© 2007 GrammaTech, Inc. All rights reserved GrammaTech, Inc. 317 N Aurora St. Ithaca, NY 14850 Tel: 607-273-7340 Verifying.

Slides:

Advertisements

Similar presentations

1 Verification by Model Checking. 2 Part 1 : Motivation.

Advertisements

Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.

Bounded Model Checking of Concurrent Data Types on Relaxed Memory Models: A Case Study Sebastian Burckhardt Rajeev Alur Milo M. K. Martin Department of.

1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.

Architecture-aware Analysis of Concurrent Software Rajeev Alur University of Pennsylvania Amir Pnueli Memorial Symposium New York University, May 2010.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Precision Timed Embedded Systems Using TickPAD Memory Matthew M Y Kuo* Partha S Roop* Sidharta Andalam † Nitish Patel* *University of Auckland, New Zealand.

Race Directed Random Testing of Concurrent Programs KOUSHIK SEN - UNIVERSITY OF CALIFORNIA, BERKELEY PRESENTED BY – ARTHUR KIYANOVSKI – TECHNION, ISRAEL.

D u k e S y s t e m s Time, clocks, and consistency and the JMM Jeff Chase Duke University.

Chapter 6: Process Synchronization

Overview Motivations Basic static and dynamic optimization methods ADAPT Dynamo.

Iterative Context Bounding for Systematic Testing of Multithreaded Programs Madan Musuvathi Shaz Qadeer Microsoft Research.

Prof. Srinidhi Varadarajan Director Center for High-End Computing Systems.

Parallelizing Audio Feature Extraction Using an Automatically-Partitioned Streaming Dataflow Language Eric Battenberg Mark Murphy CS 267, Spring 2008.

The Path to Multi-core Tools Paul Petersen. Multi-coreToolsThePathTo 2 Outline Motivation Where are we now What is easy to do next What is missing.

Atomicity in Multi-Threaded Programs Prachi Tiwari University of California, Santa Cruz CMPS 203 Programming Languages, Fall 2004.

Dependable computing needs pervasive debugging Tim Harris

Concurrency and Software Transactional Memories Satnam Singh, Microsoft Faculty Summit 2005.

12/1/2005Comp 120 Fall December Three Classes to Go! Questions? Multiprocessors and Parallel Computers –Slides stolen from Leonard McMillan.

Memory Model Safety of Programs Sebastian Burckhardt Madanlal Musuvathi Microsoft Research EC^2, July 7, 2008.

Utah Verifier Group Research Overview Robert Palmer.

Topic ? Course Overview. Guidelines Questions are rated by stars –One Star Question  Easy. Small definition, examples or generic formulas –Two Stars.

Scalable and Flexible Static Analysis of Flight-Critical Software Guillaume P. Brat Arnaud J. Venet Carnegie.

Why The Grass May Not Be Greener On The Other Side: A Comparison of Locking vs. Transactional Memory Written by: Paul E. McKenney Jonathan Walpole Maged.

SUPPORTING LOCK-FREE COMPOSITION OF CONCURRENT DATA OBJECTS Daniel Cederman and Philippas Tsigas.

Memory Consistency Models Some material borrowed from Sarita Adve’s (UIUC) tutorial on memory consistency models.

CS527: (Advanced) Topics in Software Engineering Overview of Software Quality Assurance Tao Xie ©D. Marinov, T. Xie.

Secure Embedded Processing through Hardware-assisted Run-time Monitoring Zubin Kumar.

Computer System Architectures Computer System Software

Parallel Programming Philippas Tsigas Chalmers University of Technology Computer Science and Engineering Department © Philippas Tsigas.

Parallel and Distributed Computing in Model Checking Diana DUBU (UVT) Dana PETCU (IeAT, UVT)

B. Fernández, D. Darvas, E. Blanco Formal methods appliedto PLC code verification Automation seminar CERN – IFAC (CEA) 02/06/2014.

Art of Multiprocessor Programming 1 Programming Paradigms for Concurrency Pavol Černý, Vasu Singh, Thomas Wies.

Functional Verification Figure 1.1 p 6 Detection of errors in the design Before fab for design errors, after fab for physical errors.

