Overview Motivating Examples Interleaving Model Semantics of Correctness Testing, Debugging, and Verification



Similar documents
Chapter 2: OS Overview

Formal Verification and Linear-time Model Checking

SSC - Concurrency and Multi-threading Java multithreading programming - Synchronisation (I)

Specification and Analysis of Contracts Lecture 1 Introduction

Static Analysis of Dynamic Properties - Automatic Program Verification to Prove the Absence of Dynamic Runtime Errors

Today s Agenda. Automata and Logic. Quiz 4 Temporal Logic. Introduction Buchi Automata Linear Time Logic Summary

BY STEVE BROWN, CADENCE DESIGN SYSTEMS AND MICHEL GENARD, VIRTUTECH

Modeling Workflow Patterns

Chapter 6 Concurrent Programming

Software Modeling and Verification

TESTING JAVA MONITORS BY STATE SPACE EXPLORATION MONICA HERNANDEZ. Presented to the Faculty of the Graduate School of

Atomicity for Concurrent Programs Outsourcing Report. By Khilan Gudka Supervisor: Susan Eisenbach

Topics. Producing Production Quality Software. Concurrent Environments. Why Use Concurrency? Models of concurrency Concurrency in Java

Introduction of Virtualization Technology to Multi-Process Model Checking

An Easier Way for Cross-Platform Data Acquisition Application Development

Monitors, Java, Threads and Processes

INF5140: Specification and Verification of Parallel Systems

Distributed Systems (5DV147) What is Replication? Replication. Replication requirements. Problems that you may find. Replication.

BPMN by example. Bizagi Suite. Copyright 2014 Bizagi

MonitorExplorer: A State Exploration-Based Approach to Testing Java Monitors

SOFT 437. Software Performance Analysis. Ch 5:Web Applications and Other Distributed Systems

Facing the Challenges for Real-Time Software Development on Multi-Cores

Real Time Programming: Concepts

Software Engineering using Formal Methods

Replication on Virtual Machines

Intro to GPU computing. Spring 2015 Mark Silberstein, , Technion 1

COSC 6374 Parallel Computation. Parallel I/O (I) I/O basics. Concept of a clusters

Comprehensive Static Analysis Using Polyspace Products. A Solution to Today s Embedded Software Verification Challenges WHITE PAPER

Temporal Logics. Computation Tree Logic

Outline of this lecture G52CON: Concepts of Concurrency

A Comparison Of Shared Memory Parallel Programming Models. Jace A Mogill David Haglin

Software Engineering Reference Framework

Last Class: Semaphores

BPMN Business Process Modeling Notation

Remote I/O Network Determinism

Comparison of Concurrency Frameworks for the Java Virtual Machine

Introducing the Dezyne Modelling Language

The Association of System Performance Professionals

A Tool for Generating Partition Schedules of Multiprocessor Systems

Multiprocessor Scheduling and Scheduling in Linux Kernel 2.6

THE WINDOWS AZURE PROGRAMMING MODEL

Module 8. Industrial Embedded and Communication Systems. Version 2 EE IIT, Kharagpur 1

Performance Testing Process A Whitepaper

Lecture 9 verifying temporal logic

Compute Cluster Server Lab 3: Debugging the parallel MPI programs in Microsoft Visual Studio 2005

A Framework for the Semantics of Behavioral Contracts

How To Write A Multi Threaded Software On A Single Core (Or Multi Threaded) System

Operating Systems 4 th Class

Mutual Exclusion using Monitors

Towards a Framework for Generating Tests to Satisfy Complex Code Coverage in Java Pathfinder

Introduction to SPIN. Acknowledgments. Parts of the slides are based on an earlier lecture by Radu Iosif, Verimag. Ralf Huuck. Features PROMELA/SPIN

Introducing Formal Methods into Industry using Cleanroom and CSP

PART IV Performance oriented design, Performance testing, Performance tuning & Performance solutions. Outline. Performance oriented design

Lecture 8: Safety and Liveness Properties

Tools Page 1 of 13 ON PROGRAM TRANSLATION. A priori, we have two translation mechanisms available:

