verification of transactional memories that support non
play

Verification of Transactional Memories that support - PowerPoint PPT Presentation

Feb 23, 2023 •375 likes •665 views

Verification of Transactional Memories that support Non-Transactional Memory Accesses Ariel Cohen 1 , Amir Pnueli 1 , and Lenore Zuck 2 1 New York University 2 University of Illinois at Chicago TRANSACT February 2008 Cohen, Pnueli, Zuck

  1. Verification of Transactional Memories that support Non-Transactional Memory Accesses Ariel Cohen 1 , Amir Pnueli 1 , and Lenore Zuck 2 1 New York University 2 University of Illinois at Chicago TRANSACT – February 2008 Cohen, Pnueli, Zuck (NYU) Verification of Transactional Memory TRANSACT 2008 1 / 17

  2. Objectives A formal framework to reason about the correctness of TM implementations; Construct automatic tools to obtain formal verification of implementations (wrt to specifications) Cohen, Pnueli, Zuck (NYU) Verification of Transactional Memory TRANSACT 2008 2 / 17

  3. Objectives A formal framework to reason about the correctness of TM implementations; Construct automatic tools to obtain formal verification of implementations (wrt to specifications) Construct generic specifications that depend on conflicts, their detection, and their arbitration. Construct a deductive proof rule that establishes that an implementations refines a specification. Prove soundness of proof rule, and obtain proofs, using TlPvs . Cohen, Pnueli, Zuck (NYU) Verification of Transactional Memory TRANSACT 2008 2 / 17

  4. General Overview of TM Clients issue transactional and non-transactional requests; TM responds with ack (or values in the case of reads) or err ; Non-transactional accesses never get err A TS is the sequence of transactional events (requests/responses) in the system; Cohen, Pnueli, Zuck (NYU) Verification of Transactional Memory TRANSACT 2008 3 / 17

  5. Clients Transactional issues are ◭ i , R i ( x ) , W i ( x , v ) , ◮ i , � ◮ i ; Responses are err , ack , or value v ; Non-Transactional issues are R n ( x ) , W n ( x , v ); Same client has at most a single transaction or a single non-transaction at a time. All transactions must end (commit/abort); Response is v (for a R n ( x )); Cohen, Pnueli, Zuck (NYU) Verification of Transactional Memory TRANSACT 2008 4 / 17

  6. Notes on Transactions Inside a transaction, all R i ( x ) return the most recent value written by same transactions if it contains a prior W i ( x , − ); The only “interesting” responses (that cannot be locally determined) are: ◮ Response for the first R i ( x ), which is a value; ◮ Response to ◮ , which may be ack or err ; We assume the req/res pair are consecutive; We omit the response when clear from context, and denote R i ( x ) with response v by R i ( x , v ); Cohen, Pnueli, Zuck (NYU) Verification of Transactional Memory TRANSACT 2008 5 / 17

  7. Atomic and Serializable TSs A TS is atomic if after all events of aborted transactions are removed: ◮ Transactions do not overlap; ◮ Each (first) R i ( x ) returns the value of the most recent W j ( x , − ); A TS is serializable if, after all events of aborted transactions are removed, a series of interchanges of consecutive events results in an atomic TS. Cohen, Pnueli, Zuck (NYU) Verification of Transactional Memory TRANSACT 2008 6 / 17

  8. Conflicts: Restrictions on Interchanges Two consecutive events should not be interchanged when: They belong to the same transactions; Both are ◮ events ( strict serializability ); Their interchange will resolve a conflict; Cohen, Pnueli, Zuck (NYU) Verification of Transactional Memory TRANSACT 2008 7 / 17

  9. Conflicts: Restrictions on Interchanges Two consecutive events should not be interchanged when: They belong to the same transactions; Both are ◮ events ( strict serializability ); Their interchange will resolve a conflict; Example: An overlap conflict does not allow transactions to overlap. T 1 � �� � ◭ 1 R 1 ( x , 0) ◭ 2 R 2 ( x , 0) W 2 ( x , 1) ◮ 2 W 1 ( x , 2) ◮ 1 � �� � T 2 ◭ 2 R 2 ( x , 0) W 2 ( x , 1) ◭ 1 ◮ 2 W 1 ( x , 2) ◮ 1 ◭ 2 R 2 ( x , 0) W 2 ( x , 1) ◮ 2 ◭ 1 W 1 ( x , 2) ◮ 1 Do not allow ◭ i ◮ j interchanges!! Cohen, Pnueli, Zuck (NYU) Verification of Transactional Memory TRANSACT 2008 7 / 17

