Verification of obstruction-free algorithm with contention management Niloufar Shafiei.

Slides:



Advertisements
Similar presentations
Chapter 22 Implementing lists: linked implementations.
Advertisements

Automatic Verification Book: Chapter 6. How can we check the model? The model is a graph. The specification should refer the the graph representation.
Uninformed search strategies
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
Partial Order Reduction: Main Idea
A Program Transformation For Faster Goal-Directed Search Akash Lal, Shaz Qadeer Microsoft Research.
1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
Carnegie Mellon University Java PathFinder and Model Checking of Programs Guillaume Brat, Dimitra Giannakopoulou, Klaus Havelund, Mike Lowry, Phil Oh,
CSC Multiprocessor Programming, Spring, 2011 Outline for Chapters 15, 16 & Appendix A, Week 3, Dr. Dale E. Parson.
Scalable Synchronous Queues By William N. Scherer III, Doug Lea, and Michael L. Scott Presented by Ran Isenberg.
CS 267: Automated Verification Lecture 10: Nested Depth First Search, Counter- Example Generation Revisited, Bit-State Hashing, On-The-Fly Model Checking.
Chapter 6 Process Synchronization: Part 2. Problems with Semaphores Correct use of semaphore operations may not be easy: –Suppose semaphore variable called.
Atomicity in Multi-Threaded Programs Prachi Tiwari University of California, Santa Cruz CMPS 203 Programming Languages, Fall 2004.
CS533 Concepts of Operating Systems Class 5 Integrated Task and Stack Management.
Threading Part 2 CS221 – 4/22/09. Where We Left Off Simple Threads Program: – Start a worker thread from the Main thread – Worker thread prints messages.
© Andy Wellings, 2004 Roadmap  Introduction  Concurrent Programming  Communication and Synchronization  Completing the Java Model  Overview of the.
C. FlanaganSAS’04: Type Inference Against Races1 Type Inference Against Races Cormac Flanagan UC Santa Cruz Stephen N. Freund Williams College.
© 2006 Pearson Addison-Wesley. All rights reserved7A-1 Chapter 7 Stacks.
1 Eran Yahav and Mooly Sagiv School of Computer Science Tel-Aviv University Verifying Safety Properties.
Language Support for Lightweight transactions Tim Harris & Keir Fraser Presented by Narayanan Sundaram 04/28/2008.
1 Sharing Objects – Ch. 3 Visibility What is the source of the issue? Volatile Dekker’s algorithm Publication and Escape Thread Confinement Immutability.
Efficient Software Model Checking of Data Structure Properties Paul T. Darga Chandrasekhar Boyapati The University of Michigan.
Software Transaction Memory for Dynamic-Sized Data Structures presented by: Mark Schall.
The Model Checker SPIN Written by Gerard J. Holzmann Presented by Chris Jensen.
Cormac Flanagan UC Santa Cruz Velodrome: A Sound and Complete Dynamic Atomicity Checker for Multithreaded Programs Jaeheon Yi UC Santa Cruz Stephen Freund.
C. FlanaganType Systems for Multithreaded Software1 Cormac Flanagan UC Santa Cruz Stephen N. Freund Williams College Shaz Qadeer Microsoft Research.
Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Principles of Parallel Programming First Edition by Calvin Lin Lawrence Snyder.
Wishnu Prasetya Model Checking with SPIN A Bit More about SPIN.
Lecture 2 Foundations and Definitions Processes/Threads.
Practical OOP using Java Basis Faqueer Tanvir Ahmed, 08 Jan 2012.
1 CS 430 Database Theory Winter 2005 Lecture 16: Inside a DBMS.
