Data races, informally [More formal definition to follow] “race condition” means two different things Data race: Two threads read/write, write/read, or.

Slides:



Advertisements
Similar presentations
Dataflow Analysis for Datarace-Free Programs (ESOP 11) Arnab De Joint work with Deepak DSouza and Rupesh Nasre Indian Institute of Science, Bangalore.
Advertisements

Memory Consistency Models Kevin Boos. Two Papers Shared Memory Consistency Models: A Tutorial – Sarita V. Adve & Kourosh Gharachorloo – September 1995.
Memory Models (1) Xinyu Feng University of Science and Technology of China.
Java PathRelaxer: Extending JPF for JMM-Aware Model Checking Huafeng Jin, Tuba Yavuz-Kahveci, and Beverly Sanders Computer and Information Science and.
Reduction, abstraction, and atomicity: How much can we prove about concurrent programs using them? Serdar Tasiran Koç University Istanbul, Turkey Tayfun.
D u k e S y s t e m s Time, clocks, and consistency and the JMM Jeff Chase Duke University.
Concurrency 101 Shared state. Part 1: General Concepts 2.
/ PSWLAB Atomizer: A Dynamic Atomicity Checker For Multithreaded Programs By Cormac Flanagan, Stephen N. Freund 24 th April, 2008 Hong,Shin.
CSE332: Data Abstractions Lecture 23: Programming with Locks and Critical Sections Dan Grossman Spring 2010.
A Sophomoric Introduction to Shared-Memory Parallelism and Concurrency Lecture 5 Programming with Locks and Critical Sections Dan Grossman Last Updated:
CSE332: Data Abstractions Lecture 23: Programming with Locks and Critical Sections Tyler Robison Summer
Threading Part 2 CS221 – 4/22/09. Where We Left Off Simple Threads Program: – Start a worker thread from the Main thread – Worker thread prints messages.
“THREADS CANNOT BE IMPLEMENTED AS A LIBRARY” HANS-J. BOEHM, HP LABS Presented by Seema Saijpaul CS-510.
C. FlanaganSAS’04: Type Inference Against Races1 Type Inference Against Races Cormac Flanagan UC Santa Cruz Stephen N. Freund Williams College.
Formalisms and Verification for Transactional Memories Vasu Singh EPFL Switzerland.
Runtime Atomicity Analysis of Multi-threaded Programs Focus is on the paper: “Atomizer: A Dynamic Atomicity Checker for Multithreaded Programs” by C. Flanagan.
Computer Architecture II 1 Computer architecture II Lecture 9.
1 Lecture 15: Consistency Models Topics: sequential consistency, requirements to implement sequential consistency, relaxed consistency models.
1 Sharing Objects – Ch. 3 Visibility What is the source of the issue? Volatile Dekker’s algorithm Publication and Escape Thread Confinement Immutability.
29-Jun-15 Java Concurrency. Definitions Parallel processes—two or more Threads are running simultaneously, on different cores (processors), in the same.
CS510 Concurrent Systems Class 5 Threads Cannot Be Implemented As a Library.
A Programming-Languages View of Data Races Dan Grossman University of Washington Prepared for the 2012 Microsoft Research Summer School on Concurrency.
Memory Consistency Models Some material borrowed from Sarita Adve’s (UIUC) tutorial on memory consistency models.
A Behavioral Memory Model for the UPC Language Kathy Yelick Joint work with: Dan Bonachea, Jason Duell, Chuck Wallace.
Evaluation of Memory Consistency Models in Titanium.
A Sophomoric Introduction to Shared-Memory Parallelism and Concurrency Lecture 5 Programming with Locks and Critical Sections Original Work by: Dan Grossman.
CDP 2012 Based on “C++ Concurrency In Action” by Anthony Williams and The C++11 Memory Model and GCC WikiThe C++11 Memory Model and GCC Created by Eran.
Shared Memory Consistency Models. Quiz (1)  Let’s define shared memory.
CDP 2013 Based on “C++ Concurrency In Action” by Anthony Williams, The C++11 Memory Model and GCCThe C++11 Memory Model and GCC Wiki and Herb Sutter’s.
Foundations of the C++ Concurrency Memory Model Hans-J. Boehm Sarita V. Adve HP Laboratories UIUC.
Optimistic Design 1. Guarded Methods Do something based on the fact that one or more objects have particular states  Make a set of purchases assuming.
Precise Dynamic Data-Race Detection At The Right Abstraction Level Dan Grossman University of Washington Facebook Faculty Summit August 6, 2013.
Sharing Objects  Synchronization  Atomicity  Specifying critical sections  Memory visibility  One thread’s modification seen by the other  Visibility.
Shared Memory Consistency Models. SMP systems support shared memory abstraction: all processors see the whole memory and can perform memory operations.
Memory Consistency Models. Outline Review of multi-threaded program execution on uniprocessor Need for memory consistency models Sequential consistency.
Threads Cannot be Implemented as a Library Hans-J. Boehm.
Multiprocessor Cache Consistency (or, what does volatile mean?) Andrew Whitaker CSE451.
Detecting and Eliminating Potential Violation of Sequential Consistency for concurrent C/C++ program Duan Yuelu, Feng Xiaobing, Pen-chung Yew.
Threads cannot be implemented as a library Hans-J. Boehm (presented by Max W Schwarz)
CHARLES UNIVERSITY IN PRAGUE faculty of mathematics and physics Advanced.NET Programming I 5 th Lecture Pavel Ježek
Memory Consistency Zhonghai Lu Outline Introduction What is a memory consistency model? Who should care? Memory consistency models Strict.
ICFEM 2002, Shanghai Reasoning about Hardware and Software Memory Models Abhik Roychoudhury School of Computing National University of Singapore.
CoreDet: A Compiler and Runtime System for Deterministic Multithreaded Execution Tom Bergan Owen Anderson, Joe Devietti, Luis Ceze, Dan Grossman To appear.
CSE332: Data Abstractions Lecture 25: Deadlocks and Additional Concurrency Issues Tyler Robison Summer
Specifying Multithreaded Java semantics for Program Verification Abhik Roychoudhury National University of Singapore (Joint work with Tulika Mitra)
Week 9, Class 3: Java’s Happens-Before Memory Model (Slides used and skipped in class) SE-2811 Slide design: Dr. Mark L. Hornick Content: Dr. Hornick Errors:
The C++11 Memory Model CDP Based on “C++ Concurrency In Action” by Anthony Williams, The C++11 Memory Model and GCCThe C++11 Memory Model and GCC Wiki.
Week 8, Class 3: Model-View-Controller Final Project Worth 2 labs Cleanup of Ducks Reducing coupling Finishing FactoryMethod Cleanup of Singleton SE-2811.
An Operational Approach to Relaxed Memory Models
Advanced .NET Programming I 11th Lecture
Memory Consistency Models
Threads Cannot Be Implemented As a Library
Lecture 11: Consistency Models
Memory Consistency Models
Threads and Memory Models Hal Perkins Autumn 2011
Shared Memory Consistency Models: A Tutorial
Threads and Memory Models Hal Perkins Autumn 2009
Java Concurrency 17-Jan-19.
Shared Memory Consistency Models: A Tutorial
Memory Consistency Models
Non-preemptive Semantics for Data-race-free Programs
Xinyu Feng University of Science and Technology of China
Java Concurrency.
Java Concurrency.
Relaxed Consistency Finale
Compilers, Languages, and Memory Models
Programming with Shared Memory Specifying parallelism
Java Concurrency 29-May-19.
Problems with Locks Andrew Whitaker CSE451.
CSE 332: Concurrency and Locks
Presentation transcript:

Data races, informally [More formal definition to follow] “race condition” means two different things Data race: Two threads read/write, write/read, or write/write the same location without intervening synchronization –So two conflicting accesses could happen “at the same time” –Better name not used: simultaneous access error Bad interleaving: Application error due to thread scheduling –Different order would not produce error –A data-race free program can have bad interleavings 17Dan Grossman, CS-XXX 2012, Lecture 20

Bad interleaving example 18Dan Grossman, CS-XXX 2012, Lecture 20 class Stack { … // state used by isEmpty, push, pop synchronized boolean isEmpty() { … } synchronized void push(E val) { … } synchronized E pop() { … } E peek() { // this is wrong E ans = pop(); push(ans); return ans; } E ans = pop(); push(ans); return ans; push(x) boolean b = isEmpty() Time Thread 2 Thread 1 ( peek )

Consistent locking If all mutable, thread-shared memory is consistently guarded by some lock, then data races are impossible But: –Bad interleavings can remain: programmer must make critical sections large enough –Consistent locking is sufficient but not necessary A tool detecting consistent-locking violations might report “problems” even if no data races are possible 19Dan Grossman, CS-XXX 2012, Lecture 20

Data races, more formally Let threads T1, …, Tn perform actions: –Read shared location x –Write shared location x –[Successfully] Acquire lock m –Release lock m –Thread-local actions (local variables, control flow, arithmetic) Will ignore these Order in one thread is program order –Legal orders given by language’s single-threaded semantics + reads 20Dan Grossman, CS-XXX 2012, Lecture 20 wr(x) rel(m) rd(z) rd(x) T1 T2 rd(y) wr(y) acq(m) wr(x)

Data races, more formally Execution [trace] is a partial order over actions a1 < a2 –Program order: If Ti performs a1 before a2, then a1 < a2 –Sync order: If a2=(Ti acquires m) occurs after a1=(Tj releases m), then a1 < a2 –Transitivity: If a1 < a2 and a2 < a3, then a1 < a3 Called the happens-before relation 21Dan Grossman, CS-XXX 2012, Lecture 20 wr(x) rel(m) rd(z) rd(x) T1 T2 rd(y) wr(y) acq(m) wr(x)

Data races, more formally Two actions conflict if they read/write, write/read, or write/write the same location –Different locations not a conflict –Read/read not a conflict 22Dan Grossman, CS-XXX 2012, Lecture 20 wr(x) rel(m) rd(z) rd(x) T1 T2 rd(y) wr(y) acq(m) wr(x)

Data races, more formally Finally, a data race is two conflicting actions a1 and a2 unordered by the happens-before relation –a1 < a2 and a2 < a1 –By definition of happens-before, actions will be in different threads –By definition of conflicting, will be read/write, write/read, or write/write A program is data-race free if no trace on any input has a data race 23Dan Grossman, CS-XXX 2012, Lecture 20 wr(x) rel(m) rd(z) rd(x) T1 T2 rd(y) wr(y) acq(m) wr(x) //

Beyond locks Notion of data race extends to synchronization other than locks –Just define happens-before appropriately Examples: –Thread fork –Thread join –Volatile variables 24Dan Grossman, CS-XXX 2012, Lecture 20

Why care about data races? Recall not all race conditions are data races… So why focus on data races? One answer: Find some bugs without application-specific knowledge More interesting: Semantics for modern languages very relaxed for programs with data races –Else optimizing compilers and hardware too difficult in practice –Increases importance of writing data-race-free programs 25Dan Grossman, CS-XXX 2012, Lecture 20

An example Can the assertion fail? 26Dan Grossman, CS-XXX 2012, Lecture 20 // shared memory a = 0; b = 0; // Thread 1 x = a + b; y = a; z = a + b; assert(z>=y); // Thread 2 b = 1; a = 1;

An example Can the assertion fail? 27Dan Grossman, CS-XXX 2012, Lecture 20 // shared memory a = 0; b = 0; // Thread 1 x = a + b; y = a; z = a + b; assert(z>=y); // Thread 2 b = 1; a = 1; –Argue assertion cannot fail: a never decreases and b is never negative, so z>=y –But argument makes implicit assumptions you cannot make in Java, C#, C++, etc. (!)

Common-subexpression elimination Compilers simplify/optimize code in many ways, e.g.: 28Dan Grossman, CS-XXX 2012, Lecture 20 // shared memory a = 0; b = 0; // Thread 1 x = a + b; y = a; z = a + b; x; assert(z>=y); // Thread 2 b = 1; a = 1; Now assertion can fail –As though third read of a precedes second read of a –Many compiler optimizations have the effect of reordering/removing/adding memory operations like this (exceptions: constant-folding, function inlining, …)

A decision… 29Dan Grossman, CS-XXX 2012, Lecture 20 // shared memory a = 0; b = 0; // Thread 1 x = a + b; y = a; z = a + b; x; assert(z>=y); // Thread 2 b = 1; a = 1; Language semantics must resolve this tension: –If assertion can fail, the program is wrong –If assertion cannot fail, the compiler is wrong

Memory-consistency model A memory-consistency model (or memory model) for a shared- memory language specifies which write a read can see –Essential part of language definition –Widely under-appreciated until last several years Natural, strong model is sequential consistency (SC) [Lamport] –Intuitive “interleaving semantics” with a global memory “the results of any execution is the same as if the operations of all the processors were executed in some sequential order, and the operations of each individual processor appear in this sequence in the order specified by its program” 30Dan Grossman, CS-XXX 2012, Lecture 20

Considered too strong Under SC, compiler is wrong in our example –Must disable any optimization that has effect of reordering memory operations [on mutable, thread-shared memory] So modern languages do not guarantee SC –Another reason: Disabling optimization insufficient because the hardware also reorders memory operations unless you use very expensive (10x-100x) instructions But still need some language semantics to reason about programs… 31Dan Grossman, CS-XXX 2012, Lecture 20

The “grand compromise” Basic idea: –Guarantee SC only for “correctly synchronized” programs [Adve] –Rely on programmer to synchronize correctly –Correctly synchronized == data-race free (DRF)! More precisely: If every SC execution of a program P has no data races, then every execution of P is equivalent to an SC execution –Notice we use SC to decide if P has data races Known as “DRF implies SC” 32Dan Grossman, CS-XXX 2012, Lecture 20

Roles under the compromise Programmer: write a DRF program Language implementor: provide SC assuming program is DRF But what if there is a data race: –C++: anything can happen “catch-fire semantics” Just like array-bounds errors, uninitialized data, etc. –Java/C#: very complicated story Preserve safety/security despite reorderings “DRF implies SC” a theorem about the very-complicated definition 33Dan Grossman, CS-XXX 2012, Lecture 20

Back to the example Code has a data race, so program is wrong and compiler is justified 34Dan Grossman, CS-XXX 2012, Lecture 20 // shared memory a = 0; b = 0; // Thread 1 x = a + b; y = a; z = a + b; x; assert(z>=y); // Thread 2 b = 1; a = 1;

Back to the example This version is DRF, so the “optimization” is illegal –Compiler would be wrong: assertion must not fail 35Dan Grossman, CS-XXX 2012, Lecture 20 // shared memory a = 0; b = 0; m a lock // Thread 1 sync(m){x = a + b;} sync(m){y = a;} sync(m){z = a + b;} assert(z>=y); // Thread 2 sync(m){b = 1;} sync(m){a = 1;}

Back to the example This version is DRF, but the optimization is legal because it does not affect observable behavior: the assertion will not fail 36Dan Grossman, CS-XXX 2012, Lecture 20 // shared memory a = 0; b = 0; m a lock // Thread 1 sync(m){ x = a + b; y = a; z = a + b; x; } assert(z>=y); // Thread 2 sync(m){ b = 1; a = 1; }

Back to the example This version is also DRF and the optimization is illegal –Volatile fields (cf. C++ atomics) exist precisely for writing “clever” code like this (e.g., lock-free data structures) 37Dan Grossman, CS-XXX 2012, Lecture 20 // shared memory volatile int a, b; a = 0; b = 0; // Thread 1 x = a + b; y = a; z = a + b; assert(z>=y); // Thread 2 b = 1; a = 1;

So what is allowed? How can language implementors know if an optimization obeys “DRF implies SC”? Must be aware of threads! [Boehm] Basically 2.5 rules suffice, without needing inter-thread analysis: 0. Optimization must be legal for single-threaded programs 1.Do not move shared-memory accesses across lock acquires/releases –Careful: A callee might do synchronization –Can relax this slightly [Effinger-Dean et al 2012] 2.Never add a memory operation not in the program [Boehm] –Seems like it would be strange to do this, but there are some non- strange examples (cf. homework problem) 38Dan Grossman, CS-XXX 2012, Lecture 20

Thread-local or immutable memory All these issues go away for memory the compiler knows is thread-local or immutable –Could be via static analysis, programmer annotations, or using a mostly functional language If the default were thread-local or immutable, maybe we could live with less/no optimization on thread-shared-and-mutable –But harder to write reusable libraries Most memory is thread-local, just too hard for the compiler to be sure 39Dan Grossman, CS-XXX 2012, Lecture 20

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.