a parameterized type system for race-free java programs
DESCRIPTION
A Parameterized Type System for Race-Free Java Programs. Chandrasekhar Boyapati Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology {chandra, rinard}@lcs.mit.edu. Data races in multithreaded programs. Two threads concurrently access same data - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/1.jpg)
A Parameterized Type System for Race-Free Java Programs
Chandrasekhar Boyapati Martin Rinard
Laboratory for Computer ScienceMassachusetts Institute of Technology
{chandra, rinard}@lcs.mit.edu
![Page 2: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/2.jpg)
Data races in multithreaded programs
• Two threads concurrently access same data
• At least one access is a write• No synchronization to separate accesses
Thread 1: x = x + 1;
Thread 2: x = x + 2;
![Page 3: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/3.jpg)
Why data races are a problem• Some correct programs contain data races
• But most races are programming errors•Code intended to execute atomically•Synchronization omitted by mistake
• Consequences can be severe•Non-deterministic, timing-dependent
bugs•Difficult to detect, reproduce, eliminate
![Page 4: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/4.jpg)
Avoiding data races
Thread 1:
x = x + 1;
Thread 2:
x = x + 2;
![Page 5: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/5.jpg)
Avoiding data races
Thread 1:lock(l);x = x + 1; unlock(l);
Thread 2: lock(l);x = x + 2; unlock(l);
•Associate a lock with every shared mutable data•Acquire lock before data access•Release lock after data access
![Page 6: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/6.jpg)
Avoiding data races
Thread 1:lock(l);x = x + 1; unlock(l);
Thread 2: lock(l);x = x + 2; unlock(l);
Problem: Locking is not enforced!Inadvertent programming errors…
![Page 7: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/7.jpg)
Our solution
• A static type system for OO programs• Well-typed programs are free of races
![Page 8: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/8.jpg)
Our solution• A static type system for OO programs• Well-typed programs are free of races
• Programmers specify •How each object is protected from races•In types of variables pointing to objects
• Type checkers statically verify•That objects are used only as specified
![Page 9: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/9.jpg)
Protection mechanism of an object
• Specifies the lock protecting the object, or
• Specifies that object needs no locks b’cos•The object is immutable, or•The object is not shared, or•There is a unique pointer to the object
![Page 10: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/10.jpg)
Types are proofs
Type checker
Translator(Removes extra
types)
Compiler
JVM
Java
bytecodes
+ Extra types
Java
![Page 11: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/11.jpg)
Outline
• Motivation
• Type system
• Experience
• Related work
• Conclusions
![Page 12: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/12.jpg)
Race-free Account programclass Account { int balance = 0; int deposit(int x) { this.balance += x; }}
Account a1 = new Account;fork (a1) { synchronized (a1) in { a1.deposit(10); } }; fork (a1) { synchronized (a1) in { a1.deposit(10); } };
Account a2 = new Account;a2.deposit(10);
![Page 13: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/13.jpg)
Race-free Account programclass Account { int balance = 0; int deposit(int x) { this.balance += x; }}
Account a1 = new Account;fork (a1) { synchronized (a1) in { a1.deposit(10); } }; fork (a1) { synchronized (a1) in { a1.deposit(10); } };
Account a2 = new Account;a2.deposit(10);
Thread t;t.start();
fork (t) { t.start(); }Java: Concurrent Java:
![Page 14: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/14.jpg)
Race-free Account programclass Account { int balance = 0; int deposit(int x) { this.balance += x; }}
Account a1 = new Account;fork (a1) { synchronized (a1) in { a1.deposit(10); } }; fork (a1) { synchronized (a1) in { a1.deposit(10); } };
Account a2 = new Account;a2.deposit(10);
![Page 15: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/15.jpg)
Statically verifiable race-free program
class AccountthisOwner { int balance = 0; int deposit(int x) requires (this) { this.balance += x; }}
final Accountself a1 = new Accountself;fork (a1) { synchronized (a1) in { a1.deposit(10); } }; fork (a1) { synchronized (a1) in { a1.deposit(10); } };
AccountthisThread a2 = new AccountthisThread;a2.deposit(10);
![Page 16: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/16.jpg)
Statically verifiable race-free program
thisOwner protects the Accountclass AccountthisOwner { int balance = 0; int deposit(int x) requires (this) { this.balance += x; }}
