Presentation is loading. Please wait.

Presentation is loading. Please wait.

/ PSWLAB Type-Based Race Detection for J AVA by Cormac Flanagan, Stephen N. Freund 22 nd Feb 2008 presented by Hong,Shin 2015-10-181Type-Based.

Published byLauren West Modified over 8 years ago

Similar presentations

Presentation on theme: "/ PSWLAB Type-Based Race Detection for J AVA by Cormac Flanagan, Stephen N. Freund 22 nd Feb 2008 presented by Hong,Shin 2015-10-181Type-Based."— Presentation transcript:

1 / 22Hong,Shin @ PSWLAB Type-Based Race Detection for J AVA by Cormac Flanagan, Stephen N. Freund 22 nd Feb 2008 presented by Hong,Shin 2015-10-181Type-Based Race Detection for JAVA

2 / 22Hong,Shin @ PSWLAB Introduction Race condition occurs when two thread manipulate a shared data structure simultaneously without synchronization. Race condition errors are schedule-dependent that these are difficult to catch using traditional testing technologies.  Support lock-based synchronization discipline by tracking the protecting lock for each shared field in the program and verifying that the appropriate lock is held whenever a shared field is accessed.  Express the reasoning and checks performed by this analysis as an extension of J AVA ’s type system. 2015-10-18Type-Based Race Detection for JAVA2

3 / 22Hong,Shin @ PSWLAB Introduction 2/2 Start by adopting the target system to a core subset of J AVA. And then extends the type system with a number of additional features: – classes parameterized by the locks – classes that are local to a particular thread 2015-10-18Type-Based Race Detection for JAVA3

4 / 22Hong,Shin @ PSWLAB C ONCURRENT J AVA 1/2 C ONCURRENT J AVA is a multithreaded subset of J AVA. Syntax 2015-10-18Type-Based Race Detection for JAVA4 if final modifier is present, then the field cannot be updated after initialization.

5 / 22Hong,Shin @ PSWLAB C ONCURRENT J AVA2/3 Informal Semantics – C ONCURRENT J AVA supports multithreaded programs by including the operation fork e which spawn a new thread for the evaluation of e. – Locks are provided: each object has an associated binary lock. The expression synchronized e 1 in e 2 is evaluated as follow: (1) acquire the associated lock of e 1. (2) e 2 is then evaluated. (3) release the associated lock of e 1. 2015-10-18Type-Based Race Detection for JAVA5

6 / 22Hong,Shin @ PSWLAB C ONCURRENT J AVA 3/3 1class Account { 2 int balance = 0 3 int deposit(int x) { 4 this.balance = this.balance + x 5 } 6} 7let Account a = new Account in { 8 fork { a.deposit(10) } 9 fork { a.deposit(10) } 10} 2015-10-18Type-Based Race Detection for JAVA6 Schedule Scenario 2 8 call a.deposit(10) 4 this.balance+x=10 4 this.balance :=10 Schedule Scenario 1 8 call a.deposit(10) 4 this.balance+x=10 4 this.balance:=10 8 call a.deposit(10) 4 this.balance+x=20 4 this.balance :=20 1class Account { 2 int balance = 0 3 int deposit(int x) { 4 synchronized this in { 5 this.balance = this.balance + x 6 } 7 } 8} 9let Account a = new Account in { 10 fork { a.deposit(10) } 11 fork { a.deposit(10) } 12} /* Race-Free Account */

7 / 22Hong,Shin @ PSWLAB R ACE F REE J AVA1/1 Race conditions are commonly avoided by the lock-based synchronization discipline. The type system needs to verify that each field has a protecting lock that is held whenever the field is accessed or updated. (1) associates a protecting lock with each field declaration. → programmers provide additional type annotations (2) tracks the set of locks held at each field access or update. → the type system automatically verifies that the locks are indeed held at each field access, field update, and call-site of the method. R ACE F REE J AVA – An extended language of C ONCURRENT J AVA – The modified syntax 2015-10-18Type-Based Race Detection for JAVA7 field::= [ final ] opt t fd guarded_by l = e meth::= t mn (arg*) [ requires ls] opt { e } ls::= l* l::= e

8 / 22Hong,Shin @ PSWLAB Type System 1/5 Type Judgment – P ; E ; ls ` e : t P : the program being checked E : an environment providing types for the free variables of e ls : a set of final expressions describing the locks that are held when the expression e is evaluated. e : an expression t : the type of e Type Rules – The type rules track the set of locks held each program point. 2015-10-18Type-Based Race Detection for JAVA8 { } P ; E ` fianl l : c checks that l is a final expression of some class type c

