ADVERSARIAL MEMORY FOR DETECTING DESTRUCTIVE RACES Cormac Flanagan & Stephen Freund UC Santa Cruz Williams College PLDI 2010 Slides by Michelle Goodstein.

Slides:

Advertisements

Similar presentations

Bounded Model Checking of Concurrent Data Types on Relaxed Memory Models: A Case Study Sebastian Burckhardt Rajeev Alur Milo M. K. Martin Department of.

Advertisements

Java PathRelaxer: Extending JPF for JMM-Aware Model Checking Huafeng Jin, Tuba Yavuz-Kahveci, and Beverly Sanders Computer and Information Science and.

Goldilocks: Efficiently Computing the Happens-Before Relation Using Locksets Tayfun Elmas 1, Shaz Qadeer 2, Serdar Tasiran 1 1 Koç University, İstanbul,

A Randomized Dynamic Program Analysis for Detecting Real Deadlocks Koushik Sen CS 265.

Scalable and Precise Dynamic Datarace Detection for Structured Parallelism Raghavan RamanJisheng ZhaoVivek Sarkar Rice University June 13, 2012 Martin.

D u k e S y s t e m s Time, clocks, and consistency and the JMM Jeff Chase Duke University.

Silberschatz, Galvin and Gagne ©2013 Operating System Concepts – 9 th Edition Chapter 5: Process Synchronization.

Chrysalis Analysis: Incorporating Synchronization Arcs in Dataflow-Analysis-Based Parallel Monitoring Michelle Goodstein*, Shimin Chen †, Phillip B. Gibbons.

/ PSWLAB Concurrent Bug Patterns and How to Test Them by Eitan Farchi, Yarden Nir, Shmuel Ur published in the proceedings of IPDPS’03 (PADTAD2003)

Atomizer: A Dynamic Atomicity Checker For Multithreaded Programs Stephen Freund Williams College Cormac Flanagan University of California, Santa Cruz.

SOS: Saving Time in Dynamic Race Detection with Stationary Analysis Du Li, Witawas Srisa-an, Matthew B. Dwyer.

Atomicity in Multi-Threaded Programs Prachi Tiwari University of California, Santa Cruz CMPS 203 Programming Languages, Fall 2004.

/ PSWLAB Atomizer: A Dynamic Atomicity Checker For Multithreaded Programs By Cormac Flanagan, Stephen N. Freund 24 th April, 2008 Hong,Shin.

Cormac Flanagan and Stephen Freund PLDI 2009 Slides by Michelle Goodstein 07/26/10.

C. FlanaganSAS’04: Type Inference Against Races1 Type Inference Against Races Cormac Flanagan UC Santa Cruz Stephen N. Freund Williams College.

Michael Ernst, page 1 Improving Test Suites via Operational Abstraction Michael Ernst MIT Lab for Computer Science Joint.

Cormac Flanagan UC Santa Cruz Velodrome: A Sound and Complete Dynamic Atomicity Checker for Multithreaded Programs Jaeheon Yi UC Santa Cruz Stephen Freund.

Learning From Mistakes—A Comprehensive Study on Real World Concurrency Bug Characteristics Shan Lu, Soyeon Park, Eunsoo Seo and Yuanyuan Zhou Appeared.

Java Race Finder Checking Java Programs for Sequential Consistency Tuba Yavuz-Kahveci Fall 2013.

Memory Consistency Models Some material borrowed from Sarita Adve’s (UIUC) tutorial on memory consistency models.

Exceptions and Mistakes CSE788 John Eisenlohr. Big Question How can we improve the quality of concurrent software?

C. FlanaganType Systems for Multithreaded Software1 Cormac Flanagan UC Santa Cruz Stephen N. Freund Williams College Shaz Qadeer Microsoft Research.

15-740/ Oct. 17, 2012 Stefan Muller.  Problem: Software is buggy!  More specific problem: Want to make sure software doesn’t have bad property.

Computer Security and Penetration Testing

Runtime Refinement Checking of Concurrent Data Structures (the VYRD project) Serdar Tasiran Koç University, Istanbul, Turkey Shaz Qadeer Microsoft Research,

Accelerating Precise Race Detection Using Commercially-Available Hardware Transactional Memory Support Serdar Tasiran Koc University, Istanbul, Turkey.

Eraser: A Dynamic Data Race Detector for Multithreaded Programs STEFAN SAVAGE, MICHAEL BURROWS, GREG NELSON, PATRICK SOBALVARRO, and THOMAS ANDERSON Ethan.

Pallavi Joshi* Mayur Naik † Koushik Sen* David Gay ‡ *UC Berkeley † Intel Labs Berkeley ‡ Google Inc.

