mechanized verification of fine grained concurrent
play

Mechanized Verification of Fine-grained Concurrent Programs Ilya - PowerPoint PPT Presentation

Mar 12, 2024 •247 likes •973 views

Mechanized Verification of Fine-grained Concurrent Programs Ilya Sergey Aleks Nanevski Anindya Banerjee PLDI 2015 Terminology Coarse-grained Concurrency synchronisation between threads via locks ; Fine-grained

  1. Mechanized Verification of 
 Fine-grained Concurrent Programs Ilya Sergey Aleks Nanevski Anindya Banerjee PLDI 2015

  2. Terminology • Coarse-grained Concurrency — 
 synchronisation between threads via locks ; 
 • Fine-grained Concurrency — 
 synchronisation via RMW operations (e.g., CAS ).

  3. Some FG concurrent programs • Spin-lock • Ticketed lock • Bakery lock • Filter lock • Lock-free atomic snapshot • Treiber stack • Michael stack • HSY elimination-based stack • Lock-coupling set • Optimistic list-based set • Lazy concurrent list-based set • Michael-Scott queue • Harris et al.'s MCAS • Concurrent counters • Concurrent allocators • Flat Combiner • Concurrent producer/consumer • Concurrent indices • Concurrent barriers • …

  4. Using and verifying FG concurrency Great scalability — 
 high performance on multi-core CPU architectures Sophisticated interference between threads — 
 difficult to specify and verify formally

  5. Specifications in program logics { P } { Q } c precondition postcondition If the initial state satisfies P , 
 then, after c terminates, 
 the final state satisfies Q .

  6. Program logics for concurrency Owicki-Gries (1976) Rely-Guarantee (1983) CSL (2004) Bornat-al (2005) RGSep (2007) SAGL (2007) Gotsman-al (2007) Deny-Guarantee (2009) RSL (2013) LRG (2009) CAP (2010) Jacobs-Piessens (2011) HLRG (2010) HOCAP (2013) RGSim (2012) SCSL (2013) Liang-Feng (2013) TaDA (2014) iCAP (2014) CaReSL (2013) FCSL (2014) CoLoSL (2015) Iris (2015) GPS (2014)

  7. Program logics for concurrency Owicki-Gries (1976) Rely-Guarantee (1983) CSL (2004) Bornat-al (2005) RGSep (2007) SAGL (2007) Gotsman-al (2007) Deny-Guarantee (2009) RSL (2013) LRG (2009) CAP (2010) Jacobs-Piessens (2011) HLRG (2010) HOCAP (2013) RGSim (2012) SCSL (2013) Liang-Feng (2013) TaDA (2014) iCAP (2014) CaReSL (2013) FCSL (2014) CoLoSL (2015) Iris (2015) GPS (2014)

  8. Program logics for concurrency Owicki-Gries (1976) Rely-Guarantee (1983) CSL (2004) Bornat-al (2005) RGSep (2007) SAGL (2007) Gotsman-al (2007) Deny-Guarantee (2009) RSL (2013) LRG (2009) CAP (2010) Jacobs-Piessens (2011) HLRG (2010) HOCAP (2013) RGSim (2012) SCSL (2013) Liang-Feng (2013) TaDA (2014) iCAP (2014) CaReSL (2013) FCSL (2014) CoLoSL (2015) Iris (2015) GPS (2014)

  9. FCSL: Fine-grained Concurrent Separation Logic Nanevski, Ley-Wild, Sergey, Delbianco [ESOP’14] a logic for specifying and verifying 
 FG concurrent programs and also a verification tool , 
 implemented as a DSL in Coq (this talk)

  10. Key Ingredients • Subjective Auxiliary State • State-Transition Systems • Types

  11. Running example Concurrent construction of a spanning tree 
 of a binary graph

  12. a b c d e

  13. x m l r mark the node x check the node x ... ... letrec span (x : ptr) : bool = { if x == null then return false; else b ← CAS(x->m, 0, 1); if b then (r l ,r r ) ← (span(x->l) || span(x->r)); if ¬r l then x->l := null; if ¬r r then x->r := null; return true; else return false; run in parallel for successors } prune redundant edges

