C Flanagan Dynamic Analysis for Atomicity 1 Atomicity
![Tools for Checking Atomicity • Calvin: ESC for multithreaded code – [Freund-Qadeer 03] C.](https://slidetodoc.com/presentation_image_h2/66f102083ae8026743458b10e342d050/image-3.jpg "Tools for Checking Atomicity • Calvin: ESC for multithreaded code – [Freund-Qadeer 03] C.")
![Experience with Calvin /*@ global_invariant (forall int i; inode. Locks[i] == null ==> 0](https://slidetodoc.com/presentation_image_h2/66f102083ae8026743458b10e342d050/image-4.jpg "Experience with Calvin /*@ global_invariant (forall int i; inode. Locks[i] == null ==> 0")
![Tools for Checking Atomicity • Calvin: ESC for multithreaded code – [Freund-Qadeer 03] •](https://slidetodoc.com/presentation_image_h2/66f102083ae8026743458b10e342d050/image-5.jpg "Tools for Checking Atomicity • Calvin: ESC for multithreaded code – [Freund-Qadeer 03] •")
![Tools for Checking Atomicity • Calvin: ESC for multithreaded code – [Freund-Qadeer 03] •](https://slidetodoc.com/presentation_image_h2/66f102083ae8026743458b10e342d050/image-6.jpg "Tools for Checking Atomicity • Calvin: ESC for multithreaded code – [Freund-Qadeer 03] •")
![Atomizer: Dynamic Analysis • Lockset algorithm – from Eraser [Savage et al. 97] –](https://slidetodoc.com/presentation_image_h2/66f102083ae8026743458b10e342d050/image-11.jpg "Atomizer: Dynamic Analysis • Lockset algorithm – from Eraser [Savage et al. 97] –")
![Lockset for Producer-Consumer [Gross-Von Praun 01] second thread r/w first thread r/w Thread Local](https://slidetodoc.com/presentation_image_h2/66f102083ae8026743458b10e342d050/image-19.jpg "Lockset for Producer-Consumer [Gross-Von Praun 01] second thread r/w first thread r/w Thread Local")
![Atomizer: Dynamic Analysis • Lockset algorithm – from Eraser [Savage et al. 97] –](https://slidetodoc.com/presentation_image_h2/66f102083ae8026743458b10e342d050/image-20.jpg "Atomizer: Dynamic Analysis • Lockset algorithm – from Eraser [Savage et al. 97] –")
![Reduction [Lipton 75] acq(this) X X C. Flanagan X X Y Y t=i Y](https://slidetodoc.com/presentation_image_h2/66f102083ae8026743458b10e342d050/image-21.jpg "Reduction [Lipton 75] acq(this) X X C. Flanagan X X Y Y t=i Y")
- Slides: 39
C. Flanagan Dynamic Analysis for Atomicity 1
Atomicity • The method inc() is atomic if concurrent threads do not interfere with its behavior • Guarantees that for every execution acq(this) x x t=i y y t=i i=t+1 z z rel(this) • there is a serial execution with same behavior C. Flanagan x y acq(this) t=i Dynamic Analysis for Atomicity i=t+1 rel(this) z 2
Tools for Checking Atomicity • Calvin: ESC for multithreaded code – [Freund-Qadeer 03] C. Flanagan Dynamic Analysis for Atomicity 3
Experience with Calvin /*@ global_invariant (forall int i; inode. Locks[i] == null ==> 0 <= inode. Blocknos[i] && inode. Blocknos[i] < Daisy. MAXBLOCK) */ //@ requires 0 <= inodenum && inodenum < Daisy. MAXINODE; //@ requires i != null //@ requires Daisy. Lock. inode. Locks[inodenum] == tid //@ modifies i. blockno, i. size, i. used, i. inodenum //@ ensures i. blockno == inode. Blocknos[inodenum] //@ ensures i. size == inode. Sizes[inodenum] //@ ensures i. used == inode. Used[inodenum] //@ ensures i. inodenum == inodenum //@ ensures 0 <= i. blockno && i. blockno < Daisy. MAXBLOCK static void readi(long inodenum, Inode i) { i. blockno = Petal. read. Long(STARTINODEAREA + (inodenum * Daisy. INODESIZE)); i. size = Petal. read. Long(STARTINODEAREA + (inodenum * Daisy. INODESIZE) + 8); i. used = Petal. read(STARTINODEAREA + (inodenum * Daisy. INODESIZE) + 16) == 1; i. inodenum = inodenum; // read the right bytes, put in inode } C. Flanagan Dynamic Analysis for Atomicity 4