final Accountself a1 = new Accountself;fork (a1) { synchronized (a1) in { a1.deposit(10); } }; fork (a1) { synchronized (a1) in { a1.deposit(10); } };
AccountthisThread a2 = new AccountthisThread;a2.deposit(10);
![Page 17: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/17.jpg)
Statically verifiable race-free program
a1 is protected by its locka2 is thread-local
class AccountthisOwner { int balance = 0; int deposit(int x) requires (this) { this.balance += x; }}
final Accountself a1 = new Accountself;fork (a1) { synchronized (a1) in { a1.deposit(10); } }; fork (a1) { synchronized (a1) in { a1.deposit(10); } };
AccountthisThread a2 = new AccountthisThread;a2.deposit(10);
![Page 18: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/18.jpg)
Statically verifiable race-free program
class AccountthisOwner { int balance = 0; int deposit(int x) requires (this) { this.balance += x; }}
final Accountself a1 = new Accountself;fork (a1) { synchronized (a1) in { a1.deposit(10); } }; fork (a1) { synchronized (a1) in { a1.deposit(10); } };
AccountthisThread a2 = new AccountthisThread;a2.deposit(10);
deposit requires lock on “this”
![Page 19: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/19.jpg)
class AccountthisOwner { int balance = 0; int deposit(int x) requires (this) { this.balance += x; }}
final Accountself a1 = new Accountself;fork (a1) { synchronized (a1) in { a1.deposit(10); } }; fork (a1) { synchronized (a1) in { a1.deposit(10); } };
AccountthisThread a2 = new AccountthisThread;a2.deposit(10);
Statically verifiable race-free program
a1 is locked before calling deposita2 need not be locked
![Page 20: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/20.jpg)
Type system• Basic type system: Locks, thread-local objects
• Object ownership• Type system• Type inference
• Extensions: Unique pointers, read-only objects
![Page 21: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/21.jpg)
Object ownership• Every object has an owner• An object can be owned by
• Itself• Another object• Special per-thread owner called thisThread
thisThread thisThread
Thread2 objectsThread1 objects Potentially shared objects
![Page 22: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/22.jpg)
Ownership properties• Owner of an object does not change over time
• Ownership relation forms a forest of rooted trees • Roots can have self loops
thisThread thisThread
Thread2 objectsThread1 objects Potentially shared objects
![Page 23: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/23.jpg)
Ownership properties• Every object is protected by its root owner
• To gain exclusive access to an object, it is• Necessary and sufficient to lock its root owner
• A thread implicitly holds the lock on its thisThread
thisThread thisThread
Thread2 objectsThread1 objects Potentially shared objects
![Page 24: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/24.jpg)
Basic type system
• Object ownership
• Type system
• Type inference
![Page 25: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/25.jpg)
class TStack { TNode head;
void push(T value) {…} T pop() {…}}
class TNode { TNode next; T value; …}
class T {…}
TStack program
value
next
head
value
nextvalu
e
next
… ……
TStack
TNode’s
T’s
![Page 26: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/26.jpg)
TStack programclass TStackthisOwner, TOwner { TNodethis, TOwner head; …}class TNodethisOwner, TOwner { TNodethisOwner, TOwner next; TTOwner value; …}TStackthisThread, thisThread s1;TStackthisThread, self s2;
TStack
TNode’s
T’s
![Page 27: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/27.jpg)
Parameterizing classes
Classes are parameterized with one or more ownersFirst owner owns the “this” object
class TStackthisOwner, TOwner { TNodethis, TOwner head; …}class TNodethisOwner, TOwner { TNodethisOwner, TOwner next; TTOwner value; …}TStackthisThread, thisThread s1;TStackthisThread, self s2;
TStack
TNode’s
T’s
![Page 28: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/28.jpg)
Instantiating classes
Classes can be instantiated with final expressionsE.g., with “this”
class TStackthisOwner, TOwner { TNodethis, TOwner head; …}class TNodethisOwner, TOwner { TNodethisOwner, TOwner next; TTOwner value; …}TStackthisThread, thisThread s1;TStackthisThread, self s2;
TStack
TNode’s
T’s
![Page 29: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/29.jpg)
Instantiating classes
Classes can be instantiated with formal parametersE.g., with “thisOwner” or “TOwner”
class TStackthisOwner, TOwner { TNodethis, TOwner head; …}class TNodethisOwner, TOwner { TNodethisOwner, TOwner next; TTOwner value; …}TStackthisThread, thisThread s1;TStackthisThread, self s2;
TStack
TNode’s
T’s
![Page 30: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/30.jpg)
Instantiating classes
Classes can be instantiated with “thisThread”
