Presentation is loading. Please wait.

Presentation is loading. Please wait.

On Sequentializing Concurrent Programs Ahmed Bouajjani LIAFA, University of Paris 7, France LIAFA, University of Paris 7, France Michael Emmi LIAFA, University.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "On Sequentializing Concurrent Programs Ahmed Bouajjani LIAFA, University of Paris 7, France LIAFA, University of Paris 7, France Michael Emmi LIAFA, University."— Presentation transcript:

1 On Sequentializing Concurrent Programs Ahmed Bouajjani LIAFA, University of Paris 7, France LIAFA, University of Paris 7, France Michael Emmi LIAFA, University of Paris 7, France LIAFA, University of Paris 7, France Gennaro Parlato ✓ Gennaro Parlato ✓ University of Southampton, UK

2 What is this talk about? Use of verification tools for sequential programs to analyze concurrent programs to analyze concurrent programs Write a sequential program that simulates the concurrent program Kiss: Keep It Simple and Sequential [Qadeer, Wu— PLDI’04] Kiss: Keep It Simple and Sequential [Qadeer, Wu— PLDI’04] Many efficient solutions have been developed for sequential programs: SMT-based Bounded Model-Checkers, BDD-based model-checkers, approximation techniques, deductive verification, … Why don’t we exploit them?

3 code-to-code translation as a plug-in for sequential tools A convenient way to get new tools for conc. programs … Concurrent Program SC tools: Bounded model checking: Bounded model checking: ESBMC (FSE’11) ESBMC (FSE’11) Poirot (by MSR) Poirot (by MSR) Storm (CAV’09) Storm (CAV’09) … Boolean Programs: Boolean Programs: Boom, Boppo Boom, Boppo G ETAFIX (PLDI’09) G ETAFIX (PLDI’09) jMoped [SPIN’08] jMoped [SPIN’08] … CHESS (MSR) CHESS (MSR) Sequentialization + sequ. tools Sequentialization + sequ. tools T 1 T 2 T n shared vars (SC semantics) …

4 What would it be a good sequential simulation? First attempt: Tracking state : C 1 X C 2 X … C i … X C n X Shared Tracking state : C 1 X C 2 X … C i … X C n X Shared Simulation : at each step simulate one move of a thread Simulation : at each step simulate one move of a thread State space explosion ! Q: Can we avoid such an explosion (cross product of locals)? Yes, if we consider at most 2 context-switches [Qadeer, Wu—PLDI’04] 1 3 2 1 3 2 Q: Can we avoid such an explosion (cross product of locals)? A: YES, for certain under-approximation Q: What about complete simulations ? A: NO! (for theoretical reasons)

5 Related works Up 2 context-switches [Qadeer, Wu—PLDI’04] Up 2 context-switches [Qadeer, Wu—PLDI’04] Many concurrency errors manifest themselves within few context- switches [Musuvathi, Qadeer—PLDI`07] Many concurrency errors manifest themselves within few context- switches [Musuvathi, Qadeer—PLDI`07] Any fixed # context-switches (finite # of threads) Any fixed # context-switches (finite # of threads) Eager [Lal, Reps—CAV`08] Eager [Lal, Reps—CAV`08] Lazy [La Torre, Parlato, Madhusudan—CAV`09] Lazy [La Torre, Parlato, Madhusudan—CAV`09] Round-Robin schedules & parametrized programs Round-Robin schedules & parametrized programs Lazy [La Torre, Parlato, Madhusudan—CAV`10] Lazy [La Torre, Parlato, Madhusudan—CAV`10] Delay-bounded schedules (thread creation) Delay-bounded schedules (thread creation) [Emmi, Qadeer, Rakamaric—POPL`11] [Emmi, Qadeer, Rakamaric—POPL`11] Over-approximation [Garg, Madhusudan, TACAS`11] Over-approximation [Garg, Madhusudan, TACAS`11]

