effective abstractions for verification under relaxed
play

Effective Abstractions for Verification under Relaxed Memory Models - PowerPoint PPT Presentation

Oct 23, 2023 •177 likes •855 views

Effective Abstractions for Verification under Relaxed Memory Models Andrei Dan Yuri Meshman Martin Vechev Eran Yahav ETH Zurich Technion ETH Zurich Technion 1 Dekkers Algorithm initial: flag[0] = false, flag[1] = false, turn = 0

  1. Effective Abstractions for Verification under Relaxed Memory Models Andrei Dan Yuri Meshman Martin Vechev Eran Yahav ETH Zurich Technion ETH Zurich Technion 1

  2. Dekker’s Algorithm initial: flag[0] = false, flag[1] = false, turn = 0 Thread 1: Thread 0: flag[1] := true flag[0] := true while (flag[1] = true) while (flag[0] = true) if (turn ≠ 0) if (turn ≠ 1) flag[0] := false flag[1] := false while (turn ≠ 0) { } while (turn ≠ 1) { } flag[0] := true flag[1] := true /* Critical Section */ /* Critical Section */ Spec : mutual exclusion over Critical Section 2

  3. Sequential Consistency Dekker’s Algorithm initial: flag[0] = false, flag[1] = false, turn = 0 Thread 1: Thread 0: flag[1] := true flag[0] := true while (flag[1] = true) while (flag[0] = true) if (turn ≠ 0) if (turn ≠ 1) flag[0] := false flag[1] := false while (turn ≠ 0) { } while (turn ≠ 1) { } flag[0] := true flag[1] := true /* Critical Section */ /* Critical Section */ Spec : mutual exclusion over Critical Section 2

  4. Sequential Consistency Dekker’s Algorithm initial: flag[0] = false, flag[1] = false, turn = 0 Thread 1: Thread 0: flag[1] := true flag[0] := true while (flag[1] = true) while (flag[0] = true) if (turn ≠ 0) if (turn ≠ 1) flag[0] := false flag[1] := false while (turn ≠ 0) { } while (turn ≠ 1) { } flag[0] := true flag[1] := true /* Critical Section */ /* Critical Section */ Spec : mutual exclusion over Critical Section 2

  5. Sequential Consistency Dekker’s Algorithm Relaxed Model x86 TSO initial: flag[0] = false, flag[1] = false, turn = 0 Thread 1: Thread 0: flag[1] := true flag[0] := true while (flag[1] = true) while (flag[0] = true) if (turn ≠ 0) if (turn ≠ 1) flag[0] := false flag[1] := false while (turn ≠ 0) { } while (turn ≠ 1) { } flag[0] := true flag[1] := true /* Critical Section */ /* Critical Section */ Spec : mutual exclusion over Critical Section 2

  6. Sequential Consistency Dekker’s Algorithm Relaxed Model x86 TSO initial: flag[0] = false, flag[1] = false, turn = 0 Thread 1: Thread 0: flag[1] := true flag[0] := true while (flag[1] = true) while (flag[0] = true) if (turn ≠ 0) if (turn ≠ 1) flag[0] := false flag[1] := false while (turn ≠ 0) { } while (turn ≠ 1) { } flag[0] := true flag[1] := true /* Critical Section */ /* Critical Section */ Spec : mutual exclusion over Critical Section 2

  7. Sequential Consistency Dekker’s Algorithm Relaxed Model x86 TSO initial: flag[0] = false, flag[1] = false, turn = 0 Thread 1: Thread 0: flag[1] := true flag[0] := true while (flag[1] = true) while (flag[0] = true) if (turn ≠ 0) if (turn ≠ 1) flag[0] := false flag[1] := false while (turn ≠ 0) { } while (turn ≠ 1) { } flag[0] := true flag[1] := true /* Critical Section */ /* Critical Section */ Spec : mutual exclusion over Critical Section 2

