Dynamic Pushdown Networks With Priorities: Marcio Diaz and Tayssir Touili

Dynamic Pushdown Networks with Priorities
Marcio Diaz and Tayssir Touili
LIPN, Universite Paris 13 and Universite Paris Diderot
17 May 2017
Motivation
Threads with priorities are used in a broad range of software systems from cars to
spacecrafts:
Motivation
spacecrafts:
Important
Many software systems use threads with priorities to handle tasks
with different execution urgency.
Motivation
spacecrafts:
Important
Many software systems use threads with priorities to handle tasks
with different execution urgency.
Example
In a car the bracket subsystem should have higher priority than the
music subsystem to access resources.
Modeling Multithreaded Programs with Priorities
I Pushdown Systems (PDSs) are a standard model for

sequential programs. It consists on:

I A finite set of control locations P = {p, q, . . . }, used to model
global variables and return values.

I A finite stack alphabet = {, . . . }, used to model calls and
returns.

returns.
I A finite set of transition rules of the form: p , q 0
(calls), p , q (returns), p , q 0 (transition).

returns.
I Dynamic Pushdown Networks (DPNs) were created to
extend PDSs to multithreaded programs. Each pushdown has
the ability to create another pushdown: p , q1 1 B q2 2 .

returns.
I Dynamic Pushdown Networks (DPNs) were created to
extend PDSs to multithreaded programs. Each pushdown has
the ability to create another pushdown: p , q1 1 B q2 2 .
Thus, for modeling multithreaded programs with priorities it is