6 Proposed sequentializations common characteristics Avoid cross product (compositional) 1 stack for the simulation 1 stack for the simulation 1 local state, fixed # of shared states 1 local state, fixed # of shared states Conc. & Sequ. Programs are in the same class i.e. no additional data structures to simulate parallelism i.e. no additional data structures to simulate parallelism Example: Boolean conc. programs  Boolean (sequential) program Example: Boolean conc. programs  Boolean (sequential) program Parametrized: increasing the parameter more and more behaviors are captured more and more behaviors are captured at the expense of more computational resources at the expense of more computational resources Explore as many behaviors as possible Goal Goal

7 Our contribution General mechanism enabling compositional sequentializations Under-approximations Under-approximations Captures at least or more behaviors than existing sequentializations Existing sequentializations can be seen as a restrictions of ours

8 Our Concurrent  Sequential Translation - Compositional semantics - Thread interfaces - Bounded semantics (restricted compositional semantics)

9 Compositional Semantics (code-to-code translation to sequ. programs) P ::= var g:T H H ::= proc p ( var l:T ) s s ::= s; s | x := e | skip | assume e | if e then s else s | while e do s | if e then s else s | while e do s | call x := p e | return e | call x := p e | return e | post p e | yield //Concurrent stmt | post p e | yield //Concurrent stmt x ::= g | l T 1 T 2 T n shared vars (SC semantics) … Main idea of the sequentialization Transform each thread creation into a procedure call: post p e  call g:=p e Only one interaction Solution (return all possible interactions) post p e  call INTERFACE:=p e

10 Key concept: Thread interface An interface of a thread T in an execution An interface of a thread T in an execution captures the interactions (shared states) of T and all its sub-threads with the remaining threads involved in the execution Thread interface s1s1 s1’s1’ s2s2 s3s3 s4s4 s5s5 s2’s2’ s3’s3’ s4’s4’ s5’s5’

11 How to compute Thread interface Every thread creation is transformed into a procedure call Every thread creation is transformed into a procedure call A thread procedure A thread procedure computes an interface of the thread by simulating its code computes an interface of the thread by simulating its code The thread procedure keeps the following data structure to compute the interface The thread procedure keeps the following data structure to compute the interface EXP: Interface to export BAG: Interfaces imported from posted threads

12 Updating the interface data-structure: initialization The procedure that simulates a thread first initializes the interface data- structure: interface to export is initialized with one round ( s 1, s 1 ) interface to export is initialized with one round ( s 1, s 1 ) ( s 1 is a guessed shared state) ( s 1 is a guessed shared state) bag of imported interfaces is empty bag of imported interfaces is empty ∅ s1s1 s1s1 EXP: Interface to export BAG: Interfaces imported from posted threads

13 Updating the interface data-structure: thread creation (post) At any thread creation : post p e  transformed  interface := call thread-p e; Add( BAG, interface ); Add( BAG, interface ); EXP: Interface to export BAG: Interfaces imported from posted threads

14 Updating the interface data-structure context-switch (yield) At any yield point non deterministically either 1.interact at least once with internal threads, or 2.interact with an external thread a a b b EXP: Interface to export BAG: Interfaces imported from posted threads

15 Updating the interface data-structure context-switch (yield) At any yield point non deterministically either 1.interact at least once with internal threads, or 2.interact with an external thread Add a new round ( a, a ) to the interface to export ( a is guessed ) Add a new round ( a, a ) to the interface to export ( a is guessed ) EXP: Interface to export BAG: Interfaces imported from posted threads a a

16 Sequential semantics for conc. programs We’ve obtained a sequential program that simulates the conc. program by computing interfaces Each Thread code p is replaced by the procedure thread-p : Variables: Locals + Interface data-structure Variables: Locals + Interface data-structure Initialize the interface data-structure Initialize the interface data-structure The code of the original thread is attached The code of the original thread is attached Only post, and yield statement are replaced with new code Only post, and yield statement are replaced with new code (simulating the operations presented previously) At yield a yield statement (or return) return the exported interface At yield a yield statement (or return) return the exported interface interface data-structure is unbounded

