semanti tics f for locking s specifications
play

Semanti tics f for locking s specifications Mich chael D. - PowerPoint PPT Presentation

Feb 02, 2023 •264 likes •499 views

Semanti tics f for locking s specifications Mich chael D. Ernst, Dam amia iano Macedonio, Mass assim imo Me Merr rro, Fa Fausto Spo Spoto University of Washington, USA Universit di Verona, Italy NFM 2016 Concurren ency: essen

  1. Semanti tics f for locking s specifications Mich chael D. Ernst, Dam amia iano Macedonio, Mass assim imo Me Merr rro, Fa Fausto Spo Spoto University of Washington, USA Università di Verona, Italy NFM 2016

  2. Concurren ency: essen ential b but e error-prone +Essential for performance (exploit multiple cores) +Design component of GUIs - Data races: concurrent access to shared data • easy mistake to make • leads to corrupted data structures • difficult to reproduce and diagnose

  3. Thr Thread-unsaf afe c e code class BankAccount { int balance; void withdraw(int amount) { int oldBal = this.balance; int newBal = oldBal - amount; this.balance = newBal; } ...

  4. Da Data r a race ce Shared account Initial balance = 500 exa xample Thread 1: Thread 2: sharedAccount.withdraw(50) sharedAccount.withdraw(100) 500 500 int oldBal = this.balance; int oldBal = this.balance; 500 100 500 int newBal = oldBal - amount; 50 int newBal = oldBal - amount; 400 this.balance = newBal; this.balance = newBal; 450 Withdrawals = 150 Final balance = 450

  5. Solution: : locking class BankAccount { Locking: Object acctLock; int balance; int balance; • Only one thread @GuardedBy(“acctLock”) int balance; can aquire the lock • No concurrent void withdraw(int amount) { synchronized (acctLock) { access to data • Which lock to hold? int oldBal = this.balance; int newBal = oldBal - amount; Key issues: this.balance = newBal; Names vs. values • } Aliasing • }

  6. Lock cking disci cipli line = which l locks t to h hold w when a accessing w g what d data @GuardedBy("lock1") int w; @GuardedBy("lock2") int x; @GuardedBy("lock2") int y; int z; • Write locking discipline as documentation and for use by tools • @GuardedBy [Goetz 2006] is a de-facto standard • On GitHub, 35,000 uses in 7,000 files • Its semantics is informal, ambiguous, and incorrect (allows data races) • Similar problems with other definitions

  7. Contributions • Formal semantics for locking disciplines • unambiguous • prevents data races • two variants: value-based, name-based • Two implementations: • type-checker that validates use of locking • inference tool that infers locking discipline • Experiments: programmer-written @GuardedBy : • are often inconsistent with informal semantics • permit data races even when consistent

  8. Each object is Concurrency b background associated with a monitor or intrinsic lock . specification of locking discipline Date d = new Date(); synchronized @GuardedBy("d") List lst = ...; statement or method locks guard expression; guard expression; synchronized (d) { the monitor. arbitrary, e.g. a.b().f arbitrary, e.g. a.b().f lst.add(...) lst.remove(...) Exiting the statement or otherList = lst; Our implementations method unlocks } handle explicit locks too. the monitor.

  9. Guard expression: Guard expression: Value Aliases? Yes Aliases? • • Defining a g a locking d g discipline protection Reassignment? No Reassignment? • • answers Scoping? Yes Side effects? • • Def site Scoping? • Informally: “If program element x is annotated by @GuardedBy( L ), a thread may only use x Element being guarded: Element being guarded: Value Name or value? Name or value? while holding the lock L .” • • Yes Aliases? Aliases? • • Yes Reassignments? Reassignments? • • Yes MyObject lock; Side effects? Side effects? • • @GuardedBy("lock.field") Pair shared; @GuardedBy("lock.field") Pair alias; What is a use? What is a use? synchronized (lock.field) { Any occurrence of name? ← current Occurrence of name? • • shared.a = 22; Dereferences of name? Dereference of name? ( x.f ) • • Dereferences of value? ← better alias = shared; Dereference of value? • • }

