TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: A A A AAA A A A AA A Proving that non-blocking algorithms don't block.

Slides:



Advertisements
Similar presentations
Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.
Advertisements

Partially Disjunctive Shape Analysis Josh Berdine Byron Cook MSR Cambridge Tal Lev-Ami Roman Manevich Mooly Sagiv Ran Shaham Tel Aviv University Ganesan.
1 Data Link Protocols By Erik Reeber. 2 Goals Use SPIN to model-check successively more complex protocols Using the protocols in Tannenbaums 3 rd Edition.
Shape Analysis for Fine-Grained Concurrency using Thread Quantification Josh Berdine Microsoft Research Joint work with: Tal Lev-Ami, Roman Manevich, Mooly.
Fast and Lock-Free Concurrent Priority Queues for Multi-Thread Systems Håkan Sundell Philippas Tsigas.
Wait-Free Linked-Lists Shahar Timnat, Anastasia Braginsky, Alex Kogan, Erez Petrank Technion, Israel Presented by Shahar Timnat 469-+
Hongjin Liang and Xinyu Feng
Refinement Verification of Concurrent Programs and Its Applications Hongjin Liang Univ. of Science and Technology of China Advisors: Xinyu Feng and Zhong.
© 2009 Microsoft Corporation. All rights reserved. Automatic Verification of Heap Manipulation using Separation Logic Josh Berdine with thanks to Byron.
SPEED: Precise & Efficient Static Estimation of Symbolic Computational Complexity Sumit Gulwani MSR Redmond TexPoint fonts used in EMF. Read the TexPoint.
50.530: Software Engineering Sun Jun SUTD. Week 13: Rely-Guarantee Reasoning.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
Architecture-aware Analysis of Concurrent Software Rajeev Alur University of Pennsylvania Amir Pnueli Memorial Symposium New York University, May 2010.
Topic 10 Java Memory Management. 1-2 Memory Allocation in Java When a program is being executed, separate areas of memory are allocated for each class.
Heap Decomposition for Concurrent Shape Analysis R. Manevich T. Lev-Ami M. Sagiv Tel Aviv University G. Ramalingam MSR India J. Berdine MSR Cambridge Dagstuhl.
Automated Verification with HIP and SLEEK Asankhaya Sharma.
Reduction, abstraction, and atomicity: How much can we prove about concurrent programs using them? Serdar Tasiran Koç University Istanbul, Turkey Tayfun.
“FENDER” AUTOMATIC MEMORY FENCE INFERENCE Presented by Michael Kuperstein, Technion Joint work with Martin Vechev and Eran Yahav, IBM Research 1.
1 1 Regression Verification for Multi-Threaded Programs Sagar Chaki, SEI-Pittsburgh Arie Gurfinkel, SEI-Pittsburgh Ofer Strichman, Technion-Haifa Originally.
A Rely-Guarantee-Based Simulation for Verifying Concurrent Program Transformations Hongjin Liang, Xinyu Feng & Ming Fu Univ. of Science and Technology.
A simple sequential reasoning approach for sound modular verification of mainstream multithreaded programs Wolfram Schulte & Bart Jacobs Microsoft Research.
1 Symbolic Execution for Model Checking and Testing Corina Păsăreanu (Kestrel) Joint work with Sarfraz Khurshid (MIT) and Willem Visser (RIACS)
Chair of Software Engineering The alias calculus Bertrand Meyer ITMO Software Engineering Seminar June 2011.
Maged M. Michael, “Hazard Pointers: Safe Memory Reclamation for Lock- Free Objects” Presentation Robert T. Bauer.
Scalable Synchronous Queues By William N. Scherer III, Doug Lea, and Michael L. Scott Presented by Ran Isenberg.
Factorial Recursion stack Binary Search Towers of Hanoi
1 Operational Semantics Mooly Sagiv Tel Aviv University Textbook: Semantics with Applications.
