Changeset 8514fe19

Timestamp:

May 11, 2017, 11:08:07 AM (8 years ago)

Author:

Andrew Beach <ajbeach@…>

Branches:

ADT, aaron-thesis, arm-eh, ast-experimental, cleanup-dtors, deferred_resn, demangler, enum, forall-pointer-decay, jacob/cs343-translation, jenkins-sandbox, master, new-ast, new-ast-unique-expr, new-env, no_list, persistent-indexer, pthread-emulation, qualifiedEnum, resolv-new, with_gc

Children:

f2e746d

Parents:

c850687 (diff), 6250a312 (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the (diff) links above to see all the changes relative to each parent.

Message:

Merge branch 'master' of plg.uwaterloo.ca:software/cfa/cfa-cc

Location:

doc/proposals/concurrency

Files:

• Makefile (modified) (1 diff)
• cfa-format.tex (added)
• concurrency.tex (modified) (32 diffs)
• style.tex (modified) (1 diff)
• version (modified) (1 diff)

doc/proposals/concurrency/Makefile

@@ -10 +10 @@
 concurrency \
 style \
+cfa-format \
 glossary \
 }

doc/proposals/concurrency/concurrency.tex

@@ -9 +9 @@
 % math escape $...$ (dollar symbol)
 
-\documentclass[twoside,11pt]{article}
+\documentclass[letterpaper,12pt,titlepage,oneside,final]{book}
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
@@ -24 +24 @@
 \usepackage{graphicx}
 \usepackage{tabularx}
+\usepackage{multicol}
 \usepackage[acronym]{glossaries}
-\usepackage{varioref}                                           % extended references
-\usepackage{inconsolata}
+\usepackage{varioref}   
 \usepackage{listings}                                           % format program code
 \usepackage[flushmargin]{footmisc}                              % support label/reference in footnote
@@ -62 +62 @@
 \newcommand{\cit}{\textsuperscript{[Citation Needed]}\xspace}
 \newcommand{\code}[1]{\lstinline[language=CFA]{#1}}
-\newcommand{\pseudo}[1]{\lstinline[language=Pseudo]{#1}}
+\newcommand{\pscode}[1]{\lstinline[language=pseudo]{#1}}
+\newcommand{\TODO}{{\Textbf{TODO}}}
 
 \input{glossary}
@@ -99 +100 @@
 % ### #     #    #    #     # #######
 
-\section{Introduction}
+\chapter{Introduction}
 This proposal provides a minimal core concurrency API that is both simple, efficient and can be reused to build higher-level features. The simplest possible concurrency core is a thread and a lock but this low-level approach is hard to master. An easier approach for users is to support higher-level constructs as the basis of the concurrency in \CFA. Indeed, for highly productive parallel programming, high-level approaches are much more popular~\cite{HPP:Study}. Examples are task based, message passing and implicit threading.
 
@@ -112 +113 @@
 %  #####  ####### #     #  #####   #####  #     # #     # ####### #     #  #####     #
 
-\section{Concurrency}
+\chapter{Concurrency}
 Several tool can be used to solve concurrency challenges. Since these challenges always appear with the use of mutable shared-state, some languages and libraries simply disallow mutable shared-state (Erlang~\cite{Erlang}, Haskell~\cite{Haskell}, Akka (Scala)~\cite{Akka}). In these paradigms, interaction among concurrent objects relies on message passing~\cite{Thoth,Harmony,V-Kernel} or other paradigms that closely relate to networking concepts (channels\cit for example). However, in languages that use routine calls as their core abstraction mechanism, these approaches force a clear distinction between concurrent and non-concurrent paradigms (i.e., message passing versus routine call). Which in turn means that, in order to be effective, programmers need to learn two sets of designs patterns. This distinction can be hidden away in library code, but effective use of the librairy still has to take both paradigms into account. Approaches based on shared memory are more closely related to non-concurrent paradigms since they often rely on basic constructs like routine calls and objects. At a lower level these can be implemented as locks and atomic operations. Many such mechanisms have been proposed, including semaphores~\cite{Dijkstra68b} and path expressions~\cite{Campbell74}. However, for productivity reasons it is desireable to have a higher-level construct be the core concurrency paradigm~\cite{HPP:Study}. An approach that is worth mentionning because it is gaining in popularity is transactionnal memory~\cite{Dice10}[Check citation]. While this approach is even pursued by system languages like \CC\cit, the performance and feature set is currently too restrictive to add such a paradigm to a language like C or \CC\cit, which is why it was rejected as the core paradigm for concurrency in \CFA. One of the most natural, elegant, and efficient mechanisms for synchronization and communication, especially for shared memory systems, is the \emph{monitor}. Monitors were first proposed by Brinch Hansen~\cite{Hansen73} and later described and extended by C.A.R.~Hoare~\cite{Hoare74}. Many programming languages---e.g., Concurrent Pascal~\cite{ConcurrentPascal}, Mesa~\cite{Mesa}, Modula~\cite{Modula-2}, Turing~\cite{Turing:old}, Modula-3~\cite{Modula-3}, NeWS~\cite{NeWS}, Emerald~\cite{Emerald}, \uC~\cite{Buhr92a} and Java~\cite{Java}---provide monitors as explicit language constructs. In addition, operating-system kernels and device drivers have a monitor-like structure, although they often use lower-level primitives such as semaphores or locks to simulate monitors. For these reasons, this project proposes monitors as the core concurrency construct.
 
