Marathon - RV2011

386 views

Published on

Presentation at Runtime Verification 2011

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
386
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Marathon - RV2011

  1. 1. Marathon: Detecting Atomic- Set Serializability Violations with Conflict Graphs William Sumner Christian Hammer Julian Dolby Purdue Utah State IBM Watson RV 2011 - September 2011 - San Francisco, CAThursday, September 29, 2011 1
  2. 2. Outline Motivation: finding concurrency errors Approach: atomic sets and serializability Implementation: conflict graphs Results Related work and conclusionsThursday, September 29, 2011 2
  3. 3. Finding Concurrency Errors Parallel hardware is ubiquitous, even phones Software must exploit this concurrency Concurrency allows new kinds of bugs Multiple threads simultaneously access data Bugs when simultaneous access is “incorrect”Thursday, September 29, 2011 3
  4. 4. Atomic Sets class Point { double x; double y; } Fields x and y make up a logical point Fields x and y denote an atomic set Atomic Set Serializability Concurrent operations see consistent pointsThursday, September 29, 2011 4
  5. 5. Units of Work class Point { Threads double x; move mag double y; x x } x void move(int x, int y) { this.x += x; x y this.y += y; y y } y double mag() { return Math.sqrt(x*x+y*y); }Thursday, September 29, 2011 5
  6. 6. Concurrency Errors class Point { Threads double x; move mag double y; x x } x void move(int x, int y) { x this.x += x; this.y += y; y } y y double mag() { return Math.sqrt(x*x+y*y); y }Thursday, September 29, 2011 6
  7. 7. Concurrency Errors Look for concurrency errors per atomic set Improve accuracy: Focus on related memory locations Focus on conceptual units of work on them Aid implementation: Short-running units of work, small sets Enables compact conflict graph structureThursday, September 29, 2011 7
  8. 8. Inferring Atomic Sets Must infer atomic sets Make approach applicable to existing code Minimize burden on developer or tester Exploit object structure to infer atomic sets Assume each object defines an atomic set Heuristics to include “child” objectsThursday, September 29, 2011 8
  9. 9. “Child” Object Example class Point { class Rectangle { double x; Point ll; double y; Point ur; } } double area() { return (ur.x - ll.x) * (ur.y - ll.y); } heuristic: direct access to field of a field means field is a childThursday, September 29, 2011 9
  10. 10. Conflict Graph Implementation A conflict graph records tasks, memory uses A node in the graph is a unit of work Edges capture memory dependence write-read, read-write, write-write Atomic sets model keep graph manageable Individual units of work tend to be short Old tasks can be garbage collectedThursday, September 29, 2011 10
  11. 11. Conflict Graph Examples move mag move mag x x x x x x x WAR y y y y RAW x y y WAR y yThursday, September 29, 2011 11
  12. 12. Evaluation Assess quality of error reports how many bugs? false positives: not real bugs? false negatives: missed known bugs? Measure overhead Suite of standard benchmarks and real codesThursday, September 29, 2011 12
  13. 13. Evaluation slowdown slowdown benchmark size cycles reports FP (memory) (disk) ConTest 241 141 139 5 1.4 1.1 Jigsaw 142K 1 1 0 3.9 3.9 Jspider 56K 4 4 0 1.2 1.2 Weblech 1874 2 2 0 1.0 1.0 ArrayBQ 1576 2 7 0 26.6 14.1 ArrayList 2266 79 60 0 48.9 19.6 LinkedBQ 1620 1 1 0 20.1 16.9 DelayQueue 1961 43 43 0 23.0 17.5 Vector 2636 131 131 0 52.8 10.4Thursday, September 29, 2011 13
  14. 14. Related Work Low-level data races: do not denote errors Atomicity: full heap atomicity vs atomic sets Serializability: relaxed criteria vs atomic sets Velodrome[]: bug focus, fuller implementation Prior atomic sets: patterns vs conflict graphThursday, September 29, 2011 14
  15. 15. Conclusions Efficient and sound concurrency bug finding Overhead comparable or better than prior Sound w.r.t. atomic set model Atomic sets accurately model intent Heuristics allow inference Evaluated w.r.t. programmer intent Few false positives and negatives Future work: further refine heuristicsThursday, September 29, 2011 15
  16. 16. Evaluation resultBuf[i] = vector.getFreeBlockIndex(); if (resultBuf[i] != -1) { vector.markAsAllocatedBlock(resultBuf[i]); } False negative example API of AllocationVector not encapsulated Requires client to synchronize pair of callsThursday, September 29, 2011 16

×