Conditional Must Not Aliasing for Static Race Detection - PowerPoint PPT Presentation

1 / 27

About This Presentation

Title:

Conditional Must Not Aliasing for Static Race Detection

Description:

conditional must not alias analysis is sufficient. effective and sound. Field f is race-free if: ... Conditional Must Not Alias Analysis using. Disjoint ... – PowerPoint PPT presentation

Number of Views:56

Avg rating:3.0/5.0

Slides: 28

Provided by: berkeleyI

Category:

more less

Transcript and Presenter's Notes

Title: Conditional Must Not Aliasing for Static Race Detection

1
Conditional Must Not Aliasing for Static Race
Detection

Mayur Naik
Alex Aiken
Stanford University

2
The Concurrency Revolution

CPU clock speeds have peaked
Implications for hardware
CPU vendors are shipping multi-core processors
Implications for software
Concurrent programs stand to benefit the most

3
Debugging Concurrent Programs is Hard

Concurrency bugs triggered non-deterministically
Prevalent testing techniques ineffective
A race condition is a common concurrency bug
Two threads can simultaneously access a memory
location
At least one access is a write

4
Locking for Race Freedom
// Thread 1 // Thread 2 sync ( )
sync ( ) .f
.f
l1
l2
e2
e1
5
Proving Race Freedom Traditional Alias Analysis
// Thread 1 // Thread 2 sync ( )
sync ( ) .f
.f
l1
l2
e2
e1

Field f is race-free if

MUST-NOT-ALIAS(e1, e2)
e1 and e2 never refer to the same object
MAY-ALIAS(e1, e2)
OR
l1 and l2 always refer to the same object
MUST-ALIAS(l1, l2)
6
Must Alias Analysis is Hard

Our previous approach (PLDI06)
performed a may alias analysis
simple approximation of a must alias analysis
effective but unsound
New approach
found must alias analysis unneeded for race
detection!
conditional must not alias analysis is sufficient
effective and sound

7
Proving Race Freedom Conditional Must Not
Aliasing

Field f is race-free if

Whenever l1 and l2 refer to different objects, e1
and e2also refer to different objects
MUST-NOT-ALIAS(l1, l2) gt MUST-NOT-ALIAS(e1, e2)
8
Example

a new h0N
for (i 1 i lt N i)
ai new h1
ai.g new h2

0,h0
for (j 1 j lt M j) fork x
a sync (?) x.g.f 0

9
Example

a new h0N
for (i 1 i lt N i)
ai new h1
ai.g new h2

sync (?) x2.g.f 0

for (j 1 j lt M j) fork x
a sync (?) x1.g.f 0

10
Example Coarse-grained Locking

a new h0N
for (i 1 i lt N i)
ai new h1
ai.g new h2

0,h0
for (j 1 j lt M j) fork x
a sync (a) x1.g.f 0

sync (a) x2.g.f 0

i,h2
Field f is race-free if
true
MUST-NOT-ALIAS(l1, l2) gt MUST-NOT-ALIAS(e1, e2)
MUST-NOT-ALIAS(a, a) gt MUST-NOT-ALIAS(x1.g, x2.g)
11
Example

a new h0N
for (i 1 i lt N i)
ai new h1
ai.g new h2

sync (?) x2.g.f 0

for (j 1 j lt M j) fork x
a sync (?) x1.g.f 0

12
Example Fine-grained Locking

a new h0N
for (i 1 i lt N i)
ai new h1
ai.g new h2

sync (x2.g) x2.g.f 0

for (j 1 j lt M j) fork x
a sync (x1.g) x1.g.f
0
Field f is race-free if
true
MUST-NOT-ALIAS(l1, l2) gt MUST-NOT-ALIAS(e1, e2)
MUST-NOT-ALIAS(x1.g, x2.g) gt MUST-NOT-ALIAS(x1.g,
x2.g)
13
Example