@@ -123 +124 @@
 % #     # ####### #     # ###    #    ####### #     #  #####
 
-\subsection{Monitors}
+\section{Monitors}
 A monitor is a set of routines that ensure mutual exclusion when accessing shared state. This concept is generally associated with Object-Oriented Languages like Java~\cite{Java} or \uC~\cite{uC++book} but does not strictly require OOP semantics. The only requirements is the ability to declare a handle to a shared object and a set of routines that act on it :
-\begin{lstlisting}
+\begin{cfacode}
         typedef /*some monitor type*/ monitor;
         int f(monitor & m);
@@ -133 +134 @@
                 f(m);
         }
-\end{lstlisting}
+\end{cfacode}
 
 %  #####     #    #       #
@@ -143 +144 @@
 %  #####  #     # ####### #######
 
-\subsubsection{Call semantics} \label{call}
+\subsection{Call semantics} \label{call}
 The above monitor example displays some of the intrinsic characteristics. Indeed, it is necessary to use pass-by-reference over pass-by-value for monitor routines. This semantics is important because at their core, monitors are implicit mutual-exclusion objects (locks), and these objects cannot be copied. Therefore, monitors are implicitly non-copyable.
 
 Another aspect to consider is when a monitor acquires its mutual exclusion. For example, a monitor may need to be passed through multiple helper routines that do not acquire the monitor mutual-exclusion on entry. Pass through can be both generic helper routines (\code{swap}, \code{sort}, etc.) or specific helper routines like the following to implement an atomic counter :
 
-\begin{lstlisting}
-        mutex struct counter_t { /*...see section §\ref{data}§...*/ };
+\begin{cfacode}
+        monitor counter_t { /*...see section $\ref{data}$...*/ };
 
         void ?{}(counter_t & nomutex this); //constructor
@@ -156 +157 @@
         //need for mutex is platform dependent here
         void ?{}(size_t * this, counter_t & mutex cnt); //conversion
-\end{lstlisting}
+\end{cfacode}
 
 Here, the constructor(\code{?\{\}}) uses the \code{nomutex} keyword to signify that it does not acquire the monitor mutual exclusion when constructing. This semantics is because an object not yet constructed should never be shared and therefore does not require mutual exclusion. The prefix increment operator uses \code{mutex} to protect the incrementing process from race conditions. Finally, there is a conversion operator from \code{counter_t} to \code{size_t}. This conversion may or may not require the \code{mutex} key word depending on whether or not reading an \code{size_t} is an atomic operation or not.
 
-Having both \code{mutex} and \code{nomutex} keywords could be argued to be redundant based on the meaning of a routine having neither of these keywords. For example, given a routine without quualifiers \code{void foo(counter_t & this)} then one could argue that it should default to the safest option \code{mutex}. On the other hand, the option of having routine \code{void foo(counter_t & this)} mean \code{nomutex} is unsafe by default and may easily cause subtle errors. It can be argued that \code{nomutex} is the more "normal" behaviour, the \code{nomutex} keyword effectively stating explicitly that "this routine has nothing special". Another alternative is to make having exactly one of these keywords mandatory, which would provide the same semantics but without the ambiguity of supporting routine \code{void foo(counter_t & this)}. Mandatory keywords would also have the added benefice of being self-documented but at the cost of extra typing. In the end, which solution should be picked is still up for debate. For the reminder of this proposal, the explicit approach is used for clarity.
-
-The next semantic decision is to establish when mutex/nomutex may be used as a type qualifier. Consider the following declarations:
-\begin{lstlisting}
+Having both \code{mutex} and \code{nomutex} keywords could be argued to be redundant based on the meaning of a routine having neither of these keywords. For example, given a routine without quualifiers \code{void foo(counter_t & this)} then one could argue that it should default to the safest option \code{mutex}. On the other hand, the option of having routine \code{void foo(counter_t & this)} mean \code{nomutex} is unsafe by default and may easily cause subtle errors. It can be argued that \code{nomutex} is the more "normal" behaviour, the \code{nomutex} keyword effectively stating explicitly that "this routine has nothing special". Another alternative is to make having exactly one of these keywords mandatory, which would provide the same semantics but without the ambiguity of supporting routine \code{void foo(counter_t & this)}. Mandatory keywords would also have the added benefice of being self-documented but at the cost of extra typing. However, since \CFA relies heavily on traits as an abstraction mechanism, the distinction between a type that is a monitor and a type that looks like a monitor can become blurred. For this reason, \CFA only has the \code{mutex} keyword.
+
+
+The next semantic decision is to establish when \code{mutex} may be used as a type qualifier. Consider the following declarations:
+\begin{cfacode}
         int f1(monitor & mutex m);
         int f2(const monitor & mutex m);
@@ -169 +171 @@
         int f4(monitor *[] mutex m);
         int f5(graph(monitor*) & mutex m);
-\end{lstlisting}
-The problem is to indentify which object(s) should be acquired. Furthermore, each object needs to be acquired only once. In the case of simple routines like \code{f1} and \code{f2} it is easy to identify an exhaustive list of objects to acquire on entry. Adding indirections (\code{f3}) still allows the compiler and programmer to indentify which object is acquired. However, adding in arrays (\code{f4}) makes it much harder. Array lengths are not necessarily known in C and even then making sure we only acquire objects once becomes also none trivial. This can be extended to absurd limits like \code{f5}, which uses a graph of monitors. To keep everyone as sane as possible~\cite{Chicken}, this projects imposes the requirement that a routine may only acquire one monitor per parameter and it must be the type of the parameter (ignoring potential qualifiers and indirections). Also note that while routine \code{f3} can be supported, meaning that monitor \code{**m} is be acquired, passing an array to this routine would be type safe and yet result in undefined behavior because only the first element of the array is acquired. However, this ambiguity is part of the C type system with respects to arrays. For this reason, it would also be reasonnable to disallow mutex in the context where arrays may be passed.
+\end{cfacode}
+The problem is to indentify which object(s) should be acquired. Furthermore, each object needs to be acquired only once. In the case of simple routines like \code{f1} and \code{f2} it is easy to identify an exhaustive list of objects to acquire on entry. Adding indirections (\code{f3}) still allows the compiler and programmer to indentify which object is acquired. However, adding in arrays (\code{f4}) makes it much harder. Array lengths are not necessarily known in C and even then making sure we only acquire objects once becomes also none trivial. This can be extended to absurd limits like \code{f5}, which uses a graph of monitors. To keep everyone as sane as possible~\cite{Chicken}, this projects imposes the requirement that a routine may only acquire one monitor per parameter and it must be the type of the parameter with one level of indirection (ignoring potential qualifiers). Also note that while routine \code{f3} can be supported, meaning that monitor \code{**m} is be acquired, passing an array to this routine would be type safe and yet result in undefined behavior because only the first element of the array is acquired. However, this ambiguity is part of the C type system with respects to arrays. For this reason, \code{mutex} is disallowed in the context where arrays may be passed.
+
+Finally, for convenience, monitors support multiple acquireing, that is acquireing a monitor while already holding it does not cause a deadlock. It simply increments an internal counter which is then used to release the monitor after the number of acquires and releases match up.
 
