Data-Race Exceptions Have Benefits Beyond the Memory Model Benjamin - - PowerPoint PPT Presentation

Data-Race Exceptions Have Benefits Beyond the Memory Model

Benjamin P . Wood, Luis Ceze, Dan Grossman University of Washington

1

Why data-race exceptions?

[Elmas et al., PLDI 2007; Adve and Boehm, CACM Aug. 2010; Marino et al., PLDI 2010; Lucia et al., ISCA 2010; ...]

2

Why data-race exceptions?

Find bugs.

[Elmas et al., PLDI 2007; Adve and Boehm, CACM Aug. 2010; Marino et al., PLDI 2010; Lucia et al., ISCA 2010; ...]

2

Why data-race exceptions?

Find bugs. Simplify memory models. (DRF ⇒ SC)

[Elmas et al., PLDI 2007; Adve and Boehm, CACM Aug. 2010; Marino et al., PLDI 2010; Lucia et al., ISCA 2010; ...]

2

Why data-race exceptions?

Find bugs. Simplify memory models. Avoid reasoning about memory reorderings. (DRF ⇒ SC)

[Elmas et al., PLDI 2007; Adve and Boehm, CACM Aug. 2010; Marino et al., PLDI 2010; Lucia et al., ISCA 2010; ...]

2

Why not data-race exceptions?

3

Why not data-race exceptions?

Lock-free algorithms

3

Why not data-race exceptions?

“Benign” races Lock-free algorithms

3

Why not data-race exceptions?

“Benign” races Lock-free algorithms unchecked annotations

3

Why not data-race exceptions?

“Benign” races Lock-free algorithms

Performance overheads

unchecked annotations

• ngoing research

3

Overheads memory models. Find bugs.

costs benefits

Simplify

4

Overheads memory models. Find bugs.

costs benefits

Simplify

4

Overheads memory models. Find bugs.

costs benefits

Simplify

4

Overheads memory models. Find bugs.

costs benefits

Simplify

?

4

This talk explores hidden benefits (and costs)

• f data-race exceptions in runtime systems.

Overheads memory models. Find bugs.

costs benefits

Simplify

?

?

4

This talk explores hidden benefits (and costs)

• f data-race exceptions in runtime systems.

costs benefits This talk explores hidden benefits (and costs)

• f data-race exceptions in runtime systems.

Overheads

?

memory models. Find bugs. Simplify

?

5

All races are inherently wrong.

6

u n a n n

• t

a t e d

All races are inherently wrong.

6

^

u n a n n

• t

a t e d

Attempts at racy accesses are exceptional, but legal. All races are inherently wrong.

6

^

Exceptions ensure all races are impossible.

u n a n n

• t

a t e d

^

u n a n n

• t

a t e d

^

Contributions

Review data races, exceptions, and sequential consistency. Properties of data-race exceptions enable conflict detection. Exploit data-race exceptions in concurrent garbage collection. Low-level data-race exceptions have subtle implications. Conclusions

contributions

7

Outline

Review data races, exceptions, and sequential consistency. Properties of data-race exceptions enable conflict detection. Exploit data-race exceptions in concurrent garbage collection. Low-level data-race exceptions have subtle implications. Conclusions

• utline

8

data race

a pair of concurrent, conflicting accesses

x := 1 r1 := y y := 1 Thread 1 Thread 2

time

data race r2 := x release(m) acquire(m)

synchronization

9

x := 1 r1 := y y := 1 Thread 1 Thread 2

time

data race r2 := x release(m) acquire(m)

synchronization

10

exception on second access

data-race exceptions

guarantee either data-race-free or exception

x := 1 r1 := y y := 1 Thread 1 Thread 2

time

data race r2 := x release(m) acquire(m)

synchronization

10

exception on second access

data-race exceptions

guarantee either data-race-free or exception

x := 1 r1 := y y := 1 Thread 1 Thread 2

time

data race r2 := x release(m) acquire(m)

synchronization

exception

10

exception on second access

Java/C++

DRF ⇒ SC

Data-race exceptions

DRF ⊕ exception and SC or exception

⇓

11

data-race exceptions in HW

precise Suspend the thread just before its racy access. Respect program order. handleable Deliver a trap with information about the race. y := 1 ... race r2 := x acquire(m) r3 := z

exception delivery time

12

Concurrent Garbage Collection

Concurrent mark-sweep: atomic/consistent heap traversal tri-color marking and write barriers Concurrent copying/moving: atomic object copying Piggyback on STM runtime [McGachey et al., PPoPP 2008] Lock-free algorithms [Pizlo et al., ISMM 2007, PLDI 2008]

concurrent GC

13

Heap

reachable, refs visited reachable, refs unvisited unreachable/unknown

mark-sweep

14

GC thread

next next next

a b c gray(a) Mutator

Heap

reachable, refs visited reachable, refs unvisited unreachable/unknown

mark-sweep

14

GC thread

next next next

a b c gray(a) gray(a.next) Mutator

Heap

mark-sweep

15

GC thread

next next next

a b c gray(a) gray(a.next)

reachable, refs visited reachable, refs unvisited unreachable/unknown

Mutator

Heap

mark-sweep

15

GC thread

next next next

a b c gray(a) gray(a.next)

reachable, refs visited reachable, refs unvisited unreachable/unknown

black(a) Mutator

Heap

mark-sweep

16

GC thread Mutator

next next next

a b c gray(a) gray(a.next) black(a)

reachable, refs visited reachable, refs unvisited unreachable/unknown

Heap

mark-sweep

16

GC thread Mutator

next next next

a b c gray(a) gray(a.next) black(a) n := a.next

a.next := a.next.next

n.next := null

reachable, refs visited reachable, refs unvisited unreachable/unknown

Heap

mark-sweep

16

GC thread Mutator

next next next

a b c gray(a) gray(a.next) black(a) n := a.next

a.next := a.next.next

n.next := null

reachable, refs visited reachable, refs unvisited unreachable/unknown

gray(b.next) black(b)

Heap

mark-sweep

17

GC thread Mutator

next next

a b

next

c gray(a) gray(a.next) black(a) n := a.next

a.next := a.next.next

n.next := null gray(b.next) black(b)

reachable, refs visited reachable, refs unvisited unreachable/unknown

Heap

mark-sweep

17

GC thread Mutator

next next

a b gray(a) gray(a.next) black(a) n := a.next

a.next := a.next.next

n.next := null gray(b.next) black(b) collect(c)

✘

reachable, refs visited reachable, refs unvisited unreachable/unknown

Heap

mark-sweep

17

GC thread Mutator

next next

a b gray(a) gray(a.next) black(a) n := a.next

a.next := a.next.next

n.next := null gray(b.next) black(b) collect(c)

✘

reachable, refs visited reachable, refs unvisited unreachable/unknown

Heap

mark-sweep

18

GC thread Mutator

next next next

a b c gray(a) gray(a.next) black(a) n := a.next

reachable, refs visited reachable, refs unvisited unreachable/unknown

Heap

mark-sweep

18

GC thread Mutator

next next next

a b c gray(a) gray(a.next) black(a) n := a.next

a.next := a.next.next

reachable, refs visited reachable, refs unvisited unreachable/unknown

gray(c)

Heap

mark-sweep

19

GC thread Mutator

next next next

a b c gray(a) gray(a.next) black(a) n := a.next

a.next := a.next.next

reachable, refs visited reachable, refs unvisited unreachable/unknown

gray(c)

Heap

mark-sweep

19

GC thread Mutator

next next next

a b c gray(a) gray(a.next) black(a) n := a.next

a.next := a.next.next

n.next := null

reachable, refs visited reachable, refs unvisited unreachable/unknown

gray(b.next) black(b) gray(c)

Heap

mark-sweep

20

GC thread Mutator

next next next

a b c gray(a) gray(a.next) black(a) n := a.next

a.next := a.next.next

n.next := null

reachable, refs visited reachable, refs unvisited unreachable/unknown

gray(b.next) black(b) gray(c)

Heap

mark-sweep

20

GC thread Mutator

next next next

a b c gray(a) gray(a.next) black(a) n := a.next

a.next := a.next.next

n.next := null

reachable, refs visited reachable, refs unvisited unreachable/unknown

gray(b.next) black(b) gray(c.next) black(c) gray(c)

Heap

mark-sweep

21

GC thread Mutator

next next next

a b c gray(a) gray(a.next) black(a) n := a.next

a.next := a.next.next

n.next := null

reachable, refs visited reachable, refs unvisited unreachable/unknown

gray(b.next) black(b) gray(c.next) black(c) gray(c)

Heap

mark-sweep

21

GC thread Mutator

next next next

a b c gray(a) gray(a.next) black(a) n := a.next

a.next := a.next.next

n.next := null

reachable, refs visited reachable, refs unvisited unreachable/unknown

gray(b.next) black(b) gray(c.next) black(c) gray(c)

Heap

mark-sweep

21

GC thread Mutator

next next next

a b c gray(a) gray(a.next) black(a) n := a.next

a.next := a.next.next

n.next := null

reachable, refs visited reachable, refs unvisited unreachable/unknown

gray(b.next) black(b) gray(c.next) black(c)

exception: gray(c)

gray(c)

Heap

mark-sweep

21

GC thread Mutator

next next next

a b c gray(a) gray(a.next) black(a) n := a.next

a.next := a.next.next

n.next := null

reachable, refs visited reachable, refs unvisited unreachable/unknown

gray(b.next) black(b) gray(c.next) black(c)

exception: gray(c)

gray(c)

exception: ???

Extensions for implementing GC with DREs

Erase tracks Remove and replace last reads and last writes. Racy read Record and execute a read even if it races. Data-carrying exceptions Deliver a racing write value to a racing read. ...

extensions for GC

22

23

Use HW data-race exceptions in runtime systems.

