Type based race detection for j ava
This presentation is the property of its rightful owner.
Sponsored Links
1 / 22

Type-Based Race Detection for J AVA PowerPoint PPT Presentation


  • 96 Views
  • Uploaded on
  • Presentation posted in: General

Type-Based Race Detection for J AVA. by Cormac Flanagan, Stephen N. Freund 22 nd Feb 2008 presented by Hong,Shin. Introduction. Race condition occurs when two thread manipulate a shared data structure simultaneously without synchronization.

Download Presentation

Type-Based Race Detection for J AVA

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Type based race detection for j ava

Type-Based Race Detection for JAVA

by Cormac Flanagan, Stephen N. Freund

22nd Feb 2008

presented by Hong,Shin

Type-Based Race Detection for JAVA


Introduction

Introduction

  • Race condition occurs when two thread manipulate a shared data structure simultaneously without synchronization.

  • Race condition errors are schedule-dependent that these are difficult to catch using traditional testing technologies.

    • Support lock-based synchronization discipline by tracking the protecting lock for each shared field in the program and verifying that the appropriate lock is held whenever a shared field is accessed.

    • Express the reasoning and checks performed by this analysis as an extension of JAVA’s type system.

Type-Based Race Detection for JAVA


Introduction 2 2

Introduction2/2

  • Start by adopting the target system to a core subset of JAVA.

  • And then extends the type system with a number of additional features:

    • classes parameterized by the locks

    • classes that are local to a particular thread

Type-Based Race Detection for JAVA


C oncurrent j ava 1 2

CONCURRENT JAVA1/2

  • CONCURRENT JAVA is a multithreaded subset of JAVA.

  • Syntax

if final modifier is present, then the field cannot be updated after initialization.

Type-Based Race Detection for JAVA


C oncurrent j ava 2 3

CONCURRENT JAVA2/3

  • Informal Semantics

    • CONCURRENT JAVA supports multithreaded programs by including the operation fork e which spawn a new thread for the evaluation of e.

    • Locks are provided: each object has an associated binary lock. The expression synchronized e1 in e2is evaluated as follow:

      (1) acquire the associated lock of e1 .

      (2) e2 is then evaluated.

      (3) release the associated lock of e1.

Type-Based Race Detection for JAVA


C oncurrent j ava 3 3

CONCURRENT JAVA 3/3

Schedule Scenario 1

<Thread 1><Thread2>

8 call a.deposit(10)

4 this.balance+x=10

4 this.balance:=10

8 call a.deposit(10)

4 this.balance+x=20

4 this.balance :=20

1class Account {

2 int balance = 0

  • int deposit(int x) {

    4 this.balance = this.balance + x

    5 }

    6}

    7let Account a = new Account in {

    8 fork { a.deposit(10) }

    9 fork { a.deposit(10) }

    10}

Schedule Scenario 2

<Thread 1><Thread2>

8 call a.deposit(10)

8 call a.deposit(10)

4 this.balance+x=10

4 this.balance+x=10

4 this.balance :=10

4 this.balance :=10

  • 1class Account {

  • int balance = 0

  • int deposit(int x) {

  • synchronized this in {

  • this.balance = this.balance + x

  • }

  • }

  • }

  • let Account a = new Account in {

  • fork { a.deposit(10) }

  • fork { a.deposit(10) }

  • } /* Race-Free Account */

Type-Based Race Detection for JAVA


R ace f ree j ava 1 1

RACEFREE JAVA1/1

  • Race conditions are commonly avoided by the lock-based synchronization discipline.

  • The type system needs to verify that each field has a protecting lock that is held whenever the field is accessed or updated.

    (1) associates a protecting lock with each field declaration.

    → programmers provide additional type annotations

    (2) tracks the set of locks held at each field access or update.

    → the type system automatically verifies that the locks are indeed held at each field access, field update, and call-site of the method.

  • RACEFREE JAVA

    • An extended language of CONCURRENT JAVA

    • The modified syntax

field::= [final]optt fdguarded_byl = e

meth::= t mn (arg*) [requiresls]opt{ e }

ls::= l*

l::= e

Type-Based Race Detection for JAVA


Type system 1 5

Type System1/5

  • Type Judgment

    • P ; E ; ls`e : t

      P : the program being checked

      E : an environment providing types for the free variables of e

      ls : a set of final expressions describing the locks that are held when the expression

      e is evaluated.

      e : an expression

      t : the type of e

  • Type Rules

    • The type rules track the set of locks held each program point.

{ }

P ; E`fianll : c checks that l is a final expression of some class type c

Type-Based Race Detection for JAVA


Type system 2 5

Type System2/5

P ; E `fianl e1 : c checks that e1 is a final expression of some class type c

Check that the lock l guarding fd is held at this program point; i.e., that l denotes the same lock as some expression l’ in current lock set.

→ approximates semantic equivalence by syntactic equivalence, and simply to check that l≡ l’.

ex)

final Object a = new Object

final Object b = a

int data guarded_by a

:

synchronized b in {

data = 0

}

Type-Based Race Detection for JAVA


Type system example 3 5

Type System – Example3/5

P ; Account this ` int

P ; Account this `Á

P ; Account this, int x ; Á` synchronized …. : int

-------------------------[METHOD]

P ; Account this `final this : Account

P ; Account this ; Á` 0 : int

-------------------------[FIELD]

E = Account this

P ; Account this ` int balance guarded_by this=0

P ; Account this ` int deposit(int x) { … }

-------------------[CLASS]

P = class Account{ …} let Account a = new Account ….