 % ######     #    #######    #
@@ -180 +184 @@
 % ######  #     #    #    #     #
 
-\subsubsection{Data semantics} \label{data}
+\subsection{Data semantics} \label{data}
 Once the call semantics are established, the next step is to establish data semantics. Indeed, until now a monitor is used simply as a generic handle but in most cases monitors contian shared data. This data should be intrinsic to the monitor declaration to prevent any accidental use of data without its appropriate protection. For example, here is a complete version of the counter showed in section \ref{call}:
-\begin{lstlisting}
-        mutex struct counter_t {
+\begin{cfacode}
+        monitor counter_t {
                 int value;
         };
 
-        void ?{}(counter_t & nomutex this) {
+        void ?{}(counter_t & this) {
                 this.cnt = 0;
         }
@@ -199 +203 @@
                 *this = (int)cnt;
         }
-\end{lstlisting}
+\end{cfacode}
 
 This simple counter is used as follows:
 \begin{center}
 \begin{tabular}{c @{\hskip 0.35in} c @{\hskip 0.35in} c}
-\begin{lstlisting}
+\begin{cfacode}
         //shared counter
         counter_t cnt;
@@ -214 +218 @@
           ...
         thread N : cnt++;
-\end{lstlisting}
+\end{cfacode}
 \end{tabular}
 \end{center}
 
 Notice how the counter is used without any explicit synchronisation and yet supports thread-safe semantics for both reading and writting. Unlike object-oriented monitors, where calling a mutex member \emph{implicitly} acquires mutual-exclusion, \CFA uses an explicit mechanism to acquire mutual-exclusion. A consequence of this approach is that it extends to multi-monitor calls.
-\begin{lstlisting}
+\begin{cfacode}
         int f(MonitorA & mutex a, MonitorB & mutex b);
 
@@ -225 +229 @@
         MonitorB b;
         f(a,b);
-\end{lstlisting}
+\end{cfacode}
 This code acquires both locks before entering the critical section, called \emph{\gls{group-acquire}}. In practice, writing multi-locking routines that do not lead to deadlocks is tricky. Having language support for such a feature is therefore a significant asset for \CFA. In the case presented above, \CFA guarantees that the order of aquisition is consistent across calls to routines using the same monitors as arguments. However, since \CFA monitors use multi-acquisition locks, users can effectively force the acquiring order. For example, notice which routines use \code{mutex}/\code{nomutex} and how this affects aquiring order :
-\begin{lstlisting}
+\begin{cfacode}
         void foo(A & mutex a, B & mutex b) { //acquire a & b
                 //...
         }
 
-        void bar(A & mutex a, B & nomutex b) { //acquire a
+        void bar(A & mutex a, B & /*nomutex*/ b) { //acquire a
                 //...
                 foo(a, b); //acquire b
@@ -238 +242 @@
         }
 
