the c language it is not what you think it is
play

The C Language: It Is Not What You Think It Is! Mark Batty and - PowerPoint PPT Presentation

Oct 13, 2022 •144 likes •515 views

The C Language: It Is Not What You Think It Is! Mark Batty and Peter Sewell University of Cambridge Joint work of Jade Alglave, Mark Batty, Luc Maranget, Robin Morisset, Justus Matthiesen, Kayvan Memarian, Paul McKenney, Scott Owens, Pankaj

  1. The C Language: It Is Not What You Think It Is! Mark Batty and Peter Sewell University of Cambridge Joint work of Jade Alglave, Mark Batty, Luc Maranget, Robin Morisset, Justus Matthiesen, Kayvan Memarian, Paul McKenney, Scott Owens, Pankaj Pawan, Susmit Sarkar, Peter Sewell, Francesco Zappa Nardelli, and others. p. 1 Linux Collaboration Summit, April 2013

  2. p. 2

  3. C is? What the Standards say: ISO/IEC 9899:1999 ISO/IEC 9899:2011 endless DRs and internet discussions What the existing compilers provide ...and what future compilers will provide “the newer version of Clang is stricter about certain things” [Behan Webster, 2.15pm] What the corpus of C code requires What programmers believe What analysis and verification tools assume p. 3

  4. A Simple Message-Passing Example (MP) Thread 0 Thread 1 Thread 0 Thread 1 a: W[x]=1 c: R[y]=1 data=1 while (flag � = 1) {} if this reads 1... rf po po flag=1 print data ...could this read 0? b: W[y]=1 d: R[x]=0 rf Initial state: data = 0 flag = 0 Test MP p. 4

  5. A Simple Message-Passing Example (MP) Thread 0 Thread 1 Thread 0 Thread 1 a: W[x]=1 c: R[y]=1 data=1 while (flag � = 1) {} if this reads 1... rf po po flag=1 print data ...could this read 0? b: W[y]=1 d: R[x]=0 rf Initial state: data = 0 flag = 0 Test MP x86: ./runMP.sh p. 4

  6. A Simple Message-Passing Example (MP) Thread 0 Thread 1 Thread 0 Thread 1 a: W[x]=1 c: R[y]=1 data=1 while (flag � = 1) {} if this reads 1... rf po po flag=1 print data ...could this read 0? b: W[y]=1 d: R[x]=0 rf Initial state: data = 0 flag = 0 Test MP x86: ./runMP.sh POWER and ARM: POWER ARM Kind PowerG5 Power6 Power7 Tegra2 Tegra3 APQ8060 A5X MP Allow 10M/4.9G 6.5M/29G 1.7G/167G 40M/3.8G 138k/16M 61k/552M 437k/185M p. 4

  7. A Simple Message-Passing Example (MP) Thread 0 Thread 1 Thread 0 Thread 1 a: W[x]=1 c: R[y]=1 data=1 while (flag � = 1) {} if this reads 1... rf po po flag=1 print data ...could this read 0? b: W[y]=1 d: R[x]=0 rf Initial state: data = 0 flag = 0 Test MP x86: ./runMP.sh POWER and ARM: POWER ARM Kind PowerG5 Power6 Power7 Tegra2 Tegra3 APQ8060 A5X MP Allow 10M/4.9G 6.5M/29G 1.7G/167G 40M/3.8G 138k/16M 61k/552M 437k/185M GCC and HotSpot: observable (in some contexts) p. 4

  8. A Simple Message-Passing Example (MP) Thread 0 Thread 1 Thread 0 Thread 1 a: W[x]=1 c: R[y]=1 data=1 while (flag � = 1) {} if this reads 1... rf po po flag=1 print data ...could this read 0? b: W[y]=1 d: R[x]=0 rf Initial state: data = 0 flag = 0 Test MP x86: ./runMP.sh POWER and ARM: POWER ARM Kind PowerG5 Power6 Power7 Tegra2 Tegra3 APQ8060 A5X MP Allow 10M/4.9G 6.5M/29G 1.7G/167G 40M/3.8G 138k/16M 61k/552M 437k/185M GCC and HotSpot: observable (in some contexts) C/C++11 standards: undefined program p. 4

