Potential Deadlock Detection - Welcome to Software Testing

Download Report

Transcript Potential Deadlock Detection - Welcome to Software Testing 

Potential Deadlock Detection
By K. Havelund, R. Agarwal, L. Wang, S. D. Stoller
2nd April, 2008
Hong,Shin
2015-07-18
Potential Deadlock Detection
Hong,Shin @ PSWLAB
1
/ 20
Content
•
•
•
•
Introduction
GoodLock Algorithm
A Generalized GoodLock Algorithm
Further Work
2015-07-18
Potential Deadlock Detection
Hong,Shin @ PSWLAB
2
/ 20
Introduction
(1/2)
• In classical deadlock detection algorithm, it constructs the
lock graph of an execution and if the graph has any cycle,
raise alarm to notify the deadlock.
thread1 {
lock(A) ;
lock(B) ;
unlock(B)
lock(B)
; ;
unlock(A) ;
}
thread2 {
lock(B) ;
lock(A) ;
lock(B)
unlock(A);
unlock(B);
lock(A)
;
A
thread1
Boom!
thread2
B
• A deadlock may not be revealed depending on a schedule.
The classical deadlock detection algorithm can not report
unless the deadlock occurs.
2015-07-18
Potential Deadlock Detection
Hong,Shin @ PSWLAB
3
/ 20
Introduction
(1/2)
• In classical deadlock detection algorithm, it constructs the
lock graph of an execution and if the graph has any cycle,
raise alarm to notify the deadlock.
thread1 {
lock(A) ;
lock(B) ;
unlock(B) ;
unlock(A) ;
}
thread2 {
lock(B) ;
lock(A) ;
unlock(A);
unlock(B);
lock(B) ;
lock(A) ;
unlock(A) ;
unlock(B) ;
A
thread1
thread2
B
• A deadlock may not be revealed depending on a schedule.
The classical deadlock detection algorithm can not report
unless a deadlock actually occurs.
2015-07-18
Potential Deadlock Detection
Hong,Shin @ PSWLAB
4
/ 20
Introduction
(2/2)
• To detect potential deadlocks,
(1) record the locking pattern for each thread during
runtime.
(2) at the program termination(or at the user command),
analyze the recorded locking patterns to check
potential deadlock.
 GoodLock Algorithm
A generalized GoodLock Algorithm
2015-07-18
Potential Deadlock Detection
Hong,Shin @ PSWLAB
5
/ 20
GoodLock Algorithm
(1/5)
• Deadlock definition
(1) Two threads share two locks.
(2) The two threads take the locks in different order.
(3) Two threads do not have any gate lock
(i.e. a common nesting lock of the two lock).
Lock A, B, C ;
Lock A, B ;
thread1() {
lock(A) ;
lock(B) ;
unlock(B) ;
unlock(A) ;
}
thread2() {
lock(B) ;
lock(A) ;
unlock(A) ;
unlock(B) ;
}
Deadlock Example
thread1() {
lock(C) ;
lock(A) ;
lock(B) ;
unlock(B) ;
unlock(A) ;
unlock(C) ;
}
thread2() {
lock(C) ;
lock(B) ;
lock(A) ;
unlock(A) ;
unlock(B) ;
unlock(C) ;
}
Gate Lock Example
2015-07-18
Potential Deadlock Detection
Hong,Shin @ PSWLAB
6
/ 20
GoodLock Algorithm
(2/5)
• Lock tree
– The lock pattern of a thread is represented as a lock tree.
thread1() {
lock(L1) ;
while(cond) {
lock(L2) ;
unlock(L2) ;
lock(L3) ;
unlock(L3) ;
}
unlock(L1) ;
lock(L3) ;
lock(L2) ;
unlock(L2) ;
unlock(L3) ;
}
execution:
lock(L1)
lock(L2)
unlock(L2)
lock(L3)
unlock(L3)
lock(L2)
unlock(L2)
unlock(L1)
lock(L3)
lock(L2)
unlock(L2)
unlock(L3)
Thread1
L1
L2
L3
L3
L2
– A node in a lock tree is associated with a lock except for the root node.
