Sp Speedin ing g Up Maxim imal al Ca Causality Reduction wi - PowerPoint PPT Presentation

Sp Speedin ing g Up Maxim imal al Ca Causality Reduction wi with th Stati tic Analysis Shiyou Huang Jeff Huang huangsy@tamu.edu Parasol Lab, Texas A&M University 1

Ma Maxima mal Ca Causality Reduction (MCR MCR) Concurrent Program Stateless Verification is Hard Model Checker Under the given input Huge MCR Interleaving Space (Huang, PLDI’15) + No redundancy - Purely Dynamic, #constraints + Sound and Complete cubic in trace size + More efficient than DPOR 1 and ICB 2 - Without considering input non-determinism 1. DPOR: Flanagan and Godefroid, PLDI’05 2. ICB: Musuvathi , OSDI’08 2

Ma Maxima mal Ca Causality Reduction (MCR MCR) Ø Trace: A sequence of events executed by the program Ø Constraints: An order variable (O) for each event in the trace E.g., if e1 happens before e2, ! "# < ! "% Ø Interleaving: A sequence of thread schedule (Huang, PLDI’15) 3

-- &(() Co Constraints s Mo Model -- Ω D = F GHI ∧ F 9KLM ∧ F NO9PQPRS ∧ F TROR" Ø must-happen-before( ∅ +,- ) E.g., !1 < !2 if e1 and e2 are by the same thread, and e1 occurs before e2 Ø lock-mutual-exclusion( ∅ 0123 ) E.g., for a lock pair, (41, 61) and (42, 62 ), ! 8# < ! 9% ∨ ! 8% < ! 9# Ø validity( ∅ ;<0=>=?@ ) an event is feasible if every read that must-happen-before it returns the same value Ø new state( ∅ A?<?B ) At least one read in ? returns a different value 4

An An Ex Exampl ple S0: 1-2-3-4-5 , r1 = r2 = 0, WX6Y ≡ [ == 0 Init: x=y=0 e1 return the same hb value as that in S0 T1 T2 e2 to enforce 1: r1=y 4: x=1 hb WX6Y ≡ [ == 0 e3 r2=x rf 2: if (x==0) 5: y=1 e4 x=1 3: r2=x hb e5 Possible schedules : Constraints: 1. 1-2-3-4-5 \]: Y1 ≺ Y2 ≺ e3, e4 ≺ e5 4-1-2-3-5 2. 1-2-4-3-5 � `DaDY: Y3 ≺ Y4 ia4jY ≡ [ == 0 3. 1-4-5-2 4. … 1-2-4-3-5 � da4efeDg: Y1 ≺ Y5, Y2 ≺ Y4 5

Va Validity Constraints ≺ " : set of events that happen before e m : set of writes that write value v to a variable, x l N l m : set of writes that write other values to x Ø every read r Φ validity = w Φ value ( r, v ) , V before e , return r œª e the same value v state constraint that ensures r to read a value v : F NO98" X, k enforces r returns the value v Ø match r to a write Φ value ( r, v ) ⌘ W ( Φ validity ( w ) ^ O w < O r that writes the w 2 W x v value v to the w 6 = w 0 2 W x ( O w 0 < O w _ O r < O w 0 )) V same location 6

Li Limi mitations Most events are reads and writes in a trace Ø Complicated constraints, cubic in the size of the trace Just a few reads influence the reachability of a later event Ø Construct unnecessary constraints T1 T2 1: r1=y 4: x=1 � r1=y, x==0 2: if (x==0) 5: y=1 hb 3: r2=x 7

events happen before r5: r1 r1, r2, r3, r4 F NO9PQPRS X5 = r2 F NO98" X1, k ∧ dependency F NO98" X4 k′ ∧ r3 analysis F NO98" X2, k o ∧ r4 F NO98" (k3, k o ) r5 depends on: r5 Reduced r1, r2, r3, r4

Our Ap Ou Approach Ordering More Trace Constraints Schedules run events happen before r5: r1 r1, r2, r3, r4 r2 F NO9PQPRS X5 = MCR + Static Dependency Analysis dependency F NO98" X1, k ∧ r3 analysis F NO98" X4 k′ r4 r5 depends on: r5 r1, r2, r3, r4 9

Sy System Dependency Graph (SDG) Pr ocedur e m ai n ( ) sum = 0; i = 1; whi l e i <11: sum = add( sum , i ) ; i = i +1; Pr ocedur e add ( x, y) x = x+y; r et ur n x; 10

Co Control Dependency l ocal a=x l ocal a=x i f ( x==1 ) i f ( x==1 ) Edge key Edge key Control Dependency Control Dependency . . . . . . Data Dependency Data Dependency i f ( a==1 ) i f ( a==1 ) Parameter In/Out Parameter In/Out Derived Dependency Derived Dependency . . . . . . Procedure Call Procedure Call r = y r = y r = y r = y (a) (b) (a) (b) (a) (b) Case a: an event is directly depends Case b: the dependency may be ent er ent er ent er ent er i f ( f unc ) on a read operation evaluated by an if transmitted via a data dependency f unc( ) i f ( f unc ) f unc( ) f unc ( ) f unc( ) f unc ( ) f unc( ) ppqppqrp X = g predicate . . . . . . a = [ ret_out ret_out ppqrp X = g x=1 ret_exc x=1 ret_exc i f ( x==1) i f ( x==1) [ == 1 r et ur n x cr ash r = y r = y r et ur n x cr ash r = y r = y (d) (c) 11 (d) (c)

