verifying deadlock freedom
play

Verifying Deadlock Freedom Duy-Khanh LE , Wei-Ngan CHIN, Yong-Meng - PowerPoint PPT Presentation

Jan 22, 2023 •303 likes •734 views

An Expressive Framework for Verifying Deadlock Freedom Duy-Khanh LE , Wei-Ngan CHIN, Yong-Meng TEO {leduykha,chinwn,teoym} [at] comp.nus.edu.sg 11 th International Symposium on Automated Technology for Verification and Analysis (ATVA), Hanoi,

  1. An Expressive Framework for Verifying Deadlock Freedom Duy-Khanh LE , Wei-Ngan CHIN, Yong-Meng TEO {leduykha,chinwn,teoym} [at] comp.nus.edu.sg 11 th International Symposium on Automated Technology for Verification and Analysis (ATVA), Hanoi, Vietnam, Oct 15 – 18, 2013

  2. Outline  Motivation  Related Work  Objective & Contributions  Approaches  Precise locksets  Delayed lockset checking  Combining lockset and locklevel  Implementation & Preliminary Experiment  Conclusion An Expressive Framework for Verifying Deadlock Freedom 18 October 2013 2

  3. Motivation  Deadlock is a notoriously important issue  6,500 reports out of 198,000 ( ∼ 3%) of Sun’s bug report database containing the keyword “deadlock” [ICSE’09]  Existing formal reasoning frameworks  focus on partial correctness  and mostly ignore deadlocks  Need to formally reason about deadlock- freedom An Expressive Framework for Verifying Deadlock Freedom 18 October 2013 3

  4. Types of Deadlocks  Deadlocks are often defined as “states in which each thread in a set blocks waiting for others to finish, but neither ever does”  D1 : Double lock acquisition  D2 : Interactions between thread and lock operations  D3 : Unordered locking An Expressive Framework for Verifying Deadlock Freedom 18 October 2013 4

  5. Related Work  Formal reasoning frameworks  Often use abstract predicates (e.g. locked(x) ) to represent states of locks  Partial correctness [APLAS’07, ESOP’08, POPL’11, etc]  Chalice [ESOP’09, ESOP’10] can prevent D1&D3  Dynamic analyses (e.g ICSE’12)  Cannot guarantee the absence of deadlocks  Static analyses and type systems (e.g. ICSE’09, TLDI’12)  Tend to be less expressive than specification logics  Ignore D2 An Expressive Framework for Verifying Deadlock Freedom 18 October 2013 5

  6. Objective  Propose an expressive logical framework for ensuring deadlock-freedom from various deadlock scenarios (D1, D2, and D3) An Expressive Framework for Verifying Deadlock Freedom 18 October 2013 6

  7. Contributions  C1 : Advocate precise locksets as a deadlock-aware abstraction  for reasoning about concurrent programs that manipulate non-recursive locks (D1)  C2 : Propose delayed lockset checking technique  to help reasoning about interactions between thread and lock operations (D2)  C3 : Combine locksets with the locklevels  to form an expressive framework (D3) An Expressive Framework for Verifying Deadlock Freedom 18 October 2013 7

  8. C1: Precise Lockset as an Abstraction  Lockset  A verification concept (denoted as LS )  A thread-local ghost variable capturing the set of locks held by a thread. An Expressive Framework for Verifying Deadlock Freedom 18 October 2013 8

  9. C1: Precise Lockset as an Abstraction  Precise Lockset // ??? Under-approximation: Over-approximation: Precise lockset: An Expressive Framework for Verifying Deadlock Freedom 18 October 2013 9

  10. D1: Double Lock Acquisition An Expressive Framework for Verifying Deadlock Freedom 18 October 2013 10

  11. D1: Double Lock Acquisition An Expressive Framework for Verifying Deadlock Freedom 18 October 2013 11

  12. D1: Double Lock Acquisition An Expressive Framework for Verifying Deadlock Freedom 18 October 2013 12

  13. D2: Interactions between Thread and Lock Ops  deadlocked  deadlock-free An Expressive Framework for Verifying Deadlock Freedom 18 October 2013 13

  14. D2: Traditional Verification Fails   Verified but deadlocked ! An Expressive Framework for Verifying Deadlock Freedom 18 October 2013 14

  15. D2: Traditional Verification Fails  Deadlock-free but not verified ! An Expressive Framework for Verifying Deadlock Freedom 18 October 2013 15