class TStackthisOwner, TOwner { TNodethis, TOwner head; …}class TNodethisOwner, TOwner { TNodethisOwner, TOwner next; TTOwner value; …}TStackthisThread, thisThread s1;TStackthisThread, self s2;
thisThread
TStack
TNode’s
T’s
![Page 31: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/31.jpg)
Instantiating classes
Classes can be instantiated with “self”
class TStackthisOwner, TOwner { TNodethis, TOwner head; …}class TNodethisOwner, TOwner { TNodethisOwner, TOwner next; TTOwner value; …}TStackthisThread, thisThread s1;TStackthisThread, self s2;
thisThread
TStack
TNode’s
T’s
![Page 32: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/32.jpg)
Requires clausesclass TStackthisOwner, TOwner { TNodethis, TOwner head; … TTOwner pop() requires (this) { if (head == null) return null; TTOwner value = head.value(); head = head.next(); return value; }}class TNodethisOwner, TOwner { TTOwner value() requires (this) {…} TNodethisOwner, TOwner next() requires (this) {…} …}
Methods can require threadsto have locks on root ownersof objects
![Page 33: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/33.jpg)
Type checking pop method
value
next
head
value
next
value
next
… ……
TStack
TNode’s
T’s
class TStackthisOwner, TOwner { TNodethis, TOwner head; … TTOwner pop() requires (this) { if (head == null) return null; TTOwner value = head.value(); head = head.next(); return value; }}class TNodethisOwner, TOwner { TTOwner value() requires (this) {…} TNodethisOwner, TOwner next() requires (this) {…} …}
![Page 34: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/34.jpg)
Type checking pop methodLocks held
thisThread,RootOwner(this)
class TStackthisOwner, TOwner { TNodethis, TOwner head; … TTOwner pop() requires (this) { if (head == null) return null; TTOwner value = head.value(); head = head.next(); return value; }}class TNodethisOwner, TOwner { TTOwner value() requires (this) {…} TNodethisOwner, TOwner next() requires (this) {…} …}
![Page 35: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/35.jpg)
Type checking pop methodLocks held
thisThread,RootOwner(this)
Locks required
RootOwner(this)
class TStackthisOwner, TOwner { TNodethis, TOwner head; … TTOwner pop() requires (this) { if (head == null) return null; TTOwner value = head.value(); head = head.next(); return value; }}class TNodethisOwner, TOwner { TTOwner value() requires (this) {…} TNodethisOwner, TOwner next() requires (this) {…} …}
![Page 36: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/36.jpg)
Type checking pop methodLocks held
thisThread,RootOwner(this)
Locks required
?
class TStackthisOwner, TOwner { TNodethis, TOwner head; … TTOwner pop() requires (this) { if (head == null) return null; TTOwner value = head.value(); head = head.next(); return value; }}class TNodethisOwner, TOwner { TTOwner value() requires (this) {…} TNodethisOwner, TOwner next() requires (this) {…} …}
![Page 37: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/37.jpg)
Type checking pop methodLocks held
thisThread,RootOwner(this)
Locks required
RootOwner(head)
class TStackthisOwner, TOwner { TNodethis, TOwner head; … TTOwner pop() requires (this) { if (head == null) return null; TTOwner value = head.value(); head = head.next(); return value; }}class TNodethisOwner, TOwner { TTOwner value() requires (this) {…} TNodethisOwner, TOwner next() requires (this) {…} …}
![Page 38: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/38.jpg)
Type checking pop methodLocks held
thisThread,RootOwner(this)
Locks required
RootOwner(head)= RootOwner(this)
class TStackthisOwner, TOwner { TNodethis, TOwner head; … TTOwner pop() requires (this) { if (head == null) return null; TTOwner value = head.value(); head = head.next(); return value; }}class TNodethisOwner, TOwner { TTOwner value() requires (this) {…} TNodethisOwner, TOwner next() requires (this) {…} …}
![Page 39: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/39.jpg)
Type checking pop methodLocks held
thisThread,RootOwner(this)
Locks required
RootOwner(this),
RootOwner(head)= RootOwner(this)
class TStackthisOwner, TOwner { TNodethis, TOwner head; … TTOwner pop() requires (this) { if (head == null) return null; TTOwner value = head.value(); head = head.next(); return value; }}class TNodethisOwner, TOwner { TTOwner value() requires (this) {…} TNodethisOwner, TOwner next() requires (this) {…} …}
![Page 40: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/40.jpg)
Type checking pop methodclass TStackthisOwner, TOwner { TNodethis, TOwner head; … TTOwner pop() requires (this) { if (head == null) return null; TTOwner value = head.value(); head = head.next(); return value; }}class TNodethisOwner, TOwner { TTOwner value() requires (this) {…} TNodethisOwner, TOwner next() requires (this) {…} …}
![Page 41: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/41.jpg)
Type checking client codeclass TStackthisOwner, TOwner { TTOwner pop() requires (this) {…} …}
