| << Chapter < Page | Chapter >> Page > |
A Sesame Street skit has Grover in line at the grocery store, his basket heaped full of animal crackers and other essentials.A little old lady gets in line behind him, holding only a single candle, muttering how sheis late for her grandson's very first birthday party. Grover muses that she has to wait a long time for his big basketto be rung up, whereas if she went first it's hardly any delay at all for him.So he invites her to get in front of him in line, and she gratefully accepts.
You might guess what happens next though: Next in line is the Swedish Chef,needing only a single meatball (Bork! Bork! Bork!), and then fish-flinging Lew Zealand , who is buying just one little herring,followed by[insert Grover's resigned sigh here].
The scheduler, in this case, is the social protocol at the checkout line(which includes Grover's politeness). This input situation demonstrates how Grover gets starved.The alternate protocol of having an additional express checkout line (without allowing any butt-ins) is an attempt to minimizecustomers' wait-delay without introducing starvation.
Typically, a race condition is an oversight by the programmer who did not realize the interleaving was possible.Race conditions are notoriously hard to debug and test for because they can well occur in highly unlikely situations.
More generally, these and other issues are categorized as being either safety or liveness issues.
In this module, we will concentrate on the four issues of deadlock, livelock, race conditions, and fairness.We will see how to write and automatedly detect these problems in some concurrent programs, using the tools Promela and SPIN . We will also learn how to formally specify more intricate propertiesusing temporal logic .
There are known programming techniques to avoid certain problems such as deadlock and some kinds of race conditions.Some of these techniquesnotably locks and semaphoresare so common that they are often embedded into programming languages.While the details of such techniques are outside the scope of this module,it is important to recognize that although they greatly help writing concurrent problems, they don't mean that concurrency problemscan't arise.
Given concurrent code, how can we determine if it behaves as expected? Certainly we can test it on various inputs, but we can never tryevery possible input. Neither can we test every possible interleaving on every possible input. As always, testing can reveal errors, but itcan't demonstrate the lack of errors.
Since concurrency problems can lead to programs that don't terminate, it's clear that detecting concurrency problems can't be any easierthan the Halting Problem , which is itself unsolvable. So we can't write a checker which takes a concurrent program asinput and always determines whether it's free of (say) deadlock.
But just as we can study individual programs and conclude whether or not they will halt,for many real-world concurrent programs, we can determine whether or not they are susceptible to deadlock. For example, communications protocolsgenerally have a finite number of options and are amenable to automated checking.Thus automated tools (such as SPIN) are valuable aid in catching and eliminating real-world bugs.
Notification Switch
Would you like to follow the 'Model checking concurrent programs' conversation and receive update notifications?
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|