Verifying Safety and Accuracy of Approximate Parallel Programs via - - PowerPoint PPT Presentation

verifying safety and accuracy of approximate parallel
SMART_READER_LITE
LIVE PREVIEW

Verifying Safety and Accuracy of Approximate Parallel Programs via - - PowerPoint PPT Presentation

Feb 05, 2024 35 likes •666 views

Verifying Safety and Accuracy of Approximate Parallel Programs via Canonical Sequentialization Vimuth Fernando , Keyur Joshi, Sasa Misailovic University of Illinois at Urbana-Champaign CCF-1629431 CCF-1703637 CCF-1846354 Compression

slide-1
SLIDE 1

Verifying Safety and Accuracy of Approximate Parallel Programs via Canonical Sequentialization

Vimuth Fernando, Keyur Joshi, Sasa Misailovic University of Illinois at Urbana-Champaign

CCF-1629431 CCF-1703637 CCF-1846354

slide-2
SLIDE 2
slide-3
SLIDE 3
slide-4
SLIDE 4
slide-5
SLIDE 5
slide-6
SLIDE 6

Compression

slide-7
SLIDE 7

Compression Skip communication

slide-8
SLIDE 8

Compression Skip communication Low energy (noisy)

slide-9
SLIDE 9

How safe is the program?

Approximate program should not crash, get stuck, or produce unacceptable results

How accurate are the results?

Approximate program should produce results with acceptable accuracy/ reliability

slide-10
SLIDE 10
  • Types – Non-interference of approximate and

precise data [Sampson et al. 2011]

  • Relative safety - Transfer reasoning about
  • riginal program to approximate programs

[Carbin et al. 2012]

  • Reliability - probability of getting the correct

result [Carbin et al. 2013]

  • Accuracy – combines reliability with distance

from correct result [Misailovic et al. 2014] Safety after approximations Accuracy after approximations

slide-11
SLIDE 11
slide-12
SLIDE 12
slide-13
SLIDE 13
slide-14
SLIDE 14

How do we proceed?

  • Completely new versions of

all analyses?

  • Types – Non-interference of approximate and

precise data [Sampson et al. 2011]

  • Relative safety - Transfer reasoning about
  • riginal program to approximate programs

[Carbin et al. 2012]

  • Reliability - probability of getting the correct

result [Carbin et al. 2013]

  • Accuracy – combines reliability with distance

from correct result [Misailovic et al. 2014]

slide-15
SLIDE 15

Existing Sequential Analysis Approximate Parallel Program

slide-16
SLIDE 16

Canonical Sequentialization Approximate Parallel Program Approximate Sequential Program Existing Sequential Analysis

slide-17
SLIDE 17

Existing Sequential Analysis Approximate Parallel Program Approximate Sequential Program

How do we express parallel approximations? How to enforce and verify safety/accuracy properties? Under what conditions will the existing analyses apply?

slide-18
SLIDE 18

Parallely!

Language with support for modeling parallel approximations

  • Software-level approximation
  • Environment-level noise

Verification of safety and accuracy using canonical sequentialization

  • Type-safety (Non-Interference)
  • Deadlock-freeness
  • Relative safety
  • Reliability
  • Accuracy
  • And more
slide-19
SLIDE 19

Programs in Parallely

Asynchronous distributed message passing processes Two types of data : precise and approx. Communicates through typed channels

send(1, precise int, input)

0:

  • ut = receive(1, approx int)

1 :

a = receive(0, precise int) send(0, approx int, result) result = computation(a)

||

slide-20
SLIDE 20

Programs in Parallely

send(1, precise int, input)

0:

  • ut = receive(1, approx int)

1 :

a = receive(0, precise int) send(0, approx int, result) result = computation(a)

||

slide-21
SLIDE 21

Programs in Parallely

Two processes

send(1, precise int, input)

0:

  • ut = receive(1, approx int)

1 :

a = receive(0, precise int) send(0, approx int, result) result = computation(a)

||

slide-22
SLIDE 22

Programs in Parallely

Parallel

send(1, precise int, input)

0:

  • ut = receive(1, approx int)

1 :

a = receive(0, precise int) send(0, approx int, result) result = computation(a)

||

slide-23
SLIDE 23

send(1, precise int, input)

0:

  • ut = receive(1, approx int)

1 :

a = receive(0, precise int) send(0, approx int, result) result = computation(a)

||

Programs in Parallely

slide-24
SLIDE 24

ෑ 𝑟: 𝑅: a = receive(0, precise int) send(0, precise int, result) result = computation(a) for q in Q: send(q, precise int, input) 0: for q in Q:

  • ut[q] = receive(q, precise int)

||

Symmetric Process Groups

Group of processes Iteration over a group of processes

slide-25
SLIDE 25

Symmetric Non-determinism All receive statements have a unique matching send statement

