relaxed memory concurrency and verified compilation
play

Relaxed memory concurrency and verified compilation Viktor - PowerPoint PPT Presentation

Feb 07, 2024 •323 likes •852 views

Relaxed memory concurrency and verified compilation Viktor Vafeiadis Max Planck Institute for Software Systems (MPI-SWS) Full functional verification Method: Come up with a complete specification of the program Prove the program

  1. Relaxed memory concurrency and verified compilation Viktor Vafeiadis Max Planck Institute for Software Systems (MPI-SWS)

  2. Full functional verification Method: — Come up with a complete specification of the program — Prove the program adheres to its spec As a researcher, do functional verification when: Correctness important ∧ Specification possible ∧ Proof interesting Aim : Develop “the right tools” for doing the proofs (program logics, abstract domains, lemmas, tactics, ...)

  3. Compilers are ideal for verification Compiler source program (e.g., C) target program (e.g., x86) Compilers are: — Basic computing infrastructure — Generally reliable, but nevertheless contain many bugs e.g., Yang et al. [PLDI 2011] found 79 gcc & 202 llvm bugs — “Specifiable”: compiler correctness = preservation of behaviours — Interesting: naturally higher-order, involve clever algorithms — Big, but modular

  4. Sequential consistency (SC) MOV [x] ← 1 MOV [y] ← 1 MOV EAX ← [y] MOV EBX ← [x] ... Thread Thread Shared Memory — Thread actions are interleaved — Does not correspond to modern hardware

  5. x86 concurrency MOV [x] ← 1 MOV [y] ← 1 MOV EAX ← [y] MOV EBX ← [x] ... Thread Thread Shared Memory — Can return EAX = 0 and EBX = 0 — Interleaving insufficient: “store buffering” (TSO memory model)

  6. Store buffering MOV [x] ← 1 MOV [y] ← 1 MOV EAX ← [y] MOV EBX ← [x] ... Thread Thread EAX : 32 EBX : 47 Write Write Buffer Buffer Shared Memory x : 0 y : 0 x : 0 y : 0

  7. Store buffering MOV [x] ← 1 MOV [y] ← 1 MOV EAX ← [y] MOV EBX ← [x] ... Thread Thread EAX : 32 EBX : 47 Write Write Buffer Buffer x:1 Shared Memory x : 0 y : 0

  8. Store buffering MOV [x] ← 1 MOV [y] ← 1 MOV EAX ← [y] MOV EBX ← [x] ... Thread Thread EAX : 32 EBX : 47 Write Write Buffer Buffer x:1 y:1 Shared Memory x : 0 y : 0

  9. Store buffering MOV [x] ← 1 MOV [y] ← 1 MOV EAX ← [y] MOV EBX ← [x] ... Thread Thread EAX : 0 EBX : 47 Write Write Buffer Buffer x:1 y:1 Shared Memory x : 0 y : 0

  10. Store buffering MOV [x] ← 1 MOV [y] ← 1 MOV EAX ← [y] MOV EBX ← [x] ... Thread Thread EAX : 0 EBX : 0 Write Write Buffer Buffer x:1 y:1 Shared Memory x : 0 y : 0

  11. Store buffering MOV [x] ← 1 MOV [y] ← 1 MOV EAX ← [y] MOV EBX ← [x] ... Thread Thread EAX : 0 EBX : 0 Write Write Buffer Buffer y:1 Shared Memory x : 1 y : 0

  12. Store buffering MOV [x] ← 1 MOV [y] ← 1 MOV EAX ← [y] MOV EBX ← [x] ... Thread Thread EAX : 0 EBX : 0 Write Write Buffer Buffer Shared Memory x : 1 y : 1

  13. An alternative explanation: Load prefetching MOV [x] ← 1 MOV [y] ← 1 MOV EAX ← [y] MOV EBX ← [x] ... Thread Thread EAX : 32 EBX : 47 Prefetch Prefetch Buffer Buffer Shared Memory x : 0 y : 0

  14. An alternative explanation: Load prefetching MOV [x] ← 1 MOV [y] ← 1 MOV EAX ← [y] MOV EBX ← [x] ... Thread Thread EAX : 32 EBX : 47 y:0 Prefetch Prefetch Buffer Buffer Shared Memory x : 0 y : 0

  15. An alternative explanation: Load prefetching MOV [x] ← 1 MOV [y] ← 1 MOV EAX ← [y] MOV EBX ← [x] ... Thread Thread EAX : 32 EBX : 47 y:0 x:0 Prefetch Prefetch Buffer Buffer Shared Memory x : 0 y : 0

