Changes in / [c8ec58e:73d0a84c]

Location:

doc/theses/colby_parsons_MMAth/text

Files:

• CFA_concurrency.tex (modified) (2 diffs)
• CFA_intro.tex (modified) (3 diffs)
• actors.tex (modified) (21 diffs)
• channels.tex (modified) (8 diffs)
• conclusion.tex (modified) (1 diff)
• mutex_stmt.tex (modified) (13 diffs)
• waituntil.tex (modified) (3 diffs)

doc/theses/colby_parsons_MMAth/text/CFA_concurrency.tex

@@ -12 +12 @@
 \VRef[Listing]{l:cfa_thd_init} shows a typical examples of creating a \CFA user-thread type, and then as declaring processor ($N$) and thread objects ($M$).
 \begin{cfa}[caption={Example of \CFA user thread and processor creation},label={l:cfa_thd_init}]
-@thread@ my_thread {                            $\C{// user thread type (like structure)}$
+@thread@ my_thread {                            $\C{// user thread type (like structure}$
         ... // arbitrary number of field declarations
 };
@@ -21 +21 @@
         @processor@ p[2];                               $\C{// add 2 processors = 3 total with starting processor}$
         {
-                @my_thread@ t[2], * t3 = new(); $\C{// create 2 stack allocated, 1 dynamic allocated user threads}$
+                @my_thread@ t[2], * t3 = new(); $\C{// create 3 user threads, running in routine main}$
                 ... // execute concurrently
-                delete( t3 );                           $\C{// wait for t3 to end and deallocate}$
-    } // wait for threads t[0] and t[1] to end and deallocate
+                delete( t3 );                           $\C{// wait for thread to end and deallocate}$
+        } // wait for threads to end and deallocate
 } // deallocate additional kernel threads
 \end{cfa}

doc/theses/colby_parsons_MMAth/text/CFA_intro.tex

@@ -9 +9 @@
 \CFA is a layer over C, is transpiled\footnote{Source to source translator.} to C, and is largely considered to be an extension of C.
 Beyond C, it adds productivity features, extended libraries, an advanced type-system, and many control-flow/concurrency constructions.
-However, \CFA stays true to the C programming style, with most code revolving around @struct@s and routines, and respects the same rules as C.
+However, \CFA stays true to the C programming style, with most code revolving around @struct@'s and routines, and respects the same rules as C.
 \CFA is not object oriented as it has no notion of @this@ (receiver) and no structures with methods, but supports some object oriented ideas including constructors, destructors, and limited nominal inheritance.
 While \CFA is rich with interesting features, only the subset pertinent to this work is discussed here.
@@ -17 +17 @@
 References in \CFA are a layer of syntactic sugar over pointers to reduce the number of syntactic ref/deref operations needed with pointer usage.
 Pointers in \CFA differ from C and \CC in their use of @0p@ instead of C's @NULL@ or \CC's @nullptr@.
-References can contain 0p in \CFA, which is the equivalent of a null reference.
 Examples of references are shown in \VRef[Listing]{l:cfa_ref}.
 
@@ -65 +64 @@
 This feature is also implemented in Pascal~\cite{Pascal}.
 It can exist as a stand-alone statement or wrap a routine body to expose aggregate fields.
-If exposed fields share a name, the type system will attempt to disambiguate them based on type.
-If the type system is unable to disambiguate the fields then the user must qualify those names to avoid a compilation error.
 Examples of the @with@ statement are shown in \VRef[Listing]{l:cfa_with}.
 

doc/theses/colby_parsons_MMAth/text/actors.tex

@@ -7 +7 @@
 Actors are an indirect concurrent feature that abstracts threading away from a programmer, and instead provides \gls{actor}s and messages as building blocks for concurrency.
 Hence, actors are in the realm of \gls{impl_concurrency}, where programmers write concurrent code without dealing with explicit thread creation or interaction.
-Actor message-passing is similar to channels, but with more abstraction, so there is no shared data to protect, making actors amenable to a distributed environment.
+Actor message-passing is similar to channels, but with more abstraction, so there is no shared data to protect, making actors amenable in a distributed environment.
 Actors are often used for high-performance computing and other data-centric problems, where the ease of use and scalability of an actor system provides an advantage over channels.
 
