Presentation is loading. Please wait.

Presentation is loading. Please wait.

Greta YorshEran YahavMartin Vechev IBM Research. { ……………… …… …………………. ……………………. ………………………… } P1() Challenge: Correct and Efficient Synchronization { ……………………………

Published byEdwin Tolbert Modified over 9 years ago

Similar presentations

Presentation on theme: "Greta YorshEran YahavMartin Vechev IBM Research. { ……………… …… …………………. ……………………. ………………………… } P1() Challenge: Correct and Efficient Synchronization { ……………………………"— Presentation transcript:

1 Greta YorshEran YahavMartin Vechev IBM Research

2 { ……………… …… …………………. ……………………. ………………………… } P1() Challenge: Correct and Efficient Synchronization { …………………………… ……………………. … } P2() atomic { ………………….. …… ……………………. ……………… …………………… } P3() atomic Safety Specification: S

3 Challenge: Correct and Efficient Synchronization { ……………… …… …………………. ……………………. ………………………… } P1() { …………………………… ……………………. … } P2() { ………………….. …… ……………………. ……………… …………………… } P3() Safety Specification: S

4 Challenge  Assumption: serial executions satisfy the specification  Find minimal synchronization that makes the program satisfy the specification  Avoid all bad interleaving while permitting as many good interleavings as possible  Handle infinite-state programs

5 Our Approach  Synthesis of synchronization via abstract interpretation  Compute over-approximation of all possible program executions  Add minimal atomics to avoid (over approximation of) bad interleavings  Interplay between abstraction and synchronization  Finer abstraction may enable finer synchronization  Coarse synchronization may enable coarser abstraction

6 Change the abstraction to match the program Standard Approach: Abstraction Refinement program specification Abstract counter example abstraction Abstraction Refinement  Abstract counter example Verify Valid

7 program specification Abstract counter example abstraction Abstraction Refinement Change the program to match the abstraction   Verify Our Approach: Abstraction-Guided Synthesis Program Restriction Implement P’ Abstract counter example

8 AGS Algorithm – High Level  = true while(  P        S) { select   (  P       ) and   S if (?) {  =   avoid(  ) } else {  = refine( ,  ) } return implement(P,  ) Input: Program P, Specification S, Abstraction  Output: Program P’ satisfying S under 

9 Avoiding an interleaving  By adding atomicity constraints  Atomicity predicate [l1,l2] – no context switch allowed between execution of statements at l1 and l2  avoid(  )  A disjunction of all possible atomicity predicates that would prevent   Example   = A 1 B 1 A 2 B 2  avoid(  ) = [A 1,A 2 ]  [B 1,B 2 ]  (abuse of notation)

10 Example T1 1: x += z 2: x += z T2 1: z++ 2: z++ T3 1: y1 = f(x) 2: y2 = x 3: assert(y1 != y2) f(x) { if (x == 1) return 3 else if (x == 2) return 6 else return 5 }

11 Example: Parity Abstraction 023 1 2 3 4 5 4 6 y2 y1 1 Concrete values 023 1 2 3 4 5 4 6 y2 y1 1 Parity abstraction (even/odd)

12 Example: Avoiding Bad Interleavings  = true while(  P        S) { select   (  P       ) and   S if (?) {  =   avoid(  ) } else {  = refine( ,  ) } return implement(P,  ) avoid(  1 ) = [z++,z++]  = [z++,z++]  = true

13 Example: Avoiding Bad Interleavings  = true while(  P        S) { select   (  P       ) and   S if (?) {  =   avoid(  ) } else {  = refine( ,  ) } return implement(P,  ) avoid(  2 ) =[x+=z,x+=z]  = [z++,z++]  = [z++,z++]  [x+=z,x+=z]

14 Example: Avoiding Bad Interleavings  = true while(  P        S) { select   (  P       ) and   S if (?) {  =   avoid(  ) } else {  = refine( ,  ) } return implement(P,  ) T1 1: x += z 2: x += z T2 1: z++ 2: z++ T3 1: y1 = f(x) 2: y2 = x 3: assert(y1 != y2)  = [z++,z++]  [x+=z,x+=z]

15 023 1 2 3 4 5 4 6 y2 y1 1 parity 0123 1 2 3 4 5 4 6 0123 1 2 3 4 5 4 6  parity x+=z; x+=z z++; y1=f(x) y2=x assert y1!= y2 T1 T2 T3 x+=z; x+=z z++; y1=f(x) y2=x assert y1!= y2 T1 T2 T3 x+=z; x+=z z++; y1=f(x) y2=x assert y1!= y2 T1 T2 T3 Example: Avoiding Bad Interleavings But we can also refine the abstraction…

