source: doc/theses/colby_parsons_MMAth/text/actors.tex @ a03ed29

Last change on this file since a03ed29 was 9509d67a, checked in by caparsons <caparson@…>, 14 months ago

Incorporated changes in response to Trevor's comments.

  • Property mode set to 100644
File size: 96.5 KB
Line 
1% ======================================================================
2% ======================================================================
3\chapter{Actors}\label{s:actors}
4% ======================================================================
5% ======================================================================
6
7Actors are an indirect concurrent feature that abstracts threading away from a programmer, and instead provides \gls{actor}s and messages as building blocks for concurrency.
8Hence, actors are in the realm of \gls{impl_concurrency}, where programmers write concurrent code without dealing with explicit thread creation or interaction.
9Actor message-passing is similar to channels, but with more abstraction, so there is no shared data to protect, making actors amenable to a distributed environment.
10Actors are often used for high-performance computing and other data-centric problems, where the ease of use and scalability of an actor system provides an advantage over channels.
11
12The study of actors can be broken into two concepts, the \gls{actor_model}, which describes the model of computation, and the \gls{actor_system}, which refers to the implementation of the model.
13Before discussing \CFA's actor system in detail, it is important to first describe the actor model, and the classic approach to implementing an actor system.
14
15\section{Actor Model}
16The \Newterm{actor model} is a concurrent paradigm where an actor is used as the fundamental building-block for computation, and the data for computation is distributed to actors in the form of messages~\cite{Hewitt73}.
17An actor is composed of a \Newterm{mailbox} (message queue) and a set of \Newterm{behaviours} that receive from the mailbox to perform work.
18Actors execute asynchronously upon receiving a message and can modify their own state, make decisions, spawn more actors, and send messages to other actors.
19Conceptually, actor systems can be thought of in terms of channels, where each actor's mailbox is a channel.
20However, a mailbox behaves like an unbounded channel, which differs from the fixed size channels discussed in the previous chapter.
21Because the actor model is implicit concurrency, its strength is that it abstracts away many details and concerns needed in other concurrent paradigms.
22For example, mutual exclusion and locking are rarely relevant concepts in an actor model, as actors typically only operate on local state.
23
24\subsection{Classic Actor System}
25An implementation of the actor model with a theatre (group) of actors is called an \Newterm{actor system}.
26Actor systems largely follow the actor model, but can differ in some ways.
27
28In an actor system, an actor does not have a thread.
29An actor is executed by an underlying \Newterm{executor} (kernel thread-pool) that fairly invokes each actor, where an actor invocation processes one or more messages from its mailbox.
30The default number of executor threads is often proportional to the number of computer cores to achieve good performance.
31An executor is often tunable with respect to the number of kernel threads and its scheduling algorithm, which optimize for specific actor applications and workloads \see{Section~\ref{s:ActorSystem}}.
32
33While the semantics of message \emph{send} is asynchronous, the implementation may be synchronous or a combination.
34The default semantics for message \emph{receive} is \gls{fifo}, so an actor receives messages from its mailbox in temporal (arrival) order.
35% however, messages sent among actors arrive in any order.
36Some actor systems provide priority-based mailboxes and/or priority-based message-selection within a mailbox, where custom message dispatchers search among or within a mailbox(es) with a predicate for specific kinds of actors and/or messages.
37Some actor systems provide a shared mailbox where multiple actors receive from a common mailbox~\cite{Akka}, which is contrary to the no-sharing design of the basic actor-model (and may require additional locking).
38For non-\gls{fifo} service, some notion of fairness (eventual progress) should exist, otherwise messages have a high latency or starve, \ie are never received.
39% Finally, some actor systems provide multiple typed-mailboxes, which then lose the actor-\lstinline{become} mechanism \see{Section~\ref{s:SafetyProductivity}}.
40%While the definition of the actor model provides no restrictions on message ordering, actor systems tend to guarantee that messages sent from a given actor $i$ to actor $j$ arrive at actor $j$ in the order they were sent.
41Another way an actor system varies from the model is allowing access to shared global-state.
42When this occurs, it complicates the implementation as this breaks any implicit mutual-exclusion guarantees when only accessing local-state.
43
44\begin{figure}
45\begin{tabular}{l|l}
46\subfloat[Actor-centric system]{\label{f:standard_actor}\input{diagrams/standard_actor.tikz}} &
47\subfloat[Message-centric system]{\label{f:inverted_actor}\raisebox{.1\height}{\input{diagrams/inverted_actor.tikz}}}
48\end{tabular}
49\caption{Classic and inverted actor implementation approaches with sharded queues.}
50\end{figure}
51
52\subsection{\CFA Actor System}
53Figure~\ref{f:standard_actor} shows an actor system designed as \Newterm{actor-centric}, where a set of actors are scheduled and run on underlying executor threads~\cite{CAF,Akka,ProtoActor}.
54The simplest design has a single global queue of actors accessed by the executor threads, but this approach results in high contention as both ends of the queue by the executor threads.
55The more common design is to \Newterm{shard} the single queue among the executor threads, where actors are permanently assigned or can float among the queues.
56Sharding significantly decreases contention among executor threads adding and removing actors to/from a queue.
57Finally, each actor has a receive queue of messages (mailbox), which is a single consumer, multi-producer queue, \ie only the actor removes from the mailbox but multiple actors add messages.
58When an actor receives a message in its mailbox, the actor is marked ready and scheduled by a thread to run the actor's current behaviour on the message(s).
59
60% cite parallel theatre and our paper
61Figure \ref{f:inverted_actor} shows an actor system designed as \Newterm{message-centric}, where a set of messages are scheduled and run on underlying executor threads~\cite{uC++,Nigro21}.
62This design is \Newterm{inverted} because actors belong to a message queue, whereas in the classic approach a message queue belongs to each actor.
63Now a message send must query the actor to know which message queue to post the message to.
64Again, the simplest design has a single global queue of messages accessed by the executor threads, but this approach has the same contention problem by the executor threads.
65Therefore, the messages (mailboxes) are sharded and executor threads schedule each message, which points to its corresponding actor.
66Here, an actor's messages are permanently assigned to one queue to ensure \gls{fifo} receiving and/or reduce searching for specific actor/messages.
67Since multiple actors belong to each message queue, actor messages are interleaved on a queue, but individually in FIFO order.
68% In this inverted actor system instead of each executor threads owning a queue of actors, they each own a queue of messages.
69% In this scheme work is consumed from their queue and executed by underlying threads.
70The inverted model can be taken a step further by sharding the message queues for each executor threads, so each executor thread owns a set of queues and cycles through them.
71Again, this extra level of sharding is to reduce queue contention.
72% The arrows from the message queues to the actors in the diagram indicate interleaved messages addressed to each actor.
73
74The actor system in \CFA uses a message-centric design, adopts several features from my prior actor work in \uC~\cite{Buhr22} but is implemented in \CFA. My contributions to the prior actor work include introducing queue gulping, developing an actor benchmark suite, and extending promise support for actors. Furthermore, I improved the design and implementation of the \uC actor system to greatly increase its performance. As such, the actor system in \CFA started as a copy of the \uC implementation, which was then refined. This work adds the following new \CFA contributions:
75\begin{enumerate}[topsep=5pt,itemsep=3pt,parsep=0pt]
76\item
77Provide insight into the impact of envelope allocation in actor systems \see{Section~\ref{s:envelope}}.
78In all actor systems, dynamic allocation is needed to ensure the lifetime of a unit of work persists from its creation until the unit of work is executed.
79This allocation is often called an \Newterm{envelope} as it ``packages'' the information needed to run the unit of work, alongside any other information needed to send the unit of work, such as an actor's address or link fields.
80This dynamic allocation occurs once per message sent.
81Unfortunately, the high rate of message sends in an actor system results in significant contention on the memory allocator.
82A novel data structure is introduced to consolidate allocations to improve performance by minimizing allocator contention.
83
84\item
85Improve performance of the inverted actor system using multiple approaches to minimize contention on queues, such as queue gulping and avoiding atomic operations.
86
87\item
88Introduce work stealing in the inverted actor system.
89Work stealing in an actor-centric system involves stealing one or more actors among executor threads.
90In the inverted system, the notion of stealing message queues is introduced.
91The queue stealing is implemented such that the act of stealing work does not contend with non-stealing executor threads running actors.
92
93\item
94Introduce and evaluate a timestamp-based work-stealing heuristic with the goal of maintaining non-workstealing performance in work-saturated workloads and improving performance on unbalanced workloads.
95
96\item
97Provide a suite of safety and productivity features including static-typing, detection of erroneous message sends, statistics tracking, and more.
98\end{enumerate}
99
100\section{\CFA Actor}\label{s:CFAActor}
101\CFA is not an object oriented language and it does not have \gls{rtti}.
102As such, all message sends and receives among actors can only occur using static type-matching, as in Typed-Akka~\cite{AkkaTyped}.
103Figure~\ref{f:BehaviourStyles} contrasts dynamic and static type-matching.
104Figure~\ref{l:dynamic_style} shows the dynamic style with a heterogeneous message receive and an indirect dynamic type-discrimination for message processing.
105Figure~\ref{l:static_style} shows the static style with a homogeneous message receive and a direct static type-discrimination for message processing.
106The static-typing style is safer because of the static check and faster because there is no dynamic type-discrimination.
107The dynamic-typing style is more flexible because multiple kinds of messages can be handled in a behaviour condensing the processing code.
108
109\begin{figure}
110\centering
111
112\begin{lrbox}{\myboxA}
113\begin{cfa}[morekeywords=case]
114allocation receive( message & msg ) {
115        case( @msg_type1@, msg ) {      // discriminate type
116                ... msg_d-> ...;        // msg_type1 msg_d
117        } else case( @msg_type2@, msg ) {
118                ... msg_d-> ...;        // msg_type2 msg_d
119        ...
120}
121\end{cfa}
122\end{lrbox}
123
124\begin{lrbox}{\myboxB}
125\begin{cfa}
126allocation receive( @msg_type1@ & msg ) {
127        ... msg ...;
128}
129allocation receive( @msg_type2@ & msg ) {
130        ... msg ...;
131}
132...
133\end{cfa}
134\end{lrbox}
135
136\subfloat[dynamic typing]{\label{l:dynamic_style}\usebox\myboxA}
137\hspace*{10pt}
138\vrule
139\hspace*{10pt}
140\subfloat[static typing]{\label{l:static_style}\usebox\myboxB}
141\caption{Behaviour Styles}
142\label{f:BehaviourStyles}
143\end{figure}
144
145\begin{figure}
146\centering
147
148\begin{cfa}
149// actor
150struct my_actor {
151        @inline actor;@                                                 $\C[3.25in]{// Plan-9 C inheritance}$
152};
153// messages
154struct str_msg {
155        char str[12];
156        @inline message;@                                               $\C{// Plan-9 C inheritance}$
157};
158void ?{}( str_msg & this, char * str ) { strcpy( this.str, str ); }  $\C{// constructor}$
159struct int_msg {
160        int i;
161        @inline message;@                                               $\C{// Plan-9 C inheritance}$
162};
163// behaviours
164allocation receive( my_actor &, @str_msg & msg@ ) with(msg) {
165        sout | "string message \"" | str | "\"";
166        return Nodelete;                                                $\C{// actor not finished}$
167}
168allocation receive( my_actor &, @int_msg & msg@ ) with(msg) {
169        sout | "integer message" | i;
170        return Nodelete;                                                $\C{// actor not finished}$
171}
172int main() {
173        str_msg str_msg{ "Hello World" };               $\C{// constructor call}$
174        int_msg int_msg{ 42 };                                  $\C{// constructor call}$
175        start_actor_system();                                   $\C{// sets up executor}$
176        my_actor actor;                                                 $\C{// default constructor call}$
177        @actor | str_msg | int_msg;@                    $\C{// cascade sends}$
178        @actor | int_msg;@                                              $\C{// send}$
179        @actor | finished_msg;@                                 $\C{// send => terminate actor (builtin Poison-Pill)}$
180        stop_actor_system();                                    $\C{// waits until actors finish}\CRT$
181} // deallocate actor, int_msg, str_msg
182\end{cfa}
183\caption{\CFA Actor Syntax}
184\label{f:CFAActor}
185\end{figure}
186
187Figure~\ref{f:CFAActor} shows a complete \CFA actor example, which is discussed in detail.
