub>: R(b): 1

P<sub>3</sub>: R(a): 5

PRINT(5)

P<sub>1</sub>: W(a,1)

P3 has not seen P1: W(a,1) yet!





P2

critical section

P2

critical section

if(a == 0)

b = 1

b = 0

if(a == 0)

b = 0

b = 1

else



### **Optimizations violating program order**

- Analyzing P1 and P2 in isolation!
  - Compiler can reorder

P1

P2

P1

$$a = 1$$
 $if(b == 0)$ 
 $critical\ section$ 
 $a = 0$ 
 $b = 1$ 
 $if(a == 0)$ 
 $critical\ section$ 
 $a = 0$ 
 $else$ 
 $a = 1$ 

■ Hardware can reorder, assume writes of a,b go to write buffer or speculation







### **Considerations**

- Define partial order on memory requests A → B
  - If  $P_i$  issues two requests A and B and A is issued before B in program order, then A  $\rightarrow$  B
  - A and B are issued to the same variable, and A is issued first, then A  $\rightarrow$  B (on all processors)
- These partial orders can be interleaved, define a total order
  - Many total orders are sequentially consistent!
- Example:
  - P1: W(a), R(b), W(c)
  - P2: R(a), W(a), R(b)
  - Are the following schedules (total orders) sequentially consistent?
    - 1. P1:W(a), P2:R(a), P2:W(a), P1:R(b), P2:R(b), P1:W(c)
    - 2. P1:W(a), P2:R(a), P1:R(b), P2:R(b), P1:W(c), P2:W(a)
    - 3. P2:R(a), P2:W(a), P1:R(b), P1:W(a), P1:W(c), P2:R(b)







#### Write buffer

- Absorbs writes faster than the next cache → prevents stalls
- Aggregates writes to the same cache line → reduces cache traffic









- Reads can bypass previous writes for faster completion
  - If read and write access different locations
  - No order between write and following read (W  $\rightarrow$  R)











- Reads can bypass previous writes for faster completion
  - If read and write access different locations
  - No order between write and following read (W  $\rightarrow$  R)











- Reads can bypass previous writes for faster completion
  - If read and write access different locations
  - No order between write and following read (W  $\rightarrow$  R)











- Reads can bypass previous writes for faster completion
  - If read and write access different locations
  - No order between write and following read (W  $\rightarrow$  R)











- Reads can bypass previous writes for faster completion
  - If read and write access different locations
  - No order between write and following read (W  $\rightarrow$  R)











- Reads can bypass previous writes for faster completion
  - If read and write access different locations
  - No order between write and following read (W  $\rightarrow$  R)











- Reads can bypass previous writes for faster completion
  - If read and write access different locations
  - No order between write and following read (W  $\rightarrow$  R)











- Reads can bypass previous writes for faster completion
  - If read and write access different locations
  - No order between write and following read (W  $\rightarrow$  R)











- Reads can bypass previous writes for faster completion
  - If read and write access different locations
  - No order between write and following read (W  $\rightarrow$  R)











- Reads can bypass previous writes for faster completion
  - If read and write access different locations
  - No order between write and following read (W  $\rightarrow$  R)











- Reads can bypass previous writes for faster completion
  - If read and write access different locations
  - No order between write and following read (W  $\rightarrow$  R)











- Reads can bypass previous writes for faster completion
  - If read and write access different locations
  - No order between write and following read (W  $\rightarrow$  R)











- Reads can bypass previous writes for faster completion
  - If read and write access different locations
  - No order between write and following read (W → R)











- Reads can bypass previous writes for faster completion
  - If read and write access different locations
  - No order between write and following read (W  $\rightarrow$  R)











- Reads can bypass previous writes for faster completion
  - If read and write access different locations
  - No order between write and following read (W  $\rightarrow$  R)











- $W \rightarrow W: OK$
- $\blacksquare$  R  $\rightarrow$  W, R  $\rightarrow$  R: No order between read and following read/write











- $W \rightarrow W: OK$
- $R \rightarrow W$ ,  $R \rightarrow R$ : No order between read and following read/write











- $W \rightarrow W: OK$
- $R \rightarrow W$ ,  $R \rightarrow R$ : No order between read and following read/write











- $W \rightarrow W: OK$
- $R \rightarrow W$ ,  $R \rightarrow R$ : No order between read and following read/write











