Rajesh K. Karmani
ABSTRACT
We build a framework of thread contracts, called Accord, that allows programmers to annotate their concurrency co-ordination strategies. Accord annotations allow programmers to declaratively specify the parts of memory that a thread may read or write into, and the locks that protect them, reflecting the concurrency co-ordination among threads and the reason why the program is free of data-races. We provide automatic tools to check if the concurrency co-ordination strategy ensures race-freedom, using constraint-solvers (SMT solvers). Hence programmers using Accord can both formally state and prove their co-ordination strategies ensure race freedom. The programmer's implementation of the co-ordination strategy may however be correct or incorrect. We show how the formal Accord contracts allow us to automatically insert runtime assertions that serve to check, during testing, whether the implementation conforms to the contract. Using a large class of data-parallel programs that share memory in intricate ways, we show that natural and simple contracts suffice to document the co-ordination strategy amongst threads, and that the task of showing that the strategy ensures race-freedom can be handled efficiently and automatically by an existing SMT solver (Z3). While co-ordination strategies can be proved race-free in our framework, failure to prove the co-ordination strategy race-free, accompanied by counter-examples produced by the solver, indicates the presence of races. Using such counterexamples, we report hitherto undiscovered data-races that we found in the long-tested applu_l benchmark in the Spec OMP2001 suite.
- NVIDIA CUDA programming guide version 3.0. http://www.nvidia.com/cuda, 2010.Google Scholar
- S. Adve, M. Hill, B. Miller, and R. Netzer. Detecting data races on weak memory systems. In The 18th Annual International Symposium on Computer Architecture, 1991., pages 234--243, 1991. Google ScholarDigital Library
- Z. Anderson, D. Gay, R. Ennals, and E. Brewer. SharC: checking data sharing strategies for multithreaded c. In PLDI'08, pages 149--158. ACM New York, NY, USA, 2008. Google ScholarDigital Library
- D. F. Bacon, R. E. Strom, and A. Tarafdar. Guava: A dialect of java without data races. In OOPSLA '00. ACM Press, 2000. Google ScholarDigital Library
- P. Becker. Working draft, standard for programming language C. Technical report, ISO/IEC JTC 1, Information Technology, Subcommittee SC 22, 2010.Google Scholar
- R. Bocchino and V. A. et al. A type and effect system for deterministic parallel java. In OOPSLA'09. ACM, 2009. Google ScholarDigital Library
- H.-J. Boehm and S. V. Adve. Foundations of the c concurrency memory model. In PLDI'08, New York, NY, USA, 2008. ACM. Google ScholarDigital Library
- C. Boyapati and M. Rinard. A parameterized type system for race-free java programs. In OOPSLA'01, pages 56--69. ACM, 2001. Google ScholarDigital Library
- J.-D. Choi, K. Lee, A. Loginov, R. O'Callahan, V. Sarkar, and M. Sridharan. Efficient and precise datarace detection for multithreaded object-oriented programs. In PLDI '02, pages 258--269, 2002. Google ScholarDigital Library
- L. de Moura and N. Bjørner. Z3: An efficient smt solver. In Tools and Algorithms for the Construction and Analysis of Systems, volume 4963/2008 of LNCS, pages 337--340. Springer Berlin, April 2008. Google ScholarDigital Library
- T. Elmas, S. Qadeer, and S. Tasiran. Goldilocks: a race and transaction-aware java runtime. In J. Ferrante and K. S. McKinley, editors, PLDI'07, pages 245--255. ACM, 2007. Google ScholarDigital Library
- C. Flanagan and M. Abadi. Object types against races. In CONCUR, volume 1664 of LNCS, pages 288--303. Springer, 1999. Google ScholarDigital Library
- C. Flanagan and S. N. Freund. Type-based race detection for java. In PLDI '00, pages 219--232, New York, NY, USA, 2000. ACM. Google ScholarDigital Library
