atomizer: a dynamic atomicity checker for multithreaded ...€¦ · definition of atomicity...
TRANSCRIPT
![Page 1: Atomizer: A Dynamic Atomicity Checker For Multithreaded ...€¦ · Definition of Atomicity ydeposit is atomic if for every non-serial execution, there is a serial execution with](https://reader036.vdocuments.site/reader036/viewer/2022071413/610bbc98f516747fbe21ece1/html5/thumbnails/1.jpg)
Atomizer: A Dynamic Atomicity CheckerFor Multithreaded Programs
Cormac FlanaganUniversity of California,Santa Cruz
Stephen FreundWilliams College
![Page 2: Atomizer: A Dynamic Atomicity Checker For Multithreaded ...€¦ · Definition of Atomicity ydeposit is atomic if for every non-serial execution, there is a serial execution with](https://reader036.vdocuments.site/reader036/viewer/2022071413/610bbc98f516747fbe21ece1/html5/thumbnails/2.jpg)
Testing and DebuggingMultithreaded Software
Race conditions
Deadlock
C. Flanagan Atomizer: A Dynamic Atomicity Checker for Multithreaded Programs 2
![Page 3: Atomizer: A Dynamic Atomicity Checker For Multithreaded ...€¦ · Definition of Atomicity ydeposit is atomic if for every non-serial execution, there is a serial execution with](https://reader036.vdocuments.site/reader036/viewer/2022071413/610bbc98f516747fbe21ece1/html5/thumbnails/3.jpg)
Testing and DebuggingMultithreaded Software
Race conditions
Deadlock
C. Flanagan Atomizer: A Dynamic Atomicity Checker for Multithreaded Programs 3
![Page 4: Atomizer: A Dynamic Atomicity Checker For Multithreaded ...€¦ · Definition of Atomicity ydeposit is atomic if for every non-serial execution, there is a serial execution with](https://reader036.vdocuments.site/reader036/viewer/2022071413/610bbc98f516747fbe21ece1/html5/thumbnails/4.jpg)
Bank Account Implementation
class Account {private int balance = 0;
public read() {int r;r = balance;return r;
}}
public void deposit(int n) {int r = read();balance = r + n;
}
C. Flanagan Atomizer: A Dynamic Atomicity Checker for Multithreaded Programs 4
![Page 5: Atomizer: A Dynamic Atomicity Checker For Multithreaded ...€¦ · Definition of Atomicity ydeposit is atomic if for every non-serial execution, there is a serial execution with](https://reader036.vdocuments.site/reader036/viewer/2022071413/610bbc98f516747fbe21ece1/html5/thumbnails/5.jpg)
Bank Account Implementation
class Account {private int balance = 0;
public read() {int r;r = balance;return r;
}}
public void deposit(int n) {int r = read();balance = r + n;
}
r = balance
balance= r + n
A race condition occurs if two threads access a shared variable at the same time, and at least one of the accesses is a write
C. Flanagan Atomizer: A Dynamic Atomicity Checker for Multithreaded Programs 5
![Page 6: Atomizer: A Dynamic Atomicity Checker For Multithreaded ...€¦ · Definition of Atomicity ydeposit is atomic if for every non-serial execution, there is a serial execution with](https://reader036.vdocuments.site/reader036/viewer/2022071413/610bbc98f516747fbe21ece1/html5/thumbnails/6.jpg)
Race Conditions
Many tools for detecting race conditions– type systems
• [Abadi-Flanagan 99, Flanagan-Freund 00, Boyapati-Rinard 01]
– dynamic race detectors• Eraser [Savage et al 97]
– static analyses • Warlock [Sterling 93]
Is race-freedom the “right” property to check?
