Tool-support for Invariant- Tool-support for Invariant- based Specification, based Specification, Synthesis, and Verification of Synthesis, and Verification of Synchronization in Concurrent Synchronization in Concurrent Java Programs Java Programs M.S. Defense William Deng Department of Computing and Information Sciences Kansas State University http://www.cis.ksu.edu/saves
Tool-support for Invariant-based Specification, Synthesis, and Verification of Synchronization in Concurrent Java Programs. M.S. Defense. William Deng. Department of Computing and Information Sciences Kansas State University. http://www.cis.ksu.edu/saves. - PowerPoint PPT Presentation
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Tool-support for Invariant-based Tool-support for Invariant-based Specification, Synthesis, and Verification of Specification, Synthesis, and Verification of Synchronization in Concurrent Java Synchronization in Concurrent Java ProgramsPrograms
M.S. Defense
William DengDepartment of Computing and Information Sciences
Kansas State University
http://www.cis.ksu.edu/saves
Goals of the ProjectGoals of the Project
II. Automatic derivation and weaving of synchronization code… multiple language and
1. Convert to disjunctive normal form2. Eliminate disjuncts that are can never be satisfied using decision procedures3. Minimize remaining conjuncts using decision procedures
If exists n s.t. spn(S_2,P_2) implies P_1Then S_2 should notify/notifyall S_1.
We want to decide the notification information from S_2 to S_1
Notifyall vs. NotifyNotifyall vs. Notify
1. Resource(R_p,3,R_c,1,0):one enables three.
2. Resource(R_p,3,R_c,2,0):two enables three.
3. Exclusion(R_1,…,R_n):when (In_i – Out_i == 0)…
Three cases for Notifyall:
Cases 1 and 2 are normal:
Case 3 is sort of burst:
Three cases for Notify:1. Writer exit to writer entry in
Readers/writers:one enables one.
2. Resource(R_p,1,R_c,3,0):three enables one.
3. Group(R1,1,…,Rn,Nn):Ni enables one for R1…
Formalize notifyall (from S_2 to S_1):
Notification Information Notification Information Generation for BoundGeneration for BoundP_1 = In_B–Out_B<=n-1
Not (P_2 implies P_1)
Q_2 implies P_1Out_B++
P_2 = In_B–Out_B<=n
Q_1 = In_B–Out_B<=n Q_2 = In_B–Out_B<=n-1
In_B++
Entry Exit
…belongs to the case 1 of notify (one out let one enter). Thus a notify from the exit to the entry.
Notification Information for Notification Information for Exclusion PatternExclusion Pattern
Exclusion(R_1,R_2,…,R_n):
Subregion Notification Information
R_i entry None
R_i exit Notifyall R_j entry where i != j
Notification Information for Notification Information for Resource PatternResource Pattern
For pattern Resource(R_p,N_p,R_c,N_c,n):
Subregion Notification Information
R_p entry None
R_p exit Notifyall case 1: N_p/N_c >= 2; case 2: if 2>N_p/N_c>1. The exit of R_p to the entry of R_c. Notify case 1: if N_p/N_c =1; case 2, if N_p/N_c < 1.
R_c entry None
R_c exit None
Notification Information for Notification Information for Other Patterns-- SummaryOther Patterns-- Summary
Exclusion(R1,R2,..,Rn)Notifyall case 3: from the exit of Ri to the entry of Rj (i != j)
Resource(R_p,N_p,R_c,N_c,N)Notifyall case 1: N_p/N_c >= 2; case 2: if 2>N_p/N_c>1. The
exit of R_p to the entry of R_c. Notify case 1: if N_p/N_c =1; case 2, if N_p/N_c < 1.
Barrier(R1,R2)Notify case 1, the entry of R1 notify the exit of R2. Same for R2.
Relay(R1,R2) Notify case 1, the entry R1 notify the exit of R2.
Group(R1,N1,..,Rn,Nn)Notifyall case 3: if Nj>1, the entry of Ri notifyall the exit of Rj. Notify case 3, if Nj=1.
Notification Information for Notification Information for Gyroscope/RudderGyroscope/Rudder
Resource(RG,1,RR ,1,1,0) The exit of R_G notify theentry of R_R
Resource(RR,1,RG ,1,1)
Exclusion(RG,RR) The exit of R_R notifyall theentry of R_G; The exit of R_Gnotifyall the entry of R_R.
The exit of R_R notify theentry of R_G
Overall effect The exit of R_R notify theentry of R_G; The exit of R_Gnotify the entry of R_R.
Specific SynchronizationSpecific Synchronization
R_B1
R_B2
R_B3
R_C1
R_C2
R_C3
R_C4
R_C5
Barber Thread Customer Thread
fetch
inform
leave
B1 B2 C1 C2
Specific groups:0: B1 and C1;1: B2 and C2.
Problem: monitor can not
differentiate B1 and B2.
1. Strength monitor to keep track of the relation?2. Use object (multiple copies) instead of static method
(one copy) to keep the relation.
Relation: threads -> specific group
Solution:
Implementation of Specific Implementation of Specific SynchronizationSynchronization
Main (init)
Component Threads SynManager Cluster Objects
initializes initializes
call calls
Component Threads Cluster Classescall
Current Implementation:
Proposed approach: use a central controller, SynManager
Implementation of Specific Implementation of Specific Synchronization Cont.Synchronization Cont.
Forming
Cluster synchronization transition:
code
1. builds an array of cluster names;2. specifies synchronization (anonymous, forming, specific,
or dissolving) for each cluster;3. defines actors (the types of threads);4. specifies specific group;5. provides the maximum number of specific groups.
User has to provide in main
Specific
Inform
Anonymous Fetch
Dissolving leave
0 1
B1 C1 B2 C2
Specific group -> cluster instances
Threads -> specific group index
ClusterInstances
Bounded Counter VersionBounded Counter Version
Problem: unbounded In/Out counters…partial state space check
Bounded counter solution to check state space exhaustively.