9 / 22Hong,Shin @ PSWLAB Type System 2/5 2015-10-18Type-Based Race Detection for JAVA9 Check that the lock l guarding fd is held at this program point; i.e., that l denotes the same lock as some expression l ’ in current lock set. → approximates semantic equivalence by syntactic equivalence, and simply to check that l ≡ l ’. P ; E ` fianl e 1 : c checks that e 1 is a final expression of some class type c ex) final Object a = new Object final Object b = a int data guarded_by a : synchronized b in { data = 0 }

10 / 22Hong,Shin @ PSWLAB Type System – Example 3/5 P : class Account { int balance guarded_by this = 0 int deposit(int x) synchronized this in { this.balance = this.balance + x } } let Account a = new Account in { fork { a.deposit(10 } fork { a.deposit(10) } } 2015-10-18Type-Based Race Detection for JAVA10 P ; Account this ` int P ; Account this ` Á P ; Account this, int x ; Á ` synchronized …. : int -------------------------[METHOD] P ; Account this ` final this : Account P ; Account this ; Á ` 0 : int -------------------------[FIELD] E = Account this P ; Account this ` int balance guarded_by this=0 P ; Account this ` int deposit(int x) { … } -------------------[CLASS] P = class Account{ …} let Account a = new Account …. P ` class Account{…} P ; Á ; Á ` let Account a = new Account in … : int --------------------[PROG] ` P : int

11 / 22Hong,Shin @ PSWLAB Type System – Example 4/5 P ; Account this, int x ` this : Account P ; Account this, int x ` (int balance guarded_by this = 0) 2 Account P ; Account this, int x ` this 2 {this} P ; Account this, int x ` int -------------------[EXP REF] P ; Account this, int x ; {this} ` this.balance+x : Account P ; Account this, int x ` (int balance guarded_by this = 0) 2 Account P ; Account this, int x ` this 2 {this} P ; Account this, int x ; {this} ` this.balance+x -------------------[EXP ASSIGN] P ; Account this, int x ` final this : Account P ; Account this, int x ; {this} ` {this.balance=this.balance+x} : int ------------------[EXP SYNC] P ; Account this, int x ; Á ` synchronized this in {this.balance=this.balance+x} : int : : 2015-10-18Type-Based Race Detection for JAVA11

12 / 22Hong,Shin @ PSWLAB Type System – Example 5/5 2015-10-18Type-Based Race Detection for JAVA12 P ; Account a ; Á ` a : Account P ; Account a ` (int deposit(int x)) 2 Account P ; Account a ; Á ` 10 : int P ; Account a ` Á µ Á P ; Account a ` int --------------------[EXP INVOKE] P ; Account a ` Á P ; Account a ; Á ` a.deposit(10) : int --------------------[EXP FORK] P ; Á ; Á ` new Account : Account P ; Account a ; Á ` fork{a.deposit(10)} fork{a.deposit(10)} : s P ; Á ; Á ` s ---------------------[EXP LET] P = defn e P ` defn P ; Á ; Á ` let Account a = new Account in {…} : int --------------------[PROG] ` P : int

13 / 22Hong,Shin @ PSWLAB External Locks 1/2 The only variable in scope at a field declaration is this, the fields of an object must be protected by a lock that is accessible from the object. It is necessary to protect the fields of an object by some locks external to the object. Ex) In a linked list, the node objects in a list should be synchronized by a lock which is outside of the node class. To accommodate this programming pattern, we extend R ACE F REE J AVA to allow classes to be parameterized by external locks defn ::= class cn body garg ::= ghost t x c ::= cn | Object 2015-10-18Type-Based Race Detection for JAVA13

14 / 22Hong,Shin @ PSWLAB External Locks 2/2 2015-10-18Type-Based Race Detection for JAVA14

15 / 22Hong,Shin @ PSWLAB Thread-Local Classes 1/2 Large multithreaded programs typically have sections of code that operate on data that is not shared across multiple threads. To accommodate this situation, the concept of thread-local classes is introduced. The language is extended to allow an optional thread_local modifier on class definitions and to make guarded_by clause on field declarations optional in a thread-local class. defn ::= [ thread_local ] opt class cn body field ::= [ final ] opt t fd [ guarded_by l] opt = e 2015-10-18Type-Based Race Detection for JAVA15

16 / 22Hong,Shin @ PSWLAB Thread-Local Classes 2/2 2015-10-18Type-Based Race Detection for JAVA16 The type system must ensure that thread-local objects are not accessible from non thread-local objects.  extends the rules not to eliminate this possibility.

