verifying a concurrent garbage collector
play

Verifying a Concurrent Garbage Collector Delphine Demange Suresh - PowerPoint PPT Presentation

Oct 20, 2023 •429 likes •1.17k views

Verifying a Concurrent Garbage Collector Delphine Demange Suresh Jagannathan Gustavo Petri David Pichardie Jan Vitek Yannick Zakowski Why are high level languages difficult to compile? Easy to compile in C Obj.f := v What about Java? A

  1. Verifying a Concurrent Garbage Collector Delphine Demange Suresh Jagannathan Gustavo Petri David Pichardie Jan Vitek Yannick Zakowski

  2. Why are high level languages difficult to compile?

  3. Easy to compile in C Obj.f := v What about Java?

  4. A Store in Java if (fivmr_GCHeader_markBits( void FIVMR_CONCAT(FIVMBUILD_GC_NAME,_markSlow)(fivmr_ThreadState *ts, fivmr_GCHeader_fromObject(&ts->vm->settings, fivmr_Object obj) { obj))!=0) { fivmr_SPC_incBarrierSlowPath(); if (ts->gc.tracing && fivmr_GC_isTracing(curPhase)) { if (mutatorMark(ts, if (FIVMR_LOG_GC_MARK_TRAPS) { fivmr_GCHeader_fromObject(&ts->vm->settings, uint64_t stamp=fivmr_readCPUTimestamp(); obj))) { fp_log(ts->id, LOG(3,("Thread %u barrier marked %p (of type %s)", "mark trap at %u:%u on %u",3, ts->id,obj, (uintptr_t)((stamp>>32)&0xffffffff), fivmr_TypeData_forObject(&ts->vm->settings,obj)->name)); (uintptr_t)((stamp>>0)&0xffffffff), } obj); } else if (curPhase==FIVMR_GCP_PRE_INIT || fivmr_GC_isTracing(curPhase)) { } LOG(3,("Thread %u barrier would have marked marked %p (of type %s); " "phase = %d (now %d), status = %" PRIuPTR, fivmr_assert(ts->execStatus==FIVMR_TSES_IN_JAVA || ts->id,obj, ts->execStatus==FIVMR_TSES_IN_JAVA_TO_BLOCK); fivmr_TypeData_forObject(&ts->vm->settings,obj)->name, curPhase,ts->vm->gc.phase,ts->execStatus)); fivmr_assert(obj); } else if (!FIVMR_HFGC_FAIL_FAST_PATHS(&ts->vm->settings)) { LOG(0,("Thread %u barrier incorrectly saw %p (of type %s)", if (FIVMR_ASSERTS_ON || FIVMR_LOG_LEVEL>=2) { ts->id,obj, fivmr_GCPhase curPhase; fivmr_TypeData_forObject(&ts->vm->settings,obj)->name)); curPhase=ts->vm->gc.phase; fivmr_abort("barrier error"); } /* this code is more verbose and careful */ } } else { /* should never see stack-allocated objects */ /* this code is carefully written to ensure performance, but doesn’t if (!FIVMR_HFGC_FAIL_FAST_PATHS(&ts->vm->settings)) { do the same verification as the above. */ fivmr_assert( if (ts->gc.tracing) { fivmr_GCHeader_markBits( fivmr_GCHeader *hdr; fivmr_GCHeader_fromObject(&ts->vm->settings, fivmr_GCHeader oldHdr; obj))!=0); uintptr_t markBits; } uintptr_t curShaded; fivmr_GC *gc; /* we don’t want to mark when we’re idle because during the idle phase at the beginning of GC we may be rotating mark bits. this prevents gc=&ts->vm->gc; races where two threads end up double-marking an object because they hdr = fivmr_GCHeader_fromObject(&ts->vm->settings, see different values of curShaded. obj); oldHdr = *hdr; this is particularly why we query ts->gc.tracing. it’s possible that markBits = fivmr_GCHeader_markBits(&oldHdr); a thread will have used stale shade values in its fast path check. curShaded = gc->curShaded; worse, memory model issues could mean that the value of gc->curShaded we see here could be stale. we don’t want to perform marking with a if (markBits!=0 && stale value of curShaded. checking ts->gc.tracing, which is set by (markBits&curShaded)==0 && safepoints and hence side-steps cache coherence, ensures that we only markUnmarked(gc, proceed when we have the latest shade values. */ &ts->gc.queue,