188The actor type @my_actor@ is a @struct@ that inherits from the base @actor@ @struct@ via the @inline@ keyword.
189This inheritance style is the Plan-9 C-style \see{Section~\ref{s:Inheritance}}.
190Similarly, the message types @str_msg@ and @int_msg@ are @struct@s that inherits from the base @message@ @struct@ via the @inline@ keyword.
191Only @str_msg@ needs a constructor to copy the C string;
192@int_msg@ is initialized using its \CFA auto-generated constructors.
193There are two matching @receive@ (behaviour) routines that process the corresponding typed messages.
194Both @receive@ routines use a @with@ clause so message fields are not qualified \see{Section~\ref{s:with}} and return @Nodelete@ indicating the actor is not finished \see{Section~\ref{s:ActorBehaviours}}.
195Also, all messages are marked with @Nodelete@ as their default allocation state.
196The program main begins by creating two messages on the stack.
197Then the executor system is started by calling @start_actor_system@ \see{Section~\ref{s:ActorSystem}}.
198Now an actor is created on the stack and four messages are sent to it using operator @?|?@ \see{Section~\ref{s:Operators}}.
199The last message is the builtin @finish_msg@, which returns @Finished@ to an executor thread, causing it to remove the actor from the actor system \see{end of Section~\ref{s:ActorBehaviours}}.
200The call to @stop_actor_system@ blocks the program main until all actors are finished and removed from the actor system.
201The program main ends by deleting the actor and the two messages from the stack.
202The output for the program is:
203\begin{cfa}
204string message "Hello World"
205integer message 42
206integer message 42
207\end{cfa}
208
209\subsection{Actor Behaviours}\label{s:ActorBehaviours}
210In general, a behaviour for some derived actor and derived message type is defined with the following signature:
211\begin{cfa}
212allocation receive( my_actor & receiver, my_msg & msg )
213\end{cfa}
214where @my_actor@ and @my_msg@ inherit from types @actor@ and @message@, respectively.
215The return value of @receive@ must be a value from enumerated type, @allocation@:
216\begin{cfa}
217enum allocation { Nodelete, Delete, Destroy, Finished };
218\end{cfa}
219The values represent a set of actions that dictate what the executor does with an actor or message after a given behaviour returns.
220For actors, the @receive@ routine returns the @allocation@ status to the executor, which takes the appropriate action.
221For messages, either the default allocation, @Nodelete@, or any changed value in the message is examined by the executor, which takes the appropriate action.
222Message state is updated via a call to:
223\begin{cfa}
224void set_allocation( message & this, allocation state );
225\end{cfa}
226
227In detail, the actions taken by an executor for each of the @allocation@ values are:
228
229\noindent@Nodelete@
230tells the executor that no action is to be taken with regard to an actor or message.
231This status is used when an actor continues receiving messages or a message is reused.
232
233\noindent@Delete@
234tells the executor to call the object's destructor and deallocate (delete) the object.
235This status is used with dynamically allocated actors and messages when they are not reused.
236
237\noindent@Destroy@
238tells the executor to call the object's destructor, but not deallocate the object.
239This status is used with dynamically allocated actors and messages whose storage is reused.
240
241\noindent@Finished@
242tells the executor to mark the respective actor as finished executing, but not call the object's destructor nor deallocate the object.
243This status is used when actors or messages are global or stack allocated, or a programmer wants to manage deallocation themselves.
244Note that for messages there is no difference between allocations @Nodelete@ and @Finished@ because both tell the executor to do nothing to the message.
245Hence, @Finished@ is implicitly changed to @Nodelete@ in a message constructor, and @Nodelete@ is used internally for message error-checking \see{Section~\ref{s:SafetyProductivity}}.
246Therefore, reading a message's allocation status after setting to @Finished@ may be either @Nodelete@ (after construction) or @Finished@ (after explicitly setting using @set_allocation@).
247
248For the actor system to terminate, all actors must have returned a status other than @Nodelete@.
249After an actor is terminated, it is erroneous to send messages to it.
250Similarly,  after a message is terminated, it cannot be sent to an actor.
251Note that it is safe to construct an actor or message with a status other than @Nodelete@, since the executor only examines the allocation action \emph{after} a behaviour returns.
252
253\subsection{Actor Envelopes}\label{s:envelope}
254As stated, each message, regardless of where it is allocated, can be sent to an arbitrary number of actors, and hence, appear on an arbitrary number of message queues.
255Because a C program manages message lifetime, messages cannot be copied for each send, otherwise who manages the copies?
256Therefore, it is up to the actor program to manage message life-time across receives.
257However, for a message to appear on multiple message queues, it needs an arbitrary number of associated destination behaviours.
258Hence, there is the concept of an envelope, which is dynamically allocated on each send, that wraps a message with any extra implementation fields needed to persist between send and receive.
259Managing the envelope is straightforward because it is created at the send and deleted after the receive, \ie there is 1:1 relationship for an envelope and a many to one relationship for a message.
260
261% In actor systems, messages are sent and received by actors.
262% When a actor receives a message it executes its behaviour that is associated with that message type.
263% However the unit of work that stores the message, the receiving actor's address, and other pertinent information needs to persist between send and the receive.
264% Furthermore the unit of work needs to be able to be stored in some fashion, usually in a queue, until it is executed by an actor.
265% All these requirements are fulfilled by a construct called an envelope.
266% The envelope wraps up the unit of work and also stores any information needed by data structures such as link fields.
267
268% One may ask, "Could the link fields and other information be stored in the message?".
269% This is a good question to ask since messages also need to have a lifetime that persists beyond the work it delivers.
270% However, if one were to use messages as envelopes then a message would not be able to be sent to multiple actors at a time.
271% Therefore this approach would just push the allocation into another location, and require the user to dynamically allocate a message for every send, or require careful ordering to allow for message reuse.
272
273\subsection{Actor System}\label{s:ActorSystem}
274The calls to @start_actor_system@, and @stop_actor_system@ mark the start and end of a \CFA actor system.
275The call to @start_actor_system@ sets up an executor and executor threads for the actor system.
276It is possible to have multiple start/stop scenarios in a program.
277
278@start_actor_system@ has three overloaded signatures that vary the executor's configuration:
279
280\noindent@void start_actor_system()@
281configures the executor to implicitly use all preallocated kernel-threads (processors), \ie the processors created by the program main prior to starting the actor system.
282For example, the program main declares at the start:
283\begin{cfa}
284processor p[3];
285\end{cfa}
286which provides a total of 4 threads (3 + initial processor) for use by the executor.
287When the number of processors is greater than 1, each executor's message queue is sharded by a factor of 16 to reduce contention, \ie for 4 executor threads (processors), there is a total of 4 $\times$ 16 message queues evenly distributed across the executor threads.
288
289\noindent@void start_actor_system( size_t num_thds )@
290configures the number of executor threads to @num_thds@, with the same message queue sharding.
291
292\begin{sloppypar}
293\noindent@void start_actor_system( executor & this )@
294allows the programmer to explicitly create and configure an executor for use by the actor system.
295Executor configuration options are discussed in Section~\ref{s:executor}.
296\end{sloppypar}
297
298\noindent
299All actors must be created \emph{after} calling @start_actor_system@ so the executor can keep track of the number of actors that have entered the system but not yet terminated.
300
301\subsection{Actor Send}\label{s:ActorSend}
302All message sends are done using the vertical-bar (bit-or) operator, @?|?@, similar to the syntax of the \CFA stream I/O.
303One way to provide a generic operator is through the \CFA type system:
304\begin{cfa}
305actor & ?|?( actor &, message & ) { // base actor and message types
306        // boilerplate to send message to executor mail queue
307}
308actor | str_msg | int_msg;   // rewritten: ?|?( ?|?( actor, int_msg ), str_msg )
309\end{cfa}
310In the \CFA type system, calls to this routine work for any pair of parameters that inherit from the @actor@ and @message@ types via Plan-9 inheritance.
311However, within the body the routine, all type information about the derived actor and message is lost (type erasure), so this approach is unable to find the right @receive@ routine to put in the envelope.
312
313If \CFA had a fully-fledged virtual system, the generic @?|?@ routine would work, since the virtual system could dynamically select the derived @receive@ routine via virtual dispatch.
314\CFA does have a preliminary form of virtual routines, but it is not mature enough for use in this work, so a different approach is needed.
315
316Without virtuals, the idiomatic \CFA way to create the generic @?|?@ routine is using @forall@:
317\begin{cfa}
318// forall types A, M that have a receive that returns allocation
319forall( A &, M & | { allocation receive( A &, M & ); } )
320A & ?|?( A &, M & ) { // actor and message types
321        // boilerplate to send message to executor mail queue
322}
323\end{cfa}
324This approach should work.
325However, the \CFA type system is still a work in progress, and there is a nontrivial bug where inherited routines are not recognized by @forall@.
326For example, Figure~\ref{f:type_problem} shows type @B@ has an inherited @foo@ routine through type @A@ and should find the @bar@ routine defined via the @forall@, but does not due the type-system bug.
327
328\begin{figure}
329\begin{cfa}
330struct A {};
331struct B { inline A; }
332void foo( A & a ) { ... }
333
334// for all types that have a foo routine here is a bar routine
335forall( T & | { void foo( T & ); } )
336void bar( T & t ) { ... }
337
338int main() {
339        B b;
340        foo( b ); // B has a foo so it should find a bar via the forall
341        bar( b ); // compilation error, no bar found for type B
342}
343\end{cfa}
344\caption{\CFA Type-System Problem}
345\label{f:type_problem}
346\end{figure}
347
348Users could be expected to write the @?|?@ routines, but this approach is error prone and creates maintenance issues.
349As a stopgap until the \CFA type-system matures, a workaround was created using a template-like approach, where the compiler generates a matching @?|?@ routine for each @receive@ routine it finds with the correct actor/message type-signature.
350This workaround is outside of the type system, but performs a type-system like action.
351The workaround requires no annotation or additional code to be written by users;
352thus, it resolves the maintenance and error problems.
353It should be possible to seamlessly transition the workaround into any updated version of the \CFA type-system.
354
355Figure~\ref{f:send_gen} shows the generated send routine for the @int_msg@ receive in Figure~\ref{f:CFAActor}.
356Operator @?|?@ has the same parameter signature as the corresponding @receive@ routine and returns an @actor@ so the operator can be cascaded.
357The routine sets @rec_fn@ to the matching @receive@ routine using the left-hand type to perform the selection.
358Then the routine packages the actor and message, along with the receive routine into an envelope.
359Finally, the envelope is added to the executor queue designated by the actor using the executor routine @send@.
360
361\begin{figure}
362\begin{cfa}
363$\LstCommentStyle{// from Figure~\ref{f:CFAActor}}$
364struct my_actor { inline actor; };                                              $\C[3.75in]{// actor}$
365struct int_msg { inline message; int i; };                              $\C{// message}$
366allocation receive( @my_actor &, int_msg & msg@ ) {...} $\C{// receiver}$
367
368// compiler generated send operator
369typedef allocation (*receive_t)( actor &, message & );
370actor & ?|?( @my_actor & receiver, int_msg & msg@ ) {
371        allocation (*rec_fn)( my_actor &, int_msg & ) = @receive@; // deduce receive routine
372        request req{ (actor *)&receiver, (message *)&msg, (receive_t)rec_fn };
373        send( receiver, req );                                                          $\C{// queue message for execution}\CRT$
374        return receiver;
375}
376\end{cfa}
377\caption{Generated Send Operator}
378\label{f:send_gen}
379\end{figure}
380
381Figure~\ref{f:PoisonPillMessages} shows three builtin \Newterm{poison-pill} messages and receive routines used to terminate actors, depending on how an actor is allocated: @Delete@, @Destroy@ or @Finished@.
