formal analysis techniques for gpu kernels
play

Formal Analysis Techniques for GPU kernels Nathan Chong - PowerPoint PPT Presentation

Sep 09, 2022 •289 likes •1.09k views

Formal Analysis Techniques for GPU kernels Nathan Chong (nyc04@imperial.ac.uk) Leap Conference, 22 May 2013 1 Reports and Articles Social Processes and Proofs of Theorems and Programs Richard A. De Millo Georgia Institute of Technology

  1. Formal Analysis Techniques for GPU kernels Nathan Chong (nyc04@imperial.ac.uk) Leap Conference, 22 May 2013 1

  2. Reports and Articles Social Processes and Proofs of Theorems and Programs Richard A. De Millo Georgia Institute of Technology Richard J. Lipton and Alan J. Perlis Yale University “It is argued that formal verifications of programs, no matter how obtained, will not play the same key role in the development of computer science and software It is argued that formal verifications of programs, I should like to ask the same question that Descartes asked. You are proposing to give a precise definition of logical correctness no matter how obtained, will not play the same key role engineering as proofs do in mathematics” which is to be the same as my vague intuitive feeling for logical in the development of computer science and software correctness. How do you intend to show that they are the same? engineering as proofs do in mathematics. Furthermore ... The average mathematician should not forget that intuition is the absence of continuity, the inevitability of change, the final authority. and the complexity of specification of significantly J. Barkley Rosser many real programs make the formal verification process difficult to justify and manage. It is felt that Many people have argued that computer program- ease of formal verification should not dominate ming should strive to become more like mathematics. program language design. Maybe so, but not in the way they seem to think. The Key Words and Phrases: formal mathematics, aim of program verification, an attempt to make pro- mathematical proofs, program verification, program gramming more mathematics-like, is to increase dramat- specification ically one's confidence in the correct functioning of a CR Categories: 2.10, 4.6, 5.24 piece of software, and the device that verifiers use to achieve this goal is a long chain of formal, deductive 2 logic. In mathematics, the aim is to increase one's con- fidence in the correctness of a theorem, and it's true that

  3. Verification as a powerful and practical complement to Testing 3

  4. “It was a real bug, and it caused real issues in the results. It took significant debugging time to find the problem.” Lars Nyland (Senior Architect, NVIDIA) 4

  5. Schedule • Data races and Barrier Divergence • Examples, Examples, Examples • Anatomy of GPUVerify • Further Examples • Close and Questions 5

  6. Data Races and Barrier Divergence 6

  7. host local memory cpu global memory gpu 7

  8. local memory global memory 8

  9. local memory global memory 9

  10. local memory global intra- memory group X race 10

  11. local memory global memory inter- X group race 11

  12. __kernel void add_nbor(__local int *A, int offset) { int tid = get_local_id(0); A[tid] += A[tid+offset]; } 12

  13. __kernel void add_nbor(__local int *A, int offset) { int tid = get_local_id(0); A[tid] += A[tid+offset]; } s s+offset 13

  14. __kernel void add_nbor(__local int *A, int offset) { int tid = get_local_id(0); A[tid] += A[tid+offset]; } s s+offset 14

  15. __kernel void add_nbor(__local int *A, int offset) { int tid = get_local_id(0); A[tid] += A[tid+offset]; } s s+offset t t+offset t 15

  16. __kernel void add_nbor(__local int *A, int offset) { int tid = get_local_id(0); A[tid] += A[tid+offset]; } s s+offset X t t+offset t 16

  17. __kernel void diverge() { int tid = get_local_id(0); if (tid == 0) barrier(); else barrier(); } 17

  18. If barrier is inside a conditional statement, then all threads must enter the conditional if any thread enters the conditional statement and executes the barrier. If barrier is inside a loop, all threads must execute the barrier for each iteration of the loop before any are allowed to continue execution beyond the barrier. OpenCL Specification (6.12.8 Synchronization Functions) 18

  19. Reduction Demo 0 1 2 3 4 5 6 7 0,4 1,5 2,6 3,7 0,2,4,6 1,3,5,7 SUM 19

  20. Examples, Examples, Examples 20

  21. Be Skeptical • Is the verification easier or harder than building a test harness? • A common or rare type of bug? • The impact of not catching this bug • Limitations of technique 21