17 An interface as a list: An interface as a list: a c e g b d f h a b c d e f g h Bounding & Compressing

18 Bound the # nodes in the interface data structure Bound the # nodes in the interface data structure Compress the bag of exported interface a s a DAG Compress the bag of exported interface a s a DAG We merge two node ( x, y ) and ( y, z ) into (x,z) We merge two node ( x, y) and (y, z ) into (x,z) x y y z -Ex 1. -Ex 2. x y y z

19 Our Sequentialization Compositional Semantics + Bounding & Compressing

20 All existing sequentializations can be simulated - Up 2 context-switches [Qadeer, Wu—PLDI’04] - Any fixed # context-switches (finite # of threads) - Eager [Lal, Reps—CAV`08] - Lazy [La Torre, Parlato, Madhusudan—CAV`09] - Round-Robin schedules & parametrized programs - Lazy [La Torre, Parlato, Madhusudan—CAV`10] - Delay bounded schedules (thread creation) [Emmi, Qadeer, Rakamaric—POPL`11]

21 T1T1 T2T2 TnTn initial shared state round 1 round 2 round k Sequ. for any fixed # context-switches (finite # of threads) [Lal, Reps—CAV`08] 12 3

22 Conclusions

23 Conclusions : We have presented a general mechanism enabling compositional sequentializations of concurrent programs (under SC) -parameterized (bounding & compressing the # of nodes in the interfaces) -more behaviors than existing sequentializations -Thread creation, parameterized programs, finite # threads -All existing sequentializations can be explained within our framework Weak Memory models: -Translation TSO  SC [Atig, Bouajjani, Parlato—CAV`11] -TSO  SC  sequential Future works : -Experimental evaluation -Sequentializations for distributed programs (FIFO channels) ? -The Tree-width of Auxiliary Storage [Madhusudan, Parlato— POPL`11] [Madhusudan, Parlato— POPL`11] -Lazy transformation of our sequentialization [La Torre, Madhusudan, Parlato—CAV`09, CAV`10] [La Torre, Madhusudan, Parlato—CAV`09, CAV`10] Thanks!

Download ppt "On Sequentializing Concurrent Programs Ahmed Bouajjani LIAFA, University of Paris 7, France LIAFA, University of Paris 7, France Michael Emmi LIAFA, University."

Similar presentations

Bounded Model Checking of Concurrent Data Types on Relaxed Memory Models: A Case Study Sebastian Burckhardt Rajeev Alur Milo M. K. Martin Department of.

Bounded Model Checking of Concurrent Data Types on Relaxed Memory Models: A Case Study Sebastian Burckhardt Rajeev Alur Milo M. K. Martin Department of.
Ermenegildo Tomasco University of Southampton, UK Omar Inverso University of Southampton, UK Bernd Fischer Stellenbosch University, South Africa Salvatore.

Ermenegildo Tomasco University of Southampton, UK Omar Inverso University of Southampton, UK Bernd Fischer Stellenbosch University, South Africa Salvatore.
Gennaro Parlato (LIAFA, Paris, France) Joint work with P. Madhusudan Xiaokang Qie University of Illinois at Urbana-Champaign.

Gennaro Parlato (LIAFA, Paris, France) Joint work with P. Madhusudan Xiaokang Qie University of Illinois at Urbana-Champaign.
Gennaro Parlato (LIAFA, Paris, France) Joint work with P. Madhusudan Xiaokang Qie University of Illinois at Urbana-Champaign.

Gennaro Parlato (LIAFA, Paris, France) Joint work with P. Madhusudan Xiaokang Qie University of Illinois at Urbana-Champaign.
The complexity of predicting atomicity violations Azadeh Farzan Univ of Toronto P. Madhusudan Univ of Illinois at Urbana Champaign.