A Consistency Framework for Iteration Operations in Concurrent Data Structures Yiannis Nikolakopoulos A. Gidenstam M. Papatriantafilou P. Tsigas Distributed.

Foundations of the C++ Concurrency Memory Model Hans-J. Boehm Sarita V. Adve HP Laboratories UIUC.

Programming Paradigms for Concurrency Pavol Cerny Vasu Singh Thomas Wies Part III – Message Passing Concurrency.

Maged M.Michael Michael L.Scott Department of Computer Science Univeristy of Rochester Presented by: Jun Miao.

© 2013 GrammaTech, Inc. All rights reserved GrammaTech, Inc. 531 Esty Street Ithaca, NY Tel: Code Awareness.

Page 1 5/2/2007  Kestrel Technology LLC A Tutorial on Abstract Interpretation as the Theoretical Foundation of CodeHawk  Arnaud Venet Kestrel Technology.

Shared Memory Consistency Models. SMP systems support shared memory abstraction: all processors see the whole memory and can perform memory operations.

Memory Consistency Models. Outline Review of multi-threaded program execution on uniprocessor Need for memory consistency models Sequential consistency.

CS 295 – Memory Models Harry Xu Oct 1, Multi-core Architecture Core-local L1 cache L2 cache shared by cores in a processor All processors share.

Programmability Hiroshi Nakashima Thomas Sterling.

CS527 Topics in Software Engineering (Software Testing and Analysis) Darko Marinov August 30, 2011.

ICFEM 2002, Shanghai Reasoning about Hardware and Software Memory Models Abhik Roychoudhury School of Computing National University of Singapore.

Grigore Rosu Founder, President and CEO Professor of Computer Science, University of Illinois

FORMAL METHOD. Formal Method Formal methods are system design techniques that use rigorously specified mathematical models to build software and hardware.

Specifying Multithreaded Java semantics for Program Verification Abhik Roychoudhury National University of Singapore (Joint work with Tulika Mitra)

A Calculus of Atomic Actions Tayfun Elmas, Shaz Qadeer and Serdar Tasiran POPL ‘ – Seminar in Distributed Algorithms Cynthia Disenfeld 27/05/2013.

September 1999Compaq Computer CorporationSlide 1 of 16 Verification of cache-coherence protocols with TLA+ Homayoon Akhiani, Damien Doligez, Paul Harter,

SystemC Semantics by Actors and Reduction Techniques in Model Checking Marjan Sirjani Formal Methods Lab, ECE Dept. University of Tehran, Iran MoCC 2008.

Gauss Students’ Views on Multicore Processors Group members: Yu Yang (presenter), Xiaofang Chen, Subodh Sharma, Sarvani Vakkalanka, Anh Vo, Michael DeLisi,

Parallel Computing Presented by Justin Reschke

Testing Concurrent Programs Sri Teja Basava Arpit Sud CSCI 5535: Fundamentals of Programming Languages University of Colorado at Boulder Spring 2010.

Speculative Lock Elision

Process Synchronization

Threads Cannot Be Implemented As a Library

Effective Data-Race Detection for the Kernel

Chapter 5: Process Synchronization

runtime verification Brief Overview Grigore Rosu

Specifying Multithreaded Java semantics for Program Verification

EE 193: Parallel Computing

Hardware Multithreading

Software analysis SET seminar.

Module 7a: Classic Synchronization

Critical section problem

Background and Motivation

Concurrency: Mutual Exclusion and Process Synchronization

CS 144 Advanced C++ Programming May 7 Class Meeting

Presentation transcript:

© 2007 GrammaTech, Inc. All rights reserved GrammaTech, Inc. 317 N Aurora St. Ithaca, NY Tel: Verifying Software for Multi-core Systems Presented by: Michael McDougall

Motivation Old: software got faster as hardware improved New: must parallelize software to benefit Challenges: ›Concurrency bugs subtle, hard to diagnose ›Verification hard for concurrent systems ›Multi-core less forgiving Parallelization must be fine grained Shared memory behaves in odd ways DARPA project: ›Flag bugs in lock-free algorithms