  10. Admissible Interchanges Depend on definition of conflict ; Describe which pairs of consecutive events can be safely interchanged; Expressible by temporal logic using past operators Can capture almost all [Sco06]’s conflicts (but for mixed invalidation, which requires future operators); A TS is serializable wrt to a conflict c if, once events belonging to aborted transactions are removed, a sequence of interchanges that is allowed according to the admissible interchanges of c results in an atomic TS. Cohen, Pnueli, Zuck (NYU) Verification of Transactional Memory TRANSACT 2008 8 / 17

  11. Specifying/Implementing TMs Assume a conflict described by a set of admissible interchanges . A Specification for a TM, is a state machine that outputs all the TSs that are serializable wrt to the admissible interchanges. There are fairness requirements that capture the restriction that every transactions commits or aborts. Cohen, Pnueli, Zuck (NYU) Verification of Transactional Memory TRANSACT 2008 9 / 17

  12. Specifying/Implementing TMs Assume a conflict described by a set of admissible interchanges . A Specification for a TM, is a state machine that outputs all the TSs that are serializable wrt to the admissible interchanges. There are fairness requirements that capture the restriction that every transactions commits or aborts. Conflicts detection and arbitration is left for the implementation (though they can be added to the specifications). Cohen, Pnueli, Zuck (NYU) Verification of Transactional Memory TRANSACT 2008 9 / 17

  13. Specifying/Implementing TMs Assume a conflict described by a set of admissible interchanges . A Specification for a TM, is a state machine that outputs all the TSs that are serializable wrt to the admissible interchanges. There are fairness requirements that capture the restriction that every transactions commits or aborts. Conflicts detection and arbitration is left for the implementation (though they can be added to the specifications). An implementation of a TM is a state machine that outputs TSs. The implementation is correct wrt to a specification if, given some mapping between the variables of both systems, every computation of the implementation can be mapped to a computation of the implementation (preserving fairness). Cohen, Pnueli, Zuck (NYU) Verification of Transactional Memory TRANSACT 2008 9 / 17

  14. Specification: Data Structures spec mem : N �→ N – a persistent memory, initially 0 ; Q – a “queue” of requests of pending transactions; spec out – a req/res pair or ⊥ ; doomed : [1 .. n ] �→ { 0 , 1 } – doomed [ i ] indicates that the transaction of client i is doomed to be aborted; Cohen, Pnueli, Zuck (NYU) Verification of Transactional Memory TRANSACT 2008 10 / 17

  15. Specification: Actions (assuming local correctness. spec out in [] when not obvious): Append a ◭ i , R i , W i and its response to Q ; Append ◭ i R i ( x , spec mem [ x ]) ◮ i to Q ; Append ◭ i W i ( x , v ) ◮ i to Q ; Append � ◮ i to Q and remove i ’s pending transactional events from Q ; Set doomed [ i ] to 1 and remove i ’s pending transactional events from Q [ ⊥ ]; If doomed [ i ], set spec out to R i ( x , v ) or W i ( x , v ); Perform any admissible interchange on Q [ ⊥ ]; Append ⊲ i (“almost commit”) to Q [ ⊥ ]; If i ’s pending transaction is consistent and in the head of the queue, remove it and update spec mem [ ◮ i ] Cohen, Pnueli, Zuck (NYU) Verification of Transactional Memory TRANSACT 2008 11 / 17

  16. Example Cohen, Pnueli, Zuck (NYU) Verification of Transactional Memory TRANSACT 2008 12 / 17

  17. Example Cohen, Pnueli, Zuck (NYU) Verification of Transactional Memory TRANSACT 2008 12 / 17

  18. Example Cohen, Pnueli, Zuck (NYU) Verification of Transactional Memory TRANSACT 2008 12 / 17

  19. Proving Refinement Both specification and implementation are given as (fair) state machines; They both have an output that displays the most recent (req, res) pair (or ⊥ is there is none). The sequence of non- ⊥ values should be equal; Each step of the implementation is simulated by one or more step of the specifications; Each fair computation of the implementation should map to a fair computation of the specifications; Cohen, Pnueli, Zuck (NYU) Verification of Transactional Memory TRANSACT 2008 13 / 17

