Specifying Java Thread Semantics Using a Uniform Memory Model Jason Yue Yang Ganesh Gopalakrishnan Gary Lindstrom School of Computing University of Utah.

Slides:



Advertisements
Similar presentations
Tintu David Joy. Agenda Motivation Better Verification Through Symmetry-basic idea Structural Symmetry and Multiprocessor Systems Mur ϕ verification system.
Advertisements

Memory Models (1) Xinyu Feng University of Science and Technology of China.
Architecture Representation
D u k e S y s t e m s Time, clocks, and consistency and the JMM Jeff Chase Duke University.
Transaction Based Modeling and Verification of Hardware Protocols Xiaofang Chen, Steven M. German and Ganesh Gopalakrishnan Supported in part by Intel.
Parallel Programming Motivation and terminology – from ACM/IEEE 2013 curricula.
ISBN Chapter 3 Describing Syntax and Semantics.
Java How to Program, 9/e CET 3640 Professor: Dr. José M. Reyes Álamo © Copyright by Pearson Education, Inc. All Rights Reserved.
CS 263 Course Project1 Survey: Type Systems for Race Detection and Atomicity Feng Zhou, 12/3/2003.
Confined Types Encapsulation and modularity Seminar November, 2005 presented by: Guy Gueta.
Software Connectors. Attach adapter to A Maintain multiple versions of A or B Make B multilingual Role and Challenge of Software Connectors Change A’s.
Formalisms and Verification for Transactional Memories Vasu Singh EPFL Switzerland.
OOP in Java Nelson Padua-Perez Chau-Wen Tseng Department of Computer Science University of Maryland, College Park.
Formalizing Memory Consistency Models for Program Analysis Jason Yue Yang This work was supported in part by NSF Research Grant No. CCR and SRC.
1 Sharing Objects – Ch. 3 Visibility What is the source of the issue? Volatile Dekker’s algorithm Publication and Escape Thread Confinement Immutability.
Describing Syntax and Semantics
1 Formal Engineering of Reliable Software LASER 2004 school Tutorial, Lecture1 Natasha Sharygina Carnegie Mellon University.
Shared Memory Consistency Models: A Tutorial By Sarita V Adve and Kourosh Gharachorloo Presenter: Meenaktchi Venkatachalam.
Transaction Based Modeling and Verification of Hardware Protocols Xiaofang Chen, Steven M. German and Ganesh Gopalakrishnan Supported in part by SRC Contract.
The Software Product Life Cycle. Views of the Software Product Life Cycle  Management  Software engineering  Engineering design  Architectural design.
Analyzing the CRF Java Memory Model Yue Yang Ganesh Gopalakrishnan Gary Lindstrom School of Computing University of Utah.
Semantics of Multithreaded Java Jeremy Manson and William Pugh Background Material Jack Newton University of Alberta
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 10 Slide 1 Formal Specification.
272: Software Engineering Fall 2012 Instructor: Tevfik Bultan Lecture 4: SMT-based Bounded Model Checking of Concurrent Software.
Java How to Program, 9/e CET 3640 Professor: Dr. Reyes Álamo © Copyright by Pearson Education, Inc. All Rights Reserved.
Architectural Design.
Memory Consistency Models Some material borrowed from Sarita Adve’s (UIUC) tutorial on memory consistency models.
A Behavioral Memory Model for the UPC Language Kathy Yelick Joint work with: Dan Bonachea, Jason Duell, Chuck Wallace.
Formal Methods 1. Software Engineering and Formal Methods  Every software engineering methodology is based on a recommended development process  proceeding.
Object-Oriented Implementation of Reconciliations M.Sc. Seminar Talk by Costa Shapiro under supervision of Prof. Shmuel Katz Computer Science – Technion.