  16. An alternative explanation: Load prefetching MOV [x] ← 1 MOV [y] ← 1 MOV EAX ← [y] MOV EBX ← [x] ... Thread Thread EAX : 32 EBX : 47 y:0 x:0 Prefetch Prefetch Buffer Buffer Shared Memory x : 1 y : 0

  17. An alternative explanation: Load prefetching MOV [x] ← 1 MOV [y] ← 1 MOV EAX ← [y] MOV EBX ← [x] ... Thread Thread EAX : 0 EBX : 47 x:0 Prefetch Prefetch Buffer Buffer Shared Memory x : 1 y : 0

  18. An alternative explanation: Load prefetching MOV [x] ← 1 MOV [y] ← 1 MOV EAX ← [y] MOV EBX ← [x] ... Thread Thread EAX : 0 EBX : 47 x:0 Prefetch Prefetch Buffer Buffer Shared Memory x : 1 y : 1

  19. An alternative explanation: Load prefetching MOV [x] ← 1 MOV [y] ← 1 MOV EAX ← [y] MOV EBX ← [x] ... Thread Thread EAX : 0 EBX : 0 Prefetch Prefetch Buffer Buffer Shared Memory x : 1 y : 1

  20. Fence instructions MOV [x] ← 1 MOV [y] ← 1 MFENCE MFENCE MOV EAX ← [y] MOV EBX ← [x] In the store buffer model, “block until the local buffer is empty” In the prefetch model, “block if the local prefetch buffer is non-empty” or “clear the local prefetch buffer”

  21. Store buffering + fences MOV [x] ← 1 MOV [y] ← 1 MFENCE MFENCE MOV EAX ← [y] MOV EBX ← [x] ... Thread Thread EAX : 32 EBX : 47 Write Write Buffer Buffer Shared Memory x : 0 y : 0

  22. Store buffering + fences MOV [x] ← 1 MOV [y] ← 1 MFENCE MFENCE MOV EAX ← [y] MOV EBX ← [x] ... Thread Thread EAX : 32 EBX : 47 Write Write Buffer Buffer x:1 Shared Memory x : 0 y : 0

  23. Store buffering + fences MOV [x] ← 1 MOV [y] ← 1 MFENCE MFENCE MOV EAX ← [y] MOV EBX ← [x] ... Thread Thread EAX : 32 EBX : 47 Write Write Buffer Buffer x:1 y:1 Shared Memory x : 0 y : 0

  24. MFENCE blocks until the thread buffer is empty Store buffering + fences MOV [x] ← 1 MOV [y] ← 1 MFENCE MFENCE MOV EAX ← [y] MOV EBX ← [x] ... Thread Thread EAX : 32 EBX : 47 Write Write Buffer Buffer y:1 Shared Memory x : 1 y : 0

  25. C++11 concurrency *x = 1; *y = 1; a = *y; b = *x; Semantics depends on the type of x, y. — ordinary int* => undefined semantics — atomic_int* => SC semantics (There are also weaker kinds of atomics.) The compiler is responsible for adding the necessary FENCE s.

  26. Compiling C++11 ordinary accesses To compile ordinary int* accesses, no fences are needed on x86: compile *x = 1; MOV [x] ← 1 MOV EAX ← [y] a = *y; assuming x ≠ y , may reorder cmds MOV EAX ← [y] MOV [x] ← 1 Reordering of ordinary memory accesses permitted. Why is this sound?

  27. Compiling C++11 atomic accesses Recipe for compiling atomic_int* accesses on x86: Load: MFENCE; MOV Store: MOV; MFENCE In our example: compile MOV [x] ← 1 MOV [x] ← 1 naïvely *x = 1; optimize MFENCE MFENCE MFENCE a = *y; MOV EAX ← [y] MOV EAX ← [y]

  28. Compiler correctness What does it mean for a compiler to be correct? Compiler source program (e.g., C) target program (e.g., x86) source program ≈ target program What properties should “ ≈ ” have? Should it be reflexive? Symmetric? Transitive? Anything else?