  8. Correct Dekker’s Algorithm Relaxed Model x86 TSO initial: flag[0] = false, flag[1] = false, turn = 0 Thread 1: Thread 0: flag[1] := true flag[0] := true fence fence while (flag[1] = true) while (flag[0] = true) if (turn ≠ 0) if (turn ≠ 1) flag[0] := false flag[1] := false while (turn ≠ 0) { } while (turn ≠ 1) { } flag[0] := true flag[1] := true fence fence /* Critical Section */ /* Critical Section */ Spec : mutual exclusion over Critical Section 3

  9. Correct Dekker’s Algorithm Relaxed Model x86 TSO initial: flag[0] = false, flag[1] = false, turn = 0 Thread 1: Thread 0: flag[1] := true flag[0] := true fence fence while (flag[1] = true) while (flag[0] = true) if (turn ≠ 0) if (turn ≠ 1) flag[0] := false flag[1] := false while (turn ≠ 0) { } while (turn ≠ 1) { } flag[0] := true flag[1] := true fence fence /* Critical Section */ /* Critical Section */ Spec : mutual exclusion over Critical Section 3

  10. This work Concurrent Program P Memory Model M Specification S

  11. This work Concurrent Program P Source-to-source Concurrent translation Program P M Memory Model M Specification S

  12. This work Concurrent Program P Source-to-source Concurrent translation Program P M Memory Model M Abstract interpreter Program for sequential invariants consistency Specification S

  13. This work Concurrent Program P Source-to-source Concurrent translation Program P M Memory Model M Abstract interpreter Program for sequential invariants consistency Specification SMT Solver S

  14. This work Abstraction-aware translation Concurrent Program P Source-to-source Concurrent translation Program P M Memory Model M Abstract interpreter Program for sequential invariants consistency Specification SMT Solver S

  15. Talk outline Direct translation [SAS ‘14] Abstraction-aware translation: 1. Leverage more refined abstract domain 2. Buffer semantics without shifting [Abstraction] Evaluation 5

  16. Direct translation for x86 TSO [SAS ‘14] Thread 0: Write Buffer 0: Shared Memory: X := 1 X = 0 a := X Y = 0 Y := a + 1 X := a – 1 fence 6

  17. Direct translation for x86 TSO [SAS ‘14] Thread 0: Write Buffer 0: Shared Memory: X := 1 X := 1 X = 0 a := X Y = 0 Y := a + 1 X := a – 1 fence 7

  18. Direct translation for x86 TSO [SAS ‘14] Thread 0: Write Buffer 0: Shared Memory: X := 1 X := 1 X = 0 a := X Y = 0 Y := a + 1 X := a – 1 fence lhs 1 := ‘ X ’; rhs 1 := 1; translated to X := 1 cnt := cnt + 1 Introduce 2 local variables in Thread 0 to encode each location of the finite buffer. Introduce a variable cnt. It represents the number of elements in the buffer: {0 .. k}. 7

  19. Direct translation for x86 TSO [SAS ‘14] Thread 0: Write Buffer 0: Shared Memory: X := 1 X := 1 X = 0 a := X Y = 0 Y := a + 1 X := a – 1 fence 8

  20. Direct translation for x86 TSO [SAS ‘14] Thread 0: Write Buffer 0: Shared Memory: X := 1 X := 1 X = 0 a := X Y = 0 Y := a + 1 X := a – 1 fence Establish a limit k for the size of the buffers for each thread. For example k = 3. Sound abstraction. 8

  21. Direct translation for x86 TSO [SAS ‘14] Thread 0: Write Buffer 0: Shared Memory: X := 1 X := 1 X = 0 a := X Y = 0 Y := a + 1 X := a – 1 fence 9

  22. Direct translation for x86 TSO [SAS ‘14] Thread 0: Write Buffer 0: Shared Memory: X := 1 X := 1 X = 0 Flush a := X Y = 0 Flush Y := a + 1 Flush X := a – 1 Flush fence 9

