structural counter abstraction
play

Structural counter abstraction Proving fair-termination of depth - PowerPoint PPT Presentation

Oct 22, 2023 •384 likes •714 views

Structural counter abstraction Proving fair-termination of depth bounded systems Kshitij Bansal 1 with Eric Koskinen 1 , Thomas Wies 1 , Damien Zufferey 2 1 New York University 2 IST Austria March 18, 2013 TACAS, Rome, Italy Introduction

  1. Structural counter abstraction Proving fair-termination of depth bounded systems Kshitij Bansal 1 with Eric Koskinen 1 , Thomas Wies 1 , Damien Zufferey 2 1 New York University 2 IST Austria March 18, 2013 TACAS, Rome, Italy

  2. Introduction ◮ Model: Depth-bounded systems Graph-rewrite based transition systems, which can be used to model concurrent heap-manipulating algorithms, as well as distributed systems. ◮ Problem: Fair-termination problem Fairness: If a transition is continuously enabled after some point, it is taken infinitely often. ◮ Application: Proving progress properties of concurrent and distributed systems.

  3. Treiber stack Top next next · · · stack node node

  4. Treiber stack · · · push pop Top next next · · · stack node node

  5. Treiber stack push Top next next · · · stack node node push(s, data): do { pc1: t = s->top; x = new node(t, data); } while( !CAS(s->top, t, x) ); pc2:

  6. Treiber stack pc1 s Top next next · · · stack node node push(s, data): do { pc1: t = s->top; x = new node(t, data); } while( !CAS(s->top, t, x) ); pc2:

  7. Treiber stack x pc1 pc2 node s t next Top next next · · · stack node node push(s, data): do { pc1: t = s->top; x = new node(t, data); } while( !CAS(s->top, t, x) ); pc2:

  8. Treiber stack x pc1 pc2 node s t next Top next next · · · stack node node push(s, data): do { pc1: t = s->top; x = new node(t, data); } while( !CAS(s->top, t, x) ); pc2:

  9. Treiber stack x pc2 pc1 node s t next next next · · · stack node node Top next node push(s, data): do { pc1: t = s->top; x = new node(t, data); } while( !CAS(s->top, t, x) ); pc2:

  10. Treiber stack x pc2 pc1 node s t next next next · · · stack node node Top next node push(s, data): do { pc1: t = s->top; x = new node(t, data); } while( !CAS(s->top, t, x) ); pc2:

  11. Treiber stack pc1 s next next · · · stack node node Top next node push(s, data): do { pc1: t = s->top; x = new node(t, data); } while( !CAS(s->top, t, x) ); pc2:

  12. Lock freedom as fair termination ◮ Treiber stack is lock-free. ◮ guarantees global progress: some thread will finish ◮ individual threads might starve ◮ Reduced to termination problem where arbitrarily many but finite number of threads are present. ◮ A transition which spawns processes at will, along with a fairness constraint can be used to encode this.

  13. Lock freedom as fair termination ◮ Treiber stack is lock-free. ◮ guarantees global progress: some thread will finish ◮ individual threads might starve ◮ Reduced to termination problem where arbitrarily many but finite number of threads are present. ◮ A transition which spawns processes at will, along with a fairness constraint can be used to encode this. ◮ Challenge: Unbounded number of heap objects and thread objects.

  14. Contribution ◮ Work with symbolic graphs which can model structures that arise commonly in these systems, and required to be tracked to prove termination. ◮ Contribution: We introduce a counter abstraction derived from these, thus called structural counter abstraction . It is sufficiently refined to be able to prove progress properties like lock-freedom of Treiber stack.

  15. Related work Counter abstraction for concurrent systems ◮ A. Pnueli, J. Xu, and L. D. Zuck. Liveness with (0, 1, ∞ )-counter abstraction. In CAV , 2002. ◮ G. Basler, M. Mazzucchi, T. Wahl, and D. Kroening. Symbolic counter abstraction for concurrent software. In CAV , 2009.