  10. MyObject lock; @GuardedBy("lock") Pair shared; Pair alias; Name p e protec ection Value p e protec ection … no not na name pr protection … … not v t value p protecti tion synchronized (lock) { shared = alias; alias = shared; synchronized (lock) { } shared.a = ... alias.a = ... } Suffers a data race No data race

  11. Locking discipline seman antics cs providing g value protec ection type qualifier @GuardedBy("lock") Pair shared; type variable Suppose expression x has type: @GuardedBy( L ) C A use is a dereference Type system constraint; may lock an alias When the program dereferences a value that has ever been bound to x , the program holds the lock on the value of expression L . The referent of L must not change while the thread holds the lock. cv No reassignment of guard expression. Side effects permitted (do not affect the monitor).

  12. Locking discipline seman antics cs providing g name me protec ection @GuardedBy("lock") Pair shared; variable annotation type variable Suppose variable v is declared as @GuardedBy( L ) A use is a variable read or write No aliasing permitted When the program accesses v , which must not be aliased, the program holds the lock on the value of expression L . L may only be “itself” or “this”. Guarantees L always evaluates to the same value

  13. Key contributions • Two formal semantics (name-based and value-based) • Core calculus based on RaceFreeJava [Abadi TOPLAS 2006] • Structural Operational Semantics • Definitions of accessed variables and dereferenced locations • Proofs of correctness • By contradiction: • assume data race • show locking discipline must have been violated

  14. Static c anal alysis is of a a lock ckin ing d disci cipli line • Goal is to determine facts about values • Program is written in terms of facts about variables • Analysis computes an approximation (an abstraction) • of values each expression may evaluate to • of locks currently held by the program • Both abstractions are sound

  15. Enforcem emen ent o of v value e semantics [Ernst ICSE 2016] via t a type-ch check ckin ing Type rule: If x : @GB ( L ) , then L must be held when x is dereferenced Type system also supports • method pre/postconditions ( @Holding annotations) • side effect annotations • No two @GuardedBy annotations • type qualifier polymorphism are related by subtyping • reflection • Why not @GB ( L1 ) <: @GB ( L1 , L2 )? • flow-sensitive type inference • Side effects and aliasing

  16. Inference of of b bot oth sem emantic ics via a a abstract act i interpretation [Spoto TOPLAS 2003] Expression e is @GuardedBy( L ) if e ’s fields are [Nikolic ICTAC 2012] accessed only when Acquired on entry to L is held sync(…) { … } . Released on exit or side effect.

  17. Infer eren ence i e implem ementation 1. Where is the guarded element used? • Name protection: syntactic uses of variable • Value protection: estimate via creation points analysis 2. What expressions are locked at those points? • Definite aliasing analysis • Side effect analysis • Viewpoint adaptation (contextualization) Whole-program analysis • Makes closed-world assumption • Type-checking is modular, incremental

  18. Experimental e evaluation of value semantics [Ernst ICSE 2016] • 15 programs, 1.3 MLOC • BitcoinJ, Daikon, Derby, Eclipse, Guava, Jetty, Velicity, Zookeeper, Tomcat, … • 5 contain programmer-written @GuardedBy annotations • 661 correct annotations • Candidates: annotations written by the programmer or inferred by our tool • Correct: program never suffers a data race on the element • Determined by manual analysis • Results: • Inference: precision 100%, recall 83% • Type-checking: precision 100%, recall 99% • Programmers: precision 50%, recall 42%

  19. Programmer er mistakes es Errors in every program that programmers annotated with respect to both value and name semantics • Creating external aliases • Lock writes but not reads • Syntax errors • Omitted annotations

  20. Implementations • Type checker: • Lock Checker, distributed with the Checker Framework • http://CheckerFramework.org/ • Live demo: http://eisop.uwaterloo.ca/live • Inference: • Julia abstract interpretation • http://juliasoft.com/

  21. Rela elated wor ork • Name-based semantics: JML, JCIP, rccjava [Abadi TOPLAS 2006], … • Heuristic checking tools: Warlock, ESC/Modula-3, ESC/Java • Unsound inference: [Naik PLDI 2006] uses may-alias, [Rose CSJP 2004] is dynamic • Sound inference for part of Java [Flanagan SAS 2004] • Type-and-effect type systems: heavier-weight, detects deadlocks too • Ownership types