The complexity of predicting atomicity violations Azadeh Farzan Univ of Toronto P. Madhusudan Univ of Illinois at Urbana Champaign.
A Program Transformation For Faster Goal-Directed Search Akash Lal, Shaz Qadeer Microsoft Research.

A Program Transformation For Faster Goal-Directed Search Akash Lal, Shaz Qadeer Microsoft Research.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
Architecture-dependent optimizations Functional units, delay slots and dependency analysis.

Architecture-dependent optimizations Functional units, delay slots and dependency analysis.
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
Α ϒ ʎ …… Reachability Modulo Theories Akash Lal Shaz Qadeer, Shuvendu Lahiri Microsoft Research.

Α ϒ ʎ …… Reachability Modulo Theories Akash Lal Shaz Qadeer, Shuvendu Lahiri Microsoft Research.
1 1 Regression Verification for Multi-Threaded Programs Sagar Chaki, SEI-Pittsburgh Arie Gurfinkel, SEI-Pittsburgh Ofer Strichman, Technion-Haifa Originally.

1 1 Regression Verification for Multi-Threaded Programs Sagar Chaki, SEI-Pittsburgh Arie Gurfinkel, SEI-Pittsburgh Ofer Strichman, Technion-Haifa Originally.
1/20 Generalized Symbolic Execution for Model Checking and Testing Charngki PSWLAB Generalized Symbolic Execution for Model Checking and Testing.

1/20 Generalized Symbolic Execution for Model Checking and Testing Charngki PSWLAB Generalized Symbolic Execution for Model Checking and Testing.
Background for “KISS: Keep It Simple and Sequential” cs264 Ras Bodik spring 2005.

Background for “KISS: Keep It Simple and Sequential” cs264 Ras Bodik spring 2005.
Reducing Context-bounded Concurrent Reachability to Sequential Reachability Gennaro Parlato University of Illinois at Urbana-Champaign Salvatore La Torre.

Reducing Context-bounded Concurrent Reachability to Sequential Reachability Gennaro Parlato University of Illinois at Urbana-Champaign Salvatore La Torre.
Iterative Context Bounding for Systematic Testing of Multithreaded Programs Madan Musuvathi Shaz Qadeer Microsoft Research.

Iterative Context Bounding for Systematic Testing of Multithreaded Programs Madan Musuvathi Shaz Qadeer Microsoft Research.
Poirot – A Concurrency Sleuth Shaz Qadeer Research in Software Engineering Microsoft Research.

Poirot – A Concurrency Sleuth Shaz Qadeer Research in Software Engineering Microsoft Research.
Requirements on the Execution of Kahn Process Networks Marc Geilen and Twan Basten 11 April 2003 /e.

Requirements on the Execution of Kahn Process Networks Marc Geilen and Twan Basten 11 April 2003 /e.
The Tree-Width of auxiliary storage Gennaro Parlato (University of Southampton, UK) Joint work: P. Madhusudan – UIUC, USA.

The Tree-Width of auxiliary storage Gennaro Parlato (University of Southampton, UK) Joint work: P. Madhusudan – UIUC, USA.
The Language Theory of Bounded Context-Switching Gennaro Parlato (U. of Illinois, U.S.A.) Joint work with: Salvatore La Torre (U. of Salerno, Italy) P.

The Language Theory of Bounded Context-Switching Gennaro Parlato (U. of Illinois, U.S.A.) Joint work with: Salvatore La Torre (U. of Salerno, Italy) P.
Using Statically Computed Invariants Inside the Predicate Abstraction and Refinement Loop Himanshu Jain Franjo Ivančić Aarti Gupta Ilya Shlyakhter Chao.

Using Statically Computed Invariants Inside the Predicate Abstraction and Refinement Loop Himanshu Jain Franjo Ivančić Aarti Gupta Ilya Shlyakhter Chao.

Similar presentations

Ads by Google