  14. a b c d e

  15. a ✔ ✔ b c d e

  16. a ✔ ✔ ✗ b c ✗ ✔ ✔ d e

  17. a ✔ ✔ ✗ b c ✗ ✔ ✔ d e

  18. a ✔ ✔ b c d e

  19. a b c d e

  20. The verification goal letrec span (x : ptr) : bool = { if x == null then return false; else b ← CAS(x->m, 0, 1); if b then (r l ,r r ) ← (span(x->l) || span(x->r)); if ¬r l then x->l := null; if ¬r r then x->r := null; return true; else return false; } Prove the resulting heap to represent a spanning tree 
 of the initial one

  21. Establishing correctness of span letrec span (x : ptr) : bool = { if x == null then return false; else b ← CAS(x->m, 0, 1); if b then (r l ,r r ) ← (span(x->l) || span(x->r)); if ¬r l then x->l := null; if ¬r r then x->r := null; return true; else return false; } • All reachable nodes are marked by the end • The graph modified only by the commands of span • The initial call is done from a root node without interference

  22. Key Ingredients • Subjective Auxiliary State 
 • State-Transition Systems 
 • Types

  23. Capturing thread contributions a b c d e shared state (heap)

  24. Capturing thread contributions Auxiliary state 
 of all other threads a a b b c c d e Auxiliary state 
 of this thread

  25. Accounting for dynamic forking span(x) || span(x->l) span(x->r)

  26. Accounting for dynamic forking s 3 span(x) { s 1 ⊎ s 2 } || span(x->l) span(x->r) s 1 ⊎ s 2

  27. Accounting for dynamic forking s 2 ⊎ s 3 span(x) { s 1 ⊎ s 2 } { s 1 } || || span(x->l) span(x->r) s 1 Nodes that belong to span(x->l)

  28. Accounting for dynamic forking s 1 ⊎ s 3 span(x) { s 1 ⊎ s 2 } { s 1 } { s 2 } || || span(x->l) span(x->r) s 2 Nodes that belong to span(x->r)

  29. Accounting for dynamic forking z 1 ⊎ z 3 span(x) { s 1 ⊎ s 2 } { s 1 } { s 2 } || || span(x->l) span(x->r) z 2 { z 1 } { z 2 }

  30. Accounting for dynamic forking z 3 span(x) { s 1 ⊎ s 2 } { s 1 } { s 2 } || || span(x->l) span(x->r) { z 1 } { z 2 } z 1 ⊎ z 2 { z 1 ⊎ z 2 } span(x) Nodes that belong to span(x) at the end

  31. Key Ingredients • Subjective Auxiliary State 
 • State-Transition Systems 
 • Types

  32. Key Ingredients • Subjective Auxiliary State — 
 capturing thread-specific contributions • State-Transition Systems 
 • Types

  33. Key Ingredients • Subjective Auxiliary State — 
 capturing thread-specific contributions • State-Transition Systems 
 • Types

  34. Establishing correctness of span letrec span (x : ptr) : bool = { if x == null then return false; else b ← CAS(x->m, 0, 1); if b then (r l ,r r ) ← (span(x->l) || span(x->r)); if ¬r l then x->l := null; if ¬r r then x->r := null; return true; else return false; } • All reachable nodes are marked by the end • The graph modified only by the commands of span • The initial call is done from a root node without interference

  35. Transition 1: marking a node a b b c mark(b) a d e b c d e marked by this thread 
 (Guarantee)

  36. Transition 1: marking a node marked by other thread 
 (Rely) a b c mark(b) T a d e b b c d e

  37. Transition 2: pruning an edge a a n u l l i f y ( b - > r ) b c b c b b d e d e No other thread can do it!

  38. Pseudocode implementation span (x : ptr) : bool { if x == null then return false; else b ← CAS(x->m, 0, 1); if b then (r l ,r r ) ← (span(x->l) || span(x->r)); if ¬r l then x->l := null; if ¬r r then x->r := null; return true; else return false; }

  39. FCSL/Coq implementation Program Definition span : span_tp := ffix ( fun (loop : span_tp) (x : ptr) => Do ( if x == null then ret false else b <-- trymark x; if b then xl <-- read_child x Left; xr <-- read_child x Right; rs <-- par (loop xl) (loop xr); ( if ~~rs.1 then nullify x Left else ret tt);; ( if ~~rs.2 then nullify x Right else ret tt);; ret true else ret false)). Transition-aware commands (equivalent to CAS , write , etc.)