  22. Contributions • Formal semantics for locking disciplines • unambiguous • prevents data races • two variants: value-based, name-based • Two implementations: • type-checker that validates use of locking discipline (@GuardedBy) • inference tool that infers locking discipline (@GuardedBy) • Experiments: programmer-written @GuardedBy: • are often inconsistent with informal semantics • permit data races even when consistent with informal semantics

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Tics, Tourettes Rationale and DSM V Tics are the most common movement disorder seen in

Tics, Tourettes Rationale and DSM V Tics are the most common movement disorder seen in

Tics in Childhood Tics, Tourettes Rationale and DSM V Tics are the most common movement disorder seen in childhood. Thomas K. Koch, MD Primary care providers are often reluctant to Credit Unions for Kids diagnose Tourettes

455 views • 10 slides
13th LSF A Logial and Semanti F ramew o rks, with Appliations UF C, F o rtaleza,

13th LSF A Logial and Semanti F ramew o rks, with Appliations UF C, F o rtaleza,

13th LSF A Logial and Semanti F ramew o rks, with Appliations UF C, F o rtaleza, CE Ma rus Ramos Some Appliations Septemb er 26th, 2018 1 / 29 Some Appliations of the F o rmalization of the Pumping Lemma

528 views • 29 slides
Pediatric Neurology Pearls 8yo boy, with tics and Obsessive Compulsive (OC) symptoms Onset

Pediatric Neurology Pearls 8yo boy, with tics and Obsessive Compulsive (OC) symptoms Onset

2/14/2019 Case #1 Pediatric Neurology Pearls 8yo boy, with tics and Obsessive Compulsive (OC) symptoms Onset of simple tics 2 years prior- sniff, snort, deep breathe, tapping fingers, palilalia CHILDHOOD ACUTE ONSET NEUROPSYCHIATRIC

281 views • 13 slides
Mathema thematics tics Up Upda date te Lya R. Snell, Ph.D., Mathematics Program Manager Mike

Mathema thematics tics Up Upda date te Lya R. Snell, Ph.D., Mathematics Program Manager Mike

Richard Woods, Georgias School Superintendent Educating Georgias Future gadoe.org 20 2019 19 Geo eorgia gia Mathema thematics tics Summit mit Mathema thematics tics Up Upda date te Lya R. Snell, Ph.D., Mathematics

837 views • 44 slides
Ins Instanc nce segm segmen enta tati tion on CV3DST | Prof. Leal-Taix 1 Se Semanti

Ins Instanc nce segm segmen enta tati tion on CV3DST | Prof. Leal-Taix 1 Se Semanti

Ins Instanc nce segm segmen enta tati tion on CV3DST | Prof. Leal-Taix 1 Se Semanti ntic c segmenta ntati tion Label every pixel, including the background (sky, grass, road) Do not differentiate between the pixels coming from

1.29k views • 106 slides
Sem Semanti tic c segm segmen enta tati tion on CV3DST | Prof. Leal-Taix 1 Ta Task d

Sem Semanti tic c segm segmen enta tati tion on CV3DST | Prof. Leal-Taix 1 Ta Task d

Sem Semanti tic c segm segmen enta tati tion on CV3DST | Prof. Leal-Taix 1 Ta Task d defin init itio ion: s semantic ic s segm gmentatio ion Classify the main object in the image. CAT , GRASS, TREE, SKY No objects, just

1.29k views • 95 slides
CS533 Concepts of Operating Systems Linux Kernel Locking Techniques Intro to kernel locking

CS533 Concepts of Operating Systems Linux Kernel Locking Techniques Intro to kernel locking

CS533 Concepts of Operating Systems Linux Kernel Locking Techniques Intro to kernel locking techniques (Linux) Why do we need locking in the kernel? o Which problems are we trying to solve? What implementation choices do we have? o Is

407 views • 30 slides
LOCKING CS 2550 / Spring 2006 Principles of Database Systems 10 Locking Alexandros

