dynamic analyses for data race detection john erickson microsoft stephen freund williams college...
TRANSCRIPT
![Page 1: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/1.jpg)
DYNAMIC ANALYSES FOR DATA RACE DETECTIONJohn EricksonMicrosoft
Stephen FreundWilliams College
Madan MusuvathiMicrosoft Research
![Page 2: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/2.jpg)
Introductions…
![Page 3: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/3.jpg)
Tutorial Goals
• What is (and is not) a data race
• State of the art techniques in dynamic data race detection
• Implementation insights
• Open research problems
![Page 4: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/4.jpg)
Tutorial Structure
• Background
• Lockset and Happens-before Algorithms
• FastTrack – In Depth
• Implementation Frameworks
• RoadRunner – In Depth
• DataCollider – Sampling for Data-race Detection
• Advanced Schedule Perturbation
• Cuzz
• Adversarial Memory Models
![Page 5: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/5.jpg)
BACKGROUND
![Page 6: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/6.jpg)
Concurrency vs Parallelism
ConcurrencyManage access to shared resources, correctly and efficiently
ParallelismUse extra resources to solve a problem faster
Resource
Task Task Task
Resource
Task
Resource
Resource
SubTask
SubTask
SubTask
Sometimes, creating parallelism will create concurrency
![Page 7: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/7.jpg)
Threads and Shared Memory• Common programming model
• For dealing with parallelism and concurrency
• Tasks vs Threads • Subtly different abstractions• Threads are usually managed by the operating system• Tasks are lightweight, and are usually provided by the language runtime
• Data races can occur • In both threads and task based programming• When dealing with both parallelism and concurrency
![Page 8: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/8.jpg)
Moore’s law
Moore’s law make computers faster Moore’s law now
produces more cores
![Page 9: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/9.jpg)
Open Research Problems
• Make concurrency and parallelism accessible to all
• Other Programming models
• How to write efficient multi-threaded code
• How to write correct multi-threaded code This tutorial
![Page 10: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/10.jpg)
First things FirstAssigning Semantics to Concurrent Programs
• What does this program mean?
• Sequential Consistency [Lamport ‘79]Program behavior = set of its thread interleavings
X = 1;F = 1;
t = F;u = X;
int X = F = 0;
![Page 11: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/11.jpg)
Sequential Consistency Explained
X = 1;F = 1;
t = F;u = X;
int X = F = 0; // F = 1 implies X is initialized
X = 1;F = 1;t = F;u = X;
X = 1;
F = 1;
t = F;
u = X;
X = 1;
F = 1;
t = F;u = X;
X = 1;F = 1;
t = F;u = X;
X = 1;
F = 1;
t = F;
u = X;
X = 1;F = 1;
t = F;
u = X;
t=1, u=1 t=0, u=1 t=0, u=1 t=0, u=0 t=0, u=1 t=0, u=1
t=1 implies u=1
![Page 12: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/12.jpg)
Naturalness of Sequential Consistency• Sequential Consistency provides two crucial abstractions
• Program Order Abstraction• Instructions execute in the order specified in the program
A ; B means “Execute A and then B”
• Shared Memory Abstraction• Memory behaves as a global array, with reads and writes done immediately
• We implicitly assume these abstractions for sequential programs
![Page 13: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/13.jpg)
In this Tutorial• We will assume Sequential Consistency
• Except when explicitly stated otherwise
![Page 14: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/14.jpg)
Common Concurrency Errors
• Atomicity violations
• Ordering violations
• Unintended sharing
• Deadlocks and livelocks
![Page 15: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/15.jpg)
Atomicity Violation• Code that is meant to execute “atomically”
• That is, without interference from other threads• Suffers interference from some other thread
Thread 1
void Bank::Update(int a) { int t = bal; bal = t + a;}
Thread 2
void Bank::Withdraw(int a) { int t = bal; bal = t - a;}
![Page 16: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/16.jpg)
Ordering Violation• Incorrect signalling between a producer and a consumer
Thread 1
work = null;CreateThread (Thread 2);work = new Work();
Thread 2
ConsumeWork( work );
![Page 17: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/17.jpg)
Unintended Sharing• Threads accidentally sharing objects
Thread 1
void work() { static int local = 0; … local += … …}
Thread 2
void work() { static int local = 0; … local += … …}
![Page 18: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/18.jpg)
Deadlock / Livelock
Thread 1
AcquireLock( X );
AcquireLock( Y );
Thread 2
AcquireLock( Y );
AcquireLock( X );
![Page 19: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/19.jpg)
Deadlock / Livelock
Thread 1
while (x == 0) {}
y = 1;
Thread 2
while (y == 0) {}
x = 1;
Initx = y = 0;
![Page 20: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/20.jpg)
Common Concurrency Errors
• Atomicity violations
• Ordering violations
• Unintended sharing
• Deadlocks and livelocks
Data Race is a good symptom for
these
![Page 21: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/21.jpg)
WHAT IS A DATA RACE ?
![Page 22: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/22.jpg)
• The term “data race” is often overloaded to mean different things
• Precise definition is important in designing a tool
![Page 23: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/23.jpg)
Data Race• Two accesses conflict if
• they access the same memory location, and • at least one of them is a write
Write X – Write XWrite X – Read XRead X – Write XRead X – Read X
• A data race is a pair of conflicting accesses that happen concurrently
![Page 24: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/24.jpg)
“Happen Concurrently”• A and B happen concurrently if • there exists a sequentially consistent execution in which they
happen one after the other
X = 1;F = 1;
t = F;u = X;X =
1;F = 1;t = F;u = X;
HappenConcurrently
![Page 25: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/25.jpg)
Unintended Sharing• Threads accidentally sharing objects
Thread 1
void work() { static int local = 0; … local += … …}
Thread 2
void work() { static int local = 0; … local += … …}
Data Race
![Page 26: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/26.jpg)
Atomicity Violation• Code that is meant to execute “atomically”
• That is, without interference from other threads• Suffers interference from some other thread
Thread 1
void Bank::Update(int a) { int t = bal; bal = t + a;}
Thread 2
void Bank::Withdraw(int a) { int t = bal; bal = t - a;}
Data Race
![Page 27: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/27.jpg)
Ordering Violation• Incorrect signalling between a producer and a consumer
Thread 1
work = null;CreateThread (Thread 2);work = new Work();
Thread 2
ConsumeWork( work );
Data Race
![Page 28: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/28.jpg)
But,….
AcquireLock(){ while (lock == 1) {} CAS (lock, 0, 1);}
ReleaseLock() { lock = 0;}
Data Race ?
![Page 29: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/29.jpg)
Acceptable Concurrent Conflicting Accesses
• Implementing synchronization (such as locks) usually requires concurrent conflicting accesses to shared memory
• Innovative uses of shared memory• Fast reads• Double-checked locking• Lazy initialization• Setting dirty flag• ...
• Need mechanisms to distinguish these from erroneous conflicts
![Page 30: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/30.jpg)
Solution: Programmer Annotation• Programmer explicitly annotates variables as “synchronization”
• Java – volatile keyword• C++ – std::atomic<> types
![Page 31: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/31.jpg)
Data Race • Two accesses conflict if
• they access the same memory location, and • at least one of them is a write
• A data race is a pair of concurrent conflicting accesses to locations not annotated as synchronization
![Page 32: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/32.jpg)
Data Race vs Race Conditions• Data Races != Race Conditions
• Confusing terminology
• Race Condition• Any timing error in the program • Due to events, device interaction, thread interleaving, …
• Data races are neither sufficient nor necessary for a race condition• Data race is a good symptom for a race condition
![Page 33: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/33.jpg)
DATA-RACE-FREEDOM SIMPLIFIES LANGUAGE SEMANTICS
![Page 34: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/34.jpg)
Advantage of Annotating All Data Races
• Defining semantics for concurrent programs becomes surprisingly easy
• In the presence of compiler and hardware optimizations
![Page 35: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/35.jpg)
Can A Compiler Do This?
