parametric verification of concurrent programs under the
play

Parametric Verification of Concurrent Programs under the TSO Weak - PowerPoint PPT Presentation

Feb 23, 2024 •112 likes •897 views

Parametric Verification of Concurrent Programs under the TSO Weak Memory Model Ahmed Bouajjani Paris Diderot University Based on joint work with Parosh A. Abdulla Mohamed Faouzi Atig T. Phong Ngo Uppsala University Sebastian

  1. Parametric Verification of Concurrent Programs under the TSO Weak Memory Model Ahmed Bouajjani Paris Diderot University Based on joint work with Parosh A. Abdulla Mohamed Faouzi Atig T. Phong Ngo Uppsala University Sebastian Burckhardt Madan Musuvathi Microsoft Research SynCoP+PV’17, Uppsala, April 22, 2017

  2. Sequential Consistency • Concurrent processes with Shared Memory • Operations: Writes and Reads • Computation of different processes are shuffled • Program order is preserved for each process • => Strong consistency: Operations are immediately visible to all processes • Simple and Intuitive model • Disallows many hardware/compiler optimisations

  3. Sequential Consistency • Concurrent processes with Shared Memory • Operations: Writes and Reads • Computation of different processes are shuffled • Program order is preserved for each process • => Strong consistency: • => Strong consistency: Operations are immediately visible to all processes • Simple and Intuitive model • Simple and Intuitive model • Disallows many hardware/compiler optimisations

  4. Sequential Consistency • Concurrent processes with Shared Memory • Operations: Writes and Reads • Computation of different processes are shuffled • Program order is preserved for each process • => Strong consistency: Operations are immediately visible to all processes • Simple and Intuitive model • Disallows many hardware/compiler optimisations

  5. Weak Memory Models x=y=0 write(x,1) read(x,0) po hb read(y,0) read(x,0) write (x,1) read(y,0) SC

  6. Weak Memory Models Relax the Program Order Constraints x=y=0 write(x,1) read(x,0) po hb read(y,0) read(x,0) write (x,1) read(y,0) SC Swap operations TSO read(x,0) read(y,0) write (x,1)

  7. Weak Memory Models Relax the Program Order Constraints x=y=0 write(x,1) read(x,0) po hb read(y,0) read(x,0) write (x,1) read(y,0) SC Swap operations TSO read(x,0) read(y,0) write (x,1) Execute in parallel

  8. Total Store Ordering Store Buffers Memory P1 w(x,2) w(y,1) w(x,1) … … Pn w(y,2) • writes are sent to store buffers (one per process) • writes are committed to memory at any time • reads are from - own store buffer if a value exists (last write to the variable) - otherwise from the memory • fences executed when own buffer is empty

  9. Non SC Behaviours x=y=0 write(x,1) write(y,1) read(y,0) read(x,0) CS1 CS2 CS1 and CS2 ?

  10. Non SC Behaviours x=y=0 write(x,1) write(y,1) po po read(y,0) read(x,0) hb hb CS1 CS2 CS1 and CS2 ? - Impossible under SC

  11. Non SC Behaviours x=y=0 write(x,1) write(y,1) po po read(y,0) read(x,0) hb hb CS1 CS2 CS1 and CS2 ? - Impossible under SC - Possible under TSO! • writes are delayed : pending in store buffers • reads get old values in the memory (0’s)

  12. Non SC Behaviours x=y=0 write(x,1) write(y,1) po po read(y,0) read(x,0) hb hb CS1 CS2 CS1 and CS2 ? - Impossible under SC - Possible under TSO! • writes are delayed : pending in store buffers • reads get old values in the memory (0’s) • => po constraints are relaxed • => reads can overtake writes

  13. TSO: Semantics P1 P2 > > w(x,1) w(y,1) r(x,0) r(y,0) P1 x=0 y=0 P2

  14. TSO: Semantics P1 P2 w(x,1) w(y,1) > > r(x,0) r(y,0) P1 w(x,1) x=0 y=0 P2 w(y,1)

  15. TSO: Semantics P1 P2 w(x,1) w(y,1) r(x,0) r(y,0) > > P1 w(x,1) x=0 y=0 P2 w(y,1)

  16. Avoiding Reordering: Fences x=y=0 hb hb write(x,1) write(y,1) hb fence fence read(y,0) read(x,0) hb hb hb CS1 CS2 CS1 and CS2 ? • A fence forces flushing the store buffer • => CS1 and CS2 becomes impossible