C. Flanagan Atomizer: A Dynamic Atomicity Checker for Multithreaded Programs 6
![Page 7: Atomizer: A Dynamic Atomicity Checker For Multithreaded ...€¦ · Definition of Atomicity ydeposit is atomic if for every non-serial execution, there is a serial execution with](https://reader036.vdocuments.site/reader036/viewer/2022071413/610bbc98f516747fbe21ece1/html5/thumbnails/7.jpg)
Race-Free Bank Account
class Account {private int balance = 0;
public read() {int r;synchronized(this) {r = balance;
}return r;
}
}
public void deposit(int n) {int r = read();
synchronized(this) { balance = r + n;
}}
Race-freedom is not sufficient
other threads can update balance
C. Flanagan Atomizer: A Dynamic Atomicity Checker for Multithreaded Programs 7
![Page 8: Atomizer: A Dynamic Atomicity Checker For Multithreaded ...€¦ · Definition of Atomicity ydeposit is atomic if for every non-serial execution, there is a serial execution with](https://reader036.vdocuments.site/reader036/viewer/2022071413/610bbc98f516747fbe21ece1/html5/thumbnails/8.jpg)
Fixed Bank Account
class Account {private int balance = 0;
public read() {int r;synchronized(this) {r = balance;
}return r;
}
}
public void deposit(int n) {synchronized(this) { int r = balance;balance = r + n;
}}
C. Flanagan Atomizer: A Dynamic Atomicity Checker for Multithreaded Programs 8
![Page 9: Atomizer: A Dynamic Atomicity Checker For Multithreaded ...€¦ · Definition of Atomicity ydeposit is atomic if for every non-serial execution, there is a serial execution with](https://reader036.vdocuments.site/reader036/viewer/2022071413/610bbc98f516747fbe21ece1/html5/thumbnails/9.jpg)
Optimized Bank Account
class Account {private int balance = 0;
public read() {return balance;
}
}
public void deposit(int n) {synchronized(this) { int r = balance;balance = r + n;
}}
Race-freedom is not necessary
C. Flanagan Atomizer: A Dynamic Atomicity Checker for Multithreaded Programs 9
![Page 10: Atomizer: A Dynamic Atomicity Checker For Multithreaded ...€¦ · Definition of Atomicity ydeposit is atomic if for every non-serial execution, there is a serial execution with](https://reader036.vdocuments.site/reader036/viewer/2022071413/610bbc98f516747fbe21ece1/html5/thumbnails/10.jpg)
Race-Freedom
Race-freedom is neither necessary nor sufficient to ensure the absence of errors due to unexpected interactions between threads
Is there a more fundamental semantic correctness property?
C. Flanagan Atomizer: A Dynamic Atomicity Checker for Multithreaded Programs 10
![Page 11: Atomizer: A Dynamic Atomicity Checker For Multithreaded ...€¦ · Definition of Atomicity ydeposit is atomic if for every non-serial execution, there is a serial execution with](https://reader036.vdocuments.site/reader036/viewer/2022071413/610bbc98f516747fbe21ece1/html5/thumbnails/11.jpg)
Sequential Program Execution
deposit() precond.void deposit() {
..
..
}postcond.
C. Flanagan Atomizer: A Dynamic Atomicity Checker for Multithreaded Programs 11
![Page 12: Atomizer: A Dynamic Atomicity Checker For Multithreaded ...€¦ · Definition of Atomicity ydeposit is atomic if for every non-serial execution, there is a serial execution with](https://reader036.vdocuments.site/reader036/viewer/2022071413/610bbc98f516747fbe21ece1/html5/thumbnails/12.jpg)
Multithreaded Program Execution
void deposit() {
..
..
}
C. Flanagan Atomizer: A Dynamic Atomicity Checker for Multithreaded Programs 12
![Page 13: Atomizer: A Dynamic Atomicity Checker For Multithreaded ...€¦ · Definition of Atomicity ydeposit is atomic if for every non-serial execution, there is a serial execution with](https://reader036.vdocuments.site/reader036/viewer/2022071413/610bbc98f516747fbe21ece1/html5/thumbnails/13.jpg)
Multithreaded Program Execution
void deposit() {
..
..
