Title: Conditional Must Not Aliasing for Static Race Detection
1Conditional Must Not Aliasing for Static Race
Detection
- Mayur Naik
- Alex Aiken
- Stanford University
2The Concurrency Revolution
- CPU clock speeds have peaked
- Implications for hardware
- CPU vendors are shipping multi-core processors
- Implications for software
- Concurrent programs stand to benefit the most
3Debugging Concurrent Programs is Hard
- Concurrency bugs triggered non-deterministically
- Prevalent testing techniques ineffective
- A race condition is a common concurrency bug
- Two threads can simultaneously access a memory
location - At least one access is a write
4Locking for Race Freedom
// Thread 1 // Thread 2 sync ( )
sync ( ) .f
.f
l1
l2
e2
e1
5Proving Race Freedom Traditional Alias Analysis
// Thread 1 // Thread 2 sync ( )
sync ( ) .f
.f
l1
l2
e2
e1
MUST-NOT-ALIAS(e1, e2)
e1 and e2 never refer to the same object
MAY-ALIAS(e1, e2)
OR
l1 and l2 always refer to the same object
MUST-ALIAS(l1, l2)
6Must Alias Analysis is Hard
- Our previous approach (PLDI06)
- performed a may alias analysis
- simple approximation of a must alias analysis
- effective but unsound
- New approach
- found must alias analysis unneeded for race
detection! - conditional must not alias analysis is sufficient
- effective and sound
7Proving Race Freedom Conditional Must Not
Aliasing
Whenever l1 and l2 refer to different objects, e1
and e2also refer to different objects
MUST-NOT-ALIAS(l1, l2) gt MUST-NOT-ALIAS(e1, e2)
8Example
- a new h0N
- for (i 1 i lt N i)
- ai new h1
- ai.g new h2
0,h0
for (j 1 j lt M j) fork x
a sync (?) x.g.f 0
9Example
- a new h0N
- for (i 1 i lt N i)
- ai new h1
- ai.g new h2
sync (?) x2.g.f 0
for (j 1 j lt M j) fork x
a sync (?) x1.g.f 0
10Example Coarse-grained Locking
- a new h0N
- for (i 1 i lt N i)
- ai new h1
- ai.g new h2
0,h0
for (j 1 j lt M j) fork x
a sync (a) x1.g.f 0
sync (a) x2.g.f 0
i,h2
Field f is race-free if
true
MUST-NOT-ALIAS(l1, l2) gt MUST-NOT-ALIAS(e1, e2)
MUST-NOT-ALIAS(a, a) gt MUST-NOT-ALIAS(x1.g, x2.g)
11Example
- a new h0N
- for (i 1 i lt N i)
- ai new h1
- ai.g new h2
sync (?) x2.g.f 0
for (j 1 j lt M j) fork x
a sync (?) x1.g.f 0
12Example Fine-grained Locking
- a new h0N
- for (i 1 i lt N i)
- ai new h1
- ai.g new h2
sync (x2.g) x2.g.f 0
for (j 1 j lt M j) fork x
a sync (x1.g) x1.g.f
0
Field f is race-free if
true
MUST-NOT-ALIAS(l1, l2) gt MUST-NOT-ALIAS(e1, e2)
MUST-NOT-ALIAS(x1.g, x2.g) gt MUST-NOT-ALIAS(x1.g,
x2.g)
13Example
- a new h0N
- for (i 1 i lt N i)
- ai new h1
- ai.g new h2
sync (?) x2.g.f 0
for (j 1 j lt M j) fork x
a sync (?) x1.g.f 0
14Example Medium-grained Locking
- a new h0N
- for (i 1 i lt N i)
- ai new h1
- ai.g new h2
for (j 1 j lt M j) fork x
a sync (x1) x1.g.f 0
sync (x2) x2.g.f 0
Field f is race-free if
true (field g of distinct h1 objects linked to
distinct h2 objects)
MUST-NOT-ALIAS(l1, l2) gt MUST-NOT-ALIAS(e1, e2)
MUST-NOT-ALIAS(x1, x2) gt MUST-NOT-ALIAS(x1.g,
x2.g)
15Disjoint Reachability Property
- h2 DR( h1 ) iff in every
execution - from distinct h1 objects
- we can reach (via 1 or more edges)
- only distinct h2 objects
j,h1
i,h1
i ? j
k ? l
16Example Medium-grained Locking
- a new h0N
- for (i 1 i lt N i)
- ai new h1
- ai.g new h2
0,h0
?