– In the lock tree of a thread, a thread holds a parent node’s when the
thread acquires a child node’s lock, at least once during an execution
(except for the root node).
2015-07-18
Potential Deadlock Detection
Hong,Shin @ PSWLAB
7
/ 20
GoodLock Algorithm
(3/5)
• Lock tree construction
– At any time in an execution, a lock tree has its current node the path from
the root to the current node represents the lock nesting at the point in the
execution.
– There are two operations, lock() and unlock() to construct the lock tree for
a thread in an execution.
lock(Thread thread , Lock lock) {
if thread does not already own lock {
if lock is a child of current {
current = that child ; }
else {
add lock as a new child of current ;
current = new child ; } }
}
unlock(Thread thread , Lock lock) {
current = parent of current node ;
}
2015-07-18
Potential Deadlock Detection
Hong,Shin @ PSWLAB
8
/ 20
GoodLock Algorithm
(4/5)
• Potential Deadlock Analysis
– compares the trees for each pair of threads
– nesting(n): a set of locks in a path from the root node of n to n.
– Basic Algorithm
for each pair (t1, t2) of trees,
8n1 2 t1 and 8n2 2 t2, checks that n1 2 nesting(n2).
 if n1 2 nesting(n2), reports two locks and two threads.
– In order to avoid issuing warnings when a gate lock prevents a
deadlock,
checks whether { nesting(n1) \ nesting(n2) }\{n1.lock , n2.lock} is
empty or not.
 if it is empty, there is no gate lock so that reports the potential
deadlock.
2015-07-18
Potential Deadlock Detection
Hong,Shin @ PSWLAB
9
/ 20
GoodLock Algorithm
(5/5)
• Limitations
– Deadlocks will only be found if they involve two threads.
 A generalization is need to identify deadlocks between more
than two threads.
– Works only with binary lock.
– Do not consider start, join synchronization.
2015-07-18
Potential Deadlock Detection
Hong,Shin @ PSWLAB
10
/ 20
A Generalized GoodLock Algorithm
(1/8)
• GoodLock algorithm only detects potential deadlocks
caused by interleaving of lock acquires in two threads.
• Scott et al present a generalized version of GoodLock
algorithm that detects potential deadlocks involving any
number of threads.
2015-07-18
Potential Deadlock Detection
Hong,Shin @ PSWLAB
11
/ 20
A Generalized GoodLock Algorithm
(2/8)
• Deadlock definition
(Potential for Deadlock from Locks Ignoring Gate Locks Condition)
– For a set of threads {t0 .. tm-1} and a set of binary locks {l0 .. lm-1},
for all i=0..m-1, ti holds lock li and then acquires lock li+1 mod m .
– In the absence of other constraints on the schedule(e.g. gate locks
or start, join synchronization), such program can be executed
interleaved in a way that leads to deadlock.
2015-07-18
Potential Deadlock Detection
Hong,Shin @ PSWLAB
12
/ 20
A Generalized GoodLock Algorithm
(3/8)
• Lock graph
– constructs a lock tree for each thread during execution as
GoodLock algorithm.
– at the end of execution(or at the user command), it constructs a
directed graph G=(V, E) where
V contains all the nodes of all the lock trees
E contains
(1) tree edges(from parent to child)
(2) inter edges
bidirectional edges between nodes that are labeled with
the same locks and that are in different lock trees.
2015-07-18
Potential Deadlock Detection
Hong,Shin @ PSWLAB
13
/ 20
A Generalized GoodLock Algorithm
Thread1
Thread3
Thread3
L1
L3
L2
L4
L4
L2
L4
L3
L1
L3
Thread2
Thread3
Thread3
Thread1
2015-07-18
Thread2
L1
L3
L2
L4
L4
L2
L4
L3
L1
L3
Potential Deadlock Detection
Hong,Shin @ PSWLAB
(4/8)
14
/ 20
A Generalized GoodLock Algorithm
Thread1
(5/8)
Thread2
Thread3
Thread4
L1
L3
L2
L4
L4
L2
L4
L3
L1
L3
Thread1
Thread1
Thread2
Thread1
Thread4
Thread4
Thread1
Thread4L3Thread1
L3
L3
L4
L3
L4
L3
L3
Invalid!