- $W \rightarrow W: OK$
- $\blacksquare$  R  $\rightarrow$  W, R  $\rightarrow$  R: No order between read and following read/write











- $W \rightarrow W: OK$
- $R \rightarrow W$ ,  $R \rightarrow R$ : No order between read and following read/write











- $W \rightarrow W: OK$
- R  $\rightarrow$  W, R  $\rightarrow$  R: No order between read and following read/write











- $W \rightarrow W: OK$
- R  $\rightarrow$  W, R  $\rightarrow$  R: No order between read and following read/write











- $W \rightarrow W: OK$
- $R \rightarrow W$ ,  $R \rightarrow R$ : No order between read and following read/write











- $W \rightarrow W: OK$
- $R \rightarrow W$ ,  $R \rightarrow R$ : No order between read and following read/write











- $W \rightarrow W: OK$
- $R \rightarrow W$ ,  $R \rightarrow R$ : No order between read and following read/write











- $W \rightarrow W: OK$
- $R \rightarrow W$ ,  $R \rightarrow R$ : No order between read and following read/write











- $W \rightarrow W: OK$
- $R \rightarrow W$ ,  $R \rightarrow R$ : No order between read and following read/write











- $W \rightarrow W: OK$
- $R \rightarrow W$ ,  $R \rightarrow R$ : No order between read and following read/write











#### **Discussion**

#### Programmer's view:

- Prefer sequential consistency
- Easiest to reason about

#### Compiler/hardware designer's view:

- Sequential consistency disallows many optimizations!
- Substantial speed difference
- ➤ Most architectures and compilers don't adhere to sequential consistency!

#### Solution: synchronized programming

- Access to shared data (aka. "racing accesses") are ordered by synchronization operations
- Synchronization operations guarantee memory ordering (aka. fence)
- More later!





#### Cache Coherence vs. Memory Model

- Varying definitions!
- Cache coherence: a mechanism that propagates writes to other processors/caches if needed, recap:
  - Writes are eventually visible to all processors
  - Writes to the same location are observed in (one) order
- Memory models: define the bounds on when the value is propagated to other processors
  - E.g., sequential consistency requires *all* reads and writes to be ordered in program order







#### The fun begins: Relaxed Memory Models

- Sequential consistency
  - $R \rightarrow R$ ,  $R \rightarrow W$ ,  $W \rightarrow R$ ,  $W \rightarrow W$  (all orders guaranteed)
- Relaxed consistency (varying terminology):
  - Processor consistency (aka. TSO)
    Relaxes W →R
  - Partial write (store) order (aka. PSO)
    Relaxes W →R, W →W
  - Weak consistency and release consistency (aka. RMO)  $Relaxes\ R \rightarrow R,\ R \rightarrow W,\ W \rightarrow R,\ W \rightarrow W$
  - Other combinations/variants possible
     There are even more types of orders (above is a simplification)







#### **Architectures**

#### Memory ordering in some architectures<sup>[2][3]</sup>

| Туре                                  | Alpha | ARMv7 | PA-<br>RISC | POWER | SPARC<br>RMO | SPARC<br>PSO | SPARC<br>TSO | ×86 | x86<br>oostore | AMD64 | IA-<br>64 | zSeries |
|---------------------------------------|-------|-------|-------------|-------|--------------|--------------|--------------|-----|----------------|-------|-----------|---------|
| Loads reordered after<br>loads        | Υ     | Υ     | Υ           | Υ     | Υ            |              |              |     | Υ              |       | Υ         |         |
| Loads reordered after stores          | Υ     | Υ     | Υ           | Y     | Υ            |              |              |     | Υ              |       | Υ         |         |
| Stores reordered after stores         | Υ     | Υ     | Υ           | Y     | Υ            | Υ            |              |     | Υ              |       | Υ         |         |
| Stores reordered after loads          | Υ     | Υ     | Υ           | Υ     | Υ            | Υ            | Υ            | Υ   | Υ              | Υ     | Υ         | Y       |
| Atomic reordered with loads           | Υ     | Υ     |             | Y     | Υ            |              |              |     |                |       | Υ         |         |
| Atomic reordered with stores          | Υ     | Υ     |             | Υ     | Υ            | Υ            |              |     |                |       | Υ         |         |
| Dependent loads reordered             | Υ     |       |             |       |              |              |              |     |                |       |           |         |
| Incoherent Instruction cache pipeline | Υ     | Υ     |             | Υ     | Υ            | Υ            | Υ            | Υ   | Υ              |       | Υ         | Υ       |







