A Type System for Preventing Data Races and Deadlocks in the Java Virtual Machine Language - PowerPoint PPT Presentation

About This Presentation
Title:

A Type System for Preventing Data Races and Deadlocks in the Java Virtual Machine Language

Description:

A Type System for Preventing Data Races and Deadlocks in the Java Virtual Machine Language Pratibha Permandla Michael Roberson Chandrasekhar Boyapati – PowerPoint PPT presentation

Number of Views:216
Avg rating:3.0/5.0
Slides: 45
Provided by: MichaelR105
Category:

less

Transcript and Presenter's Notes

Title: A Type System for Preventing Data Races and Deadlocks in the Java Virtual Machine Language


1
A Type System for Preventing Data Races and
Deadlocks in the Java Virtual Machine Language
  • Pratibha Permandla
  • Michael Roberson
  • Chandrasekhar Boyapati

University of Michigan
2
Outline
  • Motivation
  • Data Races
  • Deadlocks
  • Object Encapsulation
  • Type System
  • Related Work

3
Data Races in Multithreaded Programs
Thread 1 x x 1
Thread 2 x x 2
  • Two threads access the same data
  • At least one access is a write
  • No synchronization to separate accesses

4
Why Data Races are a Problem
  • Some correct programs contain data races
  • But most races are programming errors
  • Code intended to execute atomically
  • Synchronization omitted by mistake
  • Consequences can be severe
  • Nondeterministic timing-dependent bugs
  • Difficult to detect, reproduce, eliminate

5
Avoiding Data Races
Thread 1 x x 1
Thread 2 x x 2
6
Avoiding Data Races
Thread 1 lock(l) x x 1 unlock(l)
Thread 2 lock(l) x x 2 unlock(l)
  • Associate locks with shared mutable data
  • Acquire lock before data access
  • Release lock after data access

7
Avoiding Data Races
Thread 1 lock(l) x x 1 unlock(l)
Thread 2 lock(l) x x 2 unlock(l)
  • Problem Locking is not enforced!
  • Inadvertent programming errors

8
Avoiding Deadlocks
Thread n
Lock 1
Lock n
Thread 1

Lock 3
Lock 2
Thread 2
9
Avoiding Deadlocks


Thread n
Lock 1
Lock n
Thread 1

Lock 3
Lock 2
Thread 2
  • Associate a partial order among locks
  • Acquire locks in order

10
Avoiding Deadlocks


Thread n
Lock 1
Lock n
Thread 1

Lock 3
Lock 2
Thread 2
Problem Lock ordering is not enforced! Inadverten
t programming errors
11
Object Encapsulation
  • Stack s is implemented with a linked list
  • Outside objects must not access list nodes

s
o

  • Enables local reasoning

12
Object Encapsulation
  • Stack s is implemented with a linked list
  • Outside objects must not access list nodes

s
o


Problem Encapsulation is not enforced! Inadverten
t programming errors
13
Solution
  • Type system for object-oriented languages
  • Statically prevents errors
  • data races, deadlocks, representation exposure
  • Programmers write simple annotations
  • how objects are synchronized
  • partial ordering on locks to prevent deadlocks
  • encapsulation hierarchy
  • Type checker statically verifies program
  • Objects are used only as specified

14
Ownership Types
  • Every object is owned by
  • Another object, or
  • A thread, or
  • A special global owner called world
  • Ownership forms a tree rooted at world

world
Thread1
Thread2
Thread1 objects
Potentially shared objects
Thread2 objects
15
Ownership Types
  • Prevent representation exposure
  • No references from outside object o to objects
    owned by o
  • No references from outside thread t to objects
    owned by t

world
?
Thread1
Thread2
Thread1 objects
Potentially shared objects
Thread2 objects
16
Ownership Types
  • Prevent races
  • For race free access to an object not owned by a
    thread
  • The lock on its outermost containing object must
    be held
  • For race free access to an object owned by a
    thread
  • No lock needs to be held

Acquire Locks
world
Thread1
Thread2
Thread1 objects
Potentially shared objects
Thread2 objects
17
Ownership Types
  • Prevent Deadlocks
  • Locks must be ordered according to a partial
    order
  • Locks must be acquired in descending order

Acquire Locks
world
Thread1
Thread2
1
2
Thread1 objects
Potentially shared objects
Thread2 objects
18
TStack Example
class TStack TNode head void push(T
value) T pop() class TNode
TNode next T value class T
TStack
head
TNode
T



