Semantic Atomicity for Multithreaded Programs!

Size: px

Start display at page:

Download "Semantic Atomicity for Multithreaded Programs!"

Percival Williams
5 years ago
Views:

1 P A R A L L E L C O M P U T I N G L A B O R A T O R Y Semantic Atomicity for Multithreaded Programs! Jacob Burnim, George Necula, Koushik Sen! Parallel Computing Laboratory! University of California, Berkeley!

2 Parallel Correctness is Hard! Difficult to write correct parallel software.! " Key: Interference between parallel threads.! " Atomicity freedom from harmful interference; a fundamental parallel correctness property.!! Today: Semantic atomicity.! " Specifying atomicity with respect to userdefined, semantic equivalence.! " Efficiently testing such specifications.! " Overall Goal: Lightweight, useful specs to help programmers find and fix parallelism bugs.! 2

3 Outline! Overview + Motivation!! Background: Atomicity!! Specifying Semantic Atomicity!! Testing Semantic Atomicity!! Experimental Evaluation!! Conclusion! 3

4 Background: Atomicity! Atomicity a non-interference property.! " Block of code is atomic if it behaves as if executed all-at-once and without interruption.! " Interference from other threads is benign cannot change overall program behavior.! 4

5 Background: Atomicity! Atomicity a non-interference property.! " Block of code is atomic if it behaves as if executed all-at-once and without interruption.! int bal = 0;! deposit(int a) {! int t = bal;! bal = t + a;! }! }! Atomic specification.! Programmer intends that this code is atomic.! Want to check specification.! Is the code actually atomic?! 5

6 Background: Atomicity! Atomicity a non-interference property.! " Block of code is atomic if it behaves as if executed all-at-once and without interruption.! Thread 1:! Thread 2:! int bal = 0;! deposit(int a) {! int t = bal;! bal = t + a;! }! }! deposit(10)! t = 0! bal = 10! deposit(5)! t = 0! bal = 5! Atomicity specification does not hold.! 6

7 Background: Atomicity! Atomicity a non-interference property.! " Block of code is atomic if it behaves as if executed all-at-once and without interruption. int bal = 0;! deposit(int a) {! int t = bal;! while (!CAS(&bal, t, t+a))! t = bal;! }! }! With CAS, updates to balance are atomic.! Atomicity specification does hold.! 7

8 Background: Atomicity! Formally: Two semantics for a program P with specified atomic blocks.! " Interleaved: Threads interleave normally.! Initial State s 0! interleaved execution E Final State s 1! " Serial: When one thread opens an atomic block, no other thread runs until it closes.! Initial State s 0! serial execution E Final State s 1! 8

9 Background: Atomicity! Formally, program P is atomic iff:! " For all interleaved executions E yielding s 1, there exists a serial E yielding an identical final state.! Initial State s 0! interleaved executions serial execution! Final State s 1! Final State s 1! q.equals(q )! s 1 == s 1! 9

10 Outline! Overview!! Background: Atomicity!! Specifying Semantic Atomicity!! Testing Semantic Atomicity!! Experimental Evaluation!! Conclusion! 10

11 Motivating Example ConcurrentLinkedQueue q;! q.add(1); q.add(1);! Thread 1: Thread {! q.remove(1); q.remove(1);! } }!! Michael & Scott non-blocking queue, in the Java standard library!! Internally, a linked list with lazy deletion.! 11

12 Motivating Example Thread 1: Thread {! q.remove(1); q.remove(1);! } }!! In any serial execution:! remove(1)! head:! null! 1! 1! head:! null! 1! remove(1)! head:! null! 12

13 Motivating Example Thread 1: Thread {! q.remove(1); q.remove(1);! } }!! But in an interleaved execution:! head:! null! 1! 1! remove(1)! remove(1)! head:! null! null! 13

14 Motivating Example Thread 1: Thread {! q.remove(1); q.remove(1);! } }!! Traditional atomicity requires:! null! null! Initial State s 0! interleaved executions serial execution! Final State s 1! Final State s 1! q.equals(q )! s 1 == s 1! 14

15 Motivating Example Thread 1: Thread {! q.remove(1); q.remove(1);! } }!! Traditional atomicity requires:! null! null! Initial State s 0! interleaved executions serial execution! Final State s 1! Final State s 1!! q.equals(q )! s 1 == s 1! null! 15

16 Motivating Example Thread 1: Thread {! q.remove(1); q.remove(1);! } }!! Traditional atomicity requires:! Initial State s 0! Replace with user-defined semantic equivalence.! null! null! interleaved executions serial execution! Final State s 1! Final State s 1!! q.equals(q )! s 1 == s 1! null! 16

