Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2007 GrammaTech, Inc. All rights reserved GrammaTech, Inc. 317 N Aurora St. Ithaca, NY 14850 Tel: 607-273-7340 Verifying.

Published byBenjamin Wilcox Modified over 9 years ago

Similar presentations

Presentation on theme: "© 2007 GrammaTech, Inc. All rights reserved GrammaTech, Inc. 317 N Aurora St. Ithaca, NY 14850 Tel: 607-273-7340 Verifying."— Presentation transcript:

1 © 2007 GrammaTech, Inc. All rights reserved GrammaTech, Inc. 317 N Aurora St. Ithaca, NY 14850 Tel: 607-273-7340 E-mail: info@grammatech.com Verifying Software for Multi-core Systems Presented by: Michael McDougall mcdougall@grammatech.com

2 Motivation Old: software got faster as hardware improved New: must parallelize software to benefit Challenges: ›Concurrency bugs subtle, hard to diagnose ›Verification hard for concurrent systems ›Multi-core less forgiving Parallelization must be fine grained Shared memory behaves in odd ways DARPA project: ›Flag bugs in lock-free algorithms

3 GrammaTech, Inc. ~25 people, including 10 phds Founded by Tim Teitelbaum (Cornell) and Tom Reps (Wisconsin) Locations: Ithaca NY, San Jose CA, Madison WI, Rochester NY Expertise: software analysis (static & dynamic) of source and binary Applications: ›Software assurance (correctness, bug finding, malware detection) ›Software re-writing (legacy software, anti-reverse-engineering) Research projects: NASA, Army, AF, Navy, OSD, NSF Products: ›CodeSonar: bug finding for C/C++/Ada ›CodeSurfer: program understanding + analysis library Customers: 150+ ›Lockheed Martin, FDA, Qualcomm, LG Electronics, NASA

4 Focusing on Formal Verification This talk focuses on verification by automatic analysis of software ›Ideally, exhaustive exploration of software behavior without running the software ›In practice, partial exploration that complements other verification methods Not covering ›Traditional testing ›System testing ›Inspections/audits ›..though formal verification techniques can be applied there too

5 Software Analysis Overview Rigorous Complete Exhaustive Easy to apply Fast Scalable Model checkers Proof of correctness DARPA project Bug finders Detect buffer overflows,NPD False positives/negatives Product: CodeSonar Can give to engineering team Requires special expertise Enforce Best practices NASA/JPL SBIR Phase II

6 Sequential Code Want to consider all inputs Step 1 Step 2 Step 3 4 14 4 … 5 34 2 Step 1 Step 2 Step 3 6 45 2 Step 1 Step 2 Step 3

7 Why concurrency is hard Concurrent code: want to consider all inputs +all interleavings 4 14 4 Extra burden for the writer & the verifier Step 1 Step 2 Step 3 Step 1 Step 2 Step 3 4 14 5 Step 1 Step 2 Step 3 Step 1 Step 2 Step 3 4 14 3 Step 1 Step 2 Step 3 Step 1 Step 2 Step 3

8 Multi-core verification inherits a lot Verification community has long focused on concurrency problems ›Classical problems: dining philosophers ›Protocol verification ›Cache-coherence Multi-core verification inherits long list of tricks/techniques ›Partial-order reduction ›Exploiting symmetry In State In Threads

9 What’s new with multi-core? Urgency ›Software developers have no choice now ›Performance has to come from keeping more cores busy Focus on performance / ease of porting ›Shared memory more important than message passing Game developers hitting this already ›Sony Playstation 3 : 8 cores ›Tom Leonard, VALVE: High-level concurrency primitives too slow –Mutex, semaphores, etc Extensive reliance on lock-free algorithms

10 Bridging the Gap Single-core application Multi-core application Slow Correct Lock-free synchronization Model checking for multi-core

11 Lock-Free Algorithms Queue data structure Synchronization data structures (locks, semaphores) Compare-and-swap instructions Traditional Concurrent Queue Queue data structure Compare-and-swap instructions Lock-free Concurrent Queue 4 4 4

12 Relaxed Memory Models Multicore systems do not respect sequential consistency ?? 4 4

13 Consequences Relaxed memory models ›“Proven” algorithms fail on multi-core system ›Impact not well understood Generally ›Multi-threaded code works on single core, but not multi-core ›Multi-core parallelism much finer grain ›Multi-threaded code works faster on quad core when you turn 3 cores off Safer (& sometimes faster) to turn cores off

14 GrammaTech’s DARPA project Lock-free data structure + harness Serial model All possible serial executions Relaxed memory model All possible relaxed executions All possible serial executions All possible relaxed executions SMT Solver Equal: OK Not equal: counterexample

15 Enforce Best practices NASA/JPL SBIR Phase II Bug finders Detect buffer overflows,NPD False positives/negatives Product: CodeSonar Software Analysis: What is needed Rigorous Complete Exhaustive Easy to apply Fast Scalable Model checkers Proof of correctness DARPA project Make aware of concurrency, with minimal impact on scalability What are the best practices for multicore? New languages, abstractions, memory models that help verification Better understanding of multi-core- specific issues

16 Conclusion Verification for multi-core inherits from long tradition of concurrent verification These techniques need to be adapted for the concrete problems of multi-core ›Tight coupling of CPUs ›High-performance use of shared memory ›Discrepancy between source POV and memory op POV not well understood

17 The End Acknowledgements: ›Thomas Reps (GrammaTech + U Wisconsin) ›Sebastian Burckhardt (Microsoft Research) Questions?

