proof spaces for unbounded parallelism
play

Proof Spaces for Unbounded Parallelism Zachary Kincaid University - PowerPoint PPT Presentation

Apr 21, 2023 •310 likes •917 views

Proof Spaces for Unbounded Parallelism Zachary Kincaid University of Toronto January 16, 2015 Joint work with: Azadeh Farzan, University of Toronto Andreas Podelski, University of Freiburg Single template T executed by every thread

  1. Proof Spaces for Unbounded Parallelism Zachary Kincaid University of Toronto January 16, 2015 Joint work with: Azadeh Farzan, University of Toronto Andreas Podelski, University of Freiburg

  2. • Single template T executed by every thread • Goal: prove that a given program is free of (certain types of) errors. Multi-threaded program verification T Property Yes No Verifier Program N times T T T T N Diverge • Unbounded/unknown number of threads • E.g., webservers, computations parallelized over N processors, ...

  3. • Goal: prove that a given program is free of (certain types of) errors. Multi-threaded program verification T Property Yes No Verifier Program N times Diverge • Unbounded/unknown number of threads • E.g., webservers, computations parallelized over N processors, ... • Single template T executed by every thread T N = T ∥ T ∥· · · ∥ T � �� �

  4. Multi-threaded program verification Program T Property Yes No Verifier N times Diverge • Unbounded/unknown number of threads • E.g., webservers, computations parallelized over N processors, ... • Single template T executed by every thread T N = T ∥ T ∥· · · ∥ T � �� � • Goal: prove that a given program is free of (certain types of) errors.

  5. Multi-threaded program verification Program T Property Yes No Verifier N times Diverge • Unbounded/unknown number of threads • E.g., webservers, computations parallelized over N processors, ... • Single template T executed by every thread T N = T ∥ T ∥· · · ∥ T � �� � • Goal: prove that a given program is free of (certain types of) errors.

  6. global t : int // ticket counter global s : int // service counter local m : int // my ticket m := t++ // acquire ticket do { // busy wait } until (m <= s) // critical section s++ // bump service counter init s ≤ t

  7. Proving correctness of a trace of a multi-threaded program is easy. • Re-use sequential verification! Proving correctness of a multi-threaded program is hard. Program is correct each of its traces are correct. ∀ i , j ∈ Thread . pc ( i ) ̸ = init ∧ pc ( j ) ̸ = init ∧ m ( i ) = m ( j ) ⇒ i = j

  8. Proving correctness of a multi-threaded program is hard. Program is correct each of its traces are correct. ∀ i , j ∈ Thread . pc ( i ) ̸ = init ∧ pc ( j ) ̸ = init ∧ m ( i ) = m ( j ) ⇒ i = j Proving correctness of a trace of a multi-threaded program is easy. • Re-use sequential verification!

  9. Proving correctness of a multi-threaded program is hard. ∀ i , j ∈ Thread . pc ( i ) ̸ = init ∧ pc ( j ) ̸ = init ∧ m ( i ) = m ( j ) ⇒ i = j Proving correctness of a trace of a multi-threaded program is easy. • Re-use sequential verification! Program is correct ⇐ ⇒ each of its traces are correct.

  10. Proof Spaces

  11. init m := t++ by construction or approximation of fixpoints. POPL’77. P. Cousot & R. Cousot. Abstract interpretation: a unified lattice model for static analysis of programs T A. Henzinger, R. Jhala, R. Majumdar, K. L. McMillan. Abstractions from proofs. POPL’04 // bump service counter s++ // critical section } until (m <= s) // busy wait do { // acquire ticket // my ticket wait local m : int // service counter global s : int // ticket counter global t : int s++ [m > s] [m <= s] m := t++ exit crit P. Cousot. Abstracting Induction by Extrapolation and Interpolation. VMCAI’15. init s ≤ t

  12. init m := t++ by construction or approximation of fixpoints. POPL’77. P. Cousot & R. Cousot. Abstract interpretation: a unified lattice model for static analysis of programs T A. Henzinger, R. Jhala, R. Majumdar, K. L. McMillan. Abstractions from proofs. POPL’04 // bump service counter s++ // critical section } until (m <= s) // busy wait do { // acquire ticket // my ticket wait local m : int // service counter global s : int // ticket counter global t : int s++ [m > s] [m <= s] m := t++ exit crit P. Cousot. Abstracting Induction by Extrapolation and Interpolation. VMCAI’15. init s ≤ t