-        void baz(A & nomutex a, B & mutex b) { //acquire b
+        void baz(A & /*nomutex*/ a, B & mutex b) { //acquire b
                 //...
                 foo(a, b); //acquire a
                 //...
         }
-\end{lstlisting}
-
-The multi-acquisition monitor lock allows a monitor lock to be acquired by both \code{bar} or \code{baz} and acquired again in \code{foo}. In the calls to \code{bar} and \code{baz} the monitors are acquired in opposite order. such use leads to nested monitor call problems~\cite{Lister77}, which is a specific implementation of the lock acquiring order problem. In the example above, the user uses implicit ordering in the case of function \code{foo} but explicit ordering in the case of \code{bar} and \code{baz}. This subtle mistake means that calling these routines concurrently may lead to deadlock and is therefore undefined behavior. As shown on several occasion\cit, solving this problem requires :
+\end{cfacode}
+
+The multi-acquisition monitor lock allows a monitor lock to be acquired by both \code{bar} or \code{baz} and acquired again in \code{foo}. In the calls to \code{bar} and \code{baz} the monitors are acquired in opposite order. such use leads to nested monitor call problems~\cite{Lister77}, which is a more specific variation of the lock acquiring order problem. In the example above, the user uses implicit ordering in the case of function \code{foo} but explicit ordering in the case of \code{bar} and \code{baz}. This subtle mistake means that calling these routines concurrently may lead to deadlock and is therefore undefined behavior. As shown on several occasion\cit, solving this problem requires :
 \begin{enumerate}
         \item Dynamically tracking of the monitor-call order.
@@ -269 +273 @@
 %             #       ####### #######    #    #     # ####### #     # #     #
 
-\subsubsection{Implementation Details: Interaction with polymorphism}
+\subsection{Implementation Details: Interaction with polymorphism}
 At first glance, interaction between monitors and \CFA's concept of polymorphism seems complex to support. However, it is shown that entry-point locking can solve most of the issues.
 
@@ -279 +283 @@
 \CFA & pseudo-code & pseudo-code \\
 \hline
-\begin{lstlisting}
-void foo(monitor & mutex a) {
+\begin{cfacode}[tabsize=3]
+void foo(monitor& mutex a){
 
 
@@ -297 +301 @@
 
 }
-\end{lstlisting} &\begin{lstlisting}
+\end{cfacode} & \begin{pseudo}[tabsize=3]
 foo(& a) {
 
@@ -315 +319 @@
         release(a);
 }
-\end{lstlisting} &\begin{lstlisting}
+\end{pseudo} & \begin{pseudo}[tabsize=3]
 foo(& a) {
         //called routine
@@ -333 +337 @@
 
 }
-\end{lstlisting}
+\end{pseudo}
 \end{tabular}
 \end{center}
 
-First of all, interaction between \code{otype} polymorphism and monitors is impossible since monitors do not support copying. Therefore, the main question is how to support \code{dtype} polymorphism. Since a monitor's main purpose is to ensure mutual exclusion when accessing shared data, this implies that mutual exclusion is only required for routines that do in fact access shared data. However, since \code{dtype} polymorphism always handles incomplete types (by definition), no \code{dtype} polymorphic routine can access shared data since the data requires knowledge about the type. Therefore, the only concern when combining \code{dtype} polymorphism and monitors is to protect access to routines. \Gls{callsite-locking} would require a significant amount of work, since any \code{dtype} routine may have to obtain some lock before calling a routine, depending on whether or not the type passed is a monitor. However, with \gls{entry-point-locking} calling a monitor routine becomes exactly the same as calling it from anywhere else.
-
+First of all, interaction between \code{otype} polymorphism and monitors is impossible since monitors do not support copying. Therefore, the main question is how to support \code{dtype} polymorphism. Since a monitor's main purpose is to ensure mutual exclusion when accessing shared data, this implies that mutual exclusion is only required for routines that do in fact access shared data. However, since \code{dtype} polymorphism always handles incomplete types (by definition), no \code{dtype} polymorphic routine can access shared data since the data requires knowledge about the type. Therefore, the only concern when combining \code{dtype} polymorphism and monitors is to protect access to routines. \Gls{callsite-locking} would require a significant amount of work, since any \code{dtype} routine may have to obtain some lock before calling a routine, depending on whether or not the type passed is a monitor. However, with \gls{entry-point-locking} calling a monitor routine becomes exactly the same as calling it from anywhere else. Note that the \code{mutex} keyword relies on the resolver, which mean that in cases where generic monitor routines is actually desired, writing mutex routine is possible with the proper trait.
 
 
@@ -349 +352 @@
 % ### #     #    #    ###     #####   #####  #     # ####### ######
 