  9. Explaining MP Have to deal with h/w relaxations (for multiple architectures) and compiler optimisations Thread 0 Thread 1 Thread 0 Thread 1 a: W[x]=1 c: R[y]=1 data=1 while (flag � = 1) ; if this reads 1... rf po po flag=1 print data ...could this read 0? b: W[y]=1 d: R[x]=0 rf Initial state: data = 0 flag = 0 Test MP p. 5

  10. Explaining MP Have to deal with h/w relaxations (for multiple architectures) and compiler optimisations Thread 0 Thread 1 r = data Thread 0 Thread 1 a: W[x]=1 c: R[y]=1 data=1 while (flag � = 1) ; if this reads 1... rf po po flag=1 print data ...could this read 0? b: W[y]=1 d: R[x]=0 rf Initial state: data = 0 flag = 0 Test MP p. 5

  11. A Less Simple Example POWER ARM Kind PowerG5 Power6 Power7 Tegra2 Tegra3 APQ8060 A5X PPOCA Allow 1.1k/3.4G 0/49G 175k/157G 0/24G 0/39G 233/743M 0/2.2G PPOAA Forbid 0/3.4G 0/46G 0/209G 0/24G 0/39G 0/26G 0/2.2G Thread 0 Thread 1 a: W[z]=1 c: R[y]=1 dmb/sync ctrl rf b: W[y]=1 d: W[x]=1 rf e: R[x]=1 addr rf f: R[z]=0 Test PPOCA p. 6

  12. Options 1. program w.r.t. particular h/w architecture and compiler optimisation knowledge 2. define macros that try to abstract (de facto Linux std) 3. incorporate into language semantics (C/C++11) p. 7

  13. A data-race-free model H/W memory models must define the behaviour of all programs For C/C++ can deem racy programs to be bad, saying: programs that are race-free in sequentially consistant (SC) semantics have SC behaviour programs that have a race in some execution in SC semantics can behave in any way at all ...and then add several tiers of low-level atomics , each with more performance (and relaxed behaviour) than the last: SC, release/acquire, release/consume, relaxed. p. 8

  14. What we’ve done clarify multicore h/w behaviour: x86, ARM, IBM Power clarify C/C++11 concurrency semantics and standards Central artifacts: mathematical reference models describes the set of all allowed behaviours of a program mathematically precise (might be wrong, but not ambiguous) as clear as possible executable as test oracle (for small programs) sound (w.r.t. implementations or standards, variously) p. 9

  15. Using the models cppmem tool C/C++11 concurrency compilation scheme (research) compiler verification (production) compiler testing p. 10

  16. � � Testing Compilers vs Semantics [Robin Morisset, Pankaj Pawan, Francesco Zappa Nardelli] Reduce problem to testing compilers on sequential programs: random sequential program � � � �������������������� � GCC -O2 � � � � � � � � reference semantics ( GCC -O0 ) � opt executable execute sound-transformation ? � opt trace reference trace A transformation is sound if it does not introduce any behavior in any non-racy context. [PLDI 2013] p. 11

  17. Compiler Concurrency Bug int g1 = 1; int g2 = 0; int func1(void) { int l; for (l = 0; (l != 4); l++) { if (g1) return l; for (g2 = 0; (g2 >= 26); ++g2) ; } } int main (int argc, char* argv[]) { func1(); } miscompiled by GCC 4.7.0 with -O2 p. 12

  18. Csem: Scaling up to more of C? Remember, we want a usable reference model. Formalise the Standard? p. 13

  19. Csem: Scaling up to more of C? Remember, we want a usable reference model. Formalise the Standard? Maybe as a starting point — but immediately hit cases where ISO standard and de facto standard differ. p. 13

  20. Simple Questions PC.1 In practice, can one compare (with <, >, <=, or >=) two pointers to separately allocated objects (of compatible object types)? p. 14

  21. Simple Questions PC.1 In practice, can one compare (with <, >, <=, or >=) two pointers to separately allocated objects (of compatible object types)? asked 11 experts: 4 used and supported in practice 2 not useful, but compilers do support it 4 should not be used; compilers might well not support it 1 don’t know PC.1 (standard) Is it allowed by the C standard? 1 allowed 6 not allowed 3 don’t know p. 14