}
C. Flanagan Atomizer: A Dynamic Atomicity Checker for Multithreaded Programs 13
![Page 14: Atomizer: A Dynamic Atomicity Checker For Multithreaded ...€¦ · Definition of Atomicity ydeposit is atomic if for every non-serial execution, there is a serial execution with](https://reader036.vdocuments.site/reader036/viewer/2022071413/610bbc98f516747fbe21ece1/html5/thumbnails/14.jpg)
Multithreaded Program Execution
Atomicity
– maximal non-interference property
– enables sequential reasoning
– matches existing methodology
C. Flanagan Atomizer: A Dynamic Atomicity Checker for Multithreaded Programs 14
![Page 15: Atomizer: A Dynamic Atomicity Checker For Multithreaded ...€¦ · Definition of Atomicity ydeposit is atomic if for every non-serial execution, there is a serial execution with](https://reader036.vdocuments.site/reader036/viewer/2022071413/610bbc98f516747fbe21ece1/html5/thumbnails/15.jpg)
Definition of Atomicity
deposit is atomic if for every non-serial execution, there is a serial execution with the same overall behavior (same final state)
acq(this) r=bal bal=r+n rel(this)x y z
acq(this) r=bal bal=r+n rel(this)x y z
acq(this) r=bal bal=r+n rel(this)x y z
Serial execution of deposit
Non-serial executions of deposit
public void deposit(int n) {synchronized(this) { int r = bal;bal = r + n;
}}
C. Flanagan Atomizer: A Dynamic Atomicity Checker for Multithreaded Programs 15
![Page 16: Atomizer: A Dynamic Atomicity Checker For Multithreaded ...€¦ · Definition of Atomicity ydeposit is atomic if for every non-serial execution, there is a serial execution with](https://reader036.vdocuments.site/reader036/viewer/2022071413/610bbc98f516747fbe21ece1/html5/thumbnails/16.jpg)
Atomicity a Canonical Concept
Strict serializability in databasesLinearizability for concurrent objectsHoare’s monitorsArgus language [Liskov et al 87]Avalon language [Eppinger et al 91]Persistent languages [Atkinson et al 81]
C. Flanagan Atomizer: A Dynamic Atomicity Checker for Multithreaded Programs 16
![Page 17: Atomizer: A Dynamic Atomicity Checker For Multithreaded ...€¦ · Definition of Atomicity ydeposit is atomic if for every non-serial execution, there is a serial execution with](https://reader036.vdocuments.site/reader036/viewer/2022071413/610bbc98f516747fbe21ece1/html5/thumbnails/17.jpg)
Tools for Checking Atomicity
Calvin: ESC for multithreaded code• heavyweight static analysis (2 KLOC)
A type system for Atomicity• lightweight static analysis (20 KLOC)
Atomizer: A dynamic atomicity checker• lightweight dynamic analysis (200 KLOC)• “a purify-like tool for atomicity”
C. Flanagan Atomizer: A Dynamic Atomicity Checker for Multithreaded Programs 17
![Page 18: Atomizer: A Dynamic Atomicity Checker For Multithreaded ...€¦ · Definition of Atomicity ydeposit is atomic if for every non-serial execution, there is a serial execution with](https://reader036.vdocuments.site/reader036/viewer/2022071413/610bbc98f516747fbe21ece1/html5/thumbnails/18.jpg)
Atomizer: Instrumentation Architecture
AtomizerInstrumented
Source Code
javac+JVM
Runtime•Lockset•Reduction
/*# atomic */void append(...){ ... }
T1: begin_atomicT2: acquire(lock3)T2: read(x,5)T1: write(y,3)T1: end_atomicT2: release(lock3)
event stream
C. Flanagan Atomizer: A Dynamic Atomicity Checker for Multithreaded Programs 18
Warning: method “append” may not be atomic at line 43
![Page 19: Atomizer: A Dynamic Atomicity Checker For Multithreaded ...€¦ · Definition of Atomicity ydeposit is atomic if for every non-serial execution, there is a serial execution with](https://reader036.vdocuments.site/reader036/viewer/2022071413/610bbc98f516747fbe21ece1/html5/thumbnails/19.jpg)
Atomizer: Dynamic Analysis
