[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [moca] definitions of race conditions?



> could you please tell me the source of this definition? I'm
> interested.

from nowhere in particular. i made it up for my moca posting,
reflecting what i seem to have read in many a concurrency theory
text. for a prototypical example you could look at page 9 of "types
for safe locking" by flanagan and abadi.

to see why i have a problem with this definition consider the
following procedure.

   void transfer( Account from, Account to, Money amountToTransfer )
   {
       from.amount := from.amount - amountToTransfer;
       to.amount := to.amount + amountToTransfer
   }

does it have a race condition?

it depends. if it is executed sequentially, then clearly not. but what
if we execute

   transfer( from, to, 100 )  |  transfer( from, to, -32 )?

well, if Money is a synonym for 32bit words on a 32bit CPU, then this
program is not exhibiting race conditions according to my (and
flanagan&abadi's) definition, because of the atomicity of 32 bit
memory accesses. but that is clearly wrong.  if we ran two
instantiations of transfer in parallel, we expect it to behave as if
we had written

   void transfer( Account from, Account to, Money amountToTransfer )
   {
       from.lock();
       to.lock();

       from.amount := from.amount - amountToTransfer;
       to.amount := to.amount + amountToTransfer

       from.unlock();
       to.unlock();
   }

in other words, we expect

   from.amount := from.amount - amountToTransfer;
   to.amount := to.amount + amountToTransfer

to be executed atomically. however, what if, in the first definition
of transfer, Money was a synonym for 64bit word, but still executed on
a 32 bit machine? would my definition indicate a race condition?  i
can think of two answers:

* no, despite the fact that each read or write access to an instance of
  Money now takes two memory accesses, which can be interrupted and
  hence corrupted. why would it still not be a race condition? again
  because the hardware guarantees that at most one memory access at
  a time.

* yes, because -- from the point of view of the high level language --
  each access to a memory location takes two physical accesses and
  if one thread starts to write at x at cpu-cycle t and another at
  cpu-cycle t+1, we have two threads accessing x at overlapping
  intervals.

this suggests to me that the proposed definition is too simple.
what's really going on in race conditions is violation of atomicity,
and that cannot be determined just by looking at when reads and writes
are done. but what counts as an atomic or "critical" part of a
program?  can that even be seen just by looking at code?

what if the above programs weren't nicked from banking software, but
rather my entry to last years "obfuscated toy-language coding contest,
and their intended behaviour was that of a random generator?

so i guess my question is: where can i find throughly formal accounts
of race conditions in the sense that i have tried to describe? of
course my aim is to see how such accounts pan out in the pi-calculus.

martin

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The "models for mobility" mailing list mailto:moca@xxxxxxxxxxxxxxx
http://www-sop.inria.fr/mimosa/personnel/Davide.Sangiorgi/moca.html