L1: t = X*5;L2: u = Y;L3: v = X*5;
L1: t = X*5;L2: u = Y;L3: v = t;
t,u,v are local variablesX,Y are possibly sharedOK for sequential programs
if X is not modified between L1 and L3
![Page 36: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/36.jpg)
Can Break Sequential Consistent Semantics
L1: t = X*5;L2: u = Y;L3: v = X*5;
L1: t = X*5;L2: u = Y;L3: v = t;
M1: X = 1;M2: Y = 1;
M1: X = 1;M2: Y = 1;
u == 1 v == 5 possibly u == 1 && v == 0
Init: X = Y = 0; Init: X = Y = 0;
Data Race
![Page 37: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/37.jpg)
Can A Compiler Do This?
L1: t = X*5;L2: u = Y;L3: v = X*5;
L1: t = X*5;L2: u = Y;L3: v = t;
t,u,v are local variablesX,Y are possibly sharedOK for sequential programs
if X is not modified between L1 and L3
OK for concurrent programsif there is no data race on X orif there is no data race on Y
![Page 38: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/38.jpg)
Key Observation [Adve& Hill '90 ]• Many sequentially valid (compiler & hardware) transformations
also preserve sequential consistency• Provided the program is data-race free
• Forms the basis for modern C++, Java semanticsdata-race-free sequential consistency otherwise weak/undefined semantics
![Page 39: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/39.jpg)
A Quiz• Can the assertion fire in this C++ program?
Thread T1
void f(){ dirty = true;}
Thread T2
void f(){ dirty = true;}
main
bool dirty = false;// Create threads T1,T2
// Wait for T1,T2 to finish
assert (dirty);
![Page 40: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/40.jpg)
DATA RACE DETECTION
![Page 41: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/41.jpg)
Overview of Data Race Detection Techniques
• Static data race detection
• Dynamic data race detection
• Lock-set
• Happen-before
• DataCollider
![Page 42: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/42.jpg)
Static Data Race Detection • Advantages:
• Reason about all inputs/interleavings• No run-time overhead• Adapt well-understood static-analysis techniques• Annotations to document concurrency invariants
• Example Tools:• RCC/Java type-based• ESC/Java "functional verification"
(theorem proving-based)
![Page 43: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/43.jpg)
Static Data Race Detection• Advantages:
• Reason about all inputs/interleavings• No run-time overhead• Adapt well-understood static-analysis techniques• Annotations to document concurrency invariants
• Disadvantages of static:• Undecidable...• Tools produce “false positives” or “false negatives”• May be slow, require programmer annotations• May be hard to interpret results
![Page 44: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/44.jpg)
Dynamic Data Race Detection• Advantages
• Can avoid “false positives”• No need for language extensions or sophisticated static analysis
• Disadvantages• Run-time overhead (5-20x for best tools)• Memory overhead for analysis state • Reasons only about observed executions
• sensitive to test coverage• (some generalization possible...)
![Page 45: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/45.jpg)
Tradeoffs: Static vs Dynamic• Coverage
• generalize to additional traces?• Soundness
• every actual data race is reported• Completeness
• all reported warnings are actually races• Overhead
• run-time slowdown• memory footprint
• Programmer overhead
![Page 46: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/46.jpg)
Definition Refresh• A data race is a pair of concurrent conflicting accesses to
unannotated locations
• Problem for dynamic data race detection • Very difficult to catch the two accesses executing concurrently
X = 1;F = 1;
t = F;u = X;X =
1;F = 1;t = F;u = X;
HappenConcurrently
![Page 47: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/47.jpg)
Solution• Lockset
• Infer data races through violation of locking discipline
• Happens-before• Infer data races by generalizing a trace to a set of traces with the same
happens-before relation
• DataCollider• Insert delays intelligently to force the data race to occur
![Page 48: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/48.jpg)
LOCKSET ALGORITHMEraser [Savage et.al. ‘97]
![Page 49: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/49.jpg)
Lockset Algorithm Overview• Checks a sufficient condition for data-race-freedom• Consistent locking discipline
• Every data structure is protected by a single lock• All accesses to the data structure made while holding the lock
• Example:// Remove a received packetAcquireLock( RecvQueueLk );pkt = RecvQueue.RemoveTop();ReleaseLock( RecvQueueLk );
… // process pkt
// Insert into processedAcquireLock( ProcQueueLk );ProcQueue.Insert(pkt);ReleaseLock( ProcQueueLk );
RecvQueue is consistently protected
by RecvQueueLk
ProcQueue is consistently protected
by ProcQueueLk
![Page 50: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/50.jpg)
Inferring the Locking Discipline• How do we know which lock protects what?
• Asking the programmer is cumbersome
• Solution: Infer from the program AcquireLock( A );AcquireLock( B );x ++;ReleaseLock( B );ReleaseLock( A );
AcquireLock( B );AcquireLock( C );x ++;ReleaseLock( C );ReleaseLock( B );
X is protected byA, or B, or both
X is protected by B, or C, or both
X is protected by B
![Page 51: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/51.jpg)
LockSet Algorithm• Two data structures:
• LocksHeld( t ) = set of locks held currently by thread t• Initially set to Empty
• LockSet( x ) = set of locks that could potentially be protecting x• Initially set to the universal set
• When thread t acquires lock l
• When thread t releases lock l
• When thread t accesses location x
• Report “data race” when LockSet( x ) becomes empty
![Page 52: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/52.jpg)
Algorithm Guarantees• No warnings no data races on the current execution
• The program followed consistent locking discipline in this execution
• Warnings does not imply a data race• Thread-local initialization
// Initialize a packetpkt = new Packet();pkt.Consumed = 0
AcquireLock( SendQueueLk );pkt = SendQueue.Top();ReleaseLock( SendQueueLk ); // Process a packet
AcquireLock( SendQueueLk );pkt = SendQueue.Top();pkt.Consumed = 1;ReleaseLock( SendQueueLk );
![Page 53: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/53.jpg)
LockSet Algorithm Guarantees• No warnings no data races on the current execution
• The program followed consistent locking discipline in this execution
• Warnings does not imply a data race• Object read-shared after thread-local initialization
A = new A();A.f = 0;
// publish AglobalA = A; f = globalA.f;
![Page 54: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/54.jpg)
Maintain A State Machine Per Location
Init Local to T
Thread TRead /Write
ReadShared
Thread T’Read Any Thread
Read
Thread TRead /Write
Shared
Any ThreadWrite
Any ThreadWrite
Any ThreadRead / WriteRun LockSet Algorithm
![Page 55: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/55.jpg)
LockSet Algorithm Guarantees• State machine misses some data races
// Initialize a packetpkt = new Packet();pkt.Consumed = 0;
AcquireLock( WrongLk );pkt = SendQueue.Top();pkt.Consumed = 1;ReleaseLock( WrongLk );
// Process a packetAcquireLock( SendQueueLk );pkt = SendQueue.Top();pkt.Consumed = 1;ReleaseLock( SendQueueLk );
![Page 56: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/56.jpg)
LockSet Algorithm Guarantees• Does not handle locations consistently protected by different
locks during a particular execution
// Remove a received packetAcquireLock( RecvQueueLk );pkt = RecvQueue.RemoveTop();ReleaseLock( RecvQueueLk );
… // process pkt
// Insert into processedAcquireLock( ProcQueueLk );ProcQueue.Insert(pkt);ReleaseLock( ProcQueueLk );
Pkt is protected by RecvQueueLk
Pkt is thread local
Pkt is protected byProcQueueLk
![Page 57: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/57.jpg)
HAPPENS-BEFORE
![Page 58: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/58.jpg)
Happens-Before Relation [Lamport '78]• A concurrent execution is a partial-order determined by communication
events• The program cannot “observe” the order of concurrent non-communicating
events
ReleaseLock
AcquireLock
x++
y++
ReleaseLock
AcquireLock
x++
y++?