-\subsection{Internal scheduling} \label{insched}
-
-\begin{center}
-\begin{tabular}{ c @{\hskip 0.65in} c }
-\begin{lstlisting}[language=Pseudo]
+\section{Internal scheduling} \label{insched}
+In addition to mutual exclusion, the monitors at the core of \CFA's concurrency can also be used to achieve synchronisation. With monitors, this is generally achieved with internal or external scheduling as in\cit. Since internal scheduling of single monitors is mostly a solved problem, this proposal concentraits on extending internal scheduling to multiple monitors at once. Indeed, like the \gls{group-acquire} semantics, internal scheduling extends to multiple monitors at once in a way that is natural to the user but requires additional complexity on the implementation side.
+
+First, Here is a simple example of such a technique :
+
+\begin{cfacode}
+        monitor A {
+                condition e;
+        }
+
+        void foo(A & mutex a) {
+                // ...
+                // We need someone else to do something now
+                wait(a.e);
+                // ...
+        }
+
+        void bar(A & mutex a) {
+                // Do the thing foo is waiting on
+                // ...
+                // Signal foo it's done
+                signal(a.e);
+        }
+\end{cfacode}
+
+Note that in \CFA, \code{condition} have no particular need to be stored inside a monitor, beyond any software engineering reasons. Here routine \code{foo} waits for the \code{signal} from \code{bar} before making further progress, effectively ensuring a basic ordering. An important aspect to take into account here is that \CFA does not allow barging, which means that once function \code{bar} releases the monitor, foo is guaranteed to resume immediately after (unless some other function waited on the same condition). This guarantees offers the benefit of not having to loop arount waits in order to guarantee that a condition is still met. The main reason \CFA offers this guarantee is that users can easily introduce barging if it becomes a necessity but adding a barging prevention or barging avoidance is more involved without language support.
+
+Supporting barging prevention as well as extending internal scheduling to multiple monitors is the main source of complexity in the design of \CFA concurrency.
+
+\subsection{Internal Scheduling - multi monitor}
+It easier to understand the problem of multi monitor scheduling using a series of pseudo code though experiment. Note that in the following snippets of pseudo-code waiting and signalling is done without the use of a condition variable. While \CFA requires condition variables to use signalling, the variable itself only really holds the data needed for the implementation of internal schedulling. Some languages like JAVA\cit simply define an implicit condition variable for every monitor while other languages like \uC use explicit condition variables. Since the following pseudo-codes are simple and focused experiments, all condition variables are implicit.
+
+\begin{multicols}{2}
+\begin{pseudo}
 acquire A
         wait A
 release A
-\end{lstlisting}&\begin{lstlisting}[language=Pseudo]
+\end{pseudo}
+
+\columnbreak
+
+\begin{pseudo}
 acquire A
         signal A
 release A
-\end{lstlisting}
-\end{tabular}
-\end{center}
-
-Easy : like uC++
-
-\begin{center}
-\begin{tabular}{ c @{\hskip 0.65in} c }
-\begin{lstlisting}[language=Pseudo]
+\end{pseudo}
+\end{multicols}
+
+The previous example shows the simple case of having two threads (one for each column) and a single monitor A. One thread acquires before waiting and the other acquires before signalling. There are a few important things to note here. First, both \code{wait} and \code{signal} must be called with the proper monitor(s) already acquired. This can be hidden on the user side but is a logical requirement for barging prevention. Secondly, as stated above, while it is argued that not all problems regarding single monitors are solved, this paper only regards challenges of \gls{group-acquire} and considers other problems related to monitors as solved.
+
+An important note about this example is that signalling a monitor is a delayed operation. The ownership of the monitor is transferred only when the monitor would have otherwise been released, not at the point of the \code{signal} statement.
+
+A direct extension of the previous example is the \gls{group-acquire} version :
+
+\begin{multicols}{2}
+\begin{pseudo}
+acquire A & B
+        wait A & B
+release A & B
+\end{pseudo}
+
+\columnbreak
+
+\begin{pseudo}
+acquire A & B
+        signal A & B
+release A & B
+\end{pseudo}
+\end{multicols}
+
+This version uses \gls{group-acquire} (denoted using the \& symbol), but the presence of multiple monitors does not add a particularly new meaning. Synchronization will happen between the two threads in exactly the same way and order. The only difference is that mutual exclusion will cover more monitors. On the implementation side, handling multiple monitors at once does add a degree of complexity but it is not significant compared to the next few examples.
+
+For the sake of completeness, here is another example of the single-monitor case, this time with nesting. 
+
+\begin{multicols}{2}
+\begin{pseudo}
 acquire A
         acquire B
@@ -375 +433 @@
         release B
 release A
-\end{lstlisting}&\begin{lstlisting}[language=Pseudo]
-acquire A
-        acquire B
-                signal B
-        release B
-release A
-\end{lstlisting}
-\end{tabular}
-\end{center}
-
-Also easy : like uC++
-
-\begin{center}
-\begin{tabular}{ c @{\hskip 0.65in} c }
-\begin{lstlisting}[language=Pseudo]
-acquire A & B
-        wait A & B
-release A & B
-\end{lstlisting}&\begin{lstlisting}[language=Pseudo]
-acquire A & B
-        signal A & B
-release A & B
-\end{lstlisting}
-\end{tabular}
-\end{center}
-
-Simplest extension : can be made like uC++ by tying B to A
-
-\begin{center}
-\begin{tabular}{ c @{\hskip 0.65in} c }
-\begin{lstlisting}[language=Pseudo]
+\end{pseudo}
+
+\columnbreak
+
+\begin{pseudo}
+
+acquire B
+        signal B
+release B
+
+\end{pseudo}
+\end{multicols}
+
+While these cases can cause some deadlock issues, we consider that these issues are only a symptom of the fact that locks, and by extension monitors, are not perfectly composable. However, for monitors as for locks, it is possible to write program that using nesting without encountering any problems if they are nested carefully.
+
+The next example is where \gls{group-acquire} adds a significant layer of complexity to the internal signalling semantics.
+
+\begin{multicols}{2}
+\begin{pseudo}
 acquire A
         // Code Section 1
-        acquire B
+        acquire A & B
                 // Code Section 2
                 wait A & B
                 // Code Section 3
-        release B
+        release A & B
         // Code Section 4
 release A
-\end{lstlisting}&\begin{lstlisting}[language=Pseudo]
+\end{pseudo}
+
+\columnbreak
+
+\begin{pseudo}
 acquire A
         // Code Section 5
-        acquire B
+        acquire A & B
                 // Code Section 6
                 signal A & B
                 // Code Section 7
-        release B
+        release A & B
         // Code Section 8
 release A
-\end{lstlisting}
-\end{tabular}
-\end{center}
-
-Hard extension :
-
-Incorrect options for the signal : 
-
-\begin{description}
- \item[-] Release B and baton pass after Code Section 8 : Passing b without having it
- \item[-] Keep B during Code Section 8 : Can lead to deadlocks since we secretly keep a lock longer than specified by the user
- \item[-] Instead of release B transfer A and B to waiter then try to reacquire A before running Code Section 8 : This allows barging 
-\end{description}
-
-Since we don't want barging we need to pass A \& B and somehow block and get A back.
-
-\begin{center}
-\begin{tabular}{ c @{\hskip 0.65in} c }
-\begin{lstlisting}[language=Pseudo]
+\end{pseudo}
+\end{multicols}
+