  16. D2: Traditional Verification Fails   Observations  Verified but deadlocked ! Deadlock-free but not verified ! An Expressive Framework for Verifying Deadlock Freedom 18 October 2013 16

  17. C2: Delayed Lockset Checking /* DELAY */ /* DELAY */ /* CHECK, error */ /* CHECK, ok */  Verified => deadlock-free  Deadlocked => not verified An Expressive Framework for Verifying Deadlock Freedom 18 October 2013 17

  18. Exercise – Deadlocked or Deadlock-free? void thread1(lock l) void thread2(lock l,int tid1) { { acquire(l); join(tid1); release(l); } } void main() { lock l = new lock(); int tid1 = fork(thread1,l); acquire(l); int tid2 = fork(thread2,l,tid1); release(l); join(tid2); } Note: - 3 PhD students need > 15 minutes to figure out (with several attempts) - Answer given in the last slide An Expressive Framework for Verifying Deadlock Freedom 18 October 2013 18

  19. D3: Unordered Locking An Expressive Framework for Verifying Deadlock Freedom 18 October 2013 19

  20. D3: Unordered Locking  An Expressive Framework for Verifying Deadlock Freedom 18 October 2013 20

  21. C3: Encoding Waitlevel Using Lockset An Expressive Framework for Verifying Deadlock Freedom 18 October 2013 21

  22. Programming Language An Expressive Framework for Verifying Deadlock Freedom 18 October 2013 22

  23. Specification Language  Example An Expressive Framework for Verifying Deadlock Freedom 18 October 2013 23

  24. Verification Rules (1) (standard) An Expressive Framework for Verifying Deadlock Freedom 18 October 2013 24

  25. Verification Rules (2) (delayed lockset checking) (precise lockset) An Expressive Framework for Verifying Deadlock Freedom 18 October 2013 25

  26. Guarantee on Deadlock Freedom An Expressive Framework for Verifying Deadlock Freedom 18 October 2013 26

  27. Implementation  ParaHIP prototype for verifying correctness + deadlock freedom  Fork/join concurrency + non-recursive locks  Forking of recursive procedures  Unbounded #locks using shape predicates  Thread transfer Download or try ParaHIP online at http://loris-7.ddns.comp.nus.edu.sg/~project/parahip/ An Expressive Framework for Verifying Deadlock Freedom 18 October 2013 27

  28. Preliminary Experiment No Scenario Chalice ParaHIP Comments ✗ ✓ 1 no-deadlock1 Chalice cannot prove that this program is deadlock-free ✓ ✓ 2 no-deadlock2 ✗ ✓ 3 no-deadlock3 Chalice cannot prove that this program is deadlock-free ✗ ✓ 4 deadlock1 Chalice verifies this deadlock scenario as deadlock-free ✓ ✓ 5 deadlock2 ✓ ✓ 6 deadlock3 ✓ ✓ 7 disj-no-deadlock ✗ ✓ 8 disj-deadlock Chalice verifies this deadlock scenario as deadlock-free ✓ ✓ 9 ordered-locking ✓ ✓ 10 unordered-locking (*) Comparison details and implications are discussed in the paper An Expressive Framework for Verifying Deadlock Freedom 18 October 2013 28

  29. Conclusion (Take-home Message)  C1 : Advocate precise locksets as a deadlock-aware abstraction  C2 : Propose delayed lockset checking technique  C3 : Combine locksets with the locklevels Expressive framework for verifying deadlock-freedom An Expressive Framework for Verifying Deadlock Freedom 18 October 2013 29

  30. Future Work  Recursive locks  Lock bag, lock sequence  Other constructs, e.g. barriers  Single barrier (to appear in ICFEM’2013)  Multiple barriers  Multiple barriers, multiple locks An Expressive Framework for Verifying Deadlock Freedom 18 October 2013 30

  31. Answer: It is Deadlock-free  See the example “ no-deadlock-nonlexical ” in our webpage: http://loris-7.ddns.comp.nus.edu.sg/~project/parahip/ An Expressive Framework for Verifying Deadlock Freedom 18 October 2013 31

  32. Answer: It is Deadlock-free An Expressive Framework for Verifying Deadlock Freedom 18 October 2013 32

  33. Q&A  THANK YOU FOR LISTENING leduykha@comp.nus.edu.sg Download or try ParaHIP online at http://loris-7.ddns.comp.nus.edu.sg/~project/parahip/ END An Expressive Framework for Verifying Deadlock Freedom 18 October 2013 33

