Marathon - RV2011

  • Published on
    01-Nov-2014

  • View
    291

  • Download
    1

Embed Size (px)

DESCRIPTION

Presentation at Runtime Verification 2011

Transcript

<ul><li> 1. Marathon: Detecting Atomic- Set Serializability Violations with Conict Graphs William Sumner Christian Hammer Julian Dolby Purdue Utah State IBM Watson RV 2011 - September 2011 - San Francisco, CAThursday, September 29, 2011 1 </li> <li> 2. Outline Motivation: nding concurrency errors Approach: atomic sets and serializability Implementation: conict graphs Results Related work and conclusionsThursday, September 29, 2011 2 </li> <li> 3. Finding Concurrency Errors Parallel hardware is ubiquitous, even phones Software must exploit this concurrency Concurrency allows new kinds of bugs Multiple threads simultaneously access data Bugs when simultaneous access is incorrectThursday, September 29, 2011 3 </li> <li> 4. Atomic Sets class Point { double x; double y; } Fields x and y make up a logical point Fields x and y denote an atomic set Atomic Set Serializability Concurrent operations see consistent pointsThursday, September 29, 2011 4 </li> <li> 5. Units of Work class Point { Threads double x; move mag double y; x x } x void move(int x, int y) { this.x += x; x y this.y += y; y y } y double mag() { return Math.sqrt(x*x+y*y); }Thursday, September 29, 2011 5 </li> <li> 6. Concurrency Errors class Point { Threads double x; move mag double y; x x } x void move(int x, int y) { x this.x += x; this.y += y; y } y y double mag() { return Math.sqrt(x*x+y*y); y }Thursday, September 29, 2011 6 </li> <li> 7. Concurrency Errors Look for concurrency errors per atomic set Improve accuracy: Focus on related memory locations Focus on conceptual units of work on them Aid implementation: Short-running units of work, small sets Enables compact conict graph structureThursday, September 29, 2011 7 </li> <li> 8. Inferring Atomic Sets Must infer atomic sets Make approach applicable to existing code Minimize burden on developer or tester Exploit object structure to infer atomic sets Assume each object denes an atomic set Heuristics to include child objectsThursday, September 29, 2011 8 </li> <li> 9. Child Object Example class Point { class Rectangle { double x; Point ll; double y; Point ur; } } double area() { return (ur.x - ll.x) * (ur.y - ll.y); } heuristic: direct access to eld of a eld means eld is a childThursday, September 29, 2011 9 </li> <li> 10. Conict Graph Implementation A conict graph records tasks, memory uses A node in the graph is a unit of work Edges capture memory dependence write-read, read-write, write-write Atomic sets model keep graph manageable Individual units of work tend to be short Old tasks can be garbage collectedThursday, September 29, 2011 10 </li> <li> 11. Conict Graph Examples move mag move mag x x x x x x x WAR y y y y RAW x y y WAR y yThursday, September 29, 2011 11 </li> <li> 12. Evaluation Assess quality of error reports how many bugs? false positives: not real bugs? false negatives: missed known bugs? Measure overhead Suite of standard benchmarks and real codesThursday, September 29, 2011 12 </li> <li> 13. Evaluation slowdown slowdown benchmark size cycles reports FP (memory) (disk) ConTest 241 141 139 5 1.4 1.1 Jigsaw 142K 1 1 0 3.9 3.9 Jspider 56K 4 4 0 1.2 1.2 Weblech 1874 2 2 0 1.0 1.0 ArrayBQ 1576 2 7 0 26.6 14.1 ArrayList 2266 79 60 0 48.9 19.6 LinkedBQ 1620 1 1 0 20.1 16.9 DelayQueue 1961 43 43 0 23.0 17.5 Vector 2636 131 131 0 52.8 10.4Thursday, September 29, 2011 13 </li> <li> 14. Related Work Low-level data races: do not denote errors Atomicity: full heap atomicity vs atomic sets Serializability: relaxed criteria vs atomic sets Velodrome[]: bug focus, fuller implementation Prior atomic sets: patterns vs conict graphThursday, September 29, 2011 14 </li> <li> 15. Conclusions Efcient and sound concurrency bug nding Overhead comparable or better than prior Sound w.r.t. atomic set model Atomic sets accurately model intent Heuristics allow inference Evaluated w.r.t. programmer intent Few false positives and negatives Future work: further rene heuristicsThursday, September 29, 2011 15 </li> <li> 16. Evaluation resultBuf[i] = vector.getFreeBlockIndex(); if (resultBuf[i] != -1) { vector.markAsAllocatedBlock(resultBuf[i]); } False negative example API of AllocationVector not encapsulated Requires client to synchronize pair of callsThursday, September 29, 2011 16 </li> </ul>