![Page 59: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/59.jpg)
Happens-Before Relation [Lamport '78]• A concurrent execution is a partial-order determined by communication
events• The program cannot “observe” the order of concurrent non-communicating
events
• Both executions form the same happens-before relation
ReleaseLock
AcquireLock
x++
y++
ReleaseLock
AcquireLock
x++
y++
![Page 60: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/60.jpg)
Constructing the Happens-Before Relation
• Program order• Total order of thread
instructions• Synchronization order
• Total order of accesses to the same synchronization
ReleaseLock
AcquireLock
x++
x++
ReleaseLock
AcquireLock
![Page 61: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/61.jpg)
Happens-Before Relation And Data Races• If all conflicting accesses are
ordered by happens-before• data-race-free execution• All linearizations of partial-order
are valid program executions
• If there exists conflicting accesses not ordered
• a data race
ReleaseLock
AcquireLock
x++
x++
ReleaseLock
AcquireLock
![Page 62: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/62.jpg)
Happens-Before and Data-Races• Not all unordered conflicting accesses are data races
• There is no data race on X• But, there is a data race on Y• Remember:
• Exists unordered conflicting access Exists data race
X = 1;Y = 1;
if( Y == 1 ) X = 2;
Init: X = Y = 0;
![Page 63: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/63.jpg)
IMPLEMENTING HAPPENS-BEFORE ANALYSES
![Page 64: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/64.jpg)
Dynamic Data-Race DetectionPre
cisi
on
Cost
Happens Before
[Lamport 78]
Eraser[SBN+ 97]
Barriers [PS 03]Initialization [vPG 01]
...
Vector Clocks [M 88] Goldilocks [EQT 07]
DJIT+ [ISZ 99,PS 03]
TRaDe [CB 01]
...
![Page 65: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/65.jpg)
1
2
3
4
5 5
1
2
3
4
5
4
3
2
1
6 6 6
rel(m)
acq(m)
rel(m)
acq(m)
rel(m)
7 7 7
vol = 1
tmp = vol
acq(m)
Precise Happens-Before
![Page 66: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/66.jpg)
1 0 0
2 0 0
3 0 0
4 0 0
5 0 0 1 5 0
0 1 0
0 2 0
1 3 0
1 4 0
1 3 5
0 0 4
0 0 3
0 0 2
0 0 1
6 4 0 1 6 0 1 3 6
rel(m)
acq(m)
rel(m)
acq(m)
rel(m)
7 4 5 1 7 0 1 3 7
vol = 1
tmp = vol
acq(m)
![Page 67: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/67.jpg)
1 0 0
2 0 0
3 0 0
4 0 0
5 0 0 1 5 0
0 1 0
0 2 0
1 3 0
1 4 0
1 3 5
0 0 4
0 0 3
0 0 2
0 0 1
6 4 0 1 6 0 1 3 6
rel(m)
acq(m)
rel(m)
acq(m)
rel(m)
7 4 5 1 7 0 1 3 7
vol = 1
tmp = vol
acq(m)
![Page 68: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/68.jpg)
1 0 0
2 0 0
3 0 0
4 0 0
5 0 0 1 5 0
0 1 0
0 2 0
1 3 0
1 4 0
1 3 5
0 0 4
0 0 3
0 0 2
0 0 1
6 4 0 1 6 0 1 3 6
rel(m)
acq(m)
rel(m)
acq(m)
rel(m)
7 4 5 1 7 0 1 3 7
vol = 1
tmp = vol
acq(m)
![Page 69: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/69.jpg)
1 0 0
2 0 0
3 0 0
4 0 0
5 0 0 1 5 0
0 1 0
0 2 0
1 3 0
1 4 0
1 3 5
0 0 4
0 0 3
0 0 2
0 0 1
6 4 0 1 6 0 1 3 6
rel(m)
acq(m)
rel(m)
acq(m)
rel(m)
7 4 5 1 7 0 1 3 7
vol = 1
tmp = vol
acq(m)
![Page 70: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/70.jpg)
1 0 0
2 0 0
2 0 0
2 0 0
2 0 0 1 3 0
0 1 0
0 1 0
1 1 0
1 2 0
1 1 1
0 0 1
0 0 1
0 0 1
0 0 1
2 2 0 1 3 0 1 1 2
rel(m)
acq(m)
rel(m)
acq(m)
rel(m)
2 2 1 1 3 0 1 1 2
vol = 1
tmp = vol
acq(m)
![Page 71: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/71.jpg)
4 1 2 8 2 1 3 0
VCA VCB Lm Wx
0 1
Rx
A B A B A B A B A B
A’s local time B’s local time
![Page 72: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/72.jpg)
4 1 2 8 2 1 3 0
VCA VCB Lm Wx
0 1
Rx
A B A B A B A B A B
B-steps with B-time ≤ 1 happen beforeA’s next step
![Page 73: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/73.jpg)
x = 0
4 1 2 8 2 1 3 0
VCA VCB Lm Wx
0 1
Rx
Write-Write Check: Wx VCA ?
Read-Write Check: Rx VCA ?
4 13 0
4 10 1
? Yes
? Yes
O(n) time
![Page 74: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/74.jpg)
x = 0
4 1
4 1
2 8
2 8
2 1 3 0
VCA VCB Lm Wx
2 1 4 0
0 1
Rx
0 1
![Page 75: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/75.jpg)
x = 0
rel(m)
4 1
5 1
4 1
2 8
2 8
2 8
2 1 3 0
VCA VCB Lm Wx
2 1 4 0
4 1 4 0
0 1
Rx
0 1
0 1
![Page 76: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/76.jpg)
x = 0
rel(m)
acq(m)
4 1
5 1
4 1
5 1
2 8
2 8
2 8
4 8
2 1 3 0
VCA VCB Lm Wx
2 1 4 0
4 1 4 0
4 1 4 0
0 1
Rx
0 1
0 1
0 1
![Page 77: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/77.jpg)
x = 0
rel(m)
acq(m)
x = 1
4 1
5 1
4 1
5 1
5 1
2 8
2 8
2 8
4 8
4 8
2 1 3 0
VCA VCB Lm Wx
2 1 4 0
4 1 4 0
4 1 4 0
4 1 4 8
0 1
Rx
0 1
0 1
0 1
0 1
![Page 78: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/78.jpg)
x = 0
rel(m)
x = 1
y = x
4 1
5 1
4 1
5 1
5 1
0 8
0 8
0 8
4 8
4 8
0 0 0 0
VCA VCB Lm Wx
0 0 4 0
4 0 4 0
4 1 4 0
4 1 4 8
2 0
Rx
2 0
2 0
0 1
0 1
Write-Read Check: Wx VCA ?
5 1 ? No4 8
O(n) time
![Page 79: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/79.jpg)
VectorClocks for Data-Race Detection
Sound– No warnings data-race-free execution
Complete– Warning data-race exists
Performance– slowdowns > 50x– memory overhead
79
![Page 80: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/80.jpg)
Dynamic Data-Race DetectionPre
cisi
on
Cost
Happens Before
[Lamport 78]
Eraser[SBN+ 97]
Barriers [PS 03]Initialization [vPG 01]
...
Vector Clocks [M 88] Goldilocks [EQT 07]
DJIT+ [ISZ 99,PS 03]
TRaDe [CB 01]
... RaceTrack [YRC 05] MultiRace [PS 03]
Hybrid Race Detector [OC 03] ...
![Page 81: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/81.jpg)
Combined Approaches
MultiRace [PS 03,07]– Begin with LockSet for x– Switch to VC for x if LockSet becomes
empty– (adaptive granularity as well)
RaceTrack [YRC 05]– Use LockSet for x and extended Eraser
state machine.– Use VCs to reason about fork/join and
wait/notify
![Page 82: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/82.jpg)
Slowdown (x Base Time)
![Page 83: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/83.jpg)
FASTTRACK
![Page 84: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/84.jpg)
Dynamic Data-Race DetectionPre
cisi
on
Cost
Happens Before
[Lamport 78]
Eraser[SBN+ 97]
Barriers [PS 03]Initialization [vPG 01]
...
Vector Clocks [M 88] Goldilocks [EQT 07]
DJIT+ [ISZ 99,PS 03]
TRaDe [CB 01]
... RaceTrack [YRC 05] MultiRace [PS 03]
Hybrid Race Detector [OC 03] ...
FastTrack[Flanagan-Freund 09]
![Page 85: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/85.jpg)
Dynamic Data-Race DetectionPre
cisi
on
Cost
Happens Before
[Lamport 78]
Eraser[SBN+ 97]
Barriers [PS 03]Initialization [vPG 01]
...
Vector Clocks [M 88] Goldilocks [EQT 07]
DJIT+ [ISZ 99,PS 03]
TRaDe [CB 01]
... RaceTrack [YRC 05] MultiRace [PS 03]
Hybrid Race Detector [OC 03] ...