  5. A Store in Java /* we don’t want to mark when we’re idle because during the idle phase at the beginning of GC we may be rotating mark bits. this prevents races where two threads end up double-marking an object because they see different values of curShaded. this is particularly why we query ts->gc.tracing. it’s possible that a thread will have used stale shade values in its fast path check. worse, memory model issues could mean that the value of gc->curShaded we see here could be stale. we don’t want to perform marking with a stale value of curShaded. checking ts->gc.tracing, which is set by safepoints and hence side-steps cache coherence, ensures that we only proceed when we have the latest shade values. */

  6. This work Challenge: Certify a state-of-the-art Concurrent Garbage Collector Methodology: An IR to Implement and Verify Runtime Services

  7. The set-up

  8. The set-up TSO

  9. The set-up TSO

  10. What do we prove ? This tutorial closely follows Damien Doligez’s phd (1995)

  11. Garbage collection root root root How to automatically reclaim unused memory ? unused Theorem : Reachable memory is never reclaimed

  12. Sequential mark & sweep Periodically stop user code and perform: • Mark: graph traversal from the root marking cells black • Sweep: scan of the whole memory to free non-black cells Color conventions: • Black: marked • White: not marked • Grey: to be marked (pending nodes) • Blue: free cells

  13. Sequential mark & sweep Periodically stop user code and perform: • Mark: graph traversal from the root marking cells black • Sweep: scan of the whole memory to free non-black cells Color conventions: • Black: marked • White: not marked • Grey: to be marked (pending nodes) • Blue: free cells

  14. Sequential mark & sweep Periodically stop user code and perform: • Mark: graph traversal from the root marking cells black • Sweep: scan of the whole memory to free non-black cells Color conventions: • Black: marked • White: not marked • Grey: to be marked (pending nodes) • Blue: free cells

  15. Sequential mark & sweep Periodically stop user code and perform: • Mark: graph traversal from the root marking cells black • Sweep: scan of the whole memory to free non-black cells Color conventions: • Black: marked • White: not marked • Grey: to be marked (pending nodes) • Blue: free cells

  16. Sequential mark & sweep Periodically stop user code and perform: • Mark: graph traversal from the root marking cells black • Sweep: scan of the whole memory to free non-black cells Color conventions: • Black: marked • White: not marked • Grey: to be marked (pending nodes) • Blue: free cells

  17. Sequential mark & sweep Periodically stop user code and perform: • Mark: graph traversal from the root marking cells black • Sweep: scan of the whole memory to free non-black cells Color conventions: • Black: marked • White: not marked • Grey: to be marked (pending nodes) • Blue: free cells

  18. Sequential mark & sweep Periodically stop user code and perform: • Mark: graph traversal from the root marking cells black • Sweep: scan of the whole memory to free non-black cells Color conventions: • Black: marked • White: not marked • Grey: to be marked (pending nodes) • Blue: free cells

  19. Sequential mark & sweep Periodically stop user code and perform: • Mark: graph traversal from the root marking cells black • Sweep: scan of the whole memory to free non-black cells Color conventions: • Black: marked • White: not marked • Grey: to be marked (pending nodes) • Blue: free cells

  20. Sequential mark & sweep Periodically stop user code and perform: • Mark: graph traversal from the root marking cells black • Sweep: scan of the whole memory to free non-black cells Color conventions: • Black: marked • White: not marked • Grey: to be marked (pending nodes) • Blue: free cells

  21. Sequential mark & sweep Periodically stop user code and perform: • Mark: graph traversal from the root marking cells black • Sweep: scan of the whole memory to free non-black cells Color conventions: • Black: marked • White: not marked • Grey: to be marked (pending nodes) • Blue: free cells

  22. Sequential mark & sweep Periodically stop user code and perform: • Mark: graph traversal from the root marking cells black • Sweep: scan of the whole memory to free non-black cells Color conventions: • Black: marked • White: not marked • Grey: to be marked (pending nodes) • Blue: free cells

  23. Sequential mark & sweep Periodically stop user code and perform: • Mark: graph traversal from the root marking cells black • Sweep: scan of the whole memory to free non-black cells Color conventions: • Black: marked • White: not marked • Grey: to be marked (pending nodes) • Blue: free cells