  22. Simple Questions PC.1 In practice, can one compare (with <, >, <=, or >=) two pointers to separately allocated objects (of compatible object types)? “Again, memory allocator implementations do this a lot. Also, this is used in practice to avoid deadlock – if a pair of locks to be acquired have the same address, only acquire one of them. (In fact, I am currently working on a patch that does just this.)” p. 14

  23. Simple Questions PC.1 In practice, can one compare (with <, >, <=, or >=) two pointers to separately allocated objects (of compatible object types)? “May produce inconsistent results in practice if p and q straddle the exact middle of the address space. We’ve run into practical problems with this.” p. 14

  24. Simple Basic Questions PR.1.a Given two separately allocated objects of the same type, can a pointer to the first be turned into a usable pointer to the second, by pointer arithmetic together with a check that the result has an identical representation to that of another usable pointer to the second? int y = 2, x=1; int main() { intptr t offset = &y - &x; // ? int *p = &x + offset, *q = &y; if (memcmp(&p, &q, sizeof(p)) == 0) { *p = 11; // ? printf("x=%d y=%d *p=%d *q=%d",x,y,*p,*q); } } p. 15

  25. Simple Basic Questions PR.1.a Given two separately allocated objects of the same type, can a pointer to the first be turned into a usable pointer to the second, by pointer arithmetic together with a check that the result has an identical representation to that of another usable pointer to the second? int y = 2, x=1; int main() { intptr t offset = &y - &x; // ? int *p = &x + offset, *q = &y; if (memcmp(&p, &q, sizeof(p)) == 0) { *p = 11; // ? printf("x=%d y=%d *p=%d *q=%d",x,y,*p,*q); } } $gcc-4.7 -std=c11 -pedantic -Wall -O1: x=1 y=11 *p=11 *q=11 $gcc-4.7 -std=c11 -pedantic -Wall -O2: x=1 y=2 *p=11 *q=2 p. 15

  26. moral: what matters is not just what happens to the bits at runtime, but what the compiler analysis assumes p. 16

  27. Basic Questions ET.1 If one uses a pointer to a struct to initialise a single member of the struct in a malloc’d region, does 1. the footprint of the whole struct take on the struct type as its effective type, or 2. does the footprint of the member take on an effective type of that struct member, or 3. does the footprint of the member take on an effective type as the type of that struct member? p. 17

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

HOC programming language HOC programming language p. 1/27 Why learn the language GUI will

HOC programming language HOC programming language p. 1/27 Why learn the language GUI will

HOC programming language HOC programming language p. 1/27 Why learn the language GUI will get you started but then want to manipulate output Dump to .ses file and edit Can load .ses and run without graphics (for large sims) Network

638 views • 27 slides
Models of Language Evolution models thereof its evolution language Models of Language Evolution

Models of Language Evolution models thereof its evolution language Models of Language Evolution

Models of Language Evolution models thereof its evolution language Models of Language Evolution ? What is language? never start with a dictionary definition!! the language of Google search query completion A language is a dialect with

1.13k views • 30 slides
Hmong Language 2. The Hmong Language 1. Hmong People 3. Natural Language Processing of Hmong 1

Hmong Language 2. The Hmong Language 1. Hmong People 3. Natural Language Processing of Hmong 1

Mengfei Zhou Language Resource Assessment July 20, 2016 Institute for Computational Linguistics, Heidelberg University Hmong Language 2. The Hmong Language 1. Hmong People 3. Natural Language Processing of Hmong 1 Table of contents Hmong

462 views • 23 slides
Second Language Learners and Language Development How long does it take to learn a second

Second Language Learners and Language Development How long does it take to learn a second

Second Language Learners and Language Development How long does it take to learn a second language? According to research: 5 to 7 years Factors affecting language learning: Emotional variables Self-esteem Motivation

420 views • 12 slides
speakers of one language. Speakers of another language are twice as likely to recover from

speakers of one language. Speakers of another language are twice as likely to recover from

