DoubleChecker: Efficient Sound and Precise Atomicity Checking
description
Transcript of DoubleChecker: Efficient Sound and Precise Atomicity Checking
![Page 1: DoubleChecker: Efficient Sound and Precise Atomicity Checking](https://reader036.fdocuments.in/reader036/viewer/2022081604/56816261550346895dd2bdfe/html5/thumbnails/1.jpg)
DoubleChecker: Efficient Sound and Precise Atomicity
CheckingSwarnendu Biswas,
Jipeng Huang, Aritra Sengupta, and Michael D. BondThe Ohio State University
PLDI 2014
![Page 2: DoubleChecker: Efficient Sound and Precise Atomicity Checking](https://reader036.fdocuments.in/reader036/viewer/2022081604/56816261550346895dd2bdfe/html5/thumbnails/2.jpg)
Impact of Concurrency Bugs
![Page 3: DoubleChecker: Efficient Sound and Precise Atomicity Checking](https://reader036.fdocuments.in/reader036/viewer/2022081604/56816261550346895dd2bdfe/html5/thumbnails/3.jpg)
Impact of Concurrency Bugs
Northeastern blackout, 2003
![Page 4: DoubleChecker: Efficient Sound and Precise Atomicity Checking](https://reader036.fdocuments.in/reader036/viewer/2022081604/56816261550346895dd2bdfe/html5/thumbnails/4.jpg)
Impact of Concurrency Bugs
![Page 5: DoubleChecker: Efficient Sound and Precise Atomicity Checking](https://reader036.fdocuments.in/reader036/viewer/2022081604/56816261550346895dd2bdfe/html5/thumbnails/5.jpg)
Atomicity Violations● Constitute 69%1 of all non-deadlock
concurrency bugs
1. S. Lu et al. Learning from Mistakes: A Comprehensive Study on Real World Concurrency Bug Characteristics. In ASPLOS, 2008.
![Page 6: DoubleChecker: Efficient Sound and Precise Atomicity Checking](https://reader036.fdocuments.in/reader036/viewer/2022081604/56816261550346895dd2bdfe/html5/thumbnails/6.jpg)
Atomicity● Concurrency correctness property● Synonymous with serializability
o Program execution must be equivalent to some serial execution of the atomic regions
![Page 7: DoubleChecker: Efficient Sound and Precise Atomicity Checking](https://reader036.fdocuments.in/reader036/viewer/2022081604/56816261550346895dd2bdfe/html5/thumbnails/7.jpg)
Atomicity Violation Example
Thread 1 Thread 2
void execute() {
while (...) {
prepareList();
processList();
resetList(); }
}
void execute() {
while (...) {
prepareList();
processList();
resetList(); }
}
![Page 8: DoubleChecker: Efficient Sound and Precise Atomicity Checking](https://reader036.fdocuments.in/reader036/viewer/2022081604/56816261550346895dd2bdfe/html5/thumbnails/8.jpg)
Atomicity Violation Example
Thread 1 Thread 2
void prepareList() { synchronized (l1) {
list.add(new Object()); }}
void processList() { synchronized (l1) {
Object head = list.get(0); }}
void resetList() { synchronized (l1) {
list = null; }}
![Page 9: DoubleChecker: Efficient Sound and Precise Atomicity Checking](https://reader036.fdocuments.in/reader036/viewer/2022081604/56816261550346895dd2bdfe/html5/thumbnails/9.jpg)
Atomicity Violation Example
Thread 1 Thread 2
void prepareList() { synchronized (l1) {
list.add(new Object()); }}
void processList() { synchronized (l1) {
Object head = list.get(0); }}
void resetList() { synchronized (l1) {
list = null; }}
Null pointer dereference
Data-race-free program
![Page 10: DoubleChecker: Efficient Sound and Precise Atomicity Checking](https://reader036.fdocuments.in/reader036/viewer/2022081604/56816261550346895dd2bdfe/html5/thumbnails/10.jpg)
Atomicity Violation Example
Thread 1 Thread 2
void execute() {
while (...) {
prepareList();