?
?
1,h1
N,h1
i,h1
?
?
?
N,h2
1,h2
i,h2
Is h2 ? DR(h1)?
Yes!
17Disjoint Reachability Analysis
- Types (a, h)
- a is one of 0, 1, ?
- h is an object allocation site
- Effects (a1, h1) ? (a2, h2)
- means left object linked to right object via some
field - Key property of (1, h1) ? (1, h2)
- linked objects created in same loop iteration
18Example Medium-grained Locking
- a new h0N
- for (i 1 i lt N i)
- ai new h1
- ai.g new h2
0,h0
?
1,h1
?
1,h2
Is h2 ? DR(h1)?
Yes!
19Conditional Must Not Alias Analysis
usingDisjoint Reachability Analysis
PointsTo(l1)
PointsTo(l2)
// Thread 1 // Thread 2 sync (l1)
sync (l2) e1.f
e2.f
? DR
PointsTo(e1)
PointsTo(e2)
Field f is race-free if
- (PointsTo(e1) n PointsTo(e2)) ? DR(PointsTo(l1) ?
PointsTo(l2)) - l1 is a prefix of e1 and l2 is a prefix of e2
MUST-NOT-ALIAS(l1, l2) gt MUST-NOT-ALIAS(e1, e2)
20Example Medium-grained Locking
- a new h0N
- for (i 1 i lt N i)
- ai new h1
- ai.g new h2
h0
i
h1
PointsTo(x2)
PointsTo(x1)
g
for (j 1 j lt M j) fork x
a sync (x1) x1.g.f 0
sync (x2) x2.g.f 0
h2
PointsTo(x2.g)
PointsTo(x1.g)
Field f is race-free if
- (PointsTo(e1) n PointsTo(e2)) ? DR(PointsTo(l1) ?
PointsTo(l2)) - l1 is a prefix of e1 and l2 is a prefix of e2
- (PointsTo(x1.g) n PointsTo(x2.g)) ?
DR(PointsTo(x1) ? PointsTo(x2)) - x1 is a prefix of x1.g and x2 is a prefix of x2.g
- (h2) ? DR(h1)
- x1 is a prefix of x1.g and x2 is a prefix of x2.g
21Implementation Aspects
- A type is a pair (?, h) where
- ? is a vector of 0, 1, ? values, one per
method - All loops transformed to tail-recursive methods
- Uniformly handles loops and recursive methods
-
- h is a k-object-sensitive object allocation site
22Implementation Aspects
- Circular dependency between type-and-effect
analysis and race freedom - Fact (z y) valid after line 3 only if field f
is race-free1 x.f y - 2 ... // no writes to aliases of x.f3 z
x.f - Race detection algorithm performs fixpoint
computation - Begins assuming no races
- Type-and-effect analysis kills facts as new races
are found - Terminates when no more races are found
23Benchmarks
classes
lines of Java code app
lib app lib
time
24Experimental Results
old pairs new pairs
likely
unlikely original pairs
real false real false
25Related Work
- Vectorizing compilers
- loop vectors akin to iteration space and
dependence distance - Disjoint reachability
- ranging from ownership types to theorem-proving
approaches - Race detection
- Dynamic (happens-before, lockset, hybrid)
- Static (type systems, dataflow analyses, model
checkers) - Atomicity checking
- atomicity a higher-level property than race
freedom - but many atomicity checkers do race detection as
first step
26Summary of Results
- Conditional Must Not Aliasing
- A new aliasing property and analysis
- Disjoint Reachability
- A new lightweight shape property and analysis
- A new race detection algorithm
- Sound
- Effective in practice
27The End
http//www.cs.stanford.edu/mhn/chord.html