### **Case Study: Memory ordering on Intel (x86)**

- Intel® 64 and IA-32 Architectures Software Developer's Manual
  - Volume 3A: System Programming Guide
  - Chapter 8.2 Memory Ordering
  - http://www.intel.com/products/processor/manuals/
- Google Tech Talk: IA Memory Ordering
  - Richard L. Hudson
    <a href="http://www.youtube.com/watch?v=WUfvvFD5tAA">http://www.youtube.com/watch?v=WUfvvFD5tAA</a>







#### x86 Memory model: TLO + CC

- Total lock order (TLO)
  - Instructions with "lock" prefix enforce total order across all processors
  - Implicit locking: xchg (locked compare and exchange)
- Causal consistency (CC)
  - Write visibility is transitive
- Eight principles
  - After some revisions <sup>©</sup>







1. "Reads are not reordered with other reads." (R→R)







- 1. "Reads are not reordered with other reads."  $(R \rightarrow R)$
- 2. "Writes are not reordered with other writes."  $(W \rightarrow W)$







- 1. "Reads are not reordered with other reads."  $(R \rightarrow R)$
- 2. "Writes are not reordered with other writes." ( $W \rightarrow W$ )
- 3. "Writes are not reordered with older reads."  $(R \rightarrow W)$







- 1. "Reads are not reordered with other reads."  $(R \rightarrow R)$
- 2. "Writes are not reordered with other writes." ( $W \rightarrow W$ )
- 3. "Writes are not reordered with older reads." ( $R \rightarrow W$ )
- 4. "Reads may be reordered with older writes to different locations but not with older writes to the same location." (NO W→R!)







- 1. "Reads are not reordered with other reads."  $(R \rightarrow R)$
- 2. "Writes are not reordered with other writes." ( $W \rightarrow W$ )
- 3. "Writes are not reordered with older reads." ( $R \rightarrow W$ )
- 4. "Reads may be reordered with older writes to different locations but not with older writes to the same location." (NO W→R!)
- 5. "In a multiprocessor system, memory ordering obeys causality." (memory ordering respects transitive visibility)





### The Eight x86 Principles

- 1. "Reads are not reordered with other reads."  $(R \rightarrow R)$
- 2. "Writes are not reordered with other writes." ( $W \rightarrow W$ )
- 3. "Writes are not reordered with older reads." ( $R \rightarrow W$ )
- 4. "Reads may be reordered with older writes to different locations but not with older writes to the same location." (NO W→R!)
- 5. "In a multiprocessor system, memory ordering obeys causality." (memory ordering respects transitive visibility)
- 6. "In a multiprocessor system, writes to the same location have a total order." (implied by cache coherence)



### The Eight x86 Principles

- 1. "Reads are not reordered with other reads."  $(R \rightarrow R)$
- 2. "Writes are not reordered with other writes." ( $W \rightarrow W$ )
- 3. "Writes are not reordered with older reads." ( $R \rightarrow W$ )
- 4. "Reads may be reordered with older writes to different locations but not with older writes to the same location." (NO W→R!)
- 5. "In a multiprocessor system, memory ordering obeys causality." (memory ordering respects transitive visibility)
- 6. "In a multiprocessor system, writes to the same location have a total order." (implied by cache coherence)
- 7. "In a multiprocessor system, locked instructions have a total order." (enables synchronized programming!)



### The Eight x86 Principles

- 1. "Reads are not reordered with other reads."  $(R \rightarrow R)$
- 2. "Writes are not reordered with other writes." ( $W \rightarrow W$ )
- 3. "Writes are not reordered with older reads." ( $R \rightarrow W$ )
- 4. "Reads may be reordered with older writes to different locations but not with older writes to the same location." (NO W→R!)
- 5. "In a multiprocessor system, memory ordering obeys causality." (memory ordering respects transitive visibility)
- 6. "In a multiprocessor system, writes to the same location have a total order." (implied by cache coherence)
- 7. "In a multiprocessor system, locked instructions have a total order." (enables synchronized programming!)
- 8. "Reads and writes are not reordered with locked instructions. " (enables synchronized programming!)







Reads are not reordered with other reads.  $(R \rightarrow R)$ Writes are not reordered with other writes.  $(W \rightarrow W)$  All values zero initially. r1 and r2 are registers.