Lecture 36: Chapter 6

Binary search tree with SIMD bandwidth optimization using SSE

Seeing the Value in Customer Service

GPU File System Encryption Kartik Kulkarni and Eugene Linkov

OPERATING SYSTEMS SCHEDULING

Multi-core architectures. Jernej Barbic , Spring 2007 May 3, 2007

Fundamentals of Software Engineering

Windows Server Performance Monitoring

FPGA-based Multithreading for In-Memory Hash Joins

Using Protothreads for Sensor Node Programming

Graph Analytics in Big Data. John Feo Pacific Northwest National Laboratory

Quality Management. Lecture 12 Software quality management

(Refer Slide Time: 01:52)

Operatin g Systems: Internals and Design Principle s. Chapter 10 Multiprocessor and Real-Time Scheduling Seventh Edition By William Stallings

Integrated Error-Detection Techniques: Find More Bugs in Java Applications

Page 1 of 5. IS 335: Information Technology in Business Lecture Outline Operating Systems

Tuple spaces and Object spaces. Distributed Object Systems 12. Tuple spaces and Object spaces. Communication. Tuple space. Mechanisms 2.

Debugging. Common Semantic Errors ESE112. Java Library. It is highly unlikely that you will write code that will work on the first go

Parallel Programming

Principles and characteristics of distributed systems and environments

Transactional Support for SDN Control Planes "

Web Server Architectures

Static Program Transformations for Efficient Software Model Checking

Load-Balancing for a Real-Time System Based on Asymmetric Multi-Processing

Communications and Computer Networks

Chapter 6, The Operating System Machine Level

SYSTEM ecos Embedded Configurable Operating System

On Correlating Performance Metrics

Network-Wide Class of Service (CoS) Management with Route Analytics. Integrated Traffic and Routing Visibility for Effective CoS Delivery

Model Checking based Software Verification

Advanced compiler construction. General course information. Teacher & assistant. Course goals. Evaluation. Grading scheme. Michel Schinz

Technical Properties. Mobile Operating Systems. Overview Concepts of Mobile. Functions Processes. Lecture 11. Memory Management.

R214 SPECIFIC REQUIREMENTS: INFORMATION TECHNOLOGY TESTING LABORATORY ACCREDITATION PROGRAM

Introducing Formal Methods. Software Engineering and Formal Methods

EMC Backup Storage Solutions: The Value of EMC Disk Library with TSM

Transcription:

Introduction Overview Motivating Examples Interleaving Model Semantics of Correctness Testing, Debugging, and Verification Advanced Topics in Software Engineering 1 Concurrent Programs Characterized by a set of cooperative processes or threads that can execute in parallel. Three types of concurrent programs multi-threaded programs: multiple threads running in a single process space distributed programs: multiple processes running in a distributed environment distributed multi-threaded programs: multiple processes running a distributed environment, and each process consists of multiple threads Advanced Topics in Software Engineering 2 1

Why Concurrency? Better utilization of resources, which often leads to increased computation efficiency Provides a natural model for many problem domains that are inherently concurrent Allows computation to be distributed in a network environment So what is the catch? Advanced Topics in Software Engineering 3 How different? Three fundamental issues in concurrent programming nondeterminism synchronization communication Note that synchronization can be considered as a special case of communication. Advanced Topics in Software Engineering 4 2

Nondeterminism An inherent property of concurrent programs - two executions of the same program with the same input may produce different, and sometimes unpredictable, results. Caused by one or more of the following factors: the unpredictable rates of progress of threads the unpredictable network latency the explicit use of nondeterministic programming constructs Advanced Topics in Software Engineering 5 Synchronization Enforces a certain order on tasks that are performed by different threads/processes Mutual exclusion ensures that critical sections in different threads do not execute at the same time. Conditional synchronization delays a thread until a given condition is true. Mutual exclusion is a special case of conditional synchronization. Advanced Topics in Software Engineering 6 3

Communication Exchange data between threads/processes that are running in parallel shared variables - a thread writes into a variable that is read by another thread. message passing - a thread sends a message that is received by another thread. Advanced Topics in Software Engineering 7 Process and Thread In general, a process is a program in execution. A thread is a unit of control within a process. When a program is executed, the operating system creates a process. A process starts with a running thread, called the main thread, which executes the main function of the program. Other threads can be created by the main thread, and these threads can create other threads. Advanced Topics in Software Engineering 8 4

