Let's try to understand (part of) Iris Willem Penninckx The Paper - - PowerPoint PPT Presentation

let s try to understand part of iris
SMART_READER_LITE
LIVE PREVIEW

Let's try to understand (part of) Iris Willem Penninckx The Paper - - PowerPoint PPT Presentation

Aug 20, 2022 383 likes •653 views

Let's try to understand (part of) Iris Willem Penninckx The Paper Iris: Monoids and Invariants as an Orthogonal Basis for Concurrent Reasoning Ralf Jung, David Swasey, Filip Sieczkowski, Kasper Svendsen, Aaron Turon, Lars Birkedal, and Derek

slide-1
SLIDE 1

Let's try to understand (part of) Iris

Willem Penninckx

slide-2
SLIDE 2

The Paper

Iris: Monoids and Invariants as an Orthogonal Basis for Concurrent Reasoning Ralf Jung, David Swasey, Filip Sieczkowski, Kasper Svendsen, Aaron Turon, Lars Birkedal, and Derek Dreyer

slide-3
SLIDE 3

DISCLAIMER

I'm not an expert

slide-4
SLIDE 4

Concurrency is about shared state

Situation Shared state Verify this Shared memory Memory No secret

  • verwrites,

Counter only increases Message- passing Network Protocol Input/output Filesystems, Humans, ... Protocol

slide-5
SLIDE 5

How to verify when there's concurrency?

“Monoids and invariants are all you need”

– Iris

slide-6
SLIDE 6

Invariant: assertion about shared state

Atomic operation 1 Atomic operation 2 Atomic operation 3 Atomic operation 4 Thread 1: Assertion holds

slide-7
SLIDE 7

Set “error” element Name of the monoid Commutative binary operator

(Iris-style) Monoid

slide-8
SLIDE 8

“Case study”: Verification + concurrency + heap

Proglang: v = malloc() v1 = !v2 v1 := v2 v1 = v2

slide-9
SLIDE 9

Invariant, e.g.: GLOBAL physical state is h

Attempt #1

slide-10
SLIDE 10

v1 = malloc() v1 := 7 Thread 1:

slide-11
SLIDE 11

“partial knowledge” in monoid

Set

slide-12
SLIDE 12

“partial knowledge” in monoid

Global knowledge Local partial knowledge

slide-13
SLIDE 13

“partial knowledge” in monoid

Global knowledge Local partial knowledge No global knowledge

slide-14
SLIDE 14

“partial knowledge” in monoid

Global knowledge Local partial knowledge No global knowledge g = h

slide-15
SLIDE 15

“partial knowledge” in monoid

Exercise: what does this mean?

slide-16
SLIDE 16

Exercise: what is the neutral element? Note: in paper composition Is just pointwise (so (\eps, l1) . (\eps l2) is not always \bot)

slide-17
SLIDE 17

v1 = malloc() Thread 1: v1 := 7

slide-18
SLIDE 18

v1 = malloc() Thread 1: v1 := 7 Combined: = = Link with physical? Know in physical state!

slide-19
SLIDE 19

Let's prove

v1 := 7 Our invariant holds

slide-20
SLIDE 20

Strategy

  • Open invariant
  • Combine thread's ghost state with invar's

  • Do physical update

  • Do ghost update
  • Split thread's ghost state and invar's
  • Close invariant

Know in physical state!

slide-21
SLIDE 21

frame v1 := 7 Need to update ghost state to close invar

  • Phys. Upd
slide-22
SLIDE 22

??? Allowed if “does not harm other threads”

slide-23
SLIDE 23

No: other thread might have e.g.

“Does not harm other threads”

Yes: cell update

? ?

slide-24
SLIDE 24

Increase-only counter

slide-25
SLIDE 25

Wrapping up

  • Monoids
  • Physical assertion
  • Ghost assertion
  • Invariants
  • Teaser Episode 3
  • Can I model I/O in Iris? (Willem)
  • Logical Atomicity (Amin)