MODERN MULTITHREADING Implementing, Testing, and Debugging Multithreaded Java and C++/Pthreads/Win32 Programs RICHARD H CARVER KUO-CHUNG TAI A JOHN WILEY & SONS, INC., PUBLICATION MODERN MULTITHREADING MODERN MULTITHREADING Implementing, Testing, and Debugging Multithreaded Java and C++/Pthreads/Win32 Programs RICHARD H CARVER KUO-CHUNG TAI A JOHN WILEY & SONS, INC., PUBLICATION Copyright  2006 by John Wiley & Sons, Inc All rights reserved Published by John Wiley & Sons, Inc., Hoboken, New Jersey Published simultaneously in Canada No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 750-4470, or on the web at www.copyright.com Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permission Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose No warranty may be created or extended by sales representatives or written sales materials The advice and strategies contained herein may not be suitable for your situation You should consult with a professional where appropriate Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages For general information on our other products and services or for technical support, please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002 Wiley also publishes its books in a variety of electronic formats Some content that appears in print may not be available in electronic formats For more information about Wiley products, visit our web site at www.wiley.com Library of Congress Cataloging-in-Publication Data: Carver, Richard H., 1960– Modern multithreading: implementing, testing, and debugging multithreaded Java and C++/Pthreads/Win32 programs / by Richard H Carver and Kuo-Chung Tai p cm Includes bibliographical references and index ISBN-13 978-0-471-72504-6 (paper) ISBN-10 0-471-72504-8 (paper) Parallel programming (Computer science) Threads (Computer programs) I Tai, Kuo-Chung II Title QA76.642.C38 2006 005.1 1–dc22 2005045775 Printed in the United States of America 10 CONTENTS Preface xi Introduction to Concurrent Programming 1.1 1.2 1.3 1.4 1.5 1.6 Processes and Threads: An Operating System’s View, Advantages of Multithreading, Threads in Java, Threads in Win32, Pthreads, C++ Thread Class, 14 1.6.1 C++ Class Thread for Win32, 14 1.6.2 C++ Class Thread for Pthreads, 19 1.7 Thread Communication, 19 1.7.1 Nondeterministic Execution Behavior, 23 1.7.2 Atomic Actions, 25 1.8 Testing and Debugging Multithreaded Programs, 29 1.8.1 Problems and Issues, 30 1.8.2 Class TDThread for Testing and Debugging, 34 1.8.3 Tracing and Replaying Executions with Class Template sharedVariable, 37 1.9 Thread Synchronization, 38 Further Reading, 38 References, 39 Exercises, 41 v vi CONTENTS The Critical Section Problem 46 2.1 Software Solutions to the Two-Thread Critical Section Problem, 47 2.1.1 Incorrect Solution 1, 48 2.1.2 Incorrect Solution 2, 49 2.1.3 Incorrect Solution 3, 50 2.1.4 Peterson’s Algorithm, 52 2.1.5 Using the volatile Modifier, 53 2.2 Ticket-Based Solutions to the n-Thread Critical Section Problem, 54 2.2.1 Ticket Algorithm, 54 2.2.2 Bakery Algorithm, 56 2.3 Hardware Solutions to the n-Thread Critical Section Problem, 58 2.3.1 Partial Solution, 59 2.3.2 Complete Solution, 59 2.3.3 Note on Busy-Waiting, 60 2.4 Deadlock, Livelock, and Starvation, 62 2.4.1 Deadlock, 62 2.4.2 Livelock, 62 2.4.3 Starvation, 63 2.5 Tracing and Replay for Shared Variables, 64 2.5.1 ReadWrite-Sequences, 65 2.5.2 Alternative Definition of ReadWrite-Sequences, 67 2.5.3 Tracing and Replaying ReadWrite-Sequences, 68 2.5.4 Class Template sharedVariable, 70 2.5.5 Putting It All Together, 71 2.5.6 Note on Shared Memory Consistency, 74 Further Reading, 77 References, 78 Exercises, 79 Semaphores and Locks 3.1 Counting Semaphores, 84 3.2 Using Semaphores, 86 3.2.1 Resource Allocation, 86 3.2.2 More Semaphore Patterns, 87 3.3 Binary Semaphores and Locks, 90 3.4 Implementing Semaphores, 92 3.4.1 Implementing P() and V(), 92 3.4.2 VP() Operation, 94 3.5 Semaphore-Based Solutions to Concurrent Programming Problems, 96 3.5.1 Event Ordering, 96 84 CONTENTS vii 3.5.2 Bounded Buffer, 96 3.5.3 Dining Philosophers, 98 3.5.4 Readers and Writers, 101 3.5.5 Simulating Counting Semaphores, 108 3.6 Semaphores and Locks in Java, 111 3.6.1 Class countingSemaphore, 111 3.6.2 Class mutexLock, 113 3.6.3 Class Semaphore, 115 3.6.4 Class ReentrantLock, 116 3.6.5 Example: Java Bounded Buffer, 116 3.7 Semaphores and Locks in Win32, 119 3.7.1 CRITICAL SECTION, 119 3.7.2 Mutex, 122 3.7.3 Semaphore, 124 3.7.4 Events, 132 3.7.5 Other Synchronization Functions, 134 3.7.6 Example: C++/Win32 Bounded Buffer, 134 3.8 Semaphores and Locks in Pthreads, 134 3.8.1 Mutex, 136 3.8.2 Semaphore, 137 3.9 Another Note on Shared Memory Consistency, 141 3.10 Tracing, Testing, and Replay for Semaphores and Locks, 143 3.10.1 Nondeterministic Testing with the Lockset Algorithm, 143 3.10.2 Simple SYN-Sequences for Semaphores and Locks, 146 3.10.3 Tracing and Replaying Simple PV-Sequences and LockUnlock-Sequences, 150 3.10.4 Deadlock Detection, 154 3.10.5 Reachability Testing for Semaphores and Locks, 157 3.10.6 Putting It All Together, 160 Further Reading, 163 References, 164 Exercises, 166 Monitors 4.1 Definition of Monitors, 178 4.1.1 Mutual Exclusion, 178 4.1.2 Condition Variables and SC Signaling, 178 4.2 Monitor-Based Solutions to Concurrent Programming Problems, 182 4.2.1 Simulating Counting Semaphores, 182 4.2.2 Simulating Binary Semaphores, 183 4.2.3 Dining Philosophers, 183 4.2.4 Readers and Writers, 187 177 viii CONTENTS 4.3 Monitors in Java, 187 4.3.1 Better countingSemaphore, 190 4.3.2 notify vs notifyAll, 191 4.3.3 Simulating Multiple Condition Variables, 194 4.4 Monitors in Pthreads, 194 4.4.1 Pthreads Condition Variables, 196 4.4.2 Condition Variables in J2SE 5.0, 196 4.5 Signaling Disciplines, 199 4.5.1 Signal-and-Urgent-Wait, 199 4.5.2 Signal-and-Exit, 202 4.5.3 Urgent-Signal-and-Continue, 204 4.5.4 Comparing SU and SC Signals, 204 4.6 Using Semaphores to Implement Monitors, 206 4.6.1 SC Signaling, 206 4.6.2 SU Signaling, 207 4.7 Monitor Toolbox for Java, 209 4.7.1 Toolbox for SC Signaling in Java, 210 4.7.2 Toolbox for SU Signaling in Java, 210 4.8 Monitor Toolbox for Win32/C++/Pthreads, 211 4.8.1 Toolbox for SC Signaling in C++/Win32/Pthreads, 213 4.8.2 Toolbox for SU Signaling in C++/Win32/Pthreads, 213 4.9 Nested Monitor Calls, 213 4.10 Tracing and Replay for Monitors, 217 4.10.1 Simple M-Sequences, 217 4.10.2 Tracing and Replaying Simple M-Sequences, 219 4.10.3 Other Approaches to Program Replay, 220 4.11 Testing Monitor-Based Programs, 222 4.11.1 M-Sequences, 222 4.11.2 Determining the Feasibility of an M-Sequence, 227 4.11.3 Determining the Feasibility of a Communication-Sequence, 233 4.11.4 Reachability Testing for Monitors, 233 4.11.5 Putting It All Together, 235 Further Reading, 243 References, 243 Exercises, 245 Message Passing 5.1 Channel Objects, 258 5.1.1 Channel Objects in Java, 259 5.1.2 Channel Objects in C++/Win32, 263 5.2 Rendezvous, 266 5.3 Selective Wait, 272 258 REFERENCES 451 Ledoux, C H., and D Stott Parker (1985) Saving traces for Ada debugging Proc 1985 International Ada Conference, pp 97–108 Lei, Yu, and Richard H Carver (2004a) Reachability testing of semaphore-based programs Proc 28th Computer Software and Applications Conference (COMPSAC), pp 312–317 Lei, Yu, and Richard H Carver (2004b) Reachability testing of monitor-based programs Proc 8th IASTED International Conference on Software Engineering and Applications, pp 312–317 Lei, Yu, and Richard H Carver (2005) A new algorithm for reachability testing of concurrent programs Technical Report GMU-CS-TR-2005-1 Lei, Yu, and Kuo-Chung Tai (2002) Efficient reachability testing of asynchronous messagepassing programs Proc 8th IEEE International Conference on Engineering for Complex Computer Systems, pp 35–44 Masticola, S P., and B G Ryder (1991) A model of Ada programs for static deadlock detection in polynomial time Proc Workshop on Parallel and Distributed Debugging, pp 97–107 Mellor-Crummey, J., and T LeBlanc (1989) A software instruction counter Proc 3rd Symposium on Architectural Support for Programming Languages and Operating Systems, pp 78–86 Myers, Glenford (1979) The Art of Software Testing New York: Wiley Netzer, R B., and B P Miller (1994) Optimal tracing and replay for debugging messagepassing parallel programs Journal of Supercomputing, Vol 8, No 4, pp 371–388 Offutt, A Jefferson, and Jeffrey M Voas (1996) Subsumption of Condition Coverage Techniques by Mutation Testing Technical Report ISSE-TR-96-01 Department of Information and Software Systems Engineering, http://www.isse.gmu.edu/techrep/1996 Parrish, A S., and S H Zweben (1995) On the relationships among the all-uses, alldu-paths, and all-edges testing criteria IEEE Transactions on Software Engineering, Vol 21, No 12 (December), pp 1006–1009 Silberschatz, A., J L Peterson, and P Galvin (1991) Operating Systems Concepts Reading, MA: Addison-Wesley Stoller, S D (2002) Testing concurrent Java programs using randomized scheduling Proc 2nd Workshop on Runtime Verification (RV), Vol 70, No Electronic Notes in Theoretical Computer Science Amsterdam: Elsevier Tai, K C (1994) Definitions and detection of deadlock, livelock, and starvation in concurrent programs Proc 1994 International Conference on Parallel Processing, pp 69–72 Tai, K C (1997) Reachability testing of asynchronous message-passing programs Proc 2nd International Workshop on Software Engineering for Parallel and Distributed Systems, pp 50–61 Tai, K C., R H Carver, and E Obaid (1991) Debugging concurrent Ada programs by deterministic execution IEEE Transactions on Software Engineering, Vol 17, No (January), pp 45–63 Tannenbaum, A S (1992) Modern Operating Systems Englewood Cliffs, NJ: Prentice Hall Turski, W M (1991) On starvation and some related issues Information Processing Letters, Vol 37, No 3, pp 171–174 452 TESTING AND DEBUGGING CONCURRENT PROGRAMS Taylor, R N (1983) A general-purpose algorithm for analyzing concurrent programs Communications of the ACM, Vol 26, No 5, pp 362–376 Taylor, R N., D L Levine, and C D Kelly (1992) Structural testing of concurrent programs IEEE Transactions on Software Engineering, Vol 18, No 3, pp 206–215 Tsai, J., Y Bi, S Yang, and R Smith (1996) Distributed Real-Time Systems: Monitoring, Debugging, and Visualization New York: Wiley Vissers, C A., G Scollo, Mv Sinderen, and E Brinksma (1991) Specification styles in distributed systems design and verification Theoretical Computer Science, Vol 89, pp 179–206 Vouk, M A., M L Helsabeck, D F McAllister, and K C Tai (1986) On testing of functionally equivalent components of fault-tolerant software Proc COMPSAC’86, October, pp 414–419 Yang, C., and L L Pollock (1997) The challenges in automated testing of multithreaded programs Proc 14th International Conference on Testing Computer Software, pp 157–166 EXERCISES 7.1 Suppose that CP is a nondeterministic concurrent program Must it be true that there are two or more different possible outputs for an execution of CP with some input X? 7.2 Create several mutations of the message-passing solution to the readers and writers program in Section 5.4.1 List your mutations and indicate whether the sequence that distinguishes the mutant from the correct solution is a valid or an invalid sequence 7.3 Show a sequential program for which a set of test sequences that satisfies decision coverage may not detect a failure that is detected by a set of test sequences that satisfies statement coverage but not decision coverage 7.4 Figure 7.34 shows a sequence of call and completion events for semaphores s1 and s2 Semaphore s1 is a counting semaphore initialized to Semaphore s2 is a binary semaphore initialized to (a) Based on the semaphore invariant, compute the OpenList for each completion event ei, ≤ i ≤ 10 (b) Compute a timestamp for each call and completion event using the object-centric timestamp scheme (c) Compute the race set for each completion event (d) Compute the race table for this sequence 7.5 It is possible to reduce the number of sequences exercised during reachability testing by considering the semantics of P and V operations (a) Show how to perform such a reduction by modifying the definition of an OpenList for P and V operations For example, if operation V is 453 EXERCISES s1 T1 T2 s2 e1 (s1,{},1) c2 (T1,s1,P,1) c1 (T3,s1,P,1) e2 (s1,{},2) e3 (s1,{},3) c3 (T3,s1,V,2) e4 (s1,{},4) c4 (T2,s1,P,1) c5 (T2,s2,P,2) e5 (s2,{},1) c6 (T2,s2,V,3) e6 (s2,{},2) e9 (s1,{},5) c10 (T1,s1,V,2) T3 c9 (T2,s2,V,4) e10 (s1,{},6) e7 (s2,{},3) c7 (T3,s2,P,3) e8 (s2,{},4) c8 (T3,s2,V,4) Figure 7.34 Sequence of P and V operations excluded from the OpenList of completed V operations, race analysis will not consider an alternative order of two V operations on the same semaphore since V operations will never race with each other (b) Given your answer to part (a), how many sequences would be exercised during reachability testing for the bounded-buffer program in Listing 3.17? 7.6 In Sections 3.10.5 and 4.11.4 we reported the results of applying reachability testing to semaphore and monitor solutions for the bounded-buffer problem It was reported that with reductions based on thread symmetry and the semantics of P and V operations (see Exercise 7.5), reachability testing of the semaphore solution with two producers and two consumers exercised only two sequences With reductions based on thread symmetry, reachability testing of the SU monitor solution with two producers and two consumers exercised 20 sequences Why is the reduction greater for the semaphore program? The SU monitor was implemented using semaphores Would it help to apply reachability testing directly to the semaphore implementation? 7.7 Suppose that we apply reachability testing to a monitor-based boundedbuffer program with three producers and three consumers Suppose that in the first sequence exercised, Producer1 enters the monitor first, Consumer2 enters the monitor second, and the other Producers and Consumers enter after that Based on the notion of thread symmetry, what are the variants 454 TESTING AND DEBUGGING CONCURRENT PROGRAMS of this sequence? You only need to consider the first entry into the monitor That is, should we generate variants in which some other Producer or Consumer enters the monitor first? 7.8 The beginning of Section 7.5 says: “If every execution of a program with a given input terminates, and the total number of SYN-sequences is finite, reachability testing will terminate and every partially ordered SYN-sequence of the program with the given input will be exercised.” (a) Write a program or point out one in the text that terminates for every input but does not have a finite number of possible SYN-sequences Hint: Consider programs that have a loop that makes an undetermined number of iterations (b) Does the program really have an infinite number of possible sequences? If not, is it possible to put an upper bound on the number of sequences? 7.9 Draw a concurrency graph for the following program: port p1, p2; // synchronous ports Thread1 p1.send(x); end; Thread2 Thread3 Thread4 x = p1.receive(); end; p2.send(y); end; y = p2.receive(); end; (a) How many states and transitions does your concurrency graph have? (b) Would it be possible to reduce the number of states in your graph without losing any information about the program? 7.10 Suppose that a thread has a loop, which could be a for -loop or a while -loop Will the concurrency graph for the thread include a cycle? Under what conditions would the concurrency graph not have a cycle? 7.11 In Section 7.2.1 we mentioned the following relationship between the paths and SYN-sequences of a concurrent program: “If two or more different partially ordered feasible paths of CP have the same partially ordered SYNsequence, their input domains are mutually disjoint.” The input domain of a path T is the set of inputs for which T is feasible If the input domains of a path are mutually disjoint, there is no input that appears in the domains of both paths For example, here is a simple sequential program with two feasible paths: int main() { int x; std::cout > x; if (x%2==0) std::cout