MODEL CHECKING WITH SPIN MODELING AND VERIFICATION WITH SPIN ANDREA ORLANDINI – ISTC (CNR) TexPoint fonts used in EMF. Read the TexPoint manual before.
Colorama: Architectural Support for Data-Centric Synchronization Luis Ceze, Pablo Montesinos, Christoph von Praun, and Josep Torrellas, HPCA 2007 Shimin.
Operating Systems ECE344 Ashvin Goel ECE University of Toronto Mutual Exclusion.
Model construction and verification for dynamic programming languages Radu Iosif
An extensible and highly-modular model checking framework SAnToS Laboratory, Kansas State University, USA Matt Dwyer.
1 Contention Management and Obstruction-free Algorithms Niloufar Shafiei.
1 Lock-Free concurrent algorithm for Linked lists: Verification CSE-COSC6490A : Concurrent Object-Oriented Languages York University - W09 Speaker: Alexandre.
Model Checking Java Programs using Structural Heuristics
Symbolic Execution with Abstract Subsumption Checking Saswat Anand College of Computing, Georgia Institute of Technology Corina Păsăreanu QSS, NASA Ames.
Adapting Side-Effects Analysis for Modular Program Model Checking M.S. Defense Oksana Tkachuk Major Professor: Matthew Dwyer Support US National Science.
Automated and Modular Refinement Reasoning for Concurrent Programs Shaz Qadeer.
Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Concurrency & Dynamic Programming.
CAPP: Change-Aware Preemption Prioritization Vilas Jagannath, Qingzhou Luo, Darko Marinov Sep 6 th 2011.
November 27, 2007 Verification of a Concurrent Priority Queue Bart Verzijlenberg.
CIS 720 Lecture 5. Techniques to avoid interference Disjoint variables –If the write set of each process is disjoint from the read and write set of other.
/ PSWLAB Thread Modular Model Checking by Cormac Flanagan and Shaz Qadeer (published in Spin’03) Hong,Shin Thread Modular Model.
1 1 Nastaran Shafiei VERIFICATION OF A NON-BLOCKING ARRAY-BASED QUEUE ALGORITHM.
Specifying Multithreaded Java semantics for Program Verification Abhik Roychoudhury National University of Singapore (Joint work with Tulika Mitra)
Week 9, Class 3: Java’s Happens-Before Memory Model (Slides used and skipped in class) SE-2811 Slide design: Dr. Mark L. Hornick Content: Dr. Hornick Errors:
A Calculus of Atomic Actions Tayfun Elmas, Shaz Qadeer and Serdar Tasiran POPL ‘ – Seminar in Distributed Algorithms Cynthia Disenfeld 27/05/2013.
Parallel Computation of Skyline Queries Verification COSC6490A Fall 2007 Slawomir Kmiec.
Gauss Students’ Views on Multicore Processors Group members: Yu Yang (presenter), Xiaofang Chen, Subodh Sharma, Sarvani Vakkalanka, Anh Vo, Michael DeLisi,
Agenda  Quick Review  Finish Introduction  Java Threads.
Symbolic Model Checking of Software Nishant Sinha with Edmund Clarke, Flavio Lerda, Michael Theobald Carnegie Mellon University.
PROCESS MANAGEMENT IN MACH
Model Checking Java Programs (Java PathFinder)
Specifying Multithreaded Java semantics for Program Verification
Atomicity in Multithreaded Software
Over-Approximating Boolean Programs with Unbounded Thread Creation
Synchronization Issues
COMS Prelim 1 Review Session
Scalable lock-free Stack Algorithm
Implementations of obstruction-free algorithms with contention management Niloufar Shafiei.
CIS 720 Lecture 5.
Foundations and Definitions
Distributed Dynamic Channel Allocation in Wireless Network
Synchronization and liveness
Presentation transcript:

Verification of obstruction-free algorithm with contention management Niloufar Shafiei

2 Agenda  The algorithm  Correctness condition for shared objects  Java PathFinder  Verification challenges  Verification  Summary  The algorithm  Correctness condition for shared objects  Java PathFinder  Verification challenges  Verification  Summary

3 The algorithm  Obstruction-free deque algorithm with different contention management policies  AtomicLongArray  AtomicLong  How should the algorithm behave? (correctness)  Data structure represents the abstract deque at any time  All operations terminate  No livelock or deadlock  Obstruction-free deque algorithm with different contention management policies  AtomicLongArray  AtomicLong  How should the algorithm behave? (correctness)  Data structure represents the abstract deque at any time  All operations terminate  No livelock or deadlock

4 Correctness condition for shared objects implementations  Find the linearization point

5 Correctness condition for shared objects implementations  Find the linearization point push(v 1 ) push(v 2 ) pop time stack ?

6 Correctness condition for shared objects implementations  Find the linearization point push(v 1 ) push(v 2 ) pop time stack ? X X X empty v1v1 v2v2

7 Check the correctness of shared object implementation  Find the linearization point  Define abstract variables (abstract stack,…)  Change the abstract variables at linearization points  At all linearization points, check if the abstract variables are consistent with data structures  In java, insert assert(expression) atomically at linearization points  Synchronized block  Atomic block  Find the linearization point  Define abstract variables (abstract stack,…)  Change the abstract variables at linearization points  At all linearization points, check if the abstract variables are consistent with data structures  In java, insert assert(expression) atomically at linearization points  Synchronized block  Atomic block

8 Java PathFinder  JPF  Model checker  Deadlocks  Invariants  User-defined assertions  JPF versus Spin  JPF covers the java programming language (not more than lines)  JPF design goal is to make it as modular and understandable as possible  Spin is faster than JPF  JPF  Model checker  Deadlocks  Invariants  User-defined assertions  JPF versus Spin  JPF covers the java programming language (not more than lines)  JPF design goal is to make it as modular and understandable as possible  Spin is faster than JPF

9 Verification challenges  JPF does not support AtomicLongArray and AtomicLong  Volatile Long[] and Long  Synchronized methods to implement C&S  Warning “unprotected field access of deque”  JPF employ Partial Order Reduction to save space  For lock protection, determines if a field access is scheduling relevant (transaction boundary)  vm.por.sync_detection=false  JPF does not support AtomicLongArray and AtomicLong  Volatile Long[] and Long  Synchronized methods to implement C&S  Warning “unprotected field access of deque”  JPF employ Partial Order Reduction to save space  For lock protection, determines if a field access is scheduling relevant (transaction boundary)  vm.por.sync_detection=false

10 State search  JPF searches  DFS  With backtracking is most appropriate for checking liveness properties  BFS  Search.heuristic.class = gov.nasa.jpf.search.heuristic.BFSHeuristic  JPF searches  DFS  With backtracking is most appropriate for checking liveness properties  BFS  Search.heuristic.class = gov.nasa.jpf.search.heuristic.BFSHeuristic

11 Verification ResultNumber of paths 1 thread (DFS - BFS) No error4 2 threads (DFS - BFS) No error threads Out of memory >1200

12 Verification  How to save the memory?  More synchronized methods  Synchronized blocks and Atomic blocks (Verify class)  Local instructions  At most one shared memory instruction  No instruction prevent the program from accessing endAtomic()  Return - break - join - if statement  How to save the memory?  More synchronized methods  Synchronized blocks and Atomic blocks (Verify class)  Local instructions  At most one shared memory instruction  No instruction prevent the program from accessing endAtomic()  Return - break - join - if statement

13 Verification  Atomic blocks  Sometimes threads loop in Atomic block  Why processes killed?  Need memory more than available memory  Atomic blocks  Sometimes threads loop in Atomic block  Why processes killed?  Need memory more than available memory ResultNumber of paths 1 thread Processes killed 0 2 threads Processes killed 0 3 threads Processes killed 0

14 Verification  Synchronized blocks ResultNumber of paths 1 thread (DFS - BFS) No error4 2 threads (DFS - BFS) No error threads Out of memory >1200 Why results are not improved? Partial Order reduction

15 Summary  Correctness conditions of shared object  Java PathFinder  Verification of shared deque implementation with JPF  Correctness conditions of shared object  Java PathFinder  Verification of shared deque implementation with JPF

16 Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.