  16. Related work Counter abstraction for concurrent systems ◮ A. Pnueli, J. Xu, and L. D. Zuck. Liveness with (0, 1, ∞ )-counter abstraction. In CAV , 2002. ◮ G. Basler, M. Mazzucchi, T. Wahl, and D. Kroening. Symbolic counter abstraction for concurrent software. In CAV , 2009. Graph-based analysis ◮ J. Berdine, B. Cook, D. Distefano, and P. W. O’Hearn. Automatic termination proofs for programs with shape-shifting heaps. In CAV , 2006. ◮ S. Gulwani, T. Lev-Ami, and M. Sagiv. A combination framework for tracking partition sizes. In POPL , 2009.

  17. Outline Introduction Model (nested graphs) Structural counter abstraction Implementation and conclusion

  18. Model Graph Transformation Systems ◮ States: graphs. In our case, symbolic graphs (on next slide). ◮ Rules: rewrite one subgraph with another. node node Other rules: Spawn top top CAS succeed CAS fail t stack stack node s s x pc1 pc2 Prepare rule

  19. Nested graphs node Top stack s pc1 represent arbritrary number of copies.

  20. Nested graphs node node t Top t s s pc2 pc2 stack x x s pc1 node node

  21. node node t Top t Nested subgraphs represent s s pc2 pc2 arbitrary number of copies of stack the subgraphs x x s node pc1 node node node node t Top t t s s pc2 stack pc2 pc2 pc2 pc2 s x x x s pc1 node node node node pc1 node pc1

  22. Inductive invariant node node t Top t s s pc2 pc2 stack x x s node pc1 node t node node t prepare Top t s s pc2 pc2 pc2 stack s x x x s pc1 node node node

  23. Inductive invariant node node t Top t s s pc2 pc2 stack x x s node pc1 node cover t node node t prepare Top t s s pc2 pc2 pc2 stack s x x x s pc1 node node node

  24. Inductive invariant CAS succeed G succeed node node t Top t cover s s pc2 pc2 stack CAS fail G fail x x s node pc1 node cover cover t node node t prepare Top t s s pc2 pc2 pc2 stack s x x x s pc1 node node node

  25. Structural counter abstraction Input : Rewrite-rules, Inductive invariant as nested graphs Output : Counter system Graph system → Counter system → Nested graphs Control locations Nodes in nested graphs → Counters → Rule applications Counter updates Soundness. If the graph transition system has a fair non-terminating run, then the counter system will have a fair non-terminating run.

  26. l 1 node node t y 3 y 6 Top t s s pc2 pc2 stack y 4 y 1 y 7 x x s pc1 node node y 2 y 8 y 5

  27. cover prepare l 2 l 1 t node node node node t t y 3 y 3 y 6 y 6 Top Top t t s s s s pc2 stack pc2 pc2 pc2 stack pc2 s y 4 y 4 y 1 y 7 y 9 y 1 x y 7 x x x x s s node pc1 node pc1 node node node y 2 y 8 y 10 y 2 y 8 y 5 y 5 prepare: ( l 1 , { y ′ 9 = 1 , y ′ 10 = 1 , y ′ 5 = y 5 − 1, identity on rest } , l 2 ) cover: ( l 2 , { y ′ 1 = y 1 + y 9 , y ′ 9 = 0 , y ′ 2 = y 10 + y 2 , y ′ 10 = 0, identity on rest } , l 1 )

  28. Computing Inductive Invariant ◮ Depth bounded systems: class of well-structured transition systems [Meyer, 2008]. It says if the length of the longest simple path is bounded, then system is well-structured with the ordering given by subgraph homomorphism. ◮ Analysis to compute over-approximation of set of reachable states of the WSTS [Ideal abstraction, Zufferey, Wies, Henzinger, 2012]. This overapproximation is a downward closed set, also inductive, given as finite union of states represented by the nested graphs. ◮ Many concurrent and distributed process can be modeled as depth-bounded processes for proving termination (Treiber stack without next, etc.)