  34. References (1) [APLAS’07] Gotsman, A., Berdine, J., Cook, B., Rinetzky, N., Sagiv, M.: Local Reasoning for Storable Locks and Threads. In: Shao, Z. (ed.) APLAS 2007. LNCS, vol. 4807, pp. 19 – 37. Springer, Heidelberg (2007) [ESOP’08] Hobor, A., Appel, A.W., Nardelli, F.Z.: Oracle Semantics for Concurrent Separation Logic. In: Drossopoulou, S. (ed.) ESOP 2008. LNCS, vol. 4960, pp. 353 – 367. Springer, Heidelberg (2008) [ESOP’09] Leino, K.R.M., M ¨ uller, P.: A Basis for Verifying Multi-threaded Programs. In: Castagna, G. (ed.) ESOP 2009. LNCS, vol. 5502, pp. 378 – 393. Springer, Heidelberg (2009) [ESOP’10] Leino, K.R.M., M ¨ uller, P., Smans, J.: Deadlock-Free Channels and Locks. In: Gordon, A.D. (ed.) ESOP 2010. LNCS, vol. 6012, pp. 407 – 426. Springer, Heidelberg (2010) An Expressive Framework for Verifying Deadlock Freedom 34 18 October 2013

  35. References (2) [ICSE’09] Naik, M., Park, C.-S., Sen, K., Gay, D.: Effective Static Deadlock Detection. In: ICSE, pp. 386 – 396 (2009) [POPL’11] Jacobs, B., Piessens, F.: Expressive Modular Fine- grained Concurrency Specification. In: POPL, New York, NY, USA, pp. 271 – 282 (2011) [TLDI’12] Gordon, C.S., Ernst, M.D., Grossman, D.: Static Lock Capabilities for Deadlock Freedom. In: TLDI, pp. 67 – 78 (2012) [ICSE’12] Cai, Y., Chan, W.K.: MagicFuzzer: Scalable Deadlock Detection for Large-scale Applications. In: ICSE, pp. 606 – 616 (2012) An Expressive Framework for Verifying Deadlock Freedom 35 18 October 2013

Recommend

Deadlock 12/1/16 Two topics today Deadlock: What it is. How it can happen. How to

Deadlock 12/1/16 Two topics today Deadlock: What it is. How it can happen. How to

Deadlock 12/1/16 Two topics today Deadlock: What it is. How it can happen. How to deal with it. Assembly support for atomicity: Test-and-set Compare-and-swap What is Deadlock? not necessarily Deadlock is a problem

456 views • 34 slides
Parameterized Verification of Deadlock Freedom in Symmetric Cache Coherence Protocols Brad Bingham

Parameterized Verification of Deadlock Freedom in Symmetric Cache Coherence Protocols Brad Bingham

Parameterized Verification of Deadlock Freedom in Symmetric Cache Coherence Protocols Brad Bingham 1 Jesse Bingham 2 Mark Greenstreet 1 1 University of British Columbia, Canada 2 Intel Corporation, U.S.A. November 2, 2011 FMCAD Outline What is

1.24k views • 27 slides
Deadlock Questions? ! What is a deadlock? CSCI [4|6]730 ! What causes a deadlock? Operating

Deadlock Questions? ! What is a deadlock? CSCI [4|6]730 ! What causes a deadlock? Operating

Deadlock Questions? ! What is a deadlock? CSCI [4|6]730 ! What causes a deadlock? Operating Systems ! How do you deal with (potential) deadlocks? Deadlock Maria Hybinette, UGA Maria Hybinette, UGA Deadlock: What is a deadlock? Example

257 views • 13 slides
Resource Allocat ion and Deadlock Handling What s in a deadlock Deadlock: A set of blocked

Resource Allocat ion and Deadlock Handling What s in a deadlock Deadlock: A set of blocked

Resource Allocat ion and Deadlock Handling What s in a deadlock Deadlock: A set of blocked pr ocesses each wait ing f or an event (e.g. a r esour ce t o become available) t hat only anot her pr ocess in t he set can cause 2 Examples

530 views • 41 slides
Chapter 8: Deadlock Questions? What is a deadlock? CSCI [4|6]730 What causes a