  13. init [m <= s] : 1 by construction or approximation of fixpoints. POPL’77. P. Cousot & R. Cousot. Abstract interpretation: a unified lattice model for static analysis of programs T A. Henzinger, R. Jhala, R. Majumdar, K. L. McMillan. Abstractions from proofs. POPL’04 Thread IDs Commands [m <= s] : 2 m := t++ : 2 wait m := t++ : 1 s++ [m > s] [m <= s] m := t++ exit crit P. Cousot. Abstracting Induction by Extrapolation and Interpolation. VMCAI’15. Error trace ∈ (Σ × N ) ∗

  14. Infeasible traces Feasible traces No corresponding executions At least one corresponding execution Error traces Error is reachable! Proof Space

  15. Infeasible traces Feasible traces No corresponding executions At least one corresponding execution Error traces Error is reachable! Proof Space

  16. Infeasible traces Feasible traces No corresponding executions At least one corresponding execution Error traces Error is reachable! Proof Space

  17. Infeasible traces Feasible traces No corresponding executions At least one corresponding execution Error traces Error is reachable! Proof Space

  18. Infeasible traces Feasible traces No corresponding executions At least one corresponding execution Error traces Error is reachable! Proof Space

  19. Infeasible traces Feasible traces No corresponding executions At least one corresponding execution Error traces Error is reachable! Proof Space

  20. Infeasible traces Feasible traces No corresponding executions At least one corresponding execution Error traces Error is reachable! Proof Space

  21. Infeasible traces Feasible traces No corresponding executions At least one corresponding execution Error traces Error is reachable! Proof Space

  22. Infeasible traces Feasible traces No corresponding executions At least one corresponding execution Error traces Error is reachable! Proof Space

  23. Infeasible traces Feasible traces No corresponding executions At least one corresponding execution Error traces Error is reachable! Proof Space

  24. init m by construction or approximation of fixpoints. POPL’77. P. Cousot & R. Cousot. Abstract interpretation: a unified lattice model for static analysis of programs T A. Henzinger, R. Jhala, R. Majumdar, K. L. McMillan. Abstractions from proofs. POPL’04 ... Dual narrowing, Abstract post, Craig interpolation, Intermediate assertions [m <= s] : 2 m m m s [m <= s] : 1 m wait m crit exit m := t++ [m <= s] [m > s] s++ m := t++ : 1 s m m t m := t++ : 2 s P. Cousot. Abstracting Induction by Extrapolation and Interpolation. VMCAI’15. { s ≤ t } { false }

  25. init m := t++ : 1 by construction or approximation of fixpoints. POPL’77. ... Intermediate assertions [m <= s] : 2 wait m := t++ : 2 [m <= s] : 1 m := t++ [m <= s] s++ crit [m > s] exit { s ≤ t } { s ≤ m (1) ∧ m (1) < t } Craig interpolation, 1 { s ≤ m (1) ∧ m (1) < m (2) } Abstract post, 2 Dual narrowing, 3 { s ≤ m (1) ∧ m (1) < m (2) } { false } 1 T A. Henzinger, R. Jhala, R. Majumdar, K. L. McMillan. Abstractions from proofs. POPL’04 2 P. Cousot & R. Cousot. Abstract interpretation: a unified lattice model for static analysis of programs 3 P. Cousot. Abstracting Induction by Extrapolation and Interpolation. VMCAI’15.

  26. “Small theorems” from sequential verifiers m := t++ : 1 m := t++ : 1 m := t++ : 2 [m <= s] : 2 s++ : 1 { s ≤ t } { s ≤ m (1) } { s ≤ m (1) ∧ m (1) < m (2) } { true } { false } { m (1) < t } { s ≤ m (1) ∧ m (1) < m (2) } { m (1) < t } { s ≤ m (2) } { m (1) < m (2) }

  27. Infeasible traces Feasible traces No corresponding executions At least one corresponding execution Error traces Error is reachable! Proof Space

  28. Infeasible traces Feasible traces No corresponding executions At least one corresponding execution Error traces Error is reachable! Proof Space

  29. Sequencing m := t++ : 1 m := t++ : 2 s t m := t++ : 1; m := t++ : 2 m m { s ≤ t } { m (1) < t } { m (1) < t } { m (1) < m (2) }