  29. Implementation Input : Graph rewrite system. 1. Picasso 1 computes the inductive invariant as nested graphs[ZWH’12]. 2. Picasso extended to compute the counter abstraction from the invariant[this work]. 3. Counter program is fed to termination prover for counter systems, ARMC [Andrey Rybalchenko, Andreas Podelski]. We also use Z3 [Leonardo de Moura, Nikolaj Bjorner] and Princess[Philipp R¨ ummer] for variable elimination to optimize counter abstraction. 1 http://pub.ist.ac.at/~zufferey/picasso/

  30. Experimental Results � Example #loc #v #t I N Armc Total Split/merge 4 3 9 1.5 6.8 0.1 8.4 Work stealing, 3 processors 4 4 20 1.7 13.1 0.2 15.0 Work stealing, parameterized 2 3 4 1.5 5.6 0.1 6.2 Compute server job queue 2 5 4 1.6 6.1 0.1 7.8 Chat room 5 34 80 9.8 61.3 5 min 6 min Map reduce 6 10 15 2.0 8.8 0.2 11.0 Map reduce with failure 6 15 21 2.3 11.1 0.9 14.3 Treiber’s stack (coarse-grained) 2 6 4 1.9 7.2 0.2 9.3 Treiber’s stack (fine-grained) 3 14 13 2.7 14.2 1.2 17.1 Herlihy/Wing queue 3 16 25 3.8 24.9 6.5 34.2 Michael/Scott queue (dequeue only) 4 7 23 2.8 13.0 0.6 16.4 Michael/Scott queue (enqueue only) 7 15 53 3.8 43.7 7.6 55.1 Michael/Scott queue 9 31 224 25.0 265.0 3 wks 3 wks Table : The columns show the number of locations, variables, and transitions in the counter abstraction, and the running times, in seconds, for computing the inductive invariant, constructing the abstraction, and for proving termination.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

A Counter Abstraction Technique for the Verification of Probabilistic Swarm Systems Alessio

A Counter Abstraction Technique for the Verification of Probabilistic Swarm Systems Alessio

A Counter Abstraction Technique for the Verification of Probabilistic Swarm Systems Alessio Lomuscio and Edoardo Pirovano Imperial College London, UK 18 September 2019 Highlights 2019 Based on a paper at AAMAS19 Robot Swarms Introduction

1.1k views • 22 slides
Abstraction Hierarchy Concept Structural Domain: component described in terms of

Abstraction Hierarchy Concept Structural Domain: component described in terms of

Abstraction Hierarchy Concept Structural Domain: component described in terms of interconnection of primitives Behavioral Domain: component described by defining its input/output response Abstraction Hierarchy: set of interrelated

617 views • 43 slides
SMT and POR beat Counter Abstraction Parameterized Model Checking of Threshold-Based Distributed

SMT and POR beat Counter Abstraction Parameterized Model Checking of Threshold-Based Distributed

SMT and POR beat Counter Abstraction Parameterized Model Checking of Threshold-Based Distributed Algorithms Igor Konnov Helmut Veith Josef Widder Alpine Verification Meeting May 4-6, 2015 Why fault-tolerant (FT) distributed algorithms

859 views • 64 slides
Software Model Checking and Counter-example Guided Abstraction Refinement Claire Le Goues 1

Software Model Checking and Counter-example Guided Abstraction Refinement Claire Le Goues 1

Software Model Checking and Counter-example Guided Abstraction Refinement Claire Le Goues 1 Motivation: How should we analyze this? * means something we cant analyze (user input, random value) Line 5: the lock is held if and only

886 views • 63 slides
Abstraction by Structure Carl Henrik Ek, Danica Kragic { chek, danik } @csc.kth.se Royal

Abstraction by Structure Carl Henrik Ek, Danica Kragic { chek, danik } @csc.kth.se Royal

Introduction Structural Representations Structural Models Conclusion References Abstraction by Structure Carl Henrik Ek, Danica Kragic { chek, danik } @csc.kth.se Royal Institute of Technology April 18, 2012 Ek, Kragic KTH Abstraction by

1.43k views • 108 slides
Bi-inductive Structural Semantics and its Abstraction Patrick Cousot cole normale

Bi-inductive Structural Semantics and its Abstraction Patrick Cousot cole normale

Bi-inductive Structural Semantics and its Abstraction Patrick Cousot cole normale suprieure 1. Motivation 45 rue dUlm, 75230 Paris cedex 05, France Patrick.Cousot@ens.fr www.di.ens.fr/~cousot (joint work with Radhia Cousot)

