Scaling Model Checking of Dataraces Using Dynamic Information Ohad Shacham Tel Aviv University IBM Haifa Lab Mooly Sagiv Tel Aviv University Assaf Schuster.

Slides:

Advertisements

Similar presentations

Hybrid BDD and All-SAT Method for Model Checking Orna Grumberg Joint work with Assaf Schuster and Avi Yadgar Technion – Israel Institute of Technology.

Advertisements

Software & Services Group PinPlay: A Framework for Deterministic Replay and Reproducible Analysis of Parallel Programs Harish Patil, Cristiano Pereira,

1 Chao Wang, Yu Yang*, Aarti Gupta, and Ganesh Gopalakrishnan* NEC Laboratories America, Princeton, NJ * University of Utah, Salt Lake City, UT Dynamic.

1 Write Barrier Elision for Concurrent Garbage Collectors Martin T. Vechev Cambridge University David F. Bacon IBM T.J.Watson Research Center.

Conditional Must Not Aliasing for Static Race Detection Mayur Naik Alex Aiken Stanford University.

Goldilocks: Efficiently Computing the Happens-Before Relation Using Locksets Tayfun Elmas 1, Shaz Qadeer 2, Serdar Tasiran 1 1 Koç University, İstanbul,

Race Directed Random Testing of Concurrent Programs KOUSHIK SEN - UNIVERSITY OF CALIFORNIA, BERKELEY PRESENTED BY – ARTHUR KIYANOVSKI – TECHNION, ISRAEL.

A Randomized Dynamic Program Analysis for Detecting Real Deadlocks Koushik Sen CS 265.

Scalable and Precise Dynamic Datarace Detection for Structured Parallelism Raghavan RamanJisheng ZhaoVivek Sarkar Rice University June 13, 2012 Martin.

Eraser: A Dynamic Data Race Detector for Multithreaded Programs STEFAN SAVAGE, MICHAEL BURROWS, GREG NELSON, PATRICK SOBALVARRO and THOMAS ANDERSON.

Efficient Reachability Analysis for Verification of Asynchronous Systems Nishant Sinha.

Iterative Context Bounding for Systematic Testing of Multithreaded Programs Madan Musuvathi Shaz Qadeer Microsoft Research.

The Path to Multi-core Tools Paul Petersen. Multi-coreToolsThePathTo 2 Outline Motivation Where are we now What is easy to do next What is missing.

Static Data Race detection for Concurrent Programs with Asynchronous Calls Presenter: M. Amin Alipour Software Design Laboratory

An Case for an Interleaving Constrained Shared-Memory Multi- Processor CS6260 Biao xiong, Srikanth Bala.

Atomicity in Multi-Threaded Programs Prachi Tiwari University of California, Santa Cruz CMPS 203 Programming Languages, Fall 2004.

CS 263 Course Project1 Survey: Type Systems for Race Detection and Atomicity Feng Zhou, 12/3/2003.

OOPSLA 2003 Mostly Concurrent Garbage Collection Revisited Katherine Barabash - IBM Haifa Research Lab. Israel Yoav Ossia - IBM Haifa Research Lab. Israel.

Thread-modular Abstraction Refinement Tom Henzinger Ranjit Jhala Rupak Majumdar Shaz Qadeer.

ADVERSARIAL MEMORY FOR DETECTING DESTRUCTIVE RACES Cormac Flanagan & Stephen Freund UC Santa Cruz Williams College PLDI 2010 Slides by Michelle Goodstein.

Cormac Flanagan and Stephen Freund PLDI 2009 Slides by Michelle Goodstein 07/26/10.

S. Narayanasamy, Z. Wang, J. Tigani, A. Edwards, B. Calder UCSD and Microsoft PLDI 2007.

CS533 Concepts of Operating Systems Class 3 Data Races and the Case Against Threads.

On-The-Fly Resolve Trace Minimization Ohad Shacham and Karen Yorav IBM Haifa Research Laboratory.

Mayur Naik Alex Aiken John Whaley Stanford University Effective Static Race Detection for Java.

Applying Dynamic Analysis to Test Corner Cases First Penka Vassileva Markova Madanlal Musuvathi.

Cormac Flanagan UC Santa Cruz Velodrome: A Sound and Complete Dynamic Atomicity Checker for Multithreaded Programs Jaeheon Yi UC Santa Cruz Stephen Freund.

/ PSWLAB Eraser: A Dynamic Data Race Detector for Multithreaded Programs By Stefan Savage et al 5 th Mar 2008 presented by Hong,Shin Eraser:

DETECTION OF POTENTIAL DEADLOCKS AND DATARACES ROZA GHAMARI Bogazici UniversityMarch 2009.

Thread-modular Abstraction Refinement Thomas A. Henzinger, et al. CAV 2003 Seonggun Kim KAIST CS750b.

Timing and Race Condition Verification of Real-time Systems Yann–Hang Lee, Gerald Gannod, and Karam Chatha Dept. of Computer Science and Eng. Arizona State.

Parallel and Distributed Computing in Model Checking Diana DUBU (UVT) Dana PETCU (IeAT, UVT)

Accelerating Precise Race Detection Using Commercially-Available Hardware Transactional Memory Support Serdar Tasiran Koc University, Istanbul, Turkey.

Testing and Verifying Atomicity of Composed Concurrent Operations Ohad Shacham Tel Aviv University Nathan Bronson Stanford University Alex Aiken Stanford.

1 Effective Static Race Detection for Java Mayur, Alex, CS Department Stanford University Presented by Roy Ganor 14/2/08 Point-To Analysis Seminar.

Eraser: A Dynamic Data Race Detector for Multithreaded Programs STEFAN SAVAGE, MICHAEL BURROWS, GREG NELSON, PATRICK SOBALVARRO, and THOMAS ANDERSON Ethan.

Survey on Trace Analyzer (2) Hong, Shin /34Survey on Trace Analyzer (2) KAIST.

Dynamic Analysis of Multithreaded Java Programs Dr. Abhik Roychoudhury National University of Singapore.

50.530: Software Engineering Sun Jun SUTD. Week 8: Race Detection.

Analysis of Concurrent Software Models Using Partial Order Views Qiang Sun, Yuting Chen,

Deadlock Analysis with Fewer False Positives Thread T1: sync(G){ sync(L1){ sync(L2){} } }; T3 = new T3(); j3.start(); J3.join(); sync(L2){ sync(L1){} }

Motivation  Parallel programming is difficult  Culprit: Non-determinism Interleaving of parallel threads But required to harness parallelism  Sequential.

Virtual Application Profiler (VAPP) Problem – Increasing hardware complexity – Programmers need to understand interactions between architecture and their.

CS527 Topics in Software Engineering (Software Testing and Analysis) Darko Marinov August 30, 2011.

Debugging Threaded Applications By Andrew Binstock CMPS Parallel.

Parallel and Distributed Systems Laboratory Paradise: A Toolkit for Building Reliable Concurrent Systems Trace Verification for Parallel Systems Vijay.

Detecting Atomicity Violations via Access Interleaving Invariants

Effective Static Deadlock Detection Mayur Naik* Chang-Seo Park +, Koushik Sen +, David Gay* *Intel Research, Berkeley + UC Berkeley.

Grigore Rosu Founder, President and CEO Professor of Computer Science, University of Illinois

Effective Static Deadlock Detection Mayur Naik (Intel Research) Chang-Seo Park and Koushik Sen (UC Berkeley) David Gay (Intel Research)

Execution Replay and Debugging. Contents Introduction Parallel program: set of co-operating processes Co-operation using –shared variables –message passing.

Eraser: A dynamic Data Race Detector for Multithreaded Programs Stefan Savage, Michael Burrows, Greg Nelson, Patrick Sobalvarro, Thomas Anderson Presenter:

1 Iterative Program Analysis Mooly Sagiv Tel Aviv University Textbook: Principles of Program.

Reachability Testing of Concurrent Programs1 Reachability Testing of Concurrent Programs Richard Carver, GMU Yu Lei, UTA.

Using Escape Analysis in Dynamic Data Race Detection Emma Harrington `15 Williams College

FastTrack: Efficient and Precise Dynamic Race Detection [FlFr09] Cormac Flanagan and Stephen N. Freund GNU OS Lab. 23-Jun-16 Ok-kyoon Ha.

Detecting Data Races in Multi-Threaded Programs

Presenter: Godmar Back

Hybrid BDD and All-SAT Method for Model Checking

Why Events Are A Bad Idea (for high-concurrency servers)

Yuan Yu(MSR) Tom Rodeheffer(MSR) Wei Chen(UC Berkeley) SOSP 2005

Effective Data-Race Detection for the Kernel

Distributed Systems Laboratory

Over-Approximating Boolean Programs with Unbounded Thread Creation

Reachability testing for concurrent programs

50.530: Software Engineering

Tools for the development of parallel applications

Dynamic Race Prediction in Linear Time

Eraser: A dynamic data race detector for multithreaded programs

Presentation transcript:

Scaling Model Checking of Dataraces Using Dynamic Information Ohad Shacham Tel Aviv University IBM Haifa Lab Mooly Sagiv Tel Aviv University Assaf Schuster Technion

Datarace Happens when two threads access a memory location concurrently At least one access is a write Unpredictable results Can indicate bugs Hard to detect Hard to reproduce

Datarace example TicketPurchase(NumOfTickets) { if (NumOfTickets · FreeTickets) FreeTickets -= NumOfTickets else Print “ Full ” ; }

Datarace example Thread IThread II TicketPurchase(2) if (NumOfTickets · FreeTickets) TicketPurchase(4) if (NumOfTickets · FreeTickets) FreeTickets -= NumOfTickets {FreeTickets = -2} {FreeTickets = 4} TicketPurchase(NumOfTickets) { if (NumOfTickets · FreeTickets) FreeTickets -= NumOfTickets else Print “ Full ” ; }

Datarace example TicketPurchase(NumOfTickets) { Lock(lock FreeTickets ) if (NumOfTickets · FreeTickets) FreeTickets -= NumOfTickets else Print “ Full ” ; Unlock(lock FreeTickets ) }

Datarace detection Static datarace detection tools Racex [Engler and Ashcraft] TVLA [Sagiv et. al.] Dynamic datarace detection tools: Lamport ’ s happens-before partial order (Djit) Lock based techniques (Lockset)

Difficulties in model checking dataraces Infinite state space Huge number of interleavings Huge transition systems Size problem

Observation Programs maintaining a locking discipline are dataraces free

Hybrid solution Dynamically check a locking discipline Produce witnesses for dataraces using a model checker Explore suffixes of the trace

Basic idea

Algorithm flow Lockset Multithreaded program List of Warnings Find a 1 11 22 Model Checker

Lockset Savage et. al. SOSP 1997 Lockset invariant multiple accesses to a specific memory location are guarded by a unique lock

Lockset example Lock(lock x ) X = 7 Unlock(lock x ) Lock(lock y ) Z = Y Lock(lock y ) Y = 2 Unlock(lock y ) Lock(lock y ) Y = X  {lock x }  {lock y }  Thread IThread IIC(X) {lock x, lock y } {lock x }   {lock y } Unlock(lock y ) Locks I Locks II

Lockset Advantage Predict dataraces which may occur in a different thread interleaving Disadvantages Spurious dataraces Hard to use Lack of trace

Lockset strength Lock(lock x ); X = 7; Unlock(lock x ); Lock(lock y ); Z = Y; Lock(lock y ); Y = 2; Unlock(lock y ); Lock(lock y ); Y = X;  {lock x }  {lock y }  Thread IThread IIC(X) {lock x, lock y } {lock x }   {lock y } Unlock(lock y ); Locks I Locks II

Our hybrid solution Combine Lockset & Model Checking Provide witnesses for dataraces Rare dataraces Dataraces in large programs Model Checking Provide witnesses for rare DR Lockset scale for large programs+

A witness for a datarace a1a1 a2a2 11 22 m a 1 = m a 2 a 1 =Write Ç a 2 =Write

Required data from Lockset X=7 Y=2 Z=Y Y=X Thread IThread II

Lockset provides for each warning only a single access event a 2 Find a prior access event a 1 which can take part in a race with a 2 a1a1 a2a2 Using Lockset data

X = 7 Z = Y Y = 2 Y = X A Warning on X X=7 Z=Y Y=2 Y=X {lock x } {lock y }

Prefix a1a1 a2a2

MODEL without t 1 Building a model a1a1

Using a model checker a1a1 11 a2a2 Is a 2 reachable by t 2 ?

Using a model checker a2a2 a1a1 a1a1

Reduce the model checker cost Reduction in the model size Elimination of thread t 1 Providing a single new initial configuration Heuristically reducing the number of steps that the model checker should carry out

Example Lock(lock x ); X = 7; Unlock(lock x ); Lock(lock y ); Z = Y; Lock(lock y ); Y = 2; Unlock(lock y ); Lock(lock y ); Y = X;  {lock x }  {lock y } Thread IThread IIC(X) {lock x, lock y } {lock x }   {lock y } Unlock(lock y ); Lock(lock y ); Y = 2; Unlock(lock y ); Lock(lock y ); Y = X; 11 22 X = 7; Locks I Locks II

Prototype implementation A prototype tool based on IBM tools Lockset – The IBM Watson tool Wolf – IBM Haifa ’ s software model checker

Prototype implementation Lockset Multi-threaded program List of Warnings Find a 1 Extend  1 Wolf 11 22

Benchmark programs LinesDescriptionProgram 706 traveling salesman from ETH Tsp 708 Enhanced traveling salesman Our_tsp 3751 Multithreaded raytracer from specjvm98 mtrt Web Crawler Kernel from ETH Hedc 362 Parallel sort SortArray 129 Finds prime numbers in a given interval PrimeFinder 150 Elevator simulator Elevsim 166 Shared DB simulator DQueries

Experimental results 4 threads3 threads2 threadsProgram Memory (MB) Time (sec) Memory (MB) Time (sec) Memory (MB) Time (sec) Mem Out our_tsp Mem Out SortArray PrimeFinder ElevSim DQueries Hedc Mem OutOut Mem tsp

Conclusion Hybrid technique which combines dynamic datarace detector and a model checker Provide witnesses for dataraces which occur only in rare interleavings Helps the user in analyzing the datarace No spurious dataraces