382Poison-pill messages are common across actor systems, including Akka and ProtoActor~\cite{Akka,ProtoActor} to suggest or force actor termination.
383For example, in Figure~\ref{f:CFAActor}, the builtin @finished_msg@ message and receive are used to terminate the actor because the actor is allocated on the stack, so no deallocation actions are performed by the executor.
384Note that assignment is used to initialize these messages rather than constructors because the constructor changes the allocation to @Nodelete@ for error checking
385
386\begin{figure}
387\begin{cfa}
388message __base_msg_finished $@$= { .allocation_ : Finished }; // use C initialization
389struct delete_msg_t { inline message; } delete_msg = __base_msg_finished;
390struct destroy_msg_t { inline message; } destroy_msg = __base_msg_finished;
391struct finished_msg_t { inline message; } finished_msg = __base_msg_finished;
392
393allocation receive( actor & this, delete_msg_t & msg ) { return Delete; }
394allocation receive( actor & this, destroy_msg_t & msg ) { return Destroy; }
395allocation receive( actor & this, finished_msg_t & msg ) { return Finished; }
396\end{cfa}
397\caption{Builtin Poison-Pill Messages}
398\label{f:PoisonPillMessages}
399\end{figure}
400
401\subsection{Actor Termination}\label{s:ActorTerm}
402During a message send, the receiving actor and message being sent are stored via pointers in the envelope.
403These pointers have the base actor and message types, so type information of the derived actor and message is lost and must be recovered later when the typed receive routine is called.
404After the receive routine is done, the executor must clean up the actor and message according to their allocation status.
405If the allocation status is @Delete@ or @Destroy@, the appropriate destructor must be called by the executor.
406This requirement poses a problem: the derived type of the actor or message is not available to the executor, but it needs to call the derived destructor.
407This requires downcasting from the base type to the derived type, which requires a virtual system.
408To accomplish the downcast, a rudimentary destructor-only virtual system was implemented in \CFA as part of this work.
409This virtual system is used via Plan-9 inheritance of the @virtual_dtor@ type, shown in Figure~\ref{f:VirtDtor}.
410The @virtual_dtor@ type maintains a pointer to the start of the object, and a pointer to the correct destructor.
411When a type inherits @virtual_dtor@, the compiler adds code to its destructor to intercepted any destructor calls along this segment of the inheritance tree and restart at the appropriate destructor for that object.
412
413\begin{figure}
414\centering
415
416\begin{lrbox}{\myboxA}
417\begin{cfa}
418struct base { inline virtual_dtor; };
419void ^?{}( base & ) { sout | "^base"; }
420struct intermediate { inline base; };
421void ^?{}( intermediate & ) { sout | "^intermediate"; }
422struct derived { inline intermediate; };
423void ^?{}( derived & ) { sout | "^derived"; }
424
425int main() {
426        base & b;
427        intermediate i;
428        derived d1, d2, d3;
429        intermediate & ri = d2;
430        base & rb = d3;
431        // explicit destructor calls
432        ^d1{};  sout | nl;
433        ^ri{};   sout | nl;
434        ^rb{};  sout | nl;
435} // ^i, ^b
436\end{cfa}
437\end{lrbox}
438
439\begin{lrbox}{\myboxB}
440\begin{cfa}
441^derived
442^intermediate
443^base
444
445^derived
446^intermediate
447^base
448
449^derived
450^intermediate
451^base
452
453^intermediate
454^base
455
456
457
458
459\end{cfa}
460
461\end{lrbox}
462\subfloat[Destructor calls]{\label{l:destructor_calls}\usebox\myboxA}
463\hspace*{10pt}
464\vrule
465\hspace*{10pt}
466\subfloat[Output]{\usebox\myboxB}
467
468\caption{\CFA Virtual Destructor}
469\label{f:VirtDtor}
470\end{figure}
471
472While this virtual destructor system was built for this work, it is general and can be used with any type in \CFA.
473Actors and messages opt into this system by inheriting the @virtual_dtor@ type, which allows the executor to call the right destructor without knowing the derived actor or message type.
474Again, it should be possible to seamlessly transition this workaround into any updated version of the \CFA type-system.
475
476\section{\CFA Executor}\label{s:executor}
477This section describes the basic architecture of the \CFA executor.
478An executor of an actor system is the scheduler that organizes where actor behaviours are run and how messages are sent and delivered.
479In \CFA, the executor is message-centric \see{Figure~\ref{f:inverted_actor}}, but extended by over sharding of a message queue \see{left side of Figure~\ref{f:gulp}}, \ie there are $M$ message queues where $M$ is greater than the number of executor threads $N$ (usually a multiple of $N$).
480This approach reduces contention by spreading message delivery among the $M$ queues rather than $N$, while still maintaining actor \gls{fifo} message-delivery semantics.
481The only extra overhead is each executor cycling (usually round-robin) through its $M$/$N$ queues.
482The goal is to achieve better performance and scalability for certain kinds of actor applications by reducing executor locking.
483Note that lock-free queues do not help because busy waiting on any atomic instruction is the source of the slowdown whether it is a lock or lock-free.
484
485\begin{figure}
486\begin{center}
487\input{diagrams/gulp.tikz}
488\end{center}
489\caption{Queue Gulping Mechanism}
490\label{f:gulp}
491\end{figure}
492
493Each executor thread iterates over its own message queues until it finds one with messages.
494At this point, the executor thread atomically \gls{gulp}s the queue, meaning it moves the contents of message queue to a local queue of the executor thread.
495Gulping moves the contents of the message queue as a batch rather than removing individual elements.
496An example of the queue gulping operation is shown in the right side of Figure \ref{f:gulp}, where an executor thread gulps queue 0 and begins to process it locally.
497This step allows the executor thread to process the local queue without any atomics until the next gulp.
498Other executor threads can continue adding to the ends of the executor thread's message queues.
499In detail, an executor thread performs a test-and-gulp, non-atomically checking if a queue is non-empty, before attempting to gulp it.
500If an executor misses an non-empty queue due to a race, it eventually finds the queue after cycling through its message queues.
501This approach minimizes costly lock acquisitions.
502
503Processing a local queue involves: removing a unit of work from the queue, dereferencing the actor pointed-to by the work unit, running the actor's behaviour on the work-unit message, examining the returned allocation status from the @receive@ routine for the actor and internal status in the delivered message, and taking the appropriate actions.
504Since all messages to a given actor are in the same queue, this guarantees atomicity across behaviours of that actor since it can only execute on one thread at a time.
505As each actor is created or terminated by an executor thread, it atomically increments/decrements a global counter.
506When an executor decrements the counter to zero, it sets a global boolean variable that is checked by each executor thread when it has no work.
507Once a executor threads sees the flag is set it stops running.
508After all executors stop, the actor system shutdown is complete.
509
510\subsection{Copy Queue}\label{s:copyQueue}
511Unfortunately, the frequent allocation of envelopes for each send results in heavy contention on the memory allocator.
512This contention is reduced using a novel data structure, called a \Newterm{copy queue}.
513The copy queue is a thin layer over a dynamically sized array that is designed with the envelope use-case in mind.
514A copy queue supports the typical queue operations of push/pop but in a different way from a typical array-based queue.
515
516The copy queue is designed to take advantage of the \gls{gulp}ing pattern, giving an amortized runtime cost for each push/pop operation of $O(1)$.
517In contrast, a na\"ive array-based queue often has either push or pop cost $O(n)$ and the other cost $O(1)$ since one of the operations requires shifting the elements of the queue.
518Since the executor threads gulp a queue to operate on it locally, this creates a usage pattern where all elements are popped from the copy queue without any interleaved pushes.
519As such, during pop operations there is no need to shift array elements.
520Instead, an index is stored in the copy-queue data-structure that keeps track of which element to pop next allowing pop to be $O(1)$.
521Push operations are amortized $O(1)$ since pushes may cause doubling reallocations of the underlying dynamic-sized array (like \CC @vector@).
522Note that the copy queue is similar to a circular buffer, but has a key difference.
523After all elements are popped, the end of the queue is set back to index zero, whereas a standard circular buffer would leave the end in the same location.
524Using a standard circular buffer would incur an additional $O(n)$ cost of fixing the buffer after a doubling reallocation.
525
526Since the copy queue is an array, envelopes are allocated first on the stack and then copied into the copy queue to persist until they are no longer needed.
527For many workloads, the copy queues reallocate and grow in size to facilitate the average number of messages in flight and there are no further dynamic allocations.
528The downside of this approach is that more storage is allocated than needed, \ie each copy queue is only partially full.
529Comparatively, the individual envelope allocations of a list-based queue mean that the actor system always uses the minimum amount of heap space and cleans up eagerly.
530Additionally, bursty workloads can cause the copy queues to allocate a large amount of space to accommodate the throughput peak, even if most of that storage is not needed for the rest of the workload's execution.
531
532To mitigate memory wastage, a reclamation scheme is introduced.
533Initially, the memory reclamation na\"ively reclaims one index of the array per \gls{gulp}, if the array size is above a low fixed threshold.
534However, this approach has a problem.
535The high memory watermark nearly doubled!
536The issue is highlighted with an example.
537Assume a fixed throughput workload, where a queue never has more than 19 messages at a time.
538If the copy queue starts with a size of 10, it ends up doubling at some point to size 20 to accommodate 19 messages.
539However, after 2 gulps and subsequent reclamations the array size is 18.
540The next time 19 messages are enqueued, the array size is doubled to 36!
541To avoid this issue, a second check is added.
542Reclamation only occurs if less than half of the array is utilized.
543This check achieves a lower total storage and overall memory utilization compared to the non-reclamation copy queues.
544However, the use of copy queues still incurs a higher memory cost than list-based queueing, but the increase in memory usage is reasonable considering the performance gains \see{Section~\ref{s:actor_perf}}.
545
546\section{Work Stealing}\label{s:steal}
547Work stealing is a scheduling strategy to provide \Newterm{load balancing}.
548The goal is to increase resource utilization by having an idle thread steal work from a working thread.
549While there are multiple parts in a work-stealing scheduler, two important components are the stealing mechanism and victim selection.
550
551\subsection{Stealing Mechanism}
552In work stealing, the stealing worker is called the \Newterm{thief} and the worker being stolen from is called the \Newterm{victim}.
553% Workers consume actors from their ready queue and execute their behaviours.
554% Through these behaviours, a worker inserts messages onto its own and other worker ready-queues.
555To steal, a thief takes work from a victim's ready queue, so work stealing always results in a potential increase in contention on ready queues between the victim gulping from a queue and the thief stealing the queue.
556This contention can reduce the victim's throughput.
557Note that the data structure used for the ready queue is not discussed since the largest cost is the mutual exclusion and its duration for safely performing the queue operations.
558
559The stealing mechanism in this work differs from most work-stealing actor-systems because of the message-centric (inverted) actor-system.
560Actor systems, such as Akka~\cite{Akka} and CAF~\cite{CAF} using actor-centric systems, steal by dequeuing an actor from a non-empty actor ready-queue and enqueue\-ing to an empty ready-queue.
561% As an example, in CAF, the sharded actor ready queue is a set of double-ended queues (dequeues).
562In \CFA, the actor work-stealing implementation is unique because of the message-centric system.
563With this approach, it is impractical to steal actors because an actor's messages are distributed in temporal order along the message queue.
