

























Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Material Type: Notes; Class: CIS-TOPICS; Subject: Computer & Information Science; University: University of Pennsylvania; Term: Fall 2004;
Typology: Study notes
1 / 33
This page cannot be seen from the preview
Don't miss anything!


























Focus is on the paper:
“Atomizer: A Dynamic Atomicity Checker for Multithreaded Programs”
by C. Flanagan and S. Freundpresented by Sebastian Burckhardt
University of Pennsylvania
CIS 700 – Runtime Verification Seminar
Wednesday, October 20, 2004
Checking concurrent executions
-^
Problem: number of possible concurrentexecutions very large
-^
Approach I: Check them all– means: model check the concurrent model– not practical without heavy abstraction
-^
Approach II: Check just one– this is the regular “testing” method
-^
Approach III: Check one, and extrapolate– look for bad things that “could” happen
What are we looking for?
Deadlock– look for inconsistent order of lock acquisition
-^
Races– look for variables that aren’t consistently protected
by some lock, by tracking locks held during eachaccess (e.g. “Eraser” Lockset alg)
View inconsistency– track variable sets associated which each lock (e.g.
in JPaX, JNuke)
Atomicity– Reduction-based (e.g. Atomizer)– Block based (e.g. Wang/Stoller’s tool)
Atomicity Checking: Advantages
find bugs that are resistant to regular
testing, and race detection
-^
Good correspondence with programmingmethodology– easy to understand the idea– can verify interfaces, encouraging code reuse– programmer can gain confidence in code by
validating atomicity assumptions
Scalable– has been applied to >100k lines of Java code
public final class StringBuffer
{
public synchronized StringBuffer append(StringBuffer sb) {
int len
= sb.length();
... // another thread can modify sb here... // => len is no longer the correct length of len... // but there is no race.sb.getChars(0, len, value,
count);
... } public synchronized int length() { ... }public synchronized void
getChars(...) { ... }
}
A block of code is ‘atomic’ if for every legalexecution of the program, there is an equivalentlegal execution within which the entire blockexecutes without preemption.
-^
Executions are “equivalent” iff– the (dynamic) instruction stream per thread is
identical
Perform instrumentation on the source code level– could also be done at the bytecode level– Instrumented source code produces event stream
during execution
Analyze event stream on-line (Atomizer) or off-line.– For each block that is supposed to be atomic, check
whether there is an equivalent execution in which it isscheduled contiguously
We can’t possibly check all possible executionsto find an equivalent atomic one
-^
Idea: Find a large class of instruction sequencesfor which we can always guarantee that it canbe shuffled into an uninterrupted sequence bylocal, pairwise swaps.
-^
Then, warn user if supposedly atomic blockdoes not belong to this class
-^
-> Lipton’s theory of reduction (1975)
Let’s denote the instructions as follows: L forleft-mover, R for right-mover, N for non-mover, Bfor both-mover
-^
Then any execution sequence matching thefollowing regular expression is equivalent to anatomic one:
ε
Examples:
But not: