Automated inference of atomic sets for safe concurrent execution
20 Jun 2013-pp 1-8
TL;DR: The implementation of the analysis allowed us to derive the atomic sets for large code bases such as the Java collections framework in a matter of minutes and enables safe concurrency by preventing unobserved interleavings which may harbor latent Heisenbugs.
Abstract: Atomic sets are a synchronization mechanism in which the programmer specifies the groups of data that must be accessed as a unit. The compiler can check this specification for consistency, detect deadlocks, and automatically add the primitives to prevent interleaved access. Atomic sets relieve the programmer from the burden of recognizing and pruning execution paths which lead to interleaved access, thereby reducing the potential for data races. However, manually converting programs from lock-based synchronization to atomic sets requires reasoning about the program's concurrency structure, which can be a challenge even for small programs. Our analysis eliminates the challenge by automating the reasoning. Our implementation of the analysis allowed us to derive the atomic sets for large code bases such as the Java collections framework in a matter of minutes. The analysis is based on execution traces; assuming all traces reflect intended behavior, our analysis enables safe concurrency by preventing unobserved interleavings which may harbor latent Heisenbugs.
Citations
More filters
Journal Article•
TL;DR: This paper develops Brinch-Hansen's concept of a monitor as a method of structuring an operating system, introduces a form of synchronization, describes a possible method of implementation in terms of semaphores and gives a suitable proof rule.
Abstract: This paper develops Brinch-Hansen's concept of a monitor as a method of structuring an operating system. It introduces a form of synchronization, describes a possible method of implementation in terms of semaphores and gives a suitable proof rule. Illustrative examples include a single resource scheduler, a bounded buffer, an alarm clock, a buffer pool, a disk head optimizer, and a version of the problem of readers and writers.
79 citations
01 Jan 2014
TL;DR: In this paper, a type-based static analysis is extended to handle recursive data structures by considering programmer-supplied, compiler-verified lock ordering annotations, and all 10 programs under consideration were shown to be deadlock-free.
Abstract: Previously, we developed a data-centric approach to concurrency control in which programmers specify synchronization constraints declaratively, by grouping shared locations into atomic sets. We implemented our ideas in a Java extension called AJ, using Java locks to implement synchronization. We proved that atomicity violations are prevented by construction, and demonstrated that realistic Java programs can be refactored into AJ without significant loss of performance. This paper presents an algorithm for detecting possible deadlock in AJ programs by ordering the locks associated with atomic sets. In our approach, a type-based static analysis is extended to handle recursive data structures by considering programmer-supplied, compiler-verified lock ordering annotations. In an evaluation of the algorithm, all 10 AJ programs under consideration were shown to be deadlock-free. One program needed 4 ordering annotations and 2 others required minor refactorings. For the remaining 7 programs, no programmer intervention of any kind was required.
27 citations
Proceedings Article•
01 Jan 19969 citations
04 Apr 2016
TL;DR: This paper proposes a simple data-centric concurrency control model that builds only on the notion of atomic variable and informally presents the model and its properties, as well as a prototype implementation that is used to compare the approach against the aforementioned Atomic Sets and control-centred approaches in general.
Abstract: The mainstream use of concurrent programming is bound to the provision of constructs that abstract details intrinsic to concurrency, while ensuring safety and liveness properties. Several control-centric approaches meet these requirements but decentralise concurrency management, hindering reasoning. The alternative data-centric approach promotes local rather than distributed reasoning, however it is a fairly new approach embraced only by Atomic Sets [4, 8], a rather complex model that does not guarantee progress in all scenarios. In this paper we propose a simple data-centric concurrency control model that builds only on the notion of atomic variable. We informally present the model and its properties, as well as a prototype implementation that we used to compare our approach against the aforementioned Atomic Sets and control-centred approaches in general.