  17. Avoiding Reordering: Fences x=y=0 hb hb write(x,1) write(y,1) hb fence fence read(y,0) read(x,0) hb hb hb CS1 CS2 CS1 and CS2 ? • A fence forces flushing the store buffer • => CS1 and CS2 becomes impossible SC can be enforced: fence after each write

  18. Safety/Reachability Verification Problems P1 … m 1 . . . . . . P n … m 1 for every n , for every m , [ P1 || … || P n ] TSO(m) satisfies Always (Safe) there is n , there is m , [ P1 || … || P n ] TSO(m) satisfies Reachable (Not Safe)

  19. First step: Let us fix the number of processes P1 … m 1 . . . . . . P n … m 1 for every m , [ P1 || … || P n ] TSO(m) satisfies Always (Safe) there is m , [ P1 || … || P n ] TSO(m) satisfies Reachable (Not Safe)

  20. First step: Let us fix the number of processes P1 … m 1 . . . . . . Consider Unbounded Store Buffers P n … m 1 there is m , [ P1 || … || P n ] TSO(m) satisfies Reachable (Not Safe) <=> [ P1 || … || P n ] TSO( ∞ ) satisfies Reachable (Not Safe)

  21. Reachability Problem for a given number of processes: Decidability, Complexity Assume that processes are finite state Under SC , the control state reachability problem is • PSPACE-complete, for a fixed number of processes • EXPSPACE-complete, for the parametric case

  22. Reachability Problem for a given number of processes: Decidability, Complexity Assume that processes are finite state Under SC , the control state reachability problem is • PSPACE-complete, for a fixed number of processes • EXPSPACE-complete, for the parametric case What about the TSO( ∞ ) reachability? store buffers are unbounded perfect FIFO queues !!

  23. Reachability Problem for a given number of processes: Decidability, Complexity Assume that processes are finite state Under SC , the control state reachability problem is • PSPACE-complete, for a fixed number of processes • EXPSPACE-complete, for the parametric case What about the TSO( ∞ ) reachability? store buffers are unbounded perfect FIFO queues !! What about the parametric TSO( ∞ ) reachability?

  24. Reachability Problem for TSO programs: Results - The TSO reachability problem is decidable

  25. Reachability Problem for TSO programs: Results - The TSO reachability problem is decidable - … but it is highly complex (non primitive recursive) Reduction to/from reachability in lossy channel systems [Atig, B., Burckhardt, Musuvathi, POPL’10]

  26. Reachability Problem for TSO programs: Results - The TSO reachability problem is decidable - … but it is highly complex (non primitive recursive) Reduction to/from reachability in lossy channel systems [Atig, B., Burckhardt, Musuvathi, POPL’10] - The parametric TSO reachability problem is decidable - A dual semantics for TSO - Monotonic system w.r.t. WQO - Simpler and more efficient reduction [Abdulla, Atig, B.,Ngo, CONCUR’16]

  27. Reachability Problem for TSO programs: Results - The TSO reachability problem is decidable - … but it is highly complex (non primitive recursive) Reduction to/from reachability in lossy channel systems [Atig, B., Burckhardt, Musuvathi, POPL’10] - The parametric TSO reachability problem is decidable - A dual semantics for TSO - Monotonic system w.r.t. WQO - Simpler and more efficient reduction [Abdulla, Atig, B.,Ngo, CONCUR’16]

  28. An example of TSO program x=y=0 P1 P2 > > w(x,1) r(x,2) w(y,1) r(y,0) w(x,2) x=0 P1 y=0 TSO store buffer of P1

  29. An example of TSO program x=y=0 P1 P2 > w(x,1) r(x,2) w(y,1) r(y,0) w(x,2) > x=0 P1 w(x,2) w(y,1) w(x,1) y=0 TSO store buffer of P1

  30. An example of TSO program x=y=0 P1 P2 > w(x,1) r(x,2) w(y,1) r(y,0) w(x,2) > x=1 P1 w(x,2) w(y,1) w(x,1) y=0 TSO store buffer of P1

  31. An example of TSO program x=y=0 P1 P2 > w(x,1) r(x,2) w(y,1) r(y,0) w(x,2) > x=1 P1 w(x,2) w(y,1) w(x,1) y=1 TSO store buffer of P1

  32. An example of TSO program x=y=0 P1 P2 > w(x,1) r(x,2) w(y,1) r(y,0) w(x,2) > x=2 P1 w(x,2) w(y,1) w(x,1) y=1 TSO store buffer of P1

  33. An example of TSO program x=y=0 P1 P2 w(x,1) r(x,2) > w(y,1) r(y,0) w(x,2) > x=2 P1 w(x,2) w(y,1) w(x,1) y=1 TSO store buffer of P1

