Hongwei Liao,Yin Wang,Jason Stanley,Stéphane Lafortune,Spyros A. Reveliotis,Terence Kelly,Scott A. Mahlke

DOI: https://doi.org/10.1109/TCST.2012.2226034

2013-01-01

Abstract:Computer hardware is moving from uniprocessor to multicore architectures. One problem arising in this evolution is that only parallel software can exploit the full performance potential of multicore architectures, and parallel software is far harder to write than conventional serial software. One important class of failures arising in parallel software is circular-wait deadlock in multithreaded programs. In our ongoing Gadara project, we use a special class of Petri nets, called Gadara nets, to systematically model multithreaded programs with lock allocation and release operations. In this paper, we propose an efficient optimal control synthesis methodology for ordinary Gadara nets that exploits the structural properties of Gadara nets via siphon analysis. Optimality in this context refers to the elimination of deadlocks in the program with minimally restrictive control logic. We formally establish a set of important properties of the proposed control synthesis methodology, and show that our algorithms never synthesize redundant control logic. We conduct experiments to evaluate the efficiency and scalability of the proposed methodology, and discuss the application of our results to real-world concurrent software.

Yin Wang,Hongwei Liao,Spyros A. Reveliotis,Terence Kelly,Scott A. Mahlke,Stéphane Lafortune

DOI: https://doi.org/10.1109/CDC.2009.5399950

2009-01-01

Abstract:Deadlock avoidance in shared-memory multithreaded programs is receiving increased attention as multicore architectures and parallel programming are becoming more prevalent. In our on-going project, called Gadara, the objective is to control the execution of multithreaded programs in order to avoid deadlocks by using techniques from discrete-event control theory. In this project, Petri nets are employed to model parallel programs. This paper formally defines the class of Petri nets that emerges from modeling multithreaded programs, called Gadara nets. Gadara nets are related to, but different from, other classes of nets that have been characterized in deadlock analysis of manufacturing systems. The contributions of this paper include: (i) formal definition of Gadara nets and of controlled Gadara nets; (ii) a behavioral analysis of Gadara nets for liveness and reversibility using siphons; and (iii) identification of a convexity-type property for the set of live markings.

Hongwei Liao,Jason Stanley,Yin Wang,Stéphane Lafortune,Spyros A. Reveliotis,Scott A. Mahlke

DOI: https://doi.org/10.1109/CDC.2011.6160535

2011-01-01

Abstract:This paper presents an efficient implementation of an iterative control algorithm for the synthesis of maximally-permissive liveness-enforcing control policies for Gadara nets presented in earlier work. Gadara nets are a special class of Petri nets arising when modeling multithreaded software for the purpose of deadlock analysis and resolution. The considered control synthesis algorithm is based on structural analysis of Gadara nets in terms of a certain type of siphons, called resource-induced deadly-marked siphons. We propose a new customized mixed integer programming formulation to detect these siphons in Gadara nets. We then compare the performance of our customized algorithm with that of a generic siphon detection algorithm for process-resource nets in the context of the iterative control algorithm. Finally, we investigate the scalability of the overall algorithm to large program models.

Zhiming Zhang,Weimin Wu

DOI: https://doi.org/10.1145/2406336.2406344

2013-01-01

Abstract:Deadlock prevention is crucial to the modeling of flexible manufacturing systems. In the Petri net framework, deadlock prevention is often addressed by siphon-based control (SC) policies. Recent research results show that SC methods can avoid full siphon enumeration by using mixed integer programming (MIP) to greatly increase the computational efficiency so that it can be applied in large systems in computable time. Besides, maximally permissive control solutions can be obtained by means of iterative siphon control (ISC) approaches and MIP. Then the remaining problems are redundancy and MIP iterations. Redundant controllers make the closed-loop system more complicated and each MIP iteration increases the total computational time. This article proposes a revised ISC deadlock prevention policy which can achieve better results than the other reported methods in terms of redundancy and MIP iterations while maintaining the maximal permissiveness. Several benchmark examples are provided to illustrate the proposed approach and to be compared with the other reported methods.

Yin Wang,Terence Kelly,Manjunath Kudlur,Stéphane Lafortune,Scott A. Mahlke

DOI: https://doi.org/10.5555/1855741.1855761

2008-01-01

Abstract:Deadlock is an increasingly pressing concern as the multicore revolution forces parallel programming upon the average programmer. Existing approaches to deadlock impose onerous burdens on developers, entail high runtime performance overheads, or offer no help for unmodified legacy code. Gadara automates dynamic deadlock avoidance for conventional multithreaded programs. It employs whole-program static analysis to model programs, and Discrete Control Theory to synthesize lightweight, decentralized, highly concurrent logic that controls them at runtime. Gadara is safe, and can be applied to legacy code with modest programmer effort. Gadara is efficient because it performs expensive deadlock-avoidance computations offline rather than online. We have implemented Gadara for C/Pthreads programs. In benchmark tests, Gadara successfully avoids injected deadlock faults, imposes negligible to modest performance overheads (at most 18%), and outperforms a software transactional memory system. Tests on a real application show that Gadara identifies and avoids both previously known and unknown deadlocks while adding performance overheads ranging from negligible to 10%.

Yi-Sheng Huang,Ter-Chan Row,Weimin Wu

DOI: https://doi.org/10.1080/02533839.2018.1498019

2018-01-01

Journal of the Chinese Institute of Engineers

Abstract:Siphon control has been utilized as a general methodology for systems of simple sequential process with resource (S3PR) deadlock systems. Although siphon control imposes additional control places on S3PR systems, it cannot guarantee that the maximum permissiveness is achieved. To solve the problem of deadlock prevention for S3PR, a new policy to design a deadlock-free supervisor with the maximally permissive system is proposed using additional transitions. Additionally, this approach can solve the problem of deadlock prevention for systems of sequential systems with shared resources (S4PR) system models.

茹雨,吴维敏

DOI: https://doi.org/10.3969/j.issn.1004-731x.2003.z1.015

2003-01-01

Abstract:Given a generalized Petri net of which the transitions are all controllable and observable, a deadlock prevention algorithm is proposed in this paper. The algorithm is based on the reported iterative algorithm, which transforms deadlock prevention problems to control specifications, and the finite capacity place method, which enforces control specifications on plants. Compared with the reported methods that can only deal with some kind of Petri nets, the proposed algorithm is more general. Since the designed controller is a structural one, there is less online computation and faster execution. However, the offline computation is sometimes complex due to the iterative algorithm. Finally an example is presented to illustrate the algorithm and some further discussions are also offered.

Hongwei Liao,Stéphane Lafortune,Spyros A. Reveliotis,Yin Wang,Scott A. Mahlke

DOI: https://doi.org/10.1109/TAC.2012.2230814

2013-01-01

Abstract: We investigate the synthesis of optimal liveness-enforcing control policies for Gadara nets, a special class of Petri nets that arises in the modeling of the execution of multithreaded computer programs for the purpose of deadlock avoidance. We consider maximal permissiveness as the notion of optimality. Deadlock-freeness of a multithreaded program corresponds to liveness of its Gadara net model. We present a new control synthesis algorithm for liveness enforcement of Gadara nets that need not be ordinary. The algorithm employs structural analysis of the net and synthesizes monitor places to prevent the formation of a special class of siphons, termed resource-induced deadly-marked siphons. The algorithm also accounts for uncontrollable transitions in the net in a minimally restrictive manner. The algorithm is generally an iterative process and converges in a finite number of iterations. It exploits a covering of the unsafe states that is updated at each iteration. The proposed algorithm is shown to be correct and maximally permissive with respect to the goal of liveness enforcement.

Yin Wang,Hongwei Liao,Ahmed Nazeem,Spyros Reveliotis,Terence Kelly,Scott Mahlke,Stephane Lafortune

DOI: https://doi.org/10.1109/coase.2009.5234118

2009-01-01

Abstract:Multicore architectures in computer hardware bring an unprecedented need for parallel programming. In the work considered in this presentation, we are especially interested in multithreaded programs with shared data. In this widely- used programming paradigm, "lock" primitives are employed to control access to the shared data within the program threads.In this write-up, we report the progress of an ongoing project, called Gadara1, that seeks to provide a systematic solution to the aforementioned deadlock handling problem. More specifically, Gadara uses discrete event control theory and its specialization in the context of resource allocation in order to detect potential deadlocks and control the run-time execution of the underlying programs in a way that guarantees that these deadlocks never occur.

Weimin Wu,Mengchu Zhou,Guoqiang Zeng,Wei-Jie Mao,Hongye Su,Jian Chu

DOI: https://doi.org/10.1109/ICSMC.2009.5346582

2009-01-01

Abstract:This paper presents a novel method to design Petri net-based deadlock prevention controllers for flexible manufacturing systems. It starts from the computation of the complete deadlock markings by utilizing the conservativeness property of a Petri net model and the necessary and sufficient condition for deadlock. Then, it verifies a small state space including the dangerous and bad markings only by combining one-step look-forward through the original net and one-step look-backward via its reverse net. Subsequently, it defines the set of place invariants from the subset of marked operation places for the so called "elementary controlled bad markings". Finally, it synthesizes a deadlock prevention controller by a simplified invariant-based method. Its obtained deadlock-free controller allows more behavior of the closed-loop system than those obtained via a siphon-based control method. Its computational efficiency is higher than those based on a complete reachability graph-based control method.

Jiliang Luo,Weimin Wu,Hongye Su,Jian Chu

DOI: https://doi.org/10.1109/ACC.2006.1657372

2006-01-01

Abstract:This paper addresses the control problems to enforce general mutual exclusion constraints (GMECs) on a controlled Petri nets based on the constraint transformation. The basic GMEC is introduced for a Petri net, in which a marking is admissible if it does not violate this constraint. To enforce basic GMECs on a Petri net is rather simple, for the uncontrollable transitions need not be considered. Therefore, the key for the solution to the control problems is to compute the equivalent basic GMECs for the given GMECs. Then the method, to transform equivalently the given GMECs into the basic GMECs, is obtained for the class of control problems where the influence uncontrollable subnets are forward synchronization and forward conflict free (FSFCF) nets. An FSFCF net is an ordinary Petri net in which each node has at most one input.

Yin Wang,Terence Kelly,Manjunath Kudlur,Scott Mahlke,Stephane Lafortune

DOI: https://doi.org/10.1109/wodes.2008.4605961

2008-01-01

Abstract:Ensuring deadlock-free execution of concurrent programs is a notoriously difficult problem, but an increasingly important one as multicore processors compel performance-conscious software developers to parallelize applications. We propose and validate a novel methodology for dynamically controlling the execution of concurrent software in order to provably avoid deadlocks. The methodology is based on supervisory control of discrete event systems modeled by Petri nets. Specifically, we synthesize feedback controllers for concurrent programs based on the theory of supervision based on place invariants and implement the controllers online to guarantee deadlock avoidance. We describe a full implementation of this methodology and report initial experimental results demonstrating its effectiveness and scalability.

Hongwei Liao,Stephane Lafortune,Spyros Reveliotis,Yin Wang,Scott Mahlke

DOI: https://doi.org/10.1109/cdc.2010.5716934

2010-01-01

Abstract:This paper studies the synthesis of maximally-permissive liveness-enforcing control policies for Gadara nets. Gadara nets are a special class of Petri nets that model allocation of locks in multithreaded computer programs for the purpose of deadlock avoidance. We propose a new control synthesis algorithm that can be used for liveness enforcement of Gadara nets. The algorithm employs structural analysis of the net and synthesizes monitor places to control a special class of siphons, termed resource-induced deadly-marked siphons. We present an iterative control methodology based on this algorithm that converges in a finite number of iterations. The methodology exploits a covering of the unsafe states that is updated at each iteration. Both the proposed algorithm and the associated iterative control methodology are shown to be correct and maximally permissive with respect to the goal of liveness enforcement.

Zhiwei Xu,Olivier Y. De Vel

DOI: https://doi.org/10.1109/PNPM.1991.238776

1991-01-01

Abstract:The authors present a graph model based on Petri nets that can be used as a software development tool for parallel computational programs written in the Occam language. In parallel computing the cooperation aspect of concurrency is emphasized, rather than the competitive aspect of multiple processes found in operating system applications. In developing and debugging a parallel computational program, users often want to ensure that their program will terminate (that is, it stops in finite time) and be determinate (that is, the same input data always produce the same result). Using the Petri net graph model, termination and determinacy can be mathematically defined, and algorithms for detecting these properties developed. In fact, the graph model defines an operational semantics for a non-trivial subset of Occam, and can be used as a pedagogical aid as well as a tool for developing and synthesizing Occam programs in parallel computing applications

Jiaquan Sun,Guanjun Liu,Dongming Xiang,Changjun Jiang

DOI: https://doi.org/10.1109/icnsc.2019.8743177

2019-01-01

Abstract:A multi-thread program easily suffers from concurrent bugs such as livelock, deadlock and data inconsistency. The Petri-net-based methods are widely used to detect these errors. The existing models are good at modeling the logical structures such concurrency and synchronization locks, but short of modeling the changes of variables. However, some bugs are closely related with the changes of variables. In order to solve this problem, we put forward a new Petri net model called multi-thread net. This model can characterize overwriting, shared reading and synchronization locks. Moreover, we present a method to construct a reachability graph for every multi-thread net. Based on this graph, we develop an algorithm to detect concurrent bugs including deadlock, data race, order violation, and atomic violation. Furthermore, a Petri net tool is developed to model current programs and detect their concurrent bugs.

Terence Kelly,Yin Wang,Stephane Lafortune,Scott Mahlke

DOI: https://doi.org/10.1109/mc.2009.391

2009-01-01

Computer

Abstract:In the multicore era, concurrency bugs threaten to reduce programmer productivity, impair software safety, and erode end-user value. Control engineering can eliminate concurrency bugs by constraining software behavior, preventing runtime failures, and offloading onerous burdens from human programmers onto automatically synthesized control logic.

ZHUChengcheng,DONG Lida

DOI: https://doi.org/10.3969/j.issn.1001-2400.2015.02.028

2015-01-01

Abstract:Due to the sharing of resources,the deadlocks often occur as concurrency bugs in multithreaded software.This paper utilizes the Petri net to model multithreaded software and use the mixed integer programming tool to test the concurrency bugs in it.Currently,multithreaded software using the mutex can be modeled and tested by the Gadara nets.Multithreaded software using semaphores can be modeled by S*PR nets,but there is no theory to support the mixed integer programming-based concurrency bugs test method for them.This paper defines a subclass of S*PR nets,i.e.,SEM-S*PR nets.The initial marking of resource places in it can be greater than 1 and branches can use resources symmetrically.Thus,it can model a class of multithreaded software using semaphores.By structural analysis,it can be proved that a SEM-S*PR net is live if and only if all its siphons are always marked during execution.This result ensures that the mixed integer programming techniques can also be applied for detecting concurrency bugs in multithreaded software modeled by SEM-S* PR nets.Finally,two concurrency bug test examples are introduced,and the results show the validity of this work.

Yin Wang,Stephane Lafortune,Terence Kelly,Manjunath Kudlur,Scott Mahlke

DOI: https://doi.org/10.1145/1594834.1480913

2009-01-01

ACM SIGPLAN Notices

Abstract:Deadlock in multithreaded programs is an increasingly important problem as ubiquitous multicore architectures force parallelization upon an ever wider range of software. This paper presents a theoretical foundation for dynamic deadlock avoidance in concurrent programs that employ conventional mutual exclusion and synchronization primitives (e.g., multithreaded C/Pthreads programs). Beginning with control flow graphs extracted from program source code, we construct a formal model of the program and then apply Discrete Control Theory to automatically synthesize deadlock-avoidance control logic that is implemented by program instrumentation. At run time, the control logic avoids deadlocks by postponing lock acquisitions. Discrete Control Theory guarantees that the program instrumented with our synthesized control logic cannot deadlock. Our method furthermore guarantees that the control logic is maximally permissive: it postpones lock acquisitions only when necessary to prevent deadlocks, and therefore permits maximal runtime concurrency. Our prototype for C/Pthreads scales to real software including Apache, OpenLDAP, and two kinds of benchmarks, automatically avoiding both injected and naturally occurring deadlocks while imposing modest runtime overheads.

Stephane Lafortune,Yin Wang

2009-01-01

Abstract:Software reliability is an increasingly pressing concern as the multicore revolution forces parallel programming upon the average programmer. Many existing approaches to software failure are ad hoc, based on best-practice heuristics. Often these approaches impose onerous burdens on developers, entail high runtime performance overheads, or offer no help for unmodified legacy code. We demonstrate that discrete control theory can be applied to software failure avoidance problems. Discrete control theory is a branch of control engineering that addresses the control of systems with discrete state spaces and event-driven dynamics. Typical modeling formalisms used in discrete control theory include automata and Petri nets, which are well suited for modeling software systems. In order to use discrete control theory for software failure avoidance problems, formal models of computer programs must first be constructed. Next, control logic must be synthesized from the model and given behavioral specifications. Finally, the control logic must be embedded into the execution engine or the program itself. At runtime, the provably correct control logic guarantees that the given failure-avoidance specifications are enforced. This thesis employs the above methodology in two different application domains: failure avoidance in information technology automation workflows and deadlock avoidance in multithreaded C programs. In the first application, we model workflows using finite-state automata and synthesize controllers for safety and nonblocking specifications expressed as regular languages using an automata-based discrete control technique, called Supervisory Control. The second application addresses the problem of deadlock avoidance in multithreaded C programs that use lock primitives. We exploit compiler technology to model programs as Petri nets and establish a correspondence between deadlock avoidance in the program and the absence of reachable empty siphons in its Petri net model. The technique of Supervision Based on Place Invariants is then used to synthesize the desired control logic, which is implemented using source-to-source translation. Empirical evidence confirms that the algorithmic techniques of Discrete Control Theory employed scale to programs of practical size in both application domains. Furthermore, comprehensive experiments in the deadlock avoidance problem demonstrate tolerable runtime overhead, no more than 18%, for a benchmark and several real-world C programs.

Dennis Jeffrey,Yan Wang,Chen Tian,Rajiv Gupta

DOI: https://doi.org/10.1002/spe.1040

2011-01-01

Software Practice and Experience

Abstract:Memory-related program failures in multithreaded programs can be caused by a variety of bugs. Concurrency bugs can occur due to unexpected or incorrect thread interleavings during execution. Other kinds of memory bugs, such as buffer overflows and uninitialized reads, may also occur in multithreaded as well as single-threaded programs. Most prior techniques for isolating these bugs are specialized, addressing only one type of concurrency bug or certain types of other memory bugs. The memory corruption caused by these bugs can also undergo significant propagation during program execution. When a program failure finally occurs due to memory corruption, the true root cause of the failure may be effectively concealed as significant portions of memory may have become corrupted. We propose a general framework that can isolate the root cause of any failure in a multithreaded program that involves memory corruption and reveals at least a subset of this memory corruption. This includes three important types of concurrency bugs—data races, atomicity violations, and order violations—as well as other kinds of memory bugs. To account for propagation of memory corruption, our approach uses a dynamic technique called ‘execution suppression’ that iteratively reveals memory corruption in a failing execution to isolate the true root cause of the failure. Copyright © 2011 John Wiley & Sons, Ltd.