Upload File

Download - Scaling Model Checking of Dataraces Using Dynamic Information Ohad Shacham Tel Aviv University IBM Haifa Lab Mooly Sagiv Tel Aviv University Assaf Schuster

Transcript
Page 1: Scaling Model Checking of Dataraces Using Dynamic Information Ohad Shacham Tel Aviv University IBM Haifa Lab Mooly Sagiv Tel Aviv University Assaf Schuster

Scaling Model Checking of Dataraces Using

Dynamic Information

Ohad ShachamTel Aviv University

IBM Haifa Lab

Mooly SagivTel Aviv University

Assaf SchusterTechnion

Page 2: Scaling Model Checking of Dataraces Using Dynamic Information Ohad Shacham Tel Aviv University IBM Haifa Lab Mooly Sagiv Tel Aviv University Assaf Schuster

Datarace Happens when two threads access a

memory location concurrently At least one access is a write

Unpredictable results Can indicate bugs Hard to detect Hard to reproduce

Page 3: Scaling Model Checking of Dataraces Using Dynamic Information Ohad Shacham Tel Aviv University IBM Haifa Lab Mooly Sagiv Tel Aviv University Assaf Schuster

Datarace example

TicketPurchase(NumOfTickets){ if (NumOfTickets · FreeTickets) FreeTickets -= NumOfTickets else

Print “Full”; }

Page 4: Scaling Model Checking of Dataraces Using Dynamic Information Ohad Shacham Tel Aviv University IBM Haifa Lab Mooly Sagiv Tel Aviv University Assaf Schuster

Datarace example

Thread I Thread II

TicketPurchase(2)

if (NumOfTickets · FreeTickets)

TicketPurchase(4)

if (NumOfTickets · FreeTickets)

FreeTickets -= NumOfTickets

FreeTickets -= NumOfTickets

{FreeTickets = -2}

{FreeTickets = 4}

TicketPurchase(NumOfTickets){ if (NumOfTickets · FreeTickets) FreeTickets -= NumOfTickets else

Print “Full”; }

Page 5: Scaling Model Checking of Dataraces Using Dynamic Information Ohad Shacham Tel Aviv University IBM Haifa Lab Mooly Sagiv Tel Aviv University Assaf Schuster

Datarace example

TicketPurchase(NumOfTickets){ Lock(lockFreeTickets) if (NumOfTickets · FreeTickets) FreeTickets -= NumOfTickets else

Print “Full”; Unlock(lockFreeTickets) }

Page 6: Scaling Model Checking of Dataraces Using Dynamic Information Ohad Shacham Tel Aviv University IBM Haifa Lab Mooly Sagiv Tel Aviv University Assaf Schuster

Datarace detection

Static datarace detection tools Racex [Engler and Ashcraft] TVLA [Sagiv et. al.]

Dynamic datarace detection tools: Lamport’s happens-before partial

order (Djit) Lock based techniques (Lockset)

Page 7: Scaling Model Checking of Dataraces Using Dynamic Information Ohad Shacham Tel Aviv University IBM Haifa Lab Mooly Sagiv Tel Aviv University Assaf Schuster

Difficulties in model checking dataraces Infinite state space Huge number of interleavings Huge transition systems Size problem

Page 8: Scaling Model Checking of Dataraces Using Dynamic Information Ohad Shacham Tel Aviv University IBM Haifa Lab Mooly Sagiv Tel Aviv University Assaf Schuster

Observation

Programs maintaining a locking discipline are dataraces free

Page 9: Scaling Model Checking of Dataraces Using Dynamic Information Ohad Shacham Tel Aviv University IBM Haifa Lab Mooly Sagiv Tel Aviv University Assaf Schuster

Hybrid solution

Dynamically check a locking discipline

Produce witnesses for dataraces using a model checker Explore suffixes of the trace

Page 10: Scaling Model Checking of Dataraces Using Dynamic Information Ohad Shacham Tel Aviv University IBM Haifa Lab Mooly Sagiv Tel Aviv University Assaf Schuster

Basic idea

Page 11: Scaling Model Checking of Dataraces Using Dynamic Information Ohad Shacham Tel Aviv University IBM Haifa Lab Mooly Sagiv Tel Aviv University Assaf Schuster

Algorithm flow

Lockset

Multithreaded program

List of Warnings

Find a1

1 2

Model Checker

Page 12: Scaling Model Checking of Dataraces Using Dynamic Information Ohad Shacham Tel Aviv University IBM Haifa Lab Mooly Sagiv Tel Aviv University Assaf Schuster

