Assuring and evolving concurrent programs: annotations and policy

Assuring and evolving concurrent programs requires understanding the concurrency-related design decisions used in their implementation. In Java-style shared-memory programs, these decisions include which state is shared, how access to it is regulated, the roles of threads, and the policy that distinguishes desired concurrency from race conditions. We use case studies from production Java code to explore the costs and benefits of a new annotation-based approach for expressing design intent. Our intent is both to assist in establishing "thread safety" attributes in code and to support tools that safely restructure code. The annotations we use express "mechanical" properties such as lock-state associations, uniqueness of references, and encapsulation of state into named aggregations. Our analyses revealed race conditions in our case study samples, drawn from open-source projects and library code. The novel technical features of this approach include (1) flexible encapsulation via aggregations of state that can cross object boundaries, (2) the association of locks with state aggregations, (3) policy descriptions for allowable method interleavings, and (4) the incremental process for inserting, validating, and exploiting annotations.

[1]  K. Rustan M. Leino,et al.  ESC/Java User's Manual , 2000 .

[2]  William L. Scherlis Systematic Change of Data Representation: Program Manipulations and a Case Study , 1998, ESOP.

[3]  Ivar Jacobson,et al.  The Unified Modeling Language User Guide , 1998, J. Database Manag..

[4]  David K. Gifford,et al.  Integrating functional and imperative programming , 1986, LFP '86.

[5]  簡聰富,et al.  物件導向軟體之架構(Object-Oriented Software Construction)探討 , 1989 .

[6]  Albert L. Baker,et al.  JML: A Notation for Detailed Design , 1999, Behavioral Specifications of Businesses and Systems.

[7]  Gregory R. Andrews,et al.  Language features for process interaction , 1977 .

[8]  David Garlan,et al.  Acme: an architecture description interchange language , 1997, CASCON.

[9]  Doug Lea Concurrent Programming in Java. Second Edition: Design Principles and Patterns , 1999 .

[10]  Stephen N. Freund,et al.  Type-based race detection for Java , 2000, PLDI '00.

[11]  Charles Simonyi,et al.  The Hungarian revolution , 1991 .

[12]  Martín Abadi,et al.  Types for Safe Locking , 1999, ESOP.

[13]  Yang Meng Tan,et al.  LCLint: a tool for using specifications to check code , 1994, SIGSOFT '94.

[14]  P. J. Plauger Thread safety , 1998 .

[15]  John Tang Boyland,et al.  Alias burying: Unique variables without destructive reads , 2001, Softw. Pract. Exp..

[16]  K. Rustan M. Leino,et al.  Data groups: specifying the modification of extended state , 1998, OOPSLA '98.

[17]  K. Rustan M. Leino,et al.  Extended static checking , 1998, PROCOMET.

[18]  Joshua J. Bloch Effective Java : programming language guide , 2001 .

[19]  Robert DeLine,et al.  Enforcing high-level protocols in low-level software , 2001, PLDI '01.

[20]  Aaron Greenhouse,et al.  An Object-Oriented Effects System , 1999, ECOOP.

[21]  David Holmes,et al.  Exclusion for composite objects , 2000, OOPSLA '00.

[22]  Stephen N. Freund,et al.  Detecting race conditions in large programs , 2001, PASTE '01.

[23]  Susan Owicki,et al.  An axiomatic proof technique for parallel programs I , 1976, Acta Informatica.

[24]  Martín Abadi,et al.  Object Types against Races , 1999, CONCUR.

[25]  Joannes M. Lucassen Types and Effects Towards the Integration of Functional and Imperative Programming. , 1987 .

[26]  Charles Antony Richard Hoare Towards a theory of parallel programming , 2002 .

[27]  Doug Lea,et al.  Concurrent Programming In Java , 1996 .

[28]  Leslie Lamport The ‘Hoare logic’ of concurrent programs , 2004, Acta Informatica.

[29]  Martin C. Rinard,et al.  A parameterized type system for race-free Java programs , 2001, OOPSLA '01.

[30]  David F. Bacon,et al.  Guava: a dialect of Java without data races , 2000, OOPSLA '00.

[31]  Klaus-Peter Löhr Concurrency annotations for reusable software , 1993, CACM.

[32]  Alfred Z. Spector,et al.  Synchronizing shared abstract types , 1984, TOCS.

[33]  Roy H. Campbell,et al.  The specification of process synchronization by path expressions , 1974, Symposium on Operating Systems.

[34]  John Tang Boyland,et al.  Promises: limited specifications for analysis and manipulation , 1998, Proceedings of the 20th International Conference on Software Engineering.

[35]  James Noble,et al.  Ownership types for flexible alias protection , 1998, OOPSLA '98.