Lockset algorithm – from Eraser [Savage et al. 97]– identifies race conditions
Reduction [Lipton 75]– proof technique for verifying atomicity,
using information about race conditions
C. Flanagan Atomizer: A Dynamic Atomicity Checker for Multithreaded Programs 19
![Page 20: Atomizer: A Dynamic Atomicity Checker For Multithreaded ...€¦ · Definition of Atomicity ydeposit is atomic if for every non-serial execution, there is a serial execution with](https://reader036.vdocuments.site/reader036/viewer/2022071413/610bbc98f516747fbe21ece1/html5/thumbnails/20.jpg)
Atomizer: Dynamic Analysis
Lockset algorithm – from Eraser [Savage et al. 97]– identifies race conditions
Reduction [Lipton 75]– proof technique for verifying atomicity,
using information about race conditions
C. Flanagan Atomizer: A Dynamic Atomicity Checker for Multithreaded Programs 20
![Page 21: Atomizer: A Dynamic Atomicity Checker For Multithreaded ...€¦ · Definition of Atomicity ydeposit is atomic if for every non-serial execution, there is a serial execution with](https://reader036.vdocuments.site/reader036/viewer/2022071413/610bbc98f516747fbe21ece1/html5/thumbnails/21.jpg)
Analysis 1: Lockset Algorithm
Tracks lockset for each field– lockset = set of locks held on all accesses to field
Dynamically infers protecting lock for each field
Empty lockset indicates possible race condition
C. Flanagan Atomizer: A Dynamic Atomicity Checker for Multithreaded Programs 21
![Page 22: Atomizer: A Dynamic Atomicity Checker For Multithreaded ...€¦ · Definition of Atomicity ydeposit is atomic if for every non-serial execution, there is a serial execution with](https://reader036.vdocuments.site/reader036/viewer/2022071413/610bbc98f516747fbe21ece1/html5/thumbnails/22.jpg)
Lockset Example
First access to o.f:
LockSet(o.f) = Held(curThread)= { x, y }
Thread 1synchronized(x) {synchronized(y) {o.f = 2;
}o.f = 11;
}
Thread 2synchronized(y) {o.f = 2;
}
C. Flanagan Atomizer: A Dynamic Atomicity Checker for Multithreaded Programs 22
![Page 23: Atomizer: A Dynamic Atomicity Checker For Multithreaded ...€¦ · Definition of Atomicity ydeposit is atomic if for every non-serial execution, there is a serial execution with](https://reader036.vdocuments.site/reader036/viewer/2022071413/610bbc98f516747fbe21ece1/html5/thumbnails/23.jpg)
Lockset Example
Thread 1synchronized(x) {synchronized(y) {o.f = 2;
}o.f = 11;
}
Thread 2synchronized(y) {o.f = 2;
}
Subsequent access to o.f:
LockSet(o.f) := LockSet(o.f) ∩ Held(curThread)= { x, y } ∩ { x } = { x }
C. Flanagan Atomizer: A Dynamic Atomicity Checker for Multithreaded Programs 23
![Page 24: Atomizer: A Dynamic Atomicity Checker For Multithreaded ...€¦ · Definition of Atomicity ydeposit is atomic if for every non-serial execution, there is a serial execution with](https://reader036.vdocuments.site/reader036/viewer/2022071413/610bbc98f516747fbe21ece1/html5/thumbnails/24.jpg)
Lockset Example
Thread 1synchronized(x) {synchronized(y) {o.f = 2;
}o.f = 11;
}
Thread 2synchronized(y) {o.f = 2;
}
Subsequent access to o.f:
LockSet(o.f) := LockSet(o.f) ∩ Held(curThread)= { x } ∩ { y } = { } => race condition
C. Flanagan Atomizer: A Dynamic Atomicity Checker for Multithreaded Programs 24
![Page 25: Atomizer: A Dynamic Atomicity Checker For Multithreaded ...€¦ · Definition of Atomicity ydeposit is atomic if for every non-serial execution, there is a serial execution with](https://reader036.vdocuments.site/reader036/viewer/2022071413/610bbc98f516747fbe21ece1/html5/thumbnails/25.jpg)
Lockset
any threadr/w
Shared-exclusiveTrack lockset
C. Flanagan Atomizer: A Dynamic Atomicity Checker for Multithreaded Programs 25
Shared-read/writeTrack lockset
race condition!
