C4Media, profile picture
Uploaded byC4Media
1,376 views

Looking Inside a Race Detector

Video and slides synchronized, mp3 and slide download available at URL http://bit.ly/2mAUqqs. Kavya Joshi discusses the internals of the Go race detector and delves into the compiler instrumentation of the program, and the runtime module that detects data races. She also talks about the optimizations that make the dynamic race detector practical for use in the real world, and evaluates how practical it really is. Filmed at qconsf.com. Kavya Joshi is a Software Engineer at Samsara. She particularly enjoys architecting and building highly concurrent, highly scalable systems.

Embed presentation

Looking Inside a Race Detector
InfoQ.com: News & Community Site • Over 1,000,000 software developers, architects and CTOs read the site world- wide every month • 250,000 senior developers subscribe to our weekly newsletter • Published in 4 languages (English, Chinese, Japanese and Brazilian Portuguese) • Post content from our QCon conferences • 2 dedicated podcast channels: The InfoQ Podcast, with a focus on Architecture and The Engineering Culture Podcast, with a focus on building • 96 deep dives on innovative topics packed as downloadable emags and minibooks • Over 40 new content items per week Watch the video with slide synchronization on InfoQ.com! https://www.infoq.com/presentations/ go-race-detector
Purpose of QCon - to empower software development by facilitating the spread of knowledge and innovation Strategy - practitioner-driven conference designed for YOU: influencers of change and innovation in your teams - speakers and topics driving the evolution and innovation - connecting and catalyzing the influencers and innovators Highlights - attended by more than 12,000 delegates since 2007 - held in 9 cities worldwide Presented at QCon San Francisco www.qconsf.com
kavya @kavya719
data race detection
data races “when two+ threads concurrently access a shared memory location, at least one access is a write.” R R R W R R R W W !W W W count = 1 count = 2 count = 2 !concurrent concurrent concurrent // Shared variable var count = 0 func incrementCount() { if count == 0 { count ++ } } func main() { // Spawn two “threads” go incrementCount() go incrementCount() } data race “g2” “g1”
data races “when two+ threads concurrently access a shared memory location, at least one access is a write.” Thread 1 Thread 2 lock(l) lock(l) count=1 count=2 unlock(l) unlock(l) !data race // Shared variable var count = 0 func incrementCount() { if count == 0 { count ++ } } func main() { // Spawn two “threads” go incrementCount() go incrementCount() } data race
• relevant • elusive • have undefined consequences • easy to introduce in languages 
 like Go Panic messages from unexpected program crashes are often reported on the Go issue tracker. An overwhelming number of these panics are caused by data races, and an overwhelming number of those reports centre around Go’s built in map type. — Dave Cheney
given we want to write multithreaded programs, how may we protect our systems from the unknown consequences of the difficult-to-track-down data race bugs… in a manner that is reliable and scalable?
read by goroutine 7 at incrementCount() created at main() race detectors
…but how?
• Go v1.1 (2013)
 • Integrated with the Go tool chain — > go run -race counter.go
 • Based on C/ C++ ThreadSanitizer
 dynamic race detection library • As of August 2015, 1200+ races in Google’s codebase, ~100 in the Go stdlib,
 100+ in Chromium,
 + LLVM, GCC, OpenSSL, WebRTC, Firefox go race detector
core concepts internals evaluation wrap-up
core concepts
concurrency in go The unit of concurrent execution : goroutines user-space threads
 use as you would threads 
 > go handle_request(r) Go memory model specified in terms of goroutines within a goroutine: reads + writes are ordered with multiple goroutines: shared data must be synchronized…else data races!
channels
 > ch <- value
 mutexes, conditional vars, …
 > import “sync” 
 > mu.Lock()
 atomics
 > import “sync/ atomic"
 > atomic.AddUint64(&myInt, 1) The synchronization primitives:
“…goroutines concurrently access a shared memory location, at least one access is a write.” ? concurrency var count = 0 func incrementCount() { if count == 0 { count ++ } } func main() { go incrementCount() go incrementCount() } “g2” “g1” R R R W R R R W W W W W count = 1 count = 2 count = 2 !concurrent concurrent concurrent
how can we determine “concurrent” memory accesses?
var count = 0 func incrementCount() { if count == 0 { count++ } } func main() { incrementCount() incrementCount() } not concurrent — same goroutine
not concurrent — 
 lock draws a “dependency edge” var count = 0 func incrementCount() { mu.Lock() if count == 0 { count ++ } mu.Unlock() } func main() { go incrementCount() go incrementCount() }
happens-before memory accesses 
 i.e. reads, writes a := b synchronization 
 via locks or lock-free sync mu.Unlock() ch <— a X ≺ Y IF one of: — same goroutine — are a synchronization-pair — X ≺ E ≺ Y across goroutines IF X not ≺ Y and Y not ≺ X , concurrent! orders events
A B C D L U L U R W R g1 g2 A ≺ B same goroutine B ≺ C lock-unlock on same object A ≺ D transitivity
concurrent ? var count = 0 func incrementCount() { if count == 0 { count ++ } } func main() { go incrementCount() go incrementCount() }
A ≺ B and C ≺ D same goroutine but A ? C and C ? A concurrent A B D CR W W R g1 g2
how can we implement happens-before?
vector clocks means to establish happens-before edges 0 1 lock(mu) 4 1 t1 = max(4, 0) t2 = max(0,1) g1 g2 0 0 g1 g2 0 0 g1 g2 1 0 read(count) 2 0 3 0 4 0 unlock(mu)