@@ -14 +14 @@
 
 \section{Actor Model}
-The \Newterm{actor model} is a concurrent paradigm where an actor is used as the fundamental building-block for computation, and the data for computation is distributed to actors in the form of messages~\cite{Hewitt73}.
+The \Newterm{actor model} is a concurrent paradigm where computation is broken into units of work called actors, and the data for computation is distributed to actors in the form of messages~\cite{Hewitt73}.
 An actor is composed of a \Newterm{mailbox} (message queue) and a set of \Newterm{behaviours} that receive from the mailbox to perform work.
 Actors execute asynchronously upon receiving a message and can modify their own state, make decisions, spawn more actors, and send messages to other actors.
@@ -22 +22 @@
 For example, mutual exclusion and locking are rarely relevant concepts in an actor model, as actors typically only operate on local state.
 
-\subsection{Classic Actor System}
-An implementation of the actor model with a theatre (group) of actors is called an \Newterm{actor system}.
-Actor systems largely follow the actor model, but can differ in some ways.
-
-In an actor system, an actor does not have a thread.
+An actor does not have a thread.
 An actor is executed by an underlying \Newterm{executor} (kernel thread-pool) that fairly invokes each actor, where an actor invocation processes one or more messages from its mailbox.
 The default number of executor threads is often proportional to the number of computer cores to achieve good performance.
 An executor is often tunable with respect to the number of kernel threads and its scheduling algorithm, which optimize for specific actor applications and workloads \see{Section~\ref{s:ActorSystem}}.
 
+\subsection{Classic Actor System}
+An implementation of the actor model with a community of actors is called an \Newterm{actor system}.
+Actor systems largely follow the actor model, but can differ in some ways.
 While the semantics of message \emph{send} is asynchronous, the implementation may be synchronous or a combination.
-The default semantics for message \emph{receive} is \gls{fifo}, so an actor receives messages from its mailbox in temporal (arrival) order.
-% however, messages sent among actors arrive in any order.
+The default semantics for message \emph{receive} is \gls{fifo}, so an actor receives messages from its mailbox in temporal (arrival) order;
+however, messages sent among actors arrive in any order.
 Some actor systems provide priority-based mailboxes and/or priority-based message-selection within a mailbox, where custom message dispatchers search among or within a mailbox(es) with a predicate for specific kinds of actors and/or messages.
-Some actor systems provide a shared mailbox where multiple actors receive from a common mailbox~\cite{Akka}, which is contrary to the no-sharing design of the basic actor-model (and may require additional locking).
-For non-\gls{fifo} service, some notion of fairness (eventual progress) should exist, otherwise messages have a high latency or starve, \ie are never received.
-% Finally, some actor systems provide multiple typed-mailboxes, which then lose the actor-\lstinline{become} mechanism \see{Section~\ref{s:SafetyProductivity}}.
+Some actor systems provide a shared mailbox where multiple actors receive from a common mailbox~\cite{Akka}, which is contrary to the no-sharing design of the basic actor-model (and requires additional locking).
+For non-\gls{fifo} service, some notion of fairness (eventual progress) must exist, otherwise messages have a high latency or starve, \ie never received.
+Finally, some actor systems provide multiple typed-mailboxes, which then lose the actor-\lstinline{become} mechanism \see{Section~\ref{s:SafetyProductivity}}.
 %While the definition of the actor model provides no restrictions on message ordering, actor systems tend to guarantee that messages sent from a given actor $i$ to actor $j$ arrive at actor $j$ in the order they were sent.
 Another way an actor system varies from the model is allowing access to shared global-state.
@@ -61 +60 @@
 Figure \ref{f:inverted_actor} shows an actor system designed as \Newterm{message-centric}, where a set of messages are scheduled and run on underlying executor threads~\cite{uC++,Nigro21}.
 This design is \Newterm{inverted} because actors belong to a message queue, whereas in the classic approach a message queue belongs to each actor.
-Now a message send must query the actor to know which message queue to post the message to.
+Now a message send must queries the actor to know which message queue to post the message.
 Again, the simplest design has a single global queue of messages accessed by the executor threads, but this approach has the same contention problem by the executor threads.
 Therefore, the messages (mailboxes) are sharded and executor threads schedule each message, which points to its corresponding actor.
@@ -177 +176 @@
         @actor | str_msg | int_msg;@                    $\C{// cascade sends}$
         @actor | int_msg;@                                              $\C{// send}$
-        @actor | finished_msg;@                                 $\C{// send => terminate actor (builtin Poison-Pill)}$
+        @actor | finished_msg;@                                 $\C{// send => terminate actor (deallocation deferred)}$
         stop_actor_system();                                    $\C{// waits until actors finish}\CRT$
 } // deallocate actor, int_msg, str_msg
@@ -493 +492 @@
 Each executor thread iterates over its own message queues until it finds one with messages.
 At this point, the executor thread atomically \gls{gulp}s the queue, meaning it moves the contents of message queue to a local queue of the executor thread.
-Gulping moves the contents of the message queue as a batch rather than removing individual elements.
 An example of the queue gulping operation is shown in the right side of Figure \ref{f:gulp}, where an executor thread gulps queue 0 and begins to process it locally.
 This step allows the executor thread to process the local queue without any atomics until the next gulp.
@@ -525 +523 @@
 