P1

$$a = 1$$

P2

$$r1 = b$$





Order: from left to right









Reads are not reordered with other reads.  $(R \rightarrow R)$ Writes are not reordered with other writes.  $(W \rightarrow W)$  All values zero initially. r1 and r2 are registers.

P1 = 1











Reads are not reordered with other reads.  $(R \rightarrow R)$ Writes are not reordered with other writes.  $(W \rightarrow W)$  All values zero initially. r1 and r2 are registers.

P1 P2 r1 = b r2 = a









Reads are not reordered with other reads.  $(R \rightarrow R)$ Writes are not reordered with other writes.  $(W \rightarrow W)$  All values zero initially. r1 and r2 are registers.

P1 P2 a = 1 r1 = b r2 = a









Writes are not reordered with older reads. (R→W)











Writes are not reordered with older reads.  $(R \rightarrow W)$ 











Writes are not reordered with older reads. (R→W)











Writes are not reordered with older reads.  $(R \rightarrow W)$ 











Writes are not reordered with older reads.  $(R \rightarrow W)$ 











Writes are not reordered with older reads.  $(R \rightarrow W)$ 











Writes are not reordered with older reads.  $(R \rightarrow W)$ 











Reads may be reordered with older writes to different locations but not with older writes to the same location. (NO W $\rightarrow$ R!)











Reads may be reordered with older writes to different locations but not with older writes to the same location. (NO W $\rightarrow$ R!)













Reads may be reordered with older writes to different locations but not with older writes to the same location. (NO W $\rightarrow$ R!)

All values zero initially

P1 P2 a = 1 r1 = b r2 = a









Reads may be reordered with older writes to different locations but not with older writes to the same location. (NO W $\rightarrow$ R!)

P1 P2
$$a = 1$$
 $r1 = b$ 
 $r2 = a$ 









Reads may be reordered with older writes to different locations but not with older writes to the same location. (NO W $\rightarrow$ R!)











Reads may be reordered with older writes to different locations but not with older writes to the same location. (NO W $\rightarrow$ R!)











Reads may be reordered with older writes to different locations but not with older writes to the same location. (NO W $\rightarrow$ R!)











In a multiprocessor system, memory ordering obeys causality (memory ordering respects transitive visibility).











In a multiprocessor system, memory ordering obeys causality (memory ordering respects transitive visibility).











In a multiprocessor system, memory ordering obeys causality (memory ordering respects transitive visibility).











In a multiprocessor system, memory ordering obeys causality (memory ordering respects transitive visibility).











In a multiprocessor system, memory ordering obeys causality (memory ordering respects transitive visibility).











In a multiprocessor system, memory ordering obeys causality (memory ordering respects transitive visibility).

### All values zero initially



P1

$$r^2 = b$$

P3

$$r3 = a$$









In a multiprocessor system, writes to the same location have a total order (implied by cache coherence).











In a multiprocessor system, writes to the same location have a total order (implied by cache coherence).

### All values zero initially



$$r2 = a \qquad r4 = a$$



a=1







In a multiprocessor system, writes to the same location have a total order (implied by cache coherence).





- Not allowed: r1 == 1, r2 == 2, r3 == 2, r4 == 1
- If P3 observes P1's write before P2's write, then P4 will also see P1's write before P2's write









In a multiprocessor system, writes to the same location have a total order (implied by cache coherence).

#### All values zero initially



# Memory

- Not allowed: r1 == 1, r2 == 2, r3 == 2, r4 == 1
- If P3 observes P1's write before P2's write, then P4 will also see P1's write before P2's write
- Provides some form of atomicity









In a multiprocessor system, writes to the same location have a total order (implied by cache coherence).

All values zero initially

P2

P1

a=1

a=2

Р3

Р4

•

r3 =

 $^2$  = a

 $^{4} = a$ 

Question: is r1=0, r2=2, r3=0, r4=1 allowed?

Memory

- Not allowed: r1 == 1, r2 == 2, r3 == 2, r4 == 1
- If P3 observes P1's write before P2's write, then P4 will also see P1's write before P2's write
- Provides some form of atomicity





In a multiprocessor system, writes to the same location have a total order (implied by cache coherence).

### All values zero initially

P2

P1

a=1

\_

Р3

P4

 $P_1$ 

a=2

r1 =

r4 = a

r4







In a multiprocessor system, locked instructions have a total order. (enables synchronized programming!)