  24. Sequential mark & sweep Periodically stop user code and perform: • Mark: graph traversal from the root marking cells black • Sweep: scan of the whole memory to free non-black cells Color conventions: • Black: marked • White: not marked • Grey: to be marked (pending nodes) • Blue: free cells

  25. Sequential mark & sweep Periodically stop user code and perform: • Mark: graph traversal from the root marking cells black • Sweep: scan of the whole memory to free non-black cells Color conventions: • Black: marked • White: not marked • Grey: to be marked (pending nodes) • Blue: free cells

  26. Sequential mark & sweep Periodically stop user code and perform: • Mark: graph traversal from the root marking cells black • Sweep: scan of the whole memory to free non-black cells Color conventions: • Black: marked • White: not marked • Grey: to be marked (pending nodes) • Blue: free cells

  27. Sequential mark & sweep Periodically stop user code and perform: • Mark: graph traversal from the root marking cells black • Sweep: scan of the whole memory to free non-black cells Color conventions: • Black: marked • White: not marked • Grey: to be marked (pending nodes) • Blue: free cells

Recommend

A Semi Preemptive Garbage A Semi Preemptive Garbage Collector for Solid State Collector

A Semi Preemptive Garbage A Semi Preemptive Garbage Collector for Solid State Collector

A Semi Preemptive Garbage A Semi Preemptive Garbage Collector for Solid State Collector for Solid State Collector for Solid State Collector for Solid State Drives Drives Junghee Lee, Youngjae Kim, Galen M. Shipman, Sarp Oral, Feiyi Wang,

540 views • 26 slides
Garbage Collection Jan Midtgaard Michael I. Schwartzbach Aarhus University The Garbage

Garbage Collection Jan Midtgaard Michael I. Schwartzbach Aarhus University The Garbage

Compilation 2010 Garbage Collection Jan Midtgaard Michael I. Schwartzbach Aarhus University The Garbage Collector A garbage collector is part of the runtime system It reclaims heap-allocated records (objects) that are no longer in use

959 views • 56 slides
Specifying and Verifying Concurrent Algorithms with Histories and Subjectivity Ilya

Specifying and Verifying Concurrent Algorithms with Histories and Subjectivity Ilya

Specifying and Verifying Concurrent Algorithms with Histories and Subjectivity Ilya Sergey Aleks Nanevski Anindya Banerjee ESOP 2015 A logic-based approach for Specifying and Verifying Concurrent Algorithms An

2.36k views • 186 slides
Bounding Pause Times in a Regional Garbage Collector Felix S Klock II Thesis Advisor: Will

Bounding Pause Times in a Regional Garbage Collector Felix S Klock II Thesis Advisor: Will

Bounding Pause Times in a Regional Garbage Collector Felix S Klock II Thesis Advisor: Will Clinger 1 1 What is Garbage Collection? Automated reclamation of unreachable storage (Tracing) Garbage collection Mutator : Main application apart

1.13k views • 99 slides
Prioritized Garbage Collection Using the Garbage Collector to Support Caching Diogenes Nunez ,

Prioritized Garbage Collection Using the Garbage Collector to Support Caching Diogenes Nunez ,

Prioritized Garbage Collection Using the Garbage Collector to Support Caching Diogenes Nunez , Samuel Z. Guyer, Emery D. Berger Tufts University, University of Massachusetts Amherst November 2, 2016 D. Nunez, S. Guyer, E. Berger Prioritized GC

1.04k views • 80 slides
iCSI : A Cloud Garbage VM Collector for Addressing Inactive VM with Machine Learning In Kee Kim

iCSI : A Cloud Garbage VM Collector for Addressing Inactive VM with Machine Learning In Kee Kim

iCSI : A Cloud Garbage VM Collector for Addressing Inactive VM with Machine Learning In Kee Kim + , Sai Zeng * , Christopher Young * , Jinho Hwang * , and Marty Humphrey + + University of Virginia * IBM T.J. Watson Research Center 1 Motivation

514 views • 28 slides
Distributed Garbage Collection for General Graphs Basic Approaches to Garbage Collection

Distributed Garbage Collection for General Graphs Basic Approaches to Garbage Collection

Distributed Garbage Collection for General Graphs Basic Approaches to Garbage Collection The Brownbridge Collector SWP Collector