- K. R. Leino and P. Müller. A basis for verifying multi-threaded programs. In ESOP'09, pages 378--393, Berlin, Heidelberg, 2009. Springer-Verlag. Google ScholarDigital Library
- R. Lublinerman and S. Tripakis. Checking equivalence of spmd programs using non-interference. Technical Report UCB/EECS-2009-42, EECS Department, University of California, Berkeley, Mar 2009.Google Scholar
- J. Manson, W. Pugh, and S. Adve. The Java memory model. In POPL'05, pages 378--391. ACM New York, NY, USA, 2005. Google ScholarDigital Library
- B. Meyer. Applying "design by contract". Computer, 25 (10): 40--51, 1992. ISSN 0018-9162. http://dx.doi.org/10.1109/2.161279. Google ScholarDigital Library
- Microsoft Corporation. Code Contracts. http://research.microsoft.com/en-us/projects/contracts/, 2008-10.Google Scholar
- Parallel@Illinois. Denovo: Rethinking hardware for disciplined parallelism. phhttp://rsim.cs.illinois.edu/denovo/, 2008-10.Google Scholar
- P. Permandla, M. Roberson, and C. Boyapati. A type system for preventing data races and deadlocks in the java virtual machine language: 1. In LCTES'07, page 10, New York, NY, USA, 2007. ACM. Google ScholarDigital Library
- D. Powers. Parallelized Quicksort and Radixsort with Optimal Speedup. In Proceedings of the International Conference on Parallel Computing Technologies, 1991., pages 167--176, 1991.Google Scholar
- E. Pozniansky and A. Schuster. Efficient on-the-fly data race detection in multithreaded c programs. In PPoPP'03, pages 179--190, New York, NY, USA, 2003. ACM. Google ScholarDigital Library
- S. Ranise and C. Tinelli. The smt-lib standard: Version 1.2. 2006.Google Scholar
- J. Reynolds. Separation logic: A logic for shared mutable data structures. In Logic in Computer Science, 2002. Proceedings., pages 55--74, 2002. Google ScholarDigital Library
- S. Savage, M. Burrows, G. Nelson, P. Sobalvarro, and T. Anderson. Eraser: A dynamic data race detector for multithreaded programs. ACM Transactions on Computer Systems (TOCS), 1997. Google ScholarDigital Library
- D. Schonberg. On-the-fly detection of access anomalies. In PLDI'89, pages 285--297. ACM New York, NY, USA, 1989. Google ScholarDigital Library
- L. A. Smith and J. M. Bull. A multithreaded java grande benchmark suite. In In Proceedings of the Third Workshop on Java for High Performance Computing, pages 97--105, 2001.Google Scholar
- M. J. Wolfe. phHigh Performance Compilers for Parallel Computing. Addison-Wesley Longman Publishing Co., Inc., Boston, MA, USA, 1995. ISBN 0805327304. Google ScholarDigital Library
- Y. Yu, T. Rodeheffer, and W. Chen. Racetrack: efficient detection of data race conditions via adaptive tracking. SIGOPS Oper. Syst. Rev., 39 (5): 221--234, 2005. Google ScholarDigital Library
Index Terms
- Thread contracts for safe parallelism
Recommendations
Thread contracts for safe parallelism
PPoPP '11We build a framework of thread contracts, called Accord, that allows programmers to annotate their concurrency co-ordination strategies. Accord annotations allow programmers to declaratively specify the parts of memory that a thread may read or write ...
Beyond contracts for concurrency
AbstractSCOOP is a concurrent programming language with a new semantics for contracts that applies equally well in concurrent and sequential contexts. SCOOP eliminates race conditions and atomicity violations by construction. However, it is still ...
Towards generating thread-safe classes automatically
ASE '20: Proceedings of the 35th IEEE/ACM International Conference on Automated Software EngineeringThe existing concurrency model for Java (or C) requires programmers to design and implement thread-safe classes by explicitly acquiring locks and releasing locks. Such a model is error-prone and is the reason for many concurrency bugs. While there are ...
Comments