LOCKING CS 2550 / Spring 2006 Principles of Database Systems 10 Locking Alexandros

LOCKING CS 2550 / Spring 2006 Principles of Database Systems 10 Locking Alexandros Labrinidis University of Pittsburgh 2 Alexandros Labrinidis, Univ. of Pittsburgh CS 2550 / Spring 2006 Centralized DBMS Locking T 1 T 2 T n

400 views • 10 slides
Orthogonal key-value locking Goetz Graefe, Hideaki Kimura Hewlett-Packard Laboratories Palo Alto,

Orthogonal key-value locking Goetz Graefe, Hideaki Kimura Hewlett-Packard Laboratories Palo Alto,

Orthogonal key-value locking Goetz Graefe, Hideaki Kimura Hewlett-Packard Laboratories Palo Alto, Cal. Madison, Wis. ARIES/KVL What about non-key updates? February 27, 2015 Orthogonal key-value locking 8 ARIES/IM Data-only locking

337 views • 23 slides
A Crash Course on A Crash Course on Temporal Specifications Temporal Specifications [Kansas

A Crash Course on A Crash Course on Temporal Specifications Temporal Specifications [Kansas

A Crash Course on A Crash Course on Temporal Specifications Temporal Specifications [Kansas State] John Hatcliff Work on specification patterns by Matthew Dwyer, Jay Corbett, and George Avrunin http://www.cis.ksu.edu/santos/bandera

303 views • 29 slides
Up-Down Wheelchair 2.009 Silver A Design Specifications Requirements Attributes Specifications

Up-Down Wheelchair 2.009 Silver A Design Specifications Requirements Attributes Specifications

Up-Down Wheelchair 2.009 Silver A Design Specifications Requirements Attributes Specifications Reach Lift System Seat height 9-33 Wheel brakes, Handles 100kg Sliding bearings without tipping Safety and stability Weight Hydraulic jack 1500N

298 views • 13 slides
H. Wilson Company This Is The Ultimate Presentation Cart! F u t u r e e h ! T o t n

H. Wilson Company This Is The Ultimate Presentation Cart! F u t u r e e h ! T o t n

WTPSSCE Model Sound Presentation 47 LBS. WPS4HDE MODEL FEATURES WEIGHT M.S.R.P. WPS80E Open Shelf $445.00 Casters! WPS81E One Locking Cabinet 56 LBS. $495.00 WPS82E Two Locking Cabinets 65 LBS. WPS4CE Duty 4 All Models This

328 views • 8 slides
EPUB in the Wild Liz Castro @lizcastro http://PigsGourdsandWikis.com

EPUB in the Wild Liz Castro @lizcastro http://PigsGourdsandWikis.com

EPUB in the Wild Liz Castro @lizcastro http://PigsGourdsandWikis.com http://www.elizabethcastro.com/epub Specifications Specifications Specifications Specifications Specifications Specifications Specifications Specifications

712 views • 58 slides
Owen S. Hofmann, Xuan Wang, Emmett Witchel, Donald E. Porter 1 Fine-grained locking -

Owen S. Hofmann, Xuan Wang, Emmett Witchel, Donald E. Porter 1 Fine-grained locking -

Sangman Kim , Michael Z. Lee, Alan M. Dunn, Owen S. Hofmann, Xuan Wang, Emmett Witchel, Donald E. Porter 1 Fine-grained locking - Bug-prone, hard to maintain Parallelism - OS provides poor support Coarse-grained locking - Reduced

536 views • 34 slides
blocking synchronization Yang Xu Outline Disadvantages of locking Hardware support for

blocking synchronization Yang Xu Outline Disadvantages of locking Hardware support for

Atomic variables and non- blocking synchronization Yang Xu Outline Disadvantages of locking Hardware support for concurrency Atomic variable classes Non-blocking algorithms Disadvantages of locking A lot of overhead

414 views • 13 slides
Higher Level Synchronization 9A. Practical Problems locking and waiting Operating Systems

Higher Level Synchronization 9A. Practical Problems locking and waiting Operating Systems

