datacollider effective data race detection for the kernel
play

DataCollider: Effective Data-Race Detection for the Kernel John - PowerPoint PPT Presentation

Mar 12, 2023 •133 likes •890 views

DataCollider: Effective Data-Race Detection for the Kernel John Erickson, Madanlal Musuvathi, Sebastian Burckhardt, Kirk Olynyk Microsoft Windows and Microsoft Research {jerick, madanm, sburckha, kirko}@microsoft.com "Although threads seem

  1. DataCollider: Effective Data-Race Detection for the Kernel John Erickson, Madanlal Musuvathi, Sebastian Burckhardt, Kirk Olynyk Microsoft Windows and Microsoft Research {jerick, madanm, sburckha, kirko}@microsoft.com "Although threads seem to be a small step from sequential computation, in fact, they represent a huge step. They discard the most essential and appealing properties of sequential computation: understandability, predictability, and determinism." — From “The Problem with Threads,” by Edward A. Lee, IEEE Computer , vol. 25, no. 5, May 2006

  2. Windows case study #1 Thread A Thread B RestartCtxtCallback(...) RunContext(...) Thread B { { pctxt->dwfCtxt |= pctxt->dwfCtxt &= CTXTF_NEED_CALLBACK; ~CTXTF_RUNNING; } } • The OR’ing in of the CTXTF_NEED_CALLBACK flag can be swallowed by the AND’ing out of the CTXTF_RUNNING flag! • Results in system hang.

  3. Case study #1, assembled Thread A Thread B mov eax, [pctxt->dwfCtxt] mov eax, [pctxt->dwfCtxt] and eax, NOT 10h or eax, 20h mov [pctxt->dwfCtxt], eax mov [pctxt->dwfCtxt], eax EAX = ?? EAX = ?? pctxt->dwfCtxt = 11h

  4. Case study #1, assembled Thread A Thread B mov eax, [pctxt->dwfCtxt] mov eax, [pctxt->dwfCtxt] 1 and eax, NOT 10h or eax, 20h mov [pctxt->dwfCtxt], eax mov [pctxt->dwfCtxt], eax EAX = 11h EAX = ?? pctxt->dwfCtxt = 11h

  5. Case study #1, assembled Thread A Thread B mov eax, [pctxt->dwfCtxt] mov eax, [pctxt->dwfCtxt] 1 2 and eax, NOT 10h or eax, 20h mov [pctxt->dwfCtxt], eax mov [pctxt->dwfCtxt], eax EAX = 01h EAX = ?? pctxt->dwfCtxt = 11h

  6. Case study #1, assembled Thread A Thread B mov eax, [pctxt->dwfCtxt] mov eax, [pctxt->dwfCtxt] 1 2 and eax, NOT 10h or eax, 20h /* CONTEXT SWITCH */ mov [pctxt->dwfCtxt], eax mov [pctxt->dwfCtxt], eax EAX = 01h EAX = ?? pctxt->dwfCtxt = 11h

  7. Case study #1, assembled Thread A Thread B mov eax, [pctxt->dwfCtxt] mov eax, [pctxt->dwfCtxt] 1 3 2 and eax, NOT 10h or eax, 20h /* CONTEXT SWITCH */ mov [pctxt->dwfCtxt], eax mov [pctxt->dwfCtxt], eax EAX = 01h EAX = 11h pctxt->dwfCtxt = 11h

  8. Case study #1, assembled Thread A Thread B mov eax, [pctxt->dwfCtxt] mov eax, [pctxt->dwfCtxt] 1 3 2 and eax, NOT 10h or eax, 20h 4 /* CONTEXT SWITCH */ mov [pctxt->dwfCtxt], eax mov [pctxt->dwfCtxt], eax EAX = 01h EAX = 31h pctxt->dwfCtxt = 11h

  9. Case study #1, assembled Thread A Thread B mov eax, [pctxt->dwfCtxt] mov eax, [pctxt->dwfCtxt] 1 3 2 and eax, NOT 10h or eax, 20h 4 /* CONTEXT SWITCH */ mov [pctxt->dwfCtxt], eax mov [pctxt->dwfCtxt], eax 5 EAX = 01h EAX = 31h pctxt->dwfCtxt = 31h

  10. Case study #1, assembled Thread A Thread B mov eax, [pctxt->dwfCtxt] mov eax, [pctxt->dwfCtxt] 1 3 2 and eax, NOT 10h or eax, 20h 4 /* CONTEXT SWITCH */ mov [pctxt->dwfCtxt], eax mov [pctxt->dwfCtxt], eax 6 5 EAX = 01h EAX = 31h pctxt->dwfCtxt = 01h

  11. Case study #1, assembled Thread A Thread B mov eax, [pctxt->dwfCtxt] mov eax, [pctxt->dwfCtxt] 1 3 2 and eax, NOT 10h or eax, 20h 4 CTXTF_NEED_CALLBACK disappeared! /* CONTEXT SWITCH */ mov [pctxt->dwfCtxt], eax mov [pctxt->dwfCtxt], eax 6 5 (pctxt->dwfCtxt & 0x20 == 0) EAX = 01h EAX = 31h pctxt->dwfCtxt = 01h

  12. Windows case study #1 Thread A Thread B RestartCtxtCallback(...) RunContext(...) Thread B { { pctxt->dwfCtxt |= pctxt->dwfCtxt &= CTXTF_NEED_CALLBACK; ~CTXTF_RUNNING; or [ecx+40], 20h and [ecx+40], ~10h } } • Instructions appear atomic, but they are not!

  13. Data race definition  By our definition, a data race is a pair of memory accesses that satisfy all the below:  The accesses can happen concurrently  There is a non-zero overlap in the physical address ranges specified by the two accesses  At least one access modifies the contents of the memory location

  14. Importance  Very hard to reproduce  Timings can be very tight  Hard to debug  Very easy to mistake as a hardware error “bit flip”  To support scalability, code is moving away from monolithic locks  Fine-grained locks  Lock-free approaches

  15. Previous Techniques  Happens-before and lockset algorithms have significant overhead  Intel Thread Checker has 200x overhead  Log all synchronizations  Instrument all memory accesses  High overhead can prevent usage in the field  Causes false failures due to timeouts

  16. Challenges  Prior schemes require a complete knowledge and logging of all locking semantics  Locking semantics in kernel-mode can be homegrown, complicated and convoluted.  e.g. DPCs, interrupts, affinities

  17. DataCollider: Goals

  18. DataCollider: Goals 1. No false data races  Tradeoff between having false positives and reporting fewer data races

  19. False vs. Benign  False data race  A data race that cannot actually occur  Benign data race  A data race that can and does occur, but is intended to happen as part of normal program execution

  20. False vs. benign example Thread B Thread A MyLockAcquire(); MyLockAcquire(); gReferenceCount++; gReferenceCount++; MyLockRelease(); MyLockRelease(); gStatisticsCount++; gStatisticsCount++;

  21. False vs. Benign  False data race  A data race that cannot actually occur  Benign data race  A data race that can and does occur, but is intended to happen as part of normal program execution

  22. False vs. benign example Thread B Thread A MyLockAcquire(); MyLockAcquire(); gReferenceCount++; gReferenceCount++; MyLockRelease(); MyLockRelease(); gStatisticsCount++; gStatisticsCount++;

  23. DataCollider: Goals 2. User-controlled overhead  Give user full control of overhead – from 0.0x up  Fast vs. more races found

  24. DataCollider: Goals 3. Actionable data  Contextual information is key to analysis and debugging

  25. Insights

  26. Insights 1. Instead of inferring if a data race could have occurred, let’s cause it to actually happen!  No locksets, no happens-before

  27. Insights 2. Sample memory accesses  No binary instrumentation  No synchronization logging  No memory access logging  Use code and data breakpoints  Randomly selection for uniform coverage

  28. Intersection Metaphor

  29. Intersection Metaphor Memory Address = 0x1000

  30. Intersection Metaphor Memory Address = 0x1000 Hi, I’m Thread A!

  31. Intersection Metaphor Instruction stream Memory Address = 0x1000

  32. Intersection Metaphor Instruction stream I have the lock, so I get a green light. Memory Address = 0x1000

  33. Intersection Metaphor Instruction stream Memory Address = 0x1000

  34. Intersection Metaphor Memory Address = 0x1000 DataCollider

  35. Intersection Metaphor Memory Address = 0x1000 DataCollider

  36. Intersection Metaphor Please wait a moment, Thread A – we’re doing a routine check for data races. Memory Address = 0x1000 DataCollider

  37. Intersection Metaphor Memory Address = 0x1000 Value = 3 Data Breakpoint DataCollider

  38. Intersection Metaphor Memory Address = 0x1000 Value = 3 Data Breakpoint DataCollider

  39. Intersection Metaphor: Normal Case

  40. Intersection Metaphor: Normal Case Memory Address = 0x1000 Value = 3 Data Breakpoint DataCollider

  41. Intersection Metaphor: Normal Case Thread B Memory Address = 0x1000 Value = 3 Data Breakpoint DataCollider

  42. Intersection Metaphor: Normal Case I don’t’ have the lock, so I’ll have to wait. Memory Address = 0x1000 Value = 3 Data Breakpoint DataCollider

  43. Intersection Metaphor: Normal Case Nothing to see here. Let me remove this trap. Memory Address = 0x1000 Value = 3 Data Breakpoint DataCollider

  44. Intersection Metaphor: Normal Case Looks safe now. Sorry for the inconvenience. DataCollider

  45. Intersection Metaphor: Normal Case

  46. Intersection Metaphor: Data Race

  47. Intersection Metaphor: Data Race Memory Address = 0x1000 Value = 3 Data Breakpoint DataCollider

  48. Intersection Metaphor: Data Race Thread B Memory Address = 0x1000 Value = 3 Data Breakpoint DataCollider

  49. Intersection Metaphor: Data Race Locks are for wimps! Memory Address = 0x1000 Value = 3 Data Breakpoint DataCollider

  50. Intersection Metaphor: Data Race DataCollider

  51. Intersection Metaphor: Data Race

  52. Intersection Metaphor: Data Race DataCollider

  53. Intersection Metaphor: Data Race Looks safe now. Sorry for the inconvenience. DataCollider

  54. Intersection Metaphor: Data Race

  55. Implementation

  56. Sampling memory accesses with code breakpoints; part 1 Process Advantages  Zero base-overhead – no 1. Analyze target binary for memory access instructions. code breakpoints means 2. Hook the breakpoint handler. only the original code is 3. Set code breakpoints at a running. sampling of the memory access instructions.  No annotations required 4. Begin execution. – only symbols.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Effective Data-Race Detection for the Kernel John Erickson, Madanlal Musuvathi, Sebastian

Effective Data-Race Detection for the Kernel John Erickson, Madanlal Musuvathi, Sebastian

Effective Data-Race Detection for the Kernel John Erickson, Madanlal Musuvathi, Sebastian Burckhardt, Kirk Olynyk Microsoft Research Symposium on Operating Systems Design and Implementation (OSDI), October 2010 1 / 13 Motivation Finding data

611 views • 22 slides
Data-Race Detection for Interrupt-Driven Data-Races and Happens- Kernels Before Analyzing

Data-Race Detection for Interrupt-Driven Data-Races and Happens- Kernels Before Analyzing

Overview Problem Definition Interrupt- Driven Programs Data-Race Detection for Interrupt-Driven Data-Races and Happens- Kernels Before Analyzing FreeRTOS Kernel Library Nikita Chopra, Deepak DSouza and Rekha Pai Conclusion Indian

512 views • 21 slides
Looking Inside a Race Detector kavya @kavya719 data race detection data races when two+

Looking Inside a Race Detector kavya @kavya719 data race detection data races when two+

Looking Inside a Race Detector kavya @kavya719 data race detection data races when two+ threads concurrently access a shared memory location, at least one access is a write. data race // Shared variable R R R var count = 0 W R

691 views • 57 slides
RaceMob: Crowdsourced Data Race Detection Baris Kasikci, Cristian Zamfir, George Candea

RaceMob: Crowdsourced Data Race Detection Baris Kasikci, Cristian Zamfir, George Candea

RaceMob: Crowdsourced Data Race Detection Baris Kasikci, Cristian Zamfir, George Candea Presented By: Islam Harb 2014 Agenda Motivation Data Race Detection Classes RaceMob Implementation Evaluation 1 Motivation (The

455 views • 30 slides
Krace: Data Race Fuzzing for Kernel File Systems Meng Xu , Sanidhya Kashyap, Hanqing Zhao,

Krace: Data Race Fuzzing for Kernel File Systems Meng Xu , Sanidhya Kashyap, Hanqing Zhao,

Introduction Title Krace: Data Race Fuzzing for Kernel File Systems Meng Xu , Sanidhya Kashyap, Hanqing Zhao, Taesoo Kim May 1, 2020 Meng Xu (Georgia Tech) Krace: Data Race Fuzzing for Kernel File Systems 1 May 1, 2020 Introduction Data

847 views • 64 slides
Static Data Race Detection for SPMD Programs via an Extended Polyhedral Representation Prasanth

Static Data Race Detection for SPMD Programs via an Extended Polyhedral Representation Prasanth

Static Data Race Detection for SPMD Programs via an Extended Polyhedral Representation Prasanth Chatarasi, Jun Shirako, Vivek Sarkar Habanero Extreme Scale Software Research Group Department of Computer Science Rice University 6th

657 views • 37 slides
Data race detection for large OpenMP applications Ignacio Laguna, Harshitha Menon Lawrence

Data race detection for large OpenMP applications Ignacio Laguna, Harshitha Menon Lawrence

Data race detection for large OpenMP applications Ignacio Laguna, Harshitha Menon Lawrence Livermore National Laboratory Michael Bentley, Ian Briggs, Pavel Panchekha, Ganesh Gopalakrishnan University of Utah Hui Guo, Cindy Rubio Gonzlez

369 views • 24 slides
Detecting Data Races in Multi-Threaded Programs Eraser A Dynamic Data-Race Detector for

Detecting Data Races in Multi-Threaded Programs Eraser A Dynamic Data-Race Detector for

Detecting Data Races in Multi-Threaded Programs Eraser A Dynamic Data-Race Detector for Multi-Threaded Programs MultiRace An Efficient On-the-Fly Data-Race Detection Tool for Multi-Threaded C++ Programs John C. Linford Slide 1 / 31 Key

606 views • 31 slides
Razzer: Finding Kernel Race Bugs thro ugh Fuzzing Dae R. Jeong Kyungtae Kim Basavesh

Razzer: Finding Kernel Race Bugs thro ugh Fuzzing Dae R. Jeong Kyungtae Kim Basavesh

Razzer: Finding Kernel Race Bugs thro ugh Fuzzing Dae R. Jeong Kyungtae Kim Basavesh Shivakumar Byoungyoung Lee Insik Shin Korea Advanced Institute of Science and Technology Seoul National University Purdue

3.64k views • 23 slides
Learning From Data Lecture 25 The Kernel Trick Learning with only inner products The Kernel M.

Learning From Data Lecture 25 The Kernel Trick Learning with only inner products The Kernel M.

Learning From Data Lecture 25 The Kernel Trick Learning with only inner products The Kernel M. Magdon-Ismail CSCI 4100/6100 recap: Large Margin is Better Controling Overfitting Non-Separable Data 0.08 random hyperplane 2 w t w + C N E

576 views • 18 slides
Data Race-Free and Speculative Models Zach Pomper Maxwell Johnson DeNovo: Data Race-Free Model

Data Race-Free and Speculative Models Zach Pomper Maxwell Johnson DeNovo: Data Race-Free Model

Data Race-Free and Speculative Models Zach Pomper Maxwell Johnson DeNovo: Data Race-Free Model Modern consistency provides the programmer too much freedom Wild shared memory behaviors Requires sophisticated, complicated,

183 views • 15 slides
Race and Ethnicity Covariates Race and ethnicity are a good illustratjon of the trade-ofgs

Race and Ethnicity Covariates Race and ethnicity are a good illustratjon of the trade-ofgs

Race and Ethnicity Covariates Race and ethnicity are a good illustratjon of the trade-ofgs between clinical and research data Race and ethnicity data in prospectjvely collected research datasets are usually reliable and valid Questjon:

203 views • 6 slides
1 CPU Events: Interrupts and Exceptions CPU Events: Interrupts and Exceptions Protecting Entry

1 CPU Events: Interrupts and Exceptions CPU Events: Interrupts and Exceptions Protecting Entry

Processes and the Kernel Processes and the Kernel The kernel sets processes up process in private data data execution Processes, Protection and the Kernel: Processes, Protection and the Kernel: virtual contexts to address

540 views • 9 slides
Effective Change Detection Using Sampling Junghoo John Cho Alexandros Ntoulas UCLA

Effective Change Detection Using Sampling Junghoo John Cho Alexandros Ntoulas UCLA

Effective Change Detection Using Sampling Junghoo John Cho Alexandros Ntoulas UCLA Problem Polling Update Query Local database Remote database Application Web search engines/crawlers Web archive Data warehouse . . .

650 views • 30 slides
Learning From Data Lecture 26 Kernel Machines Popular Kernels The Kernel Measures Similarity

Learning From Data Lecture 26 Kernel Machines Popular Kernels The Kernel Measures Similarity

Learning From Data Lecture 26 Kernel Machines Popular Kernels The Kernel Measures Similarity Kernels in Different Applications M. Magdon-Ismail CSCI 4100/6100 recap: The Kernel Allows Us to Bypass Z -space Solve the QP 1

356 views • 12 slides
Race Race In D&D, race refers to any intelligent humanoid species Dwarf Elf

Race Race In D&D, race refers to any intelligent humanoid species Dwarf Elf

Race Race In D&D, race refers to any intelligent humanoid species Dwarf Elf Halfling Human Gnome Half-Elf Half-Orc Tiefling Race Select a race now and record it near the top Rock gnome of your character sheet

713 views • 43 slides
Concurrency: Threads Questions answered in this lecture: Why is concurrency useful? What is a

Concurrency: Threads Questions answered in this lecture: Why is concurrency useful? What is a

10/11/16 UNIVERSITY of WISCONSIN-MADISON Computer Sciences Department CS 537 Andrea C. Arpaci-Dusseau Introduction to Operating Systems Remzi H. Arpaci-Dusseau Concurrency: Threads Questions answered in this lecture: Why is concurrency

520 views • 24 slides
To thread or not to thread? Why PETSc favors MPI-only Plenary Discussion PETSc User Meeting 2016

To thread or not to thread? Why PETSc favors MPI-only Plenary Discussion PETSc User Meeting 2016

To thread or not to thread? Why PETSc favors MPI-only Plenary Discussion PETSc User Meeting 2016 Based on: MS35 - To Thread or Not To Thread April 13, 2016 SIAM PP , Paris The Big Picture The Big Picture

208 views • 9 slides
Multithreading Recursion Checkout Multithreading and Recursion project from SVN Joe Armstrong,

Multithreading Recursion Checkout Multithreading and Recursion project from SVN Joe Armstrong,

Multithreading Recursion Checkout Multithreading and Recursion project from SVN Joe Armstrong, Programming in Erlang Q1 A technique to: Run multiple pieces of code simultaneously on a single machine 1 1 1 1 1 Time Slices

455 views • 22 slides
CS 423 Operating System Design: Concurrency (more Threads) Professor Adam Bates Fall 2018

CS 423 Operating System Design: Concurrency (more Threads) Professor Adam Bates Fall 2018

CS 423 Operating System Design: Concurrency (more Threads) Professor Adam Bates Fall 2018 CS423: Operating Systems Design Goals for Today Learning Objectives: Dive yet further into concurrency and threading Announcements:

490 views • 31 slides
GPU Teaching Kit Accelerated Computing The GPU Teaching Kit is licensed by NVIDIA and the

GPU Teaching Kit Accelerated Computing The GPU Teaching Kit is licensed by NVIDIA and the

GPU Teaching Kit Accelerated Computing The GPU Teaching Kit is licensed by NVIDIA and the University of Illinois under the Creative Commons Attribution-NonCommercial 4.0 International License. Warps as Scheduling Units Block 1 Warps Block 2

481 views • 18 slides
Slides on thr Slides on threads eads borr borrowed by Chase owed by Chase Landon Cox Landon

Slides on thr Slides on threads eads borr borrowed by Chase owed by Chase Landon Cox Landon

Slides on thr Slides on threads eads borr borrowed by Chase owed by Chase Landon Cox Landon Cox Thr Thread states ead states Running Thread is Thread calls scheduled Lock or wait Thread is (or makes I/O request) Pre-empted (or yields) ?

825 views • 36 slides
FINISH SOME LEFTOVER C++ TOPICS Professor Ken Birman THEN: DEADLOCKS, LIVELOCKS CS4414 Lecture

FINISH SOME LEFTOVER C++ TOPICS Professor Ken Birman THEN: DEADLOCKS, LIVELOCKS CS4414 Lecture

FINISH SOME LEFTOVER C++ TOPICS Professor Ken Birman THEN: DEADLOCKS, LIVELOCKS CS4414 Lecture 16 CORNELL CS4414 - FALL 2020. 1 BEFORE WE DIVE IN First, a left over mini-topic: A quick glimpse of boolinq: A way to do database and

1.05k views • 45 slides
Real Time Java Real Time Java Filip Pizlo , Jan Vitek Filip Pizlo , Jan Vitek Purdue University

Real Time Java Real Time Java Filip Pizlo , Jan Vitek Filip Pizlo , Jan Vitek Purdue University

An Emprical Evaluation An Emprical Evaluation of of Memory Management Memory Management Alternatives Alternatives for for Real Time Java Real Time Java Filip Pizlo , Jan Vitek Filip Pizlo , Jan Vitek Purdue University Purdue University

606 views • 39 slides

More recommend