564To ensure sequential actor execution and \gls{fifo} message delivery in a message-centric system, stealing requires finding and removing \emph{all} of an actor's messages, and inserting them consecutively in another message queue.
565This operation is $O(N)$ with a non-trivial constant.
566The only way for work stealing to become practical is to shard each worker's message queue \see{Section~\ref{s:executor}}, which also reduces contention, and to steal queues to eliminate queue searching.
567
568Given queue stealing, the goal of the presented stealing implementation is to have an essentially zero-contention-cost stealing mechanism.
569Achieving this goal requires work stealing to have minimal (practically no) effect on the performance of the victim.
570The implication is that thieves cannot contend with a victim, and that a victim should perform no stealing related work unless it becomes a thief.
571In theory, this goal is not achievable, but practical results show the goal is nearly achieved.
572
573One important lesson learned while working on \uC actors~\cite{Buhr22} and through discussions with fellow student Thierry Delisle, who examined work-stealing for user-threads in his Ph.D.~\cite{Delisle22}, is \emph{not} to aggressively steal.
574With reasonable workloads, being a thief should be a temporary state, \ie eventually work appears on the thief's ready-queues and it returns to normal operation.
575Furthermore, the act of \emph{looking} to find work is invasive, possibly disrupting multiple victims.
576Therefore, stealing should be done lazily in case work appears for the thief and to minimize disruption of victims.
577Note that the cost of stealing is not crucial for the thief because it does not have anything else to do except poll or block.
578
579The outline for lazy-stealing by a thief is: select a victim, scan its queues once, and return immediately if a queue is stolen.
580The thief then assumes its normal operation of scanning over its own queues looking for work, where stolen work is placed at the end of the scan.
581Hence, only one victim is affected and there is a reasonable delay between stealing events as the thief scans its ready queue looking for its own work before potentially stealing again.
582This lazy examination by the thief has a low perturbation cost for victims, while still finding work in a moderately loaded system.
583In all work-stealing algorithms, there is the pathological case where there is too little work and too many workers;
584this scenario can only be handled by putting workers to sleep or deleting them.
585This case is not examined in this work.
586
587In more detail, the \CFA work-stealing algorithm begins by iterating over its message queues twice without finding any work before it tries to steal a queue from another worker.
588Stealing a queue is done atomically with a few atomic instructions that only create contention with other stealing workers not the victim.
589The complexity in the implementation is that victim gulping does not take the mailbox queue;
590rather it atomically transfers the mailbox nodes to another queue leaving the mailbox empty, as discussed in Section~\ref{s:executor}.
591Hence, the original mailbox is always available for new message deliveries.
592However, this transfer logically subdivides the mailbox into two separate queues, and during this period, the mailbox cannot be stolen;
593otherwise there are two threads simultaneously running messages on an actor in the two parts of the mailbox queue.
594To solve this problem, an atomic gulp also marks the mailbox queue as subdivided making it ineligible for stealing.
595Hence, a thief checks if a queue is eligible and non-empty before attempting an atomic steal of a queue.
596
597Figure~\ref{f:steal} shows the queue architecture and stealing mechanism.
598Internally, the mailbox queues are accessed through two arrays of size $N$, which are shared among all workers.
599There is an array of mailbox queues, @mailboxes@, and an array of pointers to the mailboxes, @worker_queues@:
600\begin{cfa}
601struct work_queue {
602        spinlock_t mutex_lock;                  $\C[2.75in]{// atomicity for queue operations}$
603        copy_queue * owned_queue;               $\C{// copy queue}$
604        copy_queue * c_queue;                   $\C{// current queue}$
605        volatile bool being_processed;  $\C{// flag to prevent concurrent processing}$
606};
607work_queue * mailboxes;                         $\C{// master array of work request queues}$
608work_queue ** worker_queues;            $\C{// secondary array of work queues to allow for swapping}\CRT$
609\end{cfa}
610A send inserts a request at the end of one of @mailboxes@.
611A steal swaps two pointers in \snake{worker_queues}.
612Conceptually, @worker_queues@ represents the ownership relation between mailboxes and workers.
613Given $M$ workers and $N$ mailboxes, each worker owns a contiguous $M$/$N$ block of pointers in @worker_queues@.
614When a worker gulps, it dereferences one of the pointers in its section of @worker_queues@ and then gulps the queue from the mailbox it points at.
615To transfer ownership of a mailbox from one worker to another, a pointer from each of the workers' ranges are swapped.
616This structure provides near-complete separation of stealing and gulping/send operations.
617As such, operations can happen on @mailboxes@ independent of stealing, which avoids almost all contention between thief and victim threads.
618
619\begin{figure}
620\begin{center}
621\input{diagrams/steal.tikz}
622\end{center}
623\caption{Queue Stealing Mechanism}
624\label{f:steal}
625\end{figure}
626
627To steal a queue, a thief does the following:
628\begin{enumerate}[topsep=5pt,itemsep=3pt,parsep=0pt]
629\item
630chooses a victim.
631Victim selection heuristics are independent of the stealing mechanism and discussed in Section~\ref{s:victimSelect}.
632
633\item
634scan the victim's $M$/$N$ range of @worker_queues@ and non-atomically checks each mailbox to see if it is eligible and non-empty.
635If a match is found, the thief attempts to steal the mailbox by swapping the appropriate victim worker-queue pointer with an empty thief's pointer, where the pointers come from the victim's and thief's ranges, respectively.
636% The swap races to interchange the appropriate victim's mail-queue pointer with an empty mail-queue pointer in the thief's @worker_queues@ range.
637This swap can fail if another thief steals the queue, which is discussed further in Section~\ref{s:swap}.
638% Note that a thief never exceeds its $M$/$N$ worker range because it is always exchanging queues with other workers.
639If no appropriate victim mailbox is found, no swap is attempted.
640Note that since the mailbox checks happen non-atomically, the thieves effectively guess which mailbox is ripe for stealing.
641The thief may read stale data and can end up stealing an ineligible or empty mailbox.
642This is not a correctness issue and is addressed in Section~\ref{s:steal_prob}, but the steal will likely not be productive.
643These unproductive steals are uncommon, but do occur with some frequency, and are a tradeoff that is made to achieve minimal victim contention.
644
645\item
646stops searching after a successful mailbox steal, a failed mailbox steal, or all mailboxes in the victim's range are examined.
647The thief then resumes normal execution and ceases being a thief.
648Hence, it iterates over its own worker queues because new messages may have arrived during stealing, including ones in the potentially stolen queue.
649Stealing is only repeated after the worker completes two consecutive iterations over its message queues without finding work.
650\end{enumerate}
651
652\subsection{Stealing Problem}\label{s:steal_prob}
653Each queue access (send or gulp) involving any worker (thief or victim) is protected using spinlock @mutex_lock@.
654However, to achieve the goal of almost zero contention for the victim, it is necessary that the thief does not acquire any queue spinlocks in the stealing protocol.
655The victim critical-section is gulping a queue, which involves two steps:
656\begin{cfa}
657temp = worker_queues[x];
658// preemption and steal
659transfer( local_queue, temp->c_queue );   // atomically sets being_processed
660\end{cfa}
661where @transfer@ gulps the work from @c_queue@ to the victim's @local_queue@ and leaves @c_queue@ empty, partitioning the mailbox.
662Specifically,
663\begin{enumerate}[topsep=5pt,itemsep=3pt,parsep=0pt]
664\item
665The victim must dereference its current mailbox pointer from @worker_queues@.
666\item
667The victim calls @transfer@ to gulp from the mailbox.
668\end{enumerate}
669If the victim is preempted after the dereference, a thief can steal the mailbox pointer before the victim calls @transfer@.
670The thief then races ahead, transitions back to a victim, searches its mailboxes, finds the stolen non-empty mailbox, and gulps this queue.
671The original victim now continues and gulps from the stolen mailbox pointed to by its dereference, even though the thief has logically subdivided this mailbox by gulping it.
672At this point, the mailbox has been subdivided a second time, and the victim and thief are possibly processing messages sent to the same actor, which violates mutual exclusion and the message-ordering guarantee.
673Preventing this race requires either a lock acquire or an atomic operation on the victim's fast-path to guarantee the victim's mailbox dereferenced pointer is not stale.
674However, any form of locking here creates contention between thief and victim.
675
676The alternative to locking is allowing the race and resolving it lazily.
677% As mentioned, there is a race between a victim gulping and a thief stealing because gulping partitions a mailbox queue making it ineligible for stealing.
678% Furthermore, after a thief steals, there is moment when victim gulps but the queue no longer
679% This algorithm largely eliminates contention among thieves and victims except for the rare moment when a victim/thief concurrently attempt to gulp/steal the same queue.
680% Restating, when a victim operates on a queue, it first copies the queue pointer from @worker_queues@ to a local variable (gulp).
681% It then uses that local variable for all queue operations until it moves to the next index of its range.
682% This approach ensures any swaps do not interrupt gulping operations, however this introduces a correctness issue.
683% There is a window for a race condition between the victim and a thief.
684% Once a victim copies the queue pointer from @worker_queues@, a thief could steal that pointer and both may try to gulp from the same queue.
685% These two gulps cannot be allowed to happen concurrently.
686% If any behaviours from a queue are run by two workers at a time it violates both mutual exclusion and the actor ordering guarantees.
687To resolve the race, each mailbox header stores a @being_processed@ flag that is atomically set when a queue is transferred.
688The flag indicates that a mailbox has been gulped (logically subdivided) by a worker and the gulped queue is being processed locally.
689The @being_processed@ flag is reset once the local processing is finished.
690If a worker, either victim or thief turned victim, attempts to gulp from a mailbox and finds the @being_processed@ flag set, it does not gulp and moves onto the next mailbox in its range.
691This resolves the race no matter the winner.
692If the thief wins the race, it steals the mailbox and gulps, and the victim sees the flag set and skips gulping from the mailbox.
693If the victim wins the race, it gulps from the mailbox, and the thief sees the flag set and does not gulp from the mailbox.
694
695There is a final case where the race occurs and is resolved with \emph{both} gulps occurring.
696Here, the winner of the race finishes processing the queue and resets the @being_processed@ flag.
697Then the loser unblocks from its preemption and completes its gulp from the same mailbox and atomically sets the \snake{being_processed} flag.
698The loser is now processing messages from a temporarily shared mailbox, which is safe because the winner ignores this mailbox, if it attempts another gulp since @being_processed@ is set.
699The victim never attempts to gulp from the stolen mailbox again because its next cycle sees the swapped mailbox from the thief (which may or may not be empty at this point).
700This race is now the only source of contention between victim and thief as they both try to acquire a lock on the same queue during a transfer.
701However, the window for this race is extremely small, making this contention rare.
702In theory, if this race occurs multiple times consecutively, \ie a thief steals, dereferences a stolen mailbox pointer, is interrupted, and stolen from, etc., this scenario can cascade across multiple workers all attempting to gulp from one mailbox.
703The @being_processed@ flag ensures correctness even in this case, and the chance of a cascading scenario across multiple workers is even rarer.
704
705It is straightforward to count the number of missed gulps due to the @being_processed@ flag and this counter is added to all benchmarks presented in Section~\ref{s:actor_perf}.
706The results show the median count of missed gulps for each experiment is \emph{zero}, except for the repeat benchmark.
707The repeat benchmark is an example of the pathological case described earlier where there is too little work and too many workers.
708In the repeat benchmark, one actor has the majority of the workload, and no other actor has a consistent workload, which results in rampant stealing.
709None of the work-stealing actor-systems examined in this work perform well on the repeat benchmark.
710Hence, for all non-pathological cases, the claim is made that this stealing mechanism has a (probabilistically) zero-victim-cost in practice.
711Future work on the work stealing system could include a backoff mechanism after failed steals to further address the pathological cases.