  34. An example of TSO program x=y=0 P1 P2 w(x,1) r(x,2) > w(y,1) r(y,0) X w(x,2) > x=2 P1 w(x,2) w(y,1) w(x,1) y=1 TSO store buffer of P1 Deadlock under the TSO semantics

  35. TSO Store Buffers —> Lossy Channels ? x=y=0 P1 P2 > w(x,1) r(x,2) w(y,1) r(y,0) w(x,2) > x=0 P1 w(x,2) w(y,1) w(x,1) y=0 Lossy Fifo Channel

  36. TSO Store Buffers —> Lossy Channels ? x=y=0 P1 P2 > w(x,1) r(x,2) w(y,1) r(y,0) w(x,2) > x=1 P1 w(x,2) w(y,1) w(x,1) y=0 Lossy Fifo Channel

  37. TSO Store Buffers —> Lossy Channels ? x=y=0 P1 P2 > w(x,1) r(x,2) w(y,1) r(y,0) w(x,2) > x=1 P1 w(x,2) w(y,1) w(x,1) y=0 Lossy Fifo Channel

  38. TSO Store Buffers —> Lossy Channels ? x=y=0 P1 P2 > w(x,1) r(x,2) w(y,1) r(y,0) w(x,2) > x=2 P1 w(x,2) w(y,1) w(x,1) y=0 Lossy Fifo Channel

  39. TSO Store Buffers —> Lossy Channels ? x=y=0 P1 P2 w(x,1) r(x,2) > w(y,1) r(y,0) w(x,2) > x=2 P1 w(x,2) w(y,1) w(x,1) y=0 Lossy Fifo Channel

  40. TSO Store Buffers —> Lossy Channels ? x=y=0 P1 P2 w(x,1) r(x,2) w(y,1) r(y,0) > w(x,2) > x=2 P1 w(x,2) w(y,1) w(x,1) y=0 Lossy Fifo Channel Unsound simulation of TSO!

  41. Store Memory Snapshots x=y=0 P1 P2 > > w(x,1) r(x,2) w(y,1) r(y,0) w(x,2) x=0 P1 y=0 Future Snapshots of the Memory

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Lecture 2: Verification of Concurrent Programs Part 2: Under Approximate Analysis Ahmed

Lecture 2: Verification of Concurrent Programs Part 2: Under Approximate Analysis Ahmed

Lecture 2: Verification of Concurrent Programs Part 2: Under Approximate Analysis Ahmed Bouajjani LIAFA, University Paris Diderot Paris 7 VTSA, MPI-Saarbr ucken, September 2012 A. Bouajjani (LIAFA, UP7) Lecture 2: Concurrent Programs

654 views • 47 slides
Verification of Concurrent Programs Decidability, Complexity, Reductions. Ahmed Bouajjani U

Verification of Concurrent Programs Decidability, Complexity, Reductions. Ahmed Bouajjani U

Verification of Concurrent Programs Decidability, Complexity, Reductions. Ahmed Bouajjani U Paris Diderot Paris 7 Locali Workshop, Beijing, November 2013 A. Bouajjani (U Paris Diderot UP7) Verification of Concurrent Programs Beijing,

924 views • 50 slides
Towards full verification of concurrent libraries Viktor Vafeiadis Program verification

Towards full verification of concurrent libraries Viktor Vafeiadis Program verification

Towards full verification of concurrent libraries Viktor Vafeiadis Program verification Programs considered: Small (&lt;100 LOC) Medium (KLOC) Large (MLOC) Simple

577 views • 45 slides
Program Correctness Literatuur Verification of Sequential and Concurrent Programs. Krzysztof R.

Program Correctness Literatuur Verification of Sequential and Concurrent Programs. Krzysztof R.

Program Correctness Literatuur Verification of Sequential and Concurrent Programs. Krzysztof R. Apt, Frank S. de Boer, Ernst-R udiger Olderog. Series: Texts in Computer Science. Springer. 3rd ed. 2nd Printing. ISBN: 978-1-84882-744-8. Te

1.23k views • 112 slides
Verifying Concurrent Programs (Tutorial) Aarti Gupta Systems Analysis &amp; Verification Group

Verifying Concurrent Programs (Tutorial) Aarti Gupta Systems Analysis &amp; Verification Group

Verifying Concurrent Programs (Tutorial) Aarti Gupta Systems Analysis &amp; Verification Group NEC Labs America, Princeton, USA www.nec-labs.com Tutorial: Verifying Concurrent Programs Oct 2011 Acknowledgements Malay Ganai, Vineet