natural to consider Dynamic Pushdown Networks with Priorities
(P-DPNs).
DPN with Priorities (P-DPN): Model Definition
Definition
A Dynamic Pushdown Network with Priorities (P-DPN) is a
tuple M = (P, , , ), where:
I P is a finite set of control locations,
Definition
I is a finite stack alphabet,
Definition
I : P I is a function from control locations to a finite set
of natural numbers I representing priorities,
Definition
I is a finite set of:
Definition
I non-spawning rules: p , qw ,
Definition
I spawning rules p , q1 w1 B q2 w2 .
Definition
where p, q1 , q2 P, and , 1 , 2 .
Definition
where p, q1 , q2 P, and , 1 , 2 .
A Dynamic Pushdown Network (DPN) can be seen as a P-DPN
(P, , , 0 ) such that p P, 0 (p) = 0.
DPN with Priorities (P-DPN): Semantics
Definition
We overload to global configurations p1 w1 . . . pn wn (P ) ,
(p1 w1 . . . pn wn ) := max((p1 ), . . . , (pn )).
Definition
(p1 w1 . . . pn wn ) := max((p1 ), . . . , (pn )).
Definition
The transition relation M of a P-DPN M is defined as the
smallest relation in ConfM ConfM such that c1 , c2 ConfM :
Definition
(p1 w1 . . . pn wn ) := max((p1 ), . . . , (pn )).
Definition
1. c1 pr c2 M c1 qr c2 ,
if (c1 pr c2 ) = (p) and p , q ;
Definition
(p1 w1 . . . pn wn ) := max((p1 ), . . . , (pn )).
Definition
1. c1 pr c2 M c1 qr c2 ,
if (c1 pr c2 ) = (p) and p , q ;
2. c1 pr c2 M c1 q2 2 q1 1 r c2 ,
if (c1 pr c2 ) = (p) and p , q1 1 B q2 2 ;
Definition
(p1 w1 . . . pn wn ) := max((p1 ), . . . , (pn )).
Definition
1. c1 pr c2 M c1 qr c2 ,
if (c1 pr c2 ) = (p) and p , q ;
2. c1 pr c2 M c1 q2 2 q1 1 r c2 ,
if (c1 pr c2 ) = (p) and p , q1 1 B q2 2 ;
where p, q, q1 , q2 P, , , 1 , 2 , r .
We denote as M the transitive-reflexive closure of M .
Example of Multithreaded Program with Priorities
1 int x = 0;
2 spin_lock l ;
3
4 void main () { I The starting thread main dynamically
5 // Priority 1.
6 thread_create (A ,1); creates two threads: A and B.
7 thread_create (B ,2);
8 }
9
10 void A () {
11 // Priority 1.
12 spinlock_lock ( l );
13 x ++;
14 s pi nl oc k _unlock ( l );
15 }
16
17 void B () {
18 // Priority 2.
20 int tmp = x ;
21 assert ( tmp == x );
23 }
1 int x = 0;
2 spin_lock l ;
3
5 // Priority 1.
8
9
} I Thread A has priority of 1 and thread B
10
11
void A () {
// Priority 1.
has priority of 2.
13 x ++;
15 }
16
17 void B () {
18 // Priority 2.
20 int tmp = x ;
23 }
1 int x = 0;
2 spin_lock l ;
3
5 // Priority 1.
8
9
10
11
void A () {
// Priority 1.
has priority of 2.
13 x ++;
I Thread A cannot interrupt thread B, once
15 } B it is created.
16
17 void B () {
18 // Priority 2.
20 int tmp = x ;
23 }
1 int x = 0;
2 spin_lock l ;
3
5 // Priority 1.
8
9
10
11
void A () {
// Priority 1.
has priority of 2.
13 x ++;
16
17 void B () { I A thread attempting to acquire a spinlock
18 // Priority 2.
19 spinlock_lock ( l ); does not sleep if it cannot acquire it.
20 int tmp = x ;
23 }
1 int x = 0;
2 spin_lock l ;
3
5 // Priority 1.
8
9
10
11
void A () {
// Priority 1.
has priority of 2.
13 x ++;
16
17 void B () { I A thread attempting to acquire a spinlock
18 // Priority 2.
19 spinlock_lock ( l ); does not sleep if it cannot acquire it.
20 int tmp = x ;
21
22
assert ( tmp == x );
s pi nl oc k _unlock ( l );
I Then there is a deadlock in this code.
23 }
Modeling the previous example with P-DPN
1 int x = 0;
2 spin_lock l ;
3 I The set of control locations is
4 void main () {
5 // Priority 1. P = {p0 , p1 , p2 }, one for each priority.
6 thread_create (A ,1);
8 }
9
10 void A () {
11 // Priority 1.
13 x ++;
15 }
16
17 void B () {
18 // Priority 2.
20 int tmp = x ;
23 }
1 int x = 0;
2 spin_lock l ;
4 void main () {
7
8 }
thread_create (B ,2); I The stack alphabet is
9
10 void A () {
= {m0 , m1 , a0 , . . . , a2 , b0 , . . . , b3 }.
11 // Priority 1.
13 x ++;
15 }
16
17 void B () {
18 // Priority 2.
20 int tmp = x ;
23 }
1 int x = 0;
2 spin_lock l ;
4 void main () {
7
8 }
9
10 void A () {
= {m0 , m1 , a0 , . . . , a2 , b0 , . . . , b3 }.
11 // Priority 1.
I The transitions rules are = {
13 x ++;
14 s pi nl oc k _unlock ( l ); p1 m0 , p1 m1 B p1 a0 , p1 m1 , p0 B p2 b0 ,
15 }
16 p1 a0 , p1 a1 , p1 a1 , p1 a2 , p1 a2 , p0 ,
17 void B () {
18 // Priority 2.
p2 b0 , p2 b1 , p2 b1 , p2 b2 ,
19
20
spinlock_lock ( l );
int tmp = x ;
p2 b2 , p2 b3 , p2 b3 , p0 }.
23 }
1 int x = 0;
2 spin_lock l ;
4 void main () {
7
8 }
9
10 void A () {
= {m0 , m1 , a0 , . . . , a2 , b0 , . . . , b3 }.
11 // Priority 1.
I The transitions rules are = {
13 x ++;
14 s pi nl oc k _unlock ( l ); p1 m0 , p1 m1 B p1 a0 , p1 m1 , p0 B p2 b0 ,
15 }
16 p1 a0 , p1 a1 , p1 a1 , p1 a2 , p1 a2 , p0 ,
17 void B () {
18 // Priority 2.
p2 b0 , p2 b1 , p2 b1 , p2 b2 ,
19
20
spinlock_lock ( l );
int tmp = x ;
p2 b2 , p2 b3 , p2 b3 , p0 }.
22 s pi nl oc k _unlock ( l ); I For all pi P, (pi ) = i.
23 }
Execution tree of a P-DPN
1 int x = 0; p1 m0 1. The starting

