1 / 19

Partial-coherence abstractions for relaxed memory models

Partial-coherence abstractions for relaxed memory models. Presented by Michael Kuperstein, Technion Joint work with Martin Vechev , IBM Research and Eran Yahav , Technion. Sequential Consistency.

patia
Download Presentation

Partial-coherence abstractions for relaxed memory models

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Partial-coherence abstractions for relaxed memory models Presented by Michael Kuperstein, Technion Joint work with Martin Vechev, IBMResearchand EranYahav, Technion

  2. Sequential Consistency “The result of any execution is the same as if the operations of all the processors were executed in some sequential order, and the operations of each individual processor appear in this sequence in the order specified by its program.” – Leslie Lamport, 1973 • We expect our programs to have • “Interleaving semantics” • Consistent with program order

  3. Dekker’s Algorithm for Mutual Exclusion Specification: mutual exclusion over critical section

  4. Store Buffer Based Models … … … … … … store fence flush X P0 1 2 3 Main Memory Y Z X P1 Y Z load • TSO & PSO • x86 ~ TSO • Memory Fences • Restore order • Every store before the fence becomes globally visible before anything after the fence executes

  5. Memory Fences • Fences are expensive • 10s-100s of cycles • Practical Significance • Data structures • Linux Kernel spinlocks • Placing fences manually • Overfencing: hurts performance • Underfencing: subtle bugs

  6. Memory Fences • Fences are expensive • 10s-100s of cycles • Practical Significance • Data structures • Linux Kernel spinlocks • Placing fences manually • Overfencing: hurts performance • Underfencing: subtle bugs

  7. Automatic Solutions Safe SC PSO • Equivalence to Sequential Consistency • Reduce program behaviors to sequentially consistent (SC) runs • High-level specifications are ignored • Goes back to Shasha & Snir [TOPLAS ’88] • Place fences to satisfy provided specification • Using specification may forbid less executions • May require fewer fences

  8. Goal Finite-State Program P BLENDER Safety Specification S Program P’with Fences Memory Model M P’ satisfies the specification S under M

  9. General Recipe Compute reachable states Compute weakestconstraints that guarantee all “bad states” are avoided Implement the constraints with fences

  10. Constraints A A A A B B B B C C C C P1: P1: P1: P1: X X X X 10 X X X X P2: P2: P2: P2: Unavoidable P2 : (D) LOAD R1 = X 1 1 1 1 2 2 2 2 3 3 3 3 P1 : (D) LOAD R1 = X [A < D][B < D][C < D] • Constraint language • Not every transition can be prevented using a fence

  11. Concrete Transition System • Building transition system under TSO/PSO is hard • No a-priori bound on buffer length • Unbounded state-space • Even for programs that were finite-state under SC • Reachability has non-primitive recursive complexity • [Atig et al., POPL ’10]

  12. Abstract Memory Models (AMM) Safe SC PSO AMM • Bounded approximation of unbounded buffers • Strictly weaker than concrete TSO/PSO • Finite-state programs remain finite-state • Reachability becomes effectively computable • Construct finite (abstract) transition system • Apply fence inference • Can also be used for verification

  13. Partial Coherence Abstractions … … … … … … Record what values appeared (withoutorder or number) Allows precise fence semantics Allows precise loads from buffer Keeps the analysis precise for “well behaved” programs Recent value Unordered elements Bounded length k X P0 Main Memory Y X P0 Z Main Memory Z X P1 Y X P1 X Y Z Y

  14. Partial Coherence Abstractions Concrete 1 1 2 2 3 3 4 4 5 5 6 6 7 7 Abstract {2,3,4,5}

  15. Abstract Fence Inference • Compute reachable abstract states • Compute constraints. Precision depends on abstraction. • Implement the constraints with fences

  16. Fence Inference Results Benchmarks are mutual exclusion primitives k - the bound on the FIFO part of the abstract buffer PD more “aggressive” than FD

  17. Summary P BLENDER S P’ M • Partial-coherence abstractions • Verification without arbitrary bounds • Abstraction precision affects quality of results • Synthesis of fences • Can infer optimal fences for mutual exclusion primitives

  18. Questions

  19. Related Work • Under-approximation • CheckFence [Burckhardt et al., PLDI ’07] • Fender [KVY, FMCAD ’10] • And more… • Over-approximation • Equivalence to SC • Very imprecise • Goes back to Shasha & Snir [TOPLAS ‘88] • Abstract Interpretation • Varying precision • Regular Abstraction [Linden et al., SPIN ’10] • Partial-Coherence [KVY, PLDI ’11]

More Related