All values zero initially, registers r1==r2==1









In a multiprocessor system, locked instructions have a total order. (enables synchronized programming!)

All values zero initially, registers r1==r2==1











In a multiprocessor system, locked instructions have a total order. (enables synchronized programming!)

All values zero initially, registers r1==r2==1











In a multiprocessor system, locked instructions have a total order. (enables synchronized programming!)

#### All values zero initially, registers r1==r2==1











P

# **Principle 7**

In a multiprocessor system, locked instructions have a total order. (enables synchronized programming!)

All values zero initially, registers r1==r2==1











In a multiprocessor system, locked instructions have a total order. (enables synchronized programming!)

#### All values zero initially, registers r1==r2==1





Memory



- Not allowed: r3 == 1, r4 == 0, r5 == 1, r6 ==0
- If P3 observes ordering P1:xchg → P2:xchg, then P4 observes the same ordering
- (xchg has implicit lock)









Reads and writes are not reordered with locked instructions. (enables synchronized programming!)











Reads and writes are not reordered with locked instructions. (enables synchronized programming!)









Reads and writes are not reordered with locked instructions. (enables synchronized programming!)











Reads and writes are not reordered with locked instructions. (enables synchronized programming!)











Reads and writes are not reordered with locked instructions. (enables synchronized programming!)







#### **An Alternative View: x86-TSO**

Sewell el al.: "x86-TSO: A Rigorous and Usable Programmer's Model for x86 Multiprocessors", CACM May
 2010

"[...] real multiprocessors typically do not provide the sequentially consistent memory that is assumed by most work on semantics and verification. Instead, they have relaxed memory models, varying in subtle ways between processor families, in which different hardware threads may have only loosely consistent views of a shared memory. Second, the public vendor architectures, supposedly specifying what programmers can rely on, are often in ambiguous informal prose (a particularly poor medium for loose specifications), leading to widespread confusion. [...] We present a new x86-TSO programmer's model that, to the best of our knowledge, suffers from none of these problems. It is mathematically precise (rigorously defined in HOL4) but can be presented as an intuitive abstract machine which should be widely accessible to working programmers. [...]"







#### **Notions of Correctness**

- We discussed so far:
  - Read/write of the same location
     Cache coherence (write serialization and atomicity)
  - Read/write of multiple locations
     Memory models (visibility order of updates by cores)

- Now: objects (variables/fields with invariants defined on them)
  - Invariants "tie" variables together
  - Sequential objects
  - Concurrent objects







#### **Sequential Objects**

- Each object has a type
- A type is defined by a class
  - Set of fields forms the state of an object
  - Set of methods (or free functions) to manipulate the state

#### Remark

An Interface is an abstract type that defines behavior
 A class implementing an interface defines several types







- Insert elements at tail
- Remove elements from head
  - Initial: head = tail = 0









- Insert elements at tail
- Remove elements from head
  - Initial: head = tail = 0
  - enq(x)









- Insert elements at tail
- Remove elements from head
  - Initial: head = tail = 0
  - enq(x)



capacity 
$$= 8$$







- Insert elements at tail
- Remove elements from head
  - Initial: head = tail = 0
  - enq(x)









- Insert elements at tail
- Remove elements from head
  - Initial: head = tail = 0
  - enq(x)
  - enq(y)



$$capacity = 8$$







- Insert elements at tail
- Remove elements from head
  - Initial: head = tail = 0
  - enq(x)
  - enq(y)



capacity 
$$= 8$$







- Insert elements at tail
- Remove elements from head
  - Initial: head = tail = 0
  - enq(x)
  - enq(y)



capacity 
$$= 8$$







- Insert elements at tail
- Remove elements from head
  - Initial: head = tail = 0
  - enq(x)
  - enq(y)
  - deq() [x]



capacity = 
$$8$$







- Insert elements at tail
- Remove elements from head
  - Initial: head = tail = 0
  - enq(x)
  - enq(y)
  - deq() [x]



capacity = 
$$8$$







- Insert elements at tail
- Remove elements from head
  - Initial: head = tail = 0
  - enq(x)
  - enq(y)
  - deq() [x]









- Insert elements at tail
- Remove elements from head
  - Initial: head = tail = 0
  - enq(x)
  - enq(y)
  - deq() [x]
  - **.**.



