Presentation is loading. Please wait.

Presentation is loading. Please wait.

DoubleChecker: Efficient Sound and Precise Atomicity Checking Swarnendu Biswas, Jipeng Huang, Aritra Sengupta, and Michael D. Bond The Ohio State University.

Published byStuart Parks Modified over 8 years ago

Similar presentations

Presentation on theme: "DoubleChecker: Efficient Sound and Precise Atomicity Checking Swarnendu Biswas, Jipeng Huang, Aritra Sengupta, and Michael D. Bond The Ohio State University."— Presentation transcript:

1 DoubleChecker: Efficient Sound and Precise Atomicity Checking Swarnendu Biswas, Jipeng Huang, Aritra Sengupta, and Michael D. Bond The Ohio State University PLDI 2014

2 Impact of Concurrency Bugs

3 Northeastern blackout, 2003

4 Impact of Concurrency Bugs

5 Atomicity Violations ● Constitute 69% 1 of all non-deadlock concurrency bugs 1. S. Lu et al. Learning from Mistakes: A Comprehensive Study on Real World Concurrency Bug Characteristics. In ASPLOS, 2008.

6 Atomicity ● Concurrency correctness property ● Synonymous with serializability o Program execution must be equivalent to some serial execution of the atomic regions

7 Atomicity Violation Example Thread 1Thread 2 void execute() { while (...) { prepareList(); processList(); resetList(); } void execute() { while (...) { prepareList(); processList(); resetList(); }

8 Atomicity Violation Example Thread 1Thread 2 void prepareList() { synchronized (l1) { list.add(new Object()); } void processList() { synchronized (l1) { Object head = list.get(0); } void resetList() { synchronized (l1) { list = null; }

9 Atomicity Violation Example Thread 1Thread 2 void prepareList() { synchronized (l1) { list.add(new Object()); } void processList() { synchronized (l1) { Object head = list.get(0); } void resetList() { synchronized (l1) { list = null; } Null pointer dereference Data-race-free program

10 Atomicity Violation Example Thread 1Thread 2 void execute() { while (...) { prepareList(); processList(); resetList(); } void execute() { while (...) { prepareList(); processList(); resetList(); } atomic

11 ● Check for conflict serializability o Build a transactional dependence graph o Check for cycles ● Existing work o Velodrome, Flanagan et al., PLDI 2008 o Farzan and Parthasarathy, CAV 2008 Detecting Atomicity Violations

12 Transactional Dependence Graph wr o.f wr o.g wr o.f acq lock rel lock time Thread 1Thread 2Thread 3 transaction

13 Transactional Dependence Graph wr o.f wr o.g wr o.f acq lock rel lock time Thread 1Thread 2Thread 3 transaction

14 Cycle means Atomicity Violation wr o.f wr o.g rd o.f wr o.f acq lock rel lock time Thread 1Thread 2Thread 3 transaction

15 Velodrome 1 ●Paper reports 12.7X overhead ●6.1X in our experiments Prior Work is Slow 1. C. Flanagan et al. Velodrome: A Sound and Complete Dynamic Atomicity Checker for Multithreaded Programs. In PLDI, 2008.

16 ● Precise tracking is expensive o “last transaction(s) to read/write” for every field o Need atomic updates in instrumentation High Overheads of Prior Work

17 Instrumentation Approach Program access Uninstrumented program Instrumented program

18 Precise Tracking is Expensive! Program access Update metadata Program access Analysis-specific work Uninstrumented program Instrumented program Precise tracking of dependences Can lead to remote cache misses for mostly read-only variables

19 Synchronized Updates are Expensive! Lock metadata access Program access Unlock metadata access Program access Uninstrumented program Instrumented program atomic

20 Synchronized Updates are Expensive! Lock metadata access Program access Unlock metadata access Program access Uninstrumented program Instrumented program atomic synchronization on every access slows programs atomic

21 DoubleChecker

22 ● Dynamic atomicity checker based on conflict serializability ● Precise o Sound and unsound operation modes ● Incurs 2-4 times lower overheads ● Makes dynamic atomicity checking more practical DoubleChecker’s Contributions