712
713\subsection{Queue Pointer Swap}\label{s:swap}
714
715To atomically swap the two @worker_queues@ pointers during work stealing, a novel atomic swap-algorithm is needed.
716The \gls{cas} is a read-modify-write instruction available on most modern architectures.
717It atomically compares two memory locations, and if the values are equal, it writes a new value into the first memory location.
718A sequential specification of \gls{cas} is:
719\begin{cfa}
720// assume this routine executes atomically
721bool CAS( T * assn, T comp, T new ) {   // T is a basic type
722        if ( *assn != comp ) return false;
723        *assn = new;
724        return true;
725}
726\end{cfa}
727However, this instruction does \emph{not} swap @assn@ and @new@, which is why compare-and-swap is a misnomer.
728If @T@ can be a double-wide address-type (128 bits on a 64-bit machine), called a \gls{dwcas}, then it is possible to swap two values, if and only if the two addresses are juxtaposed in memory.
729\begin{cfa}
730union Pair {
731        struct { void * ptr1, * ptr2; };   // 64-bit pointers
732        __int128 atom;
733};
734Pair pair1 = { addr1, addr2 }, pair2 = { addr2, addr1 };
735Pair top = pair1;
736DWCAS( top.atom, pair1.atom, pair2.atom );
737\end{cfa}
738However, this approach does not apply because the mailbox pointers are seldom juxtaposed.
739
740Only a few architectures provide a \gls{dcas}, which extends \gls{cas} to two memory locations~\cite{Doherty04}.
741\begin{cfa}
742// assume this routine executes atomically
743bool DCAS( T * assn1, T * assn2, T comp1, T comp2, T new1, T new2 ) {
744        if ( *assn1 == comp1 && *assn2 == comp2 ) {
745                *assn1 = new1;
746                *assn2 = new2;
747                return true;
748        }
749        return false;
750}
751\end{cfa}
752\gls{dcas} can be used to swap two values; for this use case the comparisons are superfluous.
753\begin{cfa}
754DCAS( x, y, x, y, y, x );
755\end{cfa}
756A restrictive form of \gls{dcas} can be simulated using \gls{ll}/\gls{sc}~\cite{Brown13} or more expensive transactional memory with the same progress property problems as LL/SC.
757% (There is waning interest in transactional memory and it seems to be fading away.)
758
759Similarly, very few architectures have a true memory/memory swap instruction (Motorola M68K, SPARC 32-bit).
760The x86 XCHG instruction (and most other architectures with a similar instruction) only works between a register and memory location.
761In this case, there is a race between loading the register and performing the swap (discussed shortly).
762
763Either a true memory/memory swap instruction or a \gls{dcas} would provide the ability to atomically swap two memory locations, but unfortunately neither of these instructions are supported on the architectures used in this work.
764There are lock-free implemetions of DCAS, or more generally K-word CAS (also known as MCAS or CASN)~\cite{Harris02} and LLX/SCX~\cite{Brown14} that can be used to provide the desired atomic swap capability.
765However, these lock-free implementations were not used as it is advantageous in the work stealing case to let an attempted atomic swap fail instead of retrying.
766Hence, a novel atomic swap specific to the actor use case is simulated, called \gls{qpcas}.
767Note that this swap is \emph{not} lock-free.
768The \gls{qpcas} is effectively a \gls{dcas} special cased in a few ways:
769\begin{enumerate}
770\item
771It works on two separate memory locations, and hence, is logically the same as.
772\begin{cfa}
773bool QPCAS( T * dst, T * src ) {
774        return DCAS( dest, src, *dest, *src, *src, *dest );
775}
776\end{cfa}
777\item
778The values swapped are never null pointers, so a null pointer can be used as an intermediate value during the swap. As such, null is effectively used as a lock for the swap.
779\end{enumerate}
780Figure~\ref{f:qpcasImpl} shows the \CFA pseudocode for the \gls{qpcas}.
781In detail, a thief performs the following steps to swap two pointers:
782\begin{enumerate}
783\item
784Stores local copies of the two pointers to be swapped.
785\item
786Verifies the stored copy of the victim queue pointer, @vic_queue@, is valid.
787If @vic_queue@ is null, then the victim queue is part of another swap so the operation fails.
788No state has changed at this point so the thief just returns.
789Note that thieves only set their own queues pointers to null when stealing, and queue pointers are not set to null anywhere else.
790As such, it is impossible for @my_queue@ to be null since each worker owns a disjoint range of the queue array.
791Hence, only @vic_queue@ is checked for null.
792\item
793Attempts to atomically set the thief's queue pointer to null.
794The @CAS@ only fails if the thief's queue pointer is no longer equal to @my_queue@, which implies this thief has become a victim and its queue has been stolen.
795At this point, the thief-turned-victim fails, and since it has not changed any state, it just returns false.
796If the @CAS@ succeeds, the thief's queue pointer is now null.
797Only thieves look at other worker's queue ranges, and whenever thieves need to dereference a queue pointer, it is checked for null.
798A thief can only see the null queue pointer when looking for queues to steal or attempting a queue swap.
799If looking for queues, the thief will skip the null pointer, thus only the queue swap case needs to be considered for correctness.
800
801\item
802Attempts to atomically set the victim's queue pointer to @my_queue@.
803If the @CAS@ succeeds, the victim's queue pointer has been set and the swap can no longer fail.
804If the @CAS@ fails, the thief's queue pointer must be restored to its previous value before returning.
805\item
806Sets the thief's queue pointer to @vic_queue@ completing the swap.
807\end{enumerate}
808
809\begin{figure}
810\begin{cfa}
811bool try_swap_queues( worker & this, uint victim_idx, uint my_idx ) with(this) {
812        // Step 1: mailboxes is the shared array of all sharded queues
813        work_queue * my_queue = mailboxes[my_idx];
814        work_queue * vic_queue = mailboxes[victim_idx];
815
816        // Step 2 If the victim queue is 0p then they are in the process of stealing so return false
817        // 0p is Cforall's equivalent of C++'s nullptr
818        if ( vic_queue == 0p ) return false;
819
820        // Step 3 Try to set our own (thief's) queue ptr to be 0p.
821        // If this CAS fails someone stole our (thief's) queue so return false
822        if ( !CAS( &mailboxes[my_idx], &my_queue, 0p ) )
823                return false;
824
825        // Step 4: Try to set victim queue ptr to be our (thief's) queue ptr.
826        // If it fails someone stole the other queue, so fix up then return false
827        if ( !CAS( &mailboxes[victim_idx], &vic_queue, my_queue ) ) {
828                mailboxes[my_idx] = my_queue; // reset queue ptr back to prev val
829                return false;
830        }
831        // Step 5: Successfully swapped.
832        // Thief's ptr is 0p so no one touches it
833        // Write back without CAS is safe
834        mailboxes[my_idx] = vic_queue;
835        return true;
836}
837\end{cfa}
838\caption{QPCAS Concurrent}
839\label{f:qpcasImpl}
840\end{figure}
841
842\begin{theorem}
843\gls{qpcas} is correct in both the success and failure cases.
844\end{theorem}
845To verify sequential correctness, Figure~\ref{f:seqSwap} shows a simplified \gls{qpcas}.
846Step 2 is missing in the sequential example since it only matters in the concurrent context.
847By inspection, the sequential swap copies each pointer being swapped, and then the original values of each pointer are reset using the copy of the other pointer.
848
849\begin{figure}
850\begin{cfa}
851void swap( uint victim_idx, uint my_idx ) {
852        // Step 1:
853        work_queue * my_queue = mailboxes[my_idx];
854        work_queue * vic_queue = mailboxes[victim_idx];
855        // Step 3:
856        mailboxes[my_idx] = 0p;
857        // Step 4:
858        mailboxes[victim_idx] = my_queue;
859        // Step 5:
860        mailboxes[my_idx] = vic_queue;
861}
862\end{cfa}
863\caption{QPCAS Sequential}
864\label{f:seqSwap}
865\end{figure}
866
867% All thieves fail or succeed in swapping the queues in a finite number of steps.
868% This is straightforward, because there are no locks or looping.
869% As well, there is no retry mechanism in the case of a failed swap, since a failed swap either means the work is already stolen or that work is stolen from the thief.
870% In both cases, it is apropos for a thief to give up stealing.
871
872The concurrent proof of correctness is shown through the existence of an invariant.
873The invariant states when a queue pointer is set to @0p@ by a thief, then the next write to the pointer can only be performed by the same thief.
874This is effictively a mutual exclusion condition for the later write.
875To show that this invariant holds, it is shown that it is true at each step of the swap.
876\begin{itemize}
877\item
878Step 1 and 2 do not write, and as such, they cannot invalidate the invariant of any other thieves.
879\item
880In step 3, a thief attempts to write @0p@ to one of their queue pointers.
881This queue pointer cannot be @0p@.
882As stated above, @my_queue@ is never equal to @0p@ since thieves only write @0p@ to queue pointers from their own queue range and all worker's queue ranges are disjoint.
883As such, step 3 upholds the invariant, since in a failure case no write occurs, and in the success case, the value of the queue pointer is guaranteed to not be 0p.
884\item
885In step 4, the thief attempts to write @my_queue@ to the victim's queue pointer.
886If the current value of the victim's queue pointer is @0p@, then the @CAS@ fails since @vic_queue@ cannot be equal to @0p@ because of the check in step 2.
887Therefore, when the @CAS@ succeeds, the value of the victim's queue pointer must not be @0p@.
888As such, the write never overwrites a value of @0p@, hence the invariant is held in the @CAS@ of step 4.
889\item
890The write back to the thief's queue pointer that happens in the failure case of step 4 and in step 5 hold the invariant since they are the subsequent write to a @0p@ queue pointer and are being set by the same thief that set the pointer to @0p@.
891\end{itemize}
892
893Given this informal proof of invariance it can be shown that the successful swap is correct.
894Once a thief atomically sets their queue pointer to be @0p@ in step 3, the invariant guarantees that that pointer does not change.
895In the success case of step 4, it is known the value of the victim's queue-pointer, which is not overwritten, must be @vic_queue@ due to the use of @CAS@.
896Given that the pointers all have unique memory locations (a pointer is never swapped with itself), this first write of the successful swap is correct since it can only occur when the pointer has not changed.
897By the invariant, the write back in the successful case is correct since no other worker can write to the @0p@ pointer.
898In the failed case of step 4, the outcome is correct in steps 2 and 3 since no writes have occurred so the program state is unchanged.
899Therefore, the program state is safely restored to the state it had prior to the @0p@ write in step 3, because the invariant makes the write back to the @0p@ pointer safe.
900Note that the pointers having unique memory locations prevents the ABA problem.
901
902\begin{comment}
903\subsection{Stealing Guarantees}
904Given that the stealing operation can potentially fail, it is important to discuss the guarantees provided by the stealing implementation.
905Given a set of $N$ swaps a set of connected directed graphs can be constructed where each vertex is a queue and each edge is a swap directed from a thief queue to a victim queue.
906Since each thief can only steal from one victim at a time, each vertex can only have at most one outgoing edge.
907A corollary that can be drawn from this, is that there are at most $V$ edges in this constructed set of connected directed graphs, where $V$ is the total number of vertices.
908
909\begin{figure}
910\begin{center}
911\input{diagrams/M_to_one_swap.tikz}
912\end{center}
913\caption{Graph of $M$ thieves swapping with one victim.}
914\label{f:M_one_swap}
915\end{figure}
916
917\begin{theorem}
918Given $M$ thieves queues all attempting to swap with one victim queue, and no other swaps occurring that involve these queues, at least one swap is guaranteed to succeed.
919\end{theorem}\label{t:one_vic}
920A graph of the $M$ thieves swapping with one victim discussed in this theorem is presented in Figure~\ref{f:M_one_swap}.