 Since the copy queue is an array, envelopes are allocated first on the stack and then copied into the copy queue to persist until they are no longer needed.
-For many workloads, the copy queues reallocate and grow in size to facilitate the average number of messages in flight and there are no further dynamic allocations.
+For many workloads, the copy queues grow in size to facilitate the average number of messages in flight and there are no further dynamic allocations.
 The downside of this approach is that more storage is allocated than needed, \ie each copy queue is only partially full.
 Comparatively, the individual envelope allocations of a list-based queue mean that the actor system always uses the minimum amount of heap space and cleans up eagerly.
@@ -564 +562 @@
 To ensure sequential actor execution and \gls{fifo} message delivery in a message-centric system, stealing requires finding and removing \emph{all} of an actor's messages, and inserting them consecutively in another message queue.
 This operation is $O(N)$ with a non-trivial constant.
-The only way for work stealing to become practical is to shard each worker's message queue \see{Section~\ref{s:executor}}, which also reduces contention, and to steal queues to eliminate queue searching.
+The only way for work stealing to become practical is to shard each worker's message queue, which also reduces contention, and to steal queues to eliminate queue searching.
 
 Given queue stealing, the goal of the presented stealing implementation is to have an essentially zero-contention-cost stealing mechanism.
@@ -578 +576 @@
 
 The outline for lazy-stealing by a thief is: select a victim, scan its queues once, and return immediately if a queue is stolen.
-The thief then assumes its normal operation of scanning over its own queues looking for work, where stolen work is placed at the end of the scan.
+The thief then assumes it normal operation of scanning over its own queues looking for work, where stolen work is placed at the end of the scan.
 Hence, only one victim is affected and there is a reasonable delay between stealing events as the thief scans its ready queue looking for its own work before potentially stealing again.
 This lazy examination by the thief has a low perturbation cost for victims, while still finding work in a moderately loaded system.
@@ -638 +636 @@
 % Note that a thief never exceeds its $M$/$N$ worker range because it is always exchanging queues with other workers.
 If no appropriate victim mailbox is found, no swap is attempted.
-Note that since the mailbox checks happen non-atomically, the thieves effectively guess which mailbox is ripe for stealing.
-The thief may read stale data and can end up stealing an ineligible or empty mailbox.
-This is not a correctness issue and is addressed in Section~\ref{s:steal_prob}, but the steal will likely not be productive.
-These unproductive steals are uncommon, but do occur with some frequency, and are a tradeoff that is made to achieve minimal victim contention.
 
 \item
@@ -650 +644 @@
 \end{enumerate}
 
-\subsection{Stealing Problem}\label{s:steal_prob}
+\subsection{Stealing Problem}
 Each queue access (send or gulp) involving any worker (thief or victim) is protected using spinlock @mutex_lock@.
 However, to achieve the goal of almost zero contention for the victim, it is necessary that the thief does not acquire any queue spinlocks in the stealing protocol.
@@ -709 +703 @@
 None of the work-stealing actor-systems examined in this work perform well on the repeat benchmark.
 Hence, for all non-pathological cases, the claim is made that this stealing mechanism has a (probabilistically) zero-victim-cost in practice.
-Future work on the work stealing system could include a backoff mechanism after failed steals to further address the pathological cases.
 
 \subsection{Queue Pointer Swap}\label{s:swap}
@@ -716 +709 @@
 The \gls{cas} is a read-modify-write instruction available on most modern architectures.
 It atomically compares two memory locations, and if the values are equal, it writes a new value into the first memory location.
-A sequential specification of \gls{cas} is:
+A software implementation of \gls{cas} is:
 \begin{cfa}
 // assume this routine executes atomically
@@ -762 +755 @@
 