23 Key Insights ● Avoid high costs of precise tracking of dependences at every access o Common case: no dependences  Most accesses are thread local

24 ● Tracks dependences imprecisely o Soundly over-approximates dependences o Recovers precision when required o Turns out to be a lot cheaper Key Insights

25 Staged Analysis ● Imprecise cycle detection (ICD) ● Precise cycle detection (PCD)

26 Imprecise Cycle Detection ● Processes every program access ● Soundly overapproximates dependences, is cheap ● Could have false positives Program execution ICD atomicity specifications Imprecise cycles sound tracking

27 Precise Cycle Detection ● Processes a subset of program accesses ● Performs precise analysis ● No false positives PCD Precise violations Imprecise cycles access information static program locations

28 Staged Analyses: ICD and PCD Program execution ICD atomicity specifications Imprecise cycles PCD sound tracking Precise violations access information static program locations

29 ICD is Sound Program execution ICD atomicity specifications Imprecise cycles PCD sound tracking Precise violations access information true atomicity violations static program locations

30 Role of ICD ● Most accesses in a program are thread-local o Uses Octet 1 for tracking cross-thread dependences ● Acts as a dynamically sound transaction filter 1. M. Bond et al. Octet: Capturing and Controlling Cross-Thread Dependences Efficiently. In OOPSLA, 2013. Program execution ICD atomicity specifications Imprecise cycles sound tracking

31 Role of PCD ● Processes transactions involved in an ICD cycle o Performs precise serializability analysis o PCD has to do much less work  Program conforming to its atomicity specification will have very few cycles PCD Precise violation Imprecise cycles access information static program locations

32 Different Modes of Operation ●Single-run mode ●Multi-run mode

33 Single-Run Mode ICD ICD cycles read/write logs Program execution ICD+PCD atomicity specifications PCD Atomicity violations

34 Multi-run Mode Program execution ICD+PCD Atomicity violations monitored transactions First run Second run Program execution ICD Potentially imprecise cycles atomicity specifications Static transaction information sound tracking

35 ● Multi-run mode o Conditionally instruments non-transactional accesses  Otherwise overhead increases by 29% o Could use Velodrome for the second run  But performance is worse ● Second run has to process many accesses ● ICD is still effective as a dynamic transaction filter Design Choices

36 Examples ●Imprecise analysis ●Precise analysis

37 Imprecise Analysis time wr o.f (WrEx T1 ) Thread 1Thread 4Thread 2Thread 3 transaction

38 Imprecise Analysis time wr o.f (WrEx T1 ) Thread 1Thread 4Thread 2Thread 3

39 Imprecise Analysis time wr o.f (WrEx T1 ) Thread 1Thread 4Thread 2Thread 3 rd o.g (RdEx T2 )

40 Imprecise Analysis time wr o.f (WrEx T1 ) Thread 1Thread 4Thread 2Thread 3 rd o.g (RdEx T2 ) rd o.f (RdSh c )

41 Imprecise Analysis time wr o.f (WrEx T1 ) Thread 1Thread 4Thread 2Thread 3 rd o.g (RdEx T2 ) rd o.f (RdSh c ) rd o.h (fence)

42 Imprecise Analysis time wr o.f (WrEx T1 ) Thread 1Thread 4Thread 2Thread 3 rd o.g (RdEx T2 ) rd o.f (RdSh c ) rd o.h (fence) wr o.f (WrEx T1 )

43 Precise Analysis time Thread 1Thread 4Thread 2Thread 3 rd o.g rd o.f rd o.h wr o.f

44 No Precise Violation time Thread 1Thread 4Thread 2Thread 3 rd o.g rd o.f rd o.h wr o.f

45 ICD Cycle time wr o.f (WrEx T1 ) Thread 1Thread 4Thread 2Thread 3 rd o.g (RdEx T2 ) rd o.h (RdEx T2 ) rd o.f (RdSh c ) rd o.h (fence) wr o.f (WrEx T1 )