2 spin_lock l ;
3 configuration is
4 void main () {
5 // Priority 1. p1 a0 p1 m1 p1 m0 .
8 }
9 p1 a1 p2 b0 p0
10 void A () {
11 // Priority 1.
13 x ++; p1 a2 p2 b1
15 }
16
17 void B () {
p0 p2 b2
18 // Priority 2.
20 int tmp = x ;
21 assert ( tmp == x ); p2 b3
23 }
p0

2 spin_lock l ;
3 configuration is
4 void main () {
5 // Priority 1. p1 a0 p1 m1 p1 m0 .
7
8 }
thread_create (B ,2); 2. Then thread A is
9 p1 a1 p2 b0 p0 created.
10 void A () {
11 // Priority 1.
13 x ++; p1 a2 p2 b1
15 }
16
17 void B () {
p0 p2 b2
18 // Priority 2.
20 int tmp = x ;
23 }
p0

2 spin_lock l ;
3 configuration is
4 void main () {
5 // Priority 1. p1 a0 p1 m1 p1 m0 .
7
8 }
10 void A () {
11 // Priority 1.
12 spinlock_lock ( l ); 3. Then thread B is
13 x ++; p1 a2 p2 b1
14 s pi nl oc k _unlock ( l ); created.
15 }
16
17 void B () {
p0 p2 b2
18 // Priority 2.
20 int tmp = x ;
23 }
p0

2 spin_lock l ;
3 configuration is
4 void main () {
5 // Priority 1. p1 a0 p1 m1 p1 m0 .
7
8 }
10 void A () {
11 // Priority 1.
13 x ++; p1 a2 p2 b1
15 }
16
p0 p2 b2 4. Thread B execute
17 void B () {
18 // Priority 2. until the end.
20 int tmp = x ;
23 }
p0

2 spin_lock l ;
3 configuration is
4 void main () {
5 // Priority 1. p1 a0 p1 m1 p1 m0 .
7
8 }
10 void A () {
11 // Priority 1.
13 x ++; p1 a2 p2 b1
15 }
16
17 void B () {
20 int tmp = x ;
23 }
p0

2 spin_lock l ;
3 configuration is
4 void main () {
5 // Priority 1. p1 a0 p1 m1 p1 m0 .
7
8 }
10 void A () {
11 // Priority 1.
13 x ++; p1 a2 p2 b1
15 }
16
17 void B () {
20 int tmp = x ;
23 }
p0

2 spin_lock l ;
3 configuration is
4 void main () {
5 // Priority 1. p1 a0 p1 m1 p1 m0 .
7
8 }
10 void A () {
11 // Priority 1.
13 x ++; p1 a2 p2 b1
15 }
16
17 void B () {
20 int tmp = x ;
23 }
p0

2 spin_lock l ;
3 configuration is
4 void main () {
5 // Priority 1. p1 a0 p1 m1 p1 m0 .
7
8 }
10 void A () {
11 // Priority 1.
13 x ++; p1 a2 p2 b1
15 }
16
17 void B () {
20
21
int tmp = x ;
assert ( tmp == x ); p2 b3 5. Then thread A
22
23 }
s pi nl oc k _unlock ( l ); execute until the
p0 end.