442 views • 18 slides
Point, Line, & Plane 1 Abstraction Abstraction is the act of considering something as a

Point, Line, & Plane 1 Abstraction Abstraction is the act of considering something as a

Point, Line, & Plane 1 Abstraction Abstraction is the act of considering something as a general quality or characteristic, apart from concrete realities, specific objects, or actual instances. 2 Abstraction Abstraction is

478 views • 21 slides
Predicate Abstraction with SATABS Existential Abstraction Predicate Abstraction for Software

Predicate Abstraction with SATABS Existential Abstraction Predicate Abstraction for Software

Outline Introduction Predicate Abstraction with SATABS Existential Abstraction Predicate Abstraction for Software Counterexample-Guided Abstraction Refinement Computing Existential Abstractions of Programs Version 1.0, 2010 Checking the

429 views • 12 slides
Data Abstraction Announcements Data Abstraction Data Abstraction Programmers Compound

Data Abstraction Announcements Data Abstraction Data Abstraction Programmers Compound

Data Abstraction Announcements Data Abstraction Data Abstraction Programmers Compound values combine other values together All A date: a year, a month, and a day A geographic position: latitude and longitude Data abstraction

430 views • 19 slides
8051 Serial Port and Timer/Counter Serial Port Timer Counter Chatchai Jantaraprim

8051 Serial Port and Timer/Counter Serial Port Timer Counter Chatchai Jantaraprim

8051 Serial Port and Timer/Counter Serial Port Timer Counter Chatchai Jantaraprim (cj@coe.psu.ac.th) 8051 Timer/Counter Two internal Timers/Counters 16-bit timer/counter Timer uses system clock as source of input pulses Counter uses external

273 views • 8 slides
Counter Braids: A novel counter architecture Balaji Prabhakar Balaji Prabhakar Stanford

Counter Braids: A novel counter architecture Balaji Prabhakar Balaji Prabhakar Stanford

Counter Braids: A novel counter architecture Balaji Prabhakar Balaji Prabhakar Stanford University Joint work with: Yi Lu, Andrea Montanari , Sarang Dharmapurikar and Abdul Kabbani Overview Counter Braids Background: current

601 views • 30 slides
Counter/Timers Overview ATmega328P has two 8-bit and one 16-bit counter/timers. Unit C

Counter/Timers Overview ATmega328P has two 8-bit and one 16-bit counter/timers. Unit C

C.1 C.2 Counter/Timers Overview ATmega328P has two 8-bit and one 16-bit counter/timers. Unit C Timers and Counters Can count at some rate up to a value, generate an interrupt and start over counting from 0. Useful for performing

402 views • 5 slides
Can We Understand Performance Counter Results? Vince Weaver ICL Lunch Talk 23 July 2010 How Do

Can We Understand Performance Counter Results? Vince Weaver ICL Lunch Talk 23 July 2010 How Do

Can We Understand Performance Counter Results? Vince Weaver ICL Lunch Talk 23 July 2010 How Do We Know if Counters are Working? Three common failures: Wrong counter (PAPI, Kernel, User) Counter works but gives wrong values Counter

376 views • 36 slides
What is abstraction? What is abstraction? Workable answer a blurring of details Idea:

What is abstraction? What is abstraction? Workable answer a blurring of details Idea:

What is abstraction? What is abstraction? Workable answer a blurring of details Idea: agree to ignore certain details ( for now ) e.g., with procedural abstraction idea is to convert original problem to a series of simpler

229 views • 12 slides
LETS PLAY! 100 99 98 97 96 O o p s , S o Salty just got a little u r P s u s

LETS PLAY! 100 99 98 97 96 O o p s , S o Salty just got a little u r P s u s

How to play: Each player puts their counter on the space that says 'START'. Take it in turns to roll the dice. Move your counter forward the number of spaces shown on the dice. If your counter lands at the bottom of a ladder, you can move up to

390 views • 5 slides
Lecture 11: Abstraction I ntro. to Programming, lecture 11: Abstraction 2 Topics for today

Lecture 11: Abstraction I ntro. to Programming, lecture 11: Abstraction 2 Topics for today