  23. Direct translation for x86 TSO [SAS ‘14] Thread 0: Write Buffer 0: Shared Memory: X := 1 X := 1 X = 0 a := X Y = 0 Y := a + 1 X := a – 1 fence 10

  24. Direct translation for x86 TSO [SAS ‘14] Thread 0: Write Buffer 0: Shared Memory: X := 1 X := 1 X = 0 a := X Y = 0 Y := a + 1 X := a – 1 fence while (cnt > 0 ∧ random) do if (lhs 1 = ‘ X ’) then X := rhs 1 ; translated to Flush if (lhs 1 = ‘ Y ’) then Y := rhs 1 ; cnt := cnt – 1 10

  25. Direct translation for x86 TSO [SAS ‘14] Thread 0: Write Buffer 0: Shared Memory: X := 1 X := 1 X = 0 a := X Y = 0 Y := a + 1 X := a – 1 fence 11

  26. Direct translation for x86 TSO [SAS ‘14] Thread 0: Write Buffer 0: Shared Memory: X := 1 X := 1 X = 0 a := X Y = 0 Y := a + 1 X := a – 1 fence if (cnt ≥ 1 ∧ lhs 1 = ‘ X ’) then a := rhs 1 ; translated to a := X else a := X; 11

  27. Analysis with the direct translation Original program: Direct Translation: Numerical abstract interpretation: lhs 1 := ‘ X ’; rhs 1 := 1; translated to X := 1 cnt := cnt + 1 while (cnt > 0 ∧ random) do if (lhs 1 = ‘ X ’) then X := rhs 1 ; translated to Flush if (lhs 1 = ‘ Y ’) then Y := rhs 1 ; cnt := cnt – 1 if (cnt ≥ 1 ∧ lhs 1 = ‘ X ’) then a := rhs 1 ; translated to a := X else a := X; 12

  28. Analysis with the direct translation Original program: Direct Translation: Numerical abstract interpretation: lhs 1 := ‘ X ’; rhs 1 := 1; translated to X := 1 lhs 1 = ‘X’ ∧ rhs 1 = 1 ∧ cnt = 1 ∧ cnt := cnt + 1 X = 0 while (cnt > 0 ∧ random) do if (lhs 1 = ‘ X ’) then X := rhs 1 ; translated to Flush if (lhs 1 = ‘ Y ’) then Y := rhs 1 ; cnt := cnt – 1 if (cnt ≥ 1 ∧ lhs 1 = ‘ X ’) then a := rhs 1 ; translated to a := X else a := X; 12

  29. Analysis with the direct translation Original program: Direct Translation: Numerical abstract interpretation: lhs 1 := ‘ X ’; rhs 1 := 1; translated to X := 1 lhs 1 = ‘X’ ∧ rhs 1 = 1 ∧ cnt = 1 ∧ cnt := cnt + 1 X = 0 while (cnt > 0 ∧ random) do if (lhs 1 = ‘ X ’) then X := rhs 1 ; translated to Flush if (lhs 1 = ‘ Y ’) then Y := rhs 1 ; lhs 1 = ‘X’ ∧ rhs 1 = 1 ∧ cnt = [0, 1] cnt := cnt – 1 ∧ X = [0, 1] if (cnt ≥ 1 ∧ lhs 1 = ‘ X ’) then a := rhs 1 ; translated to a := X else a := X; 12

  30. Analysis with the direct translation Original program: Direct Translation: Numerical abstract interpretation: lhs 1 := ‘ X ’; rhs 1 := 1; translated to X := 1 lhs 1 = ‘X’ ∧ rhs 1 = 1 ∧ cnt = 1 ∧ cnt := cnt + 1 X = 0 while (cnt > 0 ∧ random) do if (lhs 1 = ‘ X ’) then X := rhs 1 ; translated to Flush if (lhs 1 = ‘ Y ’) then Y := rhs 1 ; lhs 1 = ‘X’ ∧ rhs 1 = 1 ∧ cnt = [0, 1] cnt := cnt – 1 ∧ X = [0, 1] if (cnt ≥ 1 ∧ lhs 1 = ‘ X ’) then a := rhs 1 ; translated to a := X else a := X; lhs 1 = ‘X’ ∧ rhs 1 = 1 ∧ cnt = [0, 1] ∧ X = [0, 1] ∧ a = [0, 1] 12