ValidThread3L1Thread1 Invalid!
Thread1
L1Thread1L3
L2
L2Thread2
L3Thread2
L3Thread1
L4Thread1L4Thread3
L1
• For a lock graph G, a valid path is a path that does not contain
consecutive inter edges and nodes from each lock tree appear as at
most one consecutive subsequence in the path.
• A valid cycle is a cycle that does not contain consecutive inter edges
and nodes from each thread appear as at most one consecutive
subsequence in the cycle.
2015-07-18
Potential Deadlock Detection
Hong,Shin @ PSWLAB
15
/ 20
A Generalized GoodLock Algorithm
(6/8)
• If PDL-IGL holds if and only if the lock graph G contains a valid cycle.
(1) If a lock graph G holds PDL-IGL, then G contains a valid cycle
(2) If a lock graph G contains a valid cycle, then G holds PDL-IGL.
Proof (1)
– Suppose that there exist distinct threads t0..tm-1 and locks l0..lm-1 s.t. for all i=0..m-1,
ti holds lock li while acquiring li+1 mod m.
– Let ni and n’i denote the nodes in Ti corresponding to the acquire of li and the
acquire of li+1 mod m.
– Since thread ti acquires lock li and waits for lock li+1 mod m, there is a path from ni
to n’i in lock tree Ti for ti. The locks li and li+1 mod m are distinct, so this path
contains at least one tree edge.
– And there is an inter edge from n’i in lock tree Ti to ni+1 mod m in lock tree Ti+1 mod
m in G.
– These tree edges and inter edges form a valid cycle.
2015-07-18
Potential Deadlock Detection
Hong,Shin @ PSWLAB
16
/ 20
A Generalized GoodLock Algorithm
•
(7/8)
Proof (2)
A valid cycle C involves nodes from more than one lock tree.
Suppose, C had nodes ni and n’i in lock tree Ti for thread ti , i 2 0..m-1.
Also, nodes n’i and ni+1 mod m are labelled with the same lock.
Thus, existence of C implies that there exist distinct threads t0..tm-1 and l0..lm-1
such that, for all i=0..m-1, ti holds lock li while acquiring lock li+1 mod m.
Hence, the PDL-IGL condition holds.
2015-07-18
Potential Deadlock Detection
Hong,Shin @ PSWLAB
17
/ 20
A Generalized GoodLock Algorithm
(8/8)
• Potential Deadlock Detection
(1) Constructs the lock graph from an execution.
(2) Traverses all valid paths in the graph to find valid cycle.
(3) To eliminate the false alarms by gate locks, checks for every valid
cycle whether there is a gate lock
(i.e. whether no two nodes in different lock trees have ancestors
labeled with the same lock).
2015-07-18
Potential Deadlock Detection
Hong,Shin @ PSWLAB
18
/ 20
Further work
• Detecting Potential Deadlocks with Static Analysis and RunTime Monitoring
by Rahul Agarwal, Liqiang Wang, Scott D. Stoller
- Start, Join Synchronization
• Dynamic Deadlock Analysis of Multi-Threaded Programs
by Saddek Bensalem, and Klaus Havelund
2015-07-18
Potential Deadlock Detection
Hong,Shin @ PSWLAB
19
/ 20
References
[1] Using runtime analysis to guide model checking of Java
programs, Klaus Havelund
[2] Detecting Potential Deadlocks with Static Analysis and
Run-Time Monitoring, Rahul Agarwal, Liqiang Wang, Scott
D. Stoller
2015-07-18
Potential Deadlock Detection
Hong,Shin @ PSWLAB
20
/ 20