[Bakst et al. OOPSLA 2017]

slide-26
SLIDE 26

ෑ 𝑟: 𝑅: a = receive(0, precise int) send(0, precise int, result) result = computation(a) for q in Q: send(q, precise int, input) 0: for q in Q:

  • ut[q] = receive(q, precise int)

||

Map-Reduce Pattern

slide-27
SLIDE 27

Communication Patterns easily expressible in Parallely

Scatter/Gather Map Reduce Stencil Scan Partition Covers all the patterns in [M. Samadi, D. A. Jamshidi, J. Lee, and S. Mahlke. 2014. Paraprox: Pattern-based Approximation for Data Parallel Applications. In ASPLOS. ​]

slide-28
SLIDE 28

Approximation Primitives– Probabilistic Choice

input = val [p] randVal() p 1 - p input val input randVal()

slide-29
SLIDE 29

Approximation Primitives– Probabilistic Choice

  • Low energy channels that may corrupt the data being transmitted

send(1, approx int, input) 0: || 1 : a = receive(0, approx int) input = val [p] randVal() input = val [p] randVal()

slide-30
SLIDE 30

Approximation Primitives- Precision Conversion

  • Casting to reducing the precision of data that has primitive numeric

types

  • Communicate in low precision

send(1, approx float32, sVal)

0: || 1 :

tmp = receive(0, approx float32) sVal = (approx float32) val a = (approx float64) tmp sVal = (approx float32) val

slide-31
SLIDE 31

Approximation Primitives – Conditional Communication

0: cond-send(condition, 1, approx int, data) 1: flag, a = cond-receive(0, approx int)

condition = True condition = False

flag True a data flag False a a

slide-32
SLIDE 32

Approximation Primitives – Conditional Communication

  • Skip sending some data

cond-send(skip, 1, approx int, data)

0: || 1 : flag, a = cond-receive(0, approx int)

skip = 1 [0.99] 0

0: cond-send(condition, 1, approx int, data) 1: flag, a = cond-receive(0, approx int)

slide-33
SLIDE 33

What approximations can be modelled with Parallely

  • Failing tasks

– probabilistic-choice + conditional communication

  • Noisy channel

– probabilistic-choice

  • Precision reduction

– casting

  • Memoization

– probabilistic-choice + conditional communication

  • Approximate reduce

– probabilistic-choice + conditional communication

  • Loop perforation

– probabilistic-choice

slide-34
SLIDE 34

Canonical Sequentialization Approximate Parallel Program Approximate Sequential Program Existing Sequential Analysis

How do we analyze Parallely programs?

slide-35
SLIDE 35

Canonical Sequentialization (Bakst et al. OOPSLA 2017)

Generate an equivalent sequential program using rewriting

Probabilistic choice x = y [p] z Casting x = (float32) y Conditional Communication cond-send(b, tid, type, val)

Works for programs with symmetric nondeterminism We show how sequentialization works for

slide-36
SLIDE 36

𝑄 𝑄

1

Parallel program

Sequentialization through rewrites ||

seq 𝑄

1

|| ;

𝑄

Sequential prefix Remaining parallel program

slide-37
SLIDE 37

𝑄

Parallel program

Sequentialization through rewrites ||

seq

|| ; || ; ;

𝑄

1

𝑄

1

𝑄 𝑄 𝑄

1

slide-38
SLIDE 38

𝑄

Parallel program

Sequentialization through rewrites ||

seq 𝑄 𝑄

1

|| ; || ; ; ; ; ; *

𝑄 𝑄

1

𝑄

1

slide-39
SLIDE 39

Generating a Canonical Sequentialization

send(1, precise int, input) 0: || 1 : a = receive(0, precise int) a = input cond-send(cond, 0, precise int, result) pass, out = cond-receive(1, precise int) result = computation(a) result = computation(a)

  • ut = cond ? result : out

cond = 1 [0.99] 0 cond = 1 [0.99] 0 pass = cond input = readData() input = readData()

slide-40
SLIDE 40

1 2

Parallel program

Rewrite Soundness – Intuition ||

𝑄 𝑄

1

S

||

slide-41
SLIDE 41

𝑄 𝑄

1

Parallel program

S

Rewrite Soundness – Intuition ||

* State

slide-42
SLIDE 42

𝑄 𝑄

1

Parallel program

S

Rewrite Soundness – Intuition ||

* * State State’

slide-43
SLIDE 43

𝑄 𝑄

1

Parallel program

S

Rewrite Soundness – Intuition

For halted processes

||

* * State State’

slide-44
SLIDE 44
  • Set of type rules that block explicit and implicit flows in each

individual process

Non-Interference

approx precise precise approx 0:

send(1, approx int, result)