Lockset

Savage et. al. SOSP 1997 Lockset invariant

multiple accesses to a specific memory location are guarded by a unique lock

Page 13: Scaling Model Checking of Dataraces Using Dynamic Information Ohad Shacham Tel Aviv University IBM Haifa Lab Mooly Sagiv Tel Aviv University Assaf Schuster

Lockset example

Lock(lockx)X = 7Unlock(lockx)Lock(locky)Z = Y

Lock(locky)Y = 2Unlock(locky)Lock(locky)Y = X

{lockx}

{locky}

{locky}

Thread I Thread II C(X)

{lockx, locky}{lockx}

{locky}

Unlock(locky)

Locks I Locks II

Page 14: Scaling Model Checking of Dataraces Using Dynamic Information Ohad Shacham Tel Aviv University IBM Haifa Lab Mooly Sagiv Tel Aviv University Assaf Schuster

Lockset

Advantage Predict dataraces which may occur in

a different thread interleaving Disadvantages

Spurious dataraces Hard to use

Lack of trace

Page 15: Scaling Model Checking of Dataraces Using Dynamic Information Ohad Shacham Tel Aviv University IBM Haifa Lab Mooly Sagiv Tel Aviv University Assaf Schuster

Lockset strength

Lock(lockx);X = 7;Unlock(lockx);Lock(locky);Z = Y;

Lock(locky);Y = 2;Unlock(locky);Lock(locky);Y = X;

{lockx}

{locky}

{locky}

Thread I Thread II C(X)

{lockx, locky}{lockx}

{locky}

Unlock(locky);

Locks I Locks II

Page 16: Scaling Model Checking of Dataraces Using Dynamic Information Ohad Shacham Tel Aviv University IBM Haifa Lab Mooly Sagiv Tel Aviv University Assaf Schuster

Our hybrid solution

Combine Lockset & Model Checking Provide witnesses for dataraces

Rare dataraces Dataraces in large programs

Model CheckingProvide witnesses for rare DR

Locksetscale for large programs+

Page 17: Scaling Model Checking of Dataraces Using Dynamic Information Ohad Shacham Tel Aviv University IBM Haifa Lab Mooly Sagiv Tel Aviv University Assaf Schuster

A witness for a datarace

a1

a2

1

2

ma1 = ma2 a1=Write Ç a2=Write

Page 18: Scaling Model Checking of Dataraces Using Dynamic Information Ohad Shacham Tel Aviv University IBM Haifa Lab Mooly Sagiv Tel Aviv University Assaf Schuster

Required data from Lockset

X=7

Y=2

Z=Y

Y=X

Thread I Thread II

Page 19: Scaling Model Checking of Dataraces Using Dynamic Information Ohad Shacham Tel Aviv University IBM Haifa Lab Mooly Sagiv Tel Aviv University Assaf Schuster

Lockset provides for each warning only a single access event a2

Find a prior access event a1 which can take part in a race with a2

a1

a2

Using Lockset data

Page 20: Scaling Model Checking of Dataraces Using Dynamic Information Ohad Shacham Tel Aviv University IBM Haifa Lab Mooly Sagiv Tel Aviv University Assaf Schuster

Using Lockset data

X = 7

Z = Y

Y = 2

Y = X

A Warning on X

X=7

Z=Y

Y=2

Y=X

{lockx}

{locky}

{locky}

{locky}

Page 21: Scaling Model Checking of Dataraces Using Dynamic Information Ohad Shacham Tel Aviv University IBM Haifa Lab Mooly Sagiv Tel Aviv University Assaf Schuster

Prefix

a1

a2

Page 22: Scaling Model Checking of Dataraces Using Dynamic Information Ohad Shacham Tel Aviv University IBM Haifa Lab Mooly Sagiv Tel Aviv University Assaf Schuster

MODEL without t1

Building a model

a1

Page 23: Scaling Model Checking of Dataraces Using Dynamic Information Ohad Shacham Tel Aviv University IBM Haifa Lab Mooly Sagiv Tel Aviv University Assaf Schuster

Using a model checker

a1

1

a2

Is a2 reachable by t2 ?

Page 24: Scaling Model Checking of Dataraces Using Dynamic Information Ohad Shacham Tel Aviv University IBM Haifa Lab Mooly Sagiv Tel Aviv University Assaf Schuster

Using a model checker

a2

a1

a1

Page 25: Scaling Model Checking of Dataraces Using Dynamic Information Ohad Shacham Tel Aviv University IBM Haifa Lab Mooly Sagiv Tel Aviv University Assaf Schuster

Reduce the model checker cost

Reduction in the model size Elimination of thread t1

Providing a single new initial configuration

Heuristically reducing the number of steps that the model checker should carry out

Page 26: Scaling Model Checking of Dataraces Using Dynamic Information Ohad Shacham Tel Aviv University IBM Haifa Lab Mooly Sagiv Tel Aviv University Assaf Schuster

