Runtime Atomicity Analysis of Multi-Threaded Programs Focus | CIS 700, Study notes of Computer Science

Material Type: Notes; Class: CIS-TOPICS; Subject: Computer & Information Science; University: University of Pennsylvania; Term: Fall 2004;

Typology: Study notes

Pre 2010

Uploaded on 03/28/2010

koofers-user-tgm
koofers-user-tgm 🇺🇸

10 documents

1 / 33

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Runtime Atomicity Analysis
of Multi-threaded Programs
Focus is on the paper:
“Atomizer: A Dynamic Atomicity Checker for Multithreaded Programs”
by C. Flanagan and S. Freund
presented by Sebastian Burckhardt
University of Pennsylvania
CIS 700 – Runtime Verification Seminar
Wednesday, October 20, 2004
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21

Partial preview of the text

Download Runtime Atomicity Analysis of Multi-Threaded Programs Focus | CIS 700 and more Study notes Computer Science in PDF only on Docsity!

Runtime Atomicity Analysisof Multi-threaded Programs

Focus is on the paper:

“Atomizer: A Dynamic Atomicity Checker for Multithreaded Programs”

by C. Flanagan and S. Freundpresented by Sebastian Burckhardt

University of Pennsylvania

CIS 700 – Runtime Verification Seminar

Wednesday, October 20, 2004

Outline of talk

  • Verification of multithreaded programs in

general

  • Atomizer: the core concepts
    • Dynamic analysis– Reduction– Lock set algorithm
      • Atomizer: the improvements• Atomizer: evaluation

Non-dynamic verification

  • We won’t talk about these today.
    • Restrict design space
      • type systems• special-purpose languages• Design paradigms
        • Static analysis
          • Lexical• Control flow• Data flow

Checking concurrent executions

-^

Problem: number of possible concurrentexecutions very large

-^

Approach I: Check them all– means: model check the concurrent model– not practical without heavy abstraction

-^

Approach II: Check just one– this is the regular “testing” method

-^

Approach III: Check one, and extrapolate– look for bad things that “could” happen

What are we looking for?

•^

Deadlock– look for inconsistent order of lock acquisition

-^

Races– look for variables that aren’t consistently protected

by some lock, by tracking locks held during eachaccess (e.g. “Eraser” Lockset alg)

•^

View inconsistency– track variable sets associated which each lock (e.g.

in JPaX, JNuke)

•^

Atomicity– Reduction-based (e.g. Atomizer)– Block based (e.g. Wang/Stoller’s tool)

Atomicity Checking: Advantages

  • Can

find bugs that are resistant to regular

testing, and race detection

-^

Good correspondence with programmingmethodology– easy to understand the idea– can verify interfaces, encouraging code reuse– programmer can gain confidence in code by

validating atomicity assumptions

•^

Scalable– has been applied to >100k lines of Java code

Example: java.lang.StringBuffer

public final class StringBuffer

{

public synchronized StringBuffer append(StringBuffer sb) {

int len

= sb.length();

... // another thread can modify sb here... // => len is no longer the correct length of len... // but there is no race.sb.getChars(0, len, value,

count);

... } public synchronized int length() { ... }public synchronized void

getChars(...) { ... }

}

Definition

•^

A block of code is ‘atomic’ if for every legalexecution of the program, there is an equivalentlegal execution within which the entire blockexecutes without preemption.

-^

Executions are “equivalent” iff– the (dynamic) instruction stream per thread is

identical

  • the same read reads the value of the same write

How does it work? (2)

•^

Perform instrumentation on the source code level– could also be done at the bytecode level– Instrumented source code produces event stream

during execution

•^

Analyze event stream on-line (Atomizer) or off-line.– For each block that is supposed to be atomic, check

whether there is an equivalent execution in which it isscheduled contiguously

How does it work? (3)

•^

We can’t possibly check all possible executionsto find an equivalent atomic one

-^

Idea: Find a large class of instruction sequencesfor which we can always guarantee that it canbe shuffled into an uninterrupted sequence bylocal, pairwise swaps.

-^

Then, warn user if supposedly atomic blockdoes not belong to this class

-^

-> Lipton’s theory of reduction (1975)

Left-movers

  • Can always swap an rel(m) with an

interleaved instruction j1 of another threadto its left. Call this a left-mover.

  • Reason
    • can always release lock earlier– read/write matching not affected by move

j0 j

j

i

rel(m)

i

j

j1 j

i

rel(m)

i

Right-movers

  • Can always swap an acq(m) with an

interleaved instruction j1 of another threadto its right. Call this a right-mover.

  • Reason
    • lock is still available (j1 can not be acq(m))– read/write matching not affected by move

j

j

i

acq(m)

i

j0 j

i

acq(m) i

Both-movers

  • If an access rd(x,v),wr(x,v) goes to a

variable protected by a lock which is heldby this thread, it is a both-mover.

  • Reason
    • j1 can not be an access to x
      • Suppose for now we know which locks can

protect a variable

j

acq(m)

rd(x,v)

rel(m)

Lipton’s Reduction

•^

Let’s denote the instructions as follows: L forleft-mover, R for right-mover, N for non-mover, Bfor both-mover

-^

Then any execution sequence matching thefollowing regular expression is equivalent to anatomic one:

(R + B)* (N +

ε

) (L + B)*

•^

Examples:

RL

RBL

NLLLB

RNL

BBB

•^

But not:

NN

LR