46 Precise analysis time wr o.f Thread 1Thread 4Thread 2Thread 3 rd o.g rd o.h rd o.f rd o.h wr o.f

47 Precise Violation time wr o.f Thread 1Thread 4Thread 2Thread 3 rd o.g rd o.h rd o.f rd o.h wr o.f

48 ●Implementation ●Atomicity specifications ●Experiments Evaluation Methodology

49 Implementation ● DoubleChecker and Velodrome o Developed in Jikes RVM 3.1.3 o Artifact successfully evaluated o Code shared on Jikes RVM Research Archive

50 Experimental Methodology ● Benchmarks o DaCapo 2006, 9.12-bach, Java Grande, other benchmarks used in prior work 1 ● Platform: 3.30 GHz 4-core Intel i5 processor 1. C. Flanagan et al. Velodrome: A Sound and Complete Dynamic Atomicity Checker for Multithreaded Programs. In PLDI, 2008.

51 Atomicity Specifications ● Assume provided by the programmers ● We reuse prior work’s approach to infer the specifications DoubleChecker/ Velodrome atomicity specification All methods except main(), run(), callers of join(), wait(), etc. new violations reported? Yes No considered non-atomic

52 Soundness Experiments ● Generated atomicity violations with o Velodrome - sound and precise o DoubleChecker  Single-run mode - sound and precise  Multi-run mode - unsound ● Results match closely for Velodrome and the single-run mode o Multi-run mode finds 83% of all violations

53 Performance Experiments

54 ● Single-run mode - 1.9 times faster than Velodrome ● Multi-run mode o First run - 5.6 times faster o Second run - 3.7 times faster

55 ●2-4 times lesser overhead than current state-of-art ●Makes dynamic atomicity checking more practical DoubleChecker

56 Related Work ● Type systems  Flanagan and Qadeer, PLDI 2003  Flanagan et al., TOPLAS 2008 ● Model checking  Farzan and Madhusudan, CAV 2006  Flanagan, SPIN 2004  Hatcliff et al., VMCAI 2004

57 Related Work ● Dynamic analysis o Conflict-serializability-based approaches  Flanagan et al., PLDI 2008; Farzan and Madhusudan, CAV 2008 o Inferring atomicity  Lu et al., ASPLOS 2006; Xu et al., PLDI 2005; Hammer et al., ICSE 2008 o Predictive approaches  Sinha et al., MEMOCODE 2011; Sorrentino et al., FSE 2010 o Other approaches  Wang and Stoller, PPoPP 2006; Wang and Stoller, TSE 2006

58 What Has DoubleChecker Achieved? ● Improved overheads over current state-of- art o Makes dynamic atomicity checking more practical ● Cheaper to over-approximate dependences o Showcases a judicious separation of tasks to recover precision

Download ppt "DoubleChecker: Efficient Sound and Precise Atomicity Checking Swarnendu Biswas, Jipeng Huang, Aritra Sengupta, and Michael D. Bond The Ohio State University."

Similar presentations

A Randomized Dynamic Program Analysis for Detecting Real Deadlocks Pallavi Joshi  Chang-Seo Park  Koushik Sen  Mayur Naik ‡  Par Lab, EECS, UC Berkeley‡

A Randomized Dynamic Program Analysis for Detecting Real Deadlocks Pallavi Joshi  Chang-Seo Park  Koushik Sen  Mayur Naik ‡  Par Lab, EECS, UC Berkeley‡
The complexity of predicting atomicity violations Azadeh Farzan Univ of Toronto P. Madhusudan Univ of Illinois at Urbana Champaign.

The complexity of predicting atomicity violations Azadeh Farzan Univ of Toronto P. Madhusudan Univ of Illinois at Urbana Champaign.
Michael Bond (Ohio State) Milind Kulkarni (Purdue)

Michael Bond (Ohio State) Milind Kulkarni (Purdue)
Effective Static Deadlock Detection

Effective Static Deadlock Detection
Michael Bond Milind Kulkarni Man Cao Minjia Zhang Meisam Fathi Salmi Swarnendu Biswas Aritra Sengupta Jipeng Huang Ohio State Purdue.