982 views • 72 slides
Lecture 1: Verification of Concurrent Programs Part 1: Decidability and Complexity Results Ahmed

Lecture 1: Verification of Concurrent Programs Part 1: Decidability and Complexity Results Ahmed

Lecture 1: Verification of Concurrent Programs Part 1: Decidability and Complexity Results Ahmed Bouajjani LIAFA, University Paris Diderot Paris 7 VTSA, MPI-Saarbr ucken, September 2012 A. Bouajjani (LIAFA, UP7) Lecture 1: Concurrent

651 views • 61 slides
Local Verification of Global Invariants in Concurrent Programs Ernie Cohen 1 , Michal Moskal 2 ,

Local Verification of Global Invariants in Concurrent Programs Ernie Cohen 1 , Michal Moskal 2 ,

Local Verification of Global Invariants in Concurrent Programs Ernie Cohen 1 , Michal Moskal 2 , Wolfram Schulte 2 , Stephan Tobies 1 1 European Microsoft Innovation Center, Aachen 2 Microsoft Research, Redmond Presentation: Florian Besser

746 views • 27 slides
Mechanized Verification of Fine-grained Concurrent Programs Ilya Sergey Aleks Nanevski

Mechanized Verification of Fine-grained Concurrent Programs Ilya Sergey Aleks Nanevski

Mechanized Verification of Fine-grained Concurrent Programs Ilya Sergey Aleks Nanevski Anindya Banerjee PLDI 2015 Terminology Coarse-grained Concurrency synchronisation between threads via locks ; Fine-grained

973 views • 72 slides
Verification of Concurrent Systems Ahmed Bouajjani LIAFA, University Paris Diderot Paris 7

Verification of Concurrent Systems Ahmed Bouajjani LIAFA, University Paris Diderot Paris 7

Verification of Concurrent Systems Ahmed Bouajjani LIAFA, University Paris Diderot Paris 7 MOVEP12, CIRM, December 2012 A. Bouajjani (LIAFA, UP7) Verification of Concurrent Systems December 2012 1 / 42 Concurrent Programs Parallel

1.26k views • 112 slides
Viktor Vafeiadis Software Analysis &amp; Verification Full functional verification

Viktor Vafeiadis Software Analysis &amp; Verification Full functional verification

Viktor Vafeiadis Software Analysis &amp; Verification Full functional verification Compilers , concurrent programs , theorem provers Program equivalence / Compositional reasoning Compositional compiler verification

266 views • 3 slides
Verification of Parameterized Concurrent Programs By Modular Reasoning about Data and Control

Verification of Parameterized Concurrent Programs By Modular Reasoning about Data and Control

Verification of Parameterized Concurrent Programs By Modular Reasoning about Data and Control Zachary Kincaid Azadeh Farzan University of Toronto January 18, 2013 Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18,

751 views • 54 slides
From Concurrent Programs to Simulating Sequential Programs: Correctness of a Transformation VPT

From Concurrent Programs to Simulating Sequential Programs: Correctness of a Transformation VPT

From Concurrent Programs to Simulating Sequential Programs: Correctness of a Transformation VPT 2017 Allan Blanchard, Fr ed eric Loulergue, Nikolai Kosmatov April 29 th , 2017 From Concurrent Programs to Simulating Sequential Programs

488 views • 37 slides
Concurrent Datatype Verification Verifying lock free data types using CSP and FDR Jonathan

Concurrent Datatype Verification Verifying lock free data types using CSP and FDR Jonathan

Concurrent Datatype Verification 01 Concurrent Datatype Verification Verifying lock free data types using CSP and FDR Jonathan Lawrence jonathan.lawrence@cs.ox.ac.uk Concurrent Datatype Verification 02 Introduction Case study using

618 views • 27 slides
A Graph-Based Semantics Workbench for Concurrent Asynchronous Programs Alexander Heuner Chris

A Graph-Based Semantics Workbench for Concurrent Asynchronous Programs Alexander Heuner Chris

A Graph-Based Semantics Workbench for Concurrent Asynchronous Programs Alexander Heuner Chris Poskitt Otto-Friedrich-Universitt ETH Zrich Bamberg Dagstuhl, November 2015 Analysis (Verification) of Evolving Graph Structures 2 CP AH

370 views • 15 slides
Testing Concurrent Java Programs Using Randomized Scheduling Scott D. Stoller Computer Science

Testing Concurrent Java Programs Using Randomized Scheduling Scott D. Stoller Computer Science