(0, 0) (0, 0) (1, 0) (3, 0) (4, 0) (4, 1) C (4, 2) D A ≺ D ? (3, 0) < (4, 2) ? so yes. L U R WA B L R U g1 g2
CR W W R g1 g2 (1, 0)A (2, 0)B (0, 1) (0, 2) D B ≺ C ? (2, 0) < (0, 1) ? no. C ≺ B ? no. so, concurrent
pure happens-before detection Determines if the accesses to a memory location can be ordered by happens-before, using vector clocks. This is what the Go Race Detector does!
internals
go run -race to implement happens-before detection, need to: create vector clocks for goroutines
 …at goroutine creation
 update vector clocks based on memory access,
 synchronization events
 …when these events occur
 compare vector clocks to detect happens-before 
 relations.
 …when a memory access occurs
program spawn lock read race race detector state race detector state machine
do we have to modify our programs then, to generate the events? memory accesses synchronizations goroutine creation nope.
var count = 0 func incrementCount() { if count == 0 { count ++ } } func main() { go incrementCount() go incrementCount() }
-race var count = 0 func incrementCount() { raceread() if count == 0 {
 racewrite() count ++ }
 racefuncexit() } func main() { go incrementCount() go incrementCount()
the gc compiler instruments memory accesses adds an instrumentation pass over the IR. go tool compile -race func compile(fn *Node) { ... order(fn) walk(fn) if instrumenting { instrument(Curfn) } ... }
This is awesome. We don’t have to modify our programs to track memory accesses. package sync import “internal/race" func (m *Mutex) Lock() { if race.Enabled { race.Acquire(…) } ... } raceacquire(addr) mutex.go package runtime func newproc1() { if race.Enabled { newg.racectx = racegostart(…) } ... } proc.go What about synchronization events, and goroutine creation?
runtime.raceread() ThreadSanitizer (TSan) library C++ race-detection library 
 (.asm file because it’s calling into C++) program TSan
TSan implements the happens-before race detection:
 creates, updates vector clocks for goroutines -> ThreadState
 keeps track of memory access, synchronization events -> Shadow State, Meta Map
 compares vector clocks to detect data races. threadsanitizer
go incrementCount() struct ThreadState { ThreadClock clock; } contains a fixed-size vector clock (size == max(# threads)) func newproc1() { if race.Enabled { newg.racectx = racegostart(…) } ... } proc.go count == 0 raceread(…) by compiler instrumentation 1. data race with a previous access? 2. store information about this access 
 for future detections
stores information about memory accesses. 8-byte shadow word for an access: TID clock pos wr TID: accessor goroutine ID
 clock: scalar clock of accessor , optimized vector clock pos: offset, size in 8-byte word wr: IsWrite bit shadow state directly-mapped: 0x7fffffffffff 0x7f0000000000 0x1fffffffffff 0x180000000000 application shadow
N shadow cells per application word (8-bytes) gx read When shadow words are filled, evict one at random. Optimization 1 clock_1 0:2 0gx gy write clock_2 4:8 1gy
Optimization 2 TID clock pos wr scalar clock, not full vector clock. gx gy 3 23 gx access:
g1: count == 0 raceread(…) by compiler instrumentation g1: count++ racewrite(…) g2: count == 0 raceread(…) and check for race g1 0 0:8 0 0 0 g1 1 0:8 1 1 0 g2 0 0:8 0 0 0
race detection compare: <accessor’s vector clock, new shadow word> g2 0 0:8 0 0 0 “…when two+ threads concurrently access a shared memory location, at least one access is a write.” g1 1 0:8 1 with: each existing shadow word
race detection compare: <accessor’s vector clock, new shadow word> do the access locations overlap? are any of the accesses a write? are the TIDS different? are they concurrent (no happens-before)? g2’s vector clock: (0, 0) existing shadow word’s clock: (1, ?) g1 1 0:8 1g2 0 0:8 0 0 0 ✓ ✓ ✓ ✓ with: each existing shadow word
do the access locations overlap? are any of the accesses a write? are the TIDS different? are they concurrent (no happens-before)? race detection g1 1 0:8 1g2 0 0:8 0 compare (accessor’s threadState, new shadow word) with each existing shadow word: 0 0 RACE! ✓ ✓ ✓ ✓
g1 g2 0 0 g1 g2 0 0 g1 g2 1 0 2 0 3 0 unlock(mu) 3 1 lock(mu) g1 = max(3, 0) g2 = max(0,1) TSan must track synchronization events synchronization events
sync vars mu := sync.Mutex{} struct SyncVar { } stored in the meta map region. struct SyncVar { SyncClock clock; } contains a vector clock SyncClock mu.Unlock() 3 0 g1 g2 mu.Lock() max( SyncClock) 0 1
TSan tracks file descriptors, memory allocations etc. too TSan can track your custom sync primitives too, via dynamic annotations! a note (or two)…
evaluation
evaluation “is it reliable?” “is it scalable?” program slowdown = 5x-15x memory usage = 5x-10x no false positives (only reports “real races”, but can be benign) can miss races! depends on execution trace 
 As of August 2015, 1200+ races in Google’s codebase, ~100 in the Go stdlib,
 100+ in Chromium,
 + LLVM, GCC, OpenSSL, WebRTC, Firefox
with go run -race = gc compiler instrumentation + TSan runtime library for data race detection happens-before using vector clocks
@kavya719
alternatives I. Static detectors analyze the program’s source code.
 • typically have to augment the source with race annotations (-) • single detection pass sufficient to determine all possible 
 races (+) • too many false positives to be practical (-)
 II. Lockset-based dynamic detectors uses an algorithm based on locks held
 • more performant than pure happens-before (+) • may not recognize synchronization via non-locks,
 like channels (would report as races) (-)
III. Hybrid dynamic detectors combines happens-before + locksets.
 (TSan v1, but it was hella unscalable)
 • “best of both worlds” (+) • false positives (-) • complicated to implement (-)
 