16 023 1 2 3 4 5 4 6 y2 y1 1 0123 1 2 3 4 5 4 6 0123 1 2 3 4 5 4 6 parity interval octagon 0123 1 2 3 4 5 4 6 0123 1 2 3 4 5 4 6 0123 1 2 3 4 5 4 6 0123 1 2 3 4 5 4 6     (a)(b) (c) (d)(e) (f)(g) parity interval octagon x+=z; x+=z z++; y1=f(x) y2=x assert y1!= y2 T1 T2 T3 x+=z; x+=z z++; y1=f(x) y2=x assert y1!= y2 T1 T2 T3 x+=z; x+=z z++; y1=f(x) y2=x assert y1!= y2 T1 T2 T3 x+=z; x+=z z++; y1=f(x) y2=x assert y1!= y2 T1 T2 T3 x+=z; x+=z z++; y1=f(x) y2=x assert y1!= y2 T1 T2 T3 x+=z; x+=z z++; y1=f(x) y2=x assert y1!= y2 T1 T2 T3 x+=z; x+=z z++; y1=f(x) y2=x assert y1!= y2 T1 T2 T3

17 Quantitative Synthesis  Performance: smallest atomic sections  Interval abstraction for our example produces the atomicity constraint: ([x+=z,x+=z] ∨ [z++,z++]) ∧ ([y1=f(x),y2=x] ∨ [x+=z,x+=z] ∨ [z++,z++])  Minimal satisfying assignments   1 = [z++,z++]   2 = [x+=z,x+=z]

18 Backward Exploration of Invalid Interleavings. Using  to prune non-feasible interleavings. Order of selection might matter AGS Algorithm – More Details  = true while(  P        S) { select   (  P       ) and   S if (?) {  =   avoid(  ) } else {  = refine( ,  ) } return implement(P,  ) Input: Program P, Specification S, Abstraction  Output: Program P’ satisfying S under  Forward Abstract Interpretation, taking  into account for pruning non-feasible interleavings Choosing between Abstraction Refinement / Program Restricton. -Refinement not always possible - avoidance not always possible (e.g., serial interleaving) - may try and backtrack Up to this point did not commit to an implementation mechanism

19 Implementability  No program transformations (e.g., loop unrolling)  Memoryless strategy T1 1: while(*) { 2: x++ 3: x++ 4: } T2 1: assert (x != 1)  Separation between schedule constraints and how they are realized  Can realize in program: atomic sections, locks,…  Can realize in scheduler: benevolent scheduler

20 Examples Intuition  If can show disjoint access can avoid synchronization  Requires abstractions rich enough to capture access pattern to shared data Parity Intervals

21 Example: “Double Buffering” fill() { L1:if (i < N) { L2:Im[Fill][i] = read(); L3: i += 1; L4: goto L1; } L5: Fill ˆ= 1; L6: Render ˆ= 1; L7: i = 0; L8: goto L1; } render() { L1:if (j < N) { L2: write(Im[Render][j]); L3: j += 1; L4: goto L1; } L5: j = 0; L6: goto 1; } int Fill = 1; int Render = 0; int i = j = 0; main() { fill() || render(); } Render Fill

22 Experimental Results  Simplified versions of  Double buffering  Defragmentation  … ProgramRefine StepsAvoid Steps Double buffering12 Defragmentation18 3D array update223 Array Removal117 Array Init156

23 Summary  An algorithm for Abstraction-Guided Synthesis  Synthesize efficient and correct synchronization  Refine the abstraction and/or restrict program behavior  Interplay between abstraction and syncrhonization  Quantitative Synthesis  Separate characterization of solution from choosing optimal solutions (e.g., smallest atomic sections)  Handles infinite-state systems  Based on abstract interpretation  In the near future – more abstract domains…

24 Invited Questions 1. Why atomic sections? 2. Why not start from the most constrained program and work downwards (relaxing constraints)? 3. Can’t you solve the problem purely by brute force search of all atomic section placements? 4. Why use only a single CEX at a time? Could use information about the whole (abstract) transition system? 5. Is this related to supervisor synthesis?

Download ppt "Greta YorshEran YahavMartin Vechev IBM Research. { ……………… …… …………………. ……………………. ………………………… } P1() Challenge: Correct and Efficient Synchronization { ……………………………"

Similar presentations

Abstraction of Source Code (from Bandera lectures and talks)

Abstraction of Source Code (from Bandera lectures and talks)
Introduction to Formal Methods for SW and HW Development 09: SAT Based Abstraction/Refinement in Model-Checking Roberto Sebastiani Based on work and slides.