  22. 1 Races 22

  23. __kernel void add_nbor(__local int *A, int offset) { int tid = get_local_id(0); A[tid] += A[tid+offset]; } s s+offset X t t+offset t 23

  24. • Run GPUVerify on nbor.cl $ cd 1_simple_race $ gpuverify --local_size=8 --num_groups=1 nbor.cl • Can you fix the datarace? • Does GPUVerify like your fix? • Are there more problems with this kernel? 24

  25. Lessons • GPUVerify can find possible data races, giving a counterexample for you to evaluate • By fixing bugs, you increase your confidence in the verification result • But still, the verification is limited. For example, we don’t prove absence of array- bounds or functional correctness 25

  26. 2 Benign Races 26

  27. __kernel void allsame(__local int *p, int val) { *p = val; } 27

  28. • Run GPUVerify on allsame.cl $ cd 2_benign_race $ gpuverify --local_size=8 --num_groups=1 allsame.cl • Try adding “ --no-benign ” to the command • Change “ val ” to “ get_local_id(0) ” • Have a look at the example in find.cl 28

  29. Lessons • Benign data races do not lead to nondeterminism • Use --no-benign flag to warn about benign data races 29

  30. 3 Barrier Divergence 30

  31. __kernel void diverge() { int tid = get_local_id(0); if (tid == 0) barrier(); else barrier(); } 31

  32. __kernel void inloop() { int x = tid == 0 ? 4 : 1; int y = tid == 0 ? 1 : 4; int i = 0; while (i < x) { int j = 0; while (j < y) { barrier(); j++; } i++; } } 32

  33. • Run GPUVerify on these examples $ cd 3_barrier_divergence $ gpuverify --local_size=8 --num_groups=1 diverge.cl $ gpuverify --local_size=8 --num_groups=1 inloop.cl • Is the inloop kernel barrier divergent? • What does the inloop kernel try to do? 33

  34. If barrier is inside a conditional statement, then all threads must enter the conditional if any thread enters the conditional statement and executes the barrier. If barrier is inside a loop, all threads must execute the barrier for each iteration of the loop before any are allowed to continue execution beyond the barrier. OpenCL Specification (6.12.8 Synchronization Functions) 34

  35. GPU Final state of A NVIDIA Tesla C2050 {{0,1,0,1},{1,0,1,0}} AMD Tahiti {{0,1,2,3},{1,2,3,0}} ARM Mali-T600 {{0,1,2,3},{3,0,1,2}} Intel Xeon X5650 {{*,*,*,1},{3,0,1,2}} 35

  36. Lessons • Barrier divergence results in undefined behaviour • GPUVerify can detect such problems • Arguably, this is a rare bug? 36

  37. 4 Asserts and Assumes 37

  38. __kernel void simple(__local int *A) { A[tid] = tid; __assert(A[tid] == tid); __assert(A[tid] != get_local_size(0)); __assert(__implies( __write(A), __write_offset(A)/sizeof(int) == tid)); } 38

  39. • Run GPUVerify on these examples $ cd 4_asserts_and_assumes $ gpuverify --local_size=8 --num_groups=1 assert.cl • Try writing your own assertions • Have a look at vacuous.cl • Does this surprise you? 39

  40. Lessons • Use asserts to state expected details of your kernel at a particular program point • The dangers of inconsistent assumptions • Use __assert(false) to test for inconsistency 40

  41. 5 Loops 41

  42. __kernel void inc(int x) { int i = 0; while (i < x) { i = i + 1; } __assert(i == x); } 42

  43. __kernel void inc(int x) { __requires (0 < x); int i = 0; while (i < x) { i = i + 1; } __assert(i == x); } 43

  44. __kernel void inc(int x) { __requires (0 < x); int i = 0; while (__invariant(?), i < x) { i = i + 1; } __assert(i == x); } 44

  45. • Run GPUVerify on these examples $ cd 5_loops $ gpuverify --local_size=8 --num_groups=1 inc.cl • Try running with the “ --findbugs” flag • Can you find an invariant for the loop? • Take a look at stride.cl 45