19
TStack Example
class TStack?stackOwner, TOwner?
TNode?this, TOwner? head class
TNode?nodeOwner, TOwner? TNode?nodeOwner,
TOwner? next T?TOwner? value
TStack
TNode
T
20
TStack Example
class TStack?stackOwner, TOwner?
TNode?this, TOwner? head class
TNode?nodeOwner, TOwner? TNode?nodeOwner,
TOwner? next T?TOwner? value
world
Thread1
TStack
T
TStack?thisThread, thisThread? s1 TStack?thisThre
ad, world? s2 TStack?world, world? s3
21
Checking Programs
Bytecodes
Java
Type checker
Compiler
Extra types
Virtual Machine
  • Previous work was on SafeJava

22
Our Approach
Bytecodes
Java
Type checker
Compiler
Extra types
Extra types on interfaces
Intraprocedural Type Inference
Bytecode Verifier
  • Previous work was on SafeJava
  • We extend to SafeJVML
  • Verifies Java bytecodes

Virtual Machine
23
Example

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 load 0 store 3 load 3 monitorenter load 1 store 4 load 4 monitorenter load 0 getfield push 0 ifeq 25 load 1 load 1 getfield load 2 add putfield load 0 load 0 getfield load 2 sub putfield load 4 monitorexit load 3 monitorexit return
static void transfer(Account, Account, int)
class Account private int balance
static void transfer(Account from, Account to,
int x) synchronized (to)
synchronized (from) if
(from.balance ! 0)
to.balance x from.balance
- x
  • No block structure
  • No types on stack or local variables
  • Requires alias analysis

24
Example
i Instruction Fi0 Fi1 Fi2 Fi3 Fi4 Si LSi
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 load 0 store 3 load 3 monitorenter load 1 store 4 load 4 monitorenter load 0 getfield push 0 ifeq 25 load 1 load 1 getfield load 2 add putfield load 0 load 0 getfield load 2 sub putfield load 4 monitorexit load 3 monitorexit return
Fin Type of local variable n at instruction i
Si Types of elements of the stack at
instruction i
LSi Types of locks held at instruction i
Problem Cant tell which object is locked based
on the type
25
Indexed Types
  • Solution Use indexed types
  • Laneve and Bigliardi (TIC 00)
  • Example Object3
  • Objects with identical indexed types are equal
  • Otherwise, unknown

