Programming Language Memory Models: What do Shared Variables Mean?
Marathon - RV2011
1. Marathon: Detecting Atomic-
Set Serializability Violations
with Conflict Graphs
William Sumner Christian Hammer Julian Dolby
Purdue Utah State IBM Watson
RV 2011 - September 2011 - San Francisco, CA
Thursday, September 29, 2011 1
2. Outline
Motivation: finding concurrency errors
Approach: atomic sets and serializability
Implementation: conflict graphs
Results
Related work and conclusions
Thursday, September 29, 2011 2
3. Finding Concurrency Errors
Parallel hardware is ubiquitous, even phones
Software must exploit this concurrency
Concurrency allows new kinds of bugs
Multiple threads simultaneously access data
Bugs when simultaneous access is “incorrect”
Thursday, September 29, 2011 3
4. Atomic Sets
class Point {
double x;
double y;
}
Fields x and y make up a logical point
Fields x and y denote an atomic set
Atomic Set Serializability
Concurrent operations see consistent points
Thursday, September 29, 2011 4
5. Units of Work
class Point { Threads
double x; move mag
double y; x x
}
x
void move(int x, int y) {
this.x += x; x y
this.y += y; y y
}
y
double mag() {
return Math.sqrt(x*x+y*y);
}
Thursday, September 29, 2011 5
6. Concurrency Errors
class Point { Threads
double x; move mag
double y; x x
}
x
void move(int x, int y) {
x
this.x += x;
this.y += y; y
} y
y
double mag() {
return Math.sqrt(x*x+y*y); y
}
Thursday, September 29, 2011 6
7. Concurrency Errors
Look for concurrency errors per atomic set
Improve accuracy:
Focus on related memory locations
Focus on conceptual units of work on them
Aid implementation:
Short-running units of work, small sets
Enables compact conflict graph structure
Thursday, September 29, 2011 7
8. Inferring Atomic Sets
Must infer atomic sets
Make approach applicable to existing code
Minimize burden on developer or tester
Exploit object structure to infer atomic sets
Assume each object defines an atomic set
Heuristics to include “child” objects
Thursday, September 29, 2011 8
9. “Child” Object Example
class Point { class Rectangle {
double x; Point ll;
double y; Point ur;
} }
double area() {
return
(ur.x - ll.x) * (ur.y - ll.y);
}
heuristic: direct access to field
of a field means field is a child
Thursday, September 29, 2011 9
10. Conflict Graph Implementation
A conflict graph records tasks, memory uses
A node in the graph is a unit of work
Edges capture memory dependence
write-read, read-write, write-write
Atomic sets model keep graph manageable
Individual units of work tend to be short
Old tasks can be garbage collected
Thursday, September 29, 2011 10
11. Conflict Graph Examples
move mag move mag
x x
x x
x x
x WAR
y
y y
y
RAW x
y y WAR
y y
Thursday, September 29, 2011 11
12. Evaluation
Assess quality of error reports
how many bugs?
false positives: not real bugs?
false negatives: missed known bugs?
Measure overhead
Suite of standard benchmarks and real codes
Thursday, September 29, 2011 12
14. Related Work
Low-level data races: do not denote errors
Atomicity: full heap atomicity vs atomic sets
Serializability: relaxed criteria vs atomic sets
Velodrome[]: bug focus, fuller implementation
Prior atomic sets: patterns vs conflict graph
Thursday, September 29, 2011 14
15. Conclusions
Efficient and sound concurrency bug finding
Overhead comparable or better than prior
Sound w.r.t. atomic set model
Atomic sets accurately model intent
Heuristics allow inference
Evaluated w.r.t. programmer intent
Few false positives and negatives
Future work: further refine heuristics
Thursday, September 29, 2011 15
16. Evaluation
resultBuf[i] = vector.getFreeBlockIndex();
if (resultBuf[i] != -1) {
vector.markAsAllocatedBlock(resultBuf[i]);
}
False negative example
API of AllocationVector not encapsulated
Requires client to synchronize pair of calls
Thursday, September 29, 2011 16