  46. Lessons • Loop invariants are assertions that are true at every loop iteration • GPUVerify attempts to guess invariants • They may be necessary to strengthen verification to avoid false-positives • Use --findbugs to do loop unwinding 46

  47. Anatomy of GPUVerify 47

  48. 2-thread reduction s t X 48

  49. Arbitrary threads s and t barrier() // b1 barrier() // b2 49

  50. Arbitrary threads s and t barrier() // b1 run s from b1 to b2 log all accesses barrier() // b2 50

  51. Arbitrary threads s and t barrier() // b1 run s from b1 to b2 log all accesses run t from b1 to b2 check all accesses against s abort on race barrier() // b2 51

  52. 2-thread reduction gives scalable verification 52

  53. Translate parallel kernel K into sequential program P such that P correct implies K is race-free 53

  54. OpenCL CUDA kernel kernel Frontend (built on Kernel Transformation LLVM/CLANG) Engine sequential candidate Boogie loop program invariants Boogie Verification Z3 SMT Solver Engine 54

  55. OpenCL CUDA The only kernel kernel magic is here Frontend (built on Kernel Transformation LLVM/CLANG) Engine sequential candidate Widely used, Boogie loop very robust program invariants Boogie Verification Z3 SMT Solver Engine 55

  56. Further Examples 56

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Overview: Kernels for Sequences and Graphs String Kernels 8 Example Sequence Classification

Overview: Kernels for Sequences and Graphs String Kernels 8 Example Sequence Classification

Memorial Sloan-Kettering Cancer Center Overview: Kernels for Sequences and Graphs String Kernels 8 Example Sequence Classification Position-(In)dependent Kernels Advanced Kernels Easysvm Kernels on Graphs 9 Basics Random Walks Subtrees

1.8k views • 148 slides
GRAPH KERNELS FOR RDF DATA KNOWLEDGE MANAGEMENT GROUP INSTITUTE OF APPLIED INFORMATICS AND FORMAL

GRAPH KERNELS FOR RDF DATA KNOWLEDGE MANAGEMENT GROUP INSTITUTE OF APPLIED INFORMATICS AND FORMAL

Uta Lsch - Stephan Bloehdorn - Achim Rettinger* GRAPH KERNELS FOR RDF DATA KNOWLEDGE MANAGEMENT GROUP INSTITUTE OF APPLIED INFORMATICS AND FORMAL DESCRIPTION METHODS (AIFB) KIT University of the State of Baden-Wuerttemberg and www.kit.edu

593 views • 27 slides
Formal Specification Techniques Knowledge of typical approaches to formal software specification

Formal Specification Techniques Knowledge of typical approaches to formal software specification

Goals Understanding of the motivation of mathematical approaches to software specification Formal Specification Techniques Knowledge of typical approaches to formal software specification CAS 707 and verification McMaster University, Winter

106 views • 6 slides
Parametrizations of manifolds with heat kernels, multiscale analysis on graphs, and applications

Parametrizations of manifolds with heat kernels, multiscale analysis on graphs, and applications

Parametrizations of manifolds with heat kernels, multiscale analysis on graphs, and applications to analysis of data sets Mauro Maggioni Mathematics and Computer Science Duke University U.S.C./I.M.I., Columbia, 3/5/08 In collaboration with

350 views • 33 slides
Techniques for the system requirements unambiguous To describe the use of algebraic

Techniques for the system requirements unambiguous To describe the use of algebraic

Formal Specification Objectives To explain why formal specification techniques help discover problems in Techniques for the system requirements unambiguous To describe the use of algebraic techniques for interface specification of

69 views • 6 slides
Techniques for the system requirements unambiguous To describe the use of algebraic

Techniques for the system requirements unambiguous To describe the use of algebraic

Formal Specification Objectives To explain why formal specification techniques help discover problems in Techniques for the system requirements unambiguous To describe the use of algebraic techniques for interface specification of

400 views • 6 slides
Kernel Methods and String Kernels for Authorship Analysis Marius Popescu 1 Cristian Grozea 2 1

Kernel Methods and String Kernels for Authorship Analysis Marius Popescu 1 Cristian Grozea 2 1

String Kernels Authorship Attribution Authorship Clustering Sexual Predator Identification Kernel Methods and String Kernels for Authorship Analysis Marius Popescu 1 Cristian Grozea 2 1 University of Bucharest, Romania popescunmarius@gmail.com

203 views • 18 slides
Introduction to Formal Analysis Mark Greenstreet CpSc 513 Term 1, 2015/16 Formal

Introduction to Formal Analysis Mark Greenstreet CpSc 513 Term 1, 2015/16 Formal

Introduction to Formal Analysis Mark Greenstreet CpSc 513 Term 1, 2015/16 Formal verification uses algorithms to rigorously prove properties of hardware or software design. 20 years ago, we had the FDIV bug: 42.0 / 7.0 = 8.0 Formal

576 views • 6 slides
Formal Techniques and Tools For Software Health Management John Rushby (for N. Shankar) Computer

Formal Techniques and Tools For Software Health Management John Rushby (for N. Shankar) Computer

Formal Techniques and Tools For Software Health Management John Rushby (for N. Shankar) Computer Science Laboratory SRI International Menlo Park CA USA John Rushby, SR I Formal Tools and Techniques For SWHM 1 Introduction New project,

364 views • 7 slides
Testing/Simulation Formal Analysis Real System Formal Model Partial coverage Complete coverage

Testing/Simulation Formal Analysis Real System Formal Model Partial coverage Complete coverage

Formal Methods Assurance for TTP John Rushby Computer Science Laboratory SRI International Menlo Park CA USA John Rushby, SR I Formal Methods Assurance for TTP: 1 Formal Methods for Analysis and Assurance: The Idea Testing/Simulation Formal

200 views • 6 slides
Lecture 7: Formal Methods for Analysis Technique situation situation consequences Analysis

Lecture 7: Formal Methods for Analysis Technique situation situation consequences Analysis

Topic Area Requirements Engineering: Content (A Selection of) Analysis Techniques Introduction VL 6 Softwaretechnik / Software-Engineering Requirements Specification Desired Properties Focus Kinds of Requirements current

237 views • 10 slides
Lessons learned Techniques Limitations of formal specifications Cost of technical staff

Lessons learned Techniques Limitations of formal specifications Cost of technical staff

CRIM Lessons learned Techniques Limitations of formal specifications Cost of technical staff training Ease of communication between different system stakeholders by using object- oriented modeling techniques and OMT as notational

302 views • 9 slides
Tutorial Intro. to Modern Formal Methods: Mechanized Formal Analysis Using Model Checking,

Tutorial Intro. to Modern Formal Methods: Mechanized Formal Analysis Using Model Checking,

Tutorial Intro. to Modern Formal Methods: Mechanized Formal Analysis Using Model Checking, Theorem Proving SMT Solving, Abstraction, and Static Analysis With SAL, PVS, and Yices, and more John Rushby Computer Science Laboratory SRI

1.89k views • 161 slides
Formal Analysis of Correctness of a Strategy for the KRK Chess Endgame Fifth Workshop on Formal

Formal Analysis of Correctness of a Strategy for the KRK Chess Endgame Fifth Workshop on Formal

Formal Analysis of Correctness of a Strategy for the KRK Chess Endgame Fifth Workshop on Formal and Automated Theorem Proving and Applications. Belgrade, February 3-4, 2012. Marko Malikovi Mirko ubrilo Predrag Janii Faculty of Humanities

406 views • 27 slides
Formal Methods Research at SICS and KTH - An Overview - Mads Dam SICS and KTH/IMIT FMICS'03

Formal Methods Research at SICS and KTH - An Overview - Mads Dam SICS and KTH/IMIT FMICS'03

FORMAL DESIGN TECHNIQUES Formal Methods Research at SICS and KTH - An Overview - Mads Dam SICS and KTH/IMIT FMICS'03 Rros,Norway, June 2003 1 FORMAL DESIGN TECHNIQUES Executive Summary Group of researchers from SICS and IMIT, KTH

401 views • 9 slides
On Static Timing Analysis of GPU Kernels Vesa Hirvisalo Department of Computer Science and