a new h0N
for (i 1 i lt N i)
ai new h1
ai.g new h2

sync (?) x2.g.f 0

for (j 1 j lt M j) fork x
a sync (?) x1.g.f 0

14
Example Medium-grained Locking

a new h0N
for (i 1 i lt N i)
ai new h1
ai.g new h2

for (j 1 j lt M j) fork x
a sync (x1) x1.g.f 0

sync (x2) x2.g.f 0

Field f is race-free if
true (field g of distinct h1 objects linked to
distinct h2 objects)
MUST-NOT-ALIAS(l1, l2) gt MUST-NOT-ALIAS(e1, e2)
MUST-NOT-ALIAS(x1, x2) gt MUST-NOT-ALIAS(x1.g,
x2.g)
15
Disjoint Reachability Property

h2 DR( h1 ) iff in every
execution
from distinct h1 objects
we can reach (via 1 or more edges)
only distinct h2 objects

j,h1
i,h1
i ? j
k ? l
16
Example Medium-grained Locking

a new h0N
for (i 1 i lt N i)
ai new h1
ai.g new h2

0,h0
?
?
?
1,h1
N,h1
i,h1
?
?
?
N,h2
1,h2
i,h2
Is h2 ? DR(h1)?
Yes!
17
Disjoint Reachability Analysis

Types (a, h)
a is one of 0, 1, ?
h is an object allocation site
Effects (a1, h1) ? (a2, h2)
means left object linked to right object via some
field
Key property of (1, h1) ? (1, h2)
linked objects created in same loop iteration

18
Example Medium-grained Locking

a new h0N
for (i 1 i lt N i)
ai new h1
ai.g new h2

0,h0
?
1,h1
?
1,h2
Is h2 ? DR(h1)?
Yes!
19
Conditional Must Not Alias Analysis
usingDisjoint Reachability Analysis
PointsTo(l1)
PointsTo(l2)
// Thread 1 // Thread 2 sync (l1)
sync (l2) e1.f
e2.f
? DR
PointsTo(e1)
PointsTo(e2)
Field f is race-free if

(PointsTo(e1) n PointsTo(e2)) ? DR(PointsTo(l1) ?
PointsTo(l2))
l1 is a prefix of e1 and l2 is a prefix of e2

MUST-NOT-ALIAS(l1, l2) gt MUST-NOT-ALIAS(e1, e2)
20
Example Medium-grained Locking

a new h0N
for (i 1 i lt N i)
ai new h1
ai.g new h2

h0
i
h1
PointsTo(x2)
PointsTo(x1)
g
for (j 1 j lt M j) fork x
a sync (x1) x1.g.f 0

sync (x2) x2.g.f 0

h2
PointsTo(x2.g)
PointsTo(x1.g)
Field f is race-free if

(PointsTo(e1) n PointsTo(e2)) ? DR(PointsTo(l1) ?
PointsTo(l2))
l1 is a prefix of e1 and l2 is a prefix of e2

(PointsTo(x1.g) n PointsTo(x2.g)) ?
DR(PointsTo(x1) ? PointsTo(x2))
x1 is a prefix of x1.g and x2 is a prefix of x2.g

(h2) ? DR(h1)
x1 is a prefix of x1.g and x2 is a prefix of x2.g

true
true

21
Implementation Aspects

A type is a pair (?, h) where
? is a vector of 0, 1, ? values, one per
method
All loops transformed to tail-recursive methods
Uniformly handles loops and recursive methods
h is a k-object-sensitive object allocation site

22
Implementation Aspects

Circular dependency between type-and-effect
analysis and race freedom
Fact (z y) valid after line 3 only if field f
is race-free1 x.f y
2 ... // no writes to aliases of x.f3 z
x.f
Race detection algorithm performs fixpoint
computation
Begins assuming no races
Type-and-effect analysis kills facts as new races
are found
Terminates when no more races are found

23
Benchmarks
classes
lines of Java code app
lib app lib
time
24
Experimental Results

old pairs new pairs
likely
unlikely original pairs
real false real false
25
Related Work