  29. Reflexivity & symmetry — Sensible only if compiling to the same language — If so, Reflexivity (doing nothing is a valid optimisation) Symmetry To see why: fail print “hello” print “hello” fail

  30. Example 1: Compiling C++11 ordinary accesses Compilation of ordinary memory accesses: compile *x = 1; MOV [x] ← 1 C C MOV [y] ← 2 *y = 2; This is sound because: — Either C does not access *x and *y => same behaviour — Or C accesses *x or *y => race condition => LHS has undefined semantics [NB: RHS semantics are well-defined ≠ LHS semantics]

  31. Example 2: Reordering C++11 ordinary accesses Recall that for ordinary accesses may be reordered: reorder *x = 1; *y = 2; C C *y = 2; *x = 1; This is sound because: — Either C does not access *x and *y => same behaviour — Or C accesses *x or *y => race condition => LHS has undefined semantics

  32. Correctness notion should be transitive — Compiler = sequence of program transformations C Diagram of Compcert compiler x86 — Want to verify each phase independently.

  33. Correctness notion should be compositional (ideally) — Separate compilation & linking: CompilerA module_a.c module_a.o CompilerB module_b.c module_b.o — We want the correctness notion to reflect this picture (Difficult!) [Ongoing work with Dreyer, Hur, Neis] — Here, we’ll ignore the issue.

  34. Compiler correctness as trace inclusion Compiler source program (e.g., C) target program (e.g., x86) traces(source_program) ⊇ traces(target_program) print “a” || print “b” print “a” ; print “b” print “a” ; print “b” print “a” || print “b” fail print “hello” print “hello” fail

  35. Basic proof technique: simulations Goal to prove: put(“a”) get(“b”) get(“c”) put(“d”) ... src Compile put(“a”) get(“b”) get(“c”) put(“d”) ... tgt By coinduction: find a “simulation” relation such that: event ∃ s’ s Compile ⊆ and event t ∀ t’

  36. CompCertTSO CompCertTSO ClightTSO x86-TSO — Take Leroy’s CompCert — Generate x86 instead of PowerPC/ARM — Add concurrency (TSO relaxed memory model) — Remove unsound compiler optimisations (restrict CSE) — Prove the compiler correct w.r.t. TSO semantics (reusing Leroy’s proofs as much as possible) — Implement & verify TSO-specific optimisations

  37. CompCertTSO LTL RTL branch tunnelling const prop. ClightTSO RTL LTL simplify linearize CSE C#minor RTL LTLin local vars reload/spill register Cstacked allocation Linear simplify act.records Cminor instruction selection Machabstr CminorSel Machconc x86 CFG generation [POPL 2011]

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Relaxed Separation Logic Tutorial @ POPL14 Viktor Vafeiadis MPI-SWS 20 January 2014

Relaxed Separation Logic Tutorial @ POPL14 Viktor Vafeiadis MPI-SWS 20 January 2014

Relaxed Separation Logic Tutorial @ POPL14 Viktor Vafeiadis MPI-SWS 20 January 2014 Tutorial outline Part I. Weak memory models 1. Introduction to relaxed concurrency 2. The C11 relaxed memory model Part II. Relaxed program logics 3.

699 views • 34 slides
Tackling Real-Life Relaxed Concurrency with FSL++ Marko Doko Viktor Vafeiadis Max Planck

Tackling Real-Life Relaxed Concurrency with FSL++ Marko Doko Viktor Vafeiadis Max Planck

Tackling Real-Life Relaxed Concurrency with FSL++ Marko Doko Viktor Vafeiadis Max Planck Institute for Software Systems (MPI-SWS) ESOP 2017-04-26 Weak memory memory models weaker than sequential consistency (SC) gives us better performance

787 views • 58 slides
Relaxed memory models No sequential consistency (SC) in chips today Chip designers

Relaxed memory models No sequential consistency (SC) in chips today Chip designers

Dynamic Synthesis for Relaxed Memory Models Feng Liu*, Nayden Nedev*, Nedyalko Prisadnikov , Martin Vechev, Eran Yahav *Princeton University, Sofia University, ETH Zurich, Technion 06/13/2012 PLDI 2012, Beijing Relaxed

410 views • 27 slides
Robustness against Relaxed Memory Models Memory Models Roland Meyer Technische Universit at

Robustness against Relaxed Memory Models Memory Models Roland Meyer Technische Universit at

Robustness against Relaxed Memory Models Memory Models Roland Meyer Technische Universit at Kaiserslautern Roland Meyer (TU KL) Robustness against Relaxed Memory Models MM February 2015 1 / 27 Concurrent Programs with Shared Memory

1.35k views • 132 slides
Concurrency and Transactional Memory in C++: 50000 foot view Hans-J. Boehm Google Concurrency

Concurrency and Transactional Memory in C++: 50000 foot view Hans-J. Boehm Google Concurrency

Concurrency and Transactional Memory in C++: 50000 foot view Hans-J. Boehm Google Concurrency in the C++ Standard Most additions start in Concurrency Study Group (ISO JTC1/SC22/WG21/SG1). Transactional memory is separate (SG5).