Introduction to Formal Methods for SW and HW Development 09: SAT Based Abstraction/Refinement in Model-Checking Roberto Sebastiani Based on work and slides.
Greta YorshEran YahavMartin Vechev IBM Research. { ……………… …… …………………. ……………………. ………………………… } T1() Challenge: Correct and Efficient Synchronization { ……………………………

Greta YorshEran YahavMartin Vechev IBM Research. { ……………… …… …………………. ……………………. ………………………… } T1() Challenge: Correct and Efficient Synchronization { ……………………………
SAT Based Abstraction/Refinement in Model-Checking Based on work by E. Clarke, A. Gupta, J. Kukula, O. Strichman (CAV’02)

SAT Based Abstraction/Refinement in Model-Checking Based on work by E. Clarke, A. Gupta, J. Kukula, O. Strichman (CAV’02)
Introducing Formal Methods, Module 1, Version 1.1, Oct., 1998 1 Formal Specification and Analytical Verification L 5.

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.
Compilation 2011 Static Analysis Johnni Winther Michael I. Schwartzbach Aarhus University.

Compilation 2011 Static Analysis Johnni Winther Michael I. Schwartzbach Aarhus University.
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
“FENDER” AUTOMATIC MEMORY FENCE INFERENCE Presented by Michael Kuperstein, Technion Joint work with Martin Vechev and Eran Yahav, IBM Research 1.

“FENDER” AUTOMATIC MEMORY FENCE INFERENCE Presented by Michael Kuperstein, Technion Joint work with Martin Vechev and Eran Yahav, IBM Research 1.
Ch. 7 Process Synchronization (1/2) 2015-04-17. 7.I Background F Producer - Consumer process :  Compiler, Assembler, Loader, · · · · · · F Bounded buffer.

Ch. 7 Process Synchronization (1/2) I Background F Producer - Consumer process :  Compiler, Assembler, Loader, · · · · · · F Bounded buffer.
1 Eran Yahav Technion Joint work with Martin Vechev (ETH), Greta Yorsh (ARM), Michael Kuperstein (Technion), Veselin Raychev (ETH)

1 Eran Yahav Technion Joint work with Martin Vechev (ETH), Greta Yorsh (ARM), Michael Kuperstein (Technion), Veselin Raychev (ETH)
Silberschatz, Galvin and Gagne ©2013 Operating System Concepts – 9 th Edition Chapter 5: Process Synchronization.

Silberschatz, Galvin and Gagne ©2013 Operating System Concepts – 9 th Edition Chapter 5: Process Synchronization.
Rigorous Software Development CSCI-GA 3033-011 Instructor: Thomas Wies Spring 2012 Lecture 13.

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 13.
CS216: Program and Data Representation University of Virginia Computer Science Spring 2006 David Evans Lecture 7: Greedy Algorithms

CS216: Program and Data Representation University of Virginia Computer Science Spring 2006 David Evans Lecture 7: Greedy Algorithms
Fall 20021 Semantics Juan Carlos Guzmán CS 3123 Programming Languages Concepts Southern Polytechnic State University.

Fall Semantics Juan Carlos Guzmán CS 3123 Programming Languages Concepts Southern Polytechnic State University.
Martin Vechev IBM Research Michael Kuperstein Technion Eran Yahav Technion (FMCAD’10, PLDI’11) 1.

Martin Vechev IBM Research Michael Kuperstein Technion Eran Yahav Technion (FMCAD’10, PLDI’11) 1.
Inferring Synchronization under Limited Observability Martin Vechev Eran Yahav Greta Yorsh IBM T.J. Watson Research Center.

Inferring Synchronization under Limited Observability Martin Vechev Eran Yahav Greta Yorsh IBM T.J. Watson Research Center.
Plan for today Proof-system search ( ` ) Interpretation search ( ² ) Quantifiers Equality Decision procedures Induction Cross-cutting aspectsMain search.

Plan for today Proof-system search ( ` ) Interpretation search ( ² ) Quantifiers Equality Decision procedures Induction Cross-cutting aspectsMain search.
1 Lecture 09 – Synthesis of Synchronization Eran Yahav.

1 Lecture 09 – Synthesis of Synchronization Eran Yahav.
Chapter 2: Algorithm Discovery and Design

Chapter 2: Algorithm Discovery and Design
Synthesis of Interface Specifications for Java Classes Rajeev Alur University of Pennsylvania Joint work with P. Cerny, G. Gupta, P. Madhusudan, W. Nam,

Synthesis of Interface Specifications for Java Classes Rajeev Alur University of Pennsylvania Joint work with P. Cerny, G. Gupta, P. Madhusudan, W. Nam,

Similar presentations

Ads by Google