26
Example
i Instruction Fi0 Fi1 Fi2 Fi3 Fi4 Si LSi
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 load 0 store 3 load 3 monitorenter load 1 store 4 load 4 monitorenter load 0 getfield push 0 ifeq 25 load 1 load 1 getfield load 2 add putfield load 0 load 0 getfield load 2 sub putfield load 4 monitorexit load 3 monitorexit return Account Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account Account Account Account Account Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 int int int int int int int int int int int int int int int int int int int int int int int int int int int int int -- -- Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 -- -- -- -- -- -- Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 ? Account1 ? Account1 ? Account5 ? Account5 ? Account1 int int.int ? Account5 Account5.Account5 int.Account5 int.int.Account5 int.Account5 ? Account1 Account1.Account1 int.Account1 int.int.Account1 int.Account1 ? Account5 ? Account1 ? ? ? ? ? Account1 Account1 Account1 Account1 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1 Account1 ?
27
Static Semantics
i Instruction Fi0 Fi1 Fi2 Fi3 Fi4 Si LSi
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 load 0 store 3 load 3 monitorenter load 1 store 4 load 4 monitorenter load 0 getfield push 0 ifeq 25 load 1 load 1 getfield load 2 add putfield load 0 load 0 getfield load 2 sub putfield load 4 monitorexit load 3 monitorexit return Account Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account Account Account Account Account Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 int int int int int int int int int int int int int int int int int int int int int int int int int int int int int -- -- Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 -- -- -- -- -- -- Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 ? Account1 ? Account1 ? Account5 ? Account5 ? Account1 int int.int ? Account5 Account5.Account5 int.Account5 int.int.Account5 int.Account5 ? Account1 Account1.Account1 int.Account1 int.int.Account1 int.Account1 ? Account5 ? Account1 ? ? ? ? ? Account1 Account1 Account1 Account1 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1 Account1 ?
Mi add i1 ? Dom(M) Fi lt Fi1 Si int.int.ß int.ß lt Si1 LSi LSi1
?
28
Static Semantics
i Instruction Fi0 Fi1 Fi2 Fi3 Fi4 Si LSi
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 load 0 store 3 load 3 monitorenter load 1 store 4 load 4 monitorenter load 0 getfield push 0 ifeq 25 load 1 load 1 getfield load 2 add putfield load 0 load 0 getfield load 2 sub putfield load 4 monitorexit load 3 monitorexit return Account Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account Account Account Account Account Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 int int int int int int int int int int int int int int int int int int int int int int int int int int int int int -- -- Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 -- -- -- -- -- -- Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 ? Account1 ? Account1 ? Account5 ? Account5 ? Account1 int int.int ? Account5 Account5.Account5 int.Account5 int.int.Account5 int.Account5 ? Account1 Account1.Account1 int.Account1 int.int.Account1 int.Account1 ? Account5 ? Account1 ? ? ? ? ? Account1 Account1 Account1 Account1 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1 Account1 ?
Mi ifeq L i1, L ? Dom(M) Mi ifeq L i1, L ? Dom(M)
Fi lt Fi1 Si lt t.t.Si1 LSi LSi1 Fi lt FL Si lt t.t.SL LSi LSL
?
?
29
Static Semantics
i Instruction Fi0 Fi1 Fi2 Fi3 Fi4 Si LSi
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 load 0 store 3 load 3 monitorenter load 1 store 4 load 4 monitorenter load 0 getfield push 0 ifeq 25 load 1 load 1 getfield load 2 add putfield load 0 load 0 getfield load 2 sub putfield load 4 monitorexit load 3 monitorexit return Account Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account Account Account Account Account Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 int int int int int int int int int int int int int int int int int int int int int int int int int int int int int -- -- Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 -- -- -- -- -- -- Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 ? Account1 ? Account1 ? Account5 ? Account5 ? Account1 int int.int ? Account5 Account5.Account5 int.Account5 int.int.Account5 int.Account5 ? Account1 Account1.Account1 int.Account1 int.int.Account1 int.Account1 ? Account5 ? Account1 ? ? ? ? ? Account1 Account1 Account1 Account1 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1 Account1 ?
?
?
Mi monitorenter i1 ? Dom(M)
Fi lt Fi1 Si lt cn?world,..?.Si1 LSi1 cn?world,..?.LSi
?
30
Static Semantics
i Instruction Fi0 Fi1 Fi2 Fi3 Fi4 Si LSi
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 load 0 store 3 load 3 monitorenter load 1 store 4 load 4 monitorenter load 0 getfield push 0 ifeq 25 load 1 load 1 getfield load 2 add putfield load 0 load 0 getfield load 2 sub putfield load 4 monitorexit load 3 monitorexit return Account Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account Account Account Account Account Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 int int int int int int int int int int int int int int int int int int int int int int int int int int int int int -- -- Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 -- -- -- -- -- -- Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 ? Account1 ? Account1 ? Account5 ? Account5 ? Account1 int int.int ? Account5 Account5.Account5 int.Account5 int.int.Account5 int.Account5 ? Account1 Account1.Account1 int.Account1 int.int.Account1 int.Account1 ? Account5 ? Account1 ? ? ? ? ? Account1 Account1 Account1 Account1 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1 Account1 ?
?
?
?
Mi getfield cn?f1..n?,fd,tF i1 ? Dom(M)
Fi lt Fi1 Si lt cn?o1..n?.ß to1/f1..on/fncn?o1..n?/this.ß lt Si1 Lock(cn?o1..n?) ? LSi LSi LSi1
?
31
Static Semantics
i Instruction Fi0 Fi1 Fi2 Fi3 Fi4 Si LSi
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 load 0 store 3 load 3 monitorenter load 1 store 4 load 4 monitorenter load 0 getfield push 0 ifeq 25 load 1 load 1 getfield load 2 add putfield load 0 load 0 getfield load 2 sub putfield load 4 monitorexit load 3 monitorexit return Account Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account Account Account Account Account Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 int int int int int int int int int int int int int int int int int int int int int int int int int int int int int -- -- Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 Account1 -- -- -- -- -- -- Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 Account5 ? Account1 ? Account1 ? Account5 ? Account5 ? Account1 int int.int ? Account5 Account5.Account5 int.Account5 int.int.Account5 int.Account5 ? Account1 Account1.Account1 int.Account1 int.int.Account1 int.Account1 ? Account5 ? Account1 ? ? ? ? ? Account1 Account1 Account1 Account1 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1, Account5 Account1 Account1 ?
Mi add i1 ? Dom(M) Fi lt Fi1 Si int.int.ß int.ß lt Si1 LSi LSi1
Mi monitorenter i1 ? Dom(M)
Fi lt Fi1 Si lt cn?world,..?.Si1 LSi1 cn?world,..?.LSi
Mi getfield cn?f1..n?,fd,tF i1 ? Dom(M)
Fi lt Fi1 Si lt cn?o1..n?.ß to1/f1..on/fncn?o1..n?/this.ß lt Si1 Lock(cn?o1..n?) ? LSi LSi LSi1
Mi ifeq L i1, L ? Dom(M) Mi ifeq L i1, L ? Dom(M)
Fi lt Fi1 Si lt t.t.Si1 LSi LSi1 Fi lt FL Si lt t.t.SL LSi LSL
32
Properties of SafeJVML
  • SafeJVML programs are free of data races
  • SafeJVML programs are free of deadlocks
  • SafeJVML programs are free of encapsulation
    errors
  • Need a proof of these properties
  • Need a formalization of dynamic semantics