Chapter 8: Deadlock Questions? What is a deadlock? CSCI [4|6]730 What causes a

Chapter 8: Deadlock Questions? What is a deadlock? CSCI [4|6]730 What causes a deadlock? Operating Systems How do you deal with (potential) deadlocks? Deadlock 2 Maria Hybinette, UGA Maria Hybinette, UGA Deadlock: What

320 views • 13 slides
Synchronized Progress in Interconnection Networks (SPIN) : A new theory for deadlock freedom

Synchronized Progress in Interconnection Networks (SPIN) : A new theory for deadlock freedom

ISCA 2018 Session 8B: Interconnection Networks Synchronized Progress in Interconnection Networks (SPIN) : A new theory for deadlock freedom Aniruddh Ramrakhyani Tushar Krishna Georgia Tech Georgia Tech (aniruddh@gatech.edu)

2.23k views • 39 slides
Deadlocks & Deadlock Detection Main Memory Management Deadlock Prevention

Deadlocks & Deadlock Detection Main Memory Management Deadlock Prevention

CSE 421/521 - Operating Systems Roadmap Fall 2011 Deadlocks Lecture - XII Resource Allocation Graphs Deadlocks & Deadlock Detection Main Memory Management Deadlock Prevention Deadlock Avoidance Deadlock

280 views • 6 slides
Static Lock Capabilities for Deadlock-Freedom Colin S. Gordon csgordon@cs.washington.edu

Static Lock Capabilities for Deadlock-Freedom Colin S. Gordon csgordon@cs.washington.edu

Static Lock Capabilities for Deadlock-Freedom Colin S. Gordon csgordon@cs.washington.edu University of Washington TLDI, January 28, 2012 Joint work with Michael D. Ernst and Dan Grossman Colin S. Gordon (University of Washington) Lock

649 views • 60 slides
Resource Allocation and Deadlock Resource Allocation and Deadlock Handling Conditions for

Resource Allocation and Deadlock Resource Allocation and Deadlock Handling Conditions for

Resource Allocation and Deadlock Resource Allocation and Deadlock Handling Conditions for Deadlock [Coffman-etal 1971] 4 conditions must hold simultaneously for a deadlock to occur: deadlock to occur: Mutual exclusion: only one process at

520 views • 31 slides
Deadlock CS 450 : Operating Systems Michael Lee <lee@iit.edu> deadlock |dedlk| noun 1

Deadlock CS 450 : Operating Systems Michael Lee <lee@iit.edu> deadlock |dedlk| noun 1

Deadlock CS 450 : Operating Systems Michael Lee <lee@iit.edu> deadlock |dedlk| noun 1 [in sing. ] a situation, typically one involving opposing parties, in which no progress can be made : an attempt to break the deadlock . - New

2.27k views • 119 slides
Last Class: Deadlocks Necessary conditions for deadlock: Mutual exclusion Hold and

Last Class: Deadlocks Necessary conditions for deadlock: Mutual exclusion Hold and

Last Class: Deadlocks Necessary conditions for deadlock: Mutual exclusion Hold and wait No preemption Circular wait Ways of handling deadlock Deadlock detection and recovery Deadlock prevention Deadlock

925 views • 20 slides
Chapter 8: Deadlocks System Model Deadlock Characterization Methods for Handling

Chapter 8: Deadlocks System Model Deadlock Characterization Methods for Handling

Chapter 8: Deadlocks System Model Deadlock Characterization Methods for Handling Deadlocks Deadlock Prevention Deadlock Avoidance Deadlock Detection Recovery from Deadlock Combined Approach to Deadlock Handling

621 views • 21 slides
Chapter 8: Deadlocks System Model Deadlock Characterization Methods for Handling

Chapter 8: Deadlocks System Model Deadlock Characterization Methods for Handling

Chapter 8: Deadlocks System Model Deadlock Characterization Methods for Handling Deadlocks Deadlock Prevention Deadlock Avoidance Deadlock Detection Recovery from Deadlock Combined Approach to Deadlock Handling

632 views • 41 slides
Verifying Distributed Programs via Canonical Sequentialization Klaus von Gleissenthall Joint

Verifying Distributed Programs via Canonical Sequentialization Klaus von Gleissenthall Joint

Verifying Distributed Programs via Canonical Sequentialization Klaus von Gleissenthall Joint work with Alexander Bakst, Ranjit Jhala and Rami Gkhan Kc 1 Writing distributed programs A bug appears Issue: random hangs / deadlock in

808 views • 79 slides
Deadlocks - I Condition Variables The Deadlock Problem Characterization of Deadlock