![Page 26: Atomizer: A Dynamic Atomicity Checker For Multithreaded ...€¦ · Definition of Atomicity ydeposit is atomic if for every non-serial execution, there is a serial execution with](https://reader036.vdocuments.site/reader036/viewer/2022071413/610bbc98f516747fbe21ece1/html5/thumbnails/26.jpg)
Extending Lockset (Thread Local Data)first thread
r/w
ThreadLocal
Shared-exclusiveTrack lockset
C. Flanagan Atomizer: A Dynamic Atomicity Checker for Multithreaded Programs 26
any threadr/w
Shared-read/writeTrack lockset
race condition!
secondthread
r/w
![Page 27: Atomizer: A Dynamic Atomicity Checker For Multithreaded ...€¦ · Definition of Atomicity ydeposit is atomic if for every non-serial execution, there is a serial execution with](https://reader036.vdocuments.site/reader036/viewer/2022071413/610bbc98f516747fbe21ece1/html5/thumbnails/27.jpg)
Extending Lockset (Read Shared Data)first thread
r/w
ThreadLocal
ReadShared
Shared-exclusiveTrack lockset
C. Flanagan Atomizer: A Dynamic Atomicity Checker for Multithreaded Programs 27
any threadwrite
any threadr/w
Shared-read/writeTrack lockset
race condition!
second threadreadsecond
threadwrite
any threadread
![Page 28: Atomizer: A Dynamic Atomicity Checker For Multithreaded ...€¦ · Definition of Atomicity ydeposit is atomic if for every non-serial execution, there is a serial execution with](https://reader036.vdocuments.site/reader036/viewer/2022071413/610bbc98f516747fbe21ece1/html5/thumbnails/28.jpg)
Atomizer: Dynamic Analysis
Lockset algorithm – from Eraser [Savage et al. 97]– identifies race conditions
Reduction [Lipton 75]– proof technique for verifying atomicity,
using information about race conditions
C. Flanagan Atomizer: A Dynamic Atomicity Checker for Multithreaded Programs 28
![Page 29: Atomizer: A Dynamic Atomicity Checker For Multithreaded ...€¦ · Definition of Atomicity ydeposit is atomic if for every non-serial execution, there is a serial execution with](https://reader036.vdocuments.site/reader036/viewer/2022071413/610bbc98f516747fbe21ece1/html5/thumbnails/29.jpg)
Reduction [Lipton 75]acq(this)
S1
XS2
j=balS3
YS4
bal=j+nS5
ZS6
rel(this)S7S0
green thread holds lock⇒ red thread does not hold lock⇒ operation y does not access balance
(assuming balance protected by lock)⇒ operations commuteC. Flanagan Atomizer: A Dynamic Atomicity Checker for Multithreaded Programs 29
![Page 30: Atomizer: A Dynamic Atomicity Checker For Multithreaded ...€¦ · Definition of Atomicity ydeposit is atomic if for every non-serial execution, there is a serial execution with](https://reader036.vdocuments.site/reader036/viewer/2022071413/610bbc98f516747fbe21ece1/html5/thumbnails/30.jpg)
Reduction [Lipton 75]acq(this)
S1
XS2
j=balS3
YS4
bal=j+nS5
ZS6
rel(this)S7S0
acq(this)S1
XS2
YT3
j=balS4
bal=j+nS5
ZS6
rel(this)S7S0
C. Flanagan Atomizer: A Dynamic Atomicity Checker for Multithreaded Programs 30
green thread holds lock after acquire⇒ operation x does not modify lock⇒ operations commute
![Page 31: Atomizer: A Dynamic Atomicity Checker For Multithreaded ...€¦ · Definition of Atomicity ydeposit is atomic if for every non-serial execution, there is a serial execution with](https://reader036.vdocuments.site/reader036/viewer/2022071413/610bbc98f516747fbe21ece1/html5/thumbnails/31.jpg)
Reduction [Lipton 75]acq(this)
S1
XS2
j=balS3
YS4
bal=j+nS5
ZS6
rel(this)S7S0
acq(this)S1
XS2
YT3
j=balS4
bal=j+nS5
ZS6
rel(this)S7S0
XT1
acq(this)S2
YT3
j=balS4
bal=j+nS5
ZS6
rel(this)S7S0
C. Flanagan Atomizer: A Dynamic Atomicity Checker for Multithreaded Programs 31
![Page 32: Atomizer: A Dynamic Atomicity Checker For Multithreaded ...€¦ · Definition of Atomicity ydeposit is atomic if for every non-serial execution, there is a serial execution with](https://reader036.vdocuments.site/reader036/viewer/2022071413/610bbc98f516747fbe21ece1/html5/thumbnails/32.jpg)