Download ppt "© 2007 GrammaTech, Inc. All rights reserved GrammaTech, Inc. 317 N Aurora St. Ithaca, NY 14850 Tel: 607-273-7340 Verifying."

Similar presentations

1 Verification by Model Checking. 2 Part 1 : Motivation.

1 Verification by Model Checking. 2 Part 1 : Motivation.
Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.

Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.
Bounded Model Checking of Concurrent Data Types on Relaxed Memory Models: A Case Study Sebastian Burckhardt Rajeev Alur Milo M. K. Martin Department of.

Bounded Model Checking of Concurrent Data Types on Relaxed Memory Models: A Case Study Sebastian Burckhardt Rajeev Alur Milo M. K. Martin Department of.
1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.

1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.
Architecture-aware Analysis of Concurrent Software Rajeev Alur University of Pennsylvania Amir Pnueli Memorial Symposium New York University, May 2010.

Architecture-aware Analysis of Concurrent Software Rajeev Alur University of Pennsylvania Amir Pnueli Memorial Symposium New York University, May 2010.
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
Precision Timed Embedded Systems Using TickPAD Memory Matthew M Y Kuo* Partha S Roop* Sidharta Andalam † Nitish Patel* *University of Auckland, New Zealand.

Precision Timed Embedded Systems Using TickPAD Memory Matthew M Y Kuo* Partha S Roop* Sidharta Andalam † Nitish Patel* *University of Auckland, New Zealand.
Race Directed Random Testing of Concurrent Programs KOUSHIK SEN - UNIVERSITY OF CALIFORNIA, BERKELEY PRESENTED BY – ARTHUR KIYANOVSKI – TECHNION, ISRAEL.

Race Directed Random Testing of Concurrent Programs KOUSHIK SEN - UNIVERSITY OF CALIFORNIA, BERKELEY PRESENTED BY – ARTHUR KIYANOVSKI – TECHNION, ISRAEL.
D u k e S y s t e m s Time, clocks, and consistency and the JMM Jeff Chase Duke University.

D u k e S y s t e m s Time, clocks, and consistency and the JMM Jeff Chase Duke University.
Chapter 6: Process Synchronization

Chapter 6: Process Synchronization
Overview Motivations Basic static and dynamic optimization methods ADAPT Dynamo.

Overview Motivations Basic static and dynamic optimization methods ADAPT Dynamo.
Iterative Context Bounding for Systematic Testing of Multithreaded Programs Madan Musuvathi Shaz Qadeer Microsoft Research.

Iterative Context Bounding for Systematic Testing of Multithreaded Programs Madan Musuvathi Shaz Qadeer Microsoft Research.
Prof. Srinidhi Varadarajan Director Center for High-End Computing Systems.

Prof. Srinidhi Varadarajan Director Center for High-End Computing Systems.
Parallelizing Audio Feature Extraction Using an Automatically-Partitioned Streaming Dataflow Language Eric Battenberg Mark Murphy CS 267, Spring 2008.

Parallelizing Audio Feature Extraction Using an Automatically-Partitioned Streaming Dataflow Language Eric Battenberg Mark Murphy CS 267, Spring 2008.
The Path to Multi-core Tools Paul Petersen. Multi-coreToolsThePathTo 2 Outline Motivation Where are we now What is easy to do next What is missing.

The Path to Multi-core Tools Paul Petersen. Multi-coreToolsThePathTo 2 Outline Motivation Where are we now What is easy to do next What is missing.
Atomicity in Multi-Threaded Programs Prachi Tiwari University of California, Santa Cruz CMPS 203 Programming Languages, Fall 2004.

Atomicity in Multi-Threaded Programs Prachi Tiwari University of California, Santa Cruz CMPS 203 Programming Languages, Fall 2004.
Dependable computing needs pervasive debugging Tim Harris

Dependable computing needs pervasive debugging Tim Harris
Concurrency and Software Transactional Memories Satnam Singh, Microsoft Faculty Summit 2005.

Concurrency and Software Transactional Memories Satnam Singh, Microsoft Faculty Summit 2005.
12/1/2005Comp 120 Fall 20051 1 December Three Classes to Go! Questions? Multiprocessors and Parallel Computers –Slides stolen from Leonard McMillan.

12/1/2005Comp 120 Fall December Three Classes to Go! Questions? Multiprocessors and Parallel Computers –Slides stolen from Leonard McMillan.
Memory Model Safety of Programs Sebastian Burckhardt Madanlal Musuvathi Microsoft Research EC^2, July 7, 2008.

Memory Model Safety of Programs Sebastian Burckhardt Madanlal Musuvathi Microsoft Research EC^2, July 7, 2008.

Similar presentations

Ads by Google