FastTrack[Flanagan-Freund 09]
• Design Criteria:- sound & complete (find at least 1st data race on each var)
- efficient• Insight:
• HB relation is a partial order• But all accesses to a var are
almost always totally ordered
![Page 86: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/86.jpg)
x = 0
4 1 2 8 2 1 3 0
VCA VCB Lm Wx
0 1
Rx
Write-Write Check: Wx VCA ?
Read-Write Check: Rx VCA ?
4 13 0
4 10 1
? Yes
? Yes
O(n) time
![Page 87: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/87.jpg)
Thread A Thread B Thread C Thread D
x = 0
x = 1
x = 4
x = 3
Write-Write and Write-Read Data Races
?
??
O(n)
![Page 88: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/88.jpg)
Thread A Thread B Thread C Thread D
x = 0
x = 1
x = 4
x = 3
No Data Races Yet: Writes Totally Ordered
?
??
O(n)
![Page 89: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/89.jpg)
Thread A Thread B Thread C Thread D
x = 0
x = 1
x = 4
x = 3
No Data Races Yet: Writes Totally Ordered
?
O(1)
![Page 90: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/90.jpg)
x = 0
4 1 2 8 2 1 1@B
VCA VCB Lm Wx
Write-Write Check: Wx VCA ?
4 1 ? Yes1@B
(1 ≤ 1?)
O(1) time
Last Write"Epoch"
![Page 91: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/91.jpg)
x = 0
rel(m)
acq(m)
x = 1
4 1
5 1
4 1
5 1
5 1
0 8
0 8
4 8
4 8
4 8
0 0 3@A
VCA VCB Lm Wx
0 0 4@A
4 0 4@A
4 1 4@A
4 1 8@B
![Page 92: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/92.jpg)
x = 0
rel(m)
acq(m)
x = 1
y = x
4 1
5 1
4 1
5 1
5 1
0 8
0 8
4 8
4 8
4 8
0 0 3@A
VCA VCB Lm Wx
0 0 4@A
4 0 4@A
4 1 4@A
4 1 8@B
Write-Read Check:
5 1 ? No8@B
Wx VCA ?
O(1) time(8 ≤ 1?)
![Page 93: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/93.jpg)
Thread A Thread B Thread C Thread D
read x
read x
x = 2
read x
Read-Write Data Races -- Ordered Reads
?
Most common case: thread-local, lock-protected, ...
![Page 94: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/94.jpg)
Thread A Thread B Thread C
read x read x
x = 2
read x
Read-Write Data Races -- Unordered Reads
?
fork
? ?
x = 0
![Page 95: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/95.jpg)
x = 0-
VCA VCB Wx Rx
7 0
fork 7@A7 0
7 1 7@A8 0
read x7 1 7@A8 0
7@A8 0x = 2
read x
8 1
-
-
-
1@B
O(1)
O(n)
Read-Write Check: Rx VCA ?
8 08 1 ? No
O(n)
![Page 96: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/96.jpg)
Thread A Thread B Thread C Thread D
read y
y = 10
read y
? ?
O(n)
![Page 97: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/97.jpg)
Thread A Thread B Thread C Thread D
read y
y = 10
read y
![Page 98: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/98.jpg)
Thread A Thread B Thread C Thread D
read y
y = 10
read y
y = 3
?
O(n)
?
?
![Page 99: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/99.jpg)
Thread A Thread B Thread C Thread D
read y
y = 10
read y
y = 3
?
Forget VC for Rx and switch back
to "last read epoch"
O(1)
![Page 100: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/100.jpg)
Slowdown (x Base Time)
![Page 101: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/101.jpg)
FastTrack allocated ~200x fewer VCs
(Note: VCs for dead objects are garbage collected)
Improvements– accordion clocks [CB 01]– analysis granularity [PS 03, YRC 05]
CheckerMemory
Overhead
Basic VC,DJIT+
7.9x
FastTrack 2.8x
Empty 2.0x
Memory Usage
![Page 102: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/102.jpg)
SingleTrack
Velodrome
Atomizer
0 20 40 60 80 100 120
Original
FastTrack Prefilter
Average Slowdown (x base time)
Precise Data Race Classification for Other Checkers
and ~40% reduction in false alarms in Atomizer…
![Page 103: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/103.jpg)
Eclipse 3.4
Scale– > 6,000 classes– 24 threads– custom sync. idioms
Precision (tested 5 common tasks)– Eraser: ~1000 warnings– FastTrack: ~30 warnings
Performance on compute-bound tasks– > 2x speed of other precise checkers– same as Eraser
![Page 104: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/104.jpg)
IMPLEMENTATION FRAMEWORKS
![Page 105: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/105.jpg)
Building a Dynamic Data Race Detector• Identify synchronization• Instrument callbacks
• At synchronization operations• At memory operations
• Implement a data race detection algorithm• Report data races with debugging information
![Page 106: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/106.jpg)
Design Considerations• Performance overhead• Tolerance to false positives• Coverage• Debuggability
![Page 107: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/107.jpg)
Performance Overhead• Why is overhead important?
![Page 108: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/108.jpg)
Performance Overhead• Why is overhead important?
• Tests take longer
• Interaction with timing behavior• Databases will trigger deadlock-recovery if transactions don’t finish in X
ms
![Page 109: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/109.jpg)
Back of the Envelope Calculation• ~ One in five instructions is a memory operation• ~ One in two memory operation is to a non-stack location
• Data race detector is called every 10 instructions• On every callback,
• Need to perform at least one memory lookup to access the metadata
• Synchronization to avoid data races (!) on metadata• And, we need some cycles to run the algorithm• OVERHEAD
![Page 110: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/110.jpg)
False Positives• False Data Races
• A “bug” in the algorithm• Lockset will report a race if program does not follow a consistent lock
discipline• A “bug” in the tool
• don’t cover all synchronizations• Benign Data Races
• Data Races that don’t trigger assertion violations• Prone to memory model issues
• Need to prove to the user that this data race can cause a problem under some memory model
![Page 111: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/111.jpg)
Coverage• Given an trace, does the tool find
• All data races• The first data race
• Can the tool find data races in other “related” traces?• Happens-before algorithm finds all data races in traces with the same
happens-before ordering of synchronization as the original• Is it acceptable to miss data races?
![Page 112: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/112.jpg)
Debuggability• So, you have found a data race, now what?• Need to collect stack trace information
• For one thread?• For both threads?
• Tools usually find tons of data races instances• Need a good method to group data race reports
![Page 113: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/113.jpg)
Building a Dynamic Data Race Detector• Identify synchronization• Instrument callbacks
• At synchronization operations• At memory operations
• Implement a data race detection algorithm• Report data races with debugging information
![Page 114: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/114.jpg)
Identifying Synchronization• Thread synchronization
• Locks, semaphores, condition variables,…• Volatile/Atomic accesses
• Memory model specifies these as “synchronization”• Not recognizing them will report lots of benign data races
• Interprocess Communication
![Page 115: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/115.jpg)
Example of IPC over threads
Thread A
x ++;send_pipe();
Thread Brecv_pipe();
x ++;Happens-before
![Page 116: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/116.jpg)
Failure to handle False Data Race
Thread A
x ++;send_pipe();
Thread Brecv_pipe();
x ++;False Data Race!
![Page 117: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/117.jpg)
Data Race ?