Reduction [Lipton 75]acq(this)
S1
XS2
j=bal
C. Flanagan Atomizer: A Dynamic Atomicity Checker for Multithreaded Programs 32
![Page 33: Atomizer: A Dynamic Atomicity Checker For Multithreaded ...€¦ · Definition of Atomicity ydeposit is atomic if for every non-serial execution, there is a serial execution with](https://reader036.vdocuments.site/reader036/viewer/2022071413/610bbc98f516747fbe21ece1/html5/thumbnails/33.jpg)
Reduction [Lipton 75]
XT1
YT2
acq(this)T3
j=balS4
bal=j+nS5
rel(this)T6
ZS7S0
acq(this)S1
XS2
j=balS3
YS4
bal=j+nS5
ZS6
rel(this)S7S0
acq(this)S1
XS2
YT3
j=balS4
bal=j+nS5
ZS6
rel(this)S7S0
XT1
acq(this)S2
YT3
j=balS4
bal=j+nS5
ZS6
rel(this)S7S0
XT1
YT2
acq(this)T3
j=balS4
bal=j+nS5
ZS6
rel(this)S7S0
C. Flanagan Atomizer: A Dynamic Atomicity Checker for Multithreaded Programs 33
![Page 34: Atomizer: A Dynamic Atomicity Checker For Multithreaded ...€¦ · Definition of Atomicity ydeposit is atomic if for every non-serial execution, there is a serial execution with](https://reader036.vdocuments.site/reader036/viewer/2022071413/610bbc98f516747fbe21ece1/html5/thumbnails/34.jpg)
Performing Reduction Dynamically
R: right-mover– lock acquire
L: left-mover– lock release
B: both-mover– race-free field access
N: non-mover– access to "racy" fields
acq(lock) j=bal bal=j+n rel(lock)
R B B LReducible methods: (R|B)* [N] (L|B)*
InRight InLeft
R|BL|Nstart
atomicblock Error
L|BR|N
C. Flanagan Atomizer: A Dynamic Atomicity Checker for Multithreaded Programs 34
![Page 35: Atomizer: A Dynamic Atomicity Checker For Multithreaded ...€¦ · Definition of Atomicity ydeposit is atomic if for every non-serial execution, there is a serial execution with](https://reader036.vdocuments.site/reader036/viewer/2022071413/610bbc98f516747fbe21ece1/html5/thumbnails/35.jpg)
Atomizer Review
Instrumented code calls Atomizer runtime– on field accesses, sync ops, etc
Lockset algorithm identifies races– used to classify ops as movers or non-movers
Atomizer checks reducibility of atomic blocks– warns about atomicity violations
C. Flanagan Atomizer: A Dynamic Atomicity Checker for Multithreaded Programs 35
![Page 36: Atomizer: A Dynamic Atomicity Checker For Multithreaded ...€¦ · Definition of Atomicity ydeposit is atomic if for every non-serial execution, there is a serial execution with](https://reader036.vdocuments.site/reader036/viewer/2022071413/610bbc98f516747fbe21ece1/html5/thumbnails/36.jpg)
Evaluation
12 benchmarks– scientific computing, web server, std libraries, ...– 200,000+ lines of code
Heuristics for atomicity– all synchronized blocks are atomic– all public methods are atomic, except main and run
Slowdown: 1.5x - 40x
C. Flanagan Atomizer: A Dynamic Atomicity Checker for Multithreaded Programs 36
![Page 37: Atomizer: A Dynamic Atomicity Checker For Multithreaded ...€¦ · Definition of Atomicity ydeposit is atomic if for every non-serial execution, there is a serial execution with](https://reader036.vdocuments.site/reader036/viewer/2022071413/610bbc98f516747fbe21ece1/html5/thumbnails/37.jpg)
Benchmark Lines Base Time (s)
AtomizerSlowdown
elevator 500 11.2 -hedc 29,900 6.4 -tsp 700 1.9 21.8sor 17,700 1.3 1.5moldyn 1,300 90.6 1.5montecarlo 3,600 6.4 2.7raytracer 1,900 4.8 41.8mtrt 11,300 2.8 38.8jigsaw 90,100 3.0 4.7specJBB 30,500 26.2 12.1webl 22,300 60.3 -lib-java 75,305 96.5 -
C. Flanagan Atomizer: A Dynamic Atomicity Checker for Multithreaded Programs 37
![Page 38: Atomizer: A Dynamic Atomicity Checker For Multithreaded ...€¦ · Definition of Atomicity ydeposit is atomic if for every non-serial execution, there is a serial execution with](https://reader036.vdocuments.site/reader036/viewer/2022071413/610bbc98f516747fbe21ece1/html5/thumbnails/38.jpg)
