EECS EECS Electrical Engineering and Electrical Engineering and Computer Sciences Computer Sciences B ERKELEY P AR L AB B ERKELEY P AR L AB P A R A L L E L C O M P U T I N G L A B O R A T O R Y Semantic Atomicity for Multithreaded Programs � Jacob Burnim, George Necula, Koushik Sen � Parallel Computing Laboratory � University of California, Berkeley �
EECS Parallel Correctness is Hard Electrical Engineering and Computer Sciences B ERKELEY P AR L AB ! Difficult to write correct parallel software. � " Key: Interference between parallel threads. � " Atomicity – freedom from harmful interference; a fundamental parallel correctness property. � ! Today : Semantic atomicity . � " Specifying atomicity with respect to user- defined, semantic equivalence. � " Efficiently testing such specifications. � " Overall Goal: Lightweight, useful specs to help programmers find and fix parallelism bugs. � 2
EECS Outline Electrical Engineering and Computer Sciences B ERKELEY P AR L AB ! Overview + Motivation � ! Background: Atomicity � ! Specifying Semantic Atomicity � ! Testing Semantic Atomicity � ! Experimental Evaluation � ! Conclusion � 3
EECS Background: Atomicity Electrical Engineering and Computer Sciences B ERKELEY P AR L AB ! Atomicity a non-interference property . � " Block of code is atomic if it behaves as if executed all-at-once and without interruption. � " Interference from other threads is benign – cannot change overall program behavior. � 4
EECS Background: Atomicity Electrical Engineering and Computer Sciences B ERKELEY P AR L AB ! Atomicity a non-interference property . � " Block of code is atomic if it behaves as if executed all-at-once and without interruption. � Atomic specification . � int bal = 0; � Programmer intends deposit(int a) { � that this code is atomic. � @atomic { � int t = bal; � bal = t + a; � Want to check specification. � } � } � Is the code actually atomic? � 5
EECS Background: Atomicity Electrical Engineering and Computer Sciences B ERKELEY P AR L AB ! Atomicity a non-interference property . � " Block of code is atomic if it behaves as if executed all-at-once and without interruption. � Thread 1: � Thread 2: � deposit(10) � int bal = 0; � deposit(5) � deposit(int a) { � t = 0 � @atomic { � t = 0 � int t = bal; � bal = 10 � bal = t + a; � bal = 5 � } � } � Atomicity specification does not hold. � 6
EECS Background: Atomicity Electrical Engineering and Computer Sciences B ERKELEY P AR L AB ! Atomicity a non-interference property . � " Block of code is atomic if it behaves as if executed all-at-once and without interruption. int bal = 0; � With CAS, updates to deposit(int a) { � balance are atomic. � @atomic { � int t = bal; � while (!CAS(&bal, t, t+a)) � t = bal; � Atomicity specification } � } � does hold. � 7
EECS Background: Atomicity Electrical Engineering and Computer Sciences B ERKELEY P AR L AB ! Formally: Two semantics for a program P with specified atomic blocks. � " Interleaved: Threads interleave normally. � Final Initial State s 1 � State s 0 � interleaved execution E " Serial: When one thread opens an atomic block, no other thread runs until it closes. � Initial Final serial execution E State s 0 � State s 1 ’ � 8
EECS Background: Atomicity Electrical Engineering and Computer Sciences B ERKELEY P AR L AB ! Formally, program P is atomic iff: � " For all interleaved executions E yielding s 1 , there exists a serial E ’ yielding an identical final state. � ∀ interleaved executions Final State s 1 � Initial State s 0 � s 1 == s 1 ’ � q.equals(q’) � ∃ serial execution � Final State s 1 ’ � 9
EECS Outline Electrical Engineering and Computer Sciences B ERKELEY P AR L AB ! Overview � ! Background: Atomicity � ! Specifying Semantic Atomicity � ! Testing Semantic Atomicity � ! Experimental Evaluation � ! Conclusion � 10
EECS Motivating Example Electrical Engineering and Computer Sciences B ERKELEY P AR L AB ConcurrentLinkedQueue q; � q.add(1); q.add(1); � Thread 1: Thread 2: � @atomic { @atomic { � q.remove(1); q.remove(1); � } } � ! Michael & Scott non-blocking queue, in the Java standard library � ! Internally, a linked list with lazy deletion. � 11