Example

Lock(lockx);X = 7;Unlock(lockx);Lock(locky);Z = Y;

Lock(locky);Y = 2;Unlock(locky);Lock(locky);Y = X;

{lockx}

{locky}

{locky}

Thread I Thread II C(X)

{lockx, locky}{lockx}

{locky}

Unlock(locky);

Lock(locky);Y = 2;Unlock(locky);Lock(locky);Y = X;

1

2

X = 7;

Locks I Locks II

Page 27: Scaling Model Checking of Dataraces Using Dynamic Information Ohad Shacham Tel Aviv University IBM Haifa Lab Mooly Sagiv Tel Aviv University Assaf Schuster

Prototype implementation

A prototype tool based on IBM tools

Lockset – The IBM Watson tool Wolf – IBM Haifa’s software model

checker

Page 28: Scaling Model Checking of Dataraces Using Dynamic Information Ohad Shacham Tel Aviv University IBM Haifa Lab Mooly Sagiv Tel Aviv University Assaf Schuster

Prototype implementation

Lockset

Multi-threaded program

List of Warnings

Find a1 Extend 1 Wolf

1 2

Page 29: Scaling Model Checking of Dataraces Using Dynamic Information Ohad Shacham Tel Aviv University IBM Haifa Lab Mooly Sagiv Tel Aviv University Assaf Schuster

Benchmark programsProgramDescriptionLines

Tsptraveling salesman from ETH

706

Our_tspEnhanced traveling salesman

708

mtrtMultithreaded raytracer from specjvm98

3751

HedcWeb Crawler Kernel from ETH

29948

SortArrayParallel sort362

PrimeFinderFinds prime numbers in a given interval

129

ElevsimElevator simulator150

DQueriesShared DB simulator166

Page 30: Scaling Model Checking of Dataraces Using Dynamic Information Ohad Shacham Tel Aviv University IBM Haifa Lab Mooly Sagiv Tel Aviv University Assaf Schuster

Experimental results

Program2 threads3 threads4 threadsTime (sec)

Memory (MB)

Time (sec)

Memory (MB)

Time (sec)

Memory (MB)

our_tsp35069

353 Mem Out Mem Out

SortArray569.31231334.93

396 Mem Out

PrimeFinder888.71162645.51434547.1168

ElevSim33.022867.9233147.948

DQueries140.160201.889585.97136

Hedc2.66117.3312917

tsp35243

377 Mem

Out Mem Out

Page 31: Scaling Model Checking of Dataraces Using Dynamic Information Ohad Shacham Tel Aviv University IBM Haifa Lab Mooly Sagiv Tel Aviv University Assaf Schuster

Conclusion

Hybrid technique which combines dynamic datarace detector and a model checker

Provide witnesses for dataraces which occur only in rare interleavings

Helps the user in analyzing the datarace

No spurious dataraces


Top Related

TEL AVIV UNIVERSITY
TEL AVIV UNIVERSITY
Compiler Construction Intermediate Representation III Activation Records Ran Shaham and Ohad Shacham School of Computer Science Tel-Aviv University
Compiler Construction Intermediate Representation III Activation Records Ran Shaham and Ohad Shacham School of Computer Science Tel-Aviv University
Compiler Construction Abstract Syntax Tree Rina Zviel-Girshin and Ohad Shacham School of Computer Science Tel-Aviv University
Compiler Construction Abstract Syntax Tree Rina Zviel-Girshin and Ohad Shacham School of Computer Science Tel-Aviv University
Jump to first page AMC2000 1 Barrier Layers Technology Prof. Yosi Shacham-Diamand Department of Physical Electronics Tel-Aviv University, Tel-Aviv 69978
Jump to first page AMC2000 1 Barrier Layers Technology Prof. Yosi Shacham-Diamand Department of Physical Electronics Tel-Aviv University, Tel-Aviv 69978
Compiler Construction LR(0) + Visitor Ran Shaham and Ohad Shacham School of Computer Science Tel-Aviv University
Compiler Construction LR(0) + Visitor Ran Shaham and Ohad Shacham School of Computer Science Tel-Aviv University
Lattice-based Cryptography Oded Regev Tel-Aviv University Oded Regev Tel-Aviv University
Lattice-based Cryptography Oded Regev Tel-Aviv University Oded Regev Tel-Aviv University
Compiler Construction Parsing I Ran Shaham and Ohad Shacham School of Computer Science Tel-Aviv University
Compiler Construction Parsing I Ran Shaham and Ohad Shacham School of Computer Science Tel-Aviv University
Tel Aviv Iafo
Tel Aviv Iafo