17 / 22Hong,Shin @ PSWLAB Implementation 1/1 2015-10-18Type-Based Race Detection for JAVA17 R ACE F REE J AVA type system is extended to support full J AVA language in rccjava implementation. The comments that start with the character “#” are treated as type annotations by the tool. The tool was built on top of an existing J AVA front-end that includes a scanner, parser, and type checker.

18 / 22Hong,Shin @ PSWLAB Experiment Results 1/2 2015-10-18Type-Based Race Detection for JAVA18 To test effectiveness of the tool, several multithreaded JAVA program was checked by the tool. It was reported that the annotation process proceeded at a rate of 1000lines of code per programmer-hour.

19 / 22Hong,Shin @ PSWLAB Experiment Results 2/2 2015-10-18Type-Based Race Detection for JAVA19 1.class Vector { 2. Object elementData[] /*# guarded_by this */ 3. int elementCount /*# guarded_by this */ 4. synchronized boolean removeAllElements() { 5. : 6. elementCount = 0 ; 7. : 8. } 9. synchronized int lastIndexOf(Object elem, int n) { 10. for (int i = n ; --i >= 0 ; ) 11. if (elem.equals(elementData[i])) { … } 12. } 13. int lastIndexOf(Object elem) { 14. return lastIndexOf(elem, elementCount) ; 15. } 16.} Excerpt from java.util.Vector Two threads work on the same Vector object elementCount = 10 ; 13 invokel lastIndexOf(elem) 4 invoke synchronized removeAllElements() 5 elementCount = 0 14 invoke lastIndexOf(elem, 10)  Race!

20 / 22Hong,Shin @ PSWLAB Conclusion The type system enforces programmers to write locking strategies of a program as annotations and checks whether the programmer wrote the program with the strategies or not. This type system enables race conditions to be detected early in the development cycle. The annotations can be used as documentation of locking strategies. Some synchronization patters are not supported in the type system (ex. reader-writer locks) 2015-10-18Type-Based Race Detection for JAVA20

21 / 22Hong,Shin @ PSWLAB Further work Efficient and Precise Datarace Detection for Multithreaded Object- Oriented Programs (PLDI’02) LOCKSMITH: Context-Sensitive Correlation Analysis for Race Detection(PLDI’06) 2015-10-18Type-Based Race Detection for JAVA21

22 / 22Hong,Shin @ PSWLAB Reference [1] Type-Based Race Detection for JAVA, Cormac Flanagan, Stephen N. Freund, PLDI 2000 2015-10-18Type-Based Race Detection for JAVA22

Download ppt "/ PSWLAB Type-Based Race Detection for J AVA by Cormac Flanagan, Stephen N. Freund 22 nd Feb 2008 presented by Hong,Shin 2015-10-181Type-Based."

Similar presentations

Types for Atomicity Authors: Cormac Flanagan, UC Santa Cruz Stephen Freund, Marina Lifshin, Williams College Shaz Qadeer, Microsoft Research Presentation.

Types for Atomicity Authors: Cormac Flanagan, UC Santa Cruz Stephen Freund, Marina Lifshin, Williams College Shaz Qadeer, Microsoft Research Presentation.
CPSC 388 – Compiler Design and Construction

CPSC 388 – Compiler Design and Construction
Verification of Multithreaded Object- Oriented Programs with Invariants Bart Jacobs, K. Rustan M. Leino, Wolfram Schulte.

Verification of Multithreaded Object- Oriented Programs with Invariants Bart Jacobs, K. Rustan M. Leino, Wolfram Schulte.
Chapter 7 User-Defined Methods. Chapter Objectives  Understand how methods are used in Java programming  Learn about standard (predefined) methods and.

Chapter 7 User-Defined Methods. Chapter Objectives  Understand how methods are used in Java programming  Learn about standard (predefined) methods and.
Concurrency 101 Shared state. Part 1: General Concepts 2.

Concurrency 101 Shared state. Part 1: General Concepts 2.
Program Representations. Representing programs Goals.

Program Representations. Representing programs Goals.
Eraser: A Dynamic Data Race Detector for Multithreaded Programs STEFAN SAVAGE, MICHAEL BURROWS, GREG NELSON, PATRICK SOBALVARRO and THOMAS ANDERSON.