Tools for Checking Atomicity • Calvin: ESC for multithreaded code – [Freund-Qadeer 03] • A type system for atomicity – [Flanagan-Qadeer 03, Flanagan-Freund-Lifshin 05] C. Flanagan Dynamic Analysis for Atomicity 5
Tools for Checking Atomicity • Calvin: ESC for multithreaded code – [Freund-Qadeer 03] • A type system for atomicity – [Flanagan-Qadeer 03, Flanagan-Freund-Lifshin 05] • Atomizer: dynamic atomicity checker – [Flanagan-Freund 04] http: //www. soe. ucsc. edu/~cormac/atom. html C. Flanagan Dynamic Analysis for Atomicity 6
C. Flanagan Dynamic Analysis for Atomicity 7
C. Flanagan Dynamic Analysis for Atomicity 8
C. Flanagan Dynamic Analysis for Atomicity 9
Atomizer: Instrumentation Architecture Atomizer Instrumented Source Code /*# atomic */ void append(. . . ) {. . . } C. Flanagan event stream T 1: T 2: begin_atomic acquire(lock 3) read(x, 5) write(y, 3) end_atomic release(lock 3) Runtime • Lockset • Reduction javac +JVM Warning: method “append” may not be atomic at line 43 Dynamic Analysis for Atomicity 10
Atomizer: Dynamic Analysis • Lockset algorithm – from Eraser [Savage et al. 97] – identifies race conditions • Reduction [Lipton 75] – proof technique for verifying atomicity, using information about race conditions C. Flanagan Dynamic Analysis for Atomicity 11
Analysis 1: Lockset Algorithm • Tracks lockset for each field – lockset = set of locks held on all accesses to field • Dynamically infers protecting lock for each field • Empty lockset indicates possible race condition C. Flanagan Dynamic Analysis for Atomicity 12
Lockset Example Thread 1 Thread 2 synchronized(x) { synchronized(y) { o. f = 2; } o. f = 11; } synchronized(y) { o. f = 2; } • First access to o. f: Lock. Set(o. f) = Held(cur. Thread) = { x, y } C. Flanagan Dynamic Analysis for Atomicity 13
Lockset Example Thread 1 Thread 2 synchronized(x) { synchronized(y) { o. f = 2; } o. f = 11; } synchronized(y) { o. f = 2; } • Subsequent access to o. f: Lock. Set(o. f) : = Lock. Set(o. f) Held(cur. Thread) = { x, y } { x } ={x} C. Flanagan Dynamic Analysis for Atomicity 14
Lockset Example Thread 1 Thread 2 synchronized(x) { synchronized(y) { o. f = 2; } o. f = 11; } synchronized(y) { o. f = 2; } • Subsequent access to o. f: Lock. Set(o. f) : = Lock. Set(o. f) Held(cur. Thread) ={x} {y} ={} => race condition C. Flanagan Dynamic Analysis for Atomicity 15
Lockset any thread r/w Shared-exclusive Shared-read/write Track lockset race condition! C. Flanagan Dynamic Analysis for Atomicity 16
Lockset with Thread Local Data first thread r/w any thread r/w Thread Local second thread r/w Shared-read/write Shared-exclusive Track lockset race condition! C. Flanagan Dynamic Analysis for Atomicity 17
Lockset with Read Shared Data first thread r/w Thread Local any thread r/w second thread write Shared-read/write Shared-exclusive Track lockset race condition! C. Flanagan second thread any thread write Dynamic Analysis for Atomicity Read Shared any thread 18
Lockset for Producer-Consumer [Gross-Von Praun 01] second thread r/w first thread r/w Thread Local any thread r/w second thread r/w any thread write Shared-read/write Shared-exclusive Track lockset C. Flanagan any thread write Dynamic Analysis for Atomicity Thread Local (2) any thread Read Shared any thread 19
Atomizer: Dynamic Analysis • Lockset algorithm – from Eraser [Savage et al. 97] – identifies race conditions • Reduction [Lipton 75] – proof technique for verifying atomicity, using information about race conditions C. Flanagan Dynamic Analysis for Atomicity 20
Reduction [Lipton 75] acq(this) X X C. Flanagan X X Y Y t=i Y acq(this) Y t=i t=i i=t+1 Dynamic Analysis for Atomicity Z Z Z rel(this) rel(this) Z 21
