Presentation is loading. Please wait.

Presentation is loading. Please wait.

Modular Typestate Checking for Concurrent Java Programs Nels E. Beckman Carnegie Mellon University (Advised by Jonathan Aldrich)

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Modular Typestate Checking for Concurrent Java Programs Nels E. Beckman Carnegie Mellon University (Advised by Jonathan Aldrich)"— Presentation transcript:

1 Modular Typestate Checking for Concurrent Java Programs Nels E. Beckman Carnegie Mellon University (Advised by Jonathan Aldrich)

2 Problem: Check-then-Act Races class OnePlaceBuffer { T item = null; public synchronized boolean isFull() {...} public synchronized void put(T item) {...} public synchronized T get() { if(item==null) throw new Empty(); T result = item; item = null; return result; } 2 void pass() { final OnePlaceBuffer b = new OnePlaceBuffer (); b.put("Welcome to OOPSLA!"); shareWithNewThread(b); if( b.isFull() ) print(b.get()); } void shareWithNewThread(OnePlaceBuffer b) { new Thread() { if( b.isFull() ) print(b.get()); }.start(); }

3 Approach: Specification & Access Permissions 1.Programmers define abstract states & transitions – (Implicitly with PRE- and POST-conditions) 2.Specifications also include access permissions – Describe aliasing, approximates thread sharing – Checked for consistency 3.Statically track states of refs to objects that cannot be concurrently modified 4.If mutual exclusion is used, temporarily track states of refs to object that can be 3

4 1 – Define Protocol via Specification 4 class OnePlaceBuffer { @Spec(ensures=“EMPTY”) public OnePlaceBuffer(){…} @TrueIndicates(“FULL”) @FalseIndicates(“EMPTY”) public synchronized boolean isFull() {…} @Spec(requires=“EMPTY”,ensures=“FULL”) public synchronized void put(T item) {…} @Spec(requires=“FULL”, ensures=“EMPTY”) public synchronized T get() {…} }

5 2 – Access Permissions Static information, specified for each reference, tracked by analysis – Does reference point to aliased object? – Does ref. have the right to modify? Do other refs.? – Approximates thread-sharedness – Five different kinds of permission 5 unique(ref) – “At runtime, ref will be the only reference pointing to the object.” immutable(ref) – “ref points to an aliased object, but no reference can modify it.” full(ref) – “ref points to an aliased object, that will only be modified through ref.” pure(ref) – “ref points to an aliased object, that it cannot be used to modify. Other modifying references may exist!” share(ref) – “ref points to an aliased object and can be used to modify that object. Other modifying references may exist!”

6 2 – Adding Access Permissions to Spec. class OnePlaceBuffer { @Unique(ensures=“EMPTY”) public OnePlaceBuffer(){…} @Pure @TrueIndicates(“FULL”) @FalseIndicates(“EMPTY”) synchronized boolean isFull() {…} @Share(requires=“EMPTY”, ensures=“FULL”) synchronized void put(T item) {…} @Share(requires=“FULL”, ensures=“EMPTY”) public synchronized T get() {…} } void pass() { final OnePlaceBuffer b = new OnePlaceBuffer (); b.put("Welcome to OOPSLA!"); shareWithNewThread(b); if( b.isFull() ) print(b.get()); } void shareWithNewThread( @Share(returned=“false”) OnePlaceBuffer b) { new Thread() { if( b.isFull() ) print(b.get()); }.start(); } 6

7 3 – Tracking States on References void shareWithNewThread( @Share(returned=“false”) OnePlaceBuffer b) { new Thread() { // Context: share(b) in ? if( b.isFull() ) // Context: share(b) in ? print(b.get()); }.start(); } 7 Recall: share(ref) – “ref points to an aliased object and can be used to modify that object. Other modifying references may exist!” Assuming that other refs are reachable from other threads… We must assume concurrent modification! // ERROR

8 4 – Using Mutual Exclusion void shareWithNewThread( @Share(returned=“false”) OnePlaceBuffer b) { new Thread() { synchronized(b) { // Context: share(b) in ? if( b.isFull() ) // Context: share(b) in FULL print(b.get()); // Context: share(b) in EMPTY } }.start(); } 8

9 Not Covered in this Talk… Verification of Implementation – Ensures correct synchronization internally Rules for Subtyping – Ensuring that subtype specs are compatible Dimensions – Allow states and permissions to reference sub-sets of an object State Hierarchies – Hierarchical state refinement Fractions – Allow weaker permissions (e.g., share) to be statically combined to form stronger permissions (e.g., unique) 9

10 Related Work Fractional Permissions – Boyland Ownership Types – Jacobs et al Concurrent Separation Logic – O’Hearn Single-threaded permissions – Bierhoff et al – (Unsound in multi-threaded programs) 10

11 Contributions Going beyond static data race detection – Preventing application-specific, check-then-act races Extends single-threaded work with no additional specification burden For S.R.C. – Extended approach to support synchronized blocks 11

Download ppt "Modular Typestate Checking for Concurrent Java Programs Nels E. Beckman Carnegie Mellon University (Advised by Jonathan Aldrich)"

Similar presentations

Rigorous Software Development CSCI-GA 3033-011 Instructor: Thomas Wies Spring 2012 Lecture 8.