5 citations
01 Jan 2014
TL;DR: A novel algorithm, called BAIT, is proposed for deriving annotations automatically from observed program executions using Bayesian probabilistic inference, which produces atomic set, unit of work, and alias annotations for atomic-set based synchronization.
Abstract: Concurrent programs often ensure the consistency of their data structures through synchronization. Because control-centric synchronization primitives, such as locks, are disconnected from the consistency invariants of the data structures, a compiler cannot check and and enforce these invariants - making it hard to detect bugs caused by incorrect synchronization. Moreover, a consistency bug may be the result of some unlikely schedule and therefore not show up in program testing. In contrast, data-centric synchronization adds annotations to data structures, defining sets of fields that must be accessed atomically. A compiler can check such annotations for consistency, detect deadlock, and automatically add primitives to prevent data races. However, annotating existing code is time consuming and error prone because it requires understanding the concurrency semantics implemented in the code. We propose a novel algorithm, called BAIT, for deriving such annotations automatically from observed program executions using Bayesian probabilistic inference. The algorithm produces atomic set, unit of work, and alias annotations for atomic-set based synchronization. Using our implementation of the algorithm, we have derived annotations for large code bases, for example the Java collections framework, in a matter of seconds. A comparison of the inferred annotations against manually converted programs, and two case studies on large, widely-used programs, show that our implementation derives detailed annotations of high quality.
4 citations
Cites methods from "Automated inference of atomic sets ..."
...In previous work [60], we proposed and implemented a dynamic inference algorithm for the automatic conversion of shared memory multi-threaded programs from control-centric to data-centric synchronization....
[...]
References
More filters
Book•
01 Jan 1988TL;DR: Probabilistic Reasoning in Intelligent Systems as mentioned in this paper is a complete and accessible account of the theoretical foundations and computational methods that underlie plausible reasoning under uncertainty, and provides a coherent explication of probability as a language for reasoning with partial belief.
Abstract: From the Publisher:
Probabilistic Reasoning in Intelligent Systems is a complete andaccessible account of the theoretical foundations and computational methods that underlie plausible reasoning under uncertainty. The author provides a coherent explication of probability as a language for reasoning with partial belief and offers a unifying perspective on other AI approaches to uncertainty, such as the Dempster-Shafer formalism, truth maintenance systems, and nonmonotonic logic. The author distinguishes syntactic and semantic approaches to uncertaintyand offers techniques, based on belief networks, that provide a mechanism for making semantics-based systems operational. Specifically, network-propagation techniques serve as a mechanism for combining the theoretical coherence of probability theory with modern demands of reasoning-systems technology: modular declarative inputs, conceptually meaningful inferences, and parallel distributed computation. Application areas include diagnosis, forecasting, image interpretation, multi-sensor fusion, decision support systems, plan recognition, planning, speech recognitionin short, almost every task requiring that conclusions be drawn from uncertain clues and incomplete information.
Probabilistic Reasoning in Intelligent Systems will be of special interest to scholars and researchers in AI, decision theory, statistics, logic, philosophy, cognitive psychology, and the management sciences. Professionals in the areas of knowledge-based systems, operations research, engineering, and statistics will find theoretical and computational tools of immediate practical use. The book can also be used as an excellent text for graduate-level courses in AI, operations research, or applied probability.
15,671 citations
TL;DR: In this paper, the authors develop Brinch-Hansen's concept of a monitor as a method of structuring an operating system and describe a possible method of implementation in terms of semaphores and give a suitable proof rule.
Abstract: This paper develops Brinch-Hansen's concept of a monitor as a method of structuring an operating system. It introduces a form of synchronization, describes a possible method of implementation in terms of semaphores and gives a suitable proof rule. Illustrative examples include a single resource scheduler, a bounded buffer, an alarm clock, a buffer pool, a disk head optimizer, and a version of the problem of readers and writers.