Testing Concurrent Java Programs Using Randomized Scheduling Scott D. Stoller Computer Science Department State University of New York at Stony Brook http://www.cs.sunysb.edu/stoller/ 1 Goal Pillars of Run-Time Verification monitoring :

208 views • 18 slides
Software Specification and Verification in Rewriting Logic: Lecture 1 Jos e Meseguer Computer

Software Specification and Verification in Rewriting Logic: Lecture 1 Jos e Meseguer Computer

Software Specification and Verification in Rewriting Logic: Lecture 1 Jos e Meseguer Computer Science Department University of Illinois at Urbana-Champaign 1 Sequential vs. Concurrent Programs Programs come in many different languages and

1.82k views • 153 slides
Memory Consistency Models Virendra Singh Computer Architecture &amp; Dependable Systems Lab.

Memory Consistency Models Virendra Singh Computer Architecture &amp; Dependable Systems Lab.

Memory Consistency Models Virendra Singh Computer Architecture &amp; Dependable Systems Lab. Dept. of Electrical Engineering Indian Institute of Technology Bombay Courtesy: Sarita Adve University of Illinois at Urbana-Champaign CS-683:

2.14k views • 71 slides
The Java Memory Model Jaroslav Sev c k University of Edinburgh Supported by ITI

The Java Memory Model Jaroslav Sev c k University of Edinburgh Supported by ITI

The Java Memory Model Jaroslav Sev c k University of Edinburgh Supported by ITI Techmedia The Java Memory Model p. 1/30 Overview Part I : Motivation for weak memory models: Compromise between standard optimisations and

813 views • 46 slides
A CHR-Based Solver for Weak Memory Behaviors CSTVA 2016 Allan Blanchard 1 , 2 Nikolai Kosmatov

A CHR-Based Solver for Weak Memory Behaviors CSTVA 2016 Allan Blanchard 1 , 2 Nikolai Kosmatov

A CHR-Based Solver for Weak Memory Behaviors CSTVA 2016 Allan Blanchard 1 , 2 Nikolai Kosmatov 1 eric Loulergue 2 Fr ed 1 CEA LIST - Software Reliability Laboratory 2 Univ Orl eans, INSA Centre Val de Loire, LIFO Sequential Consistency

767 views • 43 slides
C++ 11 Memory Consistency Model Sebastian Gerstenberg NUMA Seminar 07.01.2015 Agenda 1.

C++ 11 Memory Consistency Model Sebastian Gerstenberg NUMA Seminar 07.01.2015 Agenda 1.

C++ 11 Memory Consistency Model Sebastian Gerstenberg NUMA Seminar 07.01.2015 Agenda 1. Sequential Consistency 2. Violation of Sequential Consistency Non-Atomic Operations Instruction Reordering 3. C++ 11 Memory Consistency

554 views • 27 slides
A classic locked-room mystery. Eve was in the false branch of a conditional the whole time, how

A classic locked-room mystery. Eve was in the false branch of a conditional the whole time, how

A classic locked-room mystery. Eve was in the false branch of a conditional the whole time, how could she do it ? Creative Commons Attribution-ShareAlike 4.0 Mozilla Research | DePaul University | U. California San Diego 3 January 2018 The

370 views • 33 slides
Concurrency and Memory Models Filip Sieczkowski Why concurrency? Moores law Every two

Concurrency and Memory Models Filip Sieczkowski Why concurrency? Moores law Every two

Concurrency and Memory Models Filip Sieczkowski Why concurrency? Moores law Every two years, the number of transistors in a dense integrated circuit doubles The keystone of microprocessor industry Physical limitations Finite

374 views • 20 slides
Distributed Memory and Cache Consistency Distributed Memory and Cache Consistency (some slides

Distributed Memory and Cache Consistency Distributed Memory and Cache Consistency (some slides

Distributed Memory and Cache Consistency Distributed Memory and Cache Consistency (some slides courtesy of Alvin Lebeck) Software DSM 101 Software DSM 101 Software-based distributed shared memory (DSM) provides an illusion of shared memory on

414 views • 12 slides
COMP 590-154: Computer Architecture Shared-Memory Multi-Processors Shared-Memory Multiprocessors

COMP 590-154: Computer Architecture Shared-Memory Multi-Processors Shared-Memory Multiprocessors

COMP 590-154: Computer Architecture Shared-Memory Multi-Processors Shared-Memory Multiprocessors Multiple threads use shared memory (address space) SysV Shared Memory or Threads in software Communication implicit via loads

548 views • 40 slides

More recommend