proving liveness of parameterized programs
play

Proving Liveness of Parameterized Programs Zachary Kincaid - PowerPoint PPT Presentation

Apr 07, 2024 •316 likes •884 views

Proving Liveness of Parameterized Programs Zachary Kincaid University of Toronto & Princeton University July 5, 2016 Joint work with: Azadeh Farzan, University of Toronto Andreas Podelski, University of Freiburg no matter how many

  1. Proving Liveness of Parameterized Programs Zachary Kincaid University of Toronto & Princeton University July 5, 2016 Joint work with: Azadeh Farzan, University of Toronto Andreas Podelski, University of Freiburg

  2. • no matter how many threads there are • automatically // busy wait Goal: Prove that no thread starves } // bump service counter s++ // critical section } until (m <= s) global t : int // ticket counter // acquire ticket m := t++ do forever { // my ticket local m : int // service counter global s : int do { init s = t

  3. • no matter how many threads there are • automatically // busy wait Goal: Prove that no thread starves } // bump service counter s++ // critical section } until (m <= s) global t : int // ticket counter // acquire ticket m := t++ do forever { // my ticket local m : int // service counter global s : int do { init s = t

  4. • automatically // ticket counter Goal: Prove that no thread starves } // bump service counter s++ // critical section } until (m <= s) // busy wait global t : int // acquire ticket m := t++ do forever { // my ticket local m : int // service counter global s : int do { init s = t • no matter how many threads there are

  5. global t : int // ticket counter Goal: Prove that no thread starves } // bump service counter s++ // critical section } until (m <= s) // busy wait do { // acquire ticket m := t++ do forever { // my ticket local m : int // service counter global s : int init s = t • no matter how many threads there are • automatically

  6. A parameterized concurrent program, P : instructions (in some programming language). Call the set of of which execute P . m:=t++ [m>=s] s++ [m<s] • thread template = finite directed graph with edges labeled by instructions Σ . • For any N ∈ N , P ( N ) denotes the program with N identical threads, all

  7. • Associate linear-time property • Associate P N w/ set of traces • Program traces • P correct is infeasible. P every error trace in P N N P corresponding to interleaved paths through the thread template Program instructions N P N that satisfy it. w/ set of traces Thread identifiers A trace is a sequence τ = ⟨ σ 1 : i 1 ⟩⟨ σ 2 : i 2 ⟩ ... ∈ ( Σ × N ) ω

  8. • Associate P N w/ set of traces • Program traces • P correct Program instructions Thread identifiers P N N corresponding to interleaved paths through the thread template P N P N every error trace in P is infeasible. A trace is a sequence τ = ⟨ σ 1 : i 1 ⟩⟨ σ 2 : i 2 ⟩ ... ∈ ( Σ × N ) ω • Associate linear-time property Φ w/ set of traces L (Φ) that satisfy it.

  9. • Program traces • P correct Program instructions Thread identifiers corresponding to interleaved paths through the thread template P N P N every error trace in P is infeasible. A trace is a sequence τ = ⟨ σ 1 : i 1 ⟩⟨ σ 2 : i 2 ⟩ ... ∈ ( Σ × N ) ω • Associate linear-time property Φ w/ set of traces L (Φ) that satisfy it. • Associate P ( N ) w/ set of traces L ( P ( N )) ⊆ (Σ × { 1 , ..., N } ) ω

  10. • P correct Program instructions Thread identifiers corresponding to interleaved paths through the thread template N every error trace in P is infeasible. A trace is a sequence τ = ⟨ σ 1 : i 1 ⟩⟨ σ 2 : i 2 ⟩ ... ∈ ( Σ × N ) ω • Associate linear-time property Φ w/ set of traces L (Φ) that satisfy it. • Associate P ( N ) w/ set of traces L ( P ( N )) ⊆ (Σ × { 1 , ..., N } ) ω ∪ • Program traces L ( P ) = L ( P ( N ))

  11. Program instructions Thread identifiers corresponding to interleaved paths through the thread template N A trace is a sequence τ = ⟨ σ 1 : i 1 ⟩⟨ σ 2 : i 2 ⟩ ... ∈ ( Σ × N ) ω • Associate linear-time property Φ w/ set of traces L (Φ) that satisfy it. • Associate P ( N ) w/ set of traces L ( P ( N )) ⊆ (Σ × { 1 , ..., N } ) ω ∪ • Program traces L ( P ) = L ( P ( N )) • P correct ⇐ ⇒ every error trace in L ( P ) \ L (Φ) is infeasible.

