1 / 10

Survey: Type Systems for Race Detection and Atomicity

Survey: Type Systems for Race Detection and Atomicity. Feng Zhou, zf@cs 12/3/2003. The Problem and Approaches. Interleaved execution in multi-threaded applications may lead to wrong results Reasons: Race condition: concurrent accesses to a shared variable with at least one write

olympe
Download Presentation

Survey: Type Systems for Race Detection and Atomicity

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Survey: Type Systems for Race Detection and Atomicity Feng Zhou, zf@cs 12/3/2003 CS 263 Course Project

  2. The Problem and Approaches • Interleaved execution in multi-threaded applications may lead to wrong results • Reasons: • Race condition: concurrent accesses to a shared variable with at least one write • Use of “stale” data • Static tools • Warlock (93) – program analysis, ANSI C • Rccjava(00), atomicity types(03) – type systems • ESC/java(02) – more powerful automatic theorem proving • RacerX(03) – inter-procedural analysis • Dynamic tools • Eraser – tracking locksets and intersections CS 263 Course Project

  3. Rccjava: Type-Based Race Detector • Cormac Flanagan, 2000 • Supports lock-based synchronization discipline • Basic annotations: “guarded_by” and “requires” class Account { private int balance = 0 /*#guarded_by this */; private void update(int x) /*#requires this */ { balance = x; } public void deposit(int n) { synchronized(this) { update(balance + n); } } } CS 263 Course Project

  4. Type Checking by Tracking Locksets class Account { private int balance = 0 /*#guarded_by this */; private void update(int x) /*#requires this */ { balance = x; } public void deposit(int n) { synchronized(this) { update(balance + n); } } } lockset={this} this  lockset ? lockset={} lockset = {this} this  lockset ? CS 263 Course Project

  5. More complex annotations and constructs • Problems with this simple scheme, • There are complex locking schemes used in real apps • Requires too many annotations • Produces a lot of spurious race reports • Features to solve these problems: • Classes parameterized by locks • Allows fields to be protected by external locks. E.g elements of a list protected by a lock on the list • Implemented using “ghost” parameters to classes • Thread-local objects • Enforced by the type system • Mechanisms for escaping the type system • Unsound CS 263 Course Project

  6. Sample Typing Rules • Assignment to a shared field • Class Instantiation with ghost parameters CS 263 Course Project

  7. Beyond Race Detection: A Type and Effect System for Atomicity • Flanagan03, based on rccjava • Atomicity: a separate property of expressions/methods const < mover < atomic < cmpd < error • Const: does not depend on or change any state • Mover: operations that can commute with any concurrent operations from other threads • example: an access to field f guarded by lock l with l held • Atomic: behaves exactly the same when running concurrently with other threads or in serial • Cmpd: none of the previous ones • Error: violates the locking discipline CS 263 Course Project

  8. A Type and Effect System for Atomicity (2) • Iterative closures and compositions • mover*  mover • atomic atomic  cmpd • mover* atomic mover*  atomic • Typing rules, CS 263 Course Project

  9. atomic int readBalance() { int t; synchronized (this) { t = balance; } return t; } atomic int withdraw(int amt) { int b = readBalance(); synchronized (this) { balance = b – ant; } } Example of atomicity checking A A A cmpd A CS 263 Course Project

  10. Reported Application • Run on several standard JDK1.4 classes:StringBuffer, String,PrintWriter,Vector… • Sized from 296 LOC to 2399 LOC • Found one bug in StringBuffer CS 263 Course Project

More Related