2 spin_lock l ;
3 configuration is
4 void main () {
5 // Priority 1. p1 a0 p1 m1 p1 m0 .
7
8 }
10 void A () {
11 // Priority 1.
13 x ++; p1 a2 p2 b1
15 }
16
17 void B () {
20
21
int tmp = x ;
22
23 }
p0 end.

2 spin_lock l ;
3 configuration is
4 void main () {
5 // Priority 1. p1 a0 p1 m1 p1 m0 .
7
8 }
10 void A () {
11 // Priority 1.
13 x ++; p1 a2 p2 b1
15 }
16
17 void B () {
20
21
int tmp = x ;
22
23 }
p0 end.
Priority Structures: Idea
p1 m0
Why is the configuration p0 p0 p0 reachable?
p1 a0 p1 m1
p1 a1 p2 b0 p0
p1 a2 p2 b1
p0 p2 b2
p2 b3
p0
p1 m0
p1 a0 p1 m1 I Because the lowest priority of the
transitions of thread A (xa ) is lower than
p1 a1 p2 b0 p0 the lowest priority of the transitions of
thread B (xb ) allowing thread B to
p1 a2 p2 b1 execute until the end, and
p0 p2 b2
p2 b3
p0
p1 m0
I Because the last priority of thread B (yb )
p0 p2 b2 is lower than (xa ) allowing thread A to
execute until the end.
p2 b3
p0
p1 m0
p2 b3 Because yb xa xb .
p0
p1 m0
p2 b3 Because yb xa xb .
p0
Lemma
Two threads A and B can be scheduled together until the end iff
yb xa xb ya xb xa .
Priority Structures: Computation Algorithm
Given a forest h we define its priority structure (h) as:

J, (c)K if h = c.

(h) :=


J, (c)K if h = c.

update((c), (t)) if h = c(t).
(h) :=


J, (c)K if h = c.

(h) :=

update((c), (t) (t )) if h = c(t, t 0 ).
0


J, (c)K if h = c.

(h) :=

0

(t ) (t )
1 n if h = t1 . . . tn .

J, (c)K if h = c.

(h) :=

0

(t ) (t )
1 n if h = t1 . . . tn .
(
Jmin(n, x), y K if s = Jx, y K.
update(n, s) :=
if s = .

J, (c)K if h = c.

(h) :=

0

(t ) (t )
1 n if h = t1 . . . tn .
(
update(n, s) :=
if s = .
s1 := , s2 := .

J, (c)K if h = c.

(h) :=

0

(t ) (t )
1 n if h = t1 . . . tn .
(
update(n, s) :=
if s = .
s1 := , s2 := .
s1 s2 := Jmin(x1 , x2 ), max(y1 , y2 )K if
(y2 x1 x1 x2 ) (y1 x2 x2 x1 ), otherwise .
Priority Structures: Computation Example
p1 m0
p1 a0 p1 m1
p1 a1 p2 b0 p0
p1 a2 p2 b1
p0 p2 b2
p2 b3
p0
I We start from the leaves,
setting the lowest
p1 m0 transition priority to
and the highest last
p1 a0 p1 m1 priority to the priority of
the control state.
p1 a1 p2 b0 p0 , J, 0K
p1 a2 p2 b1
p0 , J, 0K p2 b2
p2 b3
p0 , J, 0K
setting the lowest
p1 a0 p1 m 1 priority to the priority of
the control state.
p1 a1 p2 b0 p0 , J, 0K I Then move to the roots
updating the lowest
p1 , J1, 0Ka2 p2 b1 transition priority and
propagating the highest
p0 , J, 0K p2 b2 last priority.
p2 , J2, 0Kb3
p0 , J, 0K
setting the lowest
p1 a0 p1 m 1 priority to the priority of
the control state.
p1 , J1, 0Ka1 p2 b0 p0 , J, 0K I Then move to the roots
updating the lowest
p1 , J1, 0Ka2 p2 b1 transition priority and
p0 , J, 0K p2 , J2, 0Kb2 last priority.
p2 , J2, 0Kb3
p0 , J, 0K
setting the lowest
p1 , J1, 0Ka0 p1 m 1 priority to the priority of
the control state.
p1 , J1, 0Ka1 p2 b0 p0 , J, 0K I Then move to the roots
updating the lowest
p1 , J1, 0Ka2 p2 , J2, 0Kb1 transition priority and
p2 , J2, 0Kb3
p0 , J, 0K
setting the lowest
p1 , J1, 0Ka0 p1 m 1 priority to the priority of
the control state.
p1 , J1, 0Ka1 p2 , J2, 0Kb0 p0 , J, 0K I Then move to the roots
updating the lowest
p2 , J2, 0Kb3
p0 , J, 0K
setting the lowest
p1 , J1, 0Ka0 p1 , J2, 0Km1 priority to the priority of
the control state.
updating the lowest
I Then we compose the
p2 , J2, 0Kb3 priority structures of the
created subtree with the
p0 , J, 0K priority structure of the
rest of the father
execution.
setting the lowest
p1 , J1, 0Km0 transition priority to
p1 , J1, 0Ka0 p1 , J2, 0Km1 priority to the priority of
the control state.
updating the lowest
I Then we compose the
p2 , J2, 0Kb3 priority structures of the
created subtree with the
p0 , J, 0K priority structure of the
rest of the father
execution.
Computing Predecessor Sets (pre)
I Input: regular set of P-DPN configurations represented by a