Process vs. Thread A process has its own stream of instructions and its own logical address space. A thread has its own stream of instructions, but shares the same logic address space with other threads in the same process. This difference has significant implications on how processes and threads communicate. Advanced Topics in Software Engineering 9 Introduction Overview Motivating Examples Interleaving Model Semantics of Correctness Testing, Debugging, and Verification Advanced Topics in Software Engineering 10 5

Example 1 Assume that integer x is initially 0. Thread 1 Thread 2 Thread 3 (1) x = 1; (2) x = 2; (3) y = x; What is the final value of y? (1) (2) (3) (2) (1) (3) (3) (2) (1) Advanced Topics in Software Engineering 11 Example 2 Assume that y and z are initially 0. Thread 1 Thread 2 x = y + z y = 1; z = 2; What is the final value of x? Advanced Topics in Software Engineering 12 6

Example 2 Thread 1 (1) load r1, y (2) add r1, z (3) store r1, x Thread 2 (4) assign y, 1 (5) assign z, 2 1. (1), (2), (3), (4), (5) 2. (4), (1), (2), (3), (5) 3. (1), (4), (5), (2), (3) 4. (4), (5), (1), (2), (3) Advanced Topics in Software Engineering 13 Example 3 Assume that the initial value of x is 0. Thread 1 Thread 2 x = x + 1; x = 2; What is the final value of x? Advanced Topics in Software Engineering 14 7

Example 3 Thread 1 (1) load r1, x (2) add r1, 1 (3) store r1, x Thread 2 (4) assign x, 2 1. (1), (2), (3), (4) 2. (4), (1), (2), (3) 3. (1), (2), (4), (3) Advanced Topics in Software Engineering 15 Example 4 Consider a linked list of Nodes, pointed to by variable first, and accessed by methods deposit and withdraw. class Node { public int value; public Node* next; } Node* first; void deposit (int value) { Node p = new Node (); // (1) p.value = value; // (2) p.next = first; // (3) first = p; // (4) } int withdraw () { int value = first -> value; // (5) first = first -> next; // (6) return value; // (7) } Can you find a scenario which produces unexpected results? Advanced Topics in Software Engineering 16 8

Example 4 Suppose that the linked list pointed to by first is not empty and that methods deposit and withdraw are executed concurrently by two threads. In the following possible scenario, the deposited item has been lost. int value = first -> value; Node p = new Node (); p.value = value; p.next = first; first = p; first = first -> next; return value; (5) in withdraw (1) in deposit (2) in deposit (3) in deposit (4) in deposit (6) in withdraw (7) in withdraw Advanced Topics in Software Engineering 17 Introduction Overview Motivating Examples Interleaving Model Semantics of Correctness Testing, Debugging, and Verification Advanced Topics in Software Engineering 18 9

They actually take turns... A multithreaded process consists of a set of threads that execute simultaneously. However, a single CPU can only execute one instruction (from one thread) at a time. In general, each thread receives a time slice of the CPU. Threads that execute simultaneously actually take turns to run. Advanced Topics in Software Engineering 19 Scheduler A hardware timer is used to generate interrupts at predetermined interval, which interrupts the execution of the current thread. The operating system uses a scheduler program to determine which thread will take over the CPU for the next time slice. A context switch is then performed between the current thread and the next thread. Advanced Topics in Software Engineering 20 10

Atomic Actions In principle, atomic actions are actions whose intermediate states are not visible to other threads. A context switch can occur in the middle of an atomic action, but another thread either sees the state that is before or after the action, but not in between. Advanced Topics in Software Engineering 21 Interleaving View From the CPU s perspective, simultaneous execution of multiple threads is indeed an interleaving of atomic instructions of individual threads. This interleaving view can be generalized to the case of multiple processors or computers. An alternative to the interleaving model is the socalled partial order or happened-before model, which we will discuss later in the class. Advanced Topics in Software Engineering 22 11

