Modular Typestate Checking for Concurrent Java Programs Nels E. Beckman Carnegie Mellon University (Advised by Jonathan Aldrich)

Slides:



Advertisements
Similar presentations
Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 8.
Advertisements

– R 7 :: 1 – 0024 Spring 2010 Parallel Programming 0024 Recitation Week 7 Spring Semester 2010.
Automated Software Verification with a Permission-Based Logic 20 th June 2014, Zürich Malte Schwerhoff, ETH Zürich.
Classical Planning via Plan-space search COMP3431 Malcolm Ryan.
Verification of Multithreaded Object- Oriented Programs with Invariants Bart Jacobs, K. Rustan M. Leino, Wolfram Schulte.
A simple sequential reasoning approach for sound modular verification of mainstream multithreaded programs Wolfram Schulte & Bart Jacobs Microsoft Research.
Concurrency 101 Shared state. Part 1: General Concepts 2.
Intertask Communication and Synchronization In this context, the terms “task” and “process” are used interchangeably.
Utilities (Part 3) Implementing static features 1.
Verifying Correct Usage of Atomic Blocks and Typestate Nels E. Beckman Nels E. Beckman, Kevin Bierhoff, and Jonathan Aldrich Carnegie Mellon University.
Alias Annotations for Program Understanding Jonathan Aldrich Valentin Kostadinov Craig Chambers University of Washington.
Slides prepared by Rose Williams, Binghamton University Chapter 13 Interfaces and Inner Classes.
On the Relationship Between Concurrent Separation Logic and Assume-Guarantee Reasoning Xinyu Feng Yale University Joint work with Rodrigo Ferreira and.
Synchronization in Java Nelson Padua-Perez Bill Pugh Department of Computer Science University of Maryland, College Park.
1 Islands : Aliasing Protection In Object-Oriented Languages By : John Hogg OOPSLA 91 Aharon Abadi.
Synchronization in Java Fawzi Emad Chau-Wen Tseng Department of Computer Science University of Maryland, College Park.
29-Jun-15 Java Concurrency. Definitions Parallel processes—two or more Threads are running simultaneously, on different cores (processors), in the same.
Process Synchronization Ch. 4.4 – Cooperating Processes Ch. 7 – Concurrency.
1/25 Pointer Logic Changki PSWLAB Pointer Logic Daniel Kroening and Ofer Strichman Decision Procedure.
K. Rustan M. Leino RiSE, Microsoft Research, Redmond joint work with Peter Müller and Jan Smans Lecture 0 1 September 2009 FOSAD 2009, Bertinoro, Italy.
Thread-modular Abstraction Refinement Thomas A. Henzinger, et al. CAV 2003 Seonggun Kim KAIST CS750b.
Procedure specifications CSE 331. Outline Satisfying a specification; substitutability Stronger and weaker specifications - Comparing by hand - Comparing.
Software Engineering Prof. Dr. Bertrand Meyer March 2007 – June 2007 Chair of Software Engineering Static program checking and verification Slides: Based.
Object-Oriented Implementation of Reconciliations M.Sc. Seminar Talk by Costa Shapiro under supervision of Prof. Shmuel Katz Computer Science – Technion.
COSC 1P03 Data Structures and Abstraction 4.1 Abstract Data Types The advantage of a bad memory is that one enjoys several times the same good things for.
1 Abstraction  Identify important aspects and ignore the details  Permeates software development programming languages are abstractions built on hardware.
Introduction CS 3358 Data Structures. What is Computer Science? Computer Science is the study of algorithms, including their  Formal and mathematical.
Concurrency, Mutual Exclusion and Synchronization.
Threading and Concurrency Issues ● Creating Threads ● In Java ● Subclassing Thread ● Implementing Runnable ● Synchronization ● Immutable ● Synchronized.
Announcements Assignment 3 due. Invite friends, co-workers to your presentations. Course evaluations on Friday.
Model Programs for Preserving Composite Invariants SAVCBS 2008 Challenge Problem Solution by Steve Shaner, Hridesh Rajan, Gary T. Leavens Iowa State and.
1 Processes, Threads, Race Conditions & Deadlocks Operating Systems Review.
Design by Contract in Java Concept and Comparison.
111 © 2002, Cisco Systems, Inc. All rights reserved.
Question of the Day  On a game show you’re given the choice of three doors: Behind one door is a car; behind the others, goats. After you pick a door,
Introduction to Object Oriented Programming CMSC 331.
Slide: 1 Copyright © AdaCore Subprograms Presented by Quentin Ochem university.adacore.com.
Semaphores, Locks and Monitors By Samah Ibrahim And Dena Missak.
Denis Caromel1 Institut universitaire de France (IUF) INRIA Sophia-Antipolis – CNRS – I3S – Université de Nice Luis Mateu DCC – Universidad de Chile Eric.
A Universe-Type-Based Verification Technique for Mutable Static Fields and Methods Alexander J Summers Sophia Drossopoulou Imperial College London Peter.
ICS 313: Programming Language Theory Chapter 13: Concurrency.
Sharing Objects  Synchronization  Atomicity  Specifying critical sections  Memory visibility  One thread’s modification seen by the other  Visibility.
Types in programming languages1 What are types, and why do we need them?
A Type System for Borrowing Permissions Karl Naden, Rob Bocchino Jonathan Aldrich, Kevin Bierhoff POPL – January 27, 2012 School of Computer Science.
Polymorphism Liskov 8. Outline equals() Revisiting Liskov’s mutable vs. not rule Polymorphism Uniform methods for different types “easy” polymorphism.
Protocols Software Engineering II Wirfs Brock et al, Designing Object-Oriented Software, Prentice Hall, Mitchell, R., and McKim, Design by Contract,
Multithreaded programming  Java provides built-in support for multithreaded programming. A multithreaded program contains two or more parts that can run.
Effective Static Deadlock Detection Mayur Naik* Chang-Seo Park +, Koushik Sen +, David Gay* *Intel Research, Berkeley + UC Berkeley.
Semantic Analysis II Type Checking EECS 483 – Lecture 12 University of Michigan Wednesday, October 18, 2006.
An Introduction to Automated Program Verification with Permission Logics 15 th May 2015, Systems Group, ETH Zurich Uri Juhasz, Ioannis Kassios, Peter Müller,
Effective Static Deadlock Detection Mayur Naik (Intel Research) Chang-Seo Park and Koushik Sen (UC Berkeley) David Gay (Intel Research)
Introduction to Collections. Collections Collections provide a way of organizing related data in a model Different types of collections have different.
Polymorphism SWE 619. Outline equals() Revisiting Liskov’s mutable vs. not rule Polymorphism Uniform methods for different types “easy” polymorphism Element.
Quick Review of OOP Constructs Classes:  Data types for structured data and behavior  fields and methods Objects:  Variables whose data type is a class.
Extended Static Checking for Java Cormac Flanagan Joint work with: Rustan Leino, Mark Lillibridge, Greg Nelson, Jim Saxe, and Raymie Stata Compaq Systems.
/ PSWLAB Thread Modular Model Checking by Cormac Flanagan and Shaz Qadeer (published in Spin’03) Hong,Shin Thread Modular Model.
Defining Classes I Part B. Information hiding & encapsulation separate how to use the class from the implementation details separate how to use the class.
Specifying Multithreaded Java semantics for Program Verification Abhik Roychoudhury National University of Singapore (Joint work with Tulika Mitra)
David Evans CS201j: Engineering Software University of Virginia Computer Science Lecture 10: Programming Exceptionally.
1 G53SRP: Java Concurrency Control (2) – wait/notify Chris Greenhalgh School of Computer Science.
Healing Data Races On-The-Fly
EECE 310: Software Engineering
Multithreaded Programming in Java
Stateful Manifest Contracts
Threads and Memory Models Hal Perkins Autumn 2011
null, true, and false are also reserved.
Over-Approximating Boolean Programs with Unbounded Thread Creation
Hoare-style program verification
Threads and Memory Models Hal Perkins Autumn 2009
Binding 10: Binding Programming C# © 2003 DevelopMentor, Inc.
Presentation transcript:

