using abstract interpretation to correct synchronization
play

Using abstract interpretation to correct synchronization faults - PowerPoint PPT Presentation

Sep 03, 2022 •110 likes •578 views

Using abstract interpretation to correct synchronization faults Pietro Ferrara Omer Tripp Peng Liu Eric Koskinen JuliaSoft Google IBM Research Yale University VMCAI 17 January 2017 Concurrency is here to stay. Thread 1 Thread 2

  1. Using abstract interpretation to correct synchronization faults Pietro Ferrara Omer Tripp Peng Liu Eric Koskinen JuliaSoft Google IBM Research Yale University VMCAI · 17 January 2017

  2. Concurrency is here to stay.

  3. … Thread 1 Thread 2 Thread n Queue HashMap List

  4. updateReservation(Slot old_slot, Slot new_slot) : Reservation = { var r = map. remove (old_slot) // remove if exists if (r == null) { Slot Res r = new Res() } 10:00 α val clobbered = map. replace (new_slot, r) return clobbered; 11:00 β } 12:00 γ 13:00 —

  5. updateReservation(Slot old_slot, Slot new_slot) : Reservation = { var r = map. remove (old_slot) // remove if exists if (r == null) { Slot Res r = new Res() } 10:00 α t 1 val clobbered = map. replace (new_slot, r) return clobbered; 11:00 β } t 2 12:00 γ 13:00 —

  6. updateReservation(Slot old_slot, Slot new_slot) : Reservation = { var r = map. remove (old_slot) // remove if exists if (r == null) { Slot Res r = new Res() } 10:00 α t 1 val clobbered = map. replace (new_slot, r) return clobbered; 11:00 β } t 2 12:00 γ t 1 goes first 13:00 — t 2 goes second t 1 : remove (10:00) / α t 2 : remove (13:00) / null t 1 : if (…) t 2 : new Res() / δ t 2 : replace (11:00) / β But returns δ ? Now: 11:00 —> α t 1 : replace (11:00) / δ t 1 : return δ Returns β ? Not serializable! t 2 : return β

  7. updateReservation(Slot old_slot, Slot new_slot) : Reservation = { var r = map. remove (old_slot) // remove if exists if (r == null) { Slot Res r = new Res() } 10:00 α t 1 val clobbered = map. replace (new_slot, r) return clobbered; 11:00 β } t 2 12:00 γ 13:00 — Acceptable Final States: t 1 first, returns β t 2 first, returns β t 2 second, returns α t 1 second, returns δ Slot Res Slot Res 10:00 — 10:00 — 11:00 δ 11:00 α 12:00 γ 12:00 γ 13:00 — 13:00 —

  8. updateReservation(Slot old_slot, Slot new_slot) : Reservation = { var r = map. remove (old_slot) // remove if exists if (r == null) { Slot Res r = new Res() } 10:00 α t 1 val clobbered = map. replace (new_slot, r) return clobbered; 11:00 β } t 2 12:00 γ 13:00 — Existing approaches to enforcing serializability . . .

  9. updateReservation(Slot old_slot, Slot new_slot) : Reservation = { var r = map. remove (old_slot) // remove if exists if (r == null) { Slot Res r = new Res() } t 1 10:00 α t 1 val clobbered = map. replace (new_slot, r) t 1 return clobbered; 11:00 β } t 2 12:00 γ t 2 Pessimistic 13:00 — t 1 : lock (10:00); lock (11:00) t 2 : lock (13:00); t 1 : remove (10:00) / α t 1 : if (…) t 1 : replace (11:00) / β t 1 : return β

  10. updateReservation(Slot old_slot, Slot new_slot) : Reservation = { var r = map. remove (old_slot) // remove if exists if (r == null) { Slot Res r = new Res() } t 1 10:00 α t 1 val clobbered = map. replace (new_slot, r) t 1 return clobbered; 11:00 β } t 2 12:00 γ t 2 Pessimistic 13:00 — t 1 : lock (10:00); lock (11:00) t 2 : lock (13:00); lock (11:00) t 1 : remove (10:00) / α t 1 : if (…) t 1 : replace (11:00) / β t 1 : return β

  11. updateReservation(Slot old_slot, Slot new_slot) : Reservation = { var r = map. remove (old_slot) // remove if exists if (r == null) { r = new Res() } val clobbered = map. replace (new_slot, r) return clobbered; } Pessimistic pessimis,c% remove if replace t 1 % get$ if(…)$ new$ putIfAbsent$ return$ remove new replace t 2 % get$ if(…)$ new$ putIfAbsent$ return$