processList();
resetList(); }
}
void execute() {
while (...) {
prepareList();
processList();
resetList(); }
}
atomic
![Page 11: DoubleChecker: Efficient Sound and Precise Atomicity Checking](https://reader036.fdocuments.in/reader036/viewer/2022081604/56816261550346895dd2bdfe/html5/thumbnails/11.jpg)
● Check for conflict serializabilityo Build a transactional dependence grapho Check for cycles
● Existing worko Velodrome, Flanagan et al., PLDI 2008o Farzan and Parthasarathy, CAV 2008
Detecting Atomicity Violations
![Page 12: DoubleChecker: Efficient Sound and Precise Atomicity Checking](https://reader036.fdocuments.in/reader036/viewer/2022081604/56816261550346895dd2bdfe/html5/thumbnails/12.jpg)
Transactional Dependence Graph
wr o.f
wr o.g
wr o.f
acq lock
rel lock
time
Thread 1 Thread 2 Thread 3
trans
actio
n
![Page 13: DoubleChecker: Efficient Sound and Precise Atomicity Checking](https://reader036.fdocuments.in/reader036/viewer/2022081604/56816261550346895dd2bdfe/html5/thumbnails/13.jpg)
Transactional Dependence Graph
wr o.f
wr o.g
wr o.f
acq lock
rel lock
time
Thread 1 Thread 2 Thread 3
trans
actio
n
![Page 14: DoubleChecker: Efficient Sound and Precise Atomicity Checking](https://reader036.fdocuments.in/reader036/viewer/2022081604/56816261550346895dd2bdfe/html5/thumbnails/14.jpg)
Cycle means Atomicity Violation
wr o.f
wr o.g
rd o.f
wr o.f
acq lock
rel lock
time
Thread 1 Thread 2 Thread 3
trans
actio
n
![Page 15: DoubleChecker: Efficient Sound and Precise Atomicity Checking](https://reader036.fdocuments.in/reader036/viewer/2022081604/56816261550346895dd2bdfe/html5/thumbnails/15.jpg)
Velodrome1
● Paper reports 12.7X overhead● 6.1X in our experiments
Prior Work is Slow
1. C. Flanagan et al. Velodrome: A Sound and Complete Dynamic Atomicity Checker for Multithreaded Programs. In PLDI, 2008.
![Page 16: DoubleChecker: Efficient Sound and Precise Atomicity Checking](https://reader036.fdocuments.in/reader036/viewer/2022081604/56816261550346895dd2bdfe/html5/thumbnails/16.jpg)
● Precise tracking is expensiveo “last transaction(s) to read/write” for
every fieldo Need atomic updates in instrumentation
High Overheads of Prior Work
![Page 17: DoubleChecker: Efficient Sound and Precise Atomicity Checking](https://reader036.fdocuments.in/reader036/viewer/2022081604/56816261550346895dd2bdfe/html5/thumbnails/17.jpg)
Instrumentation Approach
Program access
Program access
Uninstrumented program Instrumented program
![Page 18: DoubleChecker: Efficient Sound and Precise Atomicity Checking](https://reader036.fdocuments.in/reader036/viewer/2022081604/56816261550346895dd2bdfe/html5/thumbnails/18.jpg)
Precise Tracking is Expensive!
Program access
Update metadata
Program access
Analysis-specific work
Uninstrumented program Instrumented program
Precise tracking of dependences
Can lead to remote cache misses for mostly read-only variables
![Page 19: DoubleChecker: Efficient Sound and Precise Atomicity Checking](https://reader036.fdocuments.in/reader036/viewer/2022081604/56816261550346895dd2bdfe/html5/thumbnails/19.jpg)
Synchronized Updates are Expensive!
Lock metadata access
Program access
Unlock metadata access
Program access
Uninstrumented program Instrumented program
atom
ic
atom
ic
![Page 20: DoubleChecker: Efficient Sound and Precise Atomicity Checking](https://reader036.fdocuments.in/reader036/viewer/2022081604/56816261550346895dd2bdfe/html5/thumbnails/20.jpg)
Synchronized Updates are Expensive!