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 8.
– R 7 :: 1 – 0024 Spring 2010 Parallel Programming 0024 Recitation Week 7 Spring Semester 2010.

– R 7 :: 1 – 0024 Spring 2010 Parallel Programming 0024 Recitation Week 7 Spring Semester 2010.
Automated Software Verification with a Permission-Based Logic 20 th June 2014, Zürich Malte Schwerhoff, ETH Zürich.

Automated Software Verification with a Permission-Based Logic 20 th June 2014, Zürich Malte Schwerhoff, ETH Zürich.
Classical Planning via Plan-space search COMP3431 Malcolm Ryan.

Classical Planning via Plan-space search COMP3431 Malcolm Ryan.
Verification of Multithreaded Object- Oriented Programs with Invariants Bart Jacobs, K. Rustan M. Leino, Wolfram Schulte.

Verification of Multithreaded Object- Oriented Programs with Invariants Bart Jacobs, K. Rustan M. Leino, Wolfram Schulte.
A simple sequential reasoning approach for sound modular verification of mainstream multithreaded programs Wolfram Schulte & Bart Jacobs Microsoft Research.

A simple sequential reasoning approach for sound modular verification of mainstream multithreaded programs Wolfram Schulte & Bart Jacobs Microsoft Research.
Concurrency 101 Shared state. Part 1: General Concepts 2.

Concurrency 101 Shared state. Part 1: General Concepts 2.
Intertask Communication and Synchronization In this context, the terms “task” and “process” are used interchangeably.

Intertask Communication and Synchronization In this context, the terms “task” and “process” are used interchangeably.
Utilities (Part 3) Implementing static features 1.

Utilities (Part 3) Implementing static features 1.
Verifying Correct Usage of Atomic Blocks and Typestate Nels E. Beckman Nels E. Beckman, Kevin Bierhoff, and Jonathan Aldrich Carnegie Mellon University.

Verifying Correct Usage of Atomic Blocks and Typestate Nels E. Beckman Nels E. Beckman, Kevin Bierhoff, and Jonathan Aldrich Carnegie Mellon University.
Alias Annotations for Program Understanding Jonathan Aldrich Valentin Kostadinov Craig Chambers University of Washington.

Alias Annotations for Program Understanding Jonathan Aldrich Valentin Kostadinov Craig Chambers University of Washington.
Slides prepared by Rose Williams, Binghamton University Chapter 13 Interfaces and Inner Classes.

Slides prepared by Rose Williams, Binghamton University Chapter 13 Interfaces and Inner Classes.
On the Relationship Between Concurrent Separation Logic and Assume-Guarantee Reasoning Xinyu Feng Yale University Joint work with Rodrigo Ferreira and.

On the Relationship Between Concurrent Separation Logic and Assume-Guarantee Reasoning Xinyu Feng Yale University Joint work with Rodrigo Ferreira and.
Synchronization in Java Nelson Padua-Perez Bill Pugh Department of Computer Science University of Maryland, College Park.

Synchronization in Java Nelson Padua-Perez Bill Pugh Department of Computer Science University of Maryland, College Park.
1 Islands : Aliasing Protection In Object-Oriented Languages By : John Hogg OOPSLA 91 Aharon Abadi.

1 Islands : Aliasing Protection In Object-Oriented Languages By : John Hogg OOPSLA 91 Aharon Abadi.
Synchronization in Java Fawzi Emad Chau-Wen Tseng Department of Computer Science University of Maryland, College Park.

Synchronization in Java Fawzi Emad Chau-Wen Tseng Department of Computer Science University of Maryland, College Park.
29-Jun-15 Java Concurrency. Definitions Parallel processes—two or more Threads are running simultaneously, on different cores (processors), in the same.

29-Jun-15 Java Concurrency. Definitions Parallel processes—two or more Threads are running simultaneously, on different cores (processors), in the same.
Process Synchronization Ch. 4.4 – Cooperating Processes Ch. 7 – Concurrency.

Process Synchronization Ch. 4.4 – Cooperating Processes Ch. 7 – Concurrency.
1/25 Pointer Logic Changki PSWLAB Pointer Logic Daniel Kroening and Ofer Strichman Decision Procedure.

1/25 Pointer Logic Changki PSWLAB Pointer Logic Daniel Kroening and Ofer Strichman Decision Procedure.
K. Rustan M. Leino RiSE, Microsoft Research, Redmond joint work with Peter Müller and Jan Smans Lecture 0 1 September 2009 FOSAD 2009, Bertinoro, Italy.

K. Rustan M. Leino RiSE, Microsoft Research, Redmond joint work with Peter Müller and Jan Smans Lecture 0 1 September 2009 FOSAD 2009, Bertinoro, Italy.

Similar presentations

Ads by Google