Thread A
x ++;malloc();
Thread Bmalloc();
x ++;
![Page 118: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/118.jpg)
Data Race ?• Not, if you consider internal details of malloc()
Thread Ax ++;malloc(){ lock(); … unlock();}
Thread Bmalloc(){ lock(); … unlock();}x ++;
Happens-before
![Page 119: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/119.jpg)
Instrumenting Callbacks• At Source
• Compiler optimizes your instrumentation• Need good happens-before specification for third-party (library) binaries
• At Binary• More expensive instrumentation• Handle (and find data races in) libraries
![Page 120: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/120.jpg)
Processing Callbacks• Online
• Run the data-race detection algorithm at runtime• Expensive processing• At least find one access in the action
• Offline• Log the events, and process them later• Lightweight processing• Log management is an issue
![Page 121: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/121.jpg)
ROADRUNNER
![Page 122: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/122.jpg)
Binary Instrumentation
Atom, Vulcan, ASM, SOOT, Valgrind, PIN, ...(or modifying a VM)
Can be difficult to build robust/efficient tools– Expose most features of actual hardware– Complex details of underlying machine
object layout, addressing modes, thread impl.– Hard to optimize instrumentation code– Large start-up cost
Other issues– Portability– Comparisons between tools
![Page 123: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/123.jpg)
RoadRunner [Flanagan-Freund 10]
1. A general framework to facilitate– writing– composing– debugging– comparing
dynamic analyses for multithreaded code
2. Efficient for Java, without changing JVM Implemented >30 analyses in RoadRunner
– Performance competitive with analysis-specific implementations built from scratch
– And with implementations in Jikes RVM [Bond et al]
![Page 124: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/124.jpg)
Using RoadRunner Checking Tools
Single Checker:rrrun -tool=LockSet Targetrrrun -tool=FastTrack Targetrrrun -tool=HappensBefore Target
Composed Checkers:rrrun -tool=ThreadLocal:ReadOnly:LockSet Targetrrrun -tool=ThreadLocal:ReadOnly:LockSet:Atomizer Targetrrrun -tool=FastTrack:Atomizer Target
Diagnostic Tools:rrrun -tool=ThreadLocal:Print Targetrrrun -tool=FastTrack:Count:Atomizer Target
![Page 125: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/125.jpg)
RoadRunnerTools
Size (line
s)Description
Empty 35 "No Op" Back End
Print 170 Print synch / memory ops
ThreadLocal 48 Local vs. Shared Data
LockSet [SBN97] 327
Race Conditions
DJIT+ [PS 07] 582
MultiRace [PS 07] 923
Goldilocks [EQT 07] 1,416
FastTrack [FF 09] 758
Atomizer [FF 04] 245Serializability
Velodrome [FFY 08] 1,088
SingleTrack [SFF 09]
1,655 Deterministic Parallelism
Jumble [FF 10] 1,326 Adversarial Memory
SideTrack [YSF 09] 500 Trace generalization
![Page 126: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/126.jpg)
Architecture
Error: race on x...Java Bytecode
A: acq(m)A: read(x)B: write(y)A: rel(m)
Event Stream Back-End
ToolInstrumented Bytecode
Standard JVM
Abstract State
Instrumenter
Monitor
Back-EndTool
Back-EndTool
Others: Sofya [KDR 07], CalFuzzer JNPS 09]
RoadRunner
![Page 127: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/127.jpg)
Tool API (Without Composition)
Tool specifies:– handlers for synchronization / access
events– data to store about abstract program state
abstract class Tool { void create(NewThreadEvent e) void acquire(AcquireEvent e) void release(ReleaseEvent e) void access(AccessEvent e) ... }
![Page 128: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/128.jpg)
RR Abstract State
Thread 1 Thread 2o.x
Shadow Threads Shadow Vars for locations
a[1]
![Page 129: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/129.jpg)
RR Abstract State: LockSet
Thread 1 Thread 2o.x
Shadow Threads Shadow Vars for locations
a[1]
{ m } { }
{ m } { m,n }
![Page 130: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/130.jpg)
Decorations for Shadow Threads
Maps with constant-time operations– Creation:
Decoration<ShadowThread,LSet> held = ShadowThread.makeDecoration(LSet.empty());
– Usage:
LSet ls = held.get(thread);held.set(thread, ls.add(lock));
Values kept in small array stored in Key objects
![Page 131: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/131.jpg)
Variable Shadows for Locations
Different requirements– orders of magnitude more locations & uses– performance critical– decoration overhead too large
RR stores single ShadowVar value for each loc.
Tool specifies value for fresh location:
ShadowVar makeShadowVar(AccessEvent e) { return held.get(e.thread); }
![Page 132: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/132.jpg)
Event Stream
class AcquireEvent {AcquireInfo info;ShadowThread thread;ShadowLock lock;
}
class AccessEvent {AccessInfo info;ShadowThread thread;ShadowVar shadow;
boolean putShadow(ShadowVar var)}
update ShadowVarstored for location
![Page 133: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/133.jpg)
LockSet Handlers
public void acquire(AcquireEvent e) { LSet ls = held.get(e.thread); held.set(e.thread, ls.add(e.lock)); }
public void access(AccessEvent e) { LSet locks = (LSet)e.shadow; LSet held = held.get(e.thread); LSet newLocks = locks.intersect(held); e.putShadow(newLocks); if (newLocks.isEmpty()) { error(e.info); } }
![Page 134: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/134.jpg)
RR Abstract State: HappensBefore
Thread 1 Thread 2o.x
m
Shadow Threads Shadow Vars
a[1]
Shadow Locks
[4,2] [1,11]
[3,2]
[3,2]
[1,5]
![Page 135: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/135.jpg)
RR Abstract State: ThreadLocal
Thread 1 Thread 2o.x
m
Shadow Threads Shadow Vars
a[1]
Shadow Locks
Shared Thread 2
![Page 136: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/136.jpg)
Tool API (With Composition)
abstract class Tool {
Tool next;
void create(NewThreadEvent e) { next.create(e); } void acquire(AcquireEvent e) { next.acquire(e); } void release(ReleaseEvent e) { next.release(e); } void access(AccessEvent e) { next.access(e); } ... }
Every Tool:– must pass all sync events to next– can filter out access events
![Page 137: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/137.jpg)
Composed Tools: "ThreadLocal:LockSet"
Thread 1 Thread 2o.x a[1]
m
Shadow Threads Shadow Vars
Shadow Locks
{ m } { }
{ m } ---
Shared Thread 2
... ...
...
...
![Page 138: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/138.jpg)
ShadowVar Ownership
Still keep a single ShadowVar for each location
Type indicates current owner Tool explicitly passes ownership
to next tool in chain
Thread 1 Thread 2o.x a[1]
m
Shadow Threads Shadow Vars
Shadow Locks
{ m } { }
{ m } Thread 2
... ...
...
...
![Page 139: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/139.jpg)
public void acquire(AcquireEvent e) { LSet ls = held.get(e.thread); held.set(e.thread, ls.add(e.lock)); }
public void access(AccessEvent e) { LSet locks = (LSet)e.shadow; LSet held = held.get(e.thread); LSet newLocks = locks.intersect(held); e.putShadow(newLocks); if (newLocks.isEmpty()) { error(e.info); } }
![Page 140: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/140.jpg)
public void acquire(AcquireEvent e) { LSet ls = held.get(e.thread); held.set(e.thread, ls.add(e.lock)); next.acquire(e); }
public void access(AccessEvent e) { if (!(e.shadow instanceof Set)) { next.access(e); // Not owner } else { LSet locks = (LSet)e.shadow; LSet held = held.get(e.thread); LSet newLocks = locks.intersect(held); e.putShadow(newLocks); if (newLocks.isEmpty()) { error(e.info); this.advance(e); } } }
![Page 141: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/141.jpg)
Performance
ToolSlowdown
(x base time)
Empty 5.6
Eraser (=ThreadLocal:ReadOnly:LockSet)
9.4
Eraser:RedundantSync:Atomizer 9.8
FastTrack 7.3
FastTrack:Velodrome 8.1
Memory Overhead: at least 2x, due to ShadowVars
Running times are competitive with analysis-specific checkers built from scratch
![Page 142: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/142.jpg)
Implementation: ShadowVar State
[0]
[1]
[2]
class C { int x; int y;}...C c = ...;c.x = 3;
x
shadow x
y
shadow y
shadow [0]
shadow [1]
shadow [2]
int a[] = ...;a[2] = 3;
c
a
Array-To-Shadow Map1. per-thread inline
cache2. ConcurrentHashMap3. WeakHashMap "Attic"
![Page 143: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/143.jpg)
Implementation: Event Handling
Thread performing operation executes handler
Avoiding data races on ShadowVar for location:– serialize event stream– tool-provided synchronization– optimistic updates
public void access(AccessEvent e) { LSet held = held.get(e.thread); do { LSet locks = (LSet)e.shadow; LSet newLocks = locks.intersect(held); } while (!e.putShadow(newLocks)); ... }
![Page 144: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/144.jpg)
Implementation: Optimizations
Leverage JIT Event Object Reuse Array-To-Shadow Map Fast Path Inlining
– most access events handled without modifying state or using full event info
– RoadRunner inlines these "fast paths"
boolean readFP(ShadowVar v, ShadowThread cur) { return v == held.get(cur) && !((LSet)v).isEmpty();}
![Page 145: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/145.jpg)
Perspective
JIT works great
Efficient & Scalable– Eclipse, dacapo
(mostly),...