  12. updateReservation(Slot old_slot, Slot new_slot) : Reservation = { var r = map. remove (old_slot) // remove if exists if (r == null) { r = new Res() } val clobbered = map. replace (new_slot, r) return clobbered; } Optimistic t 1 : remove (10:00) / α t 2 : remove (13:00) / null t 1 : if (…) t 2 : new Res() / δ t 2 : replace (11:00) / β t 1 : replace (11:00) / β t 1 : return β t 2 : return β

  13. updateReservation(Slot old_slot, Slot new_slot) : Reservation = { var r = map. remove (old_slot) // remove if exists if (r == null) { r = new Res() } val clobbered = map. replace (new_slot, r) return clobbered; } Optimistic t 1 : remove (10:00) / α t 2 : remove (13:00) / null t 1 : if (…) t 2 : new Res() / δ t 2 : replace (11:00) / β t 1 : replace (11:00) / β conflict. t 1 : return β t 2 : return β

  14. updateReservation(Slot old_slot, Slot new_slot) : Reservation = { var r = map. remove (old_slot) // remove if exists if (r == null) { r = new Res() } val clobbered = map. replace (new_slot, r) return clobbered; } Optimistic pessimis,c% remove if replace t 1 % get$ if(…)$ new$ putIfAbsent$ return$ remove new replace t 2 % get$ if(…)$ new$ putIfAbsent$ return$ remove if replace op,mis,c% t 1 % get$ if(…)$ new$ putIfAbsent$ return$ t 2 % remove new replace remove new replace get$ if(…)$ new$ putIfAbsent$ get$ if(…)$ new$ putIfAbsent$ return$ retry%

  15. updateReservation(Slot old_slot, Slot new_slot) : Reservation = { var r = map. remove (old_slot) // remove if exists if (r == null) { r = new Res() } val clobbered = map. replace (new_slot, r) return clobbered; } Other options? Perform a correction!

  16. updateReservation(Slot old_slot, Slot new_slot) : Reservation = { var r = map. remove (old_slot) // remove if exists if (r == null) { Slot Res r = new Res() } 10:00 α t 1 val clobbered = map. replace (new_slot, r) return clobbered; 11:00 β } t 2 12:00 γ 13:00 — t 1 : remove (10:00) / α t 2 : remove (13:00) / null t 1 : if (…) t 2 : new Res() / δ t 2 : replace (11:00) / β t 1 : replace (11:00) / δ t 1 : return δ Not serializable! t 2 : return β

  17. updateReservation(Slot old_slot, Slot new_slot) : Reservation = { var r = map. remove (old_slot) // remove if exists if (r == null) { Slot Res r = new Res() } 10:00 α t 1 val clobbered = map. replace (new_slot, r) return clobbered; 11:00 β } t 2 12:00 γ 13:00 —

  18. Serializable Target t 1 first, returns β updateReservation(Slot old_slot, Slot new_slot) : Reservation = { var r = map. remove (old_slot) // remove if exists t 2 second, returns α if (r == null) { Slot Res r = new Res() ♥ Slot Res } 10:00 — val clobbered = map. replace (new_slot, r) 10:00 — δ return clobbered; 11:00 β } 11:00 δ 12:00 γ 12:00 γ 13:00 — 13:00 — t 1 : remove (10:00) / α t 2 : remove (13:00) / null t 1 : if (…) t 2 : new Res() / δ t 2 : replace (11:00) / β α t 1 : replace (11:00) / δ β t 1 : return δ β t 2 : return β α

  19. Serializable Target t 2 first, returns β updateReservation(Slot old_slot, Slot new_slot) : Reservation = { var r = map. remove (old_slot) // remove if exists t 1 second, returns δ if (r == null) { Slot Res r = new Res() ♥ Slot Res } 10:00 — val clobbered = map. replace (new_slot, r) 10:00 — α return clobbered; 11:00 β } 11:00 α 12:00 γ 12:00 γ 13:00 — 13:00 — t 1 : remove (10:00) / α t 2 : remove (13:00) / null t 1 : if (…) t 2 : new Res() / δ t 2 : replace (11:00) / β t 1 : replace (11:00) / δ t 1 : return δ t 2 : return β