+It is particularly important to pay attention to code sections 8 and 3 which are where the existing semantics of internal scheduling are undefined. The root of the problem is that \gls{group-acquire} is used in a context where one of the monitors is already acquired. As mentionned in previous sections, monitors support multiple acquiring which means the that nesting \gls{group-acquire} can be done safely. However, in the context of internal scheduling it is important to define the behaviour of the previous pseudo-code. When the signaller thread reaches the location where it should "release A \& B", it actually only needs to release the monitor B. Since the other thread is waiting on monitor B, the signaller thread cannot simply release the monitor into the wild. This would mean that the waiting thread would have to reacquire the monitor and would therefore open the door to barging threads. Since the signalling thread still needs the monitor A, simply transferring ownership to the waiting thread is not an option because it would pottentially violate mutual exclusion. We are therefore left with three options :
+
+\subsubsection{Delaying signals}
+The first more obvious solution to solve the problem of multi-monitor scheduling is to keep ownership of all locks until the last lock is ready to be transferred. It can be argued that that moment is the correct time to transfer ownership when the last lock is no longer needed is what fits most closely to the behaviour of single monitor scheduling. However, this solution can become much more complicated depending on the content of the code section 8. Indeed, nothing prevents a user from signalling monitor A on a different condition variable. In that case, if monitor B is transferred with monitor A, then it means the system needs to handle threads having ownership on more monitors than expected and how to tie monitors together. On the other hand if the signalling thread only transfers monitor A then somehow both monitors A and B have to be transferred to the waiting thread from two different threads. While this solution may work, it was not fully explored because there is no apparent upper bound on the complexity of ownership transfer.
+
+\subsubsection{Dependency graphs}
+In the previous pseudo-code, there is a solution which would statisfy both barging prevention and mutual exclusion. If ownership of both monitors is transferred to the waiter when the signaller releases A and then the waiter transfers back ownership of A when it releases it then the problem is solved. This is the second solution. The problem it encounters is that it effectively boils down to resolving a dependency graph of ownership requirements. Here even the simplest of code snippets requires two transfers and it seems to increase in a manner closer to polynomial. For example the following code which is just a direct extension to three monitors requires at least three ownership transfer and has multiple solutions. 
+
+\begin{multicols}{2}
+\begin{pseudo}
 acquire A
         acquire B
                 acquire C
                         wait A & B & C
-                1: release C
-        2: release B
-3: release A
-\end{lstlisting}&\begin{lstlisting}[language=Pseudo]
+                release C
+        release B
+release A
+\end{pseudo}
+
+\columnbreak
+
+\begin{pseudo}
 acquire A
         acquire B
                 acquire C
                         signal A & B & C
-                4: release C
-        5: release B
-6: release A
-\end{lstlisting}
-\end{tabular}
-\end{center}
-
-To prevent barging :
-
-\begin{description}
- \item[-] When the signaller hits 4 : pass A, B, C to waiter
- \item[-] When the waiter hits 2 : pass A, B to signaller
- \item[-] When the signaller hits 5 : pass A to waiter
-\end{description}
-
-
-\begin{center}
-\begin{tabular}{ c @{\hskip 0.65in} c }
-\begin{lstlisting}[language=Pseudo]
+                release C
+        release B
+release A
+\end{pseudo}
+\end{multicols}
+
+\subsubsection{Partial signalling}
+Finally, the solution that was chosen for \CFA is to use partial signalling. Consider the following case :
+
+\begin{multicols}{2}
+\begin{pseudo}[numbers=left]
 acquire A
-        acquire C
-                acquire B
-                        wait A & B & C
-                1: release B
-        2: release C
-3: release A
-\end{lstlisting}&\begin{lstlisting}[language=Pseudo]
-acquire B
-        acquire A
-                acquire C
-                        signal A & B & C
-                4: release C
-        5: release A
-6: release B
-\end{lstlisting}
-\end{tabular}
-\end{center}
-
-To prevent barging : When the signaller hits 4 : pass A, B, C to waiter. When the waiter hits 1 it must release B, 
-
-\begin{description}
- \item[-] 
- \item[-] When the waiter hits 1 : pass A, B to signaller
- \item[-] When the signaller hits 5 : pass A, B to waiter
- \item[-] When the waiter hits 2 : pass A to signaller
-\end{description}
+        acquire A & B
+                wait A & B
+        release A & B
+release A
+\end{pseudo}
+
+\columnbreak
+
+\begin{pseudo}[numbers=left, firstnumber=6]
+acquire A
+        acquire A & B
+                signal A & B
+        release A & B
+        // ... More code
+release A
+\end{pseudo}
+\end{multicols}
+
+The partial signalling solution transfers ownership of monitor B at lines 10 but does not wake the waiting thread since it is still using monitor A. Only when it reaches line 11 does it actually wakeup the waiting thread. This solution has the benefit that complexity is encapsulated in to only two actions, passing monitors to the next owner when they should be release and conditionnaly waking threads if all conditions are met. Contrary to the other solutions, this solution quickly hits an upper bound on complexity of implementation.
+
+% Hard extension :
+
+% Incorrect options for the signal : 
+
+% \begin{description}
+%  \item[-] Release B and baton pass after Code Section 8 : Passing b without having it
+%  \item[-] Keep B during Code Section 8 : Can lead to deadlocks since we secretly keep a lock longer than specified by the user
+%  \item[-] Instead of release B transfer A and B to waiter then try to reacquire A before running Code Section 8 : This allows barging 
+% \end{description}
+
+% Since we don't want barging we need to pass A \& B and somehow block and get A back.
+
+% \begin{center}
+% \begin{tabular}{ c @{\hskip 0.65in} c }
+% \begin{lstlisting}[language=Pseudo]
+% acquire A
+%       acquire B
+%               acquire C
+%                       wait A & B & C
+%               1: release C
+%       2: release B
+% 3: release A
+% \end{lstlisting}&\begin{lstlisting}[language=Pseudo]
+% acquire A
+%       acquire B
+%               acquire C
+%                       signal A & B & C
+%               4: release C
+%       5: release B
+% 6: release A
+% \end{lstlisting}
+% \end{tabular}
+% \end{center}
+
+% To prevent barging :
+
+% \begin{description}
+%  \item[-] When the signaller hits 4 : pass A, B, C to waiter
+%  \item[-] When the waiter hits 2 : pass A, B to signaller
+%  \item[-] When the signaller hits 5 : pass A to waiter
+% \end{description}
+
+
+% \begin{center}
+% \begin{tabular}{ c @{\hskip 0.65in} c }
+% \begin{lstlisting}[language=Pseudo]
+% acquire A
+%       acquire C
+%               acquire B
+%                       wait A & B & C
+%               1: release B
+%       2: release C
+% 3: release A
+% \end{lstlisting}&\begin{lstlisting}[language=Pseudo]
+% acquire B
+%       acquire A
+%               acquire C
+%                       signal A & B & C
+%               4: release C
+%       5: release A
+% 6: release B
+% \end{lstlisting}
+% \end{tabular}
+% \end{center}
+
+% To prevent barging : When the signaller hits 4 : pass A, B, C to waiter. When the waiter hits 1 it must release B, 
+
+% \begin{description}
+%  \item[-] 
+%  \item[-] When the waiter hits 1 : pass A, B to signaller
+%  \item[-] When the signaller hits 5 : pass A, B to waiter
+%  \item[-] When the waiter hits 2 : pass A to signaller
+% \end{description}
 