Extensions
Redundant lock operations are both-movers– re-entrant acquire/release– operations on thread-local locks– operations on lock A, if lock B always acquired
before A
Write-protected data
C. Flanagan Atomizer: A Dynamic Atomicity Checker for Multithreaded Programs 38
![Page 39: Atomizer: A Dynamic Atomicity Checker For Multithreaded ...€¦ · Definition of Atomicity ydeposit is atomic if for every non-serial execution, there is a serial execution with](https://reader036.vdocuments.site/reader036/viewer/2022071413/610bbc98f516747fbe21ece1/html5/thumbnails/39.jpg)
Write-Protected Dataclass Account {
int bal;/*# atomic */ int read() { return bal; }/*# atomic */ void deposit(int n) { synchronized (this) {int j = bal;bal = j + n;
}}
}
RBNL
C. Flanagan Atomizer: A Dynamic Atomicity Checker for Multithreaded Programs 39
![Page 40: Atomizer: A Dynamic Atomicity Checker For Multithreaded ...€¦ · Definition of Atomicity ydeposit is atomic if for every non-serial execution, there is a serial execution with](https://reader036.vdocuments.site/reader036/viewer/2022071413/610bbc98f516747fbe21ece1/html5/thumbnails/40.jpg)
Extensions Reduce Number of Warnings
C. Flanagan Atomizer: A Dynamic Atomicity Checker for Multithreaded Programs 40
0
10
20
30
40
50
60
70
80
Basic reentrantlocks
thread-locallocks
thread-local(2)
locks
protectedlocks
write-protected
data
lib-javawebljbbjigsawelevatorhedctspsormoldynmontecarloraytracermtrt
Total341
Total97
![Page 41: Atomizer: A Dynamic Atomicity Checker For Multithreaded ...€¦ · Definition of Atomicity ydeposit is atomic if for every non-serial execution, there is a serial execution with](https://reader036.vdocuments.site/reader036/viewer/2022071413/610bbc98f516747fbe21ece1/html5/thumbnails/41.jpg)
EvaluationWarnings: 97 (down from 341)
Real errors (conservative): 7False alarms due to:– simplistic heuristics for atomicity
• programmer should specify atomicity– false races– methods irreducible yet still "atomic"
• eg caching, lazy initialization
No warnings reported in more than 90% of exercised methods
C. Flanagan Atomizer: A Dynamic Atomicity Checker for Multithreaded Programs 41
![Page 42: Atomizer: A Dynamic Atomicity Checker For Multithreaded ...€¦ · Definition of Atomicity ydeposit is atomic if for every non-serial execution, there is a serial execution with](https://reader036.vdocuments.site/reader036/viewer/2022071413/610bbc98f516747fbe21ece1/html5/thumbnails/42.jpg)
java.lang.StringBuffer
/**
... used by the compiler to implement the binary string concatenation operator ...
String buffers are safe for use by multiple threads. The methods are synchronized so that all the operations on any particular instance behave as if they occur in some serial order that is consistent with the order of the method calls made by each of the individual threads involved.
*/
/*# atomic */ public class StringBuffer { ... }
C. Flanagan Atomizer: A Dynamic Atomicity Checker for Multithreaded Programs 42
![Page 43: Atomizer: A Dynamic Atomicity Checker For Multithreaded ...€¦ · Definition of Atomicity ydeposit is atomic if for every non-serial execution, there is a serial execution with](https://reader036.vdocuments.site/reader036/viewer/2022071413/610bbc98f516747fbe21ece1/html5/thumbnails/43.jpg)
java.lang.StringBuffer
public class StringBuffer { private int count;public synchronized int length() { return count; }public synchronized void getChars(...) { ... }/*# atomic */public synchronized void append(StringBuffer sb){
int len = sb.length();.........sb.getChars(...,len,...);...