  20. updateReservation(Slot old_slot, Slot new_slot) : Reservation = { var r = map. remove (old_slot) // remove if exists if (r == null) { r = new Res() } val clobbered = map. replace (new_slot, r) return clobbered; } Corrective pessimis,c% remove if replace t 1 % get$ if(…)$ new$ putIfAbsent$ return$ remove new replace t 2 % get$ if(…)$ new$ putIfAbsent$ return$ remove if replace op,mis,c% t 1 % get$ if(…)$ new$ putIfAbsent$ return$ t 2 % remove new replace remove new replace get$ if(…)$ new$ putIfAbsent$ get$ if(…)$ new$ putIfAbsent$ return$ retry% remove if replace correc,ve% t 1 % get$ if(…)$ new$ putIfAbsent$ return$ remove new replace t 2 % get$ if(…)$ new$ putIfAbsent$ return$ correct%

  21. remove if replace correc,ve% t 1 % get$ if(…)$ new$ putIfAbsent$ return$ Corrective remove new replace t 2 % get$ if(…)$ new$ putIfAbsent$ return$ correct% Challenges & Contributions • Is this serializable? 
 Yes, we have proved so. • How to compute each thread’s alternative post- states? 
 Via a static abstract interpretation . • Given an incorrect state, how to efficiently recover to a correct post-state? 
 Via a dynamic runtime system .

  22. remove if replace correc,ve% t 1 % get$ if(…)$ new$ putIfAbsent$ return$ Corrective remove new replace t 2 % get$ if(…)$ new$ putIfAbsent$ return$ correct% Formalization Transition System

  23. remove if replace correc,ve% t 1 % get$ if(…)$ new$ putIfAbsent$ return$ Corrective remove new replace t 2 % get$ if(…)$ new$ putIfAbsent$ return$ correct% Formalization Remember where we started t

  24. remove if replace correc,ve% t 1 % get$ if(…)$ new$ putIfAbsent$ return$ Corrective remove new replace t 2 % get$ if(…)$ new$ putIfAbsent$ return$ correct% Formalization Remember the operation that was performed , op t ) L t ' , L t •op t )], σ , L ) Act sort of optimistically: march ahead w local changes

  25. remove if replace correc,ve% t 1 % get$ if(…)$ new$ putIfAbsent$ return$ Corrective remove new replace t 2 % get$ if(…)$ new$ putIfAbsent$ return$ correct% Formalization Parameterize by property of interest (Serializability) , op t ) L t , L t •op t )], σ , L ) Replay the mutations on the shared state

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Abstract interpretation based Analysis [FPCA 95], Predicate Abstraction [Mannas festschrift

Abstract interpretation based Analysis [FPCA 95], Predicate Abstraction [Mannas festschrift

Abstract interpretation The Verification Grand Challenge - Abstract interpretation is a mathematical theory of - - and Abstract Interpretation sound approximation of properties of formal sys- tems (including program specifications, semantics,

422 views • 10 slides
Correctness of Abstract Interpretation Deepak Dsouza and K. V. Raghavan Summary: What is an

Correctness of Abstract Interpretation Deepak Dsouza and K. V. Raghavan Summary: What is an

Correctness of Abstract Interpretation Deepak Dsouza and K. V. Raghavan Summary: What is an abstract interpretation (AI)? Given: A complete join semi-lattice D . This is the abstract semantic domain. A monotonic

297 views • 25 slides
Abstract Interpretation Harry Xu CS 253/INF 212 Spring 2013 Acknowledgements Many slides in

Abstract Interpretation Harry Xu CS 253/INF 212 Spring 2013 Acknowledgements Many slides in

Abstract Interpretation Harry Xu CS 253/INF 212 Spring 2013 Acknowledgements Many slides in this file were taken from the tutorial slides that Patrick Cousot used in VMCAI05 Abstract Interpretation A theory of sound approximation of

946 views • 92 slides
Ariane 5.01 failure Patriot failure Mars orbiter loss (overflow) (float rounding) (unit error)

Ariane 5.01 failure Patriot failure Mars orbiter loss (overflow) (float rounding) (unit error)

Motivation (1 mn) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Abstract interpretation, reminder (10 mn) . . . . . . . . . . . . . . . . . . 6 Applications of abstract interpretation (2 mn) . . . . . . . . .