921\\
922First it is important to state that a thief does not attempt to steal from themselves.
923As such, the victim here is not also a thief.
924Stepping through the code in \ref{f:qpcasImpl}, for all thieves, steps 0-1 succeed since the victim is not stealing and has no queue pointers set to be @0p@.
925Similarly, for all thieves, step 3 succeeds since no one is stealing from any of the thieves.
926In step 4, the first thief to @CAS@ wins the race and successfully swaps the queue pointer.
927Since it is the first one to @CAS@ and @CAS@ is atomic, there is no way for the @CAS@ to fail since no other thief could have written to the victim's queue pointer and the victim did not write to the pointer since they aren't stealing.
928Hence at least one swap is guaranteed to succeed in this case.
929
930\begin{figure}
931\begin{center}
932\input{diagrams/chain_swap.tikz}
933\end{center}
934\caption{Graph of a chain of swaps.}
935\label{f:chain_swap}
936\end{figure}
937
938\begin{theorem}
939Given $M$ > 1, ordered queues pointers all attempting to swap with the queue in front of them in the ordering, except the first queue, and no other swaps occurring that involve these queues, at least one swap is guaranteed to succeed.
940\end{theorem}\label{t:vic_chain}
941A graph of the chain of swaps discussed in this theorem is presented in Figure~\ref{f:chain_swap}.
942\\
943This is a proof by contradiction.
944Assume no swaps occur.
945Then all thieves must have failed at step 2, step 3 or step 4.
946For a given thief $b$ to fail at step 2, thief $b + 1$ must have succeeded at step 3 before $b$ executes step 1.
947Hence, not all thieves can fail at step 2.
948Furthermore if a thief $b$ fails at step 2 it logically splits the chain into two subchains $0 <- b$ and $b + 1 <- M - 1$, where $b$ has become solely a victim since its swap has failed and it did not modify any state.
949There must exist at least one chain containing two or more queues after since it is impossible for a split to occur both before and after a thief, since that requires failing at step 2 and succeeding at step 3.
950Hence, without loss of generality, whether thieves succeed or fail at step 2, this proof can proceed inductively.
951
952For a given thief $i$ to fail at step 3, it means that another thief $j$ had to have written to $i$'s queue pointer between $i$'s step 1 and step 3.
953The only way for $j$ to write to $i$'s queue pointer would be if $j$ was stealing from $i$ and had successfully finished 4.
954If $j$ finished step 4, then at least one swap was successful.
955Therefore all thieves did not fail at step 3.
956Hence all thieves must successfully complete step 3 and fail at step 4.
957However, since the first worker, thief $0$, is solely a victim and not a thief, it does not change the state of any of its queue pointers.
958Hence, in this case thief $1$ always succeeds in step 4 if all thieves succeed in step 3.
959Thus, by contradiction with the earlier assumption that no swaps occur, at least one swap must succeed.
960
961% \raisebox{.1\height}{}
962\begin{figure}
963\centering
964\begin{tabular}{l|l}
965\subfloat[Cyclic Swap Graph]{\label{f:cyclic_swap}\input{diagrams/cyclic_swap.tikz}} &
966\subfloat[Acyclic Swap Graph]{\label{f:acyclic_swap}\input{diagrams/acyclic_swap.tikz}}
967\end{tabular}
968\caption{Illustrations of cyclic and acyclic swap graphs.}
969\end{figure}
970
971\begin{theorem}
972Given a set of $M > 1$ swaps occurring that form a single directed connected graph.
973At least one swap is guaranteed to succeed if and only if the graph does not contain a cycle.
974\end{theorem}\label{t:vic_cycle}
975Representations of cyclic and acyclic swap graphs discussed in this theorem are presented in Figures~\ref{f:cyclic_swap} and \ref{f:acyclic_swap}.
976\\
977First the reverse direction is proven.
978If the graph does not contain a cycle, then there must be at least one successful swap.
979Since the graph contains no cycles and is finite in size, then there must be a vertex $A$ with no outgoing edges.
980The graph can then be formulated as a tree with $A$ at the top since each node only has at most one outgoing edge and there are no cycles.
981The forward direction is proven by contradiction in a similar fashion to \ref{t:vic_chain}.
982Assume no swaps occur.
983Similar to \ref{t:vic_chain}, this graph can be inductively split into subgraphs of the same type by failure at step 2, so the proof proceeds without loss of generality.
984Similar to \ref{t:vic_chain} the conclusion is drawn that all thieves must successfully complete step 3 for no swaps to occur, since for step 3 to fail, a different thief has to successfully complete step 4, which would imply a successful swap.
985Hence, the only way forward is to assume all thieves successfully complete step 3.
986Hence for there to be no swaps all thieves must fail step 4.
987However, since $A$ has no outgoing edges, since the graph is connected there must be some $K$ such that $K < M - 1$ thieves are attempting to swap with $A$.
988Since all $K$ thieves have passed step 3, similar to \ref{t:one_vic} the first one of the $K$ thieves to attempt step 4 is guaranteed to succeed.
989Thus, by contradiction with the earlier assumption that no swaps occur, if the graph does not contain a cycle, at least one swap must succeed.
990
991The forward direction is proven by contrapositive.
992If the graph contains a cycle then there exists a situation where no swaps occur.
993This situation is constructed.
994Since all vertices have at most one outgoing edge the cycle must be directed.
995Furthermore, since the graph contains a cycle all vertices in the graph must have exactly one outgoing edge.
996This is shown through construction of an arbitrary cyclic graph.
997The graph contains a directed cycle by definition, so the construction starts with $T$ vertices in a directed cycle.
998Since the graph is connected, and each vertex has at most one outgoing edge, none of the vertices in the cycle have available outgoing edges to accommodate new vertices with no outgoing edges.
999Any vertices added to the graph must have an outgoing edge to connect, leaving the resulting graph with no available outgoing edges.
1000Thus, by induction all vertices in the graph must have exactly one outgoing edge.
1001Hence all vertices are thief queues.
1002Now consider the case where all thieves successfully complete step 1-2, and then they all complete step 3.
1003At this point all thieves are attempting to swap with a queue pointer whose value has changed to @0p@.
1004If all thieves attempt the @CAS@ before any write backs, then they all fail.
1005Thus, by contrapositive, if the graph contains a cycle then there exists a situation where no swaps occur.
1006Hence, at least one swap is guaranteed to succeed if and only if the graph does not contain a cycle.
1007\end{comment}
1008
1009% C_TODO: go through and use \paragraph to format to make it look nicer
1010\subsection{Victim Selection}\label{s:victimSelect}
1011
1012In any work stealing algorithm, thieves use a heuristic to determine which victim to choose.
1013Choosing this algorithm is difficult and can have implications on performance.
1014There is no one selection heuristic known to be best for all workloads.
1015Recent work focuses on locality aware scheduling in actor systems~\cite{barghi18,wolke17}.
1016However, while locality-aware scheduling provides good performance on some workloads, randomized selection performs better on other workloads~\cite{barghi18}.
1017Since locality aware scheduling has been explored recently, this work introduces a heuristic called \Newterm{longest victim} and compares it to randomized work stealing.
1018
1019The longest-victim heuristic maintains a timestamp per executor thread that is updated every time a worker attempts to steal work.
1020The timestamps are generated using @rdtsc@~\cite{IntelManual} and are stored in a shared array, with one index per worker.
1021Thieves then attempt to steal from the worker with the oldest timestamp, which is found by performing a linear search across the array of timestamps.
1022The intuition behind this heuristic is that the slowest worker receives help via work stealing until it becomes a thief, which indicates that it has caught up to the pace of the rest of the workers.
1023This heuristic should ideally result in lowered latency for message sends to victim workers that are overloaded with work.
1024It must be acknowledged that this linear search could cause a lot of cache coherence traffic.
1025Future work on this heuristic could include introducing a search that has less impact on caching.
1026A negative side-effect of this heuristic is that if multiple thieves steal at the same time, they likely steal from the same victim, which increases the chance of contention.
1027However, given that workers have multiple queues, often in the tens or hundreds of queues, it is rare for two thieves to attempt stealing from the same queue.
1028This approach may seem counter-intuitive, but in cases with not enough work to steal, the contention among thieves can result in less stealing, due to failed swaps.
1029This can be beneficial when there is not enough work for all the stealing to be productive.
1030This heuristic does not boast performance over randomized victim selection, but it is comparable \see{Section~\ref{s:steal_perf}}.
1031However, it constitutes an interesting contribution as it shows that adding some complexity to the heuristic of the stealing fast-path does not affect mainline performance, paving the way for more involved victim selection heuristics.
1032
1033% Furthermore, in the case they attempt to steal the same queue, at least one of them is guaranteed to successfully steal the queue as shown in Theorem~\ref{t:one_vic}.
1034% Additionally, the longest victim heuristic makes it very improbable that the no swap scenario presented in Theorem~\ref{t:vic_cycle} manifests.
1035% Given the longest victim heuristic, for a cycle to manifest it requires all workers to attempt to steal in a short timeframe.
1036% This scenario is the only way that more than one thief could choose another thief as a victim, since timestamps are only updated upon attempts to steal.
1037% In this case, the probability of an unsuccessful swap is rare, since it is likely these steals are not important when all workers are trying to steal.
1038
1039\section{Safety and Productivity}\label{s:SafetyProductivity}
1040
1041\CFA's actor system comes with a suite of safety and productivity features.
1042Most of these features are only present in \CFA's debug mode, and hence, have zero-cost in no-debug mode.
1043The suite of features include the following.
1044\begin{itemize}
1045\item Static-typed message sends:
1046If an actor does not support receiving a given message type, the receive call is rejected at compile time, preventing unsupported messages from being sent to an actor.
1047
1048\item Detection of message sends to Finished/Destroyed/Deleted actors:
1049All actors receive a ticket from the executor at creation that assigns them to a specific mailbox queue of a worker.
1050The maximum integer value of the ticket is reserved to indicate an actor is terminated, and assigned to an actor's ticket at termination.
1051Any subsequent message sends to this terminated actor results in an error.
1052
1053\item Actors cannot be created before the executor starts:
1054Since the executor distributes mailbox tickets, correctness implies it must be created \emph{before} any actors so it can give out the tickets.
1055
1056\item When an executor is configured, $M >= N$.
1057That is, each worker must receive at least one mailbox queue, since otherwise a worker cannot receive any work without a queue pull messages from.
1058
1059\item Detection of unsent messages:
1060At program termination, a warning is printed for all deallocated messages that are not sent.
1061Since the @Finished@ allocation status is unused for messages, it is used internally to detect if a message has been sent.
1062Deallocating a message without sending it could indicate problems in the program design.
1063
1064\item Detection of messages sent but not received:
1065As discussed in Section~\ref{s:executor}, once all actors have terminated, shutdown is communicated to the executor threads via a status flag.
1066During termination of the executor threads, each worker checks its mailbox queues for any messages.
1067If so, an error is reported.
1068Messages being sent but not received means their allocation action has not occur and their payload is not delivered.
1069Missed deallocations can lead to memory leaks and unreceived payloads can mean logic problems.
1070% Detecting can indicate a race or logic error in the user's code.
1071\end{itemize}
1072
1073In addition to these features, the \CFA's actor system comes with a suite of statistics that can be toggled on and off when \CFA is built.
1074These statistics have minimal impact on the actor system's performance since they are counted independently by each worker thread.
1075During shutdown of the actor system, these counters are aggregated sequentially.
1076The statistics measured are as follows.
1077\begin{description}
1078\item[\LstBasicStyle{\textbf{Actors Created}}]
1079Includes both actors made in the program main and ones made by other actors.
1080\item[\LstBasicStyle{\textbf{Messages Sent and Received}}]
1081Includes termination messages send to the executor threads.
1082\item[\LstBasicStyle{\textbf{Gulps}}]
1083Gulps across all worker threads.