Michael Bond Milind Kulkarni Man Cao Minjia Zhang Meisam Fathi Salmi Swarnendu Biswas Aritra Sengupta Jipeng Huang Ohio State Purdue.
An Case for an Interleaving Constrained Shared-Memory Multi-Processor Jie Yu and Satish Narayanasamy University of Michigan.

An Case for an Interleaving Constrained Shared-Memory Multi-Processor Jie Yu and Satish Narayanasamy University of Michigan.
ECE 454 Computer Systems Programming Parallel Architectures and Performance Implications (II) Ding Yuan ECE Dept., University of Toronto

ECE 454 Computer Systems Programming Parallel Architectures and Performance Implications (II) Ding Yuan ECE Dept., University of Toronto
Efficient, Context-Sensitive Dynamic Analysis via Calling Context Uptrees Jipeng Huang, Michael D. Bond Ohio State University.

Efficient, Context-Sensitive Dynamic Analysis via Calling Context Uptrees Jipeng Huang, Michael D. Bond Ohio State University.
Race Detection for Android Applications

Race Detection for Android Applications
Goldilocks: Efficiently Computing the Happens-Before Relation Using Locksets Tayfun Elmas 1, Shaz Qadeer 2, Serdar Tasiran 1 1 Koç University, İstanbul,

Goldilocks: Efficiently Computing the Happens-Before Relation Using Locksets Tayfun Elmas 1, Shaz Qadeer 2, Serdar Tasiran 1 1 Koç University, İstanbul,
Verification of Multithreaded Object- Oriented Programs with Invariants Bart Jacobs, K. Rustan M. Leino, Wolfram Schulte.

Verification of Multithreaded Object- Oriented Programs with Invariants Bart Jacobs, K. Rustan M. Leino, Wolfram Schulte.
A Randomized Dynamic Program Analysis for Detecting Real Deadlocks Koushik Sen CS 265.

A Randomized Dynamic Program Analysis for Detecting Real Deadlocks Koushik Sen CS 265.
Resurrector: A Tunable Object Lifetime Profiling Technique Guoqing Xu University of California, Irvine OOPSLA’13 Conference Talk 1.

Resurrector: A Tunable Object Lifetime Profiling Technique Guoqing Xu University of California, Irvine OOPSLA’13 Conference Talk 1.
/ PSWLAB Concurrent Bug Patterns and How to Test Them by Eitan Farchi, Yarden Nir, Shmuel Ur published in the proceedings of IPDPS’03 (PADTAD2003)

/ PSWLAB Concurrent Bug Patterns and How to Test Them by Eitan Farchi, Yarden Nir, Shmuel Ur published in the proceedings of IPDPS’03 (PADTAD2003)
SOS: Saving Time in Dynamic Race Detection with Stationary Analysis Du Li, Witawas Srisa-an, Matthew B. Dwyer.

SOS: Saving Time in Dynamic Race Detection with Stationary Analysis Du Li, Witawas Srisa-an, Matthew B. Dwyer.
Atomicity in Multi-Threaded Programs Prachi Tiwari University of California, Santa Cruz CMPS 203 Programming Languages, Fall 2004.

Atomicity in Multi-Threaded Programs Prachi Tiwari University of California, Santa Cruz CMPS 203 Programming Languages, Fall 2004.
CS 263 Course Project1 Survey: Type Systems for Race Detection and Atomicity Feng Zhou, 12/3/2003.

CS 263 Course Project1 Survey: Type Systems for Race Detection and Atomicity Feng Zhou, 12/3/2003.
Atomicity Violation Detection Prof. Moonzoo Kim CS492B Analysis of Concurrent Programs.

Atomicity Violation Detection Prof. Moonzoo Kim CS492B Analysis of Concurrent Programs.
Formalisms and Verification for Transactional Memories Vasu Singh EPFL Switzerland.

Formalisms and Verification for Transactional Memories Vasu Singh EPFL Switzerland.
Mayur Naik Alex Aiken John Whaley Stanford University Effective Static Race Detection for Java.

Mayur Naik Alex Aiken John Whaley Stanford University Effective Static Race Detection for Java.

Similar presentations

Ads by Google