capacity = 
$$8$$





### **Sequential Queue**

```
class Queue {
private:
  int head, tail;
  std::vector<Item> items;
public:
  Queue(int capacity) {
    head = tail = 0;
    items.resize(capacity);
 // ...
};
```



capacity = 8





#### **Sequential Queue**

```
class Queue {
 // ...
public:
 void enq(Item x) {
    if((tail+1)%items.size() == head) {
     throw FullException;
    items[tail] = x;
   tail = (tail+1)%items.size();
 Item deq() {
    if(tail == head) {
     throw EmtpyException;
    Item item = items[head];
    head = (head+1)%items.size();
    return item;
```









#### **Sequential Execution**

- (The) one process executes operations one at a time
  - Sequential <sup>(3)</sup>
- Semantics of operation defined by specification of the class
  - Preconditions and postconditions



P

enq(x)

enq(y)

Time





### **Design by Contract!**

#### Preconditions:

- Specify conditions that must hold before method executes
- Involve state and arguments passed
- Specify obligations a client must meet before calling a method

#### Example: enq()

• Queue must not be full!

```
class Queue {
   // ...
   void enq(Item x) {
     assert((tail+1)%items.size() != head);
     // ...
   }
};
```







### **Design by Contract!**

#### Postconditions:

- Specify conditions that must hold after method executed
- Involve old state and arguments passed

#### Example: enq()

• Queue must contain element!

```
class Queue {
    // ...
    void enq(Item x) {
        // ...
        assert(
            (tail == (old_tail + 1)%items.size()) &&
            (items[old_tail] == x) );
        }
};
```



capacity = 
$$8$$







#### **Sequential specification**

- if(precondition)
  - Object is in a specified state
- then(postcondition)
  - The method returns a particular value or
  - Throws a particular exception and
  - Leaves the object in a specified state

#### Invariants

Specified conditions (e.g., object state) must hold anytime a client could invoke an objects method!







#### Advantages of sequential specification

- State between method calls is defined
  - Enables reasoning about objects
  - Interactions between methods captured by side effects on object state
- Enables reasoning about each method in isolation
  - Contracts for each method
  - Local state changes global state
- Adding new methods
  - Only reason about state changes that the new method causes
  - If invariants are kept: no need to check old methods
  - Modularity!







#### **Concurrent execution - State**

- Concurrent threads invoke methods on possibly shared objects
  - At overlapping time intervals!

| Property | Sequential                                | Concurrent                                                                                  |
|----------|-------------------------------------------|---------------------------------------------------------------------------------------------|
| State    | Meaningful only between method executions | Overlapping method executions $\rightarrow$ object may never be "between method executions" |



Each method execution takes some non-zero amount of time!







#### **Concurrent execution - State**

- Concurrent threads invoke methods on possibly shared objects
  - At overlapping time intervals!

| Property | Sequential                                | Concurrent                                                                                  |
|----------|-------------------------------------------|---------------------------------------------------------------------------------------------|
| State    | Meaningful only between method executions | Overlapping method executions $\rightarrow$ object may never be "between method executions" |



Each method execution takes some non-zero amount of time!







### **Concurrent execution - Reasoning**

- Reasoning must now include all possible interleavings
  - Of changes caused by methods themselves

| Property  | Sequential                                                                     | Concurrent                                                                           |
|-----------|--------------------------------------------------------------------------------|--------------------------------------------------------------------------------------|
| Reasoning | Consider each method in isolation; invariants on state before/after execution. | Need to consider all possible interactions; all intermediate states during execution |

That is, now we have to consider what will happen if we execute:

- enq() concurrently with enq()
- deq() concurrently with deq()
- deq() concurrently with enq()



Each method execution takes some non-zero amount of time!



#### **Concurrent execution - Method addition**

- Reasoning must now include all possible interleavings
  - Of changes caused by and methods themselves

| Property   | Sequential                                                                   | Concurrent                                               |
|------------|------------------------------------------------------------------------------|----------------------------------------------------------|
| Add Method | Without affecting other methods; invariants on state before/after execution. | Everything can potentially interact with everything else |

Consider adding a method that returns the last item enqueued

```
Item peek() {
   if(tail == head) throw EmptyException;
   return items[(tail-1) % items.size()];
}
void enq(Item x) {
   items[tail] = x;
   tail = (tail+1) % items.size();
}
```

```
Item deq() {
   Item item = items[head];
   head = (head+1) % items.size();
}
```

- If peek() and enq() run concurrently: what if tail has not yet been incremented?
- If peek() and deq() run concurrently: what if last item is being dequeued?