regular automaton A. These configurations correspond to
erroneous states.

erroneous states.
I Embed priority structures into control states of the P-DPN
and the automaton A.

erroneous states.
I Compute pre (L(A)) without taking into account priorities,
i.e. using DPN semantics. Use algorithm for computing
predecessor sets of a DPN [1].
[1] Regular Symbolic Analysis of Dynamic Networks of Pushdown

Systems. Ahmed Bouajjani, Markus M uller-Olm and Tayssir Touili.

erroneous states.
I Filter out configurations with priority structure.


erroneous states.
I Filter out configurations with priority structure.
I Ouput: regular set of P-DPN configurations represented by a
regular automaton A0 s.t. L(A0 ) = pre (L(A)).
Computing Predecessor Sets (pre ): Example
(p0 ) (p0 ) (p0 )

start q0 q1 q2 q3 q4 q5
I The automaton A accepts the configuration p0 p0 p0 .

(p0 , , 0) (p0 , , 0) (p0 , , 0)

I We embed the priority structure inside the control states.

Since configurations accepted by A are leaves the priority
structure is J, 0K.
q7
)
,0
b3
,2
2
(p
(p0 , , 0) (p0 , , 0) (p0 , , 0)
I We saturate the automaton updating the priority structures.

q7
)
,0
b3 , b2
,2
2
(p
(p0 , , 0) (p0 , , 0) (p0 , , 0)

q7
)
,0
b3 , b2 , b1
,2
2
(p
(p0 , , 0) (p0 , , 0) (p0 , , 0)

q7
)
,0
b3 , b2 , b1 , b0
,2
2
(p
(p0 , , 0) (p0 , , 0) (p0 , , 0)

q6
)
,0
,1
a2
1
(p
q7
)
,0
b3 , b2 , b1 , b0
,2
2
(p
(p0 , , 0) (p0 , , 0) (p0 , , 0)

q6
)
,0
a1
,1
a2 ,
1
(p
q7
)
,0
b3 , b2 , b1 , b0
,2
2
(p
(p0 , , 0) (p0 , , 0) (p0 , , 0)

q6
a0
,0
,1
a1 ,
1
(p
a2 ,
q7
)
,0
b3 , b2 , b1 , b0
,2
2
(p
(p0 , , 0) (p0 , , 0) (p0 , , 0)

q6
q8
)
a0
,0
,1
a1 ,
m
1
(p
a2 ,
1
)
q7
1, 0
1,
)
,0
(p b3 , b2 , b1 , b0
,2
2
(p
(p0 , , 0) (p0 , , 0) (p0 , , 0)