l ocal a=x i f ( x==1 ) Edge key l ocal a=x i f ( x==1 ) Edge key Control Dependency Control Dependency . . . Data Dependency i f ( a==1 ) . . . Data Dependency i f ( a==1 ) Parameter In/Out Parameter In/Out Derived Dependency . . . Derived Dependency . . . Procedure Call Procedure Call r = y r = y r = y Control Dependency Co r = y (a) (b) (a) (b) ent er ent er ent er ent er i f ( f unc ) i f ( f unc ) f unc( ) f unc( ) f unc ( ) f unc ( ) f unc( ) f unc( ) . . . . . . ret_out ret_out x=1 x=1 ret_exc ret_exc i f ( x==1) i f ( x==1) r et ur n x r et ur n x cr ash r = y cr ash r = y r = y r = y (d) (c) (c) (d) (d) (c) Case c: the evaluation may depend on Case d: the read may depend on a if the return value of another procedure predicate in a different procedure tuqppqppqrp X = g rpqrpqrpqrp X = g XYD6Xs [ [ == 1 12

Co Control Dependency Definition: given two nodes n1 and n2 in an SDG, we use n1 v L n2 to denote that n2 is control dependent on n1 ' ∗ )* "2 , "1 $ % "2 Û "1 + ∶= ".// | 01 11 23 |25 |06 CD: control dependency DD: data dependency PI/O: parameter in/out CL: call 13

Co Constraints s Reduction Main Idea: Only enforce reads that are control-dependency related to return the same value ÿ 2 ª τ ( e ) Ω Happens-before ( τ , e ) 3 ª D τ ( e ) Ω DependencyComputation ( ª τ ( e ) , e ) 4 foreach read r œª D τ ( e ) with value v do // Φ value ( r, v ) recursively call DataValidityConstraints () Φ validity · = Φ value ( r, v ) 5 6 end return Φ 14

Redundancy Problem Re Init x=0 T1 T2 1: x=1 2: r1=x 3: r2=x S0: 1-2-3, X1 = X2 = 1 Since Y2 ≺ Y3 , Y2 is enforced rf e1 to return value 1 e2 hb MCR hb e3 r2 = 0 � T1 T2 15

Re Redundancy Problem Init x=0 T1 T2 1: x=1 2: r1=x Since Y3 is not control 3: r2=x dependent on e2, e2 can read S0: 1-2-3, X1 = X2 = 1 from any writes rf e1 e1 e2 e2 hb Our approach Any order MCR hb hb e3 e3 r2 = 0 r2 = 0 � � T1 T2 T1 T2 16

So Solution to Redundancy Problem We treat the events into two categories: 1. target read: a read considered to see a different value 2. other events ÿ 2 ª τ ( e ) Ω Happens-before ( τ , e ) // target read: read considered to return new values 3 if e is not a target read then ª D τ ( e ) Ω DependencyComputation ( ª τ ( e ) , e ) 4 5 end 6 foreach read r œª D τ ( e ) with value v do // Φ value ( r, v ) recursively call DataValidityConstraints () Φ validity · = Φ value ( r, v ) 7 8 end return Φ 17

Ev Evaluation Ø Dependency analysis using JOANA 1 [Graf] and WALA 2 Ø Comparisons with MCR • #reads/constraints reduced • solving time reduced Ø Benchmarks [Huang, PLDI’15] 1. Joana: http://pp.ipd.kit.edu/projects/joana/ 2. Wala: http://wala.sourceforge.net/wiki/index.php/Main_Page 18

Benchma Be mark rks s and SD SDG Program time( s ) memory(M) #nodes #edges Counter 2.00 69 289 1,440 Airline 2.10 79 809 4,902 Pingpong 2.52 83 914 5,244 BubbleSort 2.14 81 911 5,710 Pool 3.67 75 2,848 17,586 StringBuf 2.96 111 2,129 12,310 Weblech 8.01 219 22,094 167,492 Derby 69.67 1,385 115,658 2,409,784 time memory Avg. 11.6s 263M 19

Co Comp mpari riso son with MCR MCR (a) number of reads reduced 1 (b) number of constraints reduced (c) solving time reduced 1 1 Ø MCR-S: Optimization 0.8 0.8 0.8 with redundant 0.6 0.6 0.6 executions 0.4 0.4 0.4 MCR Ø MCR-S+: No MCR-S MCR-S+ 0.2 0.2 0.2 redundancy, but less 0 0 0 reads reduced Airline Airline Airline Counter Weblech Derby Avg. Counter Weblech Derby Avg. Counter Weblech Derby Avg. Pingpong BubbleSort Pingpong BubbleSort Pingpong BubbleSort Approach MCR-S MCR-S+ Reads 27.1% ↓ 12.1% ↓ Constraints 31.6% ↓ 15.7% ↓ Solving time 27.8% ↓ 26.2% ↓ 20

Conclusi Co sion & Future Work rk Improvement over MCR Ø #reads/constraints: 12.1% - 27.1% , 15.7% - 31.6 • solving time: ~27% • Future work Ø take input non-determinism into consideration • release the tool • 21

Thank You 22