Batch semaphore, causality tracking #151
Conversation
|
Sweet.
There's more. Shuttle currently:
My opinion is that all of these should be its own crate. The question then becomes whether something which is called Shuttle should stick around. I think the thing called Shuttle will be the crate corresponding to bullet number 7. There is a question of whether it should also provide reexports of some of the other crates. I have not thought about that enough to have a definitive opinion, but I am generally of the opinion that the correct approach is to use the wrapper crates over what is provided by Shuttle directly. I am also of the opinion that |
Aurel300
force-pushed
the
feature/branch-semaphore
branch
from
a8f1676 to
e335688
Compare
| @@ -57,17 +226,26 @@ struct BatchSemaphoreState { | |||
| // | |||
| // (4) closed ==> waiters.is_empty() | |||
| waiters: VecDeque<Arc<Waiter>>, | |||
| permits_available: usize, | |||
| permits_available: PermitsAvailable, | |||
| // TODO: should there be a clock for the close event? | |||
There was a problem hiding this comment.
Yeah, think we need to add a causal dependency from the close event to subsequent Closed error returns. But we can do that in a followup.
There was a problem hiding this comment.
Yes. I tried to implement this, but ran into issues with getting a clock in the close method, because it may happen as part of the cleanup process/drop handlers. We talked with @sarsko a bit about re-organising how drops happen, which would unblock this.
There was a problem hiding this comment.
Should we track this in an issue?
Aurel300
force-pushed
the
feature/branch-semaphore
branch
7 times, most recently
from
3d6275d to
9b041d4
Compare
Aurel300
force-pushed
the
feature/branch-semaphore
branch
from
9b041d4 to
835cbce
Compare
Aurel300
force-pushed
the
feature/branch-semaphore
branch
from
835cbce to
5a4df57
Compare
Aurel300
force-pushed
the
feature/branch-semaphore
branch
from
5a4df57 to
0cb9d32
Compare
| use test_log::test; | ||
|
|
||
| #[test] | ||
| fn batch_semaphore_basic() { |
There was a problem hiding this comment.
nit: Do we need the batch_semaphore prefix for all of the tests — they are in the batch_semaphore.rs file after all.
| /// repeats. Neither thread can be blocked in this situation, and so neither | ||
| /// thread should causally depend on the other, but currently they do. | ||
| #[test] | ||
| #[should_panic(expected = "doesn't satisfy predicate")] |
There was a problem hiding this comment.
This shouldn't be should_panic, but ignore no ?
There was a problem hiding this comment.
Currently this specifies how the semaphore actually behaves, i.e. it will panic this way. If it ever starts failing (and the check succeeds), then the behaviour has changed and the test should be updated by removing the should_panic.
There was a problem hiding this comment.
Yes. Why do we want to waste CPU cycles to confirm that we have not improved Shuttle? I like the mechanical-ness of "oh hey btw here's a test which now works", but that could also be gotten by running this test (and optionally other tests) in CI.
Not blocking for me, I'll leave it for others to decide.
There was a problem hiding this comment.
Actually, I asked Aurel to add this, so we have a scenario showing that our causality tracking is imprecise.
There was a problem hiding this comment.
Actually, I asked Aurel to add this, so we have a scenario showing that our causality tracking is imprecise.
?
I don't disagree on the test but whether it should be ignore (and not should_panic) or should_panic (and not ignore)
There was a problem hiding this comment.
My two cents: with the explanation in the comment, the risk of someone mistaking this test as desirable behavior is pretty low. I think it's better to run the test than not to run it. If the test starts to break without addressing the issue, we'd like to know about it, instead of hoping that it still does what we want when running it manually.
Co-authored-by: Rajeev Joshi <jorajeev@amazon.com> Co-authored-by: Sarek Høverstad Skotåm <44001885+sarsko@users.noreply.github.com>
Aurel300
force-pushed
the
feature/branch-semaphore
branch
from
0cb9d32 to
2b9cc6a
Compare
This adds batch semaphores into Shuttle (not originally implemented by me) as the core primitive to be used for other synchronisation primitives. Vector clocks were added to the batch semaphore to track causality across
acquire,release, andtry_acquirecalls.Implementing other primitives using the batch semaphore will thus also cause causality to be tracked. The eventual goal is for primitives to only rely on the API of batch semaphore, without calls to e.g.
ExecutionState. As a result, batch semaphore and the runtime internals can be pulled out of Shuttle into a separateshuttle-corecrate, while both the stdlib and tokio primitives can be placed into new sibling crates,shuttle-stdlibandshuttle-tokio, respectively.An open question is how to proceed with the crate restructuring. One option is for the crate called
shuttlenow to "become"shuttle-stdlib, as it will contain the same primitives, but this would require various re-exports. We could also publish a wrapper crate calledshuttle(intended to be deprecated?) which will re-export items from bothshuttle-coreandshuttle-stdlib.Planned for this PR still: