C. Flanagan1Atomicity for Reliable Concurrent Software - PLDI'05 Tutorial Atomicity for Reliable Concurrent Software Joint work with Stephen Freund Shaz.

Slides:

Advertisements

Similar presentations

Dataflow Analysis for Datarace-Free Programs (ESOP 11) Arnab De Joint work with Deepak DSouza and Rupesh Nasre Indian Institute of Science, Bangalore.

Advertisements

Types for Atomicity Authors: Cormac Flanagan, UC Santa Cruz Stephen Freund, Marina Lifshin, Williams College Shaz Qadeer, Microsoft Research Presentation.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Reduction, abstraction, and atomicity: How much can we prove about concurrent programs using them? Serdar Tasiran Koç University Istanbul, Turkey Tayfun.

Goldilocks: Efficiently Computing the Happens-Before Relation Using Locksets Tayfun Elmas 1, Shaz Qadeer 2, Serdar Tasiran 1 1 Koç University, İstanbul,

Verification of Multithreaded Object- Oriented Programs with Invariants Bart Jacobs, K. Rustan M. Leino, Wolfram Schulte.

A Randomized Dynamic Program Analysis for Detecting Real Deadlocks Koushik Sen CS 265.

Concurrency 101 Shared state. Part 1: General Concepts 2.

1 Concurrency Specification. 2 Outline 4 Issues in concurrent systems 4 Programming language support for concurrency 4 Concurrency analysis - A specification.

1 Beyond Reduction Busy Acquire atomic void busy_acquire() { while (true) { if (CAS(m,0,1)) break; } } if (m == 0) { m = 1; return true; } else.

Part IV: Exploiting Purity for Atomicity. Busy Acquire atomic void busy_acquire() { while (true) { if (CAS(m,0,1)) break; } } CAS(m,0,1) (fails) (succeeds)

Atomizer: A Dynamic Atomicity Checker For Multithreaded Programs Stephen Freund Williams College Cormac Flanagan University of California, Santa Cruz.

Types for Atomicity in Multithreaded Software Shaz Qadeer Microsoft Research (Joint work with Cormac Flanagan)

CS294-32: Dynamic Data Race Detection Koushik Sen UC Berkeley.

Atomicity in Multi-Threaded Programs Prachi Tiwari University of California, Santa Cruz CMPS 203 Programming Languages, Fall 2004.

C. Flanagan1Types for Atomicity Cormac Flanagan UC Santa Cruz Stephen N. Freund Williams College Shaz Qadeer Microsoft Research Analysis of Concurrent.

/ PSWLAB Atomizer: A Dynamic Atomicity Checker For Multithreaded Programs By Cormac Flanagan, Stephen N. Freund 24 th April, 2008 Hong,Shin.

CS 263 Course Project1 Survey: Type Systems for Race Detection and Atomicity Feng Zhou, 12/3/2003.

Atomicity Violation Detection Prof. Moonzoo Kim CS492B Analysis of Concurrent Programs.

Summarizing Procedures in Concurrent Programs Shaz Qadeer Sriram K. Rajamani Jakob Rehof Microsoft Research.

ADVERSARIAL MEMORY FOR DETECTING DESTRUCTIVE RACES Cormac Flanagan & Stephen Freund UC Santa Cruz Williams College PLDI 2010 Slides by Michelle Goodstein.

Atomicity: A powerful concept for analyzing concurrent software Shaz Qadeer Microsoft Research.

C. FlanaganTypes for Race Freedom1 Cormac Flanagan UC Santa Cruz Stephen N. Freund Williams College Shaz Qadeer Microsoft Research Analysis of Concurrent.

CS533 Concepts of Operating Systems Class 3 Data Races and the Case Against Threads.

C. FlanaganAtomicity for Reliable Concurrent Software - PLDI'05 Tutorial1 Atomicity for Reliable Concurrent Software Part 3a: Types for Race-Freedom and.

C. FlanaganSAS’04: Type Inference Against Races1 Type Inference Against Races Cormac Flanagan UC Santa Cruz Stephen N. Freund Williams College.

Modular Verification of Multithreaded Software Shaz Qadeer Compaq Systems Research Center Shaz Qadeer Compaq Systems Research Center Joint work with Cormac.

C. FlanaganDynamic Analysis for Atomicity1. C. Flanagan2Dynamic Analysis for Atomicity Atomicity The method inc() is atomic if concurrent threads do not.

Runtime Atomicity Analysis of Multi-threaded Programs Focus is on the paper: “Atomizer: A Dynamic Atomicity Checker for Multithreaded Programs” by C. Flanagan.

Types for Atomicity in Multithreaded Software Cormac Flanagan Systems Research Center HP Labs.

Synchronization in Java Fawzi Emad Chau-Wen Tseng Department of Computer Science University of Maryland, College Park.

1 A Modular Checker for Multithreaded Programs Cormac Flanagan HP Systems Research Center Joint work with Shaz Qadeer Sanjit A. Seshia.

Thread-Modular Verification Shaz Qadeer Joint work with Cormac Flanagan Stephen Freund Shaz Qadeer Joint work with Cormac Flanagan Stephen Freund.

Verifying Commit-Atomicity Using Model Checking Cormac Flanagan University of California, Santa Cruz.

Cormac Flanagan UC Santa Cruz Velodrome: A Sound and Complete Dynamic Atomicity Checker for Multithreaded Programs Jaeheon Yi UC Santa Cruz Stephen Freund.

Formal Verification of SpecC Programs using Predicate Abstraction Himanshu Jain Daniel Kroening Edmund Clarke Carnegie Mellon University.

/ PSWLAB Eraser: A Dynamic Data Race Detector for Multithreaded Programs By Stefan Savage et al 5 th Mar 2008 presented by Hong,Shin Eraser:

Memory Consistency Models Some material borrowed from Sarita Adve’s (UIUC) tutorial on memory consistency models.

C. FlanaganType Systems for Multithreaded Software1 Cormac Flanagan UC Santa Cruz Stephen N. Freund Williams College Shaz Qadeer Microsoft Research.

Accelerating Precise Race Detection Using Commercially-Available Hardware Transactional Memory Support Serdar Tasiran Koc University, Istanbul, Turkey.

/ PSWLAB Type-Based Race Detection for J AVA by Cormac Flanagan, Stephen N. Freund 22 nd Feb 2008 presented by Hong,Shin Type-Based.

ABSTRACT The real world is concurrent. Several things may happen at the same time. Computer systems must increasingly contend with concurrent applications.

Reduction: A powerful technique for analyzing concurrent software Shaz Qadeer Microsoft Research Collaborators: Cormac Flanagan, UC Santa Cruz Stephen.

Aritra Sengupta, Swarnendu Biswas, Minjia Zhang, Michael D. Bond and Milind Kulkarni ASPLOS 2015, ISTANBUL, TURKEY Hybrid Static-Dynamic Analysis for Statically.

Practical Reduction for Store Buffers Ernie Cohen, Microsoft Norbert Schirmer, DFKI.

Shared Memory Consistency Models. SMP systems support shared memory abstraction: all processors see the whole memory and can perform memory operations.

Memory Consistency Models. Outline Review of multi-threaded program execution on uniprocessor Need for memory consistency models Sequential consistency.

Motivation  Parallel programming is difficult  Culprit: Non-determinism Interleaving of parallel threads But required to harness parallelism  Sequential.

ICFEM 2002, Shanghai Reasoning about Hardware and Software Memory Models Abhik Roychoudhury School of Computing National University of Singapore.

Detecting Atomicity Violations via Access Interleaving Invariants

Effective Static Deadlock Detection Mayur Naik* Chang-Seo Park +, Koushik Sen +, David Gay* *Intel Research, Berkeley + UC Berkeley.

PROGRAMMING PRE- AND POSTCONDITIONS, INVARIANTS AND METHOD CONTRACTS B MODULE 2: SOFTWARE SYSTEMS 13 NOVEMBER 2013.

Effective Static Deadlock Detection Mayur Naik (Intel Research) Chang-Seo Park and Koushik Sen (UC Berkeley) David Gay (Intel Research)

/ PSWLAB Thread Modular Model Checking by Cormac Flanagan and Shaz Qadeer (published in Spin’03) Hong,Shin Thread Modular Model.

Aritra Sengupta, Man Cao, Michael D. Bond and Milind Kulkarni PPPJ 2015, Melbourne, Florida, USA Toward Efficient Strong Memory Model Support for the Java.

Specifying Multithreaded Java semantics for Program Verification Abhik Roychoudhury National University of Singapore (Joint work with Tulika Mitra)

Week 9, Class 3: Java’s Happens-Before Memory Model (Slides used and skipped in class) SE-2811 Slide design: Dr. Mark L. Hornick Content: Dr. Hornick Errors:

A Calculus of Atomic Actions Tayfun Elmas, Shaz Qadeer and Serdar Tasiran POPL ‘ – Seminar in Distributed Algorithms Cynthia Disenfeld 27/05/2013.

Eraser: A dynamic Data Race Detector for Multithreaded Programs Stefan Savage, Michael Burrows, Greg Nelson, Patrick Sobalvarro, Thomas Anderson Presenter:

Correctness of parallel programs Shaz Qadeer Research in Software Engineering CSEP 506 Spring 2011.

A Calculus of Atomic Actions Serdar Tasiran Koc University, Istanbul, Turkey Tayfun ElmasShaz Qadeer Koc University Microsoft Research.

Healing Data Races On-The-Fly

Memory Consistency Models

Memory Consistency Models

Specifying Multithreaded Java semantics for Program Verification

Concurrency Specification

Threads and Memory Models Hal Perkins Autumn 2011

Atomicity in Multithreaded Software

Threads and Memory Models Hal Perkins Autumn 2009

CSE 153 Design of Operating Systems Winter 19

Presentation transcript:

C. Flanagan1Atomicity for Reliable Concurrent Software - PLDI'05 Tutorial Atomicity for Reliable Concurrent Software Joint work with Stephen Freund Shaz Qadeer Microsoft Research Cormac Flanagan UC Santa Cruz

C. Flanagan2Atomicity for Reliable Concurrent Software - PLDI'05 Tutorial Towards Reliable Multithreaded Software Multithreaded software –increasingly common (Java, C#, GUIs, servers) –decrease latency –exploit underlying hardware multi-core chips Heisenbugs due to thread interference –race conditions –atomicity violations Need tools to verify atomicity –dynamic analysis –type systems

C. Flanagan3Atomicity for Reliable Concurrent Software - PLDI'05 Tutorial Motivations for Atomicity 1.Beyond Race Conditions

C. Flanagan4Atomicity for Reliable Concurrent Software - PLDI'05 Tutorial Race Conditions class Ref { int i; void inc() { int t; t = i; i = t+1; }

C. Flanagan5Atomicity for Reliable Concurrent Software - PLDI'05 Tutorial Race Conditions class Ref { int i; void inc() { int t; t = i; i = t+1; } Ref x = new Ref(0); x.inc(); assert x.i == 2;

C. Flanagan6Atomicity for Reliable Concurrent Software - PLDI'05 Tutorial Race Conditions class Ref { int i; void inc() { int t; t = i; i = t+1; } Ref x = new Ref(0); parallel { x.inc(); // two calls happen x.inc(); // in parallel } assert x.i == 2; A race condition occurs if two threads access a shared variable at the same time at least one of those accesses is a write

C. Flanagan7Atomicity for Reliable Concurrent Software - PLDI'05 Tutorial Lock-Based Synchronization class Ref { int i; // guarded by this void inc() { int t; synchronized (x) { t = i; i = t+1; } Ref x = new Ref(0); parallel { x.inc(); // two calls happen x.inc(); // in parallel } assert x.i == 2; Field guarded by a lock Lock acquired before accessing field Ensures race freedom

C. Flanagan8Atomicity for Reliable Concurrent Software - PLDI'05 Tutorial Limitations of Race-Freedom class Ref { int i; // guarded by this void inc() { int t; synchronized (x) { t = i; i = t+1; } Ref x = new Ref(0); parallel { x.inc(); // two calls happen x.inc(); // in parallel } assert x.i == 2; Ref.inc() race-free behaves correctly in a multithreaded context

C. Flanagan9Atomicity for Reliable Concurrent Software - PLDI'05 Tutorial Limitations of Race-Freedom class Ref { int i; void inc() { int t; synchronized (this) { t = i; } synchronized (this) { i = t+1; }... } Ref.inc() race-free behaves incorrectly in a multithreaded context Race freedom does not prevent errors due to unexpected interactions between threads

C. Flanagan10Atomicity for Reliable Concurrent Software - PLDI'05 Tutorial Limitations of Race-Freedom class Ref { int i; void inc() { int t; synchronized (this) { t = i; i = t+1; } void read() { return i; }... } Ref.read() has a race condition behaves correctly in a multithreaded context Race freedom is not necessary to prevent errors due to unexpected interactions between threads

C. Flanagan11Atomicity for Reliable Concurrent Software - PLDI'05 Tutorial Race-Freedom Race-freedom is neither necessary nor sufficient to ensure the absence of errors due to unexpected interactions between threads Is there a more fundamental semantic correctness property?

C. Flanagan12Atomicity for Reliable Concurrent Software - PLDI'05 Tutorial Motivations for Atomicity 2. Enables Sequential Reasoning

C. Flanagan13Atomicity for Reliable Concurrent Software - PLDI'05 Tutorial Sequential Program Execution void inc() {.... } precond. postcond. inc()

C. Flanagan14Atomicity for Reliable Concurrent Software - PLDI'05 Tutorial Multithreaded Execution void inc() {.... }

C. Flanagan15Atomicity for Reliable Concurrent Software - PLDI'05 Tutorial Multithreaded Execution void inc() {.... }

C. Flanagan16Atomicity for Reliable Concurrent Software - PLDI'05 Tutorial Multithreaded Execution Atomicity guarantees concurrent threads do not interfere with atomic method enables sequential reasoning matches existing methodology

C. Flanagan17Atomicity for Reliable Concurrent Software - PLDI'05 Tutorial Motivations for Atomicity 3. Simple Specification

C. Flanagan18Atomicity for Reliable Concurrent Software - PLDI'05 Tutorial Model Checking of Software Models // filesystem.c void create(..) {... } void unlink(..) {... } // filesystem.c void create(..) {... } void unlink(..) {... } Specification for filesystem.c Specification for filesystem.c  Model Checker filesystem model filesystem model Model Construction

C. Flanagan19Atomicity for Reliable Concurrent Software - PLDI'05 Tutorial Model Checking of Software // filesystem.c void create(..) {... } void unlink(..) {... } // filesystem.c void create(..) {... } void unlink(..) {... } Specification for filesystem.c Specification for filesystem.c  Model Checker

C. Flanagan20Atomicity for Reliable Concurrent Software - PLDI'05 Tutorial Experience with Calvin Software Checker // filesystem.c void create(..) {... } void unlink(..) {... } // filesystem.c void create(..) {... } void unlink(..) {... } Specification for filesystem.c Specification for filesystem.c expressed in terms of concrete state  Calvin theorem proving x

C. Flanagan21Atomicity for Reliable Concurrent Software - PLDI'05 Tutorial Experience with Calvin Software Checker // filesystem.c void create(..) {... } void unlink(..) {... } // filesystem.c void create(..) {... } void unlink(..) {... } Specification for filesystem.c Specification for filesystem.c concrete state  Calvin theorem proving abstract state Abstraction Invariant ? x

C. Flanagan22Atomicity for Reliable Concurrent Software - PLDI'05 Tutorial The Need for Atomicity // filesystem.c void create(..) {... } void unlink(..) {... } // filesystem.c void create(..) {... } void unlink(..) {... } // filesystem.c void create(..) {... } void unlink(..) {... } // filesystem.c void create(..) {... } void unlink(..) {... } Sequential case: code inspection & testing mostly ok

C. Flanagan23Atomicity for Reliable Concurrent Software - PLDI'05 Tutorial The Need for Atomicity // filesystem.c atomic void create(..) {... } atomic void unlink(..) {... } // filesystem.c atomic void create(..) {... } atomic void unlink(..) {... } // filesystem.c void create(..) {... } void unlink(..) {... } // filesystem.c void create(..) {... } void unlink(..) {... } Sequential case: code inspection & testing ok  Atomicity Checker

C. Flanagan24Atomicity for Reliable Concurrent Software - PLDI'05 Tutorial Motivations for Atomicity 1.Beyond Race Conditions 2.Enables Sequential Reasoning 3.Simple Specification

C. Flanagan25Atomicity for Reliable Concurrent Software - PLDI'05 Tutorial Atomicity The method inc() is atomic if concurrent threads do not interfere with its behavior Guarantees that for every execution there is a serial execution with same behavior         acq(this)t=i i=t+1rel(this)xyz         acq(this) t=i i=t+1rel(this)xyz         acq(this) t=i i=t+1rel(this)xyz

C. Flanagan26Atomicity for Reliable Concurrent Software - PLDI'05 Tutorial Atomicity Canonical property –(cmp. linearizability, serializability,...) Enables sequential reasoning –simplifies validation of multithreaded code Matches practice in existing code –most methods (80%+) are atomic –many interfaces described as “thread-safe” Can verify atomicity statically or dynamically –atomicity violations often indicate errors –leverages Lipton’s theory of reduction

C. Flanagan27Atomicity for Reliable Concurrent Software - PLDI'05 Tutorial Reduction [Lipton 75] acq(this)  Xt=i Y i=t+1Z rel(this)      acq(this)  X t=i Y i=t+1Z rel(this)         acq(this) X t=i Y i=t+1Z rel(this)        acq(this) X t=i Y i=t+1Z rel(this)      

C. Flanagan28Atomicity for Reliable Concurrent Software - PLDI'05 Tutorial Checking Atomicity atomic void inc() { int t; synchronized (this) { t = i; i = t + 1; } R: right-mover lock acquire L: left-mover lock release B: both-mover race-free variable access A: atomic conflicting variable access  Reducible blocks have form: (R|B)* [A] (L|B)* acq(this) t=i i=t+1 rel(this) R B B L A

C. Flanagan29Atomicity for Reliable Concurrent Software - PLDI'05 Tutorial Checking Atomicity (cont.) atomic void inc() { int t; synchronized (this) { t = i; } synchronized (this) { i = t + 1; } R: right-mover lock acquire L: left-mover lock release B: both-mover race-free variable access A: atomic conflicting variable access R B L R B L acq(this) t=i i=t+1 rel(this) acq(this) rel(this) Compound A A

C. Flanagan30Atomicity for Reliable Concurrent Software - PLDI'05 Tutorial java.lang.StringBuffer /**... used by the compiler to implement the binary string concatenation operator... String buffers are safe for use by multiple threads. The methods are synchronized so that all the operations on any particular instance behave as if they occur in some serial order that is consistent with the order of the method calls made by each of the individual threads involved. */ /*# atomic */ public class StringBuffer {... } FALSE

C. Flanagan31Atomicity for Reliable Concurrent Software - PLDI'05 Tutorial public class StringBuffer { private int count; public synchronized int length() { return count; } public synchronized void getChars(...) {... } atomic public synchronized void append(StringBuffer sb){ int len = sb.length();... sb.getChars(...,len,...);... } java.lang.StringBuffer sb.length() acquires lock on sb, gets length, and releases lock use of stale len may yield StringIndexOutOfBoundsException inside getChars(...) other threads can change sb

C. Flanagan32Atomicity for Reliable Concurrent Software - PLDI'05 Tutorial public class StringBuffer { private int count; public synchronized int length() { return count; } public synchronized void getChars(...) {... } atomic public synchronized void append(StringBuffer sb){ int len = sb.length();... sb.getChars(...,len,...);... } java.lang.StringBuffer AAAA Compound

C. Flanagan33Atomicity for Reliable Concurrent Software - PLDI'05 Tutorial Tutorial Outline Part 1 –Introduction –Runtime analysis for atomicity Part 2 –Model checking for atomicity Part 3 –Type systems for concurrency and atomicity Part 4 –Beyond reduction – atomicity via “purity”

C. Flanagan34Atomicity for Reliable Concurrent Software - PLDI'05 Tutorial

C. Flanagan35Atomicity for Reliable Concurrent Software - PLDI'05 Tutorial Part I continued: Runtime Analysis for Atomicity

C. Flanagan36Atomicity for Reliable Concurrent Software - PLDI'05 Tutorial Atomizer: Instrumentation Architecture Atomizer Instrumented Source Code javac +JVM Warning: method “append” may not be atomic at line 43 Runtime Lockset Reduction /*# atomic */ void append(...) {... } T1: begin_atomic T2: acquire(lock3) T2: read(x,5) T1: write(y,3) T1: end_atomic T2: release(lock3) event stream

C. Flanagan37Atomicity for Reliable Concurrent Software - PLDI'05 Tutorial Atomizer: Dynamic Analysis Lockset algorithm –from Eraser [Savage et al. 97] –identifies race conditions Reduction [Lipton 75] –proof technique for verifying atomicity, using information about race conditions

C. Flanagan38Atomicity for Reliable Concurrent Software - PLDI'05 Tutorial Analysis 1: Lockset Algorithm Tracks lockset for each field –lockset = set of locks held on all accesses to field Dynamically infers protecting lock for each field Empty lockset indicates possible race condition

C. Flanagan39Atomicity for Reliable Concurrent Software - PLDI'05 Tutorial First access to o.f: LockSet( o.f ) = Held(curThread) = { x, y } Thread 1 synchronized(x) { synchronized(y) { o.f = 2; } o.f = 11; } Thread 2 synchronized(y) { o.f = 2; } Lockset Example

C. Flanagan40Atomicity for Reliable Concurrent Software - PLDI'05 Tutorial Subsequent access to o.f: LockSet( o.f ) := LockSet( o.f )  Held(curThread) = { x, y }  { x } = { x } Lockset Example Thread 1 synchronized(x) { synchronized(y) { o.f = 2; } o.f = 11; } Thread 2 synchronized(y) { o.f = 2; }

C. Flanagan41Atomicity for Reliable Concurrent Software - PLDI'05 Tutorial Subsequent access to o.f: LockSet( o.f ) := LockSet( o.f )  Held(curThread) = { x }  { y } = { } => race condition Lockset Example Thread 1 synchronized(x) { synchronized(y) { o.f = 2; } o.f = 11; } Thread 2 synchronized(y) { o.f = 2; }

C. Flanagan42Atomicity for Reliable Concurrent Software - PLDI'05 Tutorial Lockset Shared-exclusive Track lockset any thread r/w Shared-read/write Track lockset race condition!

C. Flanagan43Atomicity for Reliable Concurrent Software - PLDI'05 Tutorial Lockset with Thread Local Data Thread Local Shared-exclusive Track lockset first thread r/w any thread r/w Shared-read/write Track lockset race condition! second thread r/w

C. Flanagan44Atomicity for Reliable Concurrent Software - PLDI'05 Tutorial Lockset with Read Shared Data Thread Local Read Shared Shared-exclusive Track lockset first thread r/w any thread read any thread write any thread r/w Shared-read/write Track lockset race condition! second thread read second thread write

C. Flanagan45Atomicity for Reliable Concurrent Software - PLDI'05 Tutorial Atomizer: Dynamic Analysis Lockset algorithm –from Eraser [Savage et al. 97] –identifies race conditions Reduction [Lipton 75] –proof technique for verifying atomicity, using information about race conditions

C. Flanagan46Atomicity for Reliable Concurrent Software - PLDI'05 Tutorial Reduction [Lipton 75] acq(this)  Xt=i Y i=t+1Z rel(this)      acq(this)  X t=i Y i=t+1Z rel(this)         acq(this) X t=i Y i=t+1Z rel(this)        acq(this) X t=i Y i=t+1Z rel(this)      

C. Flanagan47Atomicity for Reliable Concurrent Software - PLDI'05 Tutorial  Reducible methods: (R|B)* [N] (L|B)* Performing Reduction Dynamically R: right-mover –lock acquire L: left-mover –lock release B: both-mover –race-free field access N: non-mover –access to "racy" fields InRightInLeft R|B L|N start atomic block Error L|B R|N acq(lock) j=bal bal=j+n rel(lock) R B B L

C. Flanagan48Atomicity for Reliable Concurrent Software - PLDI'05 Tutorial Atomizer Review Instrumented code calls Atomizer runtime –on field accesses, sync ops, etc Lockset algorithm identifies races –used to classify ops as movers or non-movers Atomizer checks reducibility of atomic blocks –warns about atomicity violations

C. Flanagan49Atomicity for Reliable Concurrent Software - PLDI'05 Tutorial Evaluation 12 benchmarks –scientific computing, web server, std libraries,... –200,000+ lines of code Heuristics for atomicity –all synchronized blocks are atomic –all public methods are atomic, except main and run Slowdown:1.5x - 40x

C. Flanagan50Atomicity for Reliable Concurrent Software - PLDI'05 Tutorial BenchmarkLines Base Time (s)Slowdown elevator hedc29, tsp sor17, moldyn1, montecarlo3, raytracer1, mtrt11, jigsaw90, specJBB30, webl22, lib-java75, Performance

C. Flanagan51Atomicity for Reliable Concurrent Software - PLDI'05 Tutorial Extensions Redundant lock operations are both-movers –re-entrant acquire/release –operations on thread-local locks –operations on lock A, if lock B always acquired before A Write-protected data

C. Flanagan52Atomicity for Reliable Concurrent Software - PLDI'05 Tutorial Write-Protected Data class Account { int bal; /*# atomic */ int read() { return bal; } /*# atomic */ void deposit(int n) { synchronized (this) { int j = bal; bal = j + n; } RBNLRBNL

C. Flanagan53Atomicity for Reliable Concurrent Software - PLDI'05 Tutorial Extensions Reduce Number of Warnings Total 341 Total 97

C. Flanagan54Atomicity for Reliable Concurrent Software - PLDI'05 Tutorial Evaluation Warnings: 97 (down from 341) Real errors (conservative): 7 False alarms due to: –simplistic heuristics for atomicity programmer should specify atomicity –false races –methods irreducible yet still "atomic" eg caching, lazy initialization No warnings reported in more than 90% of exercised methods

C. Flanagan55Atomicity for Reliable Concurrent Software - PLDI'05 Tutorial public class StringBuffer { private int count; public synchronized int length() { return count; } public synchronized void getChars(...) {... } /*# atomic */ public synchronized void append(StringBuffer sb){ int len = sb.length();... sb.getChars(...,len,...);... } java.lang.StringBuffer StringBuffer.append is not atomic: Start: at StringBuffer.append(StringBuffer.java:701) at Thread1.run(Example.java:17) Commit: Lock Release at StringBuffer.length(StringBuffer.java:221) at StringBuffer.append(StringBuffer.java:702) at Thread1.run(Example.java:17) Error: Lock Acquire at StringBuffer.getChars(StringBuffer.java:245) at StringBuffer.append(StringBuffer.java:710) at Thread1.run(Example.java:17)