Event model matches analysis specification
Uniform comparisons
Tool composition– prototyping– debugging– profiling
JIT is moving target...
Further scalability– mitigate memory
overhead– offline instrumentation
Hard JVM features– custom class loaders– native code– serialization– native libs
Not C/C++
The Good Rough Edges
![Page 146: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/146.jpg)
DATACOLLIDER: (NEAR) ZERO-OVERHEAD DATA-RACE DETECTION
![Page 147: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/147.jpg)
A Data Race in Windows
• Clearing the RUNNING bit swallows the setting of the NEED_CALLBACK bit
• Resulted in a system hang during boot• Reproducible only on one hardware configuration• This bug caused release delays on said system• The hardware had to be shipped from Japan to Redmond for debugging
RunContext(...){ pctxt->dwfCtxt &= ~CTXTF_RUNNING; }
RestartCtxtCallback(...){ pctxt->dwfCtxt |= CTXTF_NEED_CALLBACK; }
![Page 148: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/148.jpg)
DataCollider
• A runtime tool for finding data races
• Low runtime overheads
• Readily implementable
• Works for kernel-mode and user-mode Windows programs
• Successfully found many concurrency errors in
• Windows kernel, Windows shell, Internet Explorer, SQL server, …
![Page 149: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/149.jpg)
False vs. Benign Data Races
LockAcquire ( l );
gRefCount++;
gStatsCount++;
LockRelease ( l );
LockAcquire ( l );
gRefCount++;
LockRelease ( l );
gStatsCount++;
gRefCount++;
False
Destructive
Benign
![Page 150: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/150.jpg)
Existing Dynamic Approaches for Data-Race Detection
• Log data and synchronizations operations at runtime
• Infer conflicting data access that can happen concurrently• Using happens-before or lockset reasoning
LockAcquire ( l );gRefCount++;LockRelease ( l );
LockAcquire ( l );gRefCount++;LockRelease ( l );
gRefCount++;
happens-before
happens-before
x
![Page 151: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/151.jpg)
Challenge 1: Large Runtime Overhead• Classic example: Intel Thread Checker has 200x overhead
• BOE calculation for logging overheads• Logging sync. ops ~ 2% to 2x overhead• Logging data ops ~ 2x to 10x overhead • Logging debugging information (stack trace) ~ 10x to 100x overhead
• Large overheads skew execution timing• A kernel build is “broken” if it does not boot within 30 seconds• SQL server initiates deadlock recovery if a transaction takes more than
400 microseconds• Browser initiates recovery if a tab does not respond in 5 seconds
• New techniques (e.g. FastTrack) reduce overhead, but …
![Page 152: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/152.jpg)
AcquireMutex(gLock);gRefCount++;ReleaseMutex(gLock);
AcquireMutex(gLock);gRefCount++;ReleaseMutex(gLock);
Challenge 2: Complex Synchronization Semantics
• Correctness depends on *exact* knowledge of synchronization• Synchronizations can be homegrown and complex
• (e.g. lock-free, events, processor affinities, IRQL manipulations,…)• Missed synchronizations can result in false data races
OpenFile(“foo”, EXCLUSIVE);gRefCount++;CloseFile();
OpenFile(“foo”, EXCLUSIVE);gRefCount++;CloseFile();
happens-before
?happens-before
![Page 153: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/153.jpg)
Challenge 2: Complex Synchronization Semantics
• With multiple levels of interrupts, what is a thread?• In some ways each <thread, interrupt level> is its own execution entity• However, pre-thread data is shared across levels• Interrupt levels are their own form of synchronization
Device.Buffer = {0};Device.SendWorkToHw();
Device::OnInterrupt() { Device.Buffer = ReadHw(); }
SetAffinity/RaiseIrql();inc RefCount[CurrentProc()]ClearAffinity/LowerIrql();
SetAffinity/RaiseIrql();inc RefCount[CurrentProc()]ClearAffinity/LowerIrql();
RaiseIrql(INTERRUPT_LEVEL);Device.Buffer = {0};LowIrql();
Device::OnInterrupt() { Device.Buffer = ReadHw(); }
?
![Page 154: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/154.jpg)
Challenge 3: Actionable Data• Information about data races help only insofar as it identifies
the root cause
• Recording the state of the program is expensive for methods that use logging• Any data needed for debugging must be recorded for every memory
access that could potentially be part of a data race.• E.g. If a stack trace is desired, then every memory access that might be
part of a data race must have the stack trace stored.
![Page 155: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/155.jpg)
DataCollider Key Ideas
• Cause a data-race to happen, rather than infer its occurrence• No inference => oblivious to synchronization protocols• Catching threads “in the act” => actionable error reports
• Use hardware breakpoints for hooks and conflict detection• Hardware does all the work => low runtime overhead
• Use sampling• Randomly sample accesses as candidates for data-race detection at a
user-controlled overhead
![Page 156: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/156.jpg)
Algorithm
• Randomly sprinkle code breakpoints on memory accesses
• When a code breakpoint fires at an access to x• Set a data breakpoint on x• Delay for a small time window
• Read x before and after the time window• Detects conflicts with non-CPU writes• Or writes through a different virtual address
• Ensure a user-defined number of code-breakpoint firings per second
PeridoicallyInsertRandomBreakpoints();
OnCodeBreakpoint( pc ) {
// disassemble the instruction at pc (loc, size, isWrite) = disasm( pc ); temp = read( loc, size ); if ( isWrite ) SetDataBreakpointRW( loc, size ); else SetDataBreakpointW( loc, size );
delay();
ClearDataBreakpoint( loc, size );
temp’ = read( loc, size ); if(temp != temp’ || data breakpt hit) ReportDataRace( ); }
![Page 157: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/157.jpg)
Sampling: What’s the tradeoff?• Short answer: It’s up to the user!
• Long answer• Tradeoff: overhead vs. likelihood of finding a data race• User controls breakpoints/second & delay length
• Optimal usage?• # of threads >= (# of HW watchpoints (4 on x86) + # of
processors), lots of both!• Processors are always busy
![Page 158: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/158.jpg)
Sampling w.r.t. Software Projects • Bug bar: how likely would it be that a customer would
hit this data race?
• Lower overhead better approximates actual usage
• A data race found only at high overheads should be rarely encountered by end users
• Controlling the overhead can be a way of prioritizing data races
![Page 159: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/159.jpg)
Sampling Instructions• Challenge: sample hot and cold instructions equally
if (rand() % 1000 == 0) { cold (); } else { hot (); }
![Page 160: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/160.jpg)
Sampling Using Code Breakpoints• Over time, code breakpoints aggregate towards cold-instructions
• Cold instructions have a high sampling probability when they execute
• Samples instructions independent of their execution frequency• Hot and code instructions are sampled uniformly
• Cold-instruction sampling is well-suited for data-race detection• Buggy data races tend to occur on cold-paths• Data races on hot paths are likely to be benign
![Page 161: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/161.jpg)
Experience from DataCollider• All nontrivial programs have data races
• Most (>90%) of the dynamic occurrences are benign• Benign data race = The developer will not fix the race even when given
infinite resources
• Many of the benign data races can be heuristically pruned• Races on variables with names containing “debug”, “stats” • Races on variables tagged as volatile• Races that occur often
• Further research required to address the benign data-race problem – e.g. Adversarial memory & PortEnd
![Page 162: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/162.jpg)
![Page 163: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/163.jpg)
Future Work• Different sampling distributions
• Placing statistical preference on “interesting” instructions per static analysis
• Different sampling rates• Breakpoints per second is abstract• Automated optimization
Hypothetical Distribution for Optimization
Delay Length
Uni
que
Race
s
Del
ay F
requ
ency
![Page 164: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/164.jpg)
DataCollider Conclusion• Puts the user in control of the overhead
• Fundamentally incapable of false data races
• Trivial to implement - requires no knowledge of synchronization methods
• Sampling is biased toward user-scenarios, but converges to a uniform distribution of static instructions
• Provides full debugging information (e.g. full memory dump)
![Page 165: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/165.jpg)
CUZZ: CONCURRENCY FUZZINGFIND RACE CONDITIONS WITH PROBABILISTIC GUARANTEES
![Page 166: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/166.jpg)
Cuzz: Concurrency Fuzzing• Disciplined randomization of thread schedules
• Finds all concurrency bugs in every run of the program• With reasonably-large probability
• Scalable• In the no. of threads and program size
• Effective• Bugs in IE, Firefox, Office Communicator, Outlook, …• Bugs found in the first few runs
![Page 167: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/167.jpg)
Init();
CallCuzz();
DoMoreWork();
CallCuzz();
free(p);
Init();
RandDelay();
DoMoreWork();
Init();
RandDelay();
DoMoreWork();
RandDelay();
free(p);RandDelay();
free(p);
void* p =
malloc;
RandDelay();
CreateThd(child
);
RandDelay();
p->f ++;
void* p =
malloc;
CreateThd(child)
;
p->f ++;
void* p =
malloc;
RandDelay();
CreateThd(child)
;
void* p =
malloc;
CallCuzz();
CreateThd(child
);
CallCuzz();
p->f ++;
RandDelay();
p->f ++;
Concurrency Fuzzing in Three Steps
Init();
DoMoreWork();
free(p);
Parent Child
1. Instrument calls to Cuzz
2. Insert random delays
3. Use the Cuzz algorithm to determine when and by how much to delay
This is where all the magic is
![Page 168: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/168.jpg)
Find all “use-after-free” bugs
a
b
c
g
h
e
f
i
ThreadCreate(…)
ThreadJoin(…)
SetEvent(e)
WaitEvent(e)
All nodes involve the use and freeof some pointer
if b frees a pointer used by g, the followingexecution triggers the error
b c g
![Page 169: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/169.jpg)
Find all “use-after-free” bugs
a
b
c
g
h
e
f
i
ThreadCreate(…)
ThreadJoin(…)
SetEvent(e)
WaitEvent(e)
Problem: For every unordered pair, say (b,g), cover both orderings:e.g.