 

requirements I. Go specifics v1.1+ gc compiler gccgo does not support as per: https://gcc.gnu.org/ml/gcc-patches/2014-12/msg01828.html x86_64 required Linux, OSX, Windows II. TSan specifics LLVM Clang 3.2, gcc 4.8 x86_64 requires ASLR, so compile/ ld with -fPIE, -pie maps (using mmap but does not reserve) virtual address space; tools like top/ ulimit may not work as expected.
fun facts TSan maps (by mmap but does not reserve) tons of virtual address space; tools like top/ ulimit may not work as expected. need: gdb -ex 'set disable-randomization off' --args ./a.out
 due to ASLR requirement.
 
 Deadlock detection? Kernel TSan?
goroutine 1 obj.UpdateMe() mu.Lock() flag = true mu.Unlock() goroutine 2 mu.Lock() var f bool = flag mu.Unlock () if (f) { obj.UpdateMe() } { { a fun concurrency example
Watch the video with slide synchronization on InfoQ.com! https://www.infoq.com/presentations/ go-race-detector

More Related Content

PPTX
3Com LAN-CAT6-10M-BLAU
bysavomir
 
PPTX
Sclerosis
byaliciadiez
 
DOCX
Planificación anual 4° grado de primaria según el Curriculo Nacional
byMonica Mery Carmona Ruiz
 
PPTX
Falar bem em público melhora o seu negócio?
byWaldomiro Filho
 
PDF
Portfolio Kit for Teachers
byJoanna Dimitrova
 
PDF
170309 - FFBB Infos 091
byComiteBasketCalvados
 
PPTX
やればできる
bynaoki yamagishi
 
PPTX
Unidad 2 proceso de auditoría
byOfer Maciel
 
3Com LAN-CAT6-10M-BLAU
bysavomir
 
Sclerosis
byaliciadiez
 
Planificación anual 4° grado de primaria según el Curriculo Nacional
byMonica Mery Carmona Ruiz
 