Eraser: A Dynamic Data Race Detector for Multithreaded Programs STEFAN SAVAGE, MICHAEL BURROWS, GREG NELSON, PATRICK SOBALVARRO and THOMAS ANDERSON.
1 Concurrency Specification. 2 Outline 4 Issues in concurrent systems 4 Programming language support for concurrency 4 Concurrency analysis - A specification.

1 Concurrency Specification. 2 Outline 4 Issues in concurrent systems 4 Programming language support for concurrency 4 Concurrency analysis - A specification.
CS 100Lecture 61 CS100J Lecture 6 n Previous Lecture –Programming Concepts n Programming by stepwise refinement –a pattern –sequential refinement –case.

CS 100Lecture 61 CS100J Lecture 6 n Previous Lecture –Programming Concepts n Programming by stepwise refinement –a pattern –sequential refinement –case.
A Parameterized Type System for Race-Free Java Programs Paper by Boyapti & Rinard, 2001 Christopher Dentel ETH, Concepts of Concurrent Computation, 2012.

A Parameterized Type System for Race-Free Java Programs Paper by Boyapti & Rinard, 2001 Christopher Dentel ETH, Concepts of Concurrent Computation, 2012.
Atomicity in Multi-Threaded Programs Prachi Tiwari University of California, Santa Cruz CMPS 203 Programming Languages, Fall 2004.

Atomicity in Multi-Threaded Programs Prachi Tiwari University of California, Santa Cruz CMPS 203 Programming Languages, Fall 2004.
/ PSWLAB Atomizer: A Dynamic Atomicity Checker For Multithreaded Programs By Cormac Flanagan, Stephen N. Freund 24 th April, 2008 Hong,Shin.

/ PSWLAB Atomizer: A Dynamic Atomicity Checker For Multithreaded Programs By Cormac Flanagan, Stephen N. Freund 24 th April, 2008 Hong,Shin.
CS 263 Course Project1 Survey: Type Systems for Race Detection and Atomicity Feng Zhou, 12/3/2003.

CS 263 Course Project1 Survey: Type Systems for Race Detection and Atomicity Feng Zhou, 12/3/2003.
C. FlanaganTypes for Race Freedom1 Cormac Flanagan UC Santa Cruz Stephen N. Freund Williams College Shaz Qadeer Microsoft Research Analysis of Concurrent.

C. FlanaganTypes for Race Freedom1 Cormac Flanagan UC Santa Cruz Stephen N. Freund Williams College Shaz Qadeer Microsoft Research Analysis of Concurrent.
C. FlanaganAtomicity for Reliable Concurrent Software - PLDI'05 Tutorial1 Atomicity for Reliable Concurrent Software Part 3a: Types for Race-Freedom and.

C. FlanaganAtomicity for Reliable Concurrent Software - PLDI'05 Tutorial1 Atomicity for Reliable Concurrent Software Part 3a: Types for Race-Freedom and.
C. FlanaganSAS’04: Type Inference Against Races1 Type Inference Against Races Cormac Flanagan UC Santa Cruz Stephen N. Freund Williams College.

C. FlanaganSAS’04: Type Inference Against Races1 Type Inference Against Races Cormac Flanagan UC Santa Cruz Stephen N. Freund Williams College.
Ownership Types for Safe Programming: Preventing Data Races and Deadlocks Chandrasekhar Boyapati Robert Lee Martin Rinard Laboratory for Computer Science.

Ownership Types for Safe Programming: Preventing Data Races and Deadlocks Chandrasekhar Boyapati Robert Lee Martin Rinard Laboratory for Computer Science.
Slides prepared by Rose Williams, Binghamton University Chapter 13 Interfaces and Inner Classes.

Slides prepared by Rose Williams, Binghamton University Chapter 13 Interfaces and Inner Classes.
Modular Verification of Multithreaded Software Shaz Qadeer Compaq Systems Research Center Shaz Qadeer Compaq Systems Research Center Joint work with Cormac.

Modular Verification of Multithreaded Software Shaz Qadeer Compaq Systems Research Center Shaz Qadeer Compaq Systems Research Center Joint work with Cormac.
Types for Atomicity in Multithreaded Software Cormac Flanagan Systems Research Center HP Labs.

Types for Atomicity in Multithreaded Software Cormac Flanagan Systems Research Center HP Labs.

Similar presentations

Ads by Google