b c g
g b c
![Page 170: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/170.jpg)
Find all “use-after-free” bugs
a
b
c
g
h
e
f
i
Approach 1: enumerate all interleavings
![Page 171: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/171.jpg)
Find all “use-after-free” bugs
a
b
c
g
h
e
f
i
Approach 2: enumerate all unordered pairs• b -> g• g -> b• b -> h• …
![Page 172: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/172.jpg)
Find all “use-after-free” bugs
a
b
c
g
h
e
f
i
Two interleavings find all use-after-free bugs
a b c e g h i f
a g h b c i e f
![Page 173: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/173.jpg)
Find all “use-after-free” bugs
a
b
c
g
h
e
f
i
Two interleavings find all use-after-free bugs
a b c e g h i f
a g h b c i e f
Cuzz picks each with 0.5 probability
![Page 174: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/174.jpg)
Find all “use-after-free” bugs• For a concurrent program with n threads• There exists n interleavings that find all use-after-free bugs• Cuzz explores each with probability 1/n
![Page 175: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/175.jpg)
Concurrency Bug Depth• Number of ordering constraints sufficient to find the bug• Bugs of depth 1
• Use after free• Use before initialization
A: …B: fork (child);C: p = malloc();D: …E: …
F: ….G: do_init();H: p->f ++; I: …J: …
![Page 176: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/176.jpg)
Concurrency Bug Depth• Number of ordering constraints sufficient to find the bug• Bugs of depth 2
• Pointer set to null between a null check and its use
A: …B: p = malloc();C: fork (child);D: ….E: if (p != NULL)F: p->f ++;G:
H: … I: p = NULL;J : ….
![Page 177: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/177.jpg)
Cuzz Guarantee• n: max no. of concurrent threads (~tens)• k: max no. of operations (~millions)
• There exists interleavings that find all bugs of depth d• Cuzz picks each with a uniform probability
• Probability of finding a bug of depth d
![Page 178: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/178.jpg)
Cuzz AlgorithmInputs: n: estimated bound on the number of threads
k: estimated bound on the number of stepsd: target bug depth
// 1. assign random priorities >= d to threads for t in [1…n] do priority[t] = rand() + d;
// 2. chose d-1 lowering points at randomfor i in [1...d) do lowering[i] = rand() % k;
steps = 0;while (some thread enabled) { // 3. Honor thread priorities Let t be the highest-priority enabled thread; schedule t for one step; steps ++;
// 4. At the ith lowering point, set the priority to i if steps == lowering[i] for some i priority[t] = i;}
![Page 179: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/179.jpg)
Empirical bug probability w.r.t worst-case bound
• Probability increases with n, stays the same with k• In contrast, worst-case bound = 1/nkd-1
2 3 5 9 17 33 650
0.005
0.01
0.015
0.02
0.025
4 items 16 items64 items
Number of Threads
Prob
abili
ty o
f find
ing
the
bug
![Page 180: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/180.jpg)
Why Cuzz is very effective• Cuzz (probabilistically) finds all bugs in a single run
• Programs have lots of bugs• Cuzz is looking for all of them simultaneously• Probability of finding any of them is more than the probability of
finding one
• Buggy code is executed many times• Each dynamic occurrence provides a new opportunity for Cuzz
![Page 181: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/181.jpg)
Conclusions• Two tools for finding concurrency errors
• DataCollider: Uses code/data breakpoints for finding data races efficiently
• Cuzz: Inserts randomized delays to find race conditions• Both are easily implementable• Email: [email protected] for questions/availability
![Page 182: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/182.jpg)
ADVERSARIAL MEMORY FORDESTRUCTIVE RACES
![Page 183: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/183.jpg)
Beyond Detecting Data Race Conditions
Checkers can find real race conditions
But which race conditions are real bugs? – that cause erroneous behaviors (crashes,
etc)– and are not “benign race conditions”
![Page 184: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/184.jpg)
Large Multithreaded Application
Potential Data Races
line 10line 23line 57
real?
Real Data Races
line 10line 57
Precise Race Detector
JavaPathfinder
DJIT+ [ISZ 99, PS 03]
Goldilocks [EQT 07]
FastTrack [FF 09]
Pacer [BCK 10]
…
bug?Destructive Data Races
line 57
Jumble
Adversarial
memory
Imprecise Race Detector
Eraser [SBN+ 97]
MultiRace [PS 07]
RacerX [EA 03]
Relay [VJL 07]
RaceTrack [YRC 05]
[NAW 06], ..
Destructive data race: erroneous observable behaviorBenign data race: not a bug
![Page 185: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/185.jpg)
Controlling Scheduling Non-Determinism
racyread
(eg: CalFuzzer, DataCollider, etc.)
Large ConcurrentApplication
Input
p = new Pt();...p = null;
...if p != null p.draw();
Thread A
Thread B
![Page 186: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/186.jpg)
Each processor/core has a cache When do writes to x become visible to other
processors? Sequentially Consistent MM Relaxed MM (JMM, x86-TSO, etc.)
more than one value written to x may be visible
Memory Models
![Page 187: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/187.jpg)
Example
x = 10;y = 20;
r1 = y;r2 = x;print r1 + r2;
Thread A Thread B
int x;int y;Initially x == y == 0;
What’s Printed? 30? 20? 10? 0?
![Page 188: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/188.jpg)
Example
x = 10;y = 20;
r1 = y;r2 = x;print r1 + r2;
Thread A Thread B
int x;volatile int y;Initially x == y == 0;
What’s Printed? 30? 20? 10? 0?
![Page 189: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/189.jpg)
Adversarialmemory exploitsmemorynondeterminism.
Racy readsees old valuelikely to crashapplication.
