126 research outputs found
IST Austria Thesis
In this thesis we present a computer-aided programming approach to concurrency. Our approach helps the programmer by automatically fixing concurrency-related bugs, i.e. bugs that occur when the program is executed using an aggressive preemptive scheduler, but not when using a non-preemptive (cooperative) scheduler. Bugs are program behaviours that are incorrect w.r.t. a specification. We consider both user-provided explicit specifications in the form of assertion
statements in the code as well as an implicit specification. The implicit specification is inferred from the non-preemptive behaviour. Let us consider sequences of calls that the program makes to an external interface. The implicit specification requires that any such sequence produced under a preemptive scheduler should be included in the set of sequences produced under a non-preemptive scheduler. We consider several semantics-preserving fixes that go beyond atomic sections typically explored in the synchronisation synthesis literature. Our synthesis is able to place locks, barriers and wait-signal statements and last, but not least reorder independent statements. The latter may be useful if a thread is released to early, e.g., before some initialisation is completed. We guarantee that our synthesis does not introduce deadlocks and that the synchronisation inserted is optimal w.r.t. a given objective function. We dub our solution trace-based synchronisation synthesis and it is loosely based on counterexample-guided inductive synthesis (CEGIS). The synthesis works by discovering a trace that is incorrect w.r.t. the specification and identifying ordering constraints crucial to trigger the specification violation. Synchronisation may be placed immediately (greedy approach) or delayed until all incorrect traces are found (non-greedy approach). For the non-greedy approach we construct a set of global constraints over synchronisation placements. Each model of the global constraints set corresponds to a correctness-ensuring synchronisation placement. The placement that is optimal w.r.t. the given objective function is chosen as the synchronisation solution. We evaluate our approach on a number of realistic (albeit simplified) Linux device-driver
benchmarks. The benchmarks are versions of the drivers with known concurrency-related bugs. For the experiments with an explicit specification we added assertions that would detect the bugs in the experiments. Device drivers lend themselves to implicit specification, where the device and the operating system are the external interfaces. Our experiments demonstrate that our synthesis method is precise and efficient. We implemented objective functions for coarse-grained and fine-grained locking and observed that different synchronisation placements are produced for our experiments, favouring e.g. a minimal number of synchronisation operations or maximum concurrency
Recommended from our members
Predicate detection for parallel computations
One of the fundamental problems in runtime verification of parallel program is to check if a predicate could become true in any global state of the system. The problem is challenging because of the nondeterministic process or thread scheduling of the system. Predicate detection alleviates this problem by analyzing the computation of the program and predicting whether the predicate could become true by exercising an alternative process schedule. The technique was first introduced by Cooper et al. and Garg et al. for distributed debugging. Later, jPredictor applies this technique for concurrent debugging. We improve the technique of predicate detection in three ways. The first part of this dissertation presents the first online-and-parallel predicate detector for general-purpose predicate detection, named ParaMount. ParaMount partitions the set of consistent global states and each subset can be enumerated in parallel using existing sequential enumeration algorithms. Our experimental results show that ParaMount speeds up the existing sequential algorithms by a factor of 6 with 8 threads. Moreover, Paramount can run along with the execution of usersâ program and hence it is applicable even to non-terminating programs. The second part develops a fast enumeration algorithm, named QuickLex, for consistent global states. In comparison with the original lexical algorithm (Lex), QuickLex uses an additional O(n2) space to reduce the time complexity from O(n2) to O(n·â(P)), where n is the number of processes or threads in the computation and â(P) is the maximal number of incoming edges of any event. The third part introduces Loset â a new model for parallel computations with locking constraints. We show that the reachability problem in a loset is NP-complete. To tackle the NP-completeness, we present several useful properties. Specifically, if the final global state is reachable, then all lock-free feasible global states are reachable. In addition, we show that the reachability of a global state G can be determined using a sub-computation instead of the entire computation. Moreover, we introduce the strong feasibility of a global state, which is an upper approximation of reachability that can be calculated efficiently. Our experiments show that the property accurately models the reachability for all 11 benchmarks.Electrical and Computer Engineerin
Reasoning about Threads with Bounded Lock Chains
The problem of model checking threads interacting purely via the standard synchronization primitives is key for many concurrent program analyses, particularly dataflow analysis. Unfortunately, it is undecidable even for the most commonly used synchronization primitive, i.e., mutex locks. Lock usage in concurrent programs can be characterized in terms of lock chains, where a sequence of mutex locks is said to be chained if the scopes of adjacent (non-nested) mutexes overlap. Although the model checking problem for fragments of Linear Temporal Logic (LTL) is known to be decidable for threads interacting via nested locks, i.e., chains of length one, these techniques donât extend to pro-grams with non-nested locks used in crucial applications like databases and device drivers. We exploit the fact that lock usage patterns in real life programs do not produce unbounded lock chains. For such a framework, we show, by using the new concept of Lock Causality Automata (LCA), that preâ-closures of regular sets of states can be computed efficiently. Leveraging this new technique then allows us to formulate decision procedures for model checking threads communicating via bounded lock chains for fragments of LTL. Our new results narrow the decidability gap for LTL model checking of threads communicating via locks by pro-viding a more refined characterization for it in terms of boundedness of lock chains rather than the current state-of-the-art, i.e., nestedness of locks (chains of length one).
Multiprocessing with the exokernel operating system
Thesis (S.B. and M.Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2000.Includes bibliographical references (p. 57-59).by Benjie Chen.S.B.and M.Eng
An Architecture for Multi-User Software Development Environments
We present an architecture for multi-user software development environments, covering general, process-centered and rule-based MUSDEs. Our architecture is founded on componentization, with particular concern for the capability to replace the synchronization component - to allow experimentation with novel concurrency control mechanisms - with minimal effects on other components while still supporting integration. The architecture has been implemented in the MARVEL SD
Techniques for Detection, Root Cause Diagnosis, and Classification of In-Production Concurrency Bugs
Concurrency bugs are at the heart of some of the worst bugs that
plague software. Concurrency bugs slow down software development
because it can take weeks or even months before developers
can identify and fix them.
In-production detection, root cause diagnosis, and classification of
concurrency bugs is challenging. This is because these activities require
heavyweight analyses such as exploring program paths and determining
failing program inputs and schedules, all of which are not
suited for software running in production.
This dissertation develops practical techniques for the detection,
root cause diagnosis, and classification of concurrency bugs for inproduction
software. Furthermore, we develop ways for developers
to better reason about concurrent programs. This dissertation builds
upon the following principles:
â The approach in this dissertation spans multiple layers of the
system stack, because concurrency spans many layers of the
system stack.
â It performs most of the heavyweight analyses in-house and resorts
to minimal in-production analysis in order to move the
heavy lifting to where it is least disruptive.
â It eschews custom hardware solutions that may be infeasible to
implement in the real world.
Relying on the aforementioned principles, this dissertation introduces:
1. Techniques to automatically detect concurrency bugs (data races
and atomicity violations) in-production by combining in-house
static analysis and in-production dynamic analysis.
2. A technique to automatically identify the root causes of in-production
failures, with a particular emphasis on failures caused
by concurrency bugs.
3. A technique that given a data race, automatically classifies it
based on its potential consequence, allowing developers to answer
questions such as âcan the data race cause a crash or a
hang?â, or âdoes the data race have any observable effect?â.
We build a toolchain that implements all the aforementioned techniques.
We show that the tools we develop in this dissertation are
effective, incur low runtime performance overhead, and have high
accuracy and precision
A comparative study of transaction management services in multidatabase heterogeneous systems
Multidatabases are being actively researched as a relatively new area in which many aspects are not yet fully understood. This area of transaction management in multidatabase systems still has many unresolved problems. The problem areas which this dissertation addresses are classification of multidatabase systems, global concurrency control, correctness criterion in a multidatabase environment, global deadlock detection, atomic commitment and crash recovery. A core group of research addressing these problems was identified and studied. The dissertation contributes to the multidatabase transaction management topic by introducing an alternative classification method for such multiple database systems; assessing existing research into
transaction management schemes and based on this assessment, proposes a transaction
processing model founded on the optimal properties of transaction management identified during
the course of this research.ComputingM. Sc. (Computer Science
Modelling a Distributed Data Acquisition System
This thesis discusses the formal modelling and verification of certain non-real-time aspects of
correctness of a mission-critical distributed software system known as the ALICE Data Point
Service (ADAPOS). The domain of this distributed system is data acquisition from a particle
detector control system in experimental high energy particle physics research. ADAPOS is
part of the upgrade effort of A Large Ion Collider Experiment (ALICE) at the European
Organisation for Nuclear Research (CERN), near Geneva in France/Switzerland, for the third
run of the Large Hadron Collider (LHC). ADAPOS is based on the publicly available ALICE
Data Point Processing (ADAPRO) C++14 framework and works within the free and open
source GNU/Linux ecosystem.
The model checker Spin was chosen for modelling and verifying ADAPOS. The model
focuses on the general specification of ADAPOS. It includes ADAPOS processes, a load
generator process, and rudimentary interpretations for the network protocols used between
the processes. For experimenting with different interpretations of the underlying network
protocols and also for coping with the state space explosion problem, eight variants of the
model were developed and studied. Nine Linear Temporal Logic (LTL) properties were defined
for all those variants.
Large numbers of states were covered during model checking even though the model
turned out to have a reachable state space too large to fully exhaust. No counter-examples
were found to safety properties. A significant amount of evidence hinting that ADAPOS
seems to be safe, was obtained. Liveness properties and implementation-level verification
among other possible research directions remain open
- âŠ