 Either a true memory/memory swap instruction or a \gls{dcas} would provide the ability to atomically swap two memory locations, but unfortunately neither of these instructions are supported on the architectures used in this work.
-There are lock-free implemetions of DCAS, or more generally K-word CAS (also known as MCAS or CASN)~\cite{Harris02} and LLX/SCX~\cite{Brown14} that can be used to provide the desired atomic swap capability.
-However, these lock-free implementations were not used as it is advantageous in the work stealing case to let an attempted atomic swap fail instead of retrying.
 Hence, a novel atomic swap specific to the actor use case is simulated, called \gls{qpcas}.
-Note that this swap is \emph{not} lock-free.
 The \gls{qpcas} is effectively a \gls{dcas} special cased in a few ways:
 \begin{enumerate}
@@ -776 +766 @@
 \end{cfa}
 \item
-The values swapped are never null pointers, so a null pointer can be used as an intermediate value during the swap. As such, null is effectively used as a lock for the swap.
+The values swapped are never null pointers, so a null pointer can be used as an intermediate value during the swap.
 \end{enumerate}
 Figure~\ref{f:qpcasImpl} shows the \CFA pseudocode for the \gls{qpcas}.
@@ -872 +862 @@
 The concurrent proof of correctness is shown through the existence of an invariant.
 The invariant states when a queue pointer is set to @0p@ by a thief, then the next write to the pointer can only be performed by the same thief.
-This is effictively a mutual exclusion condition for the later write.
 To show that this invariant holds, it is shown that it is true at each step of the swap.
 \begin{itemize}
@@ -1022 +1011 @@
 The intuition behind this heuristic is that the slowest worker receives help via work stealing until it becomes a thief, which indicates that it has caught up to the pace of the rest of the workers.
 This heuristic should ideally result in lowered latency for message sends to victim workers that are overloaded with work.
-It must be acknowledged that this linear search could cause a lot of cache coherence traffic.
-Future work on this heuristic could include introducing a search that has less impact on caching.
 A negative side-effect of this heuristic is that if multiple thieves steal at the same time, they likely steal from the same victim, which increases the chance of contention.
 However, given that workers have multiple queues, often in the tens or hundreds of queues, it is rare for two thieves to attempt stealing from the same queue.
@@ -1041 +1028 @@
 \CFA's actor system comes with a suite of safety and productivity features.
 Most of these features are only present in \CFA's debug mode, and hence, have zero-cost in no-debug mode.
-The suite of features include the following.
+The suit of features include the following.
 \begin{itemize}
 \item Static-typed message sends:
-If an actor does not support receiving a given message type, the receive call is rejected at compile time, preventing unsupported messages from being sent to an actor.
+If an actor does not support receiving a given message type, the receive call is rejected at compile time, allowing unsupported messages to never be sent to an actor.
 
 \item Detection of message sends to Finished/Destroyed/Deleted actors:
@@ -1055 +1042 @@
 
 \item When an executor is configured, $M >= N$.
-That is, each worker must receive at least one mailbox queue, since otherwise a worker cannot receive any work without a queue pull messages from.
+That is, each worker must receive at least one mailbox queue, otherwise the worker spins and never does any work.
 
 \item Detection of unsent messages:
@@ -1113 +1100 @@
 \begin{list}{\arabic{enumi}.}{\usecounter{enumi}\topsep=5pt\parsep=5pt\itemsep=0pt}
 \item
-Supermicro SYS--6029U--TR4 Intel Xeon Gold 5220R 24--core socket, hyper-threading $\times$ 2 sockets (96 process\-ing units), running Linux v5.8.0--59--generic
-\item
-Supermicro AS--1123US--TR4 AMD EPYC 7662 64--core socket, hyper-threading $\times$ 2 sockets (256 processing units), running Linux v5.8.0--55--generic
+Supermicro SYS--6029U--TR4 Intel Xeon Gold 5220R 24--core socket, hyper-threading $\times$ 2 sockets (48 process\-ing units) 2.2GHz, running Linux v5.8.0--59--generic
+\item
+Supermicro AS--1123US--TR4 AMD EPYC 7662 64--core socket, hyper-threading $\times$ 2 sockets (256 processing units) 2.0 GHz, running Linux v5.8.0--55--generic
 \end{list}
 
@@ -1125 +1112 @@
 All benchmarks are run 5 times and the median is taken.
 Error bars showing the 95\% confidence intervals appear on each point in the graphs.
-The confidence intervals are calculated using bootstrapping to avoid normality assumptions.
 If the confidence bars are small enough, they may be obscured by the data point.
 In this section, \uC is compared to \CFA frequently, as the actor system in \CFA is heavily based off of \uC's actor system.

doc/theses/colby_parsons_MMAth/text/channels.tex

@@ -20 +20 @@
 Neither Go nor \CFA channels have the restrictions of the early channel-based concurrent systems.
 