1084\item[\LstBasicStyle{\textbf{Average Gulp Size}}]
1085Average number of messages in a gulped queue.
1086\item[\LstBasicStyle{\textbf{Missed gulps}}]
1087Missed gulps due to the current queue being processed by another worker.
1088\item[\LstBasicStyle{\textbf{Steal attempts}}]
1089All worker thread attempts to steal work.
1090\item[\LstBasicStyle{\textbf{Steal failures (no candidates)}}]
1091Work stealing failures due to selected victim not having any non-empty or non-being-processed queues.
1092\item[\LstBasicStyle{\textbf{Steal failures (failed swaps)}}]
1093Work stealing failures due to the two-stage atomic-swap failing.
1094\item[\LstBasicStyle{\textbf{Messages stolen}}]
1095Aggregate number of messages in stolen queues.
1096\item[\LstBasicStyle{\textbf{Average steal size}}]
1097Average number of messages across stolen queues.
1098\end{description}
1099
1100These statistics enable a user to make informed choices about how to configure the executor or how to structure the actor program.
1101For example, if there are a lot of messages being stolen relative to the number of messages sent, it indicates that the workload is heavily imbalanced across executor threads.
1102Another example is if the average gulp size is very high, it indicates the executor needs more queue sharding, \ie increase $M$.
1103
1104Finally, the poison-pill messages and receive routines, shown earlier in Figure~\ref{f:PoisonPillMessages}, are a convenience for programmers and can be overloaded to have specific behaviour for derived actor types.
1105
1106\section{Performance}\label{s:actor_perf}
1107
1108The performance of the \CFA's actor system is tested using a suite of microbenchmarks, and compared with other actor systems.
1109Most of the benchmarks are the same as those presented in \cite{Buhr22}, with a few additions.
1110This work compares with the following actor systems: \CFA 1.0, \uC 7.0.0, Akka Typed 2.7.0, CAF 0.18.6, and ProtoActor-Go v0.0.0-20220528090104-f567b547ea07.
1111Akka Classic is omitted as Akka Typed is their newest version and seems to be the direction they are headed.
1112The experiments are run on two popular architectures:
1113\begin{list}{\arabic{enumi}.}{\usecounter{enumi}\topsep=5pt\parsep=5pt\itemsep=0pt}
1114\item
1115Supermicro SYS--6029U--TR4 Intel Xeon Gold 5220R 24--core socket, hyper-threading $\times$ 2 sockets (96 process\-ing units), running Linux v5.8.0--59--generic
1116\item
1117Supermicro AS--1123US--TR4 AMD EPYC 7662 64--core socket, hyper-threading $\times$ 2 sockets (256 processing units), running Linux v5.8.0--55--generic
1118\end{list}
1119
1120The benchmarks are run on 1--48 cores.
1121On the Intel, with 24 core sockets, there is the choice to either hop sockets or use hyperthreads on the same socket.
1122Either choice causes a blip in performance, which is seen in the subsequent performance graphs.
1123The choice in this work is to use hyperthreading instead of hopping sockets for experiments with more than 24 cores.
1124
1125All benchmarks are run 5 times and the median is taken.
1126Error bars showing the 95\% confidence intervals appear on each point in the graphs.
1127The confidence intervals are calculated using bootstrapping to avoid normality assumptions.
1128If the confidence bars are small enough, they may be obscured by the data point.
1129In this section, \uC is compared to \CFA frequently, as the actor system in \CFA is heavily based off of \uC's actor system.
1130As such, the performance differences that arise are largely due to the contributions of this work.
1131Future work is to port some of the new \CFA work back to \uC.
1132
1133\subsection{Message Sends}
1134
1135Message sending is the key component of actor communication.
1136As such, latency of a single message send is the fundamental unit of fast-path performance for an actor system.
1137The static and dynamic send-benchmarks evaluate the average latency for a static actor/message send and a dynamic actor/message send.
1138In the static-send benchmark, a message and actor are allocated once and then the message is sent to the same actor 100 million (100M) times.
1139The average latency per message send is then calculated by dividing the duration by the number of sends.
1140This benchmark evaluates the cost of message sends in the actor use case where all actors and messages are allocated ahead of time and do not need to be created dynamically during execution.
1141The CAF static-send benchmark only sends a message 10M times to avoid extensively long run times.
1142
1143In the dynamic-send benchmark, the same experiment is used, but for each send, a new actor and message is allocated.
1144This benchmark evaluates the cost of message sends in the other common actor pattern where actors and messages are created on the fly as the actor program tackles a workload of variable or unknown size.
1145Since dynamic sends are more expensive, this benchmark repeats the actor/message creation and send 20M times (\uC, \CFA), or 2M times (Akka, CAF, ProtoActor), to give an appropriate benchmark duration.
1146
1147\begin{table}[t]
1148\centering
1149\setlength{\extrarowheight}{2pt}
1150\setlength{\tabcolsep}{5pt}
1151\caption{Static Actor/Message Performance: message send, program memory (lower is better)}
1152\label{t:StaticActorMessagePerformance}
1153\begin{tabular}{*{5}{r|}r}
1154        & \multicolumn{1}{c|}{\CFA (100M)} & \multicolumn{1}{c|}{\uC (100M)} & \multicolumn{1}{c|}{CAF (10M)} & \multicolumn{1}{c|}{Akka (100M)} & \multicolumn{1}{c@{}}{ProtoActor (100M)} \\
1155        \hline
1156        AMD             & \input{data/nasusSendStatic} \\
1157        \hline
1158        Intel   & \input{data/pykeSendStatic}
1159\end{tabular}
1160
1161\bigskip
1162
1163\caption{Dynamic Actor/Message Performance: message send, program memory (lower is better)}
1164\label{t:DynamicActorMessagePerformance}
1165
1166\begin{tabular}{*{5}{r|}r}
1167        & \multicolumn{1}{c|}{\CFA (20M)} & \multicolumn{1}{c|}{\uC (20M)} & \multicolumn{1}{c|}{CAF (2M)} & \multicolumn{1}{c|}{Akka (2M)} & \multicolumn{1}{c@{}}{ProtoActor (2M)} \\
1168        \hline
1169        AMD             & \input{data/nasusSendDynamic} \\
1170        \hline
1171        Intel   & \input{data/pykeSendDynamic}
1172\end{tabular}
1173\end{table}
1174
1175The results from the static/dynamic-send benchmarks are shown in Tables~\ref{t:StaticActorMessagePerformance} and \ref{t:DynamicActorMessagePerformance}, respectively.
1176\CFA has the best results in both benchmarks, largely due to the copy queue removing the majority of the envelope allocations.
1177Additionally, the receive of all messages sent in \CFA is statically known and is determined via a function pointer cast, which incurs no runtime cost.
1178All the other systems use virtual dispatch to find the correct behaviour at message send.
1179This operation actually requires two virtual dispatches, which is an additional runtime send cost.
1180Note that Akka also statically checks message sends, but still uses the Java virtual system.
1181In the static-send benchmark, all systems except CAF have static send costs that are in the same ballpark, only varying by ~70ns.
1182In the dynamic-send benchmark, all systems experience slower message sends, due to the memory allocations.
1183However, Akka and ProtoActor, slow down by two-orders of magnitude.
1184This difference is likely a result of Akka and ProtoActor's garbage collection, which results in performance delays for allocation-heavy workloads, whereas \uC and \CFA have explicit allocation/deallocation.
1185Tuning the garage collection might reduce garbage-collection cost, but this exercise is beyond the scope of this work.
1186
1187\subsection{Executor}\label{s:executorPerf}
1188
1189The benchmarks in this section are designed to stress the executor.
1190The executor is the scheduler of an actor system and is responsible for organizing the interaction of executor threads to service the needs of an actor workload.
1191Three benchmarks are run: executor, repeat, and high-memory watermark.
1192
1193The executor benchmark creates 40,000 actors, organizes the actors into adjacent groups of 100, where an actor sends a message to each group member, including itself, in round-robin order, and repeats the sending cycle 400 times.
1194This microbenchmark is designed to flood the executor with a large number of messages flowing among actors.
1195Given there is no work associated with each message, other than sending more messages, the intended bottleneck of this experiment is the executor message send process.
1196
1197\begin{figure}
1198        \centering
1199        \subfloat[AMD Executor Benchmark]{
1200                \resizebox{0.5\textwidth}{!}{\input{figures/nasusExecutor.pgf}}
1201                \label{f:ExecutorAMD}
1202        }
1203        \subfloat[Intel Executor Benchmark]{
1204                \resizebox{0.5\textwidth}{!}{\input{figures/pykeExecutor.pgf}}
1205                \label{f:ExecutorIntel}
1206        }
1207        \caption{Executor benchmark comparing actor systems (lower is better).}
1208\end{figure}
1209
1210Figures~\ref{f:ExecutorIntel} and~\ref{f:ExecutorAMD} show the results of the AMD and Intel executor benchmark.
1211There are three groupings of results, and the difference between AMD and Intel is small.
1212CAF is significantly slower than the other actor systems; followed by a tight grouping of \uC, ProroActor, and Akka; and finally \CFA with the lowest runtime relative to its peers.
1213The difference in runtime between \uC and \CFA is largely due to the copy queue described in Section~\ref{s:copyQueue}.
1214The copy queue both reduces and consolidates allocations, heavily reducing contention on the memory allocator.
1215Additionally, due to the static typing in \CFA's actor system, there is no expensive dynamic (RTTI) casts that occur in \uC to discriminate messages types.
1216Note that while dynamic cast is relatively inexpensive, the remaining send cost in both \uC and \CFA is small;
1217hence, the relative cost for the RTTI in \uC is significant.
1218
1219The repeat benchmark also evaluates the executor.
1220It stresses the executor's ability to withstand contention on queues.
1221The repeat benchmark repeatedly fans out messages from a single client to 100,000 servers who then respond back to the client.
1222The scatter and gather repeats 200 times.
1223The messages from the servers to the client all come to the same mailbox queue associated with the client, resulting in high contention among servers.
1224As such, this benchmark does not scale with the number of processors, since more processors result in higher contention on the single mailbox queue.
1225
1226Figures~\ref{f:RepeatAMD} and~\ref{f:RepeatIntel} show the results of the AMD and Intel repeat benchmark.
1227The results are spread out more, and there is a difference between AMD and Intel.
1228Again, CAF is significantly slower than the other actor systems.
1229To keep the graphs readable, the y-axis was cut at 100 seconds; as the core count increases from 8-32, CAF ranges around 200 seconds on AMD and between 300-1000 seconds on the Intel.
1230On the AMD there is a tight grouping of uC++, ProtoActor, and Akka;
1231on the Intel, uC++, ProtoActor, and Akka are spread out.
1232Finally, \CFA runs consistently on both of the AMD and Intel, and is faster than \uC on the AMD, but slightly slower on the Intel.
1233Here, gains from using the copy queue are much less apparent.
1234
1235\begin{figure}
1236        \centering
1237        \subfloat[AMD Repeat Benchmark]{
1238                \resizebox{0.5\textwidth}{!}{\input{figures/nasusRepeat.pgf}}
1239                \label{f:RepeatAMD}
1240        }
1241        \subfloat[Intel Repeat Benchmark]{
1242                \resizebox{0.5\textwidth}{!}{\input{figures/pykeRepeat.pgf}}
1243                \label{f:RepeatIntel}
1244        }
1245        \caption{The repeat benchmark comparing actor systems (lower is better).}
1246\end{figure}
1247
1248Table~\ref{t:ExecutorMemory} shows the high memory watermark of the actor systems when running the executor benchmark on 48 cores measured using the @time@ command.
1249\CFA's high watermark is slightly higher than the other non-garbage collected systems \uC and CAF.
1250This increase is from the over-allocation in the copy-queue data-structure with lazy deallocation.