q6
q8 m
0
a0
,0
,1
a1 ,
m
1
(p
a2 ,
1
)
q7
1, 0
1,
)
,0
(p
b3 , b2 , b1 , b0
,2
2
(p
(p0 , , 0) (p0 , , 0) (p0 , , 0)
I The starting configuration p1 m0 is a predecessor of p0 p0 p0

since it is accepted by A0 with a non-bottom priority structure
of J1, 0K.
q6
q8 m
0
a0
,0
,1
a1 ,
m
1
(p
a2 ,
1
)
q7
1, 0
1,
)
,0
(p
b3 , b2 , b1 , b0
,2
2
(p
(p0 , , 0) (p0 , , 0) (p0 , , 0)
I The starting configuration p1 m0 is a predecessor of p0 p0 p0

since it is accepted by A0 with a non-bottom priority structure
of J1, 0K. Thus, the configuration p0 p0 p0 is reachable.

Dynamic Pushdown Networks With Priorities: Marcio Diaz and Tayssir Touili

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Dynamic Pushdown Networks With Priorities: Marcio Diaz and Tayssir Touili

Hochgeladen von

Copyright:

Verfügbare Formate

Dynamic Pushdown Networks with Priorities

Marcio Diaz and Tayssir Touili

LIPN, Universite Paris 13 and Universite Paris Diderot

I Pushdown Systems (PDSs) are a standard model for

I Pushdown Systems (PDSs) are a standard model for

I Pushdown Systems (PDSs) are a standard model for

I Pushdown Systems (PDSs) are a standard model for

I Pushdown Systems (PDSs) are a standard model for

I Pushdown Systems (PDSs) are a standard model for

Thus, for modeling multithreaded programs with priorities it is

1 int x = 0; p1 m0 1. The starting

1 int x = 0; p1 m0 1. The starting

1 int x = 0; p1 m0 1. The starting

1 int x = 0; p1 m0 1. The starting

1 int x = 0; p1 m0 1. The starting

1 int x = 0; p1 m0 1. The starting

1 int x = 0; p1 m0 1. The starting

1 int x = 0; p1 m0 1. The starting

1 int x = 0; p1 m0 1. The starting

1 int x = 0; p1 m0 1. The starting

Given a forest h we define its priority structure (h) as:

Given a forest h we define its priority structure (h) as:

Given a forest h we define its priority structure (h) as:

Given a forest h we define its priority structure (h) as:

Given a forest h we define its priority structure (h) as:

Given a forest h we define its priority structure (h) as:

Given a forest h we define its priority structure (h) as:

I Input: regular set of P-DPN configurations represented by a

I Input: regular set of P-DPN configurations represented by a

I Input: regular set of P-DPN configurations represented by a

[1] Regular Symbolic Analysis of Dynamic Networks of Pushdown

I Input: regular set of P-DPN configurations represented by a

[1] Regular Symbolic Analysis of Dynamic Networks of Pushdown

I Input: regular set of P-DPN configurations represented by a

(p0 )  (p0 )  (p0 )

I The automaton A accepts the configuration p0 p0 p0 .

(p0 , , 0)  (p0 , , 0)  (p0 , , 0)

I We embed the priority structure inside the control states.

I We saturate the automaton updating the priority structures.

I We saturate the automaton updating the priority structures.

I We saturate the automaton updating the priority structures.

I We saturate the automaton updating the priority structures.

I We saturate the automaton updating the priority structures.

I We saturate the automaton updating the priority structures.

I We saturate the automaton updating the priority structures.

I We saturate the automaton updating the priority structures.

I The starting configuration p1 m0 is a predecessor of p0 p0 p0

I The starting configuration p1 m0 is a predecessor of p0 p0 p0

Das könnte Ihnen auch gefallen

(p0 ) (p0 ) (p0 )

(p0 , , 0) (p0 , , 0) (p0 , , 0)