### **Concurrent objects**

- How do we describe one?
  - No pre-/postconditions 🖯
- How do we implement one?
  - Plan for quadratic or exponential number of interactions and states
- How do we tell if an object is correct?
  - Analyze all quadratic or exponential interactions and states







#### **Concurrent objects**

- How do we describe one?
  - No pre-/postconditions 🖯
- How do we implement one?
  - Plan for quadratic or exponential number of interactions and states
- How do we tell if an object is correct?
  - Analyze all quadratic or exponential interactions and states

Is it time to panic for (parallel) software engineers? Who has a solution?





#### **Lock-based queue**

```
class Queue {
private:
 int head, tail;
 std::vector<Item> items;
 std::mutex lock;
public:
 Queue(int capacity) {
    head = tail = 0;
    items.resize(capacity);
```



We can use the lock to protect Queue's fields.



## **Lock-based queue**

```
class Queue {
 // ...
public:
 void enq(Item x) {
    std::lock_guard<std::mutex> l(lock);
    if((tail+1)%items.size()==head) {
     throw FullException;
    items[tail] = x;
    tail = (tail+1)%items.size();
  Item deq() {
    std::lock_guard<std::mutex> l(lock);
    if(tail == head) {
     throw EmptyException;
    Item item = items[head];
    head = (head+1)%items.size();
    return item;
```





## **Lock-based queue**

```
class Queue {
 // ...
public:
 void enq(Item x) {
    std::lock_guard<std::mutex> l(lock);
    if((tail+1)%items.size()==head) {
     throw FullException;
    items[tail] = x;
    tail = (tail+1)%items.size();
  Item deq() {
    std::lock_guard<std::mutex> l(lock);
    if(tail == head) {
     throw EmptyException;
    Item item = items[head];
    head = (head+1)%items.size();
    return item;
```







## **C++ Resource Acquisition is Initialization**

- RAII suboptimal name
- Can be used for locks (or any other resource acquisition)
  - Constructor grabs resource
  - Destructor frees resource
- Behaves as if
  - Implicit unlock at end of block!
- Main advantages
  - Always unlock/free lock at exit
  - No "lost" locks due to exceptions or strange control flow (goto ©)
  - Very easy to use

```
template <typename mutex_impl>
class lock_guard {
  mutex_impl& _mtx; // ref to the mutex

public:
  lock_guard(mutex_impl& mtx ) : _mtx(mtx) {
    _mtx.lock(); // lock mutex in constructor
  }

  ~lock_guard() {
    _mtx.unlock(); // unlock mutex in destructor
  }
};
```













enq() is called

```
void enq(Item x) {
```







### The lock is acquired

```
void enq(Item x) {
  std::lock_guard<std::mutex> 1(lock);
```







```
void enq(Item x) {
  std::lock_guard<std::mutex> 1(lock);
  if((tail+1)%items.size()==head) {
```







### deq() is called by another thread

```
void enq(Item x) {
  std::lock_guard<std::mutex> 1(lock);
  if((tail+1)%items.size()==head) {
    throw FullException;
                                            Item deq() {
```







#### deq() has to wait for the lock to be released

```
void enq(Item x) {
  std::lock_guard<std::mutex> l(lock);
  if((tail+1)%items.size()==head) {
    throw FullException;
  }
```

```
Item deq() {
  std::lock_guard<std::mutex> 1(lock);
```







#### deq() has to wait for the lock to be released

```
void enq(Item x) {
  std::lock_guard<std::mutex> l(lock);
  if((tail+1)%items.size()==head) {
    throw FullException;
  }
  items[tail] = x;
```

```
Item deq() {
  std::lock_guard<std::mutex> l(lock);
```