876 views • 16 slides
Abstract Interpretation III Semantics and Application to Program Verification Antoine Min e

Abstract Interpretation III Semantics and Application to Program Verification Antoine Min e

Abstract Interpretation III Semantics and Application to Program Verification Antoine Min e Ecole normale sup erieure, Paris year 20152016 Course 12 20 May 2016 Course 12 Abstract Interpretation III Antoine Min e p. 1 / 60

706 views • 67 slides
A Reconstruction of a Types-and-Effects Analysis by Abstract Interpretation Letterio Galletta

A Reconstruction of a Types-and-Effects Analysis by Abstract Interpretation Letterio Galletta

A Reconstruction of a Types-and-Effects Analysis by Abstract Interpretation Letterio Galletta Dipartimento di Informatica - Universit di Pisa 19/09/2012 - ITCTCS 2012 Outline 1 Type and Effect Systems 2 Abstract Interpretation 3

762 views • 24 slides
Tracing Compilation by Abstract Interpretation S. Dissegna, F. Logozzo, F. Ranzato Thophile

Tracing Compilation by Abstract Interpretation S. Dissegna, F. Logozzo, F. Ranzato Thophile

Just-In-Time compilation Study setup Abstract interpretation Correctness proof Tracing Compilation by Abstract Interpretation S. Dissegna, F. Logozzo, F. Ranzato Thophile Bastian March 7, 2018 Slides: https://tiny.tobast.fr/m2-absint-slides

445 views • 16 slides
30 Years of Abstract Interpretation Thomas Jaudon Ball Microsoft Research [This is the text of a

30 Years of Abstract Interpretation Thomas Jaudon Ball Microsoft Research [This is the text of a

30 Years of Abstract Interpretation Thomas Jaudon Ball Microsoft Research [This is the text of a 20 minute talk I gave at the 30 Years of Abstract Interpretation Workshop in San Francisco, California, USA on January 9, 2008. The subsections

196 views • 9 slides
Logical Abstract Interpretation Sumit Gulwani Microsoft Research, Redmond Final Goal of the

Logical Abstract Interpretation Sumit Gulwani Microsoft Research, Redmond Final Goal of the

Logical Abstract Interpretation Sumit Gulwani Microsoft Research, Redmond Final Goal of the class Automatically verify partial correctness of programs like the following using abstract interpretation. Void Init(int* A, int n) { for (i := 0;

908 views • 62 slides
Static Program Analysis Foundations of Abstract Interpretation Sebastian Hack, Christian Hammer,

Static Program Analysis Foundations of Abstract Interpretation Sebastian Hack, Christian Hammer,

Static Program Analysis Foundations of Abstract Interpretation Sebastian Hack, Christian Hammer, Jan Reineke Advanced Lecture, Winter 2014/15 Abstract Interpretation Semantics-based approach to program analysis Framework to develop

487 views • 33 slides
Outline Static Analysis: Overview, Syntactic Analysis and Abstract Interpretation Overview

Outline Static Analysis: Overview, Syntactic Analysis and Abstract Interpretation Overview

Outline Static Analysis: Overview, Syntactic Analysis and Abstract Interpretation Overview TDDC90: Software Security Syntactic Analysis Ahmed Rezine Abstract Interpretation IDA, Linkpings Universitet Hsttermin 2014 Static Program

75 views • 7 slides
Constraints in Abstract Model Checking Direct implementation of an abstract interpretation John

Constraints in Abstract Model Checking Direct implementation of an abstract interpretation John

Constraints in Abstract Model Checking Direct implementation of an abstract interpretation John Gallagher 12 1 Roskilde University 2 IMDEA Software Institute, Madrid CP meets CAV Turun, Turkey John Gallagher Constraints in Abstract Model

375 views • 16 slides
Basic Concepts of Abstract Interpretation Patrick Cousot cole normale suprieure 45

Basic Concepts of Abstract Interpretation Patrick Cousot cole normale suprieure 45

Basic Concepts of Abstract Interpretation Patrick Cousot cole normale suprieure 45 rue dUlm 75230 Paris cedex 05, France Patrick.Cousot@ens.fr www.di.ens.fr/~cousot IFIP WCC Topical day on Abstract Interpretation P.

1.95k views • 183 slides
Abstract Interpretation + Impure Catalysts Our Sparrow Experience YI Jhee, MS Jin, YB Jung, DH

Abstract Interpretation + Impure Catalysts Our Sparrow Experience YI Jhee, MS Jin, YB Jung, DH

Abstract Interpretation + Impure Catalysts Our Sparrow Experience YI Jhee, MS Jin, YB Jung, DH Kim, SH Kong, HJ Lee, HJ Oh, DJ Park, Kwangkeun Yi Programming Research Laboratory Seoul National University Korea 30 Years of Abstract

920 views • 37 slides
Tim e, and the lack thereof Outline Introduction A global notion of the correct time

Tim e, and the lack thereof Outline Introduction A global notion of the correct time

Distributed System s Fall 2 0 0 9 Time and Synchronization Tim e, and the lack thereof Outline Introduction A global notion of the correct time would be tremendously useful. Basic definitions Synchronization algorithms Why?