  40. Key Ingredients • Subjective Auxiliary State — 
 capturing thread-specific contributions • State-Transition Systems 
 • Types

  41. Key Ingredients • Subjective Auxiliary State — 
 capturing thread-specific contributions • State-Transition Systems — 
 specification of concurrent protocols • Types

  42. Key Ingredients • Subjective Auxiliary State — 
 capturing thread-specific contributions • State-Transition Systems — 
 specification of concurrent protocols • Types

  43. Key Ingredients • Subjective Auxiliary State — 
 capturing thread-specific contributions • State-Transition Systems — 
 specification of concurrent protocols • Dependent Types

  44. FCSL/Coq implementation Specification (loop invariant) Program Definition span : span_tp := span_tp ffix ( fun (loop : span_tp) (x : ptr) => Do ( if x == null then ret false else b <-- trymark x; if b then xl <-- read_child x Left; xr <-- read_child x Right; rs <-- par (loop xl) (loop xr); ( if ~~rs.1 then nullify x Left else ret tt);; ( if ~~rs.2 then nullify x Right else ret tt);; ret true else ret false)). (about 200 LOC) Next Obligation. Qed.

  45. Specification for span starting node Definition (x : ptr) := span_tp {i (g1 : graph (joint i))}, STsep [SpanTree] ( fun s1 => i = s1 ⋀ (x == null ⋁ x ∈ dom (joint s1)), fun (r : bool) s2 => exists g2 : graph (joint s2), subgraph g1 g2 ⋀ if r then x != null ⋀ exists (t : set ptr), self s2 = self i ⊎ t ⋀ tree g2 x t ⋀ maximal g2 t ⋀ front g1 t (self s2 ⊎ other s2) else (x == null ⋁ mark g2 x) ⋀ self s2 = self i).

  46. Specification for span concurrent protocol Definition (x : ptr) := span_tp {i (g1 : graph (joint i))}, STsep [SpanTree] ( fun s1 => i = s1 ⋀ (x == null ⋁ x ∈ dom (joint s1)), fun (r : bool) s2 => exists g2 : graph (joint s2), subgraph g1 g2 ⋀ if r then x != null ⋀ exists (t : set ptr), self s2 = self i ⊎ t ⋀ tree g2 x t ⋀ maximal g2 t ⋀ front g1 t (self s2 ⊎ other s2) else (x == null ⋁ mark g2 x) ⋀ self s2 = self i).

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Communicating State Transition Systems for Fine-Grained Concurrent Resources Aleksandar Nanevski

Communicating State Transition Systems for Fine-Grained Concurrent Resources Aleksandar Nanevski

Communicating State Transition Systems for Fine-Grained Concurrent Resources Aleksandar Nanevski Ruy Ley-Wild Ilya Sergey Germn Delbianco HOPE 2013 Reasoning about shared-memory concurrency How to model shared-memory

2.2k views • 173 slides
Fine-Grained Geographic Communication (Geocast) Nexus Workshop Frank Drr 23.07.2003 1

Fine-Grained Geographic Communication (Geocast) Nexus Workshop Frank Drr 23.07.2003 1

Fine-Grained Geographic Communication (Geocast) Nexus Workshop Frank Drr 23.07.2003 1 Overview Motivation Requirements for Fine-Grained Geocast Location Model for Fine-Grained Geographic Addressing Summary Related Work

752 views • 18 slides
Parts of Speech More Fine-Grained Classes More

Parts of Speech More Fine-Grained Classes More

Parts of Speech More Fine-Grained Classes More Fine-Grained Classes Actually , I ran home extremely quickly yesterday The closed classes Example of POS tagging The Penn Treebank Part-of-Speech

747 views • 54 slides
Fine Grained Access Control Fine-Grained Access Control Fine Grained Access Control

Fine Grained Access Control Fine-Grained Access Control Fine Grained Access Control

Fine Grained Access Control Fine-Grained Access Control Fine Grained Access Control Fine-grained access control examples: p g Students can see their own grades Students can see grades of all students in courses they registered for

548 views • 34 slides
Fine-grained Visual Analysis: From Classification to Retrieval Yi-Zhe Song SketchX Lab, CVSSP,

Fine-grained Visual Analysis: From Classification to Retrieval Yi-Zhe Song SketchX Lab, CVSSP,

Fine-grained Visual Analysis: From Classification to Retrieval Yi-Zhe Song SketchX Lab, CVSSP, University of Surrey, UK http://sketchx.ai Why fine-grained? Dog Dog Dog I am not just a dog Why fine-grained? Husky

615 views • 24 slides
Fine-grained Image Recognition Lei Wang VILA group School of Computing and Information

Fine-grained Image Recognition Lei Wang VILA group School of Computing and Information

Learning Kernel-matrix-based Representation for Fine-grained Image Recognition Lei Wang VILA group School of Computing and Information Technology University of Wollongong, Australia 11-Dec-2019 Introduction Fine-grained image recognition

1.56k views • 58 slides
TRILL Fine Grained Labeling Donald Eastlake 3 rd Huawei

TRILL Fine Grained Labeling Donald Eastlake 3 rd Huawei

TRILL Fine Grained Labeling Donald Eastlake 3 rd Huawei Technologies d3e3e3@gmail.com November 2011 TRILL WG 1 Fine Grained Labeling A way to

469 views • 8 slides
Addressing Inter-Class Similarity in Fine-Grained Visual Classification Abhimanyu Dubey

Addressing Inter-Class Similarity in Fine-Grained Visual Classification Abhimanyu Dubey

Addressing Inter-Class Similarity in Fine-Grained Visual Classification Abhimanyu Dubey Collaborators: Nikhil Naik, Ryan Farrell, Otkrist Gupta, Pei Guo, Ramesh Raskar Fine-Grained Visual Classification - Image classification with target

760 views • 35 slides
Fine-Grained Power Modeling for Smartphones Using System Call Tracing Based on paper and

Fine-Grained Power Modeling for Smartphones Using System Call Tracing Based on paper and

Fine-Grained Power Modeling for Smartphones Using System Call Tracing Based on paper and presentation by: Abhinav Pathak, Y. Charlie Hu, Ming Zhang Paramvir Bahl, Yi-Min Wang Damian Rodziewicz Fine-Grained Power Modeling for Smartphones

701 views • 33 slides
On the Correctness Criteria of Fine-Grained Access Control in Relational Databases Qihua Wang,

On the Correctness Criteria of Fine-Grained Access Control in Relational Databases Qihua Wang,

On the Correctness Criteria of Fine-Grained Access Control in Relational Databases Qihua Wang, Ting Yu, Ninghui Li Jorge Lobo, Elisa Bertino Keith Irwin, Ji-Won Byun Outline Introduction Correctness Criteria A Fine-Grained Access

1.21k views • 51 slides
Fine-Grained Access Control Fine Grained Access Control Fine-grained access control examples:

Fine-Grained Access Control Fine Grained Access Control Fine-grained access control examples:

Fine-Grained Access Control Fine Grained Access Control Fine-grained access control examples: Students can see their own grades Students can see their own grades Students can see grades of all students in courses they registered for

338 views • 17 slides
Cosmo: a concurrent separation logic for Multicore OCaml Glen Mvel , Jacques-Henri Jourdan,

Cosmo: a concurrent separation logic for Multicore OCaml Glen Mvel , Jacques-Henri Jourdan,

Cosmo: a concurrent separation logic for Multicore OCaml Glen Mvel , Jacques-Henri Jourdan, Franois Pottier August, 2020 ICFP, New York LRI &amp; Inria, Paris, France This talk Our aim: Verifying fine-grained concurrent

511 views • 38 slides
Fine Grained Coordinated Parallelism in a Real World Application Mohammad Rezaei, PhD June 2012

Fine Grained Coordinated Parallelism in a Real World Application Mohammad Rezaei, PhD June 2012

Fine Grained Coordinated Parallelism in a Real World Application Mohammad Rezaei, PhD June 2012 1 Outline Types of parallelism Algorithm description Why fine grained parallelism? Concurrency is hard no, its different

419 views • 19 slides
Mesos A Platform for Fine-Grained Resource Sharing in the

Mesos A Platform for Fine-Grained Resource Sharing in the

Mesos A Platform for Fine-Grained Resource Sharing in the Data Center Benjamin Hindman, Andy Konwinski, Matei Zaharia , Ali Ghodsi, Anthony Joseph,

438 views • 32 slides
Enhancing Fine- Grained Parallelism Loop vectorization, Loop distribution, Scalar expansion

Enhancing Fine- Grained Parallelism Loop vectorization, Loop distribution, Scalar expansion

Enhancing Fine- Grained Parallelism Loop vectorization, Loop distribution, Scalar expansion Scalar and array renaming 1 Fine-Grained Parallelism Theorem 2.8. A sequential loop can be converted to a parallel loop if the loop carries no

606 views • 41 slides
Fine-Grained Tracking of Grid Infections Ashish Gehani SRI Basim Baig, Salman Mahmood, Dawood

