Parallelism Safety-Critical Guidelines for C++ - Michael Wong, Andreas Weis, Ilya Burylov - CppCon22
ฝัง
- เผยแพร่เมื่อ 26 ส.ค. 2024
- cppcon.org/
---
Parallelism Safety-Critical Guidelines for C++ - Michael Wong, Andreas Weis, Ilya Burylov & Christof Meerwald - CppCon 2022
github.com/Cpp...
There are many C++ safety guidelines, including the C++ Core Guidelines, MISRA, AUTOSAR, JSF, CERT, High Integrity C++. But most of these either have no coverage of parallelism and concurrency safety or very little.
Part of this is due to the lack of experts that cover both the parallelism and concurrency domain, where high performance is the key focus, as well as the safety domain, which often can be counter to performance.
The next revision of MISRA C++ is heavily anticipated, with the first batch of rules being moved into public review in 2022. What you may not know is that there is also a group working on C++ parallel concurrency safety rules to be issued alongside the next MISRA C++.
C++ Core Guidelines also has a small section on parallelism and concurrency but it is small compared to the guidelines on sequential execution. Last year, we announced our intention to divide some of the rules found in this Misra parallel C++ safety group into both C++ CG and MISRA.
As many in the industry head towards multicore, manycore, and heterogeneous architectures, especially the case in the automotive, medical, and engineering industries, there has been increasing demands for these kinds of guidelines. However, most safety rules tend to focus only on sequential code. This WG within MISRA C++ in cooperation with C++ Core Guidelines is attended by safety experts with a parallelism background attempting to unify these guidelines.
This talk will take a look into the future and speak of some of the challenges we see with newer parallelism features from C++20 and beyond, analyzing potential issues in the context of safety-critical software and how they could be addressed by future rules. We will also summarize the latest progress of the group, reviewing the rules that have the potential of entering MISRA NEXT, or C++ CG covering parallelism features up to and including C++17.
---
Michael Wong
Michael Wong is a Distinguished Engineer at Codeplay Software, a Scottish company that produces compilers, debuggers, runtimes, testing systems, and other specialized tools to aid software development for heterogeneous systems, accelerators, and special purpose processor architectures, including GPUs and DSPs. For twenty years, he was the Senior Technical Strategy Architect for IBM compilers. Michael is also Chair of the Khronos C++ Heterogeneous Programming language SYCL, Editor for the Concurrency TS and the Transactional Memory TS, Canadian Head of Delegation to the ISO C++ Standard, Founding member of the ISO C++ Directions group, Director and VP of ISOCPP.org and Chair of al Programming Languages for Canada’s Standard Councils.
---
Andreas Weis
Andreas Weis has been writing C++ code in many different domains, from real-time graphics, to distributed applications, to embedded systems. As a library writer by nature, he enjoys writing portable code and exposing complex functionalities through simple, richly-typed interfaces. Both of which C++ allows him to do extensively. Andreas is also one of the co-organizers of the Munich C++ User Group, which allows him to share this passion with others on a regular basis.
He currently works for Woven Planet, where he focuses on building modern software for use in safety critical systems.
---
Ilya Burylov
Ilya is an architect of C++ software solutions for autonomous driving market. He is working on contribution into functional safety standard MISRA and C++ standard bodies in threading and vectorization.
Ilya has contributed into various Intel software products such as Intel DAAL and Intel MKL.
---
Videos Filmed & Edited by Bash Films: www.BashFilms.com
TH-cam Channel Managed by Digital Medium Ltd events.digital...
#cppcon #programming #parallelism
Are reference arguments for Coroutines an issue if you use std::generator and never pass thread boundaries? If all references point to objects hold by the owner of the coroutine, it should be save. I would guess this could also be checked. Without references it might be hard to use coroutines in many complex scenarios, when you are forced to use co_yield for all data passing.
The problem is that at the point of declaration of the coroutine you don't necessarily know how it is used and what it's lifetime is going to be. The rule you are proposing requires system-wide analysis to inspect all points of use of a coroutine and is potentially undecidable, making it significantly harder to check. For practical reasons, MISRA strongly prefers rules that are local and decidable, even if that means that we will also ban some potentially useful patterns.
In practice this is fine. You can always deviate a MISRA rule for the cases where you know that there are no lifetime issues. This will trigger some additional review effort, but I think that's a good thing in this case. Also, tools can provide smarter checker implementations that are able to recognize certain safe patterns for you, such as when the coroutine is trivially enclosed by a local scope. We might even formalize such exceptions for cases where we feel it is reasonable.
interesting lecture thanks