  30. Sequencing m := t++ : 1 m := t++ : 2 m := t++ : 1; m := t++ : 2 { s ≤ t } { s ≤ t } { m (1) < t } { m (1) < t } { m (1) < m (2) } { m (1) < m (2) }

  31. Symmetry N times [m <= s] : 2 T N = T ∥ T ∥· · · ∥ T � �� � { s ≤ m (1) ∧ m (1) < m (2) } { false }

  32. Symmetry N times [m <= s] : 2 [m <= s] : 1 T N = T ∥ T ∥· · · ∥ T � �� � { s ≤ m (1) ∧ m (1) < m (2) } { s ≤ m (2) ∧ m (2) < m (1) } [1 �→ 2] [2 �→ 1] { false } { false }

  33. Symmetry N times [m <= s] : 2 [m <= s] : 3 T N = T ∥ T ∥· · · ∥ T � �� � { s ≤ m (1) ∧ m (1) < m (2) } { s ≤ m (2) ∧ m (2) < m (3) } [1 �→ 2] [2 �→ 3] { false } { false }

  34. Conjunction m := t++ : 3 m := t++ : 3 m t m t m := t++ : 3 m m m m { m (1) < t } { m (2) < t } { m (1) < m (3) } { m (2) < m (3) }

  35. Conjunction m := t++ : 3 m := t++ : 3 m := t++ : 3 { m (1) < t } { m (2) < t } { m (1) < m (3) } { m (2) < m (3) } { m (1) < t ∧ m (2) < t } { m (1) < m (3) ∧ m (2) < m (3) }

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Linear structures of continuous, integrable and unbounded functions Pablo Jos e Gerlach Mena

Linear structures of continuous, integrable and unbounded functions Pablo Jos e Gerlach Mena

Previous Concepts Continuous, integrable and unbounded functions Sequence spaces Linear structures of continuous, integrable and unbounded functions Pablo Jos e Gerlach Mena Dpto. An alisis Matem atico Joint work with M.C.

359 views • 31 slides
Pervasive Parallelism Laboratory Stanford University ppl.stanford.edu Make parallelism

Pervasive Parallelism Laboratory Stanford University ppl.stanford.edu Make parallelism

Kunle Olukotun Pervasive Parallelism Laboratory Stanford University ppl.stanford.edu Make parallelism accessible to all programmers Parallelism is not for the average programmer Too difficult to find parallelism, to debug, maintain

593 views • 40 slides
CO444H parallelism Ben Livshits 1 Why Parallelism? One way to speed up a computation is to

CO444H parallelism Ben Livshits 1 Why Parallelism? One way to speed up a computation is to

Loops and CO444H parallelism Ben Livshits 1 Why Parallelism? One way to speed up a computation is to use parallelism. Unfortunately, it is not easy to develop software that can take advantage of parallel machines. Dividing the

659 views • 54 slides
Gromov hyperbolic spaces in proof assistants Sbastien Gouzel CNRS and LMJL, Universit de

Gromov hyperbolic spaces in proof assistants Sbastien Gouzel CNRS and LMJL, Universit de

Gromov hyperbolic spaces in proof assistants Sbastien Gouzel CNRS and LMJL, Universit de Nantes January 6, 2020 S. Gouzel and A. Karlsson, Subadditive and multiplicative ergodic theorems, Journal of the European Mathematical Society , to

774 views • 39 slides
Chapter 17: Parallel Databases Introduction I/O Parallelism Interquery Parallelism

Chapter 17: Parallel Databases Introduction I/O Parallelism Interquery Parallelism

' $ Chapter 17: Parallel Databases Introduction I/O Parallelism Interquery Parallelism Intraquery Parallelism Intraoperation Parallelism Interoperation Parallelism Design of Parallel Systems &amp; % Database Systems

341 views • 21 slides
Proof mining in -trees and hyperbolic spaces Laurent iu Leus tean TU Darmstadt, Germany

Proof mining in -trees and hyperbolic spaces Laurent iu Leus tean TU Darmstadt, Germany

1 Proof mining in -trees and hyperbolic spaces Laurent iu Leus tean TU Darmstadt, Germany and Institute of Mathematics Simion Stoilow of the Romanian Academy