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Relaxed Separation Logic Tutorial @ POPL14 Viktor Vafeiadis MPI-SWS 20 January 2014

Relaxed Separation Logic Tutorial @ POPL14 Viktor Vafeiadis MPI-SWS 20 January 2014

Relaxed Separation Logic Tutorial @ POPL14 Viktor Vafeiadis MPI-SWS 20 January 2014 Tutorial outline Part I. Weak memory models 1. Introduction to relaxed concurrency 2. The C11 relaxed memory model Part II. Relaxed program logics 3.

699 views • 34 slides
Lazy abstractions for timed automata F. Herbreteau 1 , B. Srivathsan 2 , I. Walukiewicz 1 LaBRI,

Lazy abstractions for timed automata F. Herbreteau 1 , B. Srivathsan 2 , I. Walukiewicz 1 LaBRI,

Lazy abstractions for timed automata F. Herbreteau 1 , B. Srivathsan 2 , I. Walukiewicz 1 LaBRI, Universit e Bordeaux 1 Software modeling and verification group, RWTH-Aachen MOVES Seminar, March 2013 Lazy abstractions for timed automata -

609 views • 60 slides
5th STL Workshop, June 2005 Title: Relaxed weak queues: an alternative to run-relaxed heaps

5th STL Workshop, June 2005 Title: Relaxed weak queues: an alternative to run-relaxed heaps

5th STL Workshop, June 2005 Title: Relaxed weak queues: an alternative to run-relaxed heaps Speaker: Jyrki Katajainen Co-workers: Amr Elmasry and Claus Jensen These slides as well as the underlying paper are available at

262 views • 22 slides
Automatically Deriving Abstraction Heuristics PDB Abstractions Explicit-State Abstractions

Automatically Deriving Abstraction Heuristics PDB Abstractions Explicit-State Abstractions

Transition Systems and Abstractions Automatically Deriving Abstraction Heuristics PDB Abstractions Explicit-State Abstractions Conclusion Malte Helmert Albert-Ludwigs-Universit at Freiburg, Germany STAIR 2008 About This Talk

870 views • 43 slides
Relaxed memory concurrency and verified compilation Viktor Vafeiadis Max Planck Institute for

Relaxed memory concurrency and verified compilation Viktor Vafeiadis Max Planck Institute for

Relaxed memory concurrency and verified compilation Viktor Vafeiadis Max Planck Institute for Software Systems (MPI-SWS) Full functional verification Method: Come up with a complete specification of the program Prove the program

852 views • 52 slides
Planning and Optimization D2. Abstractions: Additive Abstractions Gabriele R oger and Thomas

Planning and Optimization D2. Abstractions: Additive Abstractions Gabriele R oger and Thomas

Planning and Optimization D2. Abstractions: Additive Abstractions Gabriele R oger and Thomas Keller Universit at Basel October 29, 2018 Multiple Abstractions Additivity Outlook Summary Content of this Course Tasks Progression/

684 views • 31 slides
A solution of A solution of the cusp problem the cusp problem in relaxed halos in relaxed

A solution of A solution of the cusp problem the cusp problem in relaxed halos in relaxed

A solution of A solution of the cusp problem the cusp problem in relaxed halos in relaxed halos E.V. Mikheeva in collaboration with A.G.Doroshkevich and V.N.Lukash Astro Space Centre of P.N.Lebedev Physics Institute Cusp problem: density

398 views • 14 slides
Relaxed memory models No sequential consistency (SC) in chips today Chip designers

Relaxed memory models No sequential consistency (SC) in chips today Chip designers