  20. Proving Refinement Both specification and implementation are given as (fair) state machines; They both have an output that displays the most recent (req, res) pair (or ⊥ is there is none). The sequence of non- ⊥ values should be equal; Each step of the implementation is simulated by one or more step of the specifications; Each fair computation of the implementation should map to a fair computation of the specifications; The proof rule calls for a refinement mapping R between states of the two systems, and proves fair simulation between the two systems (similar to [AL]) Cohen, Pnueli, Zuck (NYU) Verification of Transactional Memory TRANSACT 2008 13 / 17

  21. Proving Refinement Both specification and implementation are given as (fair) state machines; They both have an output that displays the most recent (req, res) pair (or ⊥ is there is none). The sequence of non- ⊥ values should be equal; Each step of the implementation is simulated by one or more step of the specifications; Each fair computation of the implementation should map to a fair computation of the specifications; The proof rule calls for a refinement mapping R between states of the two systems, and proves fair simulation between the two systems (similar to [AL]) Soundness proven by TlPvs Cohen, Pnueli, Zuck (NYU) Verification of Transactional Memory TRANSACT 2008 13 / 17

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Extending Hardware Transactional Memory to Support Non-busy Waiting and Non-transactional Actions

Extending Hardware Transactional Memory to Support Non-busy Waiting and Non-transactional Actions

Extending Hardware Transactional Memory to Support Non-busy Waiting and Non-transactional Actions Craig Zilles and Lee Baugh University of Illinois at Urbana-Champaign paper available at: http:/

453 views • 19 slides
Transactional Memories: a theoretical introduction Selim Arsever & Pascal Perez Shared

Transactional Memories: a theoretical introduction Selim Arsever & Pascal Perez Shared

Transactional Memories: a theoretical introduction Selim Arsever & Pascal Perez Shared Memory Problems M(w,r,v) := w(f).M<w,r,f> + r<v>.M<w,r,v> A(w,r) := w<v>.WORK.r(v').[v'=v].A A<w,r> | A<w,r> |

624 views • 40 slides
Dividing Transactional Memories by Zero Aleksandar Dragojevi Rachid Guerraoui Micha

Dividing Transactional Memories by Zero Aleksandar Dragojevi Rachid Guerraoui Micha

Dividing Transactional Memories by Zero Aleksandar Dragojevi Rachid Guerraoui Micha Kapaka EPFL, Switzerland Transact 2008 Micha Kapaka (EPFL) STMBench7 Transact 2008 1 / 20 A TM Story TM implementations evaluated with skip

485 views • 27 slides
Transactional Memory 1 To read more This days papers: Herlihy and Moss, Transactional

Transactional Memory 1 To read more This days papers: Herlihy and Moss, Transactional

Transactional Memory 1 To read more This days papers: Herlihy and Moss, Transactional Memory: Architectural Support for Lock-Free Data Structures McKenney et al, Why The Grass May Not Be Greener On The Other Side: A Comparison

719 views • 41 slides
Practical Verification of High-Level Dataraces in Transactional Memory Programs Vasco Pessanha

Practical Verification of High-Level Dataraces in Transactional Memory Programs Vasco Pessanha

Practical Verification of High-Level Dataraces in Transactional Memory Programs Vasco Pessanha (*) Ricardo J. Dias (*) Joo L Loureno (*) (*) Eitan Farchi (+) Diogo Sousa (*) (*) Universidade Nova de Lisboa (+) IBM Research Labs

318 views • 27 slides
Contents Transactional Messaging X/Open DTP Model Solutions for AMQP XA Support Dtx Class

Contents Transactional Messaging X/Open DTP Model Solutions for AMQP XA Support Dtx Class

Page 1 Need for easy and effective XA support Contents Transactional Messaging X/Open DTP Model Solutions for AMQP XA Support Dtx Class Observations Considerations Don't distribute without prior permission from AMQP Working Group Page 2

409 views • 21 slides
Preparing for Re-Verification Brief Mr. Terrence Moultrie Chief, Verification and Executive

Preparing for Re-Verification Brief Mr. Terrence Moultrie Chief, Verification and Executive