1 Evaluating the Impact of Thread Escape Analysis on Memory Consistency Optimizations Chi-Leung Wong, Zehra Sura, Xing Fang, Kyungwoo Lee, Samuel P. Midkiff,

Aritra Sengupta, Swarnendu Biswas, Minjia Zhang, Michael D. Bond and Milind Kulkarni ASPLOS 2015, ISTANBUL, TURKEY Hybrid Static-Dynamic Analysis for Statically.

ICS 313: Programming Language Theory Chapter 13: Concurrency.

Shared Memory Consistency Models. SMP systems support shared memory abstraction: all processors see the whole memory and can perform memory operations.

Memory Consistency Models. Outline Review of multi-threaded program execution on uniprocessor Need for memory consistency models Sequential consistency.

Dataflow Analysis for Concurrent Programs using Datarace Detection Ravi Chugh, Jan W. Voung, Ranjit Jhala, Sorin Lerner LBA Reading Group Michelle Goodstein.

Detecting and Eliminating Potential Violation of Sequential Consistency for concurrent C/C++ program Duan Yuelu, Feng Xiaobing, Pen-chung Yew.

Michael Bond Katherine Coons Kathryn McKinley University of Texas at Austin.

Motivation  Parallel programming is difficult  Culprit: Non-determinism Interleaving of parallel threads But required to harness parallelism  Sequential.

CS265: Dynamic Partial Order Reduction Koushik Sen UC Berkeley.

ICFEM 2002, Shanghai Reasoning about Hardware and Software Memory Models Abhik Roychoudhury School of Computing National University of Singapore.

Findbugs Tin Bui-Huy September, Content What is bug? What is bug? What is Findbugs? What is Findbugs? How to use Findbugs? How to use Findbugs?

Detecting Atomicity Violations via Access Interleaving Invariants

Effective Static Deadlock Detection Mayur Naik* Chang-Seo Park +, Koushik Sen +, David Gay* *Intel Research, Berkeley + UC Berkeley.

CAPP: Change-Aware Preemption Prioritization Vilas Jagannath, Qingzhou Luo, Darko Marinov Sep 6 th 2011.

HARD: Hardware-Assisted lockset- based Race Detection P.Zhou, R.Teodorescu, Y.Zhou. HPCA’07 Shimin Chen LBA Reading Group Presentation.

Effective Static Deadlock Detection Mayur Naik (Intel Research) Chang-Seo Park and Koushik Sen (UC Berkeley) David Gay (Intel Research)

Atom-Aid: Detecting and Surviving Atomicity Violations Brandon Lucia, Joseph Devietti, Karin Strauss and Luis Ceze LBA Reading Group 7/3/08 Slides by Michelle.

Specifying Multithreaded Java semantics for Program Verification Abhik Roychoudhury National University of Singapore (Joint work with Tulika Mitra)

Week 9, Class 3: Java’s Happens-Before Memory Model (Slides used and skipped in class) SE-2811 Slide design: Dr. Mark L. Hornick Content: Dr. Hornick Errors:

Eraser: A dynamic Data Race Detector for Multithreaded Programs Stefan Savage, Michael Burrows, Greg Nelson, Patrick Sobalvarro, Thomas Anderson Presenter:

Reachability Testing of Concurrent Programs1 Reachability Testing of Concurrent Programs Richard Carver, GMU Yu Lei, UTA.

Testing Concurrent Programs Sri Teja Basava Arpit Sud CSCI 5535: Fundamentals of Programming Languages University of Colorado at Boulder Spring 2010.

Week 8, Class 3: Model-View-Controller Final Project Worth 2 labs Cleanup of Ducks Reducing coupling Finishing FactoryMethod Cleanup of Singleton SE-2811.

Using Escape Analysis in Dynamic Data Race Detection Emma Harrington `15 Williams College

FastTrack: Efficient and Precise Dynamic Race Detection [FlFr09] Cormac Flanagan and Stephen N. Freund GNU OS Lab. 23-Jun-16 Ok-kyoon Ha.

Prescient Memory: Exposing Weak Memory Model Behavior by Looking into the Future MAN CAO JAKE ROEMER ARITRA SENGUPTA MICHAEL D. BOND 1.

Presenter: Godmar Back

Memory Consistency Models

Threads Cannot Be Implemented As a Library

Memory Consistency Models

Effective Data-Race Detection for the Kernel

Specifying Multithreaded Java semantics for Program Verification

Threads and Memory Models Hal Perkins Autumn 2011

References [1] LEAP:The Lightweight Deterministic Multi-processor Replay of Concurrent Java Programs [2] CLAP:Recording Local Executions to Reproduce.

