Static lock capabilities for deadlock freedom

We present a technique --- lock capabilities --- for statically verifying that multithreaded programs with locks will not deadlock. Most previous work on deadlock prevention requires a strict total order on all locks held simultaneously by a thread, but such an invariant often does not hold with fine-grained locking, especially when data-structure mutations change the order locks are acquired. Lock capabilities support idioms that use fine-grained locking, such as mutable binary trees, circular lists, and arrays where each element has a different lock. Lock capabilities do not enforce a total order and do not prevent external references to data-structure nodes. Instead, the technique reasons about static capabilities, where a thread already holding locks can attempt to acquire another lock only if its capabilities allow it. Acquiring one lock may grant a capability to acquire further locks; in data-structures where heap shape affects safe locking orders, the heap structure can induce the capability-granting relation. Deadlock-freedom follows from ensuring that the capability-granting relation is acyclic. Where necessary, we restrict aliasing with a variant of unique references to allow strong updates to the capability-granting relation, while still allowing other aliases that are used only to acquire locks while holding no locks. We formalize our technique as a type-and-effect system, demonstrate it handles realistic challenging idioms, and use syntactic techniques (type preservation) to show it soundly prevents deadlock.

[1]  Jan Smans,et al.  Deadlock-Free Channels and Locks , 2010, ESOP.

[2]  Parosh Aziz Abdulla A Type and Effect System for Deadlock Avoidance in Low-level Languages , 2011 .

[3]  Hagit Attiya,et al.  Sequential verification of serializability , 2010, POPL '10.

[4]  K. Rustan M. Leino,et al.  A Basis for Verifying Multi-threaded Programs , 2009, ESOP.

[5]  Scott A. Mahlke,et al.  Gadara: Dynamic Deadlock Avoidance for Multithreaded Programs , 2008, OSDI.

[6]  Vinay K. Chaudhri,et al.  Safe locking policies for dynamic databases , 1995, PODS '95.

[7]  David Walker,et al.  Alias Types for Recursive Data Structures , 2000, Types in Compilation.

[8]  Peter Müller,et al.  Ownership transfer in universe types , 2007, OOPSLA.

[9]  Sophia Drossopoulou,et al.  Universes for Race Safety , 2007 .

[10]  Naoki Kobayashi,et al.  A New Type System for Deadlock-Free Processes , 2006, CONCUR.

[11]  Kohei Suenaga Type-Based Deadlock-Freedom Verification for Non-Block-Structured Lock Primitives and Mutable References , 2008, APLAS.

[12]  David Walker,et al.  Alias Types , 2000, ESOP.

[13]  P ? ? ? ? ? ? ? % ? ? ? ? , 1991 .

[14]  Jonathan Aldrich,et al.  Modular typestate checking of aliased objects , 2007, OOPSLA.

[15]  Yannis Smaragdakis,et al.  Strictly declarative specification of sophisticated points-to analyses , 2009, OOPSLA.

[16]  Martín Abadi,et al.  Types for Safe Locking , 1999, ESOP.

[17]  Scott A. Mahlke,et al.  The theory of deadlock avoidance via discrete control , 2009, POPL '09.

[18]  John Tang Boyland,et al.  Connecting effects and uniqueness with adoption , 2005, POPL '05.

[19]  David Walker,et al.  Typed memory management via static capabilities , 2000, TOPL.

[20]  Martin Odersky,et al.  Capabilities for Uniqueness and Borrowing , 2010, ECOOP.

[21]  David Walker,et al.  Alias Types for Recursive Data Structures (Extended Version) , 2000 .

[22]  Stephen N. Freund,et al.  Type-based race detection for Java , 2000, PLDI '00.

[23]  Martin C. Rinard,et al.  A parameterized type system for race-free Java programs , 2001, OOPSLA '01.

[24]  Martin C. Rinard,et al.  ACM Conference on Object-Oriented Programming, Systems, Languages and Applications (OOPSLA), November 2002 Ownership Types for Safe Programming: Preventing Data Races and Deadlocks , 2022 .

[25]  Robert DeLine,et al.  Adoption and focus: practical linear types for imperative programming , 2002, PLDI '02.

[26]  Gérard Boudol A Deadlock-Free Semantics for Shared Memory Concurrency , 2009, ICTAC.

[27]  John Tang Boyland,et al.  Checking Interference with Fractional Permissions , 2003, SAS.

[28]  Jan Smans,et al.  Verification of Concurrent Programs with Chalice , 2009, FOSAD.

[29]  Konstantinos Sagonas,et al.  A Type System for Unstructured Locking that Guarantees Deadlock Freedom without Imposing a Lock Ordering , 2010, PLACES.

[30]  Yannis Smaragdakis,et al.  Resolving and exploiting the k-CFA paradox: illuminating functional vs. object-oriented program analysis , 2010, PLDI '10.

[31]  Peter W. O'Hearn,et al.  Permission accounting in separation logic , 2005, POPL '05.

[32]  Martín Abadi,et al.  Types for safe locking: Static race detection for Java , 2006, TOPL.

[33]  Ondrej Lhoták,et al.  Pick your contexts well: understanding object-sensitivity , 2011, POPL '11.