17 Semantic Atomicity Initial State s 0! Thread 1: Thread {! q.remove(1); q.remove(1);! } }! Replace with user-defined semantic equivalence.! interleaved executions serial execution! Final State s 1! null! Final State s 1! null! "(s, s 1 1 #) q.equals(q )! null! 17

18 Semantic Atomicity Example Thread 1: Thread {! q.remove(1); q.remove(1);! } }! Atomicity predicate: q.equals(q )! Initial State s 0! interleaved executions serial execution! Final State s 1! Final State s 1! "(s, s 1 1 #) q.equals(q )! 18

19 Bridge Predicates Thread 1: Thread {! q.remove(1); q.remove(1);! } }! Atomicity predicate: q.equals(q )! Bridge predicate.!! Burnim, Sen, Asserting and Checking Determinism for Multithreaded Programs, FSE 2009, CACM 2010.! 19

20 Atomicity vs. Determinism! Semantic Atomicity:! Initial State s 0! ` interleaved executions serial execution! Final State s 1! Final State s 1! "(s, s 1 1 #)! Semantic Determinism:! Initial State s 0! ` interleaved executions interleaved executions! Final State s 1! Final State s 1! "(s, s 1 1 #) 20

21 Semantic Atomicity Example int bal = 0;! int conflicts = 0;! deposit(int a) {! int t = bal;! while (!CAS(&bal, t, t+a)) {! t = bal;! conflicts += 1;! }! }! }! Atomicity predicate: bal == bal! With CAS, updates to balance are atomic.! Performance counter of # of CAS failures.! 21

22 Semantic Atomicity Example ConcurrentList list;! Thread 1: Thread {!......! list.add(1); list.add(3);!......! list.add(2); list.add(4);! } }! Atomicity predicate: eqsets(list,list )!! If list is [1,3,2,4], an atomicity violation?! " User must specify intended atomicity.! 22

23 Outline! Introduction + Motivation!! Background: Atomicity!! Specifying Semantic Atomicity!! Testing Semantic Atomicity!! Experimental Evaluation!! Conclusion! 23

24 Testing Semantic Atomicity! Interleaved run E is semantically atomic " E " w.r.t. iff there exists a serial run s.t.:! " The final states of E, E " satisfy "(s 1, s 1 #).! E : s 0 A! B! B! A! C! D! E! D! E! s 1 Is semantically atomic w/ respect to?! E " 24

25 Testing Semantic Atomicity! Interleaved run E is semantically atomic " E " w.r.t. iff there exists a serial run s.t.:! " The final states of E, E " satisfy "(s 1, s 1 #).! E : s 0 A! B! B! A! C! D! E! D! E! s 1 E " : s 0 A! B! C! D! E! s 1 " "(s 1, s 1 #)? E " : s 0 A! C! B! D! E! s 1 " "(s 1, s 1 #)? E " : s 0 B! A! F! G! H! D! s 1 " "(s 1, s 1 #)?! 25

26 Testing Semantic Atomicity! Interleaved run E is semantically atomic w.r.t. Infeasible iff there to try exists all serial a serial executions.! " run E " s.t.:! " The final Can states we restrict of E, E " this satisfy search?! "(s 1, s 1 #).! E : s 0 A! B! B! A! C! D! E! D! E! s 1 E " : s 0 E " : s 0 E " : s 0 A! B! C! D! E! A! C! B! D! E! B! A! F! G! H! D!! s 1 " s 1 " s 1 " 26

27 Testing Semantic Atomicity 1. The final states of, satisfy.! E E " E E " "(s 1, s 1 #) 2. and execute the same atomic blocks.! E : s 0 A! B! B! A! C! D! E! D! E! s 1 E " : s 0 E " : s 0 E " : s 0 A! B! C! D! E! A! C! B! D! E! B! A!! F! G! H! D!! s 1 " s 1 " s 1 " 27

28 Testing Semantic Atomicity 1. The final states of, satisfy.! E E " E E " 2. and execute the same atomic blocks.! 3. Non-overlapping atomic blocks appear in the same order in and.! E E " "(s 1, s 1 #) E : s 0 A! B! B! A! C! D! E! D! E! s 1 E " : s 0 E " : s 0 E " : s 0 A! B! C! D! E!! A! C! B! D! E!! B! A! F! G! H! D!! s 1 " s 1 " s 1 " 28

29 Semantic Serializability! Def: Interleaved run E is semantically serializable iff exists a serial run E " s.t.:! 1. The final states of E, E " satisfy "(s 1, s 1 # ).! 2. E and E " execute the same atomic blocks.! E : s 0 A! B! B! A! C! D! E! D! E! s 1 E " : s 0 E " : s 0 E " : s 0 A! B! C! D! E! A! C! B! D! E! B! A!! F! G! H! D! s 1 " s 1 " s 1 " 29