EECS Motivating Example Electrical Engineering and Computer Sciences B ERKELEY P AR L AB Thread 1: Thread 2: � @atomic { @atomic { � q.remove(1); q.remove(1); � } } � ! In any serial execution: � head: � 1 � 1 � null � remove(1) � head: � 1 � null � remove(1) � head: � null � 12
EECS Motivating Example Electrical Engineering and Computer Sciences B ERKELEY P AR L AB Thread 1: Thread 2: � @atomic { @atomic { � q.remove(1); q.remove(1); � } } � ! But in an interleaved execution: � 1 � 1 � head: � null � remove(1) � remove(1) � head: � null � null � 13
EECS Motivating Example Electrical Engineering and Computer Sciences B ERKELEY P AR L AB Thread 1: Thread 2: � @atomic { @atomic { � q.remove(1); q.remove(1); � } } � ! Traditional atomicity requires: � null � null � ∀ interleaved executions Final State s 1 � Initial State s 0 � s 1 == s 1 ’ � q.equals(q’) � ∃ serial execution � Final State s 1 ’ � 14
EECS Motivating Example Electrical Engineering and Computer Sciences B ERKELEY P AR L AB Thread 1: Thread 2: � @atomic { @atomic { � q.remove(1); q.remove(1); � } } � ! Traditional atomicity requires: � null � null � ∀ interleaved executions Final State s 1 � ! Initial State s 0 � s 1 == s 1 ’ � q.equals(q’) � ∃ serial execution � Final null � State s 1 ’ � 15
EECS Motivating Example Electrical Engineering and Computer Sciences B ERKELEY P AR L AB Thread 1: Thread 2: � @atomic { @atomic { � q.remove(1); q.remove(1); � } } � Replace with user-defined ! Traditional atomicity requires: � semantic equivalence. � null � null � ∀ interleaved executions Final State s 1 � ! Initial State s 0 � s 1 == s 1 ’ � q.equals(q’) � ∃ serial execution � Final null � State s 1 ’ � 16
EECS Semantic Atomicity Electrical Engineering and Computer Sciences B ERKELEY P AR L AB Thread 1: Thread 2: � @atomic { @atomic { � q.remove(1); q.remove(1); � } } � Replace with user-defined semantic equivalence. � null � null � ∀ interleaved executions Final State s 1 � Initial " ( s 1 , # s 1 ) State s 0 � q.equals(q’) � ∃ serial execution � Final null � State s 1 ’ � 17
EECS Semantic Atomicity Example Electrical Engineering and Computer Sciences B ERKELEY P AR L AB Thread 1: Thread 2: � @atomic { @atomic { � q.remove(1); q.remove(1); � } } � Atomicity predicate: q.equals(q’) � ∀ interleaved executions Final State s 1 � Initial " ( s 1 , # s 1 ) State s 0 � q.equals(q’) � ∃ serial execution � Final State s 1 ’ � 18
EECS Bridge Predicates Electrical Engineering and Computer Sciences B ERKELEY P AR L AB Thread 1: Thread 2: � @atomic { @atomic { � q.remove(1); q.remove(1); � } } � Atomicity predicate: q.equals(q’) � Bridge predicate. � ! Burnim, Sen, “Asserting and Checking Determinism for Multithreaded Programs”, FSE 2009, CACM 2010. � 19
EECS Atomicity vs. Determinism Electrical Engineering and Computer Sciences B ERKELEY P AR L AB ! Semantic Atomicity : � ∀ interleaved executions Final ` State s 1 � Initial State s 0 � Final " ( s 1 , # s 1 ) ∃ serial execution � State s 1 ’ � ! Semantic Determinism : � ∀ interleaved executions Final ` Initial State s 1 � State s 0 � Final " ( s 1 , # s 1 ) ∀ interleaved executions � State s 1 ’ � 20
EECS Semantic Atomicity Example Electrical Engineering and Computer Sciences B ERKELEY P AR L AB int bal = 0; � int conflicts = 0; � With CAS, updates to balance are atomic. � deposit(int a) { � @atomic { � int t = bal; � while (!CAS(&bal, t, t+a)) { � t = bal; � conflicts += 1; � “Performance counter” } � of # of CAS failures. � } � } � Atomicity predicate: bal == bal’ � 21
EECS Semantic Atomicity Example Electrical Engineering and Computer Sciences B ERKELEY P AR L AB ConcurrentList list; � Thread 1: Thread 2: � @atomic { @atomic { � ... ... � list.add(1); list.add(3); � ... ... � list.add(2); list.add(4); � } } � Atomicity predicate: eqSets(list,list’) � ! If list is [1,3,2,4], an atomicity violation? � " User must specify intended atomicity. � 22
Recommend
More recommend