4/24/2016 Higher Level Synchronization 9A. Practical Problems locking and waiting Operating Systems Principles 9B. Semaphores and Condition Variables 9C. File Level Locking Higher Level Synchronization 9D. Bottlenecks, Contention and

206 views • 7 slides
High Availability iRODS System (HAIRS) Yutaka Kawai, KEK Adil Hasan, ULiv March 25th, 2010

High Availability iRODS System (HAIRS) Yutaka Kawai, KEK Adil Hasan, ULiv March 25th, 2010

KEK H IGH E NERGY A CCELERATOR R ESEARCH O RGANIZATION High Availability iRODS System (HAIRS) Yutaka Kawai, KEK Adil Hasan, ULiv March 25th, 2010 iRODS User Meeting @ UNC in Chapel Hill, USA -- Yutaka (KEK), Adil (ULiv) 1 Outline

540 views • 30 slides
1 EHRs in US Hospitals, 2008-2016 The Big Picture: Two Transformational Trends ~95% ~75%

1 EHRs in US Hospitals, 2008-2016 The Big Picture: Two Transformational Trends ~95% ~75%

Disclosures Royalties for writing/editing several books from Lippincott Williams &amp; Wilkins and McGraw-Hill Stock options for serving on the board of Accuity Achieving the Promise of Digital Health: Medical Management Systems (medical

611 views • 7 slides
Workforce Planning from a Health System Perspective Rhonda Anderson, RN, DNSC(h), FAAN, FACHE

Workforce Planning from a Health System Perspective Rhonda Anderson, RN, DNSC(h), FAAN, FACHE

Workforce Planning from a Health System Perspective Rhonda Anderson, RN, DNSC(h), FAAN, FACHE December 6, 2017 2016 CPI AHA Board identified workforce as topic for 2016 Committee on Performance Improvement (CPI) Central theme: Hospitals

608 views • 36 slides
FUNDRAISING CAMPAIGNS CIVICON APRIL 2012 2 Agenda Challenge and Opportunities Our

FUNDRAISING CAMPAIGNS CIVICON APRIL 2012 2 Agenda Challenge and Opportunities Our

1 FUNDRAISING CAMPAIGNS CIVICON APRIL 2012 2 Agenda Challenge and Opportunities Our objectives Our approach Results (2011) Next steps 2012 How the community can help 3 Challenges facing non-profits Giving down &amp; competition up

475 views • 14 slides
What Is There to Be Skeptical About? About the Fantastic Success of Deep Learning &amp; The

What Is There to Be Skeptical About? About the Fantastic Success of Deep Learning &amp; The

What Is There to Be Skeptical About? About the Fantastic Success of Deep Learning &amp; The Imperative of Incorporating Priors Into Learning Oliver Brock Robotics and Biology Laboratory The Fantastic Success of Deep Learning Lots of blowout

629 views • 35 slides
OFBiz Development with Docker http://ofbiz.apache.org http://docker.io/ 2015-04-15

OFBiz Development with Docker http://ofbiz.apache.org http://docker.io/ 2015-04-15

OFBiz Development with Docker http://ofbiz.apache.org http://docker.io/ 2015-04-15 OFBIZ.APACHE.ORG - PRELIMINARY 1 What is OFBiz? http://ofbiz.apache.org/ 2015-04-15 OFBIZ.APACHE.ORG - PRELIMINARY 2 OFBiz Java ERP 873 tables,

705 views • 25 slides
Coaching approaches in personal academic tutoring With a focus on remote tutoring and helping

Coaching approaches in personal academic tutoring With a focus on remote tutoring and helping

Tutoring Matters Webinar Series Coaching approaches in personal academic tutoring With a focus on remote tutoring and helping students feel in control and connected Welcome! Todays seminar starts at 2pm BST. Please MUTE your microphone. You

773 views • 35 slides
/ / / / Derby project Outline: A 198 million track &amp; signalling scheme The

/ / / / Derby project Outline: A 198 million track &amp; signalling scheme The

/ / / / Derby project Outline: A 198 million track &amp; signalling scheme The signalling equipment around Derby Station is nearing the end of its operational life The track layout is nearly 50 years old Since track &amp;

305 views • 7 slides

More recommend