final TStackself, self s = …;
fork (s) { synchronized (s) in { s.pop(); }};
![Page 42: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/42.jpg)
Type checking client codeLocks held
thisThread, s
class TStackthisOwner, TOwner { TTOwner pop() requires (this) {…} …}
final TStackself, self s = …;
fork (s) { synchronized (s) in { s.pop(); }};
![Page 43: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/43.jpg)
Type checking client codeLocks held
thisThread, s
Locks required
RootOwner(s) = s
class TStackthisOwner, TOwner { TTOwner pop() requires (this) {…} …}
final TStackself, self s = …;
fork (s) { synchronized (s) in { s.pop(); }};
![Page 44: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/44.jpg)
Basic type system
• Object ownership
• Type system
• Type inference
![Page 45: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/45.jpg)
Inferring owners of local variables
class Aoa1, oa2 {…}class Bob1, ob2, ob3 extends Aob1, ob3 {…}
class C { void m(Bthis, oc1, thisThread b) { A a1; B b1; b1 = b; a1 = b1; }}
![Page 46: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/46.jpg)
Inferring owners of local variables
class Aoa1, oa2 {…}class Bob1, ob2, ob3 extends Aob1, ob3 {…}
class C { void m(Bthis, oc1, thisThread b) { Ax1, x2 a1; Bx3, x4, x5 b1; b1 = b; a1 = b1; }}
Augment unknown types with owners
![Page 47: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/47.jpg)
Inferring owners of local variables
Gather constraints
x3 = thisx4 = oc1 x5 = thisThread
class Aoa1, oa2 {…}class Bob1, ob2, ob3 extends Aob1, ob3 {…}
class C { void m(Bthis, oc1, thisThread b) { Ax1, x2 a1; Bx3, x4, x5 b1; b1 = b; a1 = b1; }}
![Page 48: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/48.jpg)
Inferring owners of local variables
Gather constraints
x3 = thisx4 = oc1 x5 = thisThread x1 = x3x2 = x5
class Aoa1, oa2 {…}class Bob1, ob2, ob3 extends Aob1, ob3 {…}
class C { void m(Bthis, oc1, thisThread b) { Ax1, x2 a1; Bx3, x4, x5 b1; b1 = b; a1 = b1; }}
![Page 49: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/49.jpg)
class Aoa1, oa2 {…}class Bob1, ob2, ob3 extends Aob1, ob3 {…}
class C { void m(Bthis, oc1, thisThread b) { Athis, thisThread a1; Bthis, oc1, thisThread b1; b1 = b; a1 = b1; }}
Inferring owners of local variables
Solve constraints
x3 = thisx4 = oc1 x5 = thisThread x1 = x3x2 = x5
![Page 50: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/50.jpg)
class Aoa1, oa2 {…}class Bob1, ob2, ob3 extends Aob1, ob3 {…}
class C { void m(Bthis, oc1, thisThread b) { Athis, thisThread a1; Bthis, oc1, thisThread b1; b1 = b; a1 = b1; }}
Inferring owners of local variables
Solve constraints
•Only equality constraints between owners•Takes almost linear time to solve
x3 = thisx4 = oc1 x5 = thisThread x1 = x3x2 = x5
![Page 51: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/51.jpg)
Default types
• To further reduce programming overhead
• Single threaded programs require almost no programming overhead
![Page 52: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/52.jpg)
Outline
• Motivation
• Type system
• Experience
• Related work
• Conclusions
![Page 53: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/53.jpg)
Multithreaded server programs
Program Lines of code Lines changed
http server 563 26chat server 308 21stock quote server 242 12game server 87 10phone (database) server
302 10
![Page 54: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/54.jpg)
Java librariesProgram Lines of code Lines
changed
java.io.OutputStream 134 03
java.io.BufferedWriter 253 09
java.io.OutputStreamWriter 266 11
java.io.Writer 177 06
java.io.PrintStream 568 14java.io.FilterOutputStream 148 05
java.util.Vector 992 35
java.util.ArrayList 533 18
![Page 55: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/55.jpg)
Java libraries• Java has two classes for resizable arrays
• java.util.Vector•Self synchronized, do not create races•Always incur synchronization overhead
• java.util.ArrayList•No unnecessary synchronization overhead•Could be used unsafely to create races
• We provide generic resizable arrays• Safe, but no unnecessary overhead
![Page 56: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/56.jpg)
Java libraries• Java programs contain unnecessary locking• Much analysis work to remove unnecessary
locking• Aldrich, Chambers, Sirer, Eggers (SAS ‘99)• Whaley, Rinard (OOPSLA ‘99)• Choi, Gupta, Serrano, Sreedhar, Midkiff (OOPSLA ‘99)• Blanchet (OOPSLA ‘99)• Bogda, Holzle (OOPSLA ‘99)• Ruf (PLDI ‘00)
• Our implementation • Avoids unnecessary locking• Without sacrificing safety
![Page 57: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/57.jpg)
Additional benefits of race-free types
• Data races expose the effects of• Weak memory consistency models• Standard compiler optimizations
![Page 58: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/58.jpg)
What is the value of z?