SO FAR

23

Use HW data-race exceptions in runtime systems. Do guarantees from HW data-race exceptions apply at the program level?

SO FAR NOW

hardware hypervisor source program compiler garbage collector

• perating system

24

high-level support

hardware hypervisor source program compiler garbage collector

• perating system

24

hardware hypervisor source program compiler garbage collector

• perating system

25

hardware hypervisor source program compiler garbage collector

• perating system

25

non-program accesses and sync.{

Running GC on top of DRE

Movement Race-detector state must follow moved objects atomically. Invisibility Only program heap writes should be seen by the race detector. GC writes to the heap should be ignored. No transitive ordering GC must not induce ordering between mutators.

caveats for any GC

26

hardware hypervisor source program compiler garbage collector

• perating system

data-race exceptions

27

cooperation vs. abstraction

Luis said I should have this slide.

More details on concurrent GC using data-race exceptions Lock elision with no rollback support Conflict races and conflict-race exceptions

also in the paper...

28

Conclusions

Data-race exceptions have benefits beyond the memory model. Exceptions make races impossible. Attempted races are exceptional, but legal. Data-race exceptions enable general conflict detection for runtime systems like concurrent GC. Low-level data-race detection has subtle implications.

conclusions

29

30

This slide intentionally not left blank.

conflict race

data race across synchronization-free regions running concurrently in real time

time

Thread 1 Thread 2 wr y conflict race wr x rd y rd x ... rd x data race, no conflict race

31

time

Thread 1 Thread 2 wr y conflict race wr x rd y rd x ... rd x data race, no conflict race

32

conflict-race exceptions

guarantee sequential consistency or exception

time

Thread 1 Thread 2 wr y conflict race wr x rd y rd x ... rd x data race, no conflict race

32

conflict-race exceptions

guarantee sequential consistency or exception

time

Thread 1 Thread 2 wr y conflict race wr x rd y rd x ... rd x data race, no conflict race

exception

32

Best-effort automatic recovery from conflict races

Thread 1 Thread 2 rd x conflict race wr x wr y rd x rd y ... 1 2 [delay] ! "

time

33

Best-effort automatic recovery from conflict races

Thread 1 Thread 2 rd x conflict race wr x wr y rd x rd y ... 1 2 [delay] ! "

exception time

33

Best-effort automatic recovery from conflict races

Thread 1 Thread 2 rd x conflict race wr x wr y rd x rd y ... 1 2 [delay] ! "

exception success time

33

GC Thread Mutator Resulting Heap tmp = o.x

• '.x = tmp
• .forward = o'

p = o.forward p.x = 2 p = o.forward p.x = 1 forward

• x

1 forward

• x

1 forward

• x

2 forward

• x

2 forward

• '

x 1 forward

• '

x 1 forward

• '

x 1 2 3 4 R-W race

• ' = malloc(...)
• '.forward = o'

forward

• '

x 1 forward

• x

1

moving/copying

34

GC Thread Mutator Resulting Heap tmp = o.x

• '.x = tmp
• .forward = o'

p = o.forward p.x = 2 p = o.forward p.x = 1 forward

• x

1 forward

• x

1 forward

• x

2 forward

• x

2 forward

• '

x 1 forward

• '

x 1 forward

• '

x 1 2 3 4 R-W race

• ' = malloc(...)
• '.forward = o'

forward

• '

x 1 forward

• x

1

moving/copying

34

GC Thread Mutator Resulting Heap tmp = o.x

• '.x = tmp
• .forward = o'

p = o.forward p.x = 2 p = o.forward p.x = 1 forward

• x

1 forward

• x

1 forward

• x

2 forward

• x

2 forward

• '

x 1 forward

• '

x 1 forward

• '

x 1 2 3 4 R-W race

• ' = malloc(...)
• '.forward = o'

forward

• '

x 1 forward

• x

1

moving/copying

34

GC Thread Mutator Resulting Heap tmp = o.x

• '.x = tmp
• .forward = o'

p = o.forward p.x = 2 p = o.forward p.x = 1 forward

• x

1 forward

• x

1 forward

• x

2 forward

• x

2 forward

• '

x 1 forward

• '

x 1 forward

• '

x 1 2 3 4 R-W race

• ' = malloc(...)
• '.forward = o'

forward

• '

x 1 forward

• x

1

moving/copying

34

GC Thread Mutator Resulting Heap tmp = o.x

• '.x = tmp
• .forward = o'

p = o.forward p.x = 2 p = o.forward p.x = 1 forward

• x

1 forward

• x

1 forward

• x

2 forward

• x

2 forward

• '

x 1 forward

• '

x 1 forward

• '

x 1 2 3 4 R-W race

• ' = malloc(...)
• '.forward = o'

forward

• '

x 1 forward

• x

1

moving/copying

34