1.16k views • 88 slides
Parallel Analysis of Parallelism Verifying Concurrent Software System Designs Using GPUs GTC

Parallel Analysis of Parallelism Verifying Concurrent Software System Designs Using GPUs GTC

Parallel Analysis of Parallelism Verifying Concurrent Software System Designs Using GPUs GTC 2015 Anton Wijs Correctness of Concurrent Systems Distributed, concurrent systems common-place, but very

633 views • 52 slides
RCGC is naturally incremental, how about making it concurrent Review Incremental mark-sweep

RCGC is naturally incremental, how about making it concurrent Review Incremental mark-sweep

RCGC is naturally incremental, how about making it concurrent Review Incremental mark-sweep Steeles multiprocessing, compactifying collector Dijkstras on -the-fly collector Kung and Song improved four-color collector

491 views • 15 slides
Verifying Concurrent Programs (Tutorial) Aarti Gupta Systems Analysis & Verification Group

Verifying Concurrent Programs (Tutorial) Aarti Gupta Systems Analysis & Verification Group

Verifying Concurrent Programs (Tutorial) Aarti Gupta Systems Analysis & Verification Group NEC Labs America, Princeton, USA www.nec-labs.com Tutorial: Verifying Concurrent Programs Oct 2011 Acknowledgements Malay Ganai, Vineet

982 views • 72 slides
Proving Correctness of a Garbage Collector via Local Reasoning Lars Birkedal [birkedal@itu.dk],

Proving Correctness of a Garbage Collector via Local Reasoning Lars Birkedal [birkedal@itu.dk],

Proving Correctness of a Garbage Collector via Local Reasoning Lars Birkedal [birkedal@itu.dk], Noah Torp-Smith [noah@itu.dk] The IT University of Copenhagen Joint work with John C. Reynolds, Carnegie Mellon University Spatial Logic Workshop,

958 views • 70 slides
Verifying concurrent software using movers in CSPEC Tej Chajed , Frans Kaashoek, Butler Lampson*,

Verifying concurrent software using movers in CSPEC Tej Chajed , Frans Kaashoek, Butler Lampson*,

Verifying concurrent software using movers in CSPEC Tej Chajed , Frans Kaashoek, Butler Lampson*, Nickolai Zeldovich MIT CSAIL and *Microsoft Concurrent software is difficult to get right Programmer cannot reason about code in sequence 2

1.2k views • 72 slides
Incremental Garbage Collection Part II Roland Schatz Incremental Garbage Collection p.1/22

Incremental Garbage Collection Part II Roland Schatz Incremental Garbage Collection p.1/22

Incremental Garbage Collection Part II Roland Schatz Incremental Garbage Collection p.1/22 Baker Disadvantages not concurrent Incremental Garbage Collection p.2/22 Baker Disadvantages not concurrent not even threadsafe

1.49k views • 93 slides
VCC: A Practical System for Verifying Concurrent C Ernie Cohen 1 , Markus Dahlweid 2 , Mark

VCC: A Practical System for Verifying Concurrent C Ernie Cohen 1 , Markus Dahlweid 2 , Mark

VCC: A Practical System for Verifying Concurrent C Ernie Cohen 1 , Markus Dahlweid 2 , Mark Hillebrand 3 , Dirk Leinenbach 3 , Michal Moskal 2 , Thomas Santen 2 , Wolfram Schulte 4 and Stephan Tobies 2 1 Microsoft Corporation, Redmond, WA, USA 2

553 views • 27 slides
The Benefits of Duality in Verifying Concurrent Programs under TSO Parosh Aziz Abdulla 1 Ahmed

The Benefits of Duality in Verifying Concurrent Programs under TSO Parosh Aziz Abdulla 1 Ahmed

The Benefits of Duality in Verifying Concurrent Programs under TSO Parosh Aziz Abdulla 1 Ahmed Bouajjani 2 Mohamed Faouzi Atig 1 Tuan Phong Ngo 1 1 Uppsala University 2 IRIF, Universit Paris Diderot & IUF CONCUR 2016 1 Motivation

1.66k views • 118 slides
GC Assertions: Using the Garbage Collector to check heap properties Shirley Gracelyn February

GC Assertions: Using the Garbage Collector to check heap properties Shirley Gracelyn February

