Multi-threaded Cannon (Experimental)

author: @mbaxter

Overview

This document discusses the proposed approach to implementing multithreading support in the Cannon VM. The main goal here is to reduce memory requirements of the op-program by enabling Go garbage collection, which requires threading support. Secondarily, this will allow us to remove some patching we do to overwrite unsupported operations from the loaded ELF program.

Thread management and scheduling are typically handled by the operating system via syscall operations that give program control over to the OS kernel. To support a minimal implementation of multithreading in the Cannon VM that specifically targets the go1.21 runtime, a few new Linux-specific syscall operations must be implemented. Additionally, the state of the threads in the system must be managed deterministically and in a provable way.

Resources

• Multithreaded Cannon VM
• https://specs.optimism.io/experimental/fault-proof/cannon-fault-proof-vm.html#syscalls
• Linux syscall numbers (see mipso32 column) with links to linux documentation, for example:
  • Futex
• Go runtime implementation targeting Linux OS / MIPS architecture:
  • Futex operations
  • Some syscall constants
• Explainer on Go thread management

Threading Logic

In this implementation, the new VM rotates between threads to provide concurrent execution rather than true parallel processing. The VM state holds an ordered list of ThreadState objects representing the set of all threads. Once a thread has exited, it can be removed from the set of threads to avoid the overhead of maintaining an ever-growing collection of threads.

Thread Traversal

Threads are traversed deterministically by moving from the first thread to the last thread, then back to the first thread repeatedly. For example, given the set of threads: {0,1,2,3}, we would traverse to each like: 0, 1, 2, 3, 2, 1, 0, 1, 2, 3, 2, ….

This sequencing allows us to implement the set of threads as 2 stacks, whose states can be succinctly proven. For details, see the “Witness Updates” section.

Context Switching

Sleep, Yield, and Wait

Operations to sleep, yield, or wait on some condition cause the VM to move on to the next thread in the sequence of threads.

Wake

When a wake call is made, the state’s Wakeup field is set to the target memory address specified in this call. The VM will iterate through the list of existing threads (visiting one thread at each individual step / state transition) looking for threads waiting on this address that can be woken up. First, the VM sets up for thread iteration by walking back to the first thread (iff Wakeup is set and we are traversing left, keep going until we have an empty left stack). Once we get there, switch directions and walk right, checking each thread as we go. Iteration stops when either:

• A thread is found that is waiting on the target address and the value stored here has changed or else the timeout (if set) has elapsed.
  • If such a thread is found, the thread is woken up.
• All threads have been checked (we have emptied the right stack)

After stopping, the Wakeup signal is cleared from the state and normal execution resumes.

Forced Thread Preemption

To avoid thread starvation (for example where a busy loop never executes a sleep, yield, or wait), the VM will force a context switch if a given thread has been executing too long.

For each step executed on a particular thread, the state variable StepsSinceLastContextSwitch is incremented. When we switch contexts to a new thread, StepsSinceLastContextSwitch is reset to 0. If StepsSinceLastContextSwitch reaches some maximum value MAX_STEPS_PER_THREAD(concrete value TBD), the vm forces a switch to the next thread in the sequence.

State Management

Modified Data Structures

State

• Remove the following fields related to the CPU state which are now managed by the ThreadState structure:
  • PC
  • NextPC
  • LO
  • HI
  • Registers
• Add thread-related fields:
  • StepsSinceLastContextSwitch - Tracks the number of steps devoted to the current thread. Once this hits some max value, we force a context switch to the next thread and reset this value to 0.
  • Wakeup - a uint32 memory address representing a signal to wakeup threads that are waiting on the word at this address via FUTEX_WAIT. Set to -1 if there is no current wakeup signal.
  • TraverseRight - a bool representing the current direction of traversal through the threads
  • ThreadsLeft - a stack of ThreadState objects
  • ThreadsRight - a stack of ThreadState objects
  • NextThreadID - Tracks the next thread ID to be assigned to newly created threads. This is monotonically increasing.

New Data Structures

ThreadState

• ThreadID - A uint32 id for the thread
• ExitCode- A uint8 exit code
• Exited - A bool determining whether the current thread has exited
• FutexAddr - A uint32 address that the thread is waiting on. Equal to -1 if there is no current wait.
• FutexVal - A uint32 value representing the expected value at FutexAddr when this thread is waiting. The thread can wake up when it reaches FutureTimeoutStep (below) or else when the value at this address differs from FutexVal . Set to 0 when there is no current wait.
• FutexTimeoutStep - Represents a future VM step when this thread’s current wait is over and the thread can be woken up. Set to 0 when there is no wait or no timeout. Currently set to a fixed number of steps FUTEX_TIMEOUT_STEPS (10,000).*
  • The general idea is that we expect most timeouts to be small (5ms, 10ms etc). So a fixed timeout should work well in those contexts.
• Cpu
  • PC
  • NextPC
  • LO
  • HI
• Registers

Witness Updates

Proving the state of all threads

In order to represent the current state of all threads, we can maintain 2 thread stacks: ThreadsLeft and ThreadsRight plus a bool telling us which way we are currently traversing the threads. These stacks can be represented in a way that is succinctly provable.

Representing the set of threads with 2 stacks

To traverse through the set of threads moving right, we pop a thread off the right stack, and push it onto the left stack. And vice versa for traversing leftward - we pop from the left stack and push to the right stack:

When traversing right, if the right stack is empty, we switch directions. Similarly when traversing left if the left stack is empty we switch directions. To operate on the current thread without switching to a new thread context, we pop from the appropriate stack, update the current thread and push back to the same stack. To drop an exited thread, we just don’t push it back onto either stack. When adding a new thread, we can (arbitrarily) push to the stack we’re traversing away from.

Representing a stack as a “hash onion”:

Stacks are a nice data structure because they can be represented using a “hash onion” style witness / proof construction. A stack’s structure is represented and proven as follows^[1]:

• A stack with no elements can be represented as some constant value like:
  • w0 = hash(bytes32(0) ++ bytes32(0)).
• To add an element to the stack, the witness is updated to:
  • w1 = hash(w0 ++ hash(el0)).
• To add another element, we get:
  • w2 = hash(w1 ++ hash(el1)).
• To pop an element from this stack, peel back the last hash operation:
  • w3 = w1
• To prove the top value elTop on the stack, given some witness w, you just need to reveal the bytes32 witness w'for the stack without elTop and verify:
  • w = hash(w' ++ hash(elTop))

Syscalls

Go runtime sourcecode syscall references:

• https://github.com/golang/go/blob/d8392e69973a64d96534d544d1f8ac2defc1bc64/src/runtime/sys_linux_mipsx.s#L15-L44

New Syscalls

Noop Syscalls

Syscall TODOs

Still need to investigate whether and how the following should be implemented.