7 research outputs found
Preventing Atomicity Violations with Contracts
Software developers are expected to protect concurrent accesses to shared
regions of memory with some mutual exclusion primitive that ensures atomicity
properties to a sequence of program statements. This approach prevents data
races but may fail to provide all necessary correctness properties.The
composition of correlated atomic operations without further synchronization may
cause atomicity violations. Atomic violations may be avoided by grouping the
correlated atomic regions in a single larger atomic scope. Concurrent programs
are particularly prone to atomicity violations when they use services provided
by third party packages or modules, since the programmer may fail to identify
which services are correlated. In this paper we propose to use contracts for
concurrency, where the developer of a module writes a set of contract terms
that specify which methods are correlated and must be executed in the same
atomic scope. These contracts are then used to verify the correctness of the
main program with respect to the usage of the module(s). If a contract is well
defined and complete, and the main program respects it, then the program is
safe from atomicity violations with respect to that module. We also propose a
static analysis based methodology to verify contracts for concurrency that we
applied to some real-world software packages. The bug we found in Tomcat 6.0
was immediately acknowledged and corrected by its development team
Lock Removal for Concurrent Trace Programs
Abstract. We propose a trace-based concurrent program analysis to soundly remove redundant synchronizations such as locks while preserving the behaviors of the concurrent computation. Our new method is computationally efficient in that it involves only thread-local computation and therefore avoids interleaving explosion, which is known as the main hurdle for scalable concurrency analysis. Our method builds on the partial-order theory and a unified analysis framework; therefore, it is more generally applicable than existing methods based on simple syntactic rules and ad hoc heuristics. We have implemented and evaluated the proposed method in the context of runtime verification of multithreaded Java and C programs. Our experimental results show that lock removal can significantly speed up symbolic predictive analysis for detecting concurrency bugs. Besides runtime verification, our new method will also be useful in applications such as debugging, performance optimization, program understanding, and maintenance.
Static Detection of Atomicity Violations in Object-Oriented Programs
Violations of atomicity are possible sources of errors in parallel programs. A violation occurs if the effect of a method depends on the execution of concurrent threads that operate on the same shared data. Such unwanted thread interference can occur even if access to shared data is ordered through synchronization, hence common techniques for data race detection are not able to find such errors. We have developed a static analysis that infers atomicity constraints and identifies potential violations. The analysis is based on an abstract model of threads and data. A symbolic execution tracks object locking and access and provides information that is finally used to determine potential violations of atomicity. We provide a detailed evaluation of our algorithm for several Java programs. Although the algorithm does not guarantee to find all violations of atomicity, our experience shows that the method is efficient and effective in determining several known synchronization problems in a number of applications and the Java library. The problem of overreporting that is commonly encountered due to conservatism in static analyses is moderate.
Maintaining the correctness of transactional memory programs
Dissertação para obtenção do Grau de Doutor em
Engenharia InformáticaThis dissertation addresses the challenge of maintaining the correctness of transactional memory programs, while improving its parallelism with small transactions and relaxed isolation levels.
The efficiency of the transactional memory systems depends directly on the level of parallelism, which in turn depends on the conflict rate. A high conflict rate between memory transactions can be addressed by reducing the scope of transactions, but this approach may turn the application prone to the occurrence of atomicity violations. Another way to address this issue is to ignore some of the conflicts by using a relaxed isolation level, such as snapshot isolation, at the cost of introducing write-skews serialization anomalies that break the consistency guarantees provided by a stronger consistency property, such as opacity.
In order to tackle the correctness issues raised by the atomicity violations and the write-skew anomalies, we propose two static analysis techniques: one based in a novel static analysis algorithm that works on a dependency graph of program variables and detects atomicity violations;
and a second one based in a shape analysis technique supported by separation logic augmented with heap path expressions, a novel representation based on sequences of heap dereferences that certifies if a transactional memory program executing under snapshot isolation is free from writeskew
anomalies.
The evaluation of the runtime execution of a transactional memory algorithm using snapshot
isolation requires a framework that allows an efficient implementation of a multi-version algorithm and, at the same time, enables its comparison with other existing transactional memory algorithms. In the Java programming language there was no framework satisfying both these requirements. Hence, we extended an existing software transactional memory framework that already supported efficient implementations of some transactional memory algorithms, to also
support the efficient implementation of multi-version algorithms. The key insight for this extension is the support for storing the transactional metadata adjacent to memory locations. We illustrate the benefits of our approach by analyzing its impact with both single- and multi-version transactional memory algorithms using several transactional workloads.Fundação para a Ciência e Tecnologia - PhD research grant SFRH/BD/41765/2007, and in
the research projects Synergy-VM (PTDC/EIA-EIA/113613/2009), and RepComp (PTDC/EIAEIA/
108963/2008
Techniques for Detection, Root Cause Diagnosis, and Classification of In-Production Concurrency Bugs
Concurrency bugs are at the heart of some of the worst bugs that
plague software. Concurrency bugs slow down software development
because it can take weeks or even months before developers
can identify and fix them.
In-production detection, root cause diagnosis, and classification of
concurrency bugs is challenging. This is because these activities require
heavyweight analyses such as exploring program paths and determining
failing program inputs and schedules, all of which are not
suited for software running in production.
This dissertation develops practical techniques for the detection,
root cause diagnosis, and classification of concurrency bugs for inproduction
software. Furthermore, we develop ways for developers
to better reason about concurrent programs. This dissertation builds
upon the following principles:
— The approach in this dissertation spans multiple layers of the
system stack, because concurrency spans many layers of the
system stack.
— It performs most of the heavyweight analyses in-house and resorts
to minimal in-production analysis in order to move the
heavy lifting to where it is least disruptive.
— It eschews custom hardware solutions that may be infeasible to
implement in the real world.
Relying on the aforementioned principles, this dissertation introduces:
1. Techniques to automatically detect concurrency bugs (data races
and atomicity violations) in-production by combining in-house
static analysis and in-production dynamic analysis.
2. A technique to automatically identify the root causes of in-production
failures, with a particular emphasis on failures caused
by concurrency bugs.
3. A technique that given a data race, automatically classifies it
based on its potential consequence, allowing developers to answer
questions such as “can the data race cause a crash or a
hang?”, or “does the data race have any observable effect?”.
We build a toolchain that implements all the aforementioned techniques.
We show that the tools we develop in this dissertation are
effective, incur low runtime performance overhead, and have high
accuracy and precision