Lock metadata access
Program access
Unlock metadata access
Program access
Uninstrumented program Instrumented program
atom
ic
synchronization on every access
slows programs
atom
ic
![Page 21: DoubleChecker: Efficient Sound and Precise Atomicity Checking](https://reader036.fdocuments.in/reader036/viewer/2022081604/56816261550346895dd2bdfe/html5/thumbnails/21.jpg)
DoubleChecker
![Page 22: DoubleChecker: Efficient Sound and Precise Atomicity Checking](https://reader036.fdocuments.in/reader036/viewer/2022081604/56816261550346895dd2bdfe/html5/thumbnails/22.jpg)
● Dynamic atomicity checker based on conflict serializability
● Preciseo Sound and unsound operation modes
● Incurs 2-4 times lower overheads● Makes dynamic atomicity checking
more practical
DoubleChecker’s Contributions
![Page 23: DoubleChecker: Efficient Sound and Precise Atomicity Checking](https://reader036.fdocuments.in/reader036/viewer/2022081604/56816261550346895dd2bdfe/html5/thumbnails/23.jpg)
Key Insights● Avoid high costs of precise tracking
of dependences at every accesso Common case: no dependences
Most accesses are thread local
![Page 24: DoubleChecker: Efficient Sound and Precise Atomicity Checking](https://reader036.fdocuments.in/reader036/viewer/2022081604/56816261550346895dd2bdfe/html5/thumbnails/24.jpg)
● Tracks dependences impreciselyo Soundly over-approximates dependenceso Recovers precision when requiredo Turns out to be a lot cheaper
Key Insights
![Page 25: DoubleChecker: Efficient Sound and Precise Atomicity Checking](https://reader036.fdocuments.in/reader036/viewer/2022081604/56816261550346895dd2bdfe/html5/thumbnails/25.jpg)
Staged Analysis● Imprecise cycle detection
(ICD)● Precise cycle detection
(PCD)
![Page 26: DoubleChecker: Efficient Sound and Precise Atomicity Checking](https://reader036.fdocuments.in/reader036/viewer/2022081604/56816261550346895dd2bdfe/html5/thumbnails/26.jpg)
Imprecise Cycle Detection
● Processes every program access● Soundly overapproximates
dependences, is cheap● Could have false positives
Program execution ICD
atomicityspecifications Imprecise
cycles
soundtracking
![Page 27: DoubleChecker: Efficient Sound and Precise Atomicity Checking](https://reader036.fdocuments.in/reader036/viewer/2022081604/56816261550346895dd2bdfe/html5/thumbnails/27.jpg)
Precise Cycle Detection
● Processes a subset of program accesses
● Performs precise analysis● No false positives
PCDPrecise
violationsImprecise cycles access
information
static program locations
![Page 28: DoubleChecker: Efficient Sound and Precise Atomicity Checking](https://reader036.fdocuments.in/reader036/viewer/2022081604/56816261550346895dd2bdfe/html5/thumbnails/28.jpg)
Staged Analyses: ICD and PCD
Program execution ICDatomicity
specificationsImprecise cycles
PCD
soundtracking
Precise violations access
information
static program locations
![Page 29: DoubleChecker: Efficient Sound and Precise Atomicity Checking](https://reader036.fdocuments.in/reader036/viewer/2022081604/56816261550346895dd2bdfe/html5/thumbnails/29.jpg)
ICD is Sound
Program execution ICDatomicity
specificationsImprecise cycles
PCD
soundtracking
Precise violations access
information
true
atomicity
violationsstatic program locations
![Page 30: DoubleChecker: Efficient Sound and Precise Atomicity Checking](https://reader036.fdocuments.in/reader036/viewer/2022081604/56816261550346895dd2bdfe/html5/thumbnails/30.jpg)
Role of ICD
● Most accesses in a program are thread-localo Uses Octet1 for tracking cross-thread
dependences● Acts as a dynamically sound
transaction filter1. M. Bond et al. Octet: Capturing and Controlling Cross-Thread Dependences Efficiently. In OOPSLA, 2013.