342 views • 22 slides
Concurrency and Memory Models Filip Sieczkowski Why concurrency? Moores law Every two

Concurrency and Memory Models Filip Sieczkowski Why concurrency? Moores law Every two

Concurrency and Memory Models Filip Sieczkowski Why concurrency? Moores law Every two years, the number of transistors in a dense integrated circuit doubles The keystone of microprocessor industry Physical limitations Finite

374 views • 20 slides
MECHANIZED SEMANTICS AND VERIFIED COMPILATION FOR A DATAFLOW SYNCHRONOUS LANGUAGE WITH RESET

MECHANIZED SEMANTICS AND VERIFIED COMPILATION FOR A DATAFLOW SYNCHRONOUS LANGUAGE WITH RESET

MECHANIZED SEMANTICS AND VERIFIED COMPILATION FOR A DATAFLOW SYNCHRONOUS LANGUAGE WITH RESET Timothy Bourke 1,2 Llio Brun 1,2 Marc Pouzet 3,2,1 POPL20 January 24, 2020 1 Inria Paris 2 cole normale suprieure PSL University

1.12k views • 93 slides
28. Parallel Programming II 28.1 Shared Memory, Concurrency Shared Memory, Concurrency,

28. Parallel Programming II 28.1 Shared Memory, Concurrency Shared Memory, Concurrency,

28. Parallel Programming II 28.1 Shared Memory, Concurrency Shared Memory, Concurrency, Excursion: lock algorithm (Peterson), Mutual Exclusion Race Conditions [C++ Threads: Williams, Kap. 2.1-2.2], [C++ Race Conditions: Williams, Kap. 3.1] [C++

320 views • 16 slides
From C/C++11 to POWER and ARM: What is Shared-Memory Concurrency, Anyway? Susmit Sarkar

From C/C++11 to POWER and ARM: What is Shared-Memory Concurrency, Anyway? Susmit Sarkar

From C/C++11 to POWER and ARM: What is Shared-Memory Concurrency, Anyway? Susmit Sarkar University of St Andrews MMnet, Heriot Watt May, 2013 Shared Memory Concurrency: Since 1962 Burroughs D825 (first multiprocessing computer) Outstanding

670 views • 50 slides
CFSCQ: Extending a verified file system with concurrency Tej Chajed advised by Frans Kaashoek

CFSCQ: Extending a verified file system with concurrency Tej Chajed advised by Frans Kaashoek

SRC #14 CFSCQ: Extending a verified file system with concurrency Tej Chajed advised by Frans Kaashoek and Nickolai Zeldovich 1 Goal: verify a concurrent file system Existing verified file systems are sequential e.g. , FSCQ,

404 views • 12 slides
A Higher-Order Abstract Syntax Approach to Verified Compilation of Functional Programs Yuting

A Higher-Order Abstract Syntax Approach to Verified Compilation of Functional Programs Yuting

A Higher-Order Abstract Syntax Approach to Verified Compilation of Functional Programs Yuting Wang and Gopalan Nadathur Department of Computer Science and Engineering University of Minnesota, Minneapolis ESOP 2016, Eindhoven, Netherlands

1.06k views • 88 slides
Program logics for relaxed consistency UPMARC Summer School 2014 Viktor Vafeiadis Max Planck

Program logics for relaxed consistency UPMARC Summer School 2014 Viktor Vafeiadis Max Planck

Program logics for relaxed consistency UPMARC Summer School 2014 Viktor Vafeiadis Max Planck Institute for Software Systems (MPI-SWS) 1st Lecture, 28 July 2014 Outline Part I. Weak memory models 1. Intro to relaxed memory consistency 2. The

466 views • 33 slides
Compiling Dependent Types Much recent focus on verified compilation of dependently typed

Compiling Dependent Types Much recent focus on verified compilation of dependently typed

CPS Translation of Dependent Types Amal Ahmed Northeastern University Work in progress, with Nick Rioux and William Bowman Compiling Dependent Types Much recent focus on verified compilation of dependently typed languages: Coqonut, CertiCoq

708 views • 44 slides
Crellvm: Verified Credible Compilation for LLVM Seoul National University (Korea) Jeehoon Kang*

Crellvm: Verified Credible Compilation for LLVM Seoul National University (Korea) Jeehoon Kang*

Crellvm: Verified Credible Compilation for LLVM Seoul National University (Korea) Jeehoon Kang* Yoonseung Kim * Youngju Song* Juneyoung Lee Sanghoon Park Mark Dongyeon Shin Yonghyun Kim Sungkeun Cho Joonwon Choi (MIT) Chung-Kil