-Other popular languages and libraries that provide channels include C++ Boost~\cite{boost:channel}, Rust~\cite{rust:channel}, Haskell~\cite{haskell:channel}, OCaml~\cite{ocaml:channel}, and Kotlin~\cite{kotlin:channel}.
+Other popular languages and libraries that provide channels include C++ Boost~\cite{boost:channel}, Rust~\cite{rust:channel}, Haskell~\cite{haskell:channel}, and OCaml~\cite{ocaml:channel}.
 Boost channels only support asynchronous (non-blocking) operations, and Rust channels are limited to only having one consumer per channel.
 Haskell channels are unbounded in size, and OCaml channels are zero-size.
 These restrictions in Haskell and OCaml are likely due to their functional approach, which results in them both using a list as the underlying data structure for their channel.
 These languages and libraries are not discussed further, as their channel implementation is not comparable to the bounded-buffer style channels present in Go and \CFA.
-Kotlin channels are comparable to Go and \CFA, but unfortunately they were not identified as a comparator until after presentation of this thesis and are omitted due to time constraints.
 
 \section{Producer-Consumer Problem}
@@ -32 +31 @@
 In the problem, threads interact with a buffer in two ways: producing threads insert values into the buffer and consuming threads remove values from the buffer.
 In general, a buffer needs protection to ensure a producer only inserts into a non-full buffer and a consumer only removes from a non-empty buffer (synchronization).
-As well, a buffer needs protection from concurrent access by multiple producers or consumers attempting to insert or remove simultaneously, which is often provided by MX.
+As well, a buffer needs protection from concurrent access by multiple producers or consumers attempting to insert or remove simultaneously (MX).
 
 \section{Channel Size}\label{s:ChannelSize}
@@ -42 +41 @@
 Fixed sized (bounded) implies the communication is mostly asynchronous, \ie the producer can proceed up to the buffer size and vice versa for the consumer with respect to removal, at which point the producer/consumer would wait.
 \item
-Infinite sized (unbounded) implies the communication is asymmetrically asynchronous, \ie the producer never waits but the consumer waits when the buffer is empty.
+Infinite sized (unbounded) implies the communication is asynchronous, \ie the producer never waits but the consumer waits when the buffer is empty.
+Since memory is finite, all unbounded buffers are ultimately bounded;
+this restriction must be part of its implementation.
 \end{enumerate}
 
@@ -49 +50 @@
 However, like MX, a buffer should ensure every value is eventually removed after some reasonable bounded time (no long-term starvation).
 The simplest way to prevent starvation is to implement the buffer as a queue, either with a cyclic array or linked nodes.
-While \gls{fifo} is not required for producer-consumer problem correctness, it is a desired property in channels as it provides predictable and often relied upon channel ordering behaviour to users.
 
 \section{First-Come First-Served}
-As pointed out, a bounded buffer implementation often provides MX among multiple producers or consumers.
+As pointed out, a bounded buffer requires MX among multiple producers or consumers.
 This MX should be fair among threads, independent of the \gls{fifo} buffer being fair among values.
 Fairness among threads is called \gls{fcfs} and was defined by Lamport~\cite[p.~454]{Lamport74}.
@@ -66 +66 @@
 
 \section{Channel Implementation}\label{s:chan_impl}
-The programming languages Go, Kotlin, and Erlang provide user-level threading where the primary communication mechanism is channels.
-These languages have user-level threading and preemptive scheduling, and both use channels for communication.
-Go and Kotlin provide multiple homogeneous channels; each have a single associated type.
+Currently, only the Go and Erlang programming languages provide user-level threading where the primary communication mechanism is channels.
+Both Go and Erlang have user-level threading and preemptive scheduling, and both use channels for communication.
+Go provides multiple homogeneous channels; each have a single associated type.
 Erlang, which is closely related to actor systems, provides one heterogeneous channel per thread (mailbox) with a typed receive pattern.
-Go and Kotlin encourage users to communicate via channels, but provides them as an optional language feature.
+Go encourages users to communicate via channels, but provides them as an optional language feature.
 On the other hand, Erlang's single heterogeneous channel is a fundamental part of the threading system design; using it is unavoidable.
-Similar to Go and Kotlin, \CFA's channels are offered as an optional language feature.
+Similar to Go, \CFA's channels are offered as an optional language feature.
 
