C. FlanaganDynamic Analysis for Atomicity1. C. Flanagan2Dynamic Analysis for Atomicity Atomicity The method inc() is atomic if concurrent threads do not.

Slides:



Advertisements
Similar presentations
Types for Atomicity Authors: Cormac Flanagan, UC Santa Cruz Stephen Freund, Marina Lifshin, Williams College Shaz Qadeer, Microsoft Research Presentation.
Advertisements

A Randomized Dynamic Program Analysis for Detecting Real Deadlocks Pallavi Joshi  Chang-Seo Park  Koushik Sen  Mayur Naik ‡  Par Lab, EECS, UC Berkeley‡
Reduction, abstraction, and atomicity: How much can we prove about concurrent programs using them? Serdar Tasiran Koç University Istanbul, Turkey Tayfun.
Goldilocks: Efficiently Computing the Happens-Before Relation Using Locksets Tayfun Elmas 1, Shaz Qadeer 2, Serdar Tasiran 1 1 Koç University, İstanbul,
Verification of Multithreaded Object- Oriented Programs with Invariants Bart Jacobs, K. Rustan M. Leino, Wolfram Schulte.
A Randomized Dynamic Program Analysis for Detecting Real Deadlocks Koushik Sen CS 265.
Chapter 6: Process Synchronization
Concurrency 101 Shared state. Part 1: General Concepts 2.
/ PSWLAB Concurrent Bug Patterns and How to Test Them by Eitan Farchi, Yarden Nir, Shmuel Ur published in the proceedings of IPDPS’03 (PADTAD2003)
1 Beyond Reduction Busy Acquire atomic void busy_acquire() { while (true) { if (CAS(m,0,1)) break; } } if (m == 0) { m = 1; return true; } else.
Part IV: Exploiting Purity for Atomicity. Busy Acquire atomic void busy_acquire() { while (true) { if (CAS(m,0,1)) break; } } CAS(m,0,1) (fails) (succeeds)
Atomizer: A Dynamic Atomicity Checker For Multithreaded Programs Stephen Freund Williams College Cormac Flanagan University of California, Santa Cruz.
Types for Atomicity in Multithreaded Software Shaz Qadeer Microsoft Research (Joint work with Cormac Flanagan)
Synchronization. Shared Memory Thread Synchronization Threads cooperate in multithreaded environments – User threads and kernel threads – Share resources.
CS294-32: Dynamic Data Race Detection Koushik Sen UC Berkeley.
Atomicity in Multi-Threaded Programs Prachi Tiwari University of California, Santa Cruz CMPS 203 Programming Languages, Fall 2004.
C. Flanagan1Types for Atomicity Cormac Flanagan UC Santa Cruz Stephen N. Freund Williams College Shaz Qadeer Microsoft Research Analysis of Concurrent.
/ PSWLAB Atomizer: A Dynamic Atomicity Checker For Multithreaded Programs By Cormac Flanagan, Stephen N. Freund 24 th April, 2008 Hong,Shin.
CS 263 Course Project1 Survey: Type Systems for Race Detection and Atomicity Feng Zhou, 12/3/2003.
Atomicity Violation Detection Prof. Moonzoo Kim CS492B Analysis of Concurrent Programs.
Generalizing Reduction and Abstraction to Simplify Concurrent Programs: The QED Approach Shaz Qadeer Microsoft Research Redmond, WA Serdar Taşıran Serdar.
Summarizing Procedures in Concurrent Programs Shaz Qadeer Sriram K. Rajamani Jakob Rehof Microsoft Research.
ADVERSARIAL MEMORY FOR DETECTING DESTRUCTIVE RACES Cormac Flanagan & Stephen Freund UC Santa Cruz Williams College PLDI 2010 Slides by Michelle Goodstein.
Threading Part 2 CS221 – 4/22/09. Where We Left Off Simple Threads Program: – Start a worker thread from the Main thread – Worker thread prints messages.
Atomicity: A powerful concept for analyzing concurrent software Shaz Qadeer Microsoft Research.
C. FlanaganTypes for Race Freedom1 Cormac Flanagan UC Santa Cruz Stephen N. Freund Williams College Shaz Qadeer Microsoft Research Analysis of Concurrent.
CS533 Concepts of Operating Systems Class 3 Data Races and the Case Against Threads.
C. FlanaganAtomicity for Reliable Concurrent Software - PLDI'05 Tutorial1 Atomicity for Reliable Concurrent Software Part 3a: Types for Race-Freedom and.
Mayur Naik Alex Aiken John Whaley Stanford University Effective Static Race Detection for Java.
C. Flanagan1Atomicity for Reliable Concurrent Software - PLDI'05 Tutorial Atomicity for Reliable Concurrent Software Joint work with Stephen Freund Shaz.
Runtime Atomicity Analysis of Multi-threaded Programs Focus is on the paper: “Atomizer: A Dynamic Atomicity Checker for Multithreaded Programs” by C. Flanagan.