  12. Infeasible traces Feasible traces No corresponding executions At least one corresponding execution Error traces Property fails! Proof Generalization

  13. Infeasible traces Feasible traces No corresponding executions At least one corresponding execution Error traces Property fails! Proof Generalization

  14. Infeasible traces Feasible traces No corresponding executions At least one corresponding execution Error traces Property fails! Proof Generalization

  15. Infeasible traces Feasible traces No corresponding executions At least one corresponding execution Error traces Property fails! Proof Generalization

  16. Infeasible traces Feasible traces No corresponding executions At least one corresponding execution Error traces Property fails! Proof Generalization

  17. Infeasible traces Feasible traces No corresponding executions At least one corresponding execution Error traces Property fails! Proof Generalization

  18. Infeasible traces Feasible traces No corresponding executions At least one corresponding execution Error traces Property fails! Proof Generalization

  19. Infeasible traces Feasible traces No corresponding executions At least one corresponding execution Error traces Property fails! Proof Generalization

  20. Infeasible traces Feasible traces No corresponding executions At least one corresponding execution Error traces Property fails! Proof Generalization

  21. Infeasible traces Feasible traces No corresponding executions At least one corresponding execution Error traces Property fails! Proof Generalization

  22. • Concurrency: Same proof applies to many interleavings. • Parameterization: Same proof applies to many instantiations. Two key problems: 1 How do we generalize proofs? 2 How do we check that a proof is complete? • P H R : inclusion between infinite sets of infinite words over an infinite alphabet

  23. • Parameterization: Same proof applies to many instantiations. Two key problems: 1 How do we generalize proofs? 2 How do we check that a proof is complete? • P H R : inclusion between infinite sets of infinite words over an infinite alphabet • Concurrency: Same proof applies to many interleavings.

  24. Two key problems: 1 How do we generalize proofs? 2 How do we check that a proof is complete? • P H R : inclusion between infinite sets of infinite words over an infinite alphabet • Concurrency: Same proof applies to many interleavings. • Parameterization: Same proof applies to many instantiations.

  25. Invariance proof m:=t++ old s m:=t++ old s s m old s Variance proof s t true s m:=t++ true [m>s] true [m<=s] true s++ true m:=t++ true m old s s Loop old s m s old s [m<=s] old s m s old s [m>s] s++ old s Stem ⟨ m:=t++ : 1 ⟩⟨ m:=t++ : 2 ⟩ ( ⟨ [m>s] : 2 ⟩⟨ [m<=s] : 1 ⟩⟨ s++ : 1 ⟩⟨ m:=t++ : 1 ⟩ ) ω � �� � � �� �

  26. Invariance proof true s t m:=t++ true m:=t++ true [m>s] Loop Variance proof [m<=s] true s++ true Stem m:=t++ true Ranking formula ⟨ m:=t++ : 1 ⟩⟨ m:=t++ : 2 ⟩ ( ⟨ [m>s] : 2 ⟩⟨ [m<=s] : 1 ⟩⟨ s++ : 1 ⟩⟨ m:=t++ : 1 ⟩ ) ω � �� � � �� � { old ( s ) = s } ⟨ [m>s] : 2 ⟩ { old ( s ) = s ∧ m (2) ≥ old ( s ) } ⟨ [m<=s] : 1 ⟩ { old ( s ) = s ∧ m (2) ≥ old ( s ) } ⟨ s++ : 1 ⟩ { old ( s ) < s ∧ m (2) ≥ old ( s ) } ⟨ m:=t++ : 1 ⟩ { old ( s ) < s ∧ m (2) ≥ old ( s ) }

  27. Invariance proof Stem Variance proof Loop ⟨ m:=t++ : 1 ⟩⟨ m:=t++ : 2 ⟩ ( ⟨ [m>s] : 2 ⟩⟨ [m<=s] : 1 ⟩⟨ s++ : 1 ⟩⟨ m:=t++ : 1 ⟩ ) ω � �� � � �� � { s = t } ⟨ m:=t++ : 1 ⟩ { true } ⟨ m:=t++ : 2 ⟩ { old ( s ) = s } { true } ⟨ [m>s] : 2 ⟩ ⟨ [m>s] : 2 ⟩ { old ( s ) = s ∧ m (2) ≥ old ( s ) } { true } ⟨ [m<=s] : 1 ⟩ ⟨ [m<=s] : 1 ⟩ { old ( s ) = s ∧ m (2) ≥ old ( s ) } { true } ⟨ s++ : 1 ⟩ ⟨ s++ : 1 ⟩ { old ( s ) < s ∧ m (2) ≥ old ( s ) } { true } ⟨ m:=t++ : 1 ⟩ ⟨ m:=t++ : 1 ⟩ { old ( s ) < s ∧ m (2) ≥ old ( s ) } { true }