}}
sb.length() acquires lock on sb, gets length, and releases lock
use of stale len may yield StringIndexOutOfBoundsExceptioninside getChars(...)
other threads can change sb
C. Flanagan Atomizer: A Dynamic Atomicity Checker for Multithreaded Programs 43
![Page 44: Atomizer: A Dynamic Atomicity Checker For Multithreaded ...€¦ · Definition of Atomicity ydeposit is atomic if for every non-serial execution, there is a serial execution with](https://reader036.vdocuments.site/reader036/viewer/2022071413/610bbc98f516747fbe21ece1/html5/thumbnails/44.jpg)
java.lang.StringBuffer
public class StringBuffer { private int count;public synchronized int length() { return count; }public synchronized void getChars(...) { ... }/*# atomic */ public synchronized void append(StringBuffer sb){
int len = sb.length();.........sb.getChars(...,len,...);...
}}
C. Flanagan Atomizer: A Dynamic Atomicity Checker for Multithreaded Programs 44
StringBuffer.append is not atomic:Start:at StringBuffer.append(StringBuffeat Thread1.run(Example.java:17)
Commit: Lock Releaseat StringBuffer.length(StringBuffeat StringBuffer.append(StringBuffeat Thread1.run(Example.java:17)
Error: Lock Acquireat StringBuffer.getChars(StringBuat StringBuffer.append(StringBuffeat Thread1.run(Example.java:17)
![Page 45: Atomizer: A Dynamic Atomicity Checker For Multithreaded ...€¦ · Definition of Atomicity ydeposit is atomic if for every non-serial execution, there is a serial execution with](https://reader036.vdocuments.site/reader036/viewer/2022071413/610bbc98f516747fbe21ece1/html5/thumbnails/45.jpg)
Related WorkReduction
– [Lipton 75, Lamport-Schneider 89, ...]– type systems [Flanagan-Qadeer 03],
model checking [Stoller-Cohen 03, Flanagan-Qadeer 03], procedure summaries [Qadeer et al 04]
Other atomicity checkers– [Wang-Stoller 03], Bogor model checker [Hatcliff et al 03]
Race detection / prevention– dynamic [Savage et al 97, O'Callahan-Choi 01, von Praun-Gross 01]– Warlock [Sterling 93], SPMD [Aiken-Gay 98]– type systems [Abadi-Flanagan 99, Flanagan-Freund 00, Boyapati-Rinard 01]– Guava [Bacon et al 01]
View consistency [Artho-Biere-Havelund 03, von Praun-Gross 03]
C. Flanagan Atomizer: A Dynamic Atomicity Checker for Multithreaded Programs 45
![Page 46: Atomizer: A Dynamic Atomicity Checker For Multithreaded ...€¦ · Definition of Atomicity ydeposit is atomic if for every non-serial execution, there is a serial execution with](https://reader036.vdocuments.site/reader036/viewer/2022071413/610bbc98f516747fbe21ece1/html5/thumbnails/46.jpg)
Multithreaded Program Execution
atomic
run()
b()
d()
a()
C. Flanagan Atomizer: A Dynamic Atomicity Checker for Multithreaded Programs 46
![Page 47: Atomizer: A Dynamic Atomicity Checker For Multithreaded ...€¦ · Definition of Atomicity ydeposit is atomic if for every non-serial execution, there is a serial execution with](https://reader036.vdocuments.site/reader036/viewer/2022071413/610bbc98f516747fbe21ece1/html5/thumbnails/47.jpg)
Multithreaded Program Execution
run()
b()
d()
a()atomic
C. Flanagan Atomizer: A Dynamic Atomicity Checker for Multithreaded Programs 47
![Page 48: Atomizer: A Dynamic Atomicity Checker For Multithreaded ...€¦ · Definition of Atomicity ydeposit is atomic if for every non-serial execution, there is a serial execution with](https://reader036.vdocuments.site/reader036/viewer/2022071413/610bbc98f516747fbe21ece1/html5/thumbnails/48.jpg)
Conclusions And Future Directions
Atomicity– maximal non-interference property– enables sequential reasoning– matches practice
Atomizer extends race detection techniques– catches "higher-level" concurrency errors– some benign races do not break atomicity
Atomicity for distributed systems?
C. Flanagan Atomizer: A Dynamic Atomicity Checker for Multithreaded Programs 48