On Static Timing Analysis of GPU Kernels Vesa Hirvisalo Department of Computer Science and

On Static Timing Analysis of GPU Kernels Vesa Hirvisalo Department of Computer Science and Engineering Aalto University 14th International Workshop on Worst-Case Execution Time Analysis Madrid, Spain, 8th July 2014 2014-07-08 Talk outline

862 views • 13 slides
Classical Ciphers Playfair Cipher Polyalphabetic Ciphers Cryptography Vigen` ere Cipher

Classical Ciphers Playfair Cipher Polyalphabetic Ciphers Cryptography Vigen` ere Cipher

Cryptography Classical Ciphers Caesar Cipher Monoalphabetic Ciphers Classical Ciphers Playfair Cipher Polyalphabetic Ciphers Cryptography Vigen` ere Cipher Vernam Cipher One Time Pad School of Engineering and Technology CQUniversity

687 views • 64 slides
Development of Earthquake Early Warning System using initial P waves Yih-Min Wu (NTU) Hiroo

Development of Earthquake Early Warning System using initial P waves Yih-Min Wu (NTU) Hiroo

Development of Earthquake Early Warning System using initial P waves Yih-Min Wu (NTU) Hiroo Kanamori (Caltech) Earthquake early warning (EEW) Before Strong Ground Motion Earthquake Early Waning System Predict Shaking Regional

989 views • 26 slides
Computational Approaches for Parameter Estimation in Climate Models Gabriel Huerta Department of

Computational Approaches for Parameter Estimation in Climate Models Gabriel Huerta Department of

Computational Approaches for Parameter Estimation in Climate Models Gabriel Huerta Department of Mathematics and Statistics University of New Mexico Joint with A. Villagran (UNM), C. Jackson and M.K. Sen (UT-Austin) 1 Summary Points

464 views • 33 slides
Model Checking My 27 year quest to overcome the My 27 year quest to overcome the state explosion

Model Checking My 27 year quest to overcome the My 27 year quest to overcome the state explosion

Model Checking Model Checking My 27 year quest to overcome the My 27 year quest to overcome the state explosion problem state explosion problem Edmund Clarke Edmund Clarke Computer Science Department Computer Science Department Carnegie

1.12k views • 57 slides
RELAP5-3D code applications for RBMK-1500 reactor core analysis by Evaldas Bubelis, Algirdas

RELAP5-3D code applications for RBMK-1500 reactor core analysis by Evaldas Bubelis, Algirdas

RELAP5-3D code applications for RBMK-1500 reactor core analysis by Evaldas Bubelis, Algirdas Kaliatka, Eugenijus Uspuras Introduction RELAP5 code originally was designed for PWR and BWR type reactors to provide the US Government and

753 views • 41 slides
Light Weight Torpedo (LWT) system &quot;Torpedsystem 47&quot; Lt (N) Magnus Lind Update on the

Light Weight Torpedo (LWT) system &quot;Torpedsystem 47&quot; Lt (N) Magnus Lind Update on the

The Swedish next generation Light Weight Torpedo (LWT) system &quot;Torpedsystem 47&quot; Lt (N) Magnus Lind Update on the development of TS47, which is Project Manager NLT (TS47) developed and optimized for ASW in extreme littoral waters

947 views • 25 slides
Software Model Checking Aditya V. Nori Microsoft Research India Thanks to Tom Ball &amp; Sriram

Software Model Checking Aditya V. Nori Microsoft Research India Thanks to Tom Ball &amp; Sriram

Software Model Checking Aditya V. Nori Microsoft Research India Thanks to Tom Ball &amp; Sriram Rajamani for material from their lectures PROBLEM 2 Software validation problem I hope some hacker cannot steal all my money, and publish all my

880 views • 33 slides
Announcements Thursday, April 19 Please fill out the CIOS form online. Current response: 15%

Announcements Thursday, April 19 Please fill out the CIOS form online. Current response: 15%

Announcements Thursday, April 19 Please fill out the CIOS form online. Current response: 15% If we get an 80% response rate before the final, Ill drop the two lowest quiz grades instead of one. Optional Assignment: due by email on

275 views • 13 slides

More recommend