Falar bem em público melhora o seu negócio?
byWaldomiro Filho
 
Portfolio Kit for Teachers
byJoanna Dimitrova
 
170309 - FFBB Infos 091
byComiteBasketCalvados
 
やればできる
bynaoki yamagishi
 
Unidad 2 proceso de auditoría
byOfer Maciel
 

Viewers also liked

PPTX
Questionnaire analysis
byemiliabowles
 
PDF
Obv Newsletter Volume 10 Vietnamese
byOneBodyVillage
 
PDF
Obv Newsletter Volume 10 English
byOneBodyVillage
 
PPTX
Santo Espirito Gezi Monteiro
byDanilo Angelo
 
PPTX
Arterioesclerosis
byAngie Estrada
 
DOCX
Planificación anual para 5 ° grado de primaria según el curriculo nacional
byMonica Mery Carmona Ruiz
 
DOC
News SA 11 2017
byRoberta Culiersi
 
PPTX
História- 8ºano
byZé Mário
 
PPTX
Búsqueda en pubmed
byMariadelMarMachucaOstos
 
PDF
Being a strong transformative leader
byGrowthwise
 
PDF
Actividad ciudadano digital
byJhader Cano
 
PDF
Actividad 1.1 grupos de alimentos
byAndrea Higuera
 
PPTX
Scoliosis
byaliciadiez
 
PDF
Inclusive Design: Thinking Beyond Accessibility | NERDSummit 2017
byMichael Miles
 
PPTX
3Com 385640-001
bysavomir
 
PPTX
3Com 10002993
bysavomir
 
Questionnaire analysis
byemiliabowles
 
Obv Newsletter Volume 10 Vietnamese
byOneBodyVillage
 
Obv Newsletter Volume 10 English
byOneBodyVillage
 
Santo Espirito Gezi Monteiro
byDanilo Angelo
 
Arterioesclerosis
byAngie Estrada
 
Planificación anual para 5 ° grado de primaria según el curriculo nacional
byMonica Mery Carmona Ruiz
 
News SA 11 2017
byRoberta Culiersi
 
História- 8ºano
byZé Mário
 
Búsqueda en pubmed
byMariadelMarMachucaOstos
 
Being a strong transformative leader
byGrowthwise
 
Actividad ciudadano digital
byJhader Cano
 
Actividad 1.1 grupos de alimentos
byAndrea Higuera
 
Scoliosis
byaliciadiez
 
Inclusive Design: Thinking Beyond Accessibility | NERDSummit 2017
byMichael Miles
 
3Com 385640-001
bysavomir
 
3Com 10002993
bysavomir
 

More from C4Media

PDF
Streaming a Million Likes/Second: Real-Time Interactions on Live Video
byC4Media
 
PDF
Next Generation Client APIs in Envoy Mobile
byC4Media
 
PDF
Software Teams and Teamwork Trends Report Q1 2020
byC4Media
 
PDF
Understand the Trade-offs Using Compilers for Java Applications
byC4Media
 
PDF
Kafka Needs No Keeper
byC4Media
 
PDF
High Performing Teams Act Like Owners
byC4Media
 
PDF
Does Java Need Inline Types? What Project Valhalla Can Bring to Java
byC4Media
 
PDF
Service Meshes- The Ultimate Guide
byC4Media
 
PDF
Shifting Left with Cloud Native CI/CD
byC4Media
 
PDF
CI/CD for Machine Learning
byC4Media
 
PDF
Fault Tolerance at Speed
byC4Media
 
PDF
Architectures That Scale Deep - Regaining Control in Deep Systems
byC4Media
 
PDF
ML in the Browser: Interactive Experiences with Tensorflow.js
byC4Media
 
PDF
Build Your Own WebAssembly Compiler
byC4Media
 
PDF
User & Device Identity for Microservices @ Netflix Scale
byC4Media
 
PDF
Scaling Patterns for Netflix's Edge
byC4Media
 
PDF
Make Your Electron App Feel at Home Everywhere
byC4Media
 
PDF
The Talk You've Been Await-ing For
byC4Media
 
PDF
Future of Data Engineering
byC4Media
 
PDF
Automated Testing for Terraform, Docker, Packer, Kubernetes, and More
byC4Media
 