1251Whereas, the per envelope allocations of \uC and CFA allocate exactly the amount of storage needed and eagerly deallocate.
1252The extra storage is the standard tradeoff of time versus space, where \CFA shows better performance.
1253As future work, tuning parameters can be provided to adjust the frequency and/or size of the copy-queue expansion.
1254
1255\begin{table}
1256        \centering
1257        \setlength{\extrarowheight}{2pt}
1258        \setlength{\tabcolsep}{5pt}
1259
1260        \caption{Executor Program Memory High Watermark}
1261        \label{t:ExecutorMemory}
1262        \begin{tabular}{*{5}{r|}r}
1263                & \multicolumn{1}{c|}{\CFA} & \multicolumn{1}{c|}{\uC} & \multicolumn{1}{c|}{CAF} & \multicolumn{1}{c|}{Akka} & \multicolumn{1}{c@{}}{ProtoActor} \\
1264                \hline
1265                AMD             & \input{data/pykeExecutorMem} \\
1266                \hline
1267                Intel   & \input{data/nasusExecutorMem}
1268        \end{tabular}
1269\end{table}
1270
1271\subsection{Matrix Multiply}
1272
1273The matrix-multiply benchmark evaluates the actor systems in a practical application, where actors concurrently multiply two matrices.
1274In detail, given $Z_{m,r} = X_{m,n} \cdot Y_{n,r}$, the matrix multiply is defined as:
1275\begin{displaymath}
1276X_{i,j} \cdot Y_{j,k} = \left( \sum_{c=1}^{j} X_{row,c}Y_{c,column} \right)_{i,k}
1277\end{displaymath}
1278The majority of the computation in this benchmark involves computing the final matrix, so this benchmark stresses the actor systems' ability to have actors run work, rather than stressing the message sending system, and might trigger some work stealing if a worker finishes early.
1279
1280The matrix-multiply benchmark has input matrices $X$ and $Y$, which are both $3072$ by $3072$ in size.
1281An actor is made for each row of $X$ and sent a message indicating the row of $X$ and the column of $Y$ to calculate a row of the result matrix $Z$.
1282Because $Z$ is contiguous in memory, there can be small cache write-contention at the row boundaries.
1283
1284Figures~\ref{f:MatrixAMD} and \ref{f:MatrixIntel} show the matrix-multiply results.
1285There are two groupings with Akka and ProtoActor being slightly slower than \uC, \CFA, and CAF.
1286On the Intel, there is an unexplained divergence between \uC and \CFA/CAF at 24 cores.
1287Given that the bottleneck of this benchmark is the computation of the result matrix, all executors perform well on this embarrassingly parallel application.
1288Hence, the results are tightly clustered across all actor systems.
1289This result also suggests CAF has a good executor but poor message passing, which results in its poor performance in the other message-passing benchmarks.
1290
1291\begin{figure}
1292        \centering
1293        \subfloat[AMD Matrix Benchmark]{
1294                \resizebox{0.5\textwidth}{!}{\input{figures/nasusMatrix.pgf}}
1295                \label{f:MatrixAMD}
1296        }
1297        \subfloat[Intel Matrix Benchmark]{
1298                \resizebox{0.5\textwidth}{!}{\input{figures/pykeMatrix.pgf}}
1299                \label{f:MatrixIntel}
1300        }
1301        \caption{The matrix benchmark comparing actor systems (lower is better).}
1302\end{figure}
1303
1304\subsection{Work Stealing}\label{s:steal_perf}
1305
1306\CFA's work stealing mechanism uses the longest-victim heuristic, introduced in Section~\ref{s:victimSelect}.
1307In this performance section, \CFA's approach is first tested in isolation on a pathological unbalanced benchmark, then with other actor systems on general benchmarks.
1308
1309Two pathological unbalanced cases are created, and compared using vanilla and randomized work stealing in \CFA.
1310These benchmarks adversarially take advantage of the round-robin assignment of actors to workers by loading actors only on specific cores (there is one worker per core).
1311The workload on the loaded cores is the same as the executor benchmark described in \ref{s:executorPerf}, but with fewer rounds.
1312
1313The balance-one benchmark loads all the work on a single core, whereas the balance-multi loads all the work on half the cores (every other core).
1314Given this layout, the ideal speedup of work stealing in the balance-one case should be $N / N - 1$ where $N$ is the number of threads;
1315in the balance-multi case, the ideal speedup is 0.5.
1316Note that in the balance-one benchmark, the workload is fixed so decreasing runtime is expected;
1317in the balance-multi experiment, the workload increases with the number of cores so an increasing or constant runtime is expected.
1318
1319\begin{figure}
1320        \centering
1321        \subfloat[AMD \CFA Balance-One Benchmark]{
1322                \resizebox{0.5\textwidth}{!}{\input{figures/nasusCFABalance-One.pgf}}
1323                \label{f:BalanceOneAMD}
1324        }
1325        \subfloat[Intel \CFA Balance-One Benchmark]{
1326                \resizebox{0.5\textwidth}{!}{\input{figures/pykeCFABalance-One.pgf}}
1327                \label{f:BalanceOneIntel}
1328        }
1329        \caption{The balance-one benchmark comparing stealing heuristics (lower is better).}
1330\end{figure}
1331
1332\begin{figure}
1333        \centering
1334        \subfloat[AMD \CFA Balance-Multi Benchmark]{
1335                \resizebox{0.5\textwidth}{!}{\input{figures/nasusCFABalance-Multi.pgf}}
1336                \label{f:BalanceMultiAMD}
1337        }
1338        \subfloat[Intel \CFA Balance-Multi Benchmark]{
1339                \resizebox{0.5\textwidth}{!}{\input{figures/pykeCFABalance-Multi.pgf}}
1340                \label{f:BalanceMultiIntel}
1341        }
1342        \caption{The balance-multi benchmark comparing stealing heuristics (lower is better).}
1343\end{figure}
1344
1345% On both balance benchmarks, slightly less than ideal speedup compared to the non-stealing variation is achieved by both the random and longest victim stealing heuristics.
1346
1347For the balance-one benchmark on AMD in Figure~\ref{f:BalanceOneAMD}, the performance bottoms out at 32 cores onwards likely due to the amount of work becoming less than the cost to steal it and move it across cores and cache.
1348On Intel in Figure~\ref{f:BalanceOneIntel}, above 32 cores the performance gets worse for all variants due to hyperthreading.
1349Here, the longest-victim and random heuristic are the same.
1350Note that the non-stealing variation of balance-one slows down slightly (no decrease in graph) as the cores increase, since a few \emph{dummy} actors are created for each of the extra cores beyond the first to adversarially layout all loaded actors on the first core.
1351
1352For the balance-multi benchmark in Figures~\ref{f:BalanceMultiAMD} and~\ref{f:BalanceMultiIntel}, the random heuristic outperforms the longest victim.
1353The reason is that the longest-victim heuristic has a higher stealing cost as it needs to maintain timestamps and look at all timestamps before stealing.
1354Additionally, a performance cost on the Intel is observed when hyperthreading kicks in after 24 cores in Figure~\ref{f:BalanceMultiIntel}.
1355
1356\begin{figure}
1357        \centering
1358        \subfloat[AMD \CFA Executor Benchmark]{
1359                \resizebox{0.5\textwidth}{!}{\input{figures/nasusCFAExecutor.pgf}}
1360                \label{f:cfaExecutorAMD}
1361        }
1362        \subfloat[Intel \CFA Executor Benchmark]{
1363                \resizebox{0.5\textwidth}{!}{\input{figures/pykeCFAExecutor.pgf}}
1364                \label{f:cfaExecutorIntel}
1365        }
1366        \caption{Executor benchmark comparing \CFA stealing heuristics (lower is better).}
1367        \label{f:ExecutorBenchmark}
1368\end{figure}
1369
1370Figures~\ref{f:cfaExecutorAMD} and~\ref{f:cfaExecutorIntel} show the effects of the stealing heuristics for the executor benchmark.
1371For the AMD, in Figure~\ref{f:cfaExecutorAMD}, the random heuristic falls slightly behind the other two, but for the Intel, in Figure~\ref{f:cfaExecutorIntel}, the runtime of all heuristics are nearly identical to each other, except after crossing the 24-core boundary.
1372
1373\begin{figure}
1374        \centering
1375        \subfloat[AMD \CFA Repeat Benchmark]{
1376                \resizebox{0.5\textwidth}{!}{\input{figures/nasusCFARepeat.pgf}}
1377                \label{f:cfaRepeatAMD}
1378        }
1379        \subfloat[Intel \CFA Repeat Benchmark]{
1380                \resizebox{0.5\textwidth}{!}{\input{figures/pykeCFARepeat.pgf}}
1381                \label{f:cfaRepeatIntel}
1382        }
1383        \caption{The repeat benchmark comparing \CFA stealing heuristics (lower is better).}
1384        \label{f:RepeatBenchmark}
1385\end{figure}
1386
1387\begin{figure}
1388        \centering
1389        \subfloat[AMD \CFA Matrix Benchmark]{
1390                \resizebox{0.5\textwidth}{!}{\input{figures/nasusCFAMatrix.pgf}}
1391                \label{f:cfaMatrixAMD}
1392        }
1393        \subfloat[Intel \CFA Matrix Benchmark]{
1394                \resizebox{0.5\textwidth}{!}{\input{figures/pykeCFAMatrix.pgf}}
1395                \label{f:cfaMatrixIntel}
1396        }
1397        \caption{The matrix benchmark comparing \CFA stealing heuristics (lower is better).}
1398\end{figure}
1399
1400Figures~\ref{f:cfaRepeatAMD} and~\ref{f:cfaRepeatIntel} show the effects of the stealing heuristics for the repeat benchmark.
1401This benchmark is a pathological case for work stealing actor systems, as the majority of work is being performed by the single actor conducting the scatter/gather.
1402The single actor (the client) of this experiment is long running and maintains a lot of state, as it needs to know the handles of all the servers.
1403When stealing the client or its respective queue (in \CFA's inverted model), moving the client incurs a high cost due to cache invalidation.
1404This worst-case steal is likely to happen since there is no other work in the system between scatter/gather rounds.
1405However, all heuristics are comparable in performance on the repeat benchmark.
1406This result is surprising especially for the No-Stealing variant, which should have better performance than the stealing variants.
1407However, stealing happens lazily and fails fast, hence the queue containing the long-running client actor is rarely stolen.
1408
1409% Work stealing performance can be further analyzed by \emph{reexamining} the executor and repeat benchmarks in Figures~\ref{f:ExecutorBenchmark} and \ref{f:RepeatBenchmark}.
1410% In both benchmarks, CAF performs poorly.
1411% It is hypothesized that CAF has an aggressive work stealing algorithm that eagerly attempts to steal.
1412% This results in the poor performance with small messages containing little work per message in both of these benchmarks.
1413% In comparison with the other systems, \uC does well on both benchmarks since it does not have work stealing.
1414
1415Finally, Figures~\ref{f:cfaMatrixAMD} and~\ref{f:cfaMatrixIntel} show the effects of the stealing heuristics for the matrix-multiply benchmark.
1416Here, there is negligible performance difference across stealing heuristics, because of the long-running workload of each message.
1417
1418In theory, work stealing might improve performance marginally for the matrix-multiply benchmark.
1419Since all row actors cannot be created simultaneously at startup, they correspondingly do not shutdown simultaneously.
1420Hence, there is a small window at the start and end with idle workers so work stealing might improve performance.
1421For example, in \ref{f:MatrixAMD}, CAF is slightly better than \uC and \CFA, but not on the Intel.
1422Hence, it is difficult to attribute the AMD gain to the aggressive work stealing in CAF.
1423
1424% Local Variables: %
1425% tab-width: 4 %
1426% End: %
Note: See TracBrowser for help on using the repository browser.