Complements schedule-basedapproaches, quiteeffective.
racyread
Adversarial Memory [Flanagan-Freund 10]
Large ConcurrentApplication
Input
![Page 190: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/190.jpg)
racyread
Adversarial Memory [Flanagan-Freund 10]
Large ConcurrentApplication
Input
p = new Pt();...p = null;
...if p != null p.draw();
Thread A
Thread B
![Page 191: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/191.jpg)
Example
Data race on x Is this data race destructive? Can program divide by zero?
int x = 10;x = 0;fork{ if (x != 0) x = 50/x; }x = 42;
![Page 192: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/192.jpg)
Sequentially Consistent Memory Model
• Intuitive memory model• Each read sees most recent write• (No memory caches)
int x = 10;x = 0;fork{ if (x != 0) x = 50/x; }x = 42;
x = 10x = 0fork
x = 42
r = xr != 0?
x = 10x = 0forkx = 42
r = xr != 0?r = xr = 50/rx = r
![Page 193: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/193.jpg)
Java Memory Modelint x = 10;x = 0;fork{ if (x != 0) x = 50/x; }x = 42;
Happens-Before Partial Order • Program order edges• Fork edges• Release-acquire edges, …
not visible
visible
visible
Can see 0 or 42!
x = 10x = 0forkx = 42
r = xr != 0?r = x
r = 50/rx = r
Java Memory Model
Read R can “see” previous write W1
if no intervening write W2 with
W1 ≤ W2 ≤ R
(This is a JMM subset; JMM can see some future writes and admits additional behaviors)
![Page 194: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/194.jpg)
Jumble
Record:• write buffer for racy vars• happens-before relation
heuristically pick 0
division by zero
not visible
visible
visible
x = 10x = 0forkx = 42
r = xr != 0?r = x
r = 50/rx = r
int x = 10;x = 0;fork{ if (x != 0) x = 50/x; }x = 42;
At each read:• determine visible writes• return old writes to crash app with higher probability than typical memory impl.
![Page 195: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/195.jpg)
x = 101 0
x = 02 0
fork3 0
x = 424 0
r = x3 1
r == 0?3 2
r = x3 3
r = 50/r3 4
5 0
1@A: 10
1@A: 10 2@A: 0
1@A: 10 2@A: 0
1@A: 10 2@A: 0 4@A: 42
Write Buffer for x:
![Page 196: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/196.jpg)
x = 101 0
x = 02 0
fork3 0
x = 424 0
r = x3 1
r == 0?3 2
r = x3 3
r = 50/r3 4
5 0
Read by B at [3,1]
Visible:
Pick 42
2@A: 0
4@A: 42
1@A: 10
1@A: 10 2@A: 0
1@A: 10 2@A: 0
1@A: 10 2@A: 0 4@A: 42
![Page 197: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/197.jpg)
x = 101 0
x = 02 0
fork3 0
x = 424 0
r = x3 1
r == 0?3 2
r = x3 3
r = 50/r3 4
5 0
0 -- 2@A
0 -- 2@A 42 -- 4@A
1@A: 10
1@A: 10 2@A: 0
1@A: 10 2@A: 0
1@A: 10 2@A: 0 4@A: 42
1@A: 10
2@A: 0 4@A: 421@A: 10
2@A: 0 4@A: 42
Read by B at [3,3]
Visible:
Pick 0
2@A: 0
4@A: 42
![Page 198: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/198.jpg)
x = 101 0
x = 02 0
fork3 0
x = 424 0
r = x3 1
r == 0?3 2
r = x3 3
r = 50/r3 4
5 0
Div By 0
1@A: 10
1@A: 10 2@A: 0
1@A: 10 2@A: 0
1@A: 10 2@A: 0 4@A: 42
1@A: 10
2@A: 0 4@A: 421@A: 10
2@A: 0 4@A: 42
![Page 199: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/199.jpg)
Java Bytecode
A: read(x)
return 42
Event Stream
JUMBLEInstrumented
Bytecode
Abstract State
Instrumenter
Monitor
RoadRunner
CRASH!
![Page 200: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/200.jpg)
Jumble Performance
Keep write buffers only for small # of locations– all instances of a particular field declaration– array sampled at indexes 0 and 1
(configurable)
Slowdown of 1.2x to 5x
Write buffers limited to 32 entries– eject writes when no longer visible or
redundant– some capacity ejects
![Page 201: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/201.jpg)
Jumble Precision: failures out of 100 runs
– 27 fields with data races– ran Jumble manually once for each field – found 4 destructive data races
Benchmark: racy field NoJumble SC Oldest Oldest
but diff Random Randombut diff
montecarlo: DEBUG mtrt: threadCount point: p point: x point: y jbb: elapsed_time jbb: mode raytracer:checksum1 sor: arrays lufact: arrays moldyn: arrays tsp: MinTourLen
000000000000
000000000000
0 0 0 60 48 100 100 100 100 100 100 100
0 0 0 52 53 0 100 100 100 100 100 100
0 0 0 32 27 15 95 100 100 100 100 100
0 0 0 30 30 5 98 100 100 100 100 100
![Page 202: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/202.jpg)
Jumble Summary Identifying destructive data races
– very difficult, time consuming, error prone
Adversarial memory automates identification– reveals destructive data races with high
confidence– helps focus effort on fixing real bugs
![Page 203: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/203.jpg)
Where To Go From Here? [Much work on all of these problems, some by the audience, by
us, ...] Performance, performance, performance ...
– always-on detection, HW support,– static-dynamic hybrid analyses, language support
Is sampling the way to go for debugging?– Does it miss rare data races?
Prioritize and deal with benign data races– which data races are most critical?
How to respond to data races?– warning / fail-fast / recovery
Reproducing traces exhibiting rare data races– record and replay
Generalization– reason about traces beyond the observed trace
Finding memory model problems
![Page 204: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/204.jpg)
Acknowledgments
Some of our presentation on background material is based on slides from Dan Grossman– http
://homes.cs.washington.edu/~djg/slides/grossman_russia_dataraces.pptx
Thanks to Shaz Qadeer, Tom Ball, and Cormac Flanagan for valuable feedback on this presentation
![Page 205: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/205.jpg)
Key References Hans-J. Boehm and Sarita V. Adve, "You Don't Know Jack
About Shared Variables or Memory Models", CACM 2012. Leslie Lamport, "Time, Clocks, and the Ordering of Events in
a Distributed System", CACM 1978. Martin Abadi, Cormac Flanagan, and Stephen N. Freund,
"Types for Safe Locking: Static Race Detection for Java", TOPLAS 2006.
Madanlal Musuvathi, Shaz Qadeer, Thomas Ball, Gerard Basler, Piramanayagam Arumuga Nainar, and Iulian Neamtiu, "Finding and Reproducing Heisenbugs in Concurrent Programs", OSDI 2008.
Cormac Flanagan, K. Rustan M. Leino, Mark Lillibridge, Greg Nelson, James B. Saxe, and Raymie Stata. "Extended static checking for Java", PLDI 2002.
S. Savage, M. Burrows, G. Nelson, P. Sobalvarro, and T. E. Anderson, "Eraser: A dynamic data race detector for multi-threaded programs", TOCS 1997.
![Page 206: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/206.jpg)
Key References Friedemann Mattern, "Virtual Time and Global States of
Distributed Systems", Workshop on Parallel and Distributed Algorithms 1989.
Yuan Yu, Tom Rodeheffer, and Wei Chen, "RaceTrack: Efficient detection of data race conditions via adaptive tracking", SOSP 2005.
Eli Pozniansky and Assaf Schuster, "MultiRace: Efficient on-the-fly data race detection in multithreaded C++ programs", Concurrency and Computation: Practice and Experience 2007.
Robert O'Callahan and Jong-Deok Choi, "Hybrid Dynamic Data Race Detection", PPOPP 2003.
Cormac Flanagan and Stephen N. Freund, "FastTrack: efficient and precise dynamic race detection", CACM 2010.
Cormac Flanagan and Stephen N. Freund, "The RoadRunner dynamic analysis framework for concurrent programs", PASTE 2010.
![Page 207: DYNAMIC ANALYSES FOR DATA RACE DETECTION John Erickson Microsoft Stephen Freund Williams College Madan Musuvathi Microsoft Research](https://reader037.vdocument.in/reader037/viewer/2022110322/56649d125503460f949e6173/html5/thumbnails/207.jpg)
Key References John Erickson, Madanlal Musuvathi, Sebastian Burckhardt, Kirk
Olynyk, "Effective Data-Race Detection for the Kernel", OSDI 2010.
Madanlal Musuvathi, Sebastian Burckhardt, Pravesh Kothari, and Santosh Nagarakatte, "A Randomized Scheduler with Probabilistic Guarantees of Finding Bugs", ASPLOS 2010.
Michael D. Bond, Katherine E. Coons, Kathryn S. McKinley, "PACER: proportional detection of data races", PLDI 2010.
Cormac Flanagan and Stephen N. Freund, "Adversarial memory for detecting destructive races", PLDI 2010.