P ` class Account{…}

P ; Á ; Á` let Account a = new Account in … : int

--------------------[PROG]

` P : int

P :

class Account {

int balance guarded_by this = 0

int deposit(int x)

synchronized this in {

this.balance =

this.balance + x

}

}

let Account a = new Account in {

fork { a.deposit(10 }

fork { a.deposit(10) }

}

Type-Based Race Detection for JAVA


Type system example 4 5

Type System – Example 4/5

P ; Account this, int x ` this : Account

P ; Account this, int x ` (int balance guarded_by this = 0) 2 Account

P ; Account this, int x ` this 2 {this}

P ; Account this, int x ` int

-------------------[EXP REF]

P ; Account this, int x ; {this} ` this.balance+x : Account

P ; Account this, int x ` (int balance guarded_by this = 0) 2 Account

P ; Account this, int x ` this 2{this}

P ; Account this, int x ; {this} ` this.balance+x

-------------------[EXP ASSIGN]

P ; Account this, int x `final this : Account

P ; Account this, int x ; {this} ` {this.balance=this.balance+x} : int

------------------[EXP SYNC]

P ; Account this, int x ; Á` synchronized this in {this.balance=this.balance+x} : int

:

:

Type-Based Race Detection for JAVA


Type system example 5 5

Type System – Example5/5

P ; Account a ; Á` a : Account

P ; Account a ` (int deposit(int x)) 2 Account

P ; Account a ; Á` 10 : int

P ; Account a `ÁµÁ

P ; Account a ` int

--------------------[EXP INVOKE]

P ; Account a `Á

P ; Account a ; Á` a.deposit(10) : int

--------------------[EXP FORK]

P ; Á ; Á` new Account : Account

P ; Account a ; Á` fork{a.deposit(10)} fork{a.deposit(10)} : s

P ; Á ; Á` s

---------------------[EXP LET]

P = defn e <defn: class Account …, e: let Account ..>

P ` defn

P ; Á ; Á` let Account a = new Account in {…} : int

--------------------[PROG]

` P : int

Type-Based Race Detection for JAVA


External locks 1 2

External Locks1/2

  • The only variable in scope at a field declaration is this, the fields of an object must be protected by a lock that is accessible from the object.

  • It is necessary to protect the fields of an object by some locks external to the object.

    Ex) In a linked list, the node objects in a list should be synchronized by a lock which is outside of the node class.

  • To accommodate this programming pattern, we extend RACEFREE JAVA to allow classes to be parameterized by external locks

    defn ::= classcn<garg*> body

    garg ::= ghostt x

    c ::= cn<l*> | Object

Type-Based Race Detection for JAVA


External locks 2 2

External Locks2/2

Type-Based Race Detection for JAVA


Thread local classes 1 2

Thread-Local Classes1/2

  • Large multithreaded programs typically have sections of code that operate on data that is not shared across multiple threads.

  • To accommodate this situation, the concept of thread-local classes is introduced.

  • The language is extended to allow an optional thread_local modifier on class definitions and to make guarded_by clause on field declarations optional in a thread-local class.

    defn::=[thread_local]optclasscn <garg*> body

    field::= [final]optt fd [guarded_by l]opt = e

Type-Based Race Detection for JAVA


Thread local classes 2 2

Thread-Local Classes2/2

  • The type system must ensure that thread-local objects are not accessible from non thread-local objects.

    • extends the rules not to eliminate this possibility.

Type-Based Race Detection for JAVA


Implementation 1 1

Implementation1/1

  • RACEFREE JAVA type system is extended to support full JAVA language in rccjava implementation.

  • The comments that start with the character “#” are treated as type annotations by the tool.

  • The tool was built on top of an existing JAVA front-end that includes a scanner, parser, and type checker.

Type-Based Race Detection for JAVA


Experiment results 1 2

Experiment Results1/2

  • To test effectiveness of the tool, several multithreaded JAVA program was checked by the tool.

  • It was reported that the annotation process proceeded at a rate of 1000lines of code per programmer-hour.

Type-Based Race Detection for JAVA


Experiment results 2 2

Experiment Results2/2

class Vector {

Object elementData[] /*# guarded_by this */

int elementCount /*# guarded_by this */

synchronized boolean removeAllElements() {

:

elementCount = 0 ;

:

}

synchronized int lastIndexOf(Object elem, int n) {

for (int i = n ; --i >= 0 ; )

if (elem.equals(elementData[i])) { … }

}

int lastIndexOf(Object elem) {

return lastIndexOf(elem, elementCount) ;

}

}Excerpt from java.util.Vector

Two threads work on the same Vector object

elementCount = 10 ;

<Thread1><Thread2>

13 invokel lastIndexOf(elem)

4 invoke synchronized removeAllElements()

5 elementCount = 0

14 invoke lastIndexOf(elem, 10)  Race!

Type-Based Race Detection for JAVA


Conclusion

Conclusion

  • The type system enforces programmers to write locking strategies of a program as annotations and checks whether the programmer wrote the program with the strategies or not.

  • This type system enables race conditions to be detected early in the development cycle.

  • The annotations can be used as documentation of locking strategies.

  • Some synchronization patters are not supported in the type system

    (ex. reader-writer locks)

Type-Based Race Detection for JAVA


Further work

Further work

  • Efficient and Precise Datarace Detection for Multithreaded Object-Oriented Programs (PLDI’02)

  • LOCKSMITH: Context-Sensitive Correlation Analysis for Race Detection(PLDI’06)

Type-Based Race Detection for JAVA


Reference

Reference

[1] Type-Based Race Detection for JAVA, Cormac Flanagan, Stephen N. Freund, PLDI 2000

Type-Based Race Detection for JAVA


  • Login