Synthesizing Commutativity Conditions Kshitij Bansal Eric Koskinen - PowerPoint PPT Presentation

Synthesizing Commutativity Conditions Kshitij Bansal Eric Koskinen Omer Tripp New York University IBM Research, New York IBM Research, New York United States United States United States

Thread Thread Thread Thread 1 2 3 4

Thread Thread Thread Thread Thread Thread Thread Thread 1 1 2 2 3 3 4 4 put get enq deq add rm Concurrent Concurrent Concurrent HashMap Queue List

Thread Thread Thread Thread Thread Thread Thread Thread 1 1 2 2 3 3 4 4 rd wr put get enq deq add rm Concurrent Concurrent Concurrent Shared HashMap Queue List Memory

Thread Thread Thread Thread Thread Thread Thread Thread 1 1 2 2 3 3 4 4 Commutativity Linearizability rd wr put get enq deq add rm Concurrent Concurrent Concurrent Shared HashMap Queue List Memory

Thread Thread Thread Thread Thread Thread Thread Thread 1 1 2 2 3 3 4 4 Commutativity Linearizability rd wr put get enq deq add rm Concurrent Concurrent Concurrent Shared HashMap Queue List Memory Building blocks for Exploiting Multi-core Performance 
 (boosting, open-nesting, Celements et al TOCS’15) Sensible programming models Static/dynamic race detection Separation of concerns in verification . . .

The P USH /P ULL Model PLDI 2015 ⟨ ht.map(7,2) ,_, gUC ⟩ Push Pull ⟨ ht.map(3,x) ,_, gUC ⟩ ⟨ ht.map(3,x) , _ ⟩ ⟨ ht.map(3,x) ,_ ⟩ ⟨ q.enq(‘a’) ,_, gUC ⟩ ⟨ ht.get(5) , _ ⟩ ⟨ q.enq(‘a’) ,_ ⟩ Serializable. Opaque. …

Linearizable Commute The P USH /P ULL Model PLDI 2015 ⟨ ht.map(7,2) ,_, gUC ⟩ Push Pull ⟨ ht.map(3,x) ,_, gUC ⟩ ⟨ ht.map(3,x) , _ ⟩ ⟨ ht.map(3,x) ,_ ⟩ ⟨ q.enq(‘a’) ,_, gUC ⟩ ⟨ ht.get(5) , _ ⟩ ⟨ q.enq(‘a’) ,_ ⟩ Serializable. Opaque. …

Linearizable Commute

Linearizable Commute Many techniques based on program logics Reduce to Reachability Bouajjani et al. ICALP’15

Commute ? add(x) ⋈ remove(y)

Commute ? add(x) ⋈ remove(y) New Technique ✓ Synthesize sound commutativity conditions ✓ Developed an encoding that allows us to reduce commutativity to a format amenable to SMT solvers ✓ Relative completeness ✓ Implemented and applied to key data-structures Joint work with Kshitij Bansal (NYU) and Omer Tripp (IBM)

Commute Example. Set Abstract Data Type S

Commute Goal. Discover a condition that implies add(x) ⋈ remove(y)

⎞ ⎛ ｜ ⎝ ⎠ ｜ Commute Goal. Discover a condition that implies add(x) ⋈ remove(y) Strategy. Candidate commutativity condition φ φ … ⇒ ⋈ valid

⎞ ⎛ ｜ ⎝ ⎠ ｜ Commute Goal. Discover a condition that implies add(x) ⋈ remove(y) Strategy. Candidate commutativity condition φ φ … ⇒ ⋈ valid

⎞ ⎛ ｜ ⎝ ⎠ ｜ Commute Goal. Discover a condition that implies add(x) ⋈ remove(y) Strategy. Candidate commutativity condition φ φ … ⇒ ⋈ valid

⎞ ⎠ ｜ ⎛ ｜ ⎝ Commute Goal. Discover a condition that implies add(x) ⋈ remove(y) Strategy. Candidate commutativity condition φ Translate partial specification to A SMT-friend encoding that does not introduce equivalent total specification. quantifiers (aside from outermost ∀ ) φ … ⇒ ⋈ valid

⎛ ｜ ⎠ ⎞ ⎝ ｜ Commute Abstraction Refinement Algorithm false false false H 0 … ⇒ ⋈ valid

⎞ ⎛ ｜ ⎝ ⎠ ｜ Commute false false false H 1 … ⇒ ⋈ valid

⎞ ⎛ ｜ ⎝ ⎠ ｜ Commute false false false H’ 1 … ⇒ ⋈ valid

⎞ ⎛ ｜ ⎝ ⎠ ｜ Commute false false false H 2 … ⇒ ⋈ valid

⎞ ⎛ ｜ ⎝ ⎠ ｜ Commute false false false H 2 … ⇒ ⋈ valid

Commute

Commute Challenges 1. Avoid introducing quantifier alternation Translate partial specification to equivalent total specification. 2. Populating atomic predicates Automatically extracted from the atoms of the transition system 3. Dynamic choice of next predicate Counterexamples and “poke” heuristics.

Commute Thank you!