237 views • 22 slides
New (and Old) Proof Systems for Lattice Problems Navid Alamati Chris Peikert Noah

New (and Old) Proof Systems for Lattice Problems Navid Alamati Chris Peikert Noah

New (and Old) Proof Systems for Lattice Problems Navid Alamati Chris Peikert Noah Stephens-Davidowitz PKC 2018 1 / 13 Zero-Knowledge Proofs [GoldwasserMicaliRackoff85] A protocol allowing an unbounded Prover P to convince a skeptical,

960 views • 68 slides
CSCI341 Lecture 37, Introduction to Parallelism PIPELINING Exploits potential parallelism

CSCI341 Lecture 37, Introduction to Parallelism PIPELINING Exploits potential parallelism

CSCI341 Lecture 37, Introduction to Parallelism PIPELINING Exploits potential parallelism among instructions. Instruction-level parallelism INSTRUCTION-LEVEL PARALLELISM Increase depth of pipeline (greater overlap of

646 views • 26 slides
CS 5220: Locality and parallelism in simulations I David Bindel 2017-09-12 1 Parallelism and

CS 5220: Locality and parallelism in simulations I David Bindel 2017-09-12 1 Parallelism and

CS 5220: Locality and parallelism in simulations I David Bindel 2017-09-12 1 Parallelism and locality Real world exhibits parallelism and locality Particles, people, etc function independently Nearby objects interact more strongly

443 views • 25 slides
Plan Parallelism Complexity Measures 1 Multithreaded Parallelism and Performance Measures cilk

Plan Parallelism Complexity Measures 1 Multithreaded Parallelism and Performance Measures cilk

Plan Parallelism Complexity Measures 1 Multithreaded Parallelism and Performance Measures cilk for Loops 2 Marc Moreno Maza Scheduling Theory and Implementation 3 University of Western Ontario, London, Ontario (Canada) Measuring Parallelism

531 views • 16 slides
3515ICT Theory of Computation Some sample proofs 4-0 Proof types 1. Proof

3515ICT Theory of Computation Some sample proofs 4-0 Proof types 1. Proof

Griffith University 3515ICT Theory of Computation Some sample proofs 4-0 Proof types 1. Proof by construction 2. Proof by equivalence 3. Proof by contradiction 4. Proof by case analysis 5. Proof by induction

549 views • 11 slides
Opportunities for Parallelism Dr. Michael K. Bane HIGH END COMPUTE Questions 1. What do you

Opportunities for Parallelism Dr. Michael K. Bane HIGH END COMPUTE Questions 1. What do you

Opportunities for Parallelism Dr. Michael K. Bane HIGH END COMPUTE Questions 1. What do you understand by &quot;parallelism&quot; 2. How/where is parallelism in computers? Parallel / parallelism Concurrent / concurrency Many things

827 views • 27 slides
Chapter 14: Fourier Transforms and Boundary Value Problems in an Unbounded Region Department of

Chapter 14: Fourier Transforms and Boundary Value Problems in an Unbounded Region Department of

Fourier Transforms BVPs in an Unbounded Region Chapter 14: Fourier Transforms and Boundary Value Problems in an Unbounded Region Department of Electrical Engineering National Taiwan University ihwang@ntu.edu.tw December 25, 2013 1 / 27

459 views • 27 slides
Hardware Parallelism vs. Software Parallelism USENIX Workshop on Hot Topics in Parallelism March

Hardware Parallelism vs. Software Parallelism USENIX Workshop on Hot Topics in Parallelism March

Hardware Parallelism vs. Software Parallelism USENIX Workshop on Hot Topics in Parallelism March 30, 2009 Billions of transistors Hardware Parallelism vs. Software Parallelism USENIX Workshop on Hot Topics in Parallelism March 30, 2009 Multicore

469 views • 23 slides
Advanced OpenMP Lecture 6: Nested parallelism Nested parallelism Nested parallelism is

Advanced OpenMP Lecture 6: Nested parallelism Nested parallelism Nested parallelism is

Advanced OpenMP Lecture 6: Nested parallelism Nested parallelism Nested parallelism is supported in OpenMP. If a PARALLEL directive is encountered within another PARALLEL directive, a new team of threads will be created. This is

242 views • 11 slides
Parallelism vs. Concurrency Key concerns Concurrency: Parallelism: Correctly

Parallelism vs. Concurrency Key concerns Concurrency: Parallelism: Correctly

12/9/15 Parallelism vs. Concurrency Key concerns Concurrency: Parallelism: Correctly and efficiently manage Use extra resources to access to shared resources solve a problem

431 views • 3 slides
Foundations of Computer Science Lecture 4 Proofs Proving If . . . then . . .