The Center for Verification and Evaluation (CVE) Preparing for Re-Verification Brief Mr. Terrence Moultrie Chief, Verification and Executive Support Services Agenda What is Re-Verification? o Simplified Reverification Program VIP

320 views • 21 slides
Transactional Memory: Architectural support for Lock-Free Data Structure Transactional Memory:

Transactional Memory: Architectural support for Lock-Free Data Structure Transactional Memory:

Transactional Memory: Architectural support for Lock-Free Data Structure Transactional Memory: Architectural Support for Lock-Free Data By Maurice Herlihy and J. Eliot B. Moss Structures 1993 By Maurice Herlihy and J Eliot B. Moss 1993

499 views • 19 slides
Transactional Locking II Nir Shavit, Dave Dice and Ori Shalev Scalable Synchronization Group

Transactional Locking II Nir Shavit, Dave Dice and Ori Shalev Scalable Synchronization Group

Transactional Locking II Nir Shavit, Dave Dice and Ori Shalev Scalable Synchronization Group Sun Labs Transactional Memory [HerlihyMoss93] 1993 Lock-free 1997 STM (Shavit,Touitou) Trans Support TM (Moir) The Brief History of STM 2003

682 views • 29 slides
Memories Introduction Why do we need memory in an FPGA Device? Topics Types of FPGA

Memories Introduction Why do we need memory in an FPGA Device? Topics Types of FPGA

Memories Introduction Why do we need memory in an FPGA Device? Topics Types of FPGA Memories Available Resources Realizing memories in an HDL design Applications Examples Extra: Memory Controller Block Memories

692 views • 10 slides
Real Time Embedded Systems " Memories Memories " rene.beuchat@epfl.ch LAP/ISIM/IC/EPFL

Real Time Embedded Systems " Memories Memories " rene.beuchat@epfl.ch LAP/ISIM/IC/EPFL

Real Time Embedded Systems " Memories Memories " rene.beuchat@epfl.ch LAP/ISIM/IC/EPFL Charg de cours LSN/hepia Prof. HES 1998-2008 R.Beuchat / Memories 2 General classification of electronic memories Non-volatile

1.13k views • 86 slides
Exploring Use-cases for Non-Volatile Memories in support of HPC Resilience Onkar Patil 1 , Saurabh

Exploring Use-cases for Non-Volatile Memories in support of HPC Resilience Onkar Patil 1 , Saurabh

Exploring Use-cases for Non-Volatile Memories in support of HPC Resilience Onkar Patil 1 , Saurabh Hukerikar 2 , Frank Mueller 1 , Christian Engelmann 2 1 Dept. of Computer Science, North Carolina State University 2 Computer Science and Mathematics

280 views • 13 slides
Evaluating the Impact of Transactional Characteristics on the Performance of Transactional Memory

Evaluating the Impact of Transactional Characteristics on the Performance of Transactional Memory

Introduction Methodology Performance Evaluation Conclusions References Evaluating the Impact of Transactional Characteristics on the Performance of Transactional Memory Applications 1 Fernando Rui, 2 Mrcio Castro, 1 Dalvan Griebler, 1 Luiz

370 views • 16 slides
A Suitcase full of memories: Exploring the meaning of tourism memories for people with dementia

A Suitcase full of memories: Exploring the meaning of tourism memories for people with dementia

A Suitcase full of memories: Exploring the meaning of tourism memories for people with dementia and their partners: reconnecting through the past. Jane Mullins (RGN, BN, PGCASR ) PhD Candidate School of Management Supervisors: Dr Diane

154 views • 14 slides
NON-BLOCKING DATA STRUCTURES AND TRANSACTIONAL MEMORY Tim Harris, 25 November 2016 Lecture 8

NON-BLOCKING DATA STRUCTURES AND TRANSACTIONAL MEMORY Tim Harris, 25 November 2016 Lecture 8

NON-BLOCKING DATA STRUCTURES AND TRANSACTIONAL MEMORY Tim Harris, 25 November 2016 Lecture 8 Problems with locks Atomic blocks and composition Hardware transactional memory Software transactional memory Transactional

1k views • 89 slides
NON-BLOCKING DATA STRUCTURES AND TRANSACTIONAL MEMORY Tim Harris, 27 November 2015 Lecture 8