Program execution ICD
atomicityspecifications Imprecise
cycles
soundtracking
![Page 31: DoubleChecker: Efficient Sound and Precise Atomicity Checking](https://reader036.fdocuments.in/reader036/viewer/2022081604/56816261550346895dd2bdfe/html5/thumbnails/31.jpg)
Role of PCD
● Processes transactions involved in an ICD cycleo Performs precise serializability analysiso PCD has to do much less work
Program conforming to its atomicity specification will have very few cycles
PCDPrecise violation
Imprecise cycles access
information
static program locations
![Page 32: DoubleChecker: Efficient Sound and Precise Atomicity Checking](https://reader036.fdocuments.in/reader036/viewer/2022081604/56816261550346895dd2bdfe/html5/thumbnails/32.jpg)
Different Modes of Operation● Single-run mode● Multi-run mode
![Page 33: DoubleChecker: Efficient Sound and Precise Atomicity Checking](https://reader036.fdocuments.in/reader036/viewer/2022081604/56816261550346895dd2bdfe/html5/thumbnails/33.jpg)
Single-Run Mode
ICDICD cycles
read/write logs
Program execution ICD+PCDatomicity
specifications
PCD
Atomicity violations
![Page 34: DoubleChecker: Efficient Sound and Precise Atomicity Checking](https://reader036.fdocuments.in/reader036/viewer/2022081604/56816261550346895dd2bdfe/html5/thumbnails/34.jpg)
Multi-run Mode
Program execution ICD+PCD
Atomicity violations
monitoredtransactions
First run
Second run
Program execution ICD
Potentiallyimprecise
cycles
atomicityspecifications
Static transactioninformation
soundtracking
![Page 35: DoubleChecker: Efficient Sound and Precise Atomicity Checking](https://reader036.fdocuments.in/reader036/viewer/2022081604/56816261550346895dd2bdfe/html5/thumbnails/35.jpg)
● Multi-run modeo Conditionally instruments non-transactional
accesses Otherwise overhead increases by 29%
o Could use Velodrome for the second run But performance is worse
● Second run has to process many accesses● ICD is still effective as a dynamic transaction
filter
Design Choices
![Page 36: DoubleChecker: Efficient Sound and Precise Atomicity Checking](https://reader036.fdocuments.in/reader036/viewer/2022081604/56816261550346895dd2bdfe/html5/thumbnails/36.jpg)
Examples● Imprecise analysis● Precise analysis
![Page 37: DoubleChecker: Efficient Sound and Precise Atomicity Checking](https://reader036.fdocuments.in/reader036/viewer/2022081604/56816261550346895dd2bdfe/html5/thumbnails/37.jpg)
Imprecise Analysis
time
wr o.f(WrExT1)
Thread 1 Thread 4Thread 2 Thread 3
trans
actio
n
![Page 38: DoubleChecker: Efficient Sound and Precise Atomicity Checking](https://reader036.fdocuments.in/reader036/viewer/2022081604/56816261550346895dd2bdfe/html5/thumbnails/38.jpg)
Imprecise Analysis
time
wr o.f(WrExT1)
Thread 1 Thread 4Thread 2 Thread 3
![Page 39: DoubleChecker: Efficient Sound and Precise Atomicity Checking](https://reader036.fdocuments.in/reader036/viewer/2022081604/56816261550346895dd2bdfe/html5/thumbnails/39.jpg)
Imprecise Analysis
time
wr o.f(WrExT1)
Thread 1 Thread 4Thread 2 Thread 3
rd o.g(RdExT2)
![Page 40: DoubleChecker: Efficient Sound and Precise Atomicity Checking](https://reader036.fdocuments.in/reader036/viewer/2022081604/56816261550346895dd2bdfe/html5/thumbnails/40.jpg)
Imprecise Analysis
time
wr o.f(WrExT1)
Thread 1 Thread 4Thread 2 Thread 3
rd o.g(RdExT2)
rd o.f(RdShc)
![Page 41: DoubleChecker: Efficient Sound and Precise Atomicity Checking](https://reader036.fdocuments.in/reader036/viewer/2022081604/56816261550346895dd2bdfe/html5/thumbnails/41.jpg)
Imprecise Analysis
time
wr o.f(WrExT1)
Thread 1 Thread 4Thread 2 Thread 3
rd o.g(RdExT2)
rd o.f(RdShc)
rd o.h(fence)
![Page 42: DoubleChecker: Efficient Sound and Precise Atomicity Checking](https://reader036.fdocuments.in/reader036/viewer/2022081604/56816261550346895dd2bdfe/html5/thumbnails/42.jpg)
Imprecise Analysis
time
wr o.f(WrExT1)
Thread 1 Thread 4Thread 2 Thread 3
rd o.g(RdExT2)
rd o.f(RdShc)
rd o.h(fence)
wr o.f(WrExT1)
![Page 43: DoubleChecker: Efficient Sound and Precise Atomicity Checking](https://reader036.fdocuments.in/reader036/viewer/2022081604/56816261550346895dd2bdfe/html5/thumbnails/43.jpg)
Precise Analysis
time
Thread 1 Thread 4Thread 2 Thread 3
rd o.g
rd o.f
rd o.h
wr o.f
![Page 44: DoubleChecker: Efficient Sound and Precise Atomicity Checking](https://reader036.fdocuments.in/reader036/viewer/2022081604/56816261550346895dd2bdfe/html5/thumbnails/44.jpg)
No Precise Violation
time
Thread 1 Thread 4Thread 2 Thread 3
rd o.g
rd o.f
rd o.h
wr o.f
![Page 45: DoubleChecker: Efficient Sound and Precise Atomicity Checking](https://reader036.fdocuments.in/reader036/viewer/2022081604/56816261550346895dd2bdfe/html5/thumbnails/45.jpg)
ICD Cycle
time
wr o.f(WrExT1)
Thread 1 Thread 4Thread 2 Thread 3
rd o.g(RdExT2)
rd o.h(RdExT2) rd o.f
(RdShc) rd o.h(fence)
wr o.f(WrExT1)
![Page 46: DoubleChecker: Efficient Sound and Precise Atomicity Checking](https://reader036.fdocuments.in/reader036/viewer/2022081604/56816261550346895dd2bdfe/html5/thumbnails/46.jpg)
Precise analysis
time
wr o.f
Thread 1 Thread 4Thread 2 Thread 3
rd o.g
rd o.hrd o.f
rd o.hwr o.f
![Page 47: DoubleChecker: Efficient Sound and Precise Atomicity Checking](https://reader036.fdocuments.in/reader036/viewer/2022081604/56816261550346895dd2bdfe/html5/thumbnails/47.jpg)
Precise Violation
time
wr o.f
Thread 1 Thread 4Thread 2 Thread 3
rd o.g
rd o.hrd o.f
rd o.hwr o.f
![Page 48: DoubleChecker: Efficient Sound and Precise Atomicity Checking](https://reader036.fdocuments.in/reader036/viewer/2022081604/56816261550346895dd2bdfe/html5/thumbnails/48.jpg)
● Implementation● Atomicity specifications● Experiments
Evaluation Methodology
![Page 49: DoubleChecker: Efficient Sound and Precise Atomicity Checking](https://reader036.fdocuments.in/reader036/viewer/2022081604/56816261550346895dd2bdfe/html5/thumbnails/49.jpg)
Implementation● DoubleChecker and Velodrome
o Developed in Jikes RVM 3.1.3o Artifact successfully evaluatedo Code shared on Jikes RVM Research Archive
![Page 50: DoubleChecker: Efficient Sound and Precise Atomicity Checking](https://reader036.fdocuments.in/reader036/viewer/2022081604/56816261550346895dd2bdfe/html5/thumbnails/50.jpg)
Experimental Methodology● Benchmarks
o DaCapo 2006, 9.12-bach, Java Grande, other benchmarks used in prior work1
● Platform: 3.30 GHz 4-core Intel i5 processor
1. C. Flanagan et al. Velodrome: A Sound and Complete Dynamic Atomicity Checker for Multithreaded Programs. In PLDI, 2008.
![Page 51: DoubleChecker: Efficient Sound and Precise Atomicity Checking](https://reader036.fdocuments.in/reader036/viewer/2022081604/56816261550346895dd2bdfe/html5/thumbnails/51.jpg)
Atomicity Specifications● Assume provided by the programmers● We reuse prior work’s approach to
infer the specifications
DoubleChecker/Velodrome
atomicityspecification
All methods except main(), run(), callers of join(), wait(), etc.
new violationsreported?
Yes
No
considered non-atomic
![Page 52: DoubleChecker: Efficient Sound and Precise Atomicity Checking](https://reader036.fdocuments.in/reader036/viewer/2022081604/56816261550346895dd2bdfe/html5/thumbnails/52.jpg)
Soundness Experiments● Generated atomicity violations with
o Velodrome - sound and preciseo DoubleChecker
Single-run mode - sound and precise Multi-run mode - unsound
● Results match closely for Velodrome and the single-run modeo Multi-run mode finds 83% of all violations
![Page 53: DoubleChecker: Efficient Sound and Precise Atomicity Checking](https://reader036.fdocuments.in/reader036/viewer/2022081604/56816261550346895dd2bdfe/html5/thumbnails/53.jpg)
Performance Experiments
![Page 54: DoubleChecker: Efficient Sound and Precise Atomicity Checking](https://reader036.fdocuments.in/reader036/viewer/2022081604/56816261550346895dd2bdfe/html5/thumbnails/54.jpg)
Performance Experiments
● Single-run mode - 1.9 times faster than Velodrome
● Multi-run modeo First run - 5.6 times fastero Second run - 3.7 times faster
![Page 55: DoubleChecker: Efficient Sound and Precise Atomicity Checking](https://reader036.fdocuments.in/reader036/viewer/2022081604/56816261550346895dd2bdfe/html5/thumbnails/55.jpg)
● 2-4 times lesser overhead than current state-of-art
● Makes dynamic atomicity checking more practical
DoubleChecker
![Page 56: DoubleChecker: Efficient Sound and Precise Atomicity Checking](https://reader036.fdocuments.in/reader036/viewer/2022081604/56816261550346895dd2bdfe/html5/thumbnails/56.jpg)
Related Work● Type systems
Flanagan and Qadeer, PLDI 2003 Flanagan et al., TOPLAS 2008
● Model checking Farzan and Madhusudan, CAV 2006 Flanagan, SPIN 2004 Hatcliff et al., VMCAI 2004
![Page 57: DoubleChecker: Efficient Sound and Precise Atomicity Checking](https://reader036.fdocuments.in/reader036/viewer/2022081604/56816261550346895dd2bdfe/html5/thumbnails/57.jpg)
Related Work● Dynamic analysis
o Conflict-serializability-based approaches Flanagan et al., PLDI 2008; Farzan and Madhusudan, CAV 2008
o Inferring atomicity Lu et al., ASPLOS 2006; Xu et al., PLDI 2005; Hammer et al., ICSE 2008
o Predictive approaches Sinha et al., MEMOCODE 2011; Sorrentino et al., FSE 2010
o Other approaches Wang and Stoller, PPoPP 2006; Wang and Stoller, TSE 2006
![Page 58: DoubleChecker: Efficient Sound and Precise Atomicity Checking](https://reader036.fdocuments.in/reader036/viewer/2022081604/56816261550346895dd2bdfe/html5/thumbnails/58.jpg)
What Has DoubleChecker Achieved?● Improved overheads over current
state-of-arto Makes dynamic atomicity checking more
practical● Cheaper to over-approximate
dependenceso Showcases a judicious separation of tasks to
recover precision