Foundations of Computer Science Lecture 4 Proofs Proving If . . . then . . .

Foundations of Computer Science Lecture 4 Proofs Proving If . . . then . . . (Implication): Direct proof; Contraposition Contradiction Proofs About Sets Last Time 1 How to make precise statements. 2 Quantifiers which allow us to make

1.47k views • 98 slides
Whats on todays menu? F Wrap up of Proof Techniques F Review of Chapter 1 F Introduction to

Whats on todays menu? F Wrap up of Proof Techniques F Review of Chapter 1 F Introduction to

Whats on todays menu? F Wrap up of Proof Techniques F Review of Chapter 1 F Introduction to Sets R. Rao, CSE 311 Chapter 1 review 1 Existence Proofs F Goal: Prove x P( x ) 1 st way: F Two ways: 2 nd way: Constructive proof Destructive

264 views • 5 slides
! Proving!(or!Attacking)!Lost!Profits! Damages!in!Trade!Secrets!and!Other!Cases! !

! Proving!(or!Attacking)!Lost!Profits! Damages!in!Trade!Secrets!and!Other!Cases! !

! Proving!(or!Attacking)!Lost!Profits! Damages!in!Trade!Secrets!and!Other!Cases! ! Texas!Bar!CLE!!Live!Webcast! ! ! ! ! Kelly!Leonard! ! ! Strasburger*&amp;*Price* ! Moderator:!Zach!Wolfe! ! ! Fleckman*&amp;*McGlynn !

515 views • 16 slides
Data Refinement: model-oriented proof methods and their comparison Willem-Paul de Roever

Data Refinement: model-oriented proof methods and their comparison Willem-Paul de Roever

Data Refinement: model-oriented proof methods and their comparison Willem-Paul de Roever University of Kiel, Germany SYNCHRON 2003 Marseille-Luminy, France December 15, 2003 1 Overview Refinement Data refinement Simulation

964 views • 58 slides
MAT 137 LEC 0601 Instructor: Alessandro Malus TA: Muhammad Mohid September 18th, 2020

MAT 137 LEC 0601 Instructor: Alessandro Malus TA: Muhammad Mohid September 18th, 2020

MAT 137 LEC 0601 Instructor: Alessandro Malus TA: Muhammad Mohid September 18th, 2020 Warm-up question : Is this a good definition? Definition We say that x is brutal if a &lt; x 2 , a is even. Why all this fuss about quantifiers

549 views • 31 slides
Gdels Incompleteness Theorems Dont stress, Kurt, its easy! Proving the famous

Gdels Incompleteness Theorems Dont stress, Kurt, its easy! Proving the famous

15-252: More Great Ideas in Theoretical Computer Science Fall 2017 Gdels Incompleteness Theorems Dont stress, Kurt, its easy! Proving the famous Gdel Incompleteness Theorems is easy if you use computer science. Its a

998 views • 78 slides
Proof-Carrying Code GEORGE C. NECULA , POPL 97 PRESENTED BY TOM MAGRINO AND MENTORED BY ETHAN

Proof-Carrying Code GEORGE C. NECULA , POPL 97 PRESENTED BY TOM MAGRINO AND MENTORED BY ETHAN

Proof-Carrying Code GEORGE C. NECULA , POPL 97 PRESENTED BY TOM MAGRINO AND MENTORED BY ETHAN CECCHETTI IN GREAT WORKS IN PL, APRIL 16 TH , 2019 How can you trust that code you downloaded? Context Similar motivation to TAL: Want

155 views • 14 slides
Theorem Proving and Testing for Autonomous Systems Kerstin Eder University of Bristol and

Theorem Proving and Testing for Autonomous Systems Kerstin Eder University of Bristol and

Theorem Proving and Testing for Autonomous Systems Kerstin Eder University of Bristol and Bristol Robotics Laboratory Verification and Validation for Safety in Robots To develop techniques and methodologies that can be used to design

476 views • 45 slides

More recommend