GrammaTech, Inc. ~25 people, including 10 phds Founded by Tim Teitelbaum (Cornell) and Tom Reps (Wisconsin) Locations: Ithaca NY, San Jose CA, Madison WI, Rochester NY Expertise: software analysis (static & dynamic) of source and binary Applications: ›Software assurance (correctness, bug finding, malware detection) ›Software re-writing (legacy software, anti-reverse-engineering) Research projects: NASA, Army, AF, Navy, OSD, NSF Products: ›CodeSonar: bug finding for C/C++/Ada ›CodeSurfer: program understanding + analysis library Customers: 150+ ›Lockheed Martin, FDA, Qualcomm, LG Electronics, NASA

Focusing on Formal Verification This talk focuses on verification by automatic analysis of software ›Ideally, exhaustive exploration of software behavior without running the software ›In practice, partial exploration that complements other verification methods Not covering ›Traditional testing ›System testing ›Inspections/audits ›..though formal verification techniques can be applied there too

Software Analysis Overview Rigorous Complete Exhaustive Easy to apply Fast Scalable Model checkers Proof of correctness DARPA project Bug finders Detect buffer overflows,NPD False positives/negatives Product: CodeSonar Can give to engineering team Requires special expertise Enforce Best practices NASA/JPL SBIR Phase II

Sequential Code Want to consider all inputs Step 1 Step 2 Step … Step 1 Step 2 Step Step 1 Step 2 Step 3

Why concurrency is hard Concurrent code: want to consider all inputs +all interleavings Extra burden for the writer & the verifier Step 1 Step 2 Step 3 Step 1 Step 2 Step Step 1 Step 2 Step 3 Step 1 Step 2 Step Step 1 Step 2 Step 3 Step 1 Step 2 Step 3

Multi-core verification inherits a lot Verification community has long focused on concurrency problems ›Classical problems: dining philosophers ›Protocol verification ›Cache-coherence Multi-core verification inherits long list of tricks/techniques ›Partial-order reduction ›Exploiting symmetry In State In Threads

What’s new with multi-core? Urgency ›Software developers have no choice now ›Performance has to come from keeping more cores busy Focus on performance / ease of porting ›Shared memory more important than message passing Game developers hitting this already ›Sony Playstation 3 : 8 cores ›Tom Leonard, VALVE: High-level concurrency primitives too slow –Mutex, semaphores, etc Extensive reliance on lock-free algorithms

Bridging the Gap Single-core application Multi-core application Slow Correct Lock-free synchronization Model checking for multi-core

Lock-Free Algorithms Queue data structure Synchronization data structures (locks, semaphores) Compare-and-swap instructions Traditional Concurrent Queue Queue data structure Compare-and-swap instructions Lock-free Concurrent Queue 4 4 4

Relaxed Memory Models Multicore systems do not respect sequential consistency ?? 4 4

Consequences Relaxed memory models ›“Proven” algorithms fail on multi-core system ›Impact not well understood Generally ›Multi-threaded code works on single core, but not multi-core ›Multi-core parallelism much finer grain ›Multi-threaded code works faster on quad core when you turn 3 cores off Safer (& sometimes faster) to turn cores off

GrammaTech’s DARPA project Lock-free data structure + harness Serial model All possible serial executions Relaxed memory model All possible relaxed executions All possible serial executions All possible relaxed executions SMT Solver Equal: OK Not equal: counterexample

Enforce Best practices NASA/JPL SBIR Phase II Bug finders Detect buffer overflows,NPD False positives/negatives Product: CodeSonar Software Analysis: What is needed Rigorous Complete Exhaustive Easy to apply Fast Scalable Model checkers Proof of correctness DARPA project Make aware of concurrency, with minimal impact on scalability What are the best practices for multicore? New languages, abstractions, memory models that help verification Better understanding of multi-core- specific issues

Conclusion Verification for multi-core inherits from long tradition of concurrent verification These techniques need to be adapted for the concrete problems of multi-core ›Tight coupling of CPUs ›High-performance use of shared memory ›Discrepancy between source POV and memory op POV not well understood

The End Acknowledgements: ›Thomas Reps (GrammaTech + U Wisconsin) ›Sebastian Burckhardt (Microsoft Research) Questions?