106 views • 6 slides
A proof - theoretic approach to abstract interpretation Apostolos Tzimoulis joint work with

A proof - theoretic approach to abstract interpretation Apostolos Tzimoulis joint work with

A proof - theoretic approach to abstract interpretation Apostolos Tzimoulis joint work with Vijay DSilva, Alessandra Palmigiano and Caterina Urban (with images from Patrick Cousot) TACL 2017 - Prague A bstract interpretation A bstract

341 views • 14 slides
Software Security: Defenses & Principles CS 161: Computer Security Prof. Vern Paxson TAs:

Software Security: Defenses & Principles CS 161: Computer Security Prof. Vern Paxson TAs:

Software Security: Defenses & Principles CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin Javed & Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ January 25, 2011 Testing for Software Security Issues

444 views • 42 slides
Mutation Testing of Memory- Related Operators Jay Nanavati, Fan Wu, Mark Harman, Yue Jia, Jens

Mutation Testing of Memory- Related Operators Jay Nanavati, Fan Wu, Mark Harman, Yue Jia, Jens

Mutation Testing of Memory- Related Operators Jay Nanavati, Fan Wu, Mark Harman, Yue Jia, Jens Krinke UCL, UK Mutation Testing Test case Test case Test case Test case Test case Test case Test case Jay Nanavati, Fan Wu, Mark

606 views • 28 slides
The No Gap Conjecture: Proof by Pictures Stephen Hermes Wellesley College, Wellesley, MA

The No Gap Conjecture: Proof by Pictures Stephen Hermes Wellesley College, Wellesley, MA

The No Gap Conjecture: Proof by Pictures Stephen Hermes Wellesley College, Wellesley, MA Maurice Auslander Distinguished Lectures and International Conference Woods Hole May, 2016 Preliminaries Joint With Kiyoshi Igusa. arXiv:1601.04054

515 views • 35 slides
Thread synchronization David Hovemeyer 2 December 2019 David Hovemeyer Computer Systems

Thread synchronization David Hovemeyer 2 December 2019 David Hovemeyer Computer Systems

Thread synchronization David Hovemeyer 2 December 2019 David Hovemeyer Computer Systems Fundamentals: Thread synchronization 2 December 2019 A program 1 const int NUM_INCR=100000000, NTHREADS=2; typedef struct { volatile int count; }

658 views • 36 slides
Drift, mutation, selection, and the evolutionary dispersion of mean phenotypes recombination

Drift, mutation, selection, and the evolutionary dispersion of mean phenotypes recombination

Drift, mutation, selection, and the evolutionary dispersion of mean phenotypes recombination random mutation genetic drift The Population-genetic Environment 1000x Range of Variation in the Mutation Rate The mutation rate per nucleotide

480 views • 27 slides
Evolutionary Testing for Crash Reproduction Mozhan Soltani Annibale Panichella Arie van Deursen

Evolutionary Testing for Crash Reproduction Mozhan Soltani Annibale Panichella Arie van Deursen

Evolutionary Testing for Crash Reproduction Mozhan Soltani Annibale Panichella Arie van Deursen Bugs are everywhere Cost of Bug Fixings Major Bug for Apache Commons Collections https://issues.apache.org/jira/browse/COLLECTIONS-70 Cost

653 views • 37 slides
To The Next (DOM) Level (or How to leverage on W3C specifications to unleash a can of worms

To The Next (DOM) Level (or How to leverage on W3C specifications to unleash a can of worms

Taking Browsers Fuzzing To The Next (DOM) Level (or How to leverage on W3C specifications to unleash a can of worms ) Rosario Valotta Agenda Browser fuzzing: state of the art Memory corruption bugs: an overview Fuzzing

792 views • 40 slides
Python and GraphQL Alec MacQueen Software Engineer @ Administrate Alec MacQueen - @macqueenism -

Python and GraphQL Alec MacQueen Software Engineer @ Administrate Alec MacQueen - @macqueenism -

Python and GraphQL Alec MacQueen Software Engineer @ Administrate Alec MacQueen - @macqueenism - Europython 2018 Alec MacQueen - @macqueenism - Europython 2018 vs Alec MacQueen - @macqueenism - Europython 2018 Maintainability Coupling

875 views • 36 slides

More recommend