1,705 citations
Proceedings Article•
01 Mar 2008
TL;DR: In this paper, the authors provide a comprehensive real world concurrency bug characteristic study and provide useful guidance for concurrent bug detection, testing, and concurrent programming language design, which can be used to detect concurrency bugs.
Abstract: The reality of multi-core hardware has made concurrent programs pervasive. Unfortunately, writing correct concurrent programs is dif#2;cult. Addressing this challenge requires advances in multiple directions, including concurrency bug detection, concurrent program testing, concurrent programming model design, etc. Designing effective techniques in all these directions will signi#2;cantly bene#2;t from a deep understanding of real world concurrency bug characteristics. This paper provides the #2;rst (to the best of our knowledge) comprehensive real world concurrency bug characteristic study. Specifically, we have carefully examined concurrency bug patterns, manifestation, and #2;x strategies of 105 randomly selected real world concurrency bugs from 4 representative server and client opensource applications (MySQL, Apache, Mozilla and OpenOf#2;ce). Our study reveals several interesting #2;ndings and provides useful guidance for concurrency bug detection, testing, and concurrent programming language design. Some of our #2;ndings are as follows: (1) Around one third of the examined non-deadlock concurrency bugs are caused by violation to programmers' order intentions, which may not be easily expressed via synchronization primitives like locks and transactional memories; (2) Around 34% of the examined non-deadlock concurrency bugs involve multiple variables, which are not well addressed by existing bug detection tools; (3) About 92% of the examined concurrency bugs can be reliably triggered by enforcing certain orders among no more than 4 memory accesses. This indicates that testing concurrent programs can target at exploring possible orders among every small groups of memory accesses, instead of among all memory accesses; (4) About 73% of the examined non-deadlock concurrency bugs were not #2;xed by simply adding or changing locks, and many of the #2;xes were not correct at the #2;rst try, indicating the dif#2;culty of reasoning concurrent execution by programmers.
811 citations
IBM1
TL;DR: This work presents a new definition of data races in terms of 11 problematic interleaving scenarios, and proves that it is complete by showing that any execution not exhibiting these scenarios is serializable for a chosen set of locations.
Abstract: Concurrency-related bugs may happen when multiple threads access shared data and interleave in ways that do not correspond to any sequential execution. Their absence is not guaranteed by the traditional notion of "data race" freedom. We present a new definition of data races in terms of 11 problematic interleaving scenarios, and prove that it is complete by showing that any execution not exhibiting these scenarios is serializable for a chosen set of locations. Our definition subsumes the traditional definition of a data race as well as high-level data races such as stale-value errors and inconsistent views. We also propose a language feature called atomic sets of locations, which lets programmers specify the existence of consistency properties between fields in objects, without specifying the properties themselves. We use static analysis to automatically infer those points in the code where synchronization is needed to avoid data races under our new definition. An important benefit of this approach is that, in general, far fewer annotations are required than is the case with existing approaches such as synchronized blocks or atomic sections. Our implementation successfully inferred the appropriate synchronization for a significant subset of Java's Standard Collections framework.
251 citations
"Automated inference of atomic sets ..." refers background or methods in this paper
...data races [1, 2]: fields are often connected through invariants and must be updated together to maintain the object’s consistency [16, 11]....
[...]
...An alternative is to use data-centric synchronization [16, 5], which localizes the reasoning by asking the programmer for annotations specifying which fields of an object are connected by a semantic invariant....
[...]
Book•
01 Jan 2002
TL;DR: In this paper, the concept of a monitor as a method of structuring an operating system is introduced and a form of synchronization is described in terms of semaphores and a suitable proof rule.
Abstract: This paper develops Brinch Hansen's concept of a monitor as a method of structuring an operating system. It introduces a form of synchronization, describes a possible method of implementation in terms of semaphores and gives a suitable proof rule. Illustrative examples include a single resource scheduler, a bounded buffer, an alarm clock, a buffer pool, a disk head optimizer, and a version of the problem of readers and writers.
245 citations