Deadlocks - I Condition Variables The Deadlock Problem Characterization of Deadlock

CSE 421/521 - Operating Systems Roadmap Fall 2012 Synchronization structures Problems with Semaphores Lecture - X Monitors Deadlocks - I Condition Variables The Deadlock Problem Characterization of Deadlock

427 views • 7 slides
Starvation and Deadlock Starvation and Deadlock Another EventBarrier EventBarrier Example Example

Starvation and Deadlock Starvation and Deadlock Another EventBarrier EventBarrier Example Example

Starvation and Deadlock Starvation and Deadlock Another EventBarrier EventBarrier Example Example Another EventBarrier channel; void OutputThread { while (TRUE) { Invariants: ComputeDataToSend (); 1. Output thread never blocks in Wait() if

252 views • 10 slides
Deadlocks What is a deadlock? Difference from starvation Necessary conditions for a

Deadlocks What is a deadlock? Difference from starvation Necessary conditions for a

Exam 2 Review Computer Science Computer Science CS377: Operating Systems page 1 Deadlocks What is a deadlock? Difference from starvation Necessary conditions for a deadlock Deadlock detection, avoidance, prevention Resource

443 views • 5 slides
Concurrency: Deadlock and Starvation Chapter 6 1 What is Deadlock Permanent blocking of a

Concurrency: Deadlock and Starvation Chapter 6 1 What is Deadlock Permanent blocking of a

Concurrency: Deadlock and Starvation Chapter 6 1 What is Deadlock Permanent blocking of a set of processes that either compete for system resources or communicate with each other Involve conflicting needs for resources by two or

267 views • 26 slides
Concurrency: Deadlock and Starvation Chapter 6 What is Deadlock Permanent blocking of a set

Concurrency: Deadlock and Starvation Chapter 6 What is Deadlock Permanent blocking of a set

1 Concurrency: Deadlock and Starvation Chapter 6 What is Deadlock Permanent blocking of a set of processes that either compete for system resources or communicate with each other Involve conflicting needs for resources by two or

796 views • 52 slides
Operating Systems Deadlock Maria Hybinette, UGA Maria Hybinette, UGA Deadlock Questions?

Operating Systems Deadlock Maria Hybinette, UGA Maria Hybinette, UGA Deadlock Questions?

Operating Systems Deadlock Maria Hybinette, UGA Maria Hybinette, UGA Deadlock Questions? What is a deadlock? What causes a deadlock? How do you deal with (potential) deadlocks? Maria Hybinette, UGA Maria Hybinette, UGA Deadlock:

626 views • 40 slides
CS 31: Intro to Systems Deadlock Martin Gagne Swarthmore College April 25, 2017 What is

CS 31: Intro to Systems Deadlock Martin Gagne Swarthmore College April 25, 2017 What is

CS 31: Intro to Systems Deadlock Martin Gagne Swarthmore College April 25, 2017 What is Deadlock? Deadlock is a problem that can arise: When processes compete for access to limited resources When threads are incorrectly synchronized

599 views • 55 slides
Elements of Typographic Freedom A GUIDE FOR FONT USERS Degrees of Typographic Freedom

Elements of Typographic Freedom A GUIDE FOR FONT USERS Degrees of Typographic Freedom

CHRISTOPHER ADAMS NEW YORK Elements of Typographic Freedom A GUIDE FOR FONT USERS Degrees of Typographic Freedom AVAILABILITY, FOR SALE e.g. ITC, BITSTREAM Freedom to Own GRATIS FONTSHOP, STORM TYPE Freedom to Use PDF, WEBFONTS

671 views • 23 slides
Deadlocks Prevention & Avoidance Summer 2016 Cornell University Today Deadlock

Deadlocks Prevention & Avoidance Summer 2016 Cornell University Today Deadlock

CS 4410 Operating Systems Deadlocks Prevention & Avoidance Summer 2016 Cornell University Today Deadlock prevention Deadlock avoidance Deadlock Prevention Negate one of necessary conditions: Mutual exclusion: Make

572 views • 19 slides
Lockout: Efficient Tes0ng for Deadlock Bugs Ali Kheradmand,

Lockout: Efficient Tes0ng for Deadlock Bugs Ali Kheradmand,

Lockout: Efficient Tes0ng for Deadlock Bugs Ali Kheradmand, Baris Kasikci, George Candea 1 Deadlock Set of threads Each holding a lock

642 views • 20 slides

More recommend