Counterexample-Guided Focus TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: AAA A A A AA A A Thomas Wies Institute of.
Comparison Under Abstraction for Verifying Linearizability Daphna Amit Noam Rinetzky Mooly Sagiv Tom RepsEran Yahav Tel Aviv UniversityUniversity of Wisconsin.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved. Who’s Afraid of a Big Bad Lock Nir Shavit Sun Labs at Oracle Joint work with Danny.
1 Hardware synthesis 2.0 Byron Cook and Satnam Singh with Ashutosh Gupta, Stephen Magill, Andrey Rybalchenko, Jiri Simsa, and Viktor Vafeiadis TexPoint.
Compositional Verification of Termination-Preserving Refinement of Concurrent Programs Hongjin Liang Univ. of Science and Technology of China (USTC) Joint.
Thread Quantification for Concurrent Shape Analysis Josh BerdineMSR Cambridge Tal Lev-AmiTel Aviv University Roman ManevichTel Aviv University Mooly Sagiv.
VMCAI / POPL 2009 Spy Report. Topics of Interest (I) Semantics of concurrent programs – Programming languages & abstractions – Transactional memory (TM)
224 3/30/98 CSE 143 Recursion [Sections 6.1, ]
November 15, 2007 A Java Implementation of a Lock- Free Concurrent Priority Queue Bart Verzijlenberg.
INTRODUCTION TO DATA STRUCTURES. INTRODUCTION A data structure is nothing but an arrangement of data either in computer's memory or on the disk storage.
Formal verification of skiplist algorithms Student: Trinh Cong Quy Supervisor: Bengt Jonsson Reviewer: Parosh Abdulla.
1 MSR/Cambridge Formal Verification Overview Byron Cook Microsoft Research, Cambridge.
November 27, 2007 Verification of a Concurrent Priority Queue Bart Verzijlenberg.
2005MEE Software Engineering Lecture 7 –Stacks, Queues.
Operational Semantics Mooly Sagiv Tel Aviv University Textbook: Semantics with Applications Chapter.
1 Proving program termination Lecture 5 · February 4 th, 2008 TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: A.
Adaptive Shape Analysis Thomas Wies joint work with Josh Berdine Cristiano Calcagno TexPoint fonts used in EMF. Read the TexPoint manual before you delete.
Hazard Pointers: Safe Memory Reclamation for Lock-Free Objects MAGED M. MICHAEL PRESENTED BY NURIT MOSCOVICI ADVANCED TOPICS IN CONCURRENT PROGRAMMING,
Scalable lock-free Stack Algorithm Wael Yehia York University February 8, 2010.
Operational Semantics Mooly Sagiv Tel Aviv University Sunday Scrieber 8 Monday Schrieber.
Distributed Algorithms (22903) Lecturer: Danny Hendler Lock-free stack algorithms.
CSC 143 P 1 CSC 143 Recursion [Chapter 5]. CSC 143 P 2 Recursion  A recursive definition is one which is defined in terms of itself  Example:  Compound.
Week 15 – Monday.  What did we talk about last time?  Tries.
CSE 1342 Programming Concepts
Lectures linked lists Chapter 6 of textbook
Joint work with Yong Li, Xinyu Feng, Zhong Shao and Yu Zhang
Distributed Algorithms (22903)
State your reasons or how to keep proofs while optimizing code
Expander: Lock-free Cache for a Concurrent Data Structure
CS510 Concurrent Systems Jonathan Walpole.
Distributed Algorithms (22903)
Hongjin Liang, Xinyu Feng & Ming Fu
Non-blocking data structures and transactional memory
Stacks Linked Lists Queues Heaps Hashes
Distributed Algorithms (22903)
A Data Structure Bestiary
CS510 Concurrent Systems Jonathan Walpole.
A Data Structure Bestiary
Scalable lock-free Stack Algorithm
Multicore programming
Multicore programming
CS510 Advanced Topics in Concurrency
CS510 Concurrent Systems Jonathan Walpole.
Presentation transcript:

TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: A A A AAA A A A AA A Proving that non-blocking algorithms don't block Alexey Gotsman University of Cambridge Joint work with Byron Cook, Matthew Parkinson, and Viktor Vafeiadis

Proving that non-blocking algorithms don't block  Automatically proving liveness properties of non- blocking concurrent algorithms  Stay awake: nice links between programming, logic, and automatic verification  Pick a class of programs  Pick an appropriate logic  Observe that proofs are simple and follow the same pattern  Infer proofs automatically  Best of both worlds: automatic tool + understanding of the algorithms

Coarse-grained locking Top Inefficient as only one thread operates on the list at a time NULL

Non-blocking concurrency  Multiple threads operating on the data structure at the same time  Typical programming idiom:... L:read from a part of the data structure do some work on the results try to change the data structure if interference is detected go to L...

Non-blocking concurrency  Stacks, queues, skip lists, hash tables, etc.  Used in practice: e.g., java.util.concurrent  Complicated and hard to get right  Formal verification:  Safety properties  [Yahav , Calcagno , Amit , Manevich , Vafeiadis 2009]  Termination ?

Non-blocking concurrency: Treiber's stack Top NULL void push(data_t v) { Node *t, *x; x = new Node(); x->val = v; do { t = Top; x->next = t; } while(!CAS(&Top,t,x)); } data_t pop() { Node *t, *x; do { t = Top; if (t == NULL) return EMPTY; x = t->next; } while(!CAS(&Top,t,x)); return t->val; } struct Node { Node *next; data_t val; } *Top;

Treiber's non-blocking stack: termination void push(data_t v) { Node *t, *x; x = new Node(); x->val = v; do { t = Top; x->next = t; } while(!CAS(&Top,t,x)); } data_t pop() { Node *t, *x; do { t = Top; if (t == NULL) return EMPTY; x = t->next; } while(!CAS(&Top,t,x)); return t->val; } struct Node { Node *next; data_t val; } *Top;  push or pop may not terminate if other threads continually modify Top  However: some operation will always terminate  This talk: logic & tool for proving lock-freedom lock-freedom

From lock-freedom to termination

Lock-freedom of Treiber's stack Push or Id Shared state Rely/guarantee + separation logic for safety [Vafeiadis-Parkinson 2007] void push(data_t v) { Node *t, *x; x = new Node(); x->val = v; do { t = Top; x->next = t; } while(!CAS(&Top,t,x)); } data_t pop() { Node *t, *x; do { t = Top; if (t == NULL) return EMPTY; x = t->next; } while(!CAS(&Top,t,x)); return t->val; } struct Node { Node *next; data_t val; } *Top; Pop or Id

Lock-freedom of Treiber's stack Push or Id void push(data_t v) { Node *t, *x; x = new Node(); x->val = v; do { t = Top; x->next = t; } while(!CAS(&Top,t,x)); } data_t pop() { Node *t, *x; do { t = Top; if (t == NULL) return EMPTY; x = t->next; } while(!CAS(&Top,t,x)); return t->val; } struct Node { Node *next; data_t val; } *Top; Pop or Id

Lock-freedom of Treiber's stack  The do loops terminate if no-one else executes Push or Pop infinitely often  No-one executes Push or Pop infinitely often  Hence, push and pop terminate Push or Id data_t pop() { Node *t, *x; do { t = Top; if (t == NULL) return EMPTY; x = t->next; } while(!CAS(&Top,t,x)); return t->val; } void push(data_t v) { Node *t, *x; x = new Node(); x->val = v; do { t = Top; x->next = t; } while(!CAS(&Top,t,x)); } struct Node { Node *next; data_t val; } *Top; Pop or Id

Layered proof “I execute only Push, Pop, or Id” “I don’t execute Push or Pop infinitely often” “I terminate” “I execute only Push, Pop, or Id”

Layered proof Formalised in a logic for liveness and heaps Guarantees of the form

 Run the safety checker:  Iteratively eliminate actions: Proof search strategy    Proof valid for an arbitrary number of threads

Case studies  Treiber's stack [Treiber 1986]  HSY stack [Hendler ]  Non-blocking queue [Michael, Scott 1996]  Linked list [Michael 2002]  RDCSS [Harris ]

Conclusion  Automatic method with proofs reflecting algorithm structure  Hope the general approach can be reused  Lock-based lock-free algorithms require more complex environment assumptions

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.