Streaming a Million Likes/Second: Real-Time Interactions on Live Video
byC4Media
 
Next Generation Client APIs in Envoy Mobile
byC4Media
 
Software Teams and Teamwork Trends Report Q1 2020
byC4Media
 
Understand the Trade-offs Using Compilers for Java Applications
byC4Media
 
Kafka Needs No Keeper
byC4Media
 
High Performing Teams Act Like Owners
byC4Media
 
Does Java Need Inline Types? What Project Valhalla Can Bring to Java
byC4Media
 
Service Meshes- The Ultimate Guide
byC4Media
 
Shifting Left with Cloud Native CI/CD
byC4Media
 
CI/CD for Machine Learning
byC4Media
 
Fault Tolerance at Speed
byC4Media
 
Architectures That Scale Deep - Regaining Control in Deep Systems
byC4Media
 
ML in the Browser: Interactive Experiences with Tensorflow.js
byC4Media
 
Build Your Own WebAssembly Compiler
byC4Media
 
User & Device Identity for Microservices @ Netflix Scale
byC4Media
 
Scaling Patterns for Netflix's Edge
byC4Media
 
Make Your Electron App Feel at Home Everywhere
byC4Media
 
The Talk You've Been Await-ing For
byC4Media
 
Future of Data Engineering
byC4Media
 
Automated Testing for Terraform, Docker, Packer, Kubernetes, and More
byC4Media
 

Recently uploaded

PDF
Dev Dives: Build and deploy agentic automations - the unified way
byUiPathCommunity
 
PDF
Mesh WiFi Router: The Smart Solution for Fast, Seamless, Whole-Home Internet
byAeroMesh Systems
 
PDF
How to build hackthon projects from ZERO!
byishantyadav1111
 
PDF
Supercharge Your Copilot-Driven Collaboration with Microsoft 365 Agents SDK
byAntti Koskela
 
PDF
Post-Hackathon-Learnings-Maximizing-Impact-Beyond-the-Event.pdf
byishantyadav1111
 
PDF
ICT500 - CRITICAL AND CREATIVE THINKING FOR INFORMATION TECHNOLOGY SOLUTIONS:...
by2024432452
 
PDF
Parental Control App for Phones_ The Complete 2026 Guide for Safer, Smarter P...
byRyan Cooper
 
PDF
OpenCharacter AI Reviews: Features, Plans, and Best Alternative
byOpenCharacter AI
 
PPTX
2026 SCORM Troubleshooting Rustici + dominKnow.pptx
byRustici Software
 
PDF
Why Many Smart Device Platforms Fail to Scale?
byPromeraki Developments
 
PPTX
The Lex Wire Precedent: A Technical Standard for Machine-Mediated Authority ...
byJeff Howell
 
PDF
Adapt.com Seed Fundraising Deck | The AI Computer for Business
byashley459565
 
PDF
From DeFi POC to Production MVP - A 12-16 Week Blueprint.pdf
byniahiggins21
 
PDF
Understanding Foldable 3-Wheel Electric Scooters for Everyday Use
byTopmate
 
PPTX
Introduction to Artificial Intelligence (AI).pptx
byammar414783
 
PDF
The Emergence of Empathic XR: AWE Asia 2026 keynote
byMark Billinghurst
 
PDF
Traditional-Security-Models-No-Longer-Work.pptx (1).pdf
byOhhproJunction
 
PDF
Chapter 4 Network Security in computer security
byGetnet Tigabie Askale -(GM)
 
PDF
Safer’s Picks: The 5 FME Transformers You Didn’t Know You Needed
bySafe Software
 
PDF
AI and Zero Trust: What it takes to do it right
byMark Simos
 
Dev Dives: Build and deploy agentic automations - the unified way
byUiPathCommunity
 
Mesh WiFi Router: The Smart Solution for Fast, Seamless, Whole-Home Internet
byAeroMesh Systems
 
How to build hackthon projects from ZERO!
byishantyadav1111
 
Supercharge Your Copilot-Driven Collaboration with Microsoft 365 Agents SDK
byAntti Koskela
 
Post-Hackathon-Learnings-Maximizing-Impact-Beyond-the-Event.pdf
byishantyadav1111
 
ICT500 - CRITICAL AND CREATIVE THINKING FOR INFORMATION TECHNOLOGY SOLUTIONS:...
by2024432452
 
Parental Control App for Phones_ The Complete 2026 Guide for Safer, Smarter P...
byRyan Cooper
 
OpenCharacter AI Reviews: Features, Plans, and Best Alternative
byOpenCharacter AI
 
2026 SCORM Troubleshooting Rustici + dominKnow.pptx
byRustici Software
 
Why Many Smart Device Platforms Fail to Scale?
byPromeraki Developments
 
The Lex Wire Precedent: A Technical Standard for Machine-Mediated Authority ...
byJeff Howell
 