Atomicity in Multithreaded Software

Threads and Memory Models Hal Perkins Autumn 2009

Memory Consistency Models

Non-preemptive Semantics for Data-race-free Programs

Tools for the development of parallel applications

Presentation transcript:

ADVERSARIAL MEMORY FOR DETECTING DESTRUCTIVE RACES Cormac Flanagan & Stephen Freund UC Santa Cruz Williams College PLDI 2010 Slides by Michelle Goodstein LBA Reading Group, June

Motivation  Multi-threaded programs often contain data races  Hardware with relaxed memory consistency models may still behave like SC most of the time  Hard to classify data races as benign or destructive  New dynamic analysis technique:  Adversarial Memory

Outline  Motivation  Review of Memory Models  High-level idea of adversarial memory  Will be skipping the formalisms; they are in the paper  Results

Memory Models  Sequential Consistency (SC): Once x is non-null, the conditional in Thread 2 will evaluate to true  Java Relaxed Memory Model (JMM): Each of thread 2’s reads of x is independently null/non-null  Initially: T2 reads x non-null, passes conditional  Then x appears null, and x.draw() throws exception

Memory Models  Trace: sequence of ops performed by threads  Happens-Before Memory Model (HB):  A read(x) operation A in a trace can return the value written by any write(x) operation B so long as B is either concurrent or happens before A (B doesn’t occur after A) no write C exists such that B < C < A in the trace (< :happens-before)  Progressive Java Memory Model (PJ):  A read(x) operation A in a trace can return the value written by any write(x) operation B so long as B executes before A in the trace No intervening write(x) C exists where B < C < A  JMM: Happens-Before + Causality

Memory Models  JMM, HBMM allow a potential future value to be read. PJMM only allows values def. in past to be read

Adversarial Memory  Hardware is often SC-like even when it doesn’t guarantee SC  Hard to see where races can truly be problematic  Stress-test racy Java code  Return old but still valid values (according to consistency model)  Maintain write buffer to each shared variables involved in races  On read  Compute set of visible values that do not violate consistency model  Return “worst case” according to heuristic

Adversarial Memory

 Authors provide operational semantics  Skipping here  On reads, looks within write buffers for any write that could still be visible  Only one write will be returned  Use heuristics to choose  “Most recent” write—very SC-like  “Oldest” write—further from SC

Adversarial Memory Example per-thread vector clocks lock’s vector clock write buffer for location list “t0 writes value 13 to x at clock ” Available :  Available :

Adversarial Memory Heuristics  Sequentially Consistent: Return most recent write  Oldest: Return oldest value  Intuition: staler the value, the likelier to cause problems  Oldest-but-different  Consider if(x != null) {x.draw();}  What if x always reads null ?  Gets out of infinite loop  Random  Random-but-different

Implementation  JUMBLE: Java-based implementation, on RoadRunner framework  Use precise race detector to discover racy shared vars  Focus on one location at a time  Special Cases  Arrays: Sample indices, and only jumble accesses to a few indices  Long/Double: Treat 8B as 2 non-atomic 4B accesses

Experimental Setup  Examined 10 race conditions discovered by FASTTRACK  Compared performance under 6 different memory implementations:  No Jumble  SC  Oldest  Oldest-but-different  Random  Random-but-different

Experimental Setup  For each race & configuration  100 tests to detect how frequently race caused error  Race on fields: jumbled reads from all instances of field  Race on arrays: jumbled reads from all arrays at indices 0 & 1

Custom Benchmarks

Experimental Results: Efficacy

Some Discussion (More in Paper)  montecarlo: Writes same value to global  mtrt: threadcounter is incremented by parent, decremented by child. Never used elsewhere, so corruption of this variable does not matter.

 Figure 8: null-ptr exception generated, since both null and non-null are available for x. Oldest fails due to infinite loop  Figure 2: p can be initialized before p.x becomes non-zero, causing a divide-by-zero at line 17

Performance Results  Performance of other heuristics similar to SC, except in degenerate cases  EMPTY: 1.2x-1.5x (instrumentation)  JUMBLE slowdown similar to EMPTY except:  tsp, sor, moldyn  Compression can greatly shrink size needed for write buffer

Eclipse Results  FASTTRACK found 27 races  Ran Jumble once/race  4 races: null ptr exceptions  4 races: non-deterministic reads, no bug  Remaining fields: no non-deterministic reads detected  Races on fields where the same value is written

Conclusions  Data races are problematic  Novel dynamic analysis to expose destructive data races  Complements statically checking all valid SC interleavings