1 :

  • ut = receive(0, precise int)

||

  • Typed channels and sequentialization detects illegal flows across

process boundaries

slide-45
SLIDE 45

𝑄 𝑄

1

Parallel program

Relative Safety ||

𝑄

𝐵

𝑄

1 𝐵

||

Approximate Parallel program

If the original program satisfies a property, then the transformed program also satisfies that property

slide-46
SLIDE 46

𝑄 𝑄

1

Parallel program

𝑇

Relative Safety ||

𝑄

𝐵

𝑄

1 𝐵

𝑇𝐵

||

Approximate Parallel program We can use the sequentialized programs to prove relative safety for process local safety property

slide-47
SLIDE 47

There is a canonical sequentialization Non-interference Program type checks No Deadlocks Relative safety

(Bakst et al. OOPSLA 2017)

slide-48
SLIDE 48

Reliability/Accuracy analysis

Reliability – Probability that an approximate execution produces the same result as an exact one Accuracy – Probability that an approximate execution produces a result close to an exact one

slide-49
SLIDE 49

Reliability/Accuracy analysis

1 2

Parallel program

S

||

Sequential Analysis

slide-50
SLIDE 50

Reliability/Accuracy analysis

1 2

Parallel program

S

||

Sequential Analysis

slide-51
SLIDE 51

Rewrite Equivalence

p p

𝑄 𝑄

1

Parallel program

S

||

Final State

slide-52
SLIDE 52

𝑄 𝑄

1

Parallel program

S

Rewrite Soundness

For halted processes

||

* * Final State Final State’

slide-53
SLIDE 53

Rewrite Equivalence

For halted processes * *

𝑄 𝑄

1

Parallel program

S

||

Final State Final State’

slide-54
SLIDE 54

Rewrite Equivalence

For halted processes p p * *

𝑄 𝑄

1

Parallel program

S

||

Final State Final State’

slide-55
SLIDE 55

Rewrite Equivalence

p p

𝑄 𝑄

1

Parallel program

S

||

Final State * *

slide-56
SLIDE 56

input = readData() a = input result = computation(a)

  • ut = pass? result : out

cond = 1 [0.9999] 0 pass = cond

Reliability Analysis (Rely – Carbin et al. 2013)

slide-57
SLIDE 57

input = readData()

Reliability Analysis

send(1, precise int, input) 0: || 1 : a = receive(0, precise int) a = input cond-send(cond, 0, precise int, result) pass, out = cond-receive(1, precise int) result = computation(a) result = computation(a)

  • ut = pass? result : out

cond = 1 [p] 0 cond = 1 [0.9999] 0 pass = cond input = readData()

slide-58
SLIDE 58

There is a canonical sequentialization Non-interference Program type checks Reliability and accuracy analysis on the sequential program valid on the parallel No Deadlocks Relative safety

slide-59
SLIDE 59

Evaluation - Benchmarks

Benchmark Parallel Pattern Approximation PageRank Map Failing Tasks Scale Map Failing Tasks Blackscholes Map Noisy Channel SSSP Scatter-Gather Noisy Channel BFS Scatter-Gather Noisy Channel SOR Stencil Precision Reduction Motion Map/Reduce Approximate Reduce Sobel Stencil Precision Reduction

slide-60
SLIDE 60

Benchmarks – Verification Time

Benchmark Approximation Property Time Type + Seq Rel / Acc PageRank Failing Tasks Safety + Reliability (0.99) 1.8s 168s Scale Failing Tasks Safety + Reliability (0.99) 6.5s 7.4s Blackscholes Noisy Channel Safety + Reliability (0.99) 0.2s 12s SSSP Noisy Channel Safety + Reliability (0.99) 9.6s 9.6s BFS Noisy Channel Safety + Reliability (0.99) 8.9s 9.2s SOR Precision Reduction Safety + Accuracy bound (10-6) 8.3s 53s Motion Approx Reduce Safety 3.9s

  • Sobel

Precision Reduction Safety + Accuracy bound (10-6) 0.2s 72s

slide-61
SLIDE 61

Also in the paper

  • Evaluation of the benefits of approximations
  • Type System and Proof for non-interference
  • Soundness Proofs for reliability and accuracy analysis
slide-62
SLIDE 62

New Directions

  • Generalizing to verification of other properties – fairness
  • Dynamic analysis – proving correctness of runtime systems
  • Other parallel models – shared memory, etc
slide-63
SLIDE 63

Takeaways

  • Parallely is a language that can express many common approximation

patterns through three simple approximation primitives

  • Parallely leverages canonical sequentialization to extend many

existing and future analyses from sequential to parallel programs

  • Efficiently verifies safety and accuracy of 8 kernels and 8 popular

approximate computing benchmarks