Adapt.com Seed Fundraising Deck | The AI Computer for Business
byashley459565
 
From DeFi POC to Production MVP - A 12-16 Week Blueprint.pdf
byniahiggins21
 
Understanding Foldable 3-Wheel Electric Scooters for Everyday Use
byTopmate
 
Introduction to Artificial Intelligence (AI).pptx
byammar414783
 
The Emergence of Empathic XR: AWE Asia 2026 keynote
byMark Billinghurst
 
Traditional-Security-Models-No-Longer-Work.pptx (1).pdf
byOhhproJunction
 
Chapter 4 Network Security in computer security
byGetnet Tigabie Askale -(GM)
 
Safer’s Picks: The 5 FME Transformers You Didn’t Know You Needed
bySafe Software
 
AI and Zero Trust: What it takes to do it right
byMark Simos
 

Looking Inside a Race Detector

  • 1.
  • 2.
    InfoQ.com: News &Community Site • Over 1,000,000 software developers, architects and CTOs read the site world- wide every month • 250,000 senior developers subscribe to our weekly newsletter • Published in 4 languages (English, Chinese, Japanese and Brazilian Portuguese) • Post content from our QCon conferences • 2 dedicated podcast channels: The InfoQ Podcast, with a focus on Architecture and The Engineering Culture Podcast, with a focus on building • 96 deep dives on innovative topics packed as downloadable emags and minibooks • Over 40 new content items per week Watch the video with slide synchronization on InfoQ.com! https://www.infoq.com/presentations/ go-race-detector
  • 3.
    Purpose of QCon -to empower software development by facilitating the spread of knowledge and innovation Strategy - practitioner-driven conference designed for YOU: influencers of change and innovation in your teams - speakers and topics driving the evolution and innovation - connecting and catalyzing the influencers and innovators Highlights - attended by more than 12,000 delegates since 2007 - held in 9 cities worldwide Presented at QCon San Francisco www.qconsf.com
  • 4.
  • 5.
  • 6.
    data races “when two+threads concurrently access a shared memory location, at least one access is a write.” R R R W R R R W W !W W W count = 1 count = 2 count = 2 !concurrent concurrent concurrent // Shared variable var count = 0 func incrementCount() { if count == 0 { count ++ } } func main() { // Spawn two “threads” go incrementCount() go incrementCount() } data race “g2” “g1”
  • 7.
    data races “when two+threads concurrently access a shared memory location, at least one access is a write.” Thread 1 Thread 2 lock(l) lock(l) count=1 count=2 unlock(l) unlock(l) !data race // Shared variable var count = 0 func incrementCount() { if count == 0 { count ++ } } func main() { // Spawn two “threads” go incrementCount() go incrementCount() } data race
  • 8.
    • relevant • elusive •have undefined consequences • easy to introduce in languages 
 like Go Panic messages from unexpected program crashes are often reported on the Go issue tracker. An overwhelming number of these panics are caused by data races, and an overwhelming number of those reports centre around Go’s built in map type. — Dave Cheney
  • 9.
    given we wantto write multithreaded programs, how may we protect our systems from the unknown consequences of the difficult-to-track-down data race bugs… in a manner that is reliable and scalable?
  • 10.
    read by goroutine7 at incrementCount() created at main() race detectors
  • 11.
  • 12.
    • Go v1.1(2013)
 • Integrated with the Go tool chain — > go run -race counter.go
 • Based on C/ C++ ThreadSanitizer
 dynamic race detection library • As of August 2015, 1200+ races in Google’s codebase, ~100 in the Go stdlib,
 100+ in Chromium,
 + LLVM, GCC, OpenSSL, WebRTC, Firefox go race detector
  • 13.
  • 14.
  • 15.
    concurrency in go Theunit of concurrent execution : goroutines user-space threads
 use as you would threads 
 > go handle_request(r) Go memory model specified in terms of goroutines within a goroutine: reads + writes are ordered with multiple goroutines: shared data must be synchronized…else data races!
  • 16.
    channels
 > ch <-value
 mutexes, conditional vars, …
 > import “sync” 
 > mu.Lock()
 atomics
 > import “sync/ atomic"
 > atomic.AddUint64(&myInt, 1) The synchronization primitives:
  • 17.