30 Semantic Strict Serializability! Def: Interleaved E is semantically strictly serializable iff exists a serial run E " s.t.:! 1. The final states of E, E " satisfy "(s 1, s 1 #).! 2. E and E " execute the same atomic blocks.! 3. Non-overlapping atomic blocks appear in the same order in and.! E E " E : s 0 A! B! B! A! C! D! E! D! E! s 1 E " : s 0 E " : s 0 A! B! C! D! E!! A! C! B! D! E! s 1 " s 1 " 30

31 Semantic Strict Serializability! Def: Interleaved E is semantically strictly serializable iff exists a serial run E " s.t.:! 1. The final states of E, E " satisfy "(s 1, s 1 #).! 2. E and E " execute the same atomic blocks.! 3. Non-overlapping atomic blocks appear in the same order in and.! E E " E has N blocks, with K overlapping.! ==>! Can check semantic strict serializability by examining K! serial runs.! 31

32 Testing Semantic Atomicity! To test atomicity of program P:! " Systematically/randomly generate executions E with K overlapping atomic blocks.! " For each E, report a violation if not semantically strictly serializable.!! Small Scope Hypothesis: Can find bugs with small # of overlapping atomic blocks.! 32

33 Outline! Introduction + Motivation!! Background: Atomicity!! Specifying Semantic Atomicity!! Testing Semantic Atomicity!! Experimental Evaluation!! Conclusion! 33

34 Experimental Evaluation! Wrote semantic atomicity specs for several Java benchmarks.! " Concurrent data structures and parallel apps.!! Setup: For each benchmark:! " Generate random interleaved runs, with one atomic block interrupted by 4 others.! " Check semantic strict serializability of each.! " To compare, also check conflict-serializability.! 34

35 Experimental Results I Benchmark! LoC! Test Runs! Semantic Atomicity Violations! Runs! Static Blocks! Strict Atomicity! Violations! Runs! Static! Blocks! JDK LinkedQueue! ! 7 2! 7! 4! JDK SkipListMap! ! 6 2! 7! 4! JDK CwArrayList! ! 0 0! 0! 0! lock-free list! ! 57 1! 57! 2! lazy list-based set! ! 0 0! 0! 2! 35

36 Experimental Results II Benchmark! LoC! Test Runs! Semantic Atomicity Violations! Runs! Static Blocks! Strict Atomicity! Violations! Runs! Static Blocks! PJ pi! ! 5 1! 5! 1! PJ keysearch! ! 0 0! 0! 0! PJ fractal! ! 0 0! 0! 0! PJ phylogenetic! ! 27 1! 27! 2! Application benchmarks from Parallel Java Library (Kaminsky 2007), use ~15000 LoC from PJ library.! 36

37 JDK Atomicity Bug ConcurrentLinkedQueue q;! q.add(1); q.add(2);! Thread 1: Thread {! {! } sz = { }! q.add(3);! }! Atomic with respect to:! q.equals(q ) (sz == sz )!! Not atomic: q.size() can return sz=3.! 37

38 Semantic Atomicity Bug II parallel-for (t in trees) {! cost = compute_cost(t);! synchronized (min_cost) {! min_cost = min(min_cost, cost);! }! if (cost == min_cost) {! min_tree = t;! }! }! } Atomic with respect to:! min_tree.equals(min_tree )! (min_cost == min_cost )! Updates to min_tree not synchronized.! 38

39 Outline! Introduction + Motivation!! Background: Atomicity!! Specifying Semantic Atomicity!! Testing Semantic Atomicity!! Experimental Evaluation!! Conclusion! 39

40 Conclusion! Semantic atomicity.! " Generalization for capturing high-level noninterference properties of real, complex code.! " Testing via strict serializability.! " Found several unknown atomicity errors.!! Overall Goal: Lightweight specifications for parallel correctness.! " Easy for programmers to write.! " With testing, effective in finding real bugs.! " Determinism [CACMʼ10,ICSEʻ10], NDSeq [PLDI ʻ11]! 40

41 P A R A L L E L C O M P U T I N G L A B O R A T O R Y Questions?! 41

NDSeq: Runtime Checking for Nondeterministic Sequential Specs of Parallel Correctness

EECS Electrical Engineering and Computer Sciences P A R A L L E L C O M P U T I N G L A B O R A T O R Y NDSeq: Runtime Checking for Nondeterministic Sequential Specs of Parallel Correctness Jacob Burnim,