Skip to content

Commit 46cf323

Browse files
mratsimmratsim
authored
Model Checked - MPSC queue + Rework State Machines (#128)
* model checking - 1st try to fix MPSC queue (the model checker crashes with not enough memory :/) * Give the thread the opportunity to not deadlock on sleep on Mac/with Clang * whoopsie * Add impl of Weave MPSC channel in C++ for CDSChecker model checking + comment out fences * Comment out GEMM tests for syncRoot + Pledges: #97 * don't use sleep, it's can deadlock in the CI ... * Try get epoch time to avoid mac bugs * use `getTime` and hope that it's properly implemented on Mac * State-machine, return to CheckTask to avoid leaving task spawning multitasks in queue (followup #121) * Don't spinlock for testing, deadlocks ARM and OSX * Could it be non-mono clock jitter? * Add some log for MacOS debug * Race condition between spawning the thread and entering the spinlock in the `isReady` test * a,d obviously I mess up the function call
1 parent 652399c commit 46cf323

File tree

12 files changed

+515
-39
lines changed

12 files changed

+515
-39
lines changed

formal_verification/README.md

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
# Formal Verification
2+
3+
To ensure that Weave synchronization data structures are free of
4+
concurrency bugs, deadlocks or livelocks they are formally verified via model checking.
5+
6+
The event notifier which parks idle threads and wake them up when receiving tasks
7+
has been formally implemented verified via TLA+ (Temporal Logic of Action).
8+
9+
TLA+ is an industrial-strength formal specification language, model checker and can plug into proof assistant to prove properties of code.
10+
It is used at Microsoft and Amazon to validate bug-free distributed protocol or at Intel to ensure that that the memory of a CPU is free of cache-coherency bugs.
11+
12+
Link: https://lamport.azurewebsites.net/tla/tla.html
13+
14+
15+
Weave Multi-Producer Single-Consumer queue has been implemented in C++ and run through CDSChecker, a model checking tool for C++11 atomics.
16+
17+
It exhaustively checks all possible thread interleavings to ensure that no path lead to a bug.
18+
19+
Note: Due to CDSChecker running out of "snapshotting memory" (to rollback to a previous program state) when using dlmalloc `mspace` functions, the checks are not complete.
20+
21+
Link: http://plrg.ics.uci.edu/software_page/42-2/

0 commit comments

Comments
 (0)