Modular Typestate Checking for Concurrent Java Programs Nels E. Beckman Carnegie Mellon University (Advised by Jonathan Aldrich)

Problem: Check-then-Act Races class OnePlaceBuffer { T item = null; public synchronized boolean isFull() {...} public synchronized void put(T item) {...} public synchronized T get() { if(item==null) throw new Empty(); T result = item; item = null; return result; } 2 void pass() { final OnePlaceBuffer b = new OnePlaceBuffer (); b.put("Welcome to OOPSLA!"); shareWithNewThread(b); if( b.isFull() ) print(b.get()); } void shareWithNewThread(OnePlaceBuffer b) { new Thread() { if( b.isFull() ) print(b.get()); }.start(); }

Approach: Specification & Access Permissions 1.Programmers define abstract states & transitions – (Implicitly with PRE- and POST-conditions) 2.Specifications also include access permissions – Describe aliasing, approximates thread sharing – Checked for consistency 3.Statically track states of refs to objects that cannot be concurrently modified 4.If mutual exclusion is used, temporarily track states of refs to object that can be 3

1 – Define Protocol via Specification 4 class OnePlaceBuffer public synchronized boolean isFull() public synchronized void put(T item) ensures=“EMPTY”) public synchronized T get() {…} }

2 – Access Permissions Static information, specified for each reference, tracked by analysis – Does reference point to aliased object? – Does ref. have the right to modify? Do other refs.? – Approximates thread-sharedness – Five different kinds of permission 5 unique(ref) – “At runtime, ref will be the only reference pointing to the object.” immutable(ref) – “ref points to an aliased object, but no reference can modify it.” full(ref) – “ref points to an aliased object, that will only be modified through ref.” pure(ref) – “ref points to an aliased object, that it cannot be used to modify. Other modifying references may exist!” share(ref) – “ref points to an aliased object and can be used to modify that object. Other modifying references may exist!”

2 – Adding Access Permissions to Spec. class OnePlaceBuffer @FalseIndicates(“EMPTY”) synchronized boolean isFull() ensures=“FULL”) synchronized void put(T item) ensures=“EMPTY”) public synchronized T get() {…} } void pass() { final OnePlaceBuffer b = new OnePlaceBuffer (); b.put("Welcome to OOPSLA!"); shareWithNewThread(b); if( b.isFull() ) print(b.get()); } void OnePlaceBuffer b) { new Thread() { if( b.isFull() ) print(b.get()); }.start(); } 6

3 – Tracking States on References void OnePlaceBuffer b) { new Thread() { // Context: share(b) in ? if( b.isFull() ) // Context: share(b) in ? print(b.get()); }.start(); } 7 Recall: share(ref) – “ref points to an aliased object and can be used to modify that object. Other modifying references may exist!” Assuming that other refs are reachable from other threads… We must assume concurrent modification! // ERROR

4 – Using Mutual Exclusion void OnePlaceBuffer b) { new Thread() { synchronized(b) { // Context: share(b) in ? if( b.isFull() ) // Context: share(b) in FULL print(b.get()); // Context: share(b) in EMPTY } }.start(); } 8

Not Covered in this Talk… Verification of Implementation – Ensures correct synchronization internally Rules for Subtyping – Ensuring that subtype specs are compatible Dimensions – Allow states and permissions to reference sub-sets of an object State Hierarchies – Hierarchical state refinement Fractions – Allow weaker permissions (e.g., share) to be statically combined to form stronger permissions (e.g., unique) 9

Related Work Fractional Permissions – Boyland Ownership Types – Jacobs et al Concurrent Separation Logic – O’Hearn Single-threaded permissions – Bierhoff et al – (Unsound in multi-threaded programs) 10

Contributions Going beyond static data race detection – Preventing application-specific, check-then-act races Extends single-threaded work with no additional specification burden For S.R.C. – Extended approach to support synchronized blocks 11

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.