GC Assertions: Using the Garbage Collector to check heap properties Shirley Gracelyn February 16, 2011 Motivation 1 Automatic memory management frees some burden from programmers 2 Fewer memory management errors Motivation 1 Automatic memory

278 views • 26 slides
Data Checking at Dropbox David Mah Dropbox Problems we are tackling Examples of Checkers

Data Checking at Dropbox David Mah Dropbox Problems we are tackling Examples of Checkers

Data Checking at Dropbox David Mah Dropbox Problems we are tackling Examples of Checkers Generic Model for a Checker Our garbage collector had a rarely hit off by one bug Our garbage collector had a rarely hit off by one bug that resulted

451 views • 33 slides
Verifying Concurrent Programs using Contracts Ricardo J. Dias, Carla Ferreira, Jan Fiedor, Jo

Verifying Concurrent Programs using Contracts Ricardo J. Dias, Carla Ferreira, Jan Fiedor, Jo

Verifying Concurrent Programs using Contracts Ricardo J. Dias, Carla Ferreira, Jan Fiedor, Jo ao M. Lourenc o, Ale s Smr cka, Diogo G. Sousa, Tom a s Vojnar Brno University of Technology (BUT) Universidade Nova de Lisboa (UNL)

1.54k views • 125 slides
Concurrent Datatype Verification Verifying lock free data types using CSP and FDR Jonathan

Concurrent Datatype Verification Verifying lock free data types using CSP and FDR Jonathan

Concurrent Datatype Verification 01 Concurrent Datatype Verification Verifying lock free data types using CSP and FDR Jonathan Lawrence jonathan.lawrence@cs.ox.ac.uk Concurrent Datatype Verification 02 Introduction Case study using

618 views • 27 slides
Performance Considerations in Concurrent Garbage-Collected Systems Peter Holditch, Chief

Performance Considerations in Concurrent Garbage-Collected Systems Peter Holditch, Chief

Performance Considerations in Concurrent Garbage-Collected Systems Peter Holditch, Chief Architect EMEA, Azul Systems Presented to JAOO 2008 Garbage Collection Series About the speaker Peter Holditch (Chief Architect, EMEA), Azul Systems

457 views • 35 slides
NG2C: Pretenuring Garbage Collector with Dynamic Generations for HotSpot Big Data Apps Rodrigo

NG2C: Pretenuring Garbage Collector with Dynamic Generations for HotSpot Big Data Apps Rodrigo

NG2C: Pretenuring Garbage Collector with Dynamic Generations for HotSpot Big Data Apps Rodrigo Bruno*, Lus Picciochi Oliveira + , Paulo Ferreira* rodrigo.bruno@tecnico.ulisboa.pt, luis.oliveira@feedzai.com, paulo.ferreira@inesc-id.pt *INESC-ID

665 views • 52 slides
Verifying Concurrent Programs Daniel Kroening 28 May 1 June 2012 Outline Shared-Variable

Verifying Concurrent Programs Daniel Kroening 28 May 1 June 2012 Outline Shared-Variable

Verifying Concurrent Programs Daniel Kroening 28 May 1 June 2012 Outline Shared-Variable Concurrency Predicate Abstraction for Concurrent Programs Boolean Programs with Bounded Replication Boolean Programs with Unbounded Replication D.

774 views • 50 slides
Verifying that a compiler preserves concurrent value-dependent information-flow security Robert

Verifying that a compiler preserves concurrent value-dependent information-flow security Robert

Verifying that a compiler preserves concurrent value-dependent information-flow security Robert Sison (UNSW Sydney, Data61) and Toby Murray (University of Melbourne) September 2019 THE UNIVERSITY OF NEW SOUTH WALES www.data61.csiro.au So

1.94k views • 156 slides
Concurrent Copying Garbage Collection Filip Pizlo, Erez Petrank, Bjarne Steensgaard Purdue,

Concurrent Copying Garbage Collection Filip Pizlo, Erez Petrank, Bjarne Steensgaard Purdue,

Concurrent Copying Garbage Collection Filip Pizlo, Erez Petrank, Bjarne Steensgaard Purdue, Technion/Microsoft, Microsoft PLDI08 - Tucson, AZ 1 Introduction RTGC is gaining acceptance as an alternative to manual memory management for

1.09k views • 91 slides

More recommend