 % Monitors also need to schedule waiting threads internally as a mean of synchronization. Internal scheduling is one of the simple examples of such a feature. It allows users to declare condition variables and have threads wait and signaled from them. Here is a simple example of such a technique :
@@ -920 +1027 @@
 % #        #   #     #    ###    #     # #     # #     # #       #     #
 % ####### #     #    #    ###     #####   #####  #     # ####### ######
-\newpage
-\subsection{External scheduling} \label{extsched}
+\section{External scheduling} \label{extsched}
 An alternative to internal scheduling is to use external scheduling instead. This method is more constrained and explicit which may help users tone down the undeterministic nature of concurrency. Indeed, as the following examples demonstrates, external scheduling allows users to wait for events from other threads without the concern of unrelated events occuring. External scheduling can generally be done either in terms of control flow (ex: \uC) or in terms of data (ex: Go). Of course, both of these paradigms have their own strenghts and weaknesses but for this project control flow semantics where chosen to stay consistent with the rest of the languages semantics. Two challenges specific to \CFA arise when trying to add external scheduling with loose object definitions and multi-monitor routines. The following example shows a simple use \code{accept} versus \code{wait}/\code{signal} and its advantages.
 
@@ -959 +1065 @@
 % ####### ####### #######  #####  #######    ####### ######   #####   #####
 
-\subsubsection{Loose object definitions}
+\subsection{Loose object definitions}
 In \uC, monitor declarations include an exhaustive list of monitor operations. Since \CFA is not object oriented it becomes both more difficult to implement but also less clear for the user :
 
@@ -984 +1090 @@
 \end{center}
 
-For the \pseudo{monitor is free} condition it is easy to implement a check that can evaluate the condition in a few instruction. However, a fast check for \pseudo{monitor accepts me} is much harder to implement depending on the constraints put on the monitors. Indeed, monitors are often expressed as an entry queue and some acceptor queue as in the following figure :
+For the \pscode{monitor is free} condition it is easy to implement a check that can evaluate the condition in a few instruction. However, a fast check for \pscode{monitor accepts me} is much harder to implement depending on the constraints put on the monitors. Indeed, monitors are often expressed as an entry queue and some acceptor queue as in the following figure :
 
 \begin{center}
@@ -1057 +1163 @@
 % #     #  #####  #######    #    ###    #     # ####### #     #
 