  28. { old ( s ) = s } { old ( s ) = s } { ϕ } ⟨ [m>s] : 2 ⟩ ⟨ s++ : 1 ⟩ ⟨ σ : i ⟩ { m (2) ≥ old ( s ) } { old ( s ) < s } { ϕ }

  29. Sequencing m := t++ : 1 m := t++ : 2 s t m := t++ : 1; m := t++ : 2 m m { s ≤ t } { m (1) < t } { m (1) < t } { m (1) < m (2) }

  30. Sequencing m := t++ : 1 m := t++ : 2 m := t++ : 1; m := t++ : 2 { s ≤ t } { s ≤ t } { m (1) < t } { m (1) < t } { m (1) < m (2) } { m (1) < m (2) }

  31. Symmetry N times [m <= s] : 2 P ( N ) = P ∥ P ∥· · · ∥ P � �� � { s ≤ m (1) ∧ m (1) < m (2) } { false }

  32. Symmetry N times [m <= s] : 2 [m <= s] : 1 P ( N ) = P ∥ P ∥· · · ∥ P � �� � { s ≤ m (1) ∧ m (1) < m (2) } { s ≤ m (2) ∧ m (2) < m (1) } [1 �→ 2] [2 �→ 1] { false } { false }

  33. Symmetry N times [m <= s] : 2 [m <= s] : 3 P ( N ) = P ∥ P ∥· · · ∥ P � �� � { s ≤ m (1) ∧ m (1) < m (2) } { s ≤ m (2) ∧ m (2) < m (3) } [1 �→ 2] [2 �→ 3] { false } { false }

  34. Conjunction m := t++ : 3 m := t++ : 3 m t m t m := t++ : 3 m m m m { m (1) < t } { m (2) < t } { m (1) < m (3) } { m (2) < m (3) }

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

On proving liveness properties of programs Alexey Gotsman University of Cambridge joint work

On proving liveness properties of programs Alexey Gotsman University of Cambridge joint work

On proving liveness properties of programs Alexey Gotsman University of Cambridge joint work with Byron Cook, Andreas Podelski, and Andrey Rybalchenko BCTCS06, 6 April 2006 State-of-the-art Systems Model checking Abstraction Properties

484 views • 13 slides
Liveness of Randomised Parameterised Systems under Arbitrary Schedulers Anthony W. Lin and

Liveness of Randomised Parameterised Systems under Arbitrary Schedulers Anthony W. Lin and

Liveness of Randomised Parameterised Systems under Arbitrary Schedulers Anthony W. Lin and Philipp Ruemmer Summary of results Automatic method for proving liveness for randomised parameterised systems, e.g., Randomised Self-Stabilising

484 views • 45 slides
Ch. 10 Avoiding Liveness Hazards J ESPER P EDERSEN N OTANDER Liveness and Safety A liveness

Ch. 10 Avoiding Liveness Hazards J ESPER P EDERSEN N OTANDER Liveness and Safety A liveness

Ch. 10 Avoiding Liveness Hazards J ESPER P EDERSEN N OTANDER Liveness and Safety A liveness property, something good eventually happens. e.g. program termination. A safety property, something bad never happens. e.g.

338 views • 16 slides
Safety and Liveness Defining Programs Variables with respective domain State space of

Safety and Liveness Defining Programs Variables with respective domain State space of

Safety and Liveness Defining Programs Variables with respective domain State space of the program Program actions Guarded commands Program computation &lt;s 0 , s 1 , s 2 , &gt; (s j-1 , s j ) is permitted by

875 views • 45 slides
Parameterized Programs CS256/Spring 2008 Lecture #09 Zohar Manna 0 : loop

Parameterized Programs CS256/Spring 2008 Lecture #09 Zohar Manna 0 : loop

Parameterized Programs CS256/Spring 2008 Lecture #09 Zohar Manna 0 : loop forever do Chapter 2 1 : noncritical Invariance: Applications 2 : request y

150 views • 14 slides
Proving the Equivalence of Higher-Order Terms by Means of Supercompilation Ilya Klyuchnikov and

Proving the Equivalence of Higher-Order Terms by Means of Supercompilation Ilya Klyuchnikov and