 While iterating on channel implementation, experiments were conducted that varied the producer-consumer algorithm and lock type used inside the channel.
@@ -83 +83 @@
 The Go channel implementation utilizes cooperation among threads to achieve good performance~\cite{go:chan}.
 This cooperation only occurs when producers or consumers need to block due to the buffer being full or empty.
-After a producer blocks it must wait for a consumer to signal it and vice versa.
-The consumer or producer that signals a blocked thread is called the signalling thread.
 In these cases, a blocking thread stores their relevant data in a shared location and the signalling thread completes the blocking thread's operation before waking them;
 \ie the blocking thread has no work to perform after it unblocks because the signalling threads has done this work.
@@ -90 +88 @@
 First, each thread interacting with the channel only acquires and releases the internal channel lock once.
 As a result, contention on the internal lock is decreased; only entering threads compete for the lock since unblocking threads do not reacquire the lock.
-The other advantage of Go's wait-morphing approach is that it eliminates the need to wait for signalled threads to run.
+The other advantage of Go's wait-morphing approach is that it eliminates the bottleneck of waiting for signalled threads to run.
 Note that the property of acquiring/releasing the lock only once can also be achieved with a different form of cooperation, called \Newterm{baton passing}.
 Baton passing occurs when one thread acquires a lock but does not release it, and instead signals a thread inside the critical section, conceptually ``passing'' the mutual exclusion from the signalling thread to the signalled thread.
@@ -96 +94 @@
 the wait-morphing approach has threads cooperate by completing the signalled thread's operation, thus removing a signalled thread's need for mutual exclusion after unblocking.
 While baton passing is useful in some algorithms, it results in worse channel performance than the Go approach.
-In the baton-passing approach, all threads need to wait for the signalled thread to unblock and run before other operations on the channel can proceed, since the signalled thread holds mutual exclusion;
+In the baton-passing approach, all threads need to wait for the signalled thread to reach the front of the ready queue, context switch, and run before other operations on the channel can proceed, since the signalled thread holds mutual exclusion;
 in the wait-morphing approach, since the operation is completed before the signal, other threads can continue to operate on the channel without waiting for the signalled thread to run.
 

doc/theses/colby_parsons_MMAth/text/conclusion.tex

@@ -20 +20 @@
 \item Channels with comparable performance to Go, which have safety and productivity features including deadlock detection and an easy-to-use exception-based channel @close@ routine.
 \item An in-memory actor system, which achieves the lowest latency message send of systems tested due to the novel copy-queue data structure.
-\item As well, the actor system has built-in detection of six common actor errors, with excellent performance compared to other systems across all benchmarks presented in this thesis.
-\item A @waituntil@ statement, which tackles the hard problem of allowing a thread wait synchronously for an arbitrary set of concurrent resources.
+\item As well, the actor system has built-in detection of six common actor errors, with excellent performance compared to other systems across all benchmarks.
+\item A @waituntil@ statement, which tackles the hard problem of allowing a thread to safely wait synchronously for an arbitrary set of concurrent resources.
 \end{enumerate}
 

doc/theses/colby_parsons_MMAth/text/mutex_stmt.tex

@@ -83 +83 @@
 \end{figure}
 
-Like Java, \CFA monitors have \Newterm{multi-acquire} (reentrant locking) semantics so the thread in the monitor may acquire it multiple times without deadlock, allowing recursion and calling of other MX functions.
+Like Java, \CFA monitors have \Newterm{multi-acquire} semantics so the thread in the monitor may acquire it multiple times without deadlock, allowing recursion and calling of other MX functions.
 For robustness, \CFA monitors ensure the monitor lock is released regardless of how an acquiring function ends, normal or exceptional, and returning a shared variable is safe via copying before the lock is released.
 Monitor objects can be passed through multiple helper functions without acquiring mutual exclusion, until a designated function associated with the object is called.
@@ -104 +104 @@
 }
 \end{cfa}
-The \CFA monitor implementation ensures multi-lock acquisition is done in a deadlock-free manner regardless of the number of MX parameters and monitor arguments via resource ordering.
-It it important to note that \CFA monitors do not attempt to solve the nested monitor problem~\cite{Lister77}.
+The \CFA monitor implementation ensures multi-lock acquisition is done in a deadlock-free manner regardless of the number of MX parameters and monitor arguments. It it important to note that \CFA monitors do not attempt to solve the nested monitor problem~\cite{Lister77}.
 