    “…goroutines concurrently accessa shared memory location, at least one access is a write.” ? concurrency var count = 0 func incrementCount() { if count == 0 { count ++ } } func main() { go incrementCount() go incrementCount() } “g2” “g1” R R R W R R R W W W W W count = 1 count = 2 count = 2 !concurrent concurrent concurrent
  • 18.
    how can wedetermine “concurrent” memory accesses?
  • 19.
    var count =0 func incrementCount() { if count == 0 { count++ } } func main() { incrementCount() incrementCount() } not concurrent — same goroutine
  • 20.
    not concurrent —
 lock draws a “dependency edge” var count = 0 func incrementCount() { mu.Lock() if count == 0 { count ++ } mu.Unlock() } func main() { go incrementCount() go incrementCount() }
  • 21.
    happens-before memory accesses 
 i.e.reads, writes a := b synchronization 
 via locks or lock-free sync mu.Unlock() ch <— a X ≺ Y IF one of: — same goroutine — are a synchronization-pair — X ≺ E ≺ Y across goroutines IF X not ≺ Y and Y not ≺ X , concurrent! orders events
  • 22.
    A B C D L U L U R W R g1 g2 A ≺B same goroutine B ≺ C lock-unlock on same object A ≺ D transitivity
  • 23.
    concurrent ? var count= 0 func incrementCount() { if count == 0 { count ++ } } func main() { go incrementCount() go incrementCount() }
  • 24.
    A ≺ Band C ≺ D same goroutine but A ? C and C ? A concurrent A B D CR W W R g1 g2
  • 25.
    how can weimplement happens-before?
  • 26.
    vector clocks means toestablish happens-before edges 0 1 lock(mu) 4 1 t1 = max(4, 0) t2 = max(0,1) g1 g2 0 0 g1 g2 0 0 g1 g2 1 0 read(count) 2 0 3 0 4 0 unlock(mu)
  • 27.
    (0, 0) (0,0) (1, 0) (3, 0) (4, 0) (4, 1) C (4, 2) D A ≺ D ? (3, 0) < (4, 2) ? so yes. L U R WA B L R U g1 g2
  • 28.
    CR W W R g1 g2 (1,0)A (2, 0)B (0, 1) (0, 2) D B ≺ C ? (2, 0) < (0, 1) ? no. C ≺ B ? no. so, concurrent
  • 29.
    pure happens-before detection Determinesif the accesses to a memory location can be ordered by happens-before, using vector clocks. This is what the Go Race Detector does!
  • 30.
  • 31.
    go run -race toimplement happens-before detection, need to: create vector clocks for goroutines
 …at goroutine creation
 update vector clocks based on memory access,
 synchronization events
 …when these events occur
 compare vector clocks to detect happens-before 
 relations.
 …when a memory access occurs
  • 32.
  • 33.
    do we haveto modify our programs then, to generate the events? memory accesses synchronizations goroutine creation nope.
  • 34.
    var count =0 func incrementCount() { if count == 0 { count ++ } } func main() { go incrementCount() go incrementCount() }
  • 35.
    -race var count =0 func incrementCount() { raceread() if count == 0 {
 racewrite() count ++ }
 racefuncexit() } func main() { go incrementCount() go incrementCount()
  • 36.
    the gc compilerinstruments memory accesses adds an instrumentation pass over the IR. go tool compile -race func compile(fn *Node) { ... order(fn) walk(fn) if instrumenting { instrument(Curfn) } ... }
  • 37.
    This is awesome. Wedon’t have to modify our programs to track memory accesses. package sync import “internal/race" func (m *Mutex) Lock() { if race.Enabled { race.Acquire(…) } ... } raceacquire(addr) mutex.go package runtime func newproc1() { if race.Enabled { newg.racectx = racegostart(…) } ... } proc.go What about synchronization events, and goroutine creation?
  • 38.
    runtime.raceread() ThreadSanitizer (TSan) library C++race-detection library 
 (.asm file because it’s calling into C++) program TSan
  • 39.
    TSan implements thehappens-before race detection:
 creates, updates vector clocks for goroutines -> ThreadState
 keeps track of memory access, synchronization events -> Shadow State, Meta Map
 compares vector clocks to detect data races. threadsanitizer
  • 40.
    go incrementCount() struct ThreadState{ ThreadClock clock; } contains a fixed-size vector clock (size == max(# threads)) func newproc1() { if race.Enabled { newg.racectx = racegostart(…) } ... } proc.go count == 0 raceread(…) by compiler instrumentation 1. data race with a previous access? 2. store information about this access 
 for future detections
  • 41.
    stores information aboutmemory accesses. 8-byte shadow word for an access: TID clock pos wr TID: accessor goroutine ID