Fine-Grained Tracking of Grid Infections Ashish Gehani SRI Basim Baig, Salman Mahmood, Dawood

Fine-Grained Tracking of Grid Infections Ashish Gehani SRI Basim Baig, Salman Mahmood, Dawood Tariq, Fareed Zaffar LUMS Fine-Grained Tracking of Grid Infections p. 1/18 Introduction Grid semantics Not middleware-specific Distributed

644 views • 18 slides
Understanding IC3 Aaron R. Bradley ECEE, CU Boulder &amp; Summit Middle School Understanding

Understanding IC3 Aaron R. Bradley ECEE, CU Boulder &amp; Summit Middle School Understanding

Understanding IC3 Aaron R. Bradley ECEE, CU Boulder &amp; Summit Middle School Understanding IC3 1/55 Further Reading This presentation is based on Bradley, A. R. Understanding IC3. In SAT , June 2012.

594 views • 56 slides
CSS is for Clark Kent. Sass is for Superman. About John Albin Wilkins JohnAlbin

CSS is for Clark Kent. Sass is for Superman. About John Albin Wilkins JohnAlbin

http://bit.ly/sass-for-superman FRONTEND TRACK | JOHN ALBIN WILKINS | FEBRUARY 7 2013 CSS is for Clark Kent. Sass is for Superman. About John Albin Wilkins JohnAlbin drupal.org/user/11297 @JohnAlbin 2 OReilly book: Sass and Compass

861 views • 58 slides
CS 380 WEB PROGRAMMING Instructor: Nat Martin Class 6 Instructor: Nat Martin Office

CS 380 WEB PROGRAMMING Instructor: Nat Martin Class 6 Instructor: Nat Martin Office

CSC 210 1 CS 380 WEB PROGRAMMING Instructor: Nat Martin Class 6 Instructor: Nat Martin Office Hours: 3:30- 4:30 Monday and Wednesday Email: martin@cs.rochester.edu Lecture Monday and Wednesday (Dewey 2162)

593 views • 31 slides
Precision Measurements at Hadron Colliders Hadron Colliders and Gl b l A Global Analysis of

Precision Measurements at Hadron Colliders Hadron Colliders and Gl b l A Global Analysis of

Precision Measurements at Hadron Colliders Hadron Colliders and Gl b l A Global Analysis of PDFs l i f PDF C.-P. Yuan Michigan State University February 7, 2011 @ PSI, Switzerland Precision Electroweak Physics at Hadron Colliders

1.86k views • 101 slides
Better Generalization in IC3 Zyad Hassan Aaron R. Bradley Fabio Somenzi Department of

Better Generalization in IC3 Zyad Hassan Aaron R. Bradley Fabio Somenzi Department of

Problem Solution Results Analysis Conclusions Better Generalization in IC3 Zyad Hassan Aaron R. Bradley Fabio Somenzi Department of Electrical, Computer, and Energy Engineering University of Colorado at Boulder Oct 23, 2013 Hassan,

955 views • 54 slides
Translation of OpenSolaris Ale ernoek, Jan Lna EMEA Globalization Center Sun

Translation of OpenSolaris Ale ernoek, Jan Lna EMEA Globalization Center Sun

USE IMPROVE EVANGELIZE Translation of OpenSolaris Ale ernoek, Jan Lna EMEA Globalization Center Sun Microsystems USE IMPROVE EVANGELIZE Agenda Introduction OpenSolaris and Locale Data Objects DEMO: Creating a new

398 views • 21 slides
Introduction we consider the problem of complexity analysis for higher-order functional

Introduction we consider the problem of complexity analysis for higher-order functional

Implicit Computational Complexity of Subrecursive Functional Programs, with Applications to Cryptographic Proofs Patrick Baillot LIP, CNRS &amp; ENS de Lyon joint work with Gilles Barthe and Ugo Dal Lago gdt Gomtrie du Calcul (GEOCAL)

989 views • 67 slides
Developed for the X-ray CCD Camera onboard the XRISM Satellite Yoshiaki Kanemaru(University of

Developed for the X-ray CCD Camera onboard the XRISM Satellite Yoshiaki Kanemaru(University of

Radiation Hardness of a P-Channel Notch CCD Developed for the X-ray CCD Camera onboard the XRISM Satellite Yoshiaki Kanemaru(University of Miyazaki) mail: kanemaru@astro.miyazaki-u.ac.jp Jin Sato, Koji Mori (University of Miyazaki), Hiroshi

317 views • 21 slides

More recommend