978 views • 95 slides
Fluid Types Statically Verified Distributed Protocols with Refinements Fangyi Zhou Francisco

Fluid Types Statically Verified Distributed Protocols with Refinements Fangyi Zhou Francisco

Fluid Types Statically Verified Distributed Protocols with Refinements Fangyi Zhou Francisco Ferreira Rumyana Neykova Nobuko Yoshida Quick Primer on Session Types 2 Concurrency Shared Memory Message Passing 3 (1) ->

596 views • 37 slides
VERIFIED COMPILATION OF THE MODULAR RESET, FINALLY Timothy Bourke 1,2 Llio Brun 1,2 Marc Pouzet

VERIFIED COMPILATION OF THE MODULAR RESET, FINALLY Timothy Bourke 1,2 Llio Brun 1,2 Marc Pouzet

VERIFIED COMPILATION OF THE MODULAR RESET, FINALLY Timothy Bourke 1,2 Llio Brun 1,2 Marc Pouzet 3,2,1 PARKAS SYNCHRON19 November 28, 2019 1 Inria Paris 2 DI ENS PSL University 3 Sorbonne University THE PROBLEM Adding the modular

1.41k views • 124 slides
Search Lookaside Buffer: Efficient Caching for Index Data Structures Xingbo Wu, Fan Ni, Song

Search Lookaside Buffer: Efficient Caching for Index Data Structures Xingbo Wu, Fan Ni, Song

Search Lookaside Buffer: Efficient Caching for Index Data Structures Xingbo Wu, Fan Ni, Song Jiang Background Large-scale in-memory applications. In-memory databases In-memory NoSQL stores and caches Software routing tables

728 views • 36 slides
with a Runahead Buffer Milad Hashemi Yale N. Patt December 8, 2015 Runahead Execution Overview

with a Runahead Buffer Milad Hashemi Yale N. Patt December 8, 2015 Runahead Execution Overview

Filtered Runahead Execution with a Runahead Buffer Milad Hashemi Yale N. Patt December 8, 2015 Runahead Execution Overview Runahead dynamically expands the instruction window when the pipeline is stalled [Mutlu et al., 2003] The core

666 views • 30 slides
External Sorting (From Chapter 13)

External Sorting (From Chapter 13)

External Sorting (From Chapter 13) Why Sort? Some

138 views • 9 slides
System Notes 02: Hardware Hector Garcia-Molina CS 245 Notes 2 1 Outline Hardware: Disks

System Notes 02: Hardware Hector Garcia-Molina CS 245 Notes 2 1 Outline Hardware: Disks

CS 554: Advanced Database System Notes 02: Hardware Hector Garcia-Molina CS 245 Notes 2 1 Outline Hardware: Disks Access Times (disk) Optimizations (disk access time) Other Topics: Storage costs Using secondary storage

1.24k views • 61 slides
Data Management Systems Storage Management Basic principles Memory hierarchy The

Data Management Systems Storage Management Basic principles Memory hierarchy The

Data Management Systems Storage Management Basic principles Memory hierarchy The Buffer Cache Segments and file storage Management, replacement Database buffer cache Relation to overall system Storage techniques

657 views • 31 slides
Stack Smashing as of Today A State-of-the-Art Overview on Buffer Overflow Protections on

Stack Smashing as of Today A State-of-the-Art Overview on Buffer Overflow Protections on

\x90\x90\x90\x90\x90\x90\x90\x90 Stack Smashing as of Today A State-of-the-Art Overview on Buffer Overflow Protections on linux_x86_64 <fritsch+blackhat@in.tum.de> Hagen Fritsch Technische Universitt Mnchen Black Hat Europe

927 views • 49 slides
Hardware-Based Speculation Or how it is in real life

Hardware-Based Speculation Or how it is in real life

Hardware-Based Speculation Or how it is in real life Dynamic branch predic/on to choose which instruc1ons Specula/on to allow instruc1ons to

399 views • 7 slides
Emacsy Shane Celis GNU Hackers Meeting Paris, France August 24th, 2013 Agenda Intended

Emacsy Shane Celis GNU Hackers Meeting Paris, France August 24th, 2013 Agenda Intended

Emacsy Shane Celis GNU Hackers Meeting Paris, France August 24th, 2013 Agenda Intended Audience What is Emacsy? What is Emacs? Demos Whats next? Where to get it Audience Audience Interactive application

1.07k views • 74 slides

More recommend