33
Dynamic Semantics
Thread1
Thread2
Heap
Thread3
Thread4
First Activation Record
Second Activation Record
Current Activation Record
M foo
pc 6
Local Variables
Stack
0
1
2
o3
7
o1
Locks
34
Dynamic Semantics
Thread1
Thread2
Thread3
Heap
Thread4
First Activation Record
Second Activation Record
Current Activation Record
M foo
pc 6
pc 7
Local Variables
Stack
2
0
1
2
o3
7
o1
Mpc getfield v
(?M,pc,f,o.s,ls?.A) h ? (?M,pc1,f,(ho.v).s,ls?.A) h
Locks
o4
o1
35
Dynamic Semantics
Thread1
Thread2
Thread3
Heap
Thread4
First Activation Record
Second Activation Record
Current Activation Record
M foo
pc 7
pc 8
Local Variables
Stack
0
1
2
o3
7
o1
Mpc add
(?M,pc,f,v1.v2.s,ls?.A) h ? (?M,pc1,f,(v1v2).s,ls?.A) h
6
Locks
o4
o1
36
Dynamic Semantics
Thread1
Thread2
Thread3
Heap
Thread4
First Activation Record
Second Activation Record
Current Activation Record
M foo
pc 8
pc 9
Local Variables
Stack
0
1
2
o3
7
o1
6
Mpc store 0
(?M,pc,f,v.s,ls?.A) h ? (?M,pc1,f0 ?v,s,ls?.A) h
Locks
o4
o1
37
Dynamic Semantics
Thread1
Thread2
Thread3
Heap
Thread4
First Activation Record
Second Activation Record
Current Activation Record
M foo
pc 9
pc 10
Local Variables
Stack
0
1
2
6
7
o1
Mpc monitorexit
(?M,pc,f,o.s,ls ? o?.A) h ? (?M,pc1,f,s,ls?.A) h
Locks
o4
o1
38
Dynamic Semantics
Mpc getfield v
(?M,pc,f,o.s,ls?.A) h ? (?M,pc1,f,(ho.v).s,ls?.A) h
Mpc add
(?M,pc,f,v1.v2.s,ls?.A) h ? (?M,pc1,f,(v1v2).s,ls?.A) h
Mpc store 0
(?M,pc,f,v.s,ls?.A) h ? (?M,pc1,f0 ?v,s,ls?.A) h
Mpc monitorexit
(?M,pc,f,o.s,ls ? o?.A) h ? (?M,pc1,f,s,ls?.A) h
39
Proof Sketch
  • Identify runtime invariants
  • Relating static and dynamic semantics
  • States satisfying invariants are well-typed
  • Prove that invariants always hold

40
Proof Sketch
  • Preservation Theorem
  • A well-typed state only transitions to
  • other well-typed states
  • Progress Theorem
  • A well-typed program state
  • transitions to another state, or
  • terminates normally, or
  • has a null dereference

41
Proof Sketch
  • Identify runtime invariants
  • Relating static and dynamic semantics
  • States satisfying invariants are well-typed
  • Prove that invariants always hold
  • Use invariants to prove properties
  • There are no data races
  • There are no deadlocks
  • Encapsulation is never violated

42
Related Work
  • Preventing Data Races and Deadlocks in Java
  • Flanagan and Freund (PLDI 00)
  • Bacon, Strom, and Tarafdar (OOPSLA 00)
  • Boyapati and Rinard (OOPSLA 01)
  • Boyapati, Lee, Rinard (OOPSLA 02)
  • Grossman (TLDI 03)
  • Enforcing Encapsulation in Java
  • Clarke, Potter, and Noble (OOPSLA 98)
  • Clarke and Drossopoulou (OOPSLA 02)
  • Aldrich, Kostadinov, and Chambers (OOPSLA 02)
  • Boyapati, Liskov, Shiria (POPL 03)
  • Krishnaswamy and Aldrich (PLDI 05)

43
Related Work
  • Formalizing JVML
  • Freund and Mitchell (OOPSLA 98)
  • Bertelsen (WPAM 98)
  • Qian (FSSJ 99)
  • Formalizing subroutines in JVML
  • Stata and Abadi (POPL 98)
  • Callahan (POPL 99)
  • Klein and Wildmoser (JAR 03)
  • Tracking aliases in JVML
  • Laneve and Bigliardi (TIC 00)
  • Iwama and Kobayashi (ASIA-PEPM 02)

44
A Type System for Preventing Data Races and
Deadlocks in the Java Virtual Machine Language
  • Pratibha Permandla
  • Michael Roberson
  • Chandrasekhar Boyapati

University of Michigan
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "A Type System for Preventing Data Races and Deadlocks in the Java Virtual Machine Language" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!