 \section{\lstinline{mutex} statement}
@@ -166 +165 @@
 In detail, the mutex statement has a clause and statement block, similar to a conditional or loop statement.
 The clause accepts any number of lockable objects (like a \CFA MX function prototype), and locks them for the duration of the statement.
-The locks are acquired in a deadlock-free manner and released regardless of how control-flow exits the statement.
-Note that this deadlock-freedom has some limitations \see{\VRef{s:DeadlockAvoidance}}.
+The locks are acquired in a deadlock free manner and released regardless of how control-flow exits the statement.
 The mutex statement provides easy lock usage in the common case of lexically wrapping a CS.
 Examples of \CFA mutex statement are shown in \VRef[Listing]{l:cfa_mutex_ex}.
@@ -212 +210 @@
 Like Java, \CFA introduces a new statement rather than building from existing language features, although \CFA has sufficient language features to mimic \CC RAII locking.
 This syntactic choice makes MX explicit rather than implicit via object declarations.
-Hence, it is easy for programmers and language tools to identify MX points in a program, \eg scan for all @mutex@ parameters and statements in a body of code; similar scanning can be done with Java's @synchronized@.
+Hence, it is easier for programmers and language tools to identify MX points in a program, \eg scan for all @mutex@ parameters and statements in a body of code.
 Furthermore, concurrent safety is provided across an entire program for the complex operation of acquiring multiple locks in a deadlock-free manner.
 Unlike Java, \CFA's mutex statement and \CC's @scoped_lock@ both use parametric polymorphism to allow user defined types to work with this feature.
@@ -233 +231 @@
 thread$\(_2\)$ : sout | "uvw" | "xyz";
 \end{cfa}
-any of the outputs can appear:
+any of the outputs can appear, included a segment fault due to I/O buffer corruption:
 \begin{cquote}
 \small\tt
@@ -262 +260 @@
 mutex( sout ) { // acquire stream lock for sout for block duration
         sout | "abc";
-        sout | "uvw" | "xyz";
+        mutex( sout ) sout | "uvw" | "xyz"; // OK because sout lock is recursive
         sout | "def";
 } // implicitly release sout lock
 \end{cfa}
+The inner lock acquire is likely to occur through a function call that does a thread-safe print.
 
 \section{Deadlock Avoidance}\label{s:DeadlockAvoidance}
@@ -310 +309 @@
 For fewer than 7 locks ($2^3-1$), the sort is unrolled performing the minimum number of compare and swaps for the given number of locks;
 for 7 or more locks, insertion sort is used.
-It is assumed to be rare to hold more than 6 locks at a time.
-For 6 or fewer locks the algorithm is fast and executes in $O(1)$ time.
-Furthermore, lock addresses are unique across program execution, even for dynamically allocated locks, so the algorithm is safe across the entire program execution, as long as lifetimes of objects are appropriately managed. 
-For example, deleting a lock and allocating another one could give the new lock the same address as the deleted one, however deleting a lock in use by another thread is a programming error irrespective of the usage of the @mutex@ statement.
+Since it is extremely rare to hold more than 6 locks at a time, the algorithm is fast and executes in $O(1)$ time.
+Furthermore, lock addresses are unique across program execution, even for dynamically allocated locks, so the algorithm is safe across the entire program execution.
 
 The downside to the sorting approach is that it is not fully compatible with manual usages of the same locks outside the @mutex@ statement, \ie the lock are acquired without using the @mutex@ statement.
@@ -341 +338 @@
 \end{cquote}
 Comparatively, if the @scoped_lock@ is used and the same locks are acquired elsewhere, there is no concern of the @scoped_lock@ deadlocking, due to its avoidance scheme, but it may livelock.
-The convenience and safety of the @mutex@ statement, \ie guaranteed lock release with exceptions, should encourage programmers to always use it for locking, mitigating most deadlock scenarios versus combining manual locking with the mutex statement.
+The convenience and safety of the @mutex@ statement, \ie guaranteed lock release with exceptions, should encourage programmers to always use it for locking, mitigating any deadlock scenario versus combining manual locking with the mutex statement.
 Both \CC and the \CFA do not provide any deadlock guarantees for nested @scoped_lock@s or @mutex@ statements. 
 To do so would require solving the nested monitor problem~\cite{Lister77}, which currently does not have any practical solutions.
@@ -347 +344 @@
 \section{Performance}
 Given the two multi-acquisition algorithms in \CC and \CFA, each with differing advantages and disadvantages, it interesting to compare their performance.
-Comparison with Java was not conducted, since the synchronized statement only takes a single object and does not provide deadlock avoidance or prevention.
+Comparison with Java is not possible, since it only takes a single lock.
 
 The comparison starts with a baseline that acquires the locks directly without a mutex statement or @scoped_lock@ in a fixed ordering and then releases them.
@@ -359 +356 @@
 Each variation is run 11 times on 2, 4, 8, 16, 24, 32 cores and with 2, 4, and 8 locks being acquired.
 The median is calculated and is plotted alongside the 95\% confidence intervals for each point.
-The confidence intervals are calculated using bootstrapping to avoid normality assumptions.
 