Dynamic Synthesis for Relaxed Memory Models Feng Liu*, Nayden Nedev*, Nedyalko Prisadnikov , Martin Vechev, Eran Yahav *Princeton University, Sofia University, ETH Zurich, Technion 06/13/2012 PLDI 2012, Beijing Relaxed

410 views • 27 slides
INDEPENDENT VERIFICATION AND CODING VALIDATION (IV & V) FOR APR-DRG Effective September 1,

INDEPENDENT VERIFICATION AND CODING VALIDATION (IV & V) FOR APR-DRG Effective September 1,

INDEPENDENT VERIFICATION AND CODING VALIDATION (IV & V) FOR APR-DRG Effective September 1, 2014 Who are we? eQHealth has a 16 year partnership with Mississippi Division of Medicaid (DOM) as the Utilization Management and Quality

575 views • 35 slides
Effective Word-Level Interpolation for Software Verification Alberto Griggio FBK-IRST

Effective Word-Level Interpolation for Software Verification Alberto Griggio FBK-IRST

FMCAD 2011 Effective Word-Level Interpolation for Software Verification Alberto Griggio FBK-IRST Motivations Craig interpolation applied succesfully for Formal Verification of both hardware and software Ongoing research (at least for

572 views • 41 slides
Scalable and Cost-Effective Model-Based Software Verification and Testing University of

Scalable and Cost-Effective Model-Based Software Verification and Testing University of

Scalable and Cost-Effective Model-Based Software Verification and Testing University of Luxembourg Interdisciplinary Centre for Security, Reliability and Trust Software Verification and Validation Lab (www.svv.lu) May 17th, 2013 University of

1.03k views • 72 slides
Planning and Optimization C2. Delete Relaxation: Finding Relaxed Plans Malte Helmert and Gabriele

Planning and Optimization C2. Delete Relaxation: Finding Relaxed Plans Malte Helmert and Gabriele

Planning and Optimization C2. Delete Relaxation: Finding Relaxed Plans Malte Helmert and Gabriele R oger Universit at Basel October 24, 2016 Greedy Algorithm Optimal Relaxed Plans Discussion Summary Finding Relaxed Plans Using the

714 views • 15 slides
Unified L2 Abstractions for L3-Driven Fast Handover draft-irtf-mobopts-l2-abstractions-01 F.

Unified L2 Abstractions for L3-Driven Fast Handover draft-irtf-mobopts-l2-abstractions-01 F.

Unified L2 Abstractions for L3-Driven Fast Handover draft-irtf-mobopts-l2-abstractions-01 F. Teraoka, K. Gogo, K. Mitsuya, R. Shibui, K. Mitani Keio University 06.11.7 67th IETF MOBOPTS l2-abstractions 1 ToC Gap Analysis against IEEE

431 views • 25 slides
An out-of-order thread-local semantics for something like volatile relaxed atomics in C and the

An out-of-order thread-local semantics for something like volatile relaxed atomics in C and the

An out-of-order thread-local semantics for something like volatile relaxed atomics in C and the problems it highlights Jean Pichon 24th of September 2014 Goal How to avoid out-of-thin-air with C11s relaxed atomics? Remark by Mark

305 views • 18 slides
Producing Effective Interpolants for SAT-based Incremental Verification and Upgrade Checking

Producing Effective Interpolants for SAT-based Incremental Verification and Upgrade Checking

Producing Effective Interpolants for SAT-based Incremental Verification and Upgrade Checking Grigory Fedyukovich Joint work with: Ondrej Sery, Simone Fulvio Rollini, Leonardo Alt, Antti E. J. Hyvrinen, and Natasha Sharygina F ORMAL V ERIFICATION

843 views • 81 slides
Energy consumption in embedded systems; abstractions for software models, programming languages

Energy consumption in embedded systems; abstractions for software models, programming languages

Energy consumption in embedded systems; abstractions for software models, programming languages and verification methods Florence Maraninchi orcid.org/0000-0003-0783-9178 thanks to M. Moy, L. Mounier, L. Maillet-Contoz, D. Barthel, J.