NON-BLOCKING DATA STRUCTURES AND TRANSACTIONAL MEMORY Tim Harris, 27 November 2015 Lecture 8

NON-BLOCKING DATA STRUCTURES AND TRANSACTIONAL MEMORY Tim Harris, 27 November 2015 Lecture 8 Problems with locks Atomic blocks and composition Hardware transactional memory Software transactional memory Transactional

1.42k views • 93 slides
Securi rity P y Principles & & Sandboxes CS 161: Computer Security Prof. Raluca Ada

Securi rity P y Principles & & Sandboxes CS 161: Computer Security Prof. Raluca Ada

Securi rity P y Principles & & Sandboxes CS 161: Computer Security Prof. Raluca Ada Popa January 25, 2018 Some slides credit Nick Weaver or David Wagner. Announcements Homework 1 is out, due on Monday Midterm 1 date Feb 15,

557 views • 54 slides
From Recovering Time to Timing Recovery: Some Challenges for the TAU Community Andrew B. Kahng

From Recovering Time to Timing Recovery: Some Challenges for the TAU Community Andrew B. Kahng

From Recovering Time to Timing Recovery: Some Challenges for the TAU Community Andrew B. Kahng Depts. of CSE and ECE UC San Diego abk@ucsd.edu http://vlsicad.ucsd.edu/~abk TAU-2016 Keynote: In Search of Lost Time Recovering

946 views • 47 slides
Translating Open Source Apps Kukuh Syafaat openSUSE-ID cho2@opensuse.{org,id} openSUSE

Translating Open Source Apps Kukuh Syafaat openSUSE-ID cho2@opensuse.{org,id} openSUSE

Translating Open Source Apps Kukuh Syafaat openSUSE-ID cho2@opensuse.{org,id} openSUSE Virtual Summit 2020 Agenda l10n vs i18n Online vs Ofgline Translations Problems on Translations Tips l10n vs i18n l10n Localization

348 views • 33 slides
Deadlocks: Detection & Avoidance (Chapter 6) CS 4410 Operating Systems The slides are the

Deadlocks: Detection & Avoidance (Chapter 6) CS 4410 Operating Systems The slides are the

Deadlocks: Detection & Avoidance (Chapter 6) CS 4410 Operating Systems The slides are the product of many rounds of teaching CS 4410 by Professors Agarwal, Bracy, George, Sirer, and Van Renesse. System Model There are non-shared computer

611 views • 35 slides
Content, Topology and Cooperation in In-Network Caching Liang Wang Email:

Content, Topology and Cooperation in In-Network Caching Liang Wang Email:

Content, Topology and Cooperation in In-Network Caching Liang Wang Email: liang.wang@cs.helsinki.fi Department of Computer Science University of Helsinki, Finland HELSINGIN YLIOPISTO HELSINGFORS UNIVERSITET 1 UNIVERSITY OF HELSINKI

558 views • 26 slides
Kevin Stadmeyer Garrett Held Worst of the Best of the Best Agenda Motives Goals

Kevin Stadmeyer Garrett Held Worst of the Best of the Best Agenda Motives Goals

Kevin Stadmeyer Garrett Held Worst of the Best of the Best Agenda Motives Goals Awards Overview Example of Serious Flaws in the System Lies, Damned Lies, and Awards What Awards Really Mean Better Ways Motives and Goals

288 views • 26 slides
Making Immigration Law and Policy in a Time of Lawlessness Wayne Cornelius Constitution Day

Making Immigration Law and Policy in a Time of Lawlessness Wayne Cornelius Constitution Day

Making Immigration Law and Policy in a Time of Lawlessness Wayne Cornelius Constitution Day Lecture The College of Wooster September 17, 2019 Asylum-seekers who have turned themselves in being taken to a Border Patrol processing center

499 views • 26 slides
Privacy concerns of implicit secondary factors for web authentication Joseph Bonneau Stuart

Privacy concerns of implicit secondary factors for web authentication Joseph Bonneau Stuart

Privacy concerns of implicit secondary factors for web authentication Joseph Bonneau Stuart Schechter Edward Felten Microsoft Research Prateek Mittal Arvind Narayanan Princeton University WAY Workshop 2014 Passwords +... Behavioral/soft

524 views • 14 slides

More recommend