Introduction Proving properties of programs Proving equality and equivalence Applications Summary Proving the Equivalence of Higher-Order Terms by Means of Supercompilation Ilya Klyuchnikov and Sergei Romanenko Keldysh Institute of Applied

588 views • 31 slides
An Application of Ramseys Theorem to Proving Programs Terminate: An Exposition William

An Application of Ramseys Theorem to Proving Programs Terminate: An Exposition William

An Application of Ramseys Theorem to Proving Programs Terminate: An Exposition William Gasarch-U of MD Who is Who 1. Work by 1.1 Floyd, 1.2 Byron Cook, Andreas Podelski, Andrey Rybalchenko, 1.3 Lee, Jones, Ben-Amram 1.4 Others 2.

779 views • 38 slides
From Traces To Proofs: Proving Concurrent Programs Safe S. Arun-Kumar (Joint work with Chinmay

From Traces To Proofs: Proving Concurrent Programs Safe S. Arun-Kumar (Joint work with Chinmay

From Traces To Proofs: Proving Concurrent Programs Safe S. Arun-Kumar (Joint work with Chinmay Narayan, Subodh Sharma, and Shibashis Guha) Indian Institute of Technology Delhi TASE-2016 S. Arun-Kumar From Traces To Proofs: Proving Concurrent

671 views • 44 slides
Proving Correctness of Graph Programs Relative to Recursively Nested Conditions Nils Erik Flick

Proving Correctness of Graph Programs Relative to Recursively Nested Conditions Nils Erik Flick

Proving Correctness of Graph Programs Relative to Recursively Nested Conditions Nils Erik Flick Universitt Oldenburg February 2017 Intro Correctness Results Rel. Work Conclusion Extras Outline Correctness and Graph Programs 1

354 views • 24 slides
Hoare Logic: Proving Programs Correct 17-654/17-765 Analysis of Software Artifacts Jonathan

Hoare Logic: Proving Programs Correct 17-654/17-765 Analysis of Software Artifacts Jonathan

Hoare Logic: Proving Programs Correct 17-654/17-765 Analysis of Software Artifacts Jonathan Aldrich Reading: C.A.R. Hoare, An Axiomatic Basis for Computer Programming Some presentation ideas from a lecture by K. Rustan M. Leino Testing and

392 views • 23 slides
Customised Induction Rules for Proving Correctness of Imperative Programs Angela Wallenburg

Customised Induction Rules for Proving Correctness of Imperative Programs Angela Wallenburg

Customised Induction Rules for Proving Correctness of Imperative Programs Angela Wallenburg angelaw@cs.chalmers.se 4th International Symposium June 9, 2005, L okeberg Outline 1. Problem: Induction and Loops 2. First approach: Use idea

821 views • 34 slides
Parameterized Complexity of Integer Linear Programming (ILP) Sebastian Ordyniak Parameterized

Parameterized Complexity of Integer Linear Programming (ILP) Sebastian Ordyniak Parameterized

Parameterized Complexity of Integer Linear Programming (ILP) Sebastian Ordyniak Parameterized Graph Algorithms &amp; Data Reduction (Shonan Meeting 144, 2019) 1 / 62 Integer Linear Programming (ILP) archetypical problem for NP -complete

1.25k views • 88 slides
An Axiomatic Approach to Liveness for Differential Equations Yong Kiam Tan Andr e Platzer

An Axiomatic Approach to Liveness for Differential Equations Yong Kiam Tan Andr e Platzer

An Axiomatic Approach to Liveness for Differential Equations Yong Kiam Tan Andr e Platzer Computer Science Department, Carnegie Mellon University FM, 10th Oct 2019 1 Outline Motivation 1 Logical Approach to ODE Liveness 2 Concrete

1.09k views • 63 slides
Proving Termination of Imperative Programs using Max-SMT Daniel Larraz, Albert Oliveras, Enric

Proving Termination of Imperative Programs using Max-SMT Daniel Larraz, Albert Oliveras, Enric

Introduction SMT/Max-SMT solving Invariant generation Termination analysis Further work Proving Termination of Imperative Programs using Max-SMT Daniel Larraz, Albert Oliveras, Enric Rodr guez-Carbonell and Albert Rubio Universitat

1.18k views • 73 slides
Liveness Checking as Safety Checking FMICS, July 12 13, Malaga, Spain Armin Biere, Cyrille

Liveness Checking as Safety Checking FMICS, July 12 13, Malaga, Spain Armin Biere, Cyrille