489 views • 45 slides
Methods of Solving Flag Partial Differential Equations Xiaoping Xu Institute of Mathematics

Methods of Solving Flag Partial Differential Equations Xiaoping Xu Institute of Mathematics

Polynomial Solutions Evolution Equations Constant-Coefficient PDEs Methods of Solving Flag Partial Differential Equations Xiaoping Xu Institute of Mathematics Academy of Mathematics and System Sciences Chinese Academy of Sciences Beijing

2.04k views • 166 slides
Q UADRATIC A SSIGNMENT P ROBLEM (QAP) There are n factories and n cities. A distance a ij

Q UADRATIC A SSIGNMENT P ROBLEM (QAP) There are n factories and n cities. A distance a ij

S EARCH M OVES IN THE L OCAL O PTIMA N ETWORKS OF P ERMUTATION S PACES THE QAP CASE M ARCO B AIOLETTI U NIVERSITY OF P ERUGIA A LFREDO M ILANI U NIVERSITY OF P ERUGIA V ALENTINO S ANTUCCI U NIVERSITY FOR F OREIGNERS OF P ERUGIA M ARCO T OMASSINI U

692 views • 23 slides
Non-Asymptotic Analysis of Fractional Langevin Monte Carlo for Non-Convex Optimization Thanh Huy

Non-Asymptotic Analysis of Fractional Langevin Monte Carlo for Non-Convex Optimization Thanh Huy

Non-Asymptotic Analysis of Fractional Langevin Monte Carlo for Non-Convex Optimization Thanh Huy Nguyen, Umut S im sekli, Ga el Richard LTCI, T el ecom Paris, Institut Polytechnique de Paris, France Non-Asymptotic Analysis of

374 views • 13 slides
Semantic guidance for unbounded symbolic reachability Martin Suda Max Planck Institute fr

Semantic guidance for unbounded symbolic reachability Martin Suda Max Planck Institute fr

Semantic guidance for unbounded symbolic reachability Martin Suda Max Planck Institute fr Informatik VTSA 2012 b b b b b b b b b b b b Symbolic reachability The algorithm Conclusion Transition system ? G I Reachability Does

601 views • 28 slides
Quality Flags for Version 4.0 AIRS Science Team Meeting Greenbelt, Maryland December 1, 2004

Quality Flags for Version 4.0 AIRS Science Team Meeting Greenbelt, Maryland December 1, 2004

National Aeronautics and Space Administration Jet Propulsion Laboratory California Institute of Technology Pasadena, California Quality Flags for Version 4.0 AIRS Science Team Meeting Greenbelt, Maryland December 1, 2004 Sung-Yung Lee

562 views • 12 slides
FLAG AND RULES WORKING TOGETHER Link Swanson | link@mustbuild.com FLAG MODULE

FLAG AND RULES WORKING TOGETHER Link Swanson | link@mustbuild.com FLAG MODULE

FLAG AND RULES WORKING TOGETHER Link Swanson | link@mustbuild.com FLAG MODULE drupal.org/project/flag RULES MODULE drupal.org/project/rules WARNING: I AM NOT AN EXPERT When it comes to Rules and Flag, my knowledge is just enough to be

527 views • 13 slides
Synchronization: Recap Why? Example The Critical Section Problem (recap!) Hardware

Synchronization: Recap Why? Example The Critical Section Problem (recap!) Hardware

CPSC-410/611 Operating Systems Process Synchronization: Recap Synchronization: Recap Why? Example The Critical Section Problem (recap!) Hardware Support for Synchronization Lock-free operations Semaphores Monitors

218 views • 17 slides
Capture the Flag & Related Topics Strategies? Offensive strategies, defensive

Capture the Flag & Related Topics Strategies? Offensive strategies, defensive

Capture the Flag & Related Topics Strategies? Offensive strategies, defensive strategies, others? Q: Where is a good place for blue to lie in wait? F 2 Patrol the border Wait in blue zone just on edge of neutral areas

539 views • 27 slides

More recommend