Types for Atomicity in Multithreaded Software Cormac Flanagan Systems Research Center HP Labs.
Synchronization in Java Fawzi Emad Chau-Wen Tseng Department of Computer Science University of Maryland, College Park.
CS533 Concepts of Operating Systems Class 3 Monitors.
1 Sharing Objects – Ch. 3 Visibility What is the source of the issue? Volatile Dekker’s algorithm Publication and Escape Thread Confinement Immutability.
Verifying Commit-Atomicity Using Model Checking Cormac Flanagan University of California, Santa Cruz.
Part II: Atomicity for Software Model Checking. Class Account { int balance; static int MIN = 0, MAX = 100; bool synchronized deposit(int n) { int t =
Cormac Flanagan UC Santa Cruz Velodrome: A Sound and Complete Dynamic Atomicity Checker for Multithreaded Programs Jaeheon Yi UC Santa Cruz Stephen Freund.
Synchronization CSCI 444/544 Operating Systems Fall 2008.
/ PSWLAB Eraser: A Dynamic Data Race Detector for Multithreaded Programs By Stefan Savage et al 5 th Mar 2008 presented by Hong,Shin Eraser:
C. FlanaganType Systems for Multithreaded Software1 Cormac Flanagan UC Santa Cruz Stephen N. Freund Williams College Shaz Qadeer Microsoft Research.
15-740/ Oct. 17, 2012 Stefan Muller.  Problem: Software is buggy!  More specific problem: Want to make sure software doesn’t have bad property.
Threading and Concurrency Issues ● Creating Threads ● In Java ● Subclassing Thread ● Implementing Runnable ● Synchronization ● Immutable ● Synchronized.
Deadlock Detection Nov 26, 2012 CS 8803 FPL 1. Part I Static Deadlock Detection Reference: Effective Static Deadlock Detection [ICSE’09]
/ PSWLAB Type-Based Race Detection for J AVA by Cormac Flanagan, Stephen N. Freund 22 nd Feb 2008 presented by Hong,Shin Type-Based.
Pallavi Joshi* Mayur Naik † Koushik Sen* David Gay ‡ *UC Berkeley † Intel Labs Berkeley ‡ Google Inc.
50.530: Software Engineering Sun Jun SUTD. Week 8: Race Detection.
Reduction: A powerful technique for analyzing concurrent software Shaz Qadeer Microsoft Research Collaborators: Cormac Flanagan, UC Santa Cruz Stephen.
Aritra Sengupta, Swarnendu Biswas, Minjia Zhang, Michael D. Bond and Milind Kulkarni ASPLOS 2015, ISTANBUL, TURKEY Hybrid Static-Dynamic Analysis for Statically.
11/18/20151 Operating Systems Design (CS 423) Elsa L Gunter 2112 SC, UIUC Based on slides by Roy Campbell, Sam.
November 2005Scott Stoller, Stony Brook University1 Detecting Potential Deadlocks with Static Analysis and Run-Time Monitoring Rahul Agarwal, Liqiang Wang,
Concurrency Control 1 Fall 2014 CS7020: Game Design and Development.
Michael Bond Katherine Coons Kathryn McKinley University of Texas at Austin.
Effective Static Deadlock Detection Mayur Naik* Chang-Seo Park +, Koushik Sen +, David Gay* *Intel Research, Berkeley + UC Berkeley.
Effective Static Deadlock Detection Mayur Naik (Intel Research) Chang-Seo Park and Koushik Sen (UC Berkeley) David Gay (Intel Research)
CSE332: Data Abstractions Lecture 25: Deadlocks and Additional Concurrency Issues Tyler Robison Summer
November 2005Scott Stoller, Stony Brook University1 Checking Atomicity in Concurrent Java Programs Scott D. Stoller Joint work with Rahul Agarwal, Amit.
/ PSWLAB Thread Modular Model Checking by Cormac Flanagan and Shaz Qadeer (published in Spin’03) Hong,Shin Thread Modular Model.
Eraser: A dynamic Data Race Detector for Multithreaded Programs Stefan Savage, Michael Burrows, Greg Nelson, Patrick Sobalvarro, Thomas Anderson Presenter:
1 Announcements HW9: Java Concurrency Due Monday May 9 th Tests in HW Server coming up Check your grades in Rainbow Grades! Homework Server survey:
Detecting Data Races in Multi-Threaded Programs
Healing Data Races On-The-Fly
Synchronization.
CS533 Concepts of Operating Systems Class 3
Atomicity CS 2110 – Fall 2017.
Atomicity in Multithreaded Software
CS533 Concepts of Operating Systems Class 3
CSE 153 Design of Operating Systems Winter 19
50.530: Software Engineering
Eraser: A dynamic data race detector for multithreaded programs
Presentation transcript:

C. FlanaganDynamic Analysis for Atomicity1

C. Flanagan2Dynamic Analysis for Atomicity Atomicity The method inc() is atomic if concurrent threads do not interfere with its behavior Guarantees that for every execution there is a serial execution with same behavior         acq(this)t=i i=t+1rel(this)xyz         acq(this) t=i i=t+1rel(this)xyz         acq(this) t=i i=t+1rel(this)xyz

C. Flanagan3Dynamic Analysis for Atomicity Tools for Checking Atomicity Calvin: ESC for multithreaded code –[Freund-Qadeer 03]

C. Flanagan4Dynamic Analysis for Atomicity Experience with Calvin global_invariant (\forall int i; inodeLocks[i] == null ==> 0 <= inodeBlocknos[i] && inodeBlocknos[i] < Daisy.MAXBLOCK) */ requires 0 <= inodenum && inodenum < Daisy.MAXINODE; requires i != null requires DaisyLock.inodeLocks[inodenum] == \tid modifies i.blockno, i.size, i.used, i.inodenum ensures i.blockno == inodeBlocknos[inodenum] ensures i.size == inodeSizes[inodenum] ensures i.used == inodeUsed[inodenum] ensures i.inodenum == inodenum ensures 0 <= i.blockno && i.blockno < Daisy.MAXBLOCK static void readi(long inodenum, Inode i) { i.blockno = Petal.readLong(STARTINODEAREA + (inodenum * Daisy.INODESIZE)); i.size = Petal.readLong(STARTINODEAREA + (inodenum * Daisy.INODESIZE) + 8); i.used = Petal.read(STARTINODEAREA + (inodenum * Daisy.INODESIZE) + 16) == 1; i.inodenum = inodenum; // read the right bytes, put in inode }

C. Flanagan5Dynamic Analysis for Atomicity Tools for Checking Atomicity Calvin: ESC for multithreaded code –[Freund-Qadeer 03] A type system for atomicity –[Flanagan-Qadeer 03,Flanagan-Freund-Lifshin 05]

C. Flanagan6Dynamic Analysis for Atomicity Tools for Checking Atomicity Calvin: ESC for multithreaded code –[Freund-Qadeer 03] A type system for atomicity –[Flanagan-Qadeer 03,Flanagan-Freund-Lifshin 05] Atomizer: dynamic atomicity checker –[Flanagan-Freund 04]

C. FlanaganDynamic Analysis for Atomicity7

C. FlanaganDynamic Analysis for Atomicity8

C. FlanaganDynamic Analysis for Atomicity9

C. Flanagan10Dynamic Analysis for Atomicity Atomizer: Instrumentation Architecture Atomizer Instrumented Source Code javac +JVM Warning: method “append” may not be atomic at line 43 Runtime Lockset Reduction /*# atomic */ void append(...) {... } T1: begin_atomic T2: acquire(lock3) T2: read(x,5) T1: write(y,3) T1: end_atomic T2: release(lock3) event stream

C. Flanagan11Dynamic Analysis for Atomicity Atomizer: Dynamic Analysis Lockset algorithm –from Eraser [Savage et al. 97] –identifies race conditions Reduction [Lipton 75] –proof technique for verifying atomicity, using information about race conditions

C. Flanagan12Dynamic Analysis for Atomicity Analysis 1: Lockset Algorithm Tracks lockset for each field –lockset = set of locks held on all accesses to field Dynamically infers protecting lock for each field Empty lockset indicates possible race condition

C. Flanagan13Dynamic Analysis for Atomicity First access to o.f: LockSet( o.f ) = Held(curThread) = { x, y } Thread 1 synchronized(x) { synchronized(y) { o.f = 2; } o.f = 11; } Thread 2 synchronized(y) { o.f = 2; } Lockset Example

C. Flanagan14Dynamic Analysis for Atomicity Subsequent access to o.f: LockSet( o.f ) := LockSet( o.f )  Held(curThread) = { x, y }  { x } = { x } Lockset Example Thread 1 synchronized(x) { synchronized(y) { o.f = 2; } o.f = 11; } Thread 2 synchronized(y) { o.f = 2; }

C. Flanagan15Dynamic Analysis for Atomicity Subsequent access to o.f: LockSet( o.f ) := LockSet( o.f )  Held(curThread) = { x }  { y } = { } => race condition Lockset Example Thread 1 synchronized(x) { synchronized(y) { o.f = 2; } o.f = 11; } Thread 2 synchronized(y) { o.f = 2; }

C. Flanagan16Dynamic Analysis for Atomicity Lockset Shared-exclusive Track lockset any thread r/w Shared-read/write Track lockset race condition!

C. Flanagan17Dynamic Analysis for Atomicity Lockset with Thread Local Data Thread Local Shared-exclusive Track lockset first thread r/w any thread r/w Shared-read/write Track lockset race condition! second thread r/w

C. Flanagan18Dynamic Analysis for Atomicity Lockset with Read Shared Data Thread Local Read Shared Shared-exclusive Track lockset first thread r/w any thread read any thread write any thread r/w Shared-read/write Track lockset race condition! second thread read second thread write

C. Flanagan19Dynamic Analysis for Atomicity Lockset for Producer-Consumer Thread Local Thread Local (2) Read Shared Shared-exclusive Track lockset first thread r/w second thread r/w any thread read any thread read any thread write any thread r/w Shared-read/write Track lockset [Gross-Von Praun 01]

C. Flanagan20Dynamic Analysis for Atomicity Atomizer: Dynamic Analysis Lockset algorithm –from Eraser [Savage et al. 97] –identifies race conditions Reduction [Lipton 75] –proof technique for verifying atomicity, using information about race conditions

C. Flanagan21Dynamic Analysis for Atomicity Reduction [Lipton 75] acq(this)  Xt=i Y i=t+1Z rel(this)      acq(this)  X t=i Y i=t+1Z rel(this)         acq(this) X t=i Y i=t+1Z rel(this)        acq(this) X t=i Y i=t+1Z rel(this)      

C. Flanagan22Dynamic Analysis for Atomicity  Reducible methods: (R|B)* [N] (L|B)* Performing Reduction Dynamically R: right-mover –lock acquire L: left-mover –lock release B: both-mover –race-free field access N: non-mover –access to "racy" fields InRightInLeft R|B L|N start atomic block Error L|B R|N acq(lock) j=bal bal=j+n rel(lock) R B B L

C. Flanagan23Dynamic Analysis for Atomicity public class StringBuffer { private int count; public synchronized int length() { return count; } public synchronized void getChars(...) {... } /*# atomic */ public synchronized void append(StringBuffer sb){ int len = sb.length();... sb.getChars(...,len,...);... } java.lang.StringBuffer sb.length() acquires lock on sb, gets length, and releases lock use of stale len may yield StringIndexOutOfBoundsException inside getChars(...) other threads can change sb

C. Flanagan24Dynamic Analysis for Atomicity public class StringBuffer { private int count; public synchronized int length() { return count; } public synchronized void getChars(...) {... } /*# atomic */ public synchronized void append(StringBuffer sb){ int len = sb.length();... sb.getChars(...,len,...);... } java.lang.StringBuffer StringBuffer.append is not atomic: Start: at StringBuffer.append(StringBuffer.java:701) at Thread1.run(Example.java:17) Commit: Lock Release at StringBuffer.length(StringBuffer.java:221) at StringBuffer.append(StringBuffer.java:702) at Thread1.run(Example.java:17) Error: Lock Acquire at StringBuffer.getChars(StringBuffer.java:245) at StringBuffer.append(StringBuffer.java:710) at Thread1.run(Example.java:17)

C. Flanagan25Dynamic Analysis for Atomicity Atomizer Review Instrumented code calls Atomizer runtime –on field accesses, sync ops, etc Lockset algorithm identifies races –used to classify ops as movers or non-movers Atomizer checks reducibility of atomic blocks –warns about atomicity violations

C. Flanagan26Dynamic Analysis for Atomicity /*# atomic */ void deposit(int n) { synchronized (this) { int j = bal; // other thread changes bal bal = j + n; } R B A L Refining Race Information Discovery of races during reduction

C. Flanagan27Dynamic Analysis for Atomicity Extensions Redundant lock operations –acquire is right-mover –release is left-mover –Want to treat them as both movers when possible Write-protected data –common idiom

C. Flanagan28Dynamic Analysis for Atomicity Thread-Local Locks class Vector { atomic synchronized Object get(int i) {... } atomic synchronized void add(Object o) {... } } class WorkerThread { atomic void transaction() { Vector v = new Vector(); v.add(x1); v.add(x2);... v.get(i); }

C. Flanagan29Dynamic Analysis for Atomicity Reentrant Locks class Vector { atomic synchronized Object get(int i) {... } atomic synchronized Object add(Object o) {... } atomic boolean contains(Object o) { synchronized(this) { for (int i = 0; i < size(); i++) if (get(i).equals(o)) return true; } return false; }

C. Flanagan30Dynamic Analysis for Atomicity Layered Abstractions class Set { Vector elems; atomic void add(Object o) { synchronized(this) { if (!elems.contains(o)) elems.add(o); }

C. Flanagan31Dynamic Analysis for Atomicity Redundant Lock Operations Acquire is right-mover Release is left-mover Redundant lock operations are both-movers –acquiring/releasing a thread-local lock –re-entrant acquire/release –acquiring/releasing lock A, if lock B always acquired before A

C. Flanagan32Dynamic Analysis for Atomicity Write-Protected Data class Account { volatile int bal; /*# atomic */ int read() { return bal; } /*# atomic */ void deposit(int n) { synchronized (this) { int j = bal; bal = j + n; } RBNLRBNL

C. Flanagan33Dynamic Analysis for Atomicity Write-Protected Data class Account { int bal; /*# atomic */ int read() { return bal; } /*# atomic */ void deposit(int n) { synchronized (this) { int j = bal; bal = j + n; } Lock this held whenever balance is updated –write must hold lock, and is non-mover –read without lock held is non-mover –read with lock held is both-mover RBALRBAL

C. Flanagan34Dynamic Analysis for Atomicity Lockset for Write-Protected Data Track access lockset and write lockset –access lockset = locks held on every access –write lockset = locks held on every write For regularly-protected data –access lockset = write lockset = { protecting lock } For write-protected data –access lockset = Ø –write lockset = { write-protecting lock } Read is both-mover if some write lock held Write is both-mover if access lockset nonempty

C. Flanagan35Dynamic Analysis for Atomicity Evaluation 12 benchmarks –scientific computing, web server, std libraries,... –200,000+ lines of code Heuristics for atomicity –all synchronized blocks are atomic –all public methods are atomic, except main and run Slowdown:1.5x - 40x

C. Flanagan36Dynamic Analysis for Atomicity BenchmarkLines Base Time (s)Slowdown elevator hedc29, tsp sor17, moldyn1, montecarlo3, raytracer1, mtrt11, jigsaw90, specJBB30, webl22, lib-java75, Performance

C. Flanagan37Dynamic Analysis for Atomicity Extensions Reduce Number of Warnings Total 341 Total 97

C. Flanagan38Dynamic Analysis for Atomicity Evaluation Warnings: 97 (from 200KLOC) At least 7 are real errors False alarms due to: –simplistic heuristics for atomicity programmer should specify atomicity –false races –methods irreducible yet still "atomic" eg caching, lazy initialization No warnings reported in more than 90% of exercised methods

C. Flanagan39Dynamic Analysis for Atomicity Example Bugs class PrintWriter { Writer out; public void println(String s) { synchronized(lock) { out.print(s); out.println(); } } } class ResourceStoreManager { synchronized checkClosed() {... } synchronized lookup(...) {... } public ResourceStore loadResourceStore(...) { checkClosed(); return lookup(...); } }

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.