-\subsubsection{Multi-monitor scheduling}
+\subsection{Multi-monitor scheduling}
 
 External scheduling, like internal scheduling, becomes orders of magnitude more complex when we start introducing multi-monitor syntax. Even in the simplest possible case some new semantics need to be established :
@@ -1116 +1222 @@
 
 
-\subsubsection{Implementation Details: External scheduling queues}
+\subsection{Implementation Details: External scheduling queues}
 To support multi-monitor external scheduling means that some kind of entry-queues must be used that is aware of both monitors. However, acceptable routines must be aware of the entry queues which means they must be stored inside at least one of the monitors that will be acquired. This in turn adds the requirement a systematic algorithm of disambiguating which queue is relavant regardless of user ordering. The proposed algorithm is to fall back on monitors lock ordering and specify that the monitor that is acquired first is the lock with the relevant entry queue. This assumes that the lock acquiring order is static for the lifetime of all concerned objects but that is a reasonnable constraint. This algorithm choice has two consequences, the entry queue of the highest priority monitor is no longer a true FIFO queue and the queue of the lowest priority monitor is both required and probably unused. The queue can no longer be a FIFO queue because instead of simply containing the waiting threads in order arrival, they also contain the second mutex. Therefore, another thread with the same highest priority monitor but a different lowest priority monitor may arrive first but enter the critical section after a thread with the correct pairing. Secondly, since it may not be known at compile time which monitor will be the lowest priority monitor, every monitor needs to have the correct queues even though it is probable that half the multi-monitor queues will go unused for the entire duration of the program.
 
-\subsection{Other concurrency tools}
+\section{Other concurrency tools}
 TO BE CONTINUED...
 
@@ -1131 +1237 @@
 
 
-\newpage
 % ######     #    ######     #    #       #       ####### #       ###  #####  #     #
 % #     #   # #   #     #   # #   #       #       #       #        #  #     # ##   ##
@@ -1139 +1244 @@
 % #       #     # #    #  #     # #       #       #       #        #  #     # #     #
 % #       #     # #     # #     # ####### ####### ####### ####### ###  #####  #     #
-\section{Parallelism}
+\chapter{Parallelism}
 Historically, computer performance was about processor speeds and instructions count. However, with heat dissipation being a direct consequence of speed increase, parallelism has become the new source for increased performance~\cite{Sutter05, Sutter05b}. In this decade, it is not longer reasonnable to create a high-performance application without caring about parallelism. Indeed, parallelism is an important aspect of performance and more specifically throughput and hardware utilization. The lowest-level approach of parallelism is to use \glspl{kthread} in combination with semantics like \code{fork}, \code{join}, etc. However, since these have significant costs and limitations, \glspl{kthread} are now mostly used as an implementation tool rather than a user oriented one. There are several alternatives to solve these issues that all have strengths and weaknesses. While there are many variations of the presented paradigms, most of these variations do not actually change the guarantees or the semantics, they simply move costs in order to achieve better performance for certain workloads.
 
+\section{Paradigm}
 \subsection{User-level threads}
 A direct improvement on the \gls{kthread} approach is to use \glspl{uthread}. These threads offer most of the same features that the operating system already provide but can be used on a much larger scale. This approach is the most powerfull solution as it allows all the features of multi-threading, while removing several of the more expensives costs of using kernel threads. The down side is that almost none of the low-level threading problems are hidden, users still have to think about data races, deadlocks and synchronization issues. These issues can be somewhat alleviated by a concurrency toolkit with strong garantees but the parallelism toolkit offers very little to reduce complexity in itself.
@@ -1147 +1253 @@
 Examples of languages that support \glspl{uthread} are Erlang~\cite{Erlang} and \uC~\cite{uC++book}.
 
-\subsubsection{Fibers : user-level threads without preemption}
+\subsection{Fibers : user-level threads without preemption}
 A popular varient of \glspl{uthread} is what is often reffered to as \glspl{fiber}. However, \glspl{fiber} do not present meaningful semantical differences with \glspl{uthread}. Advocates of \glspl{fiber} list their high performance and ease of implementation as majors strenghts of \glspl{fiber} but the performance difference between \glspl{uthread} and \glspl{fiber} is controversial and the ease of implementation, while true, is a weak argument in the context of language design. Therefore this proposal largely ignore fibers.
 
@@ -1494 +1600 @@
 % #     # #       #
 % #     # ####### #######
-\section{Putting it all together}
-
-
-
-
+\chapter{Putting it all together}
+
+
+
+
+
+\chapter{Conclusion}
 
 
@@ -1512 +1620 @@
 % #       #     #    #    #     # #    #  #
 % #        #####     #     #####  #     # ######
-\section{Future work}
+\chapter{Future work}
 Concurrency and parallelism is still a very active field that strongly benefits from hardware advances. As such certain features that aren't necessarily mature enough in their current state could become relevant in the lifetime of \CFA.
 \subsection{Transactions}

doc/proposals/concurrency/style.tex

@@ -1 +1 @@
 \input{common}                                          % bespoke macros used in the document
+\input{cfa-format}
 
 % \CFADefaultStyle

doc/proposals/concurrency/version

@@ -1 @@
-0.7.141
+0.8.2