Liveness Checking as Safety Checking FMICS, July 12 13, Malaga, Spain Armin Biere, Cyrille Artho, Viktor Schuppan http://www.inf.ethz.ch/schuppan/ Safety vs. Liveness 1 Safety Liveness Something bad will not Something good will

480 views • 31 slides
Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs

Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs

Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs Birkbeck, University of London joint work with Cynthia Kop (U Copenhagen) and Naoki Nishida (U Nagoya) Workshop on Program Equivalence, London, UK 11

2.1k views • 197 slides
The webinar will start soon Prayer for the World during the Outbreak of the Coronavirus Icon of

The webinar will start soon Prayer for the World during the Outbreak of the Coronavirus Icon of

The webinar will start soon Prayer for the World during the Outbreak of the Coronavirus Icon of Jesus the Healer Lord Jesus Christ, you travelled through towns and villages curing every disease and illness. At your command, the sick were

900 views • 62 slides
Exploring Next-Generation Cloud Platforms Prof. Miriam Leeser Department of Electrical and

Exploring Next-Generation Cloud Platforms Prof. Miriam Leeser Department of Electrical and

Testbed for the Research Community Exploring Next-Generation Cloud Platforms Prof. Miriam Leeser Department of Electrical and Computer Engineering Northeastern University Boston, MA mel@coe.neu.edu Open Cloud Testbed: Developing a Testbed

657 views • 23 slides
&quot;Bump-In-the-Host&quot; (BIH) draft-huang-behave-bih-00 Bill Huang (CMCC) Hui Deng (CMCC)

&quot;Bump-In-the-Host&quot; (BIH) draft-huang-behave-bih-00 Bill Huang (CMCC) Hui Deng (CMCC)

Dual Stack Hosts Using &quot;Bump-In-the-Host&quot; (BIH) draft-huang-behave-bih-00 Bill Huang (CMCC) Hui Deng (CMCC) Teemu Savolainen (Nokia) - presenting Behave WG meeting @ IETF#78 26-July-2010 1 Earlier work RFC 2767 Dual Stack Hosts

332 views • 12 slides
Texture and other Mappings Texture Mapping Bump Mapping Displacement Mapping Environment

Texture and other Mappings Texture Mapping Bump Mapping Displacement Mapping Environment

Texture and other Mappings Texture Mapping Bump Mapping Displacement Mapping Environment Mapping Example: Checkerboard Particularly severe problems in regular textures 1 The Beginnings of a Solution: Mipmapping Pre-calculate how

552 views • 14 slides
and Spectrum from Daya Bay Jianrun Hu On behalf of the Daya Bay Collaboration Institute of High

and Spectrum from Daya Bay Jianrun Hu On behalf of the Daya Bay Collaboration Institute of High

Latest Results of the Neutrino Flux and Spectrum from Daya Bay Jianrun Hu On behalf of the Daya Bay Collaboration Institute of High Energy Physics, China Rencontres de Moriond, March 21 st , 2019 Reactor Antineutrino Electron antineutrinos

323 views • 21 slides
Childrens Coverage in Florida: A Closer Look at Medicaid and the Childrens Health Insurance

Childrens Coverage in Florida: A Closer Look at Medicaid and the Childrens Health Insurance

Childrens Coverage in Florida: A Closer Look at Medicaid and the Childrens Health Insurance Program September 22, 2017 Rate of Uninsured Children: Florida vs. National 14.8% 12.7% 11.9% 11.1% 10.9% 9.3% 8.6% 8.0% 7.5% 7.2% 7.1%

518 views • 26 slides
Bayesian networks Chapter 14.13 Chapter 14.13 1 Outline Syntax Semantics

Bayesian networks Chapter 14.13 Chapter 14.13 1 Outline Syntax Semantics

Bayesian networks Chapter 14.13 Chapter 14.13 1 Outline Syntax Semantics Parameterized distributions Chapter 14.13 2 Bayesian networks A simple, graphical notation for conditional independence assertions and hence for

541 views • 29 slides
CS440/ECE448 Lecture 15: Bayesian Networks By Mark Hasegawa-Johnson, 2/2020 With some slides by

CS440/ECE448 Lecture 15: Bayesian Networks By Mark Hasegawa-Johnson, 2/2020 With some slides by

CS440/ECE448 Lecture 15: Bayesian Networks By Mark Hasegawa-Johnson, 2/2020 With some slides by Svetlana Lazebnik, 9/2017 License: CC-BY 4.0 You may redistribute or remix if you cite the source. Review: Bayesian inference A general

444 views • 33 slides

More recommend