#### deq() has to wait for the lock to be released

```
void enq(Item x) {
  std::lock_guard<std::mutex> l(lock);
  if((tail+1)%items.size()==head) {
    throw FullException;
  }
  items[tail] = x;
  tail = (tail+1)%items.size();
```

```
Item deq() {
  std::lock_guard<std::mutex> 1(lock);
```



```
void enq(Item x) {
  std::lock_guard<std::mutex> l(lock);
  if((tail+1)%items.size()==head) {
    throw FullException;
  }
  items[tail] = x;
  tail = (tail+1)%items.size();
}
```

```
Item deq() {
  std::lock_guard<std::mutex> 1(lock);
```



```
void enq(Item x) {
  std::lock_guard<std::mutex> l(lock);
  if((tail+1)%items.size()==head) {
    throw FullException;
  }
  items[tail] = x;
  tail = (tail+1)%items.size();
}
```

```
Item deq() {
  std::lock_guard<std::mutex> l(lock);

if(tail == head) {
```



```
void enq(Item x) {
  std::lock_guard<std::mutex> l(lock);
  if((tail+1)%items.size()==head) {
    throw FullException;
  }
  items[tail] = x;
  tail = (tail+1)%items.size();
}
```

```
Item deq() {
  std::lock_guard<std::mutex> l(lock);

if(tail == head) {
  throw EmptyException;
```



```
void enq(Item x) {
  std::lock_guard<std::mutex> l(lock);
  if((tail+1)%items.size()==head) {
    throw FullException;
  }
  items[tail] = x;
  tail = (tail+1)%items.size();
}
```

```
Item deq() {
  std::lock_guard<std::mutex> 1(lock);
  if(tail == head) {
    throw EmptyException;
```



```
void enq(Item x) {
  std::lock_guard<std::mutex> l(lock);
  if((tail+1)%items.size()==head) {
    throw FullException;
  }
  items[tail] = x;
  tail = (tail+1)%items.size();
}
```

```
Item deq() {
  std::lock guard<std::mutex> 1(lock);
  if(tail == head) {
    throw EmptyException;
  Item item = items[head];
```



```
void enq(Item x) {
  std::lock_guard<std::mutex> l(lock);
  if((tail+1)%items.size()==head) {
    throw FullException;
  }
  items[tail] = x;
  tail = (tail+1)%items.size();
}
```

```
Item deq() {
  std::lock guard<std::mutex> 1(lock);
  if(tail == head) {
    throw EmptyException;
  Item item = items[head];
  head = (head+1)%items.size();
```



```
void enq(Item x) {
  std::lock_guard<std::mutex> l(lock);
  if((tail+1)%items.size()==head) {
    throw FullException;
  }
  items[tail] = x;
  tail = (tail+1)%items.size();
}
```

```
Item deq() {
  std::lock guard<std::mutex> l(lock);
  if(tail == head) {
    throw EmptyException;
  Item item = items[head];
  head = (head+1)%items.size();
  return item;
```





```
void enq(Item x) {
  std::lock_guard<std::mutex> l(lock);
  if((tail+1)%items.size()==head) {
    throw FullException;
  items[tail] = x;
 tail = (tail+1)%items.size();
```

### deq() releases the lock

```
Item deq() {
  std::lock guard<std::mutex> l(lock);
  if(tail == head) {
    throw EmptyException;
  Item item = items[head];
  head = (head+1)%items.size();
  return item;
```



```
void enq(Item x) {
  std::lock_guard<std::mutex> l(lock);
  if((tail+1)%items.size()==head) {
    throw FullException;
  }
  items[tail] = x;
  tail = (tail+1)%items.size();
}
```

```
Item deq() {
  std::lock guard<std::mutex> l(lock);
  if(tail == head) {
    throw EmptyException;
  Item item = items[head];
  head = (head+1)%items.size();
  return item;
```







```
void enq(Item x) {
  std::lock_guard<std::mutex> l(lock);
  if((tail+1)%items.size()==head) {
    throw FullException;
                                            Item deq() {
                                              std::lock guard<std::mutex> 1(lock);
                                                                                              enq(x)
  items[tail] = x;
  tail = (tail+1)%items.size();
                                              if(tail == head) {
                                                throw EmptyException;
                                                                                                deq()
                                              Item item = items[head];
                                              head = (head+1)%items.size();
                                              return item;
```

Methods effectively execute one after another, sequentially.







#### **Correctness**

- Is the locked queue correct?
  - Yes, only one thread has access if locked correctly
  - Allows us again to reason about pre- and postconditions
  - Smells a bit like sequential consistency, no?
- Class question: What is the problem with this approach?







#### **Correctness**

- Is the locked queue correct?
  - Yes, only one thread has access if locked correctly
  - Allows us again to reason about pre- and postconditions
  - Smells a bit like sequential consistency, no?
- Class question: What is the problem with this approach?
  - Same as for SC <sup>©</sup>

It does not scale! What is the solution here?