Chair of Softw are Engineering Einfhrung in die Programmierung Introduction to Programming Prof. Dr. Bertrand Meyer Lecture 11: Abstraction I ntro. to Programming, lecture 11: Abstraction 2 Topics for today Abstraction, especially

167 views • 12 slides
Prefix Rewriting and the Pushdown Hierarchy Wolfgang Thomas Francqui Lecture, Mons, April 2013

Prefix Rewriting and the Pushdown Hierarchy Wolfgang Thomas Francqui Lecture, Mons, April 2013

Prefix Rewriting and the Pushdown Hierarchy Wolfgang Thomas Francqui Lecture, Mons, April 2013 Reachability Problem Wolfgang Thomas Overview 1. Prefix Rewriting and the reachability problem 2. Interpretations 3. Unfoldings and Muchniks

501 views • 39 slides
Rewriting structured cospans Daniel Cicala SYCO 4 22 May 2019 outline motivation part i.

Rewriting structured cospans Daniel Cicala SYCO 4 22 May 2019 outline motivation part i.

Rewriting structured cospans Daniel Cicala SYCO 4 22 May 2019 outline motivation part i. part ii. structured cospans rewriting structured cospans part iii. inductive rewriting part iv. part i. motivation motivation Systems abound.

841 views • 42 slides
Automated Complexity Analysis of Rewrite Systems Florian Frohn RWTH Aachen University, Germany

Automated Complexity Analysis of Rewrite Systems Florian Frohn RWTH Aachen University, Germany

Automated Complexity Analysis of Rewrite Systems Florian Frohn RWTH Aachen University, Germany December 11, 2018 Automated Complexity Analysis of Rewrite Systems 1 Automated Complexity Analysis of Rewrite Systems Florian Frohn RWTH Aachen

1.61k views • 145 slides
Efficient Graph Rewriting York Semigroup Graham Campbell May 2019 Graham Campbell Efficient

Efficient Graph Rewriting York Semigroup Graham Campbell May 2019 Graham Campbell Efficient

Graphs and Labelling Graph Transformation Efficient Rewriting Confluence Analysis Efficient Graph Rewriting York Semigroup Graham Campbell May 2019 Graham Campbell Efficient Graph Rewriting Graphs and Labelling Graph Transformation

1.09k views • 70 slides
Automated Termination Analysis J urgen Giesl LuFG Informatik 2, RWTH Aachen University,

Automated Termination Analysis J urgen Giesl LuFG Informatik 2, RWTH Aachen University,

Automated Termination Analysis J urgen Giesl LuFG Informatik 2, RWTH Aachen University, Germany VTSA 12, Saarbr ucken, Germany Overview I. Termination of Term Rewriting 1 Termination of Term Rewrite Systems 2 Non-Termination of Term

1.47k views • 133 slides
Formalizing CyberPhysical System Model Transformation via Abstract Interpretation Natasha

Formalizing CyberPhysical System Model Transformation via Abstract Interpretation Natasha

Formalizing CyberPhysical System Model Transformation via Abstract Interpretation Natasha Jarus, Sahra Sedigh Sarvestani, and Ali Hurson Department of Electrical and Computer Engineering Missouri University of Science and Technology Rolla,

432 views • 21 slides
Poetry Your questions? The Pumping Lemma Any regular language L has a magic number p And any

Poetry Your questions? The Pumping Lemma Any regular language L has a magic number p And any

3/30/2018 Poetry Your questions? The Pumping Lemma Any regular language L has a magic number p And any long-enough word in L has the following property: Amongst its first p symbols is a segment you can find Whose repetition or omission

485 views • 23 slides
Reducing Invariant Proofs to Finite Search via Rewriting ACL2 Workshop 2004 Austin, Texas,

Reducing Invariant Proofs to Finite Search via Rewriting ACL2 Workshop 2004 Austin, Texas,

Reducing Invariant Proofs to Finite Search via Rewriting ACL2 Workshop 2004 Austin, Texas, November 18, 2004 Rob Sumners and Sandip Ray robert.sumners@amd.com, sandip@cs.utexas.edu 1 What are Invariants ? A Term is either a

380 views • 16 slides

More recommend