 clock: scalar clock of accessor , optimized vector clock pos: offset, size in 8-byte word wr: IsWrite bit shadow state directly-mapped: 0x7fffffffffff 0x7f0000000000 0x1fffffffffff 0x180000000000 application shadow
  • 42.
    N shadow cellsper application word (8-bytes) gx read When shadow words are filled, evict one at random. Optimization 1 clock_1 0:2 0gx gy write clock_2 4:8 1gy
  • 43.
    Optimization 2 TID clockpos wr scalar clock, not full vector clock. gx gy 3 23 gx access:
  • 44.
    g1: count ==0 raceread(…) by compiler instrumentation g1: count++ racewrite(…) g2: count == 0 raceread(…) and check for race g1 0 0:8 0 0 0 g1 1 0:8 1 1 0 g2 0 0:8 0 0 0
  • 45.
    race detection compare: <accessor’s vectorclock, new shadow word> g2 0 0:8 0 0 0 “…when two+ threads concurrently access a shared memory location, at least one access is a write.” g1 1 0:8 1 with: each existing shadow word
  • 46.
    race detection compare: <accessor’s vectorclock, new shadow word> do the access locations overlap? are any of the accesses a write? are the TIDS different? are they concurrent (no happens-before)? g2’s vector clock: (0, 0) existing shadow word’s clock: (1, ?) g1 1 0:8 1g2 0 0:8 0 0 0 ✓ ✓ ✓ ✓ with: each existing shadow word
  • 47.
    do the accesslocations overlap? are any of the accesses a write? are the TIDS different? are they concurrent (no happens-before)? race detection g1 1 0:8 1g2 0 0:8 0 compare (accessor’s threadState, new shadow word) with each existing shadow word: 0 0 RACE! ✓ ✓ ✓ ✓
  • 48.
    g1 g2 0 0 g1g2 0 0 g1 g2 1 0 2 0 3 0 unlock(mu) 3 1 lock(mu) g1 = max(3, 0) g2 = max(0,1) TSan must track synchronization events synchronization events
  • 49.
    sync vars mu :=sync.Mutex{} struct SyncVar { } stored in the meta map region. struct SyncVar { SyncClock clock; } contains a vector clock SyncClock mu.Unlock() 3 0 g1 g2 mu.Lock() max( SyncClock) 0 1
  • 50.
    TSan tracks filedescriptors, memory allocations etc. too TSan can track your custom sync primitives too, via dynamic annotations! a note (or two)…
  • 51.
  • 52.
    evaluation “is it reliable?”“is it scalable?” program slowdown = 5x-15x memory usage = 5x-10x no false positives (only reports “real races”, but can be benign) can miss races! depends on execution trace 
 As of August 2015, 1200+ races in Google’s codebase, ~100 in the Go stdlib,
 100+ in Chromium,
 + LLVM, GCC, OpenSSL, WebRTC, Firefox
  • 53.
    with go run -race= gc compiler instrumentation + TSan runtime library for data race detection happens-before using vector clocks
  • 54.
  • 55.
    alternatives I. Static detectors analyzethe program’s source code.
 • typically have to augment the source with race annotations (-) • single detection pass sufficient to determine all possible 
 races (+) • too many false positives to be practical (-)
 II. Lockset-based dynamic detectors uses an algorithm based on locks held
 • more performant than pure happens-before (+) • may not recognize synchronization via non-locks,
 like channels (would report as races) (-)
  • 56.
    III. Hybrid dynamicdetectors combines happens-before + locksets.
 (TSan v1, but it was hella unscalable)
 • “best of both worlds” (+) • false positives (-) • complicated to implement (-)
 
 

  • 57.
    requirements I. Go specifics v1.1+ gccompiler gccgo does not support as per: https://gcc.gnu.org/ml/gcc-patches/2014-12/msg01828.html x86_64 required Linux, OSX, Windows II. TSan specifics LLVM Clang 3.2, gcc 4.8 x86_64 requires ASLR, so compile/ ld with -fPIE, -pie maps (using mmap but does not reserve) virtual address space; tools like top/ ulimit may not work as expected.
  • 58.
    fun facts TSan maps (bymmap but does not reserve) tons of virtual address space; tools like top/ ulimit may not work as expected. need: gdb -ex 'set disable-randomization off' --args ./a.out
 due to ASLR requirement.
 
 Deadlock detection? Kernel TSan?
  • 59.
    goroutine 1 obj.UpdateMe() mu.Lock() flag =true mu.Unlock() goroutine 2 mu.Lock() var f bool = flag mu.Unlock () if (f) { obj.UpdateMe() } { { a fun concurrency example
  • 60.
    Watch the videowith slide synchronization on InfoQ.com! https://www.infoq.com/presentations/ go-race-detector