Thread 1:
y=0; x=1;
Thread 2:
z=x+y;
Initially: x=0; y=1;
![Page 59: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/59.jpg)
What is the value of z?
Thread 1:
y=0; x=1;
Thread 2:
z=x+y;
Initially: x=0; y=1;
z=x+y;y=0;x=1;z=1
y=0;z=x+y;
x=1;z=0
y=0;x=1;
z=x+y;z=1
Possible Interleavings
![Page 60: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/60.jpg)
What is the value of z?
Thread 1:
y=0; x=1;
Thread 2:
z=x+y;
Initially: x=0; y=1;
z=x+y;y=0;x=1;z=1
y=0;z=x+y;
x=1;z=0
y=0;x=1;
z=x+y;z=1
x=1;z=x+y;
y=0;z=2 !!
!
Possible Interleavings
Above instruction reordering legal in single-threaded
programsViolates sequential consistency
in multithreaded programs
![Page 61: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/61.jpg)
Additional benefits of race-free types
• Data races expose effects of• Weak memory consistency models• Standard compiler optimizations
• Data races complicate program analysis• Data races complicate human understanding
• Race-free languages • Eliminate these issues• Make multithreaded programming more
tractable
![Page 62: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/62.jpg)
Outline
• Motivation
• Type system
• Experience
• Related work
• Conclusions
![Page 63: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/63.jpg)
Tools to detect races
• Static race detection systems• Sterling (USENIX ‘93)• Detlefs, Leino, Nelson, Saxe (SRC ‘98)• Engler, Chen, Hallem, Chou, Chelf (SOSP ‘01)
• Dynamic race detection systems• Steele (POPL ‘90)• Dinning, Schonberg (PPoPP ‘90)• Savage, Burrows, Nelson, Sobalvarro, Anderson (SOSP
‘97)• Praun, Gross (OOPSLA ’01)
![Page 64: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/64.jpg)
Type systems to prevent races
• Race-free Java • Flanagan and Freund (PLDI ’00)
• Guava • Bacon, Strom, Tarafdar (OOPSLA ’00)
![Page 65: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/65.jpg)
Other related type systems• Ownership types
• Clarke, Potter, Noble (OOPSLA ’98), (ECOOP ’01)
• Region types• Grossman, Morrisett, Jim, Hicks, Wang, Cheney
(Cornell‘01)
• Parameterized types for Java• Myers, Bank, Liskov (POPL ’97)• Agesen, Freund, Mitchell (OOPSLA ’97)• Bracha, Odersky, Stoutamire, Wadler (OOPSLA ’98)• Cartwright, Steele (OOPSLA ’98)
![Page 66: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/66.jpg)
Conclusions
• Data races make programs hard to debug
• We presented race-free static type system
• Our type system is expressive• Programs can be reliable and efficient
![Page 67: A Parameterized Type System for Race-Free Java Programs](https://reader035.vdocument.in/reader035/viewer/2022062501/56815d3e550346895dcb4347/html5/thumbnails/67.jpg)
A Parameterized Type System for Race-Free Java Programs
Chandrasekhar Boyapati Martin Rinard
Laboratory for Computer ScienceMassachusetts Institute of Technology
{chandra, rinard}@lcs.mit.edu