Language speakers of another language postpone the effects of dementia on average by 4,5 years later than speakers of one language. Speakers of another language are twice as likely to recover from strokes than people who speak one

83 views • 7 slides
Mathematics Education and Language Diversity: From Language-as-Problem to Language-as-Resource

Mathematics Education and Language Diversity: From Language-as-Problem to Language-as-Resource

Mathematics Education and Language Diversity: From Language-as-Problem to Language-as-Resource Mamokgethi Phakeng University of Cape Town www.mamokgethi.com Why is language important for Mathematics teaching and learning? 1. We use language

428 views • 24 slides
Language Acquisition of Multiword Expressions from language technology to language learners

Language Acquisition of Multiword Expressions from language technology to language learners

Language Acquisition of Multiword Expressions from language technology to language learners Aline Villavicencio Institute of Informatics Federal University of Rio Grande do Sul, Brazil Montevideo, November 8, 2012 Introduction A platform

978 views • 69 slides
Language Acquisition of Multiword Expressions from language technology to language learners

Language Acquisition of Multiword Expressions from language technology to language learners

Language Acquisition of Multiword Expressions from language technology to language learners Aline Villavicencio Institute of Informatics Federal University of Rio Grande do Sul, Brazil Saarbrcken, January, 2013 Introduction State of the

728 views • 68 slides
Language 75,000 - 100,000 words Productive or generative nature of language

Language 75,000 - 100,000 words Productive or generative nature of language

5/9/19 Introduction to Language &amp; Language Comprehension The Nature of Language Background Phrase structure grammars Transformational grammars Factors affecting comprehension Neurolinguistics Speech Perception

388 views • 17 slides
Language and Thought Lecture 25 1 Language in Cognition Language as a Tool for

Language and Thought Lecture 25 1 Language in Cognition Language as a Tool for

Language and Thought Lecture 25 1 Language in Cognition Language as a Tool for Communication Experience, Thought, and Action Language as a Tool for Thought Labels for Objects, Events, Attributes, Concepts Reasoning,

1.2k views • 32 slides
Language in humans Today: how do humans process language? Language in Humans We ve

Language in humans Today: how do humans process language? Language in Humans We ve

Language in humans Today: how do humans process language? Language in Humans We ve looked above at syntactic processing. There are many other aspects of apparently similar complexity. Human Communication 1 The main questions are

229 views • 5 slides
Example 3.7 I Consider the following language { 0 2 n | n 0 } Strings in this language are 0

Example 3.7 I Consider the following language { 0 2 n | n 0 } Strings in this language are 0

Example 3.7 I Consider the following language { 0 2 n | n 0 } Strings in this language are 0 , 00 , 0000 , 00000000 , . . . Idea: crossing off every other 0 and the remaining string should still have even length October 23, 2020 1 / 8

415 views • 8 slides
Introduction to embodiment Language has function Language is situated Interpreting

Introduction to embodiment Language has function Language is situated Interpreting

Language and Conceptualization Introduction to embodiment Language has function Language is situated Interpreting language requires experiential, embodied understanding of the world linguistic capabilities are created as humans

601 views • 24 slides
ELL The English Language Language MOTIVATION Our language provides core file manipulation

ELL The English Language Language MOTIVATION Our language provides core file manipulation

ELL The English Language Language MOTIVATION Our language provides core file manipulation operations and storage structures, which allow us to mine statistics between given documents, as well as other tasks related to document

440 views • 12 slides
Advanced Natural Language Processing: What is Natural Language Processing (NLP)? Background

Advanced Natural Language Processing: What is Natural Language Processing (NLP)? Background

Course Logistics What is Natural Language Processing? computers using natural language as input and/or Instructor Regina Barzilay, Michael Collins output Email regina@csail.mit.edu, mcollins@csail.mit.edu computer language language

552 views • 13 slides
1 min 1-1 P ( W ) , W = w ; w ; : : : ; w 1 2 n Basic Language Modeling Estimate

1 min 1-1 P ( W ) , W = w ; w ; : : : ; w 1 2 n Basic Language Modeling Estimate

Exploiting Syntactic Structure for Language Modeling Basic Language Modeling: Ciprian Chelba, Frederick Jelinek Model Component Parameterization A Structured Language Model: Pruning Strategy Language Model Requirements Word

579 views • 31 slides
An Automated Model-based Test Oracle for Access Control Systems Antonia Bertolino 1 , Said

An Automated Model-based Test Oracle for Access Control Systems Antonia Bertolino 1 , Said

An Automated Model-based Test Oracle for Access Control Systems Antonia Bertolino 1 , Said Daoudagh 1,2 , Francesca Lonetti 1 , Eda Marchetti 1 1 ISTI-CNR 2 University of Pisa Agenda Introduction Access Control Systems XACML policies

459 views • 31 slides
Improving Automation in Developer Testing: Test Oracles Tao Xie Department of Computer Science

Improving Automation in Developer Testing: Test Oracles Tao Xie Department of Computer Science

Improving Automation in Developer Testing: Test Oracles Tao Xie Department of Computer Science North Carolina State University http://ase.csc.ncsu.edu/ http://ase.csc.ncsu.edu/autotest/ Software Testing Setup ? = + Expected Test

411 views • 25 slides
ACTUARIES &amp; DATA SCIENCE Jerome Tuttle, FCAS, CPCU Retired Actuary 1 What i is an

ACTUARIES &amp; DATA SCIENCE Jerome Tuttle, FCAS, CPCU Retired Actuary 1 What i is an

ACTUARIES &amp; DATA SCIENCE Jerome Tuttle, FCAS, CPCU Retired Actuary 1 What i is an an act actuar ary? The m mathematicia icians ns o of the i insurance ce i industry. A business p professiona nal who wh

757 views • 17 slides
Presentation Objectives Test coverage concepts Advantages of automated test coverage

Presentation Objectives Test coverage concepts Advantages of automated test coverage

Automated Test Coverage: Take Your Test Suites To the Next Level Presented By Jay Berkenbilt Apex CoVantage Solving the Software Quality Puzzle Page 1 www.psqtconference.com D Presentation Objectives Test coverage

412 views • 29 slides
Test Oracles and Randomness S I T R T E V U I N L M U O S C D I N E

Test Oracles and Randomness S I T R T E V U I N L M U O S C D I N E

Test Oracles and Randomness S I T R T E V U I N L M U O S C D I N E A N R D U O C D O O D C N E Ralph Guderlei and Johannes Mayer rjg@mathematik.uni-ulm.de, jmayer@mathematik.uni-ulm.de

627 views • 40 slides
Query-aware Test Generation Using a Relational Constraint Solver SHADI ABDUL KHALEK, BASSEM

Query-aware Test Generation Using a Relational Constraint Solver SHADI ABDUL KHALEK, BASSEM

Query-aware Test Generation Using a Relational Constraint Solver SHADI ABDUL KHALEK, BASSEM ELKARABLIEH, YAI O. LALEYE, SARFRAZ KHURSHID ASE08 PRESENTED BY: YUSHAN ZHANG 1 http://ieeexplore.ieee.org/document/4639327/ 2020/10/8 Blackbox

434 views • 18 slides
Charlie Garrod Chris Timperley 17-214 1 Administrivia Homework 4a due Thursday at 11:59 p.m.

Charlie Garrod Chris Timperley 17-214 1 Administrivia Homework 4a due Thursday at 11:59 p.m.

Principles of Software Construction: Objects, Design, and Concurrency Invariants, immutability, and testing Charlie Garrod Chris Timperley 17-214 1 Administrivia Homework 4a due Thursday at 11:59 p.m. Mandatory design review meeting

1.02k views • 63 slides
Osmocom TTCN-3 Test Suites Harald Welte &lt;laforge@gnumonks.org&gt; Osmocom TTCN-3 Test Suites

Osmocom TTCN-3 Test Suites Harald Welte &lt;laforge@gnumonks.org&gt; Osmocom TTCN-3 Test Suites

Osmocom TTCN-3 Test Suites Harald Welte &lt;laforge@gnumonks.org&gt; Osmocom TTCN-3 Test Suites developed in 2017+2018 compiled using Eclipse TITAN uses just a command-line compiler + Makefiles no IDE needed at all, dont let Eclipse fool you

805 views • 21 slides

More recommend