Performing Reduction Dynamically • R: right-mover • B: both-mover • L: left-mover • N: non-mover – lock acquire – race-free field access – lock release – access to "racy" fields acq(lock ) j=bal bal=j+n rel(lock ) R B B L Reducible methods: (R|B)* [N] (L|B)* R|B start atomic block C. Flanagan In. Right L|N L|B In. Left Dynamic Analysis for Atomicity R|N Error 22
java. lang. String. Buffer public class String. Buffer { private int count; public synchronized int length() { return count; } public synchronized void get. Chars(. . . ) {. . . } /*# atomic */ public synchronized void append(String. Buffer sb){ sb. length() acquires lock on sb, gets length, and releases lock int len = sb. length(); . . . other threads can change sb. . . sb. get. Chars(. . . , len, . . . ); use of stale len may yield. . . String. Index. Out. Of. Bounds. Exception } inside get. Chars(. . . ) } C. Flanagan Dynamic Analysis for Atomicity 23
java. lang. String. Buffer public class String. Buffer { private int count; public synchronized int length() { return count; } public synchronized void get. Chars(. . . ) {. . . } /*# atomic */ public synchronized void append(String. Buffer sb){ int len = sb. length(); . . sb. get. Chars(. . . , len, . . . ); . . . } } C. Flanagan String. Buffer. append is not atomic: Start: at String. Buffer. append(String. Buffe at Thread 1. run(Example. java: 17) Commit: Lock Release at String. Buffer. length(String. Buffe at String. Buffer. append(String. Buffe at Thread 1. run(Example. java: 17) Error: Lock Acquire at String. Buffer. get. Chars(String. Buf at String. Buffer. append(String. Buffe at Thread 1. run(Example. java: 17) Dynamic Analysis for Atomicity 24
Atomizer Review • Instrumented code calls Atomizer runtime – on field accesses, sync ops, etc • Lockset algorithm identifies races – used to classify ops as movers or non-movers • Atomizer checks reducibility of atomic blocks – warns about atomicity violations C. Flanagan Dynamic Analysis for Atomicity 25
Refining Race Information • Discovery of races during reduction /*# atomic */ void deposit(int n) { synchronized (this) { R B int j = bal; // other thread changes bal A bal = j + n; L } C. Flanagan Dynamic Analysis for Atomicity 26
Extensions • Redundant lock operations – acquire is right-mover – release is left-mover – Want to treat them as both movers when possible • Write-protected data – common idiom C. Flanagan Dynamic Analysis for Atomicity 27
Thread-Local Locks class Vector { atomic synchronized Object get(int i) {. . . } atomic synchronized void add(Object o) {. . . } } class Worker. Thread { atomic void transaction() { Vector v = new Vector(); v. add(x 1); v. add(x 2); . . . v. get(i); } } C. Flanagan Dynamic Analysis for Atomicity 28
Reentrant Locks class Vector { atomic synchronized Object get(int i) {. . . } atomic synchronized Object add(Object o) {. . . } atomic boolean contains(Object o) { synchronized(this) { for (int i = 0; i < size(); i++) if (get(i). equals(o)) return true; } return false; } } C. Flanagan Dynamic Analysis for Atomicity 29
Layered Abstractions class Set { Vector elems; atomic void add(Object o) { synchronized(this) { if (!elems. contains(o)) elems. add(o); } } } C. Flanagan Dynamic Analysis for Atomicity 30
Redundant Lock Operations • Acquire is right-mover • Release is left-mover • Redundant lock operations are both-movers – acquiring/releasing a thread-local lock – re-entrant acquire/release – acquiring/releasing lock A, if lock B always acquired before A C. Flanagan Dynamic Analysis for Atomicity 31