Instructions vs. Statements In general, when we write concurrent programs, we consider machine instructions are atomic actions. Statements in high level languages are usually translated into a stream of machine instructions, and thus can not be considered as atomic actions. Advanced Topics in Software Engineering 23 Introduction Overview Motivating Examples Interleaving Model Semantics of Correctness Testing, Debugging, and Verification Advanced Topics in Software Engineering 24 12

Not straightforward... Unlike sequential programs, the correctness of concurrent programs is not straightforward. Furthermore, nondeterministic execution makes it difficult to ensure the correctness of concurrent programs. Advanced Topics in Software Engineering 25 Every interleaving counts! Given an input, multiple executions of a concurrent program may produce different results. A concurrent program is correct if and only if it is correct under ALL interleavings. Advanced Topics in Software Engineering 26 13

Safety & Liveness There are two types of properties: Safety: Nothing bad will happen. Liveness: Something good will eventually happen. Advanced Topics in Software Engineering 27 Usually domain specific... Correctness is usually a domain specific concept. It depends on the functional requirements of a program. However, deadlock, livelock, and starvation are properties that are important to all concurrent programs. Advanced Topics in Software Engineering 28 14

Deadlock A thread T is said to be deadlocked if T is blocked, and will remain blocked forever, regardless of what other threads will do. As an example, assume that P contains threads T1 and T2, and the following sequence is executed: T1 waits to receive a message from T2 T2 waits to receive a message from T1 Both T1 and T2 will remain blocked forever. Advanced Topics in Software Engineering 29 Livelock A thread is said to be livelocked if the following conditions are satisfied, regardless of what other threads will do: The thread will not terminate or deadlock. The thread will never make progress. Advanced Topics in Software Engineering 30 15

Starvation Starvation refers to one possible execution where one process dominates, not allowing other processes to progress. Advanced Topics in Software Engineering 31 Introduction Overview Motivating Examples Interleaving Model Correctness Semantics Testing, Debugging, and Verification Advanced Topics in Software Engineering 32 16

Failure & Faults A failure is an observed departure of the external result of software operation from software requirements or user expectations A fault is a defective, missing, or extra instruction or a set of related instructions that is the cause of one or more actual or potential failures. Advanced Topics in Software Engineering 33 Testing & Debugging Testing is to find program failures; debugging is to locate and correct program faults. The conventional approach to testing and debugging a program is as follows: 1. Select a set of test inputs. 2. Execute the program once with each input and check the test results. 3. If a test input finds a failure, execute the program again with the same input to locate and correct the fault that caused the failure 4. After the fault has been located and corrected, execute the program again with each of the test inputs to verify that the fault has been corrected and that no new faults have been introduced. Advanced Topics in Software Engineering 34 17

Problems and Issues Unfortunately, the conventional approach breaks down for concurrent programs. Why? Let P be a concurrent program. When testing P with input X, a single execution is insufficient to determine the correctness of P with X. When debugging an erroneous execution of P with input X, there is no guarantee that this execution will be repeated by executing P with X. After P has been modified to correct a fault, one or more successful executions of P with X do not imply that the fault has been corrected. Advanced Topics in Software Engineering 35 Problems and Issues To solve these problems, we need to address the following issues: How to replay concurrent executions? How to capture enough information, but as little as possible, for replay? How to determine sequence feasibility and validity? How to deal with the probe effect? Advanced Topics in Software Engineering 36 18

CCS (Calculus of Communicating Systems) Testing can prove the presence of bugs, but not their absence. CCS provides a formal notation that can be used to analyze and reason about the correctness of a system. At the core of CCS are a number of equational laws and several notions of equivalence that allows one to reason about the behavior of a concurrent system. Advanced Topics in Software Engineering 37 Review A concurrent program consists of a number of threads that execute in parallel. There are three fundamental issues in concurrent programming: nondeterminism, synchronization and communication. A concurrent execution can be characterized as an interleaving of atomic actions. Advanced Topics in Software Engineering 38 19

Review A concurrent program should be free from deadlock, livelock, and/or starvation. Testing and debugging of concurrent programs are difficult due to nondeterminism. Testing and debugging cannot provide total confidence about program correctness. CCS provides a mathematical treatment of concurrent programs. Advanced Topics in Software Engineering 39 20

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information