An Introduction to Software Architecture
Runtime Refinement Checking of Concurrent Data Structures (the VYRD project) Serdar Tasiran Koç University, Istanbul, Turkey Shaz Qadeer Microsoft Research,
Overview of Formal Methods. Topics Introduction and terminology FM and Software Engineering Applications of FM Propositional and Predicate Logic Program.
CS6133 Software Specification and Verification
CHAPTER 6 - MODELING ANH AU. BACKGROUND Architectural model – an artifact that captures some or all of the design decisions that comprise a system’s architecture.
Chapter 10 Analysis and Design Discipline. 2 Purpose The purpose is to translate the requirements into a specification that describes how to implement.
1 Capturing Requirements As Use Cases To be discussed –Artifacts created in the requirements workflow –Workers participating in the requirements workflow.
Sharing Objects  Synchronization  Atomicity  Specifying critical sections  Memory visibility  One thread’s modification seen by the other  Visibility.
Shared Memory Consistency Models. SMP systems support shared memory abstraction: all processors see the whole memory and can perform memory operations.
Memory Consistency Models. Outline Review of multi-threaded program execution on uniprocessor Need for memory consistency models Sequential consistency.
Java Thread and Memory Model
Multiprocessor Cache Consistency (or, what does volatile mean?) Andrew Whitaker CSE451.
1 Model Checking of Robotic Control Systems Presenting: Sebastian Scherer Authors: Sebastian Scherer, Flavio Lerda, and Edmund M. Clarke.
CS 295 – Memory Models Harry Xu Oct 1, Multi-core Architecture Core-local L1 cache L2 cache shared by cores in a processor All processors share.
DISTRIBUTED COMPUTING
CIS 842: Specification and Verification of Reactive Systems Lecture INTRO-Examples: Simple BIR-Lite Examples Copyright 2004, Matt Dwyer, John Hatcliff,
Architecture View Models A model is a complete, simplified description of a system from a particular perspective or viewpoint. There is no single view.
ICFEM 2002, Shanghai Reasoning about Hardware and Software Memory Models Abhik Roychoudhury School of Computing National University of Singapore.
Software Connectors Acknowledgement: slides mostly from Software Architecture: Foundations, Theory, and Practice; Richard N. Taylor, Nenad Medvidovic,
Parosh Aziz Abdulla 1, Mohamed Faouzi Atig 1, Zeinab Ganjei 2, Ahmed Rezine 2 and Yunyun Zhu 1 1. Uppsala University, Sweden 2. Linköping University, Sweden.
Winter 2007SEG2101 Chapter 121 Chapter 12 Verification and Validation.
Specifying Multithreaded Java semantics for Program Verification Abhik Roychoudhury National University of Singapore (Joint work with Tulika Mitra)
Agenda  Quick Review  Finish Introduction  Java Threads.
A Generic Model for Software Architecture Yun Sang-hyun Rossak. W. / Kirova. V. / Jolian. L. / Lawson. H. / Zemel. T. Software, IEEE Jul/Aug.
An Operational Approach to Relaxed Memory Models
Opeoluwa Matthews, Jesse Bingham, Daniel Sorin
Speculative Lock Elision
Memory Consistency Models
Memory Consistency Models
Specifying Multithreaded Java semantics for Program Verification
Lecture 8 Thread Safety.
Threads and Memory Models Hal Perkins Autumn 2011
Atomicity in Multithreaded Software
Threads and Memory Models Hal Perkins Autumn 2009
An Introduction to Software Architecture
Store Atomicity What does atomicity really require?
Xinyu Feng University of Science and Technology of China
Relaxed Consistency Finale
Problems with Locks Andrew Whitaker CSE451.
Presentation transcript:

Specifying Java Thread Semantics Using a Uniform Memory Model Jason Yue Yang Ganesh Gopalakrishnan Gary Lindstrom School of Computing University of Utah

2 Multithreading in Java  Supported at language level  Need a formal memory model (thread semantics)  Current JMM Java Language Specification, Chap 17 It is broken

3 Problems with the Current JMM  Too strong Strict ordering constraints Strict synchronization visibility requirements  Too weak Reference escaping prematurely from constructor Final field specification omitted Volatile variable operations have no visibility requirement on normal variable operations

4 Example: Double-Checked Locking Idiom is Broken class foo { private static Resource resource = null; public static Resource get() { if (resource == null) { synchronized (this) { if (resource == null) resource = new Resource(); } return resource; }

5 Improvement Efforts  JSR-133: JMM and thread specification  JMM mailing list  Replacement proposals Manson and Pugh’s Model (JMM MP )  Based on set notation The CRF Model (JMM CRF )  Commit / Reconcile / Fence

6 Motivations  Stronger capability of formal verification  More uniform notation  Greater flexibility  More comprehensive support for language level models E.g., local variable behaviors in thread interactions

7 UMM (Uniform Memory Model)  Abstract transition system Memory model specified as guarded commands Executable with an integrated model checker  Flexible configuration Can specify various memory models  Uniform architecture Parameterizes differences among memory models  Semantics primarily based on JMM MP

8 UMM Conceptual Architecture LIB – Local Instruction Buffer LV – Local Variable Array GIB – Global Instruction Buffer LK – Lock Array LIB j LIB i Thread j Thread i LV i LV j GIB LK

9 Instruction Definition  t: issuing thread pc:program counter op: operation type var: variable data:data value local:local variable useLocal:tag for using local variable lock:lock time:global time stamp

10 Critical Memory Model Properties  Program order Instruction order determined by software  Visibility order Final observable order perceived by threads  Mutual exclusion

11 General Strategy in UMM  Enabling mechanism Program order may be relaxed to enable certain interleaving Controlled via bypassing table  Filtering mechanism Legal execution trace constructed from GIB following proper ordering requirements Enforced in read selection rules

12 Transition Table Example : read and write operations EventConditionAction readNormal  i  LIB t(i) : ready(i)  op(i) = ReadNormal  (  w  GIB: legalNormalWrite(i, w)) LV t(i) [local(i)] := data(w); LIB t(i) := delete(LIB t(i), i); writeNormal  i  LIB t(i) : ready(i)  op(i) = WriteNormal if (useLocal(i)) i.data := LV t(i) [local(i)]; end; GIB := append(GIB, i); LIB t(i) := delete(LIB t(i), i);

13 Bypassing Policies  Controlled by table BYPASS  ready(i), iff   j  LIB t(i) : pc(j) < pc(i)  (localDependent(i, j)  BYPASS[op(j)][op(i)] = No)

14 Condition legalNormalRead  Enforces Serialization Read gets data from the most recent previous write  legalNormalRead(i), iff op(w) = WriteNormal  var(w) = var(r)  (   w’  GIB : op(w’) = WriteNormal  var(w’) = var(r)  ordered(i, w’)  ordered(w’, w) )

15 The Ordering Requirement  Operations i1 and i2 are ordered, iff they are 1)ordered by program order, 2)synchronized by the same lock or volatile variable, or 3)transitively ordered by another intermediate operation  ordered(i1, i2), iff programOrdered(i1, i2)  synchronized(i1, i2)  (  i’  GIB : ordered(i1, i’)  ordered(i’, i2) )

16 UMM Implementation in Mur   The JMM engine Precisely defines the thread semantics Primarily based on semantics of JMM MP Implemented as Mur  rules and functions  Test Suite Carefully picked test cases Captures the essence of interesting properties Implemented with corresponding Mur  initial states and invariants

17 Analysis of the JMM  Ordering Property Coherence Write atomicity Causality Prescient write  Synchronization Property  Constructor Property

18 Example: Prescient Write Behavior  Result: Yes  Hence, anti-dependence (Read after Write) is not guaranteed Thread 1Thread 2 r1 = a; a = 1; r2 = a; a = r2; Initially, a = 0 Finally, can it result in r1 = 1 & r2 = 1?

19 Benefits  Support for formal verification Executable style – finds results immediately Exhaustive enumeration – reveals corner cases Rigorous specification – reduces ambiguities  Generic and uniform interface Enables configuration and comparison  Simple architecture Eliminates architecture-specific complexities

20 Limitations  Not intended to be the actual implementation  State explosion problem Limited to simple test cases

21 Ongoing Efforts  Comprehensive coverage for many common memory models  Support for theorem proving technique

22 For More Information …  UMM prototype  JMM mailing list archive  JSR-133: JMM and thread specification  JSR-166: Concurrency utility

23 Thank you!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.