Write-Protected Data class Account { volatile int bal; /*# atomic */ int read() { return bal; } /*# atomic */ void deposit(int n) { synchronized (this) { R int j = bal; B bal = j + n; N } L } } C. Flanagan Dynamic Analysis for Atomicity 32
Write-Protected Data class Account { int bal; /*# atomic */ int read() { return bal; } /*# atomic */ void deposit(int n) { synchronized (this) { R int j = bal; B A bal = j + n; L } } } • Lock this held whenever balance is updated – write must hold lock, and is non-mover – read without lock held is non-mover – read with lock held is both-mover C. Flanagan Dynamic Analysis for Atomicity 33
Lockset for Write-Protected Data • Track access lockset and write lockset – access lockset = locks held on every access – write lockset = locks held on every write • For regularly-protected data – access lockset = write lockset = { protecting lock } • For write-protected data – access lockset = Ø – write lockset = { write-protecting lock } • Read is both-mover if some write lock held • Write is both-mover if access lockset nonempty C. Flanagan Dynamic Analysis for Atomicity 34
Evaluation • 12 benchmarks – scientific computing, web server, std libraries, . . . – 200, 000+ lines of code • Heuristics for atomicity – all synchronized blocks are atomic – all public methods are atomic, except main and run • Slowdown: C. Flanagan 1. 5 x - 40 x Dynamic Analysis for Atomicity 35
Performance Benchmark elevator Lines Base Time (s) Slowdown 500 11. 2 - 29, 900 6. 4 - tsp 700 1. 9 21. 8 sor 17, 700 1. 3 1. 5 moldyn 1, 300 90. 6 1. 5 montecarlo 3, 600 6. 4 2. 7 raytracer 1, 900 4. 8 41. 8 mtrt 11, 300 2. 8 38. 8 jigsaw 90, 100 3. 0 4. 7 spec. JBB 30, 500 26. 2 12. 1 webl 22, 300 60. 3 - 75, 305 96. 5 - hedc lib-java C. Flanagan Dynamic Analysis for Atomicity 36
Extensions Reduce Number of Warnings Total 341 C. Flanagan Total 97 Dynamic Analysis for Atomicity 37
Evaluation • Warnings: 97 (from 200 KLOC) • At least 7 are real errors • False alarms due to: – simplistic heuristics for atomicity • programmer should specify atomicity – false races – methods irreducible yet still "atomic" • eg caching, lazy initialization • No warnings reported in more than 90% of exercised methods C. Flanagan Dynamic Analysis for Atomicity 38
Example Bugs class Print. Writer { Writer out; public void println(String s) { synchronized(lock) { out. print(s); out. println(); } } } class Resource. Store. Manager { synchronized check. Closed() {. . . } synchronized lookup(. . . ) {. . . } public Resource. Store load. Resource. Store(. . . ) { check. Closed(); return lookup(. . . ); } C. Flanagan Dynamic Analysis for Atomicity 39
Formula mass vs molecular mass
Atomicity
Recovery and atomicity
Definisi bakat menurut flanagan
Tammy flanagan medicare
Cormac flanagan
Incident method
Mark flanagan wilmerhale
Old nzvy
Cuckoo malware analysis
Transferered
Kontinuitetshantering i praktiken
Novell typiska drag
Tack för att ni lyssnade bild
Returpilarna
Varför kallas perioden 1918-1939 för mellankrigstiden
En lathund för arbete med kontinuitetshantering
Adressändring ideell förening
Tidbok för yrkesförare
Sura för anatom
Vad är densitet
Datorkunskap för nybörjare
Tack för att ni lyssnade bild
Debatt mall
För och nackdelar med firo
Nyckelkompetenser för livslångt lärande
Påbyggnader för flakfordon
Arkimedes princip formel
Svenskt ramverk för digital samverkan
Urban torhamn
Presentera för publik crossboss
Argument för teckenspråk som minoritetsspråk
Kanaans land
Treserva lathund
Luftstrupen för medicinare
Claes martinsson
Centrum för kunskap och säkerhet
Verifikationsplan
Mat för idrottare
Verktyg för automatisering av utbetalningar
