Detecting Java Race Conditions With Tests, Part 1: Lost Updates

Detecting Java race conditions is hard; detecting them during tests is impossible. Really?

In the following article, I want to show you that it is actually rather easy. In Part I of this article, you will see how to detect lost updates, the first type of Java race conditions. In Part II, we will look at the second type of Java race conditions: non-atomic access.

So What Are Visibility Problems Anyway?

If you read and write to the same field from different threads without synchronization, you will lose updates.

Why? In multi-core computers, every core has a cache. If you write to a field, another thread sees the old value if that thread runs on another core. If the thread runs on the same core, you will see the new value. Only if the cache was invalidated, will the thread always see the new value. Without invalidating the cache you lose updates. And invalidating the cache is what a synchronization statement or writing to a volatile field does.

Okay, So What Can I Do?

Simply run a multi-threaded test. Afterward, check if each concurrent field access is correctly synchronized. The Java memory model formally specifies which statements correctly synchronize a field access. For example, the following is correctly synchronized, since between the write and read is a thread start:

public class ThreadStart extends Thread {

    private int i = 0;

    public static void main(String[] args) {
        ThreadStart threadStart = new ThreadStart();
        threadStart.i = 8;

        /*
         * 
         * see https://docs.oracle.com/javase/specs/jls/se7/html/jls-17.html#jls-17.4.4
         * An action that starts a thread synchronizes-with the first action in the thread 
         * it starts. 
         */

        threadStart.start();
    }

    @Override
    public void run() {
        int j =  i;
    }

}

So let’s get started with a simple example—a counter:

public class Counter {

    private int i = 0;

    public void addOne() {
        i++;
    }
}

To test the counter, we use the following JUnit test. The concurrent test runner runs the test method from four different threads.

import org.junit.Test;
import org.junit.runner.RunWith;
import com.anarsoft.vmlens.concurrent.junit.ConcurrentTestRunner;

@RunWith(ConcurrentTestRunner.class)
public class TestCounter {

    private final Counter counter = new Counter();

    @Test
    public void testAdd() {
        counter.addOne();
    }
}

To trace the fields and synchronization actions, add the vmlens agent path to the virtual machine arguments. After the run, vmlens checks all field accesses. If vmlens finds a field access that is not correctly synchronized, we have detected a Java race condition.

It Is Not a Bug, It Is a Feature

Probably you have noticed the detected Java race condition accessing the field numInvocations in the class sun.reflect.NativeMethodAccessorImpl. If we look at the source code, we see that it is used to switch to a faster implementation, if a threshold is reached.

public Object invoke(Object obj, Object[] args)
         throws IllegalArgumentException, InvocationTargetException
{
      if (++numInvocations > ReflectionFactory.inflationThreshold()) {
            MethodAccessorImpl acc = (MethodAccessorImpl)
                new MethodAccessorGenerator().
                    generateMethod(method.getDeclaringClass(),
                                   method.getName(),
                                   method.getParameterTypes(),
                                   method.getReturnType(),
                                   method.getExceptionTypes(),
                                   method.getModifiers());
            parent.setDelegate(acc);
        }
        return invoke0(method, obj, args);
 }

This is an example of a Java race condition, which is not a bug but a feature. The performance loss to make the numInvocations count thread safe is worse than to lose some values.

If It Is Not Tested, It Is Probably Broken

Since detecting Java race conditions with testing is rather new, you can expect many undetected race conditions. Here is an example of race conditions during the start and stop of Jenkins, an open-source continuous integration server:

So detecting lost updates with tests is possible. As a test runner, I used concurrent-junit; as a race condition catcher, I used vmlens. In Part II we will look at non-atomic updates.