 \begin{figure}
@@ -392 +388 @@
 }
 \end{cfa}
-\caption{Deadlock avoidance benchmark \CFA pseudocode}
+\caption{Deadlock avoidance benchmark pseudocode}
 \label{l:deadlock_avoid_pseudo}
 \end{figure}
@@ -400 +396 @@
 % sudo dmidecode -t system
 \item
-Supermicro AS--1123US--TR4 AMD EPYC 7662 64--core socket, hyper-threading $\times$ 2 sockets (256 processing units), TSO memory model, running Linux v5.8.0--55--generic, gcc--10 compiler
+Supermicro AS--1123US--TR4 AMD EPYC 7662 64--core socket, hyper-threading $\times$ 2 sockets (256 processing units) 2.0 GHz, TSO memory model, running Linux v5.8.0--55--generic, gcc--10 compiler
 \item
-Supermicro SYS--6029U--TR4 Intel Xeon Gold 5220R 24--core socket, hyper-threading $\times$ 2 sockets (96 processing units), TSO memory model, running Linux v5.8.0--59--generic, gcc--10 compiler
+Supermicro SYS--6029U--TR4 Intel Xeon Gold 5220R 24--core socket, hyper-threading $\times$ 2 sockets (48 processing units) 2.2GHz, TSO memory model, running Linux v5.8.0--59--generic, gcc--10 compiler
 \end{list}
 %The hardware architectures are different in threading (multithreading vs hyper), cache structure (MESI or MESIF), NUMA layout (QPI vs HyperTransport), memory model (TSO vs WO), and energy/thermal mechanisms (turbo-boost).
@@ -415 +411 @@
 For example, on the AMD machine with 32 threads and 8 locks, the benchmarks would occasionally livelock indefinitely, with no threads making any progress for 3 hours before the experiment was terminated manually.
 It is likely that shorter bouts of livelock occurred in many of the experiments, which would explain large confidence intervals for some of the data points in the \CC data.
-In Figures~\ref{f:mutex_bench8_AMD} and \ref{f:mutex_bench8_Intel} there is the counter-intuitive result of the @mutex@ statement performing better than the baseline.
+In Figures~\ref{f:mutex_bench8_AMD} and \ref{f:mutex_bench8_Intel} there is the counter-intuitive result of the mutex statement performing better than the baseline.
 At 7 locks and above the mutex statement switches from a hard coded sort to insertion sort, which should decrease performance.
 The hard coded sort is branch-free and constant-time and was verified to be faster than insertion sort for 6 or fewer locks.
-Part of the difference in throughput compared to baseline is due to the delay spent in the insertion sort, which decreases contention on the locks.
-This was verified to be part of the difference in throughput by experimenting with varying NCS delays in the baseline; however it only comprises a small portion of difference.
-It is possible that the baseline is slowed down or the @mutex@ is sped up by other factors that are not easily identifiable.
+It is likely the increase in throughput compared to baseline is due to the delay spent in the insertion sort, which decreases contention on the locks.
+
 
 \begin{figure}

doc/theses/colby_parsons_MMAth/text/waituntil.tex

@@ -168 +168 @@
 Go's @select@ has the same exclusive-or semantics as the ALT primitive from Occam and associated code blocks for each clause like ALT and Ada.
 However, unlike Ada and ALT, Go does not provide guards for the \lstinline[language=go]{case} clauses of the \lstinline[language=go]{select}.
-As such, the exponential blowup can be seen comparing Go and \uC in Figure~\ref{f:AdaMultiplexing}.
+As such, the exponential blowup can be seen comparing Go and \uC in Figure~\label{f:AdaMultiplexing}.
 Go also provides a timeout via a channel and a @default@ clause like Ada @else@ for asynchronous multiplexing.
 
@@ -519 +519 @@
 In following example, either channel @C1@ or @C2@ must be satisfied but nothing can be done for at least 1 or 3 seconds after the channel read, respectively.
 \begin{cfa}[deletekeywords={timeout}]
-waituntil( i << C1 ){} and waituntil( timeout( 1`s ) ){}
-or waituntil( i << C2 ){} and waituntil( timeout( 3`s ) ){}
+waituntil( i << C1 ); and waituntil( timeout( 1`s ) );
+or waituntil( i << C2 ); and waituntil( timeout( 3`s ) );
 \end{cfa}
 If only @C2@ is satisfied, \emph{both} timeout code-blocks trigger because 1 second occurs before 3 seconds.
@@ -542 +542 @@
 Now the unblocked WUT is guaranteed to have a satisfied resource and its code block can safely executed.
 The insertion circumvents the channel buffer via the wait-morphing in the \CFA channel implementation \see{Section~\ref{s:chan_impl}}, allowing @waituntil@ channel unblocking to not be special-cased.
-Note that all channel operations are fair and no preference is given between @waituntil@ and direct channel operations when unblocking.
 
 Furthermore, if both @and@ and @or@ operators are used, the @or@ operations stop behaving like exclusive-or due to the race among channel operations, \eg: