Abstraction guided synthesis of synchronization
This presentation is the property of its rightful owner.
Sponsored Links
1 / 23

Abstraction-Guided Synthesis of Synchronization PowerPoint PPT Presentation


  • 79 Views
  • Uploaded on
  • Presentation posted in: General

Martin Vechev. Eran Yahav. Greta Yorsh. Abstraction-Guided Synthesis of Synchronization. IBM Research. Challenge: Correct and Efficient Synchronization. T1(). T2(). T3(). { …………………………… ……………………. … }.

Download Presentation

Abstraction-Guided Synthesis of Synchronization

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Abstraction guided synthesis of synchronization

  • Martin Vechev

  • EranYahav

  • Greta Yorsh

Abstraction-Guided Synthesisof Synchronization

  • IBM Research


Challenge correct and efficient synchronization

Challenge: Correct and Efficient Synchronization

T1()

T2()

T3()

{

……………………………

…………………….

}

Assist the programmer by automatically inferring correct and efficient synchronization

{

………………

……

………………….

…………………….

…………………………

}

{

…………………..

……

…………………….

………………

……………………

}

atomic

atomic

atomic


Challenge correct and efficient synchronization1

Challenge: Correct and Efficient Synchronization

T1()

T2()

T3()

{

……………………………

…………………….

}

Assist the programmer by automatically inferring correct and efficient synchronization

{

………………

……

………………….

…………………….

…………………………

}

{

…………………..

……

…………………….

………………

……………………

}


Challenge

Challenge

  • Find minimal synchronization that makes the program satisfy the specification

    • Avoid all bad interleaving while permitting as many good interleavings as possible

    • Handle infinite-state programs


A standard approach abstraction refinement

A Standard Approach: Abstraction Refinement

program

specification

Abstract

counterexample

Verify

abstraction

Refine

Change the abstraction to match the program


A standard approach abstraction refinement1

A Standard Approach: Abstraction Refinement

concurrent program

Restrict

synchronized program

safety specification

Abstract

counterexample

Verify

state abstraction

Refine

Change the program to match the abstraction


Our approach

Our Approach

  • Synthesis of synchronization via abstract interpretation

    • Compute over-approximation of all possible program executions

    • Add minimal atomics to avoid (over-approximation of) bad interleavings

  • Interplay between abstraction and synchronization

    • Finer abstraction may enable finer synchronization

    • Coarse synchronization may enable coarser abstraction


Ags algorithm high level

AGS Algorithm – High Level

  • Input: Program P, Specification S, Abstraction 

  • Output: Program P’ satisfying S under 

 = true

while(true) {

Traces = { |   (P ) and  S }

if (Traces is empty) return implement(P,)

select   Traces

if (?) {

’ = avoid()

if (’ is false) abort else  =   ’

} else {

’ = refine(, )

if ( = ‘) abort else  = ‘

}

}


Avoiding an interleaving

Avoiding an interleaving

  • By adding atomicity constraints

    • Atomicity predicate [l1,l2] – no context switch allowed between execution of statements at l1 and l2

  • avoid()

    • A disjunction of all possible atomicity predicates that would prevent 

  • Example

    •  = A1 B1 A2 B2

    • avoid() = [A1,A2]  [B1,B2]

      • (abuse of notation)


Example

Example

T1

1: x += z

2: x += z

T2

1: z++

2: z++

T3

1: y1 = f(x)

2: y2 = x

3: assert(y1 != y2)

f(x) {

if (x == 1) return 3

else if (x == 2) return 6

else return 5

}


Example parity abstraction

y1

6

Example: Parity Abstraction

5

4

3

2

1

y2

0

1

2

3

4

y1

6

5

4

3

2

1

y2

0

1

2

3

4

Parity abstraction (even/odd)

Concrete values


Example avoiding bad interleavings

Example: Avoiding Bad Interleavings

 = true

while(true) {

Traces={|(P ) and

 S }

if (Traces is empty)

return implement(P,)

select   Traces

if (?) {

 =   avoid()

} else {

 = refine(, )

}

}

avoid(1) = [z++,z++]

 = [z++,z++]

 = true


Example avoiding bad interleavings1

Example: Avoiding Bad Interleavings

 = true

while(true) {

Traces={|(P ) and

 S }

if (Traces is empty)

return implement(P,)

select   Traces

if (?) {

 =   avoid()

} else {

 = refine(, )

}

}

avoid(2) =[x+=z,x+=z]

 = [z++,z++]

 = [z++,z++][x+=z,x+=z]


Example avoiding bad interleavings2

Example: Avoiding Bad Interleavings

T1

1: x += z

2: x += z

 = true

while(true) {

Traces={|(P ) and

 S }

if (Traces is empty)

return implement(P,)

select   Traces

if (?) {

 =   avoid()

} else {

 = refine(, )

}

}

T2

1: z++

2: z++

T3

1: y1 = f(x)

2: y2 = x

3: assert(y1 != y2)

 = [z++,z++][x+=z,x+=z]


Example avoiding bad interleavings3

6

Example: Avoiding Bad Interleavings

T1

T1

T1

x+=z; x+=z

x+=z; x+=z

x+=z; x+=z

5

4

z++;

z++;

z++;

z++;

z++;

z++;

T2

T2

T2

3

T3

T3

T3

y1=f(x)

y2=x

assert

y1!= y2

y1=f(x)

y2=x

assert

y1!= y2

y1=f(x)

y2=x

assert

y1!= y2

2

1

0

1

2

3

4

y1

parity

parity

parity

6

6

5

5

4

4

3

3

2

2

1

1

y2

0

1

2

3

4

0

1

2

3

4

But we can also refine the abstraction…


Abstraction guided synthesis of synchronization

parity

parity

parity

6

6

T1

T1

T1

T1

T1

T1

T1

5

x+=z; x+=z

x+=z; x+=z

x+=z; x+=z

x+=z; x+=z

x+=z; x+=z

x+=z; x+=z

x+=z; x+=z

5

4

4

z++;

z++;

z++;

z++;

z++;

z++;

z++;

z++;

z++;

z++;

z++;

z++;

z++;

z++;

T2

T2

T2

T2

T2

T2

T2

3

3

2

T3

T3

T3

T3

T3

T3

T3

y1=f(x)

y2=x

assert

y1!= y2

y1=f(x)

y2=x

assert

y1!= y2

y1=f(x)

y2=x

assert

y1!= y2

y1=f(x)

y2=x

assert

y1!= y2

y1=f(x)

y2=x

assert

y1!= y2

y1=f(x)

y2=x

assert

y1!= y2

y1=f(x)

y2=x

assert

y1!= y2

2

1

1

0

1

2

3

4

0

1

2

3

4

(a)

(b)

(c)

interval

interval

y1

6

6

6

5

5

5

4

4

4

3

3

3

2

2

2

1

1

1

0

1

2

3

4

y2

(d)

(e)

0

1

2

3

4

0

1

2

3

4

octagon

octagon

6

5

6

4

5

3

4

2

3

1

2

1

0

1

2

3

4

(f)

(g)

0

1

2

3

4


Quantitative synthesis

Quantitative Synthesis

  • Performance: smallest atomic sections

  • Interval abstraction for our example produces the atomicity constraint:([x+=z,x+=z] ∨ [z++,z++])∧ ([y1=f(x),y2=x] ∨ [x+=z,x+=z] ∨ [z++,z++])

  • Minimal satisfying assignments

    • 1 = [z++,z++]

    • 2 = [x+=z,x+=z]


Ags algorithm more details

AGS Algorithm – More Details

Forward Abstract Interpretation, taking  into account for pruning infeasible interleavings

  • Input: Program P, Specification S, Abstraction 

  • Output: Program P’ satisfying S under 

 = true

while(true) {

Traces = { |   (P ) and  S }

if (Traces is empty) return implement(P,)

select   Traces

if (?) {

 =   avoid()

} else {

 = refine(, )

}

}

Order of selection matters

  • Choosing between abstraction refinement and program restriction

  • not always possible to refine/avoid

  • may try and backtrack

Backward exploration of invalid Interleavings using  to prune infeasible interleavings.

Up to this point did not commit to a synchronization mechanism


Implementability

Implementability

  • Separation between schedule constraints and how they are realized

    • Can realize in program: atomic sections, locks,…

    • Can realize in scheduler: benevolent scheduler

  • No program transformations (e.g., loop unrolling)

  • Memoryless strategy

T1

1: while(*) {

2: x++

3: x++

4: }

T2

1: assert (x != 1)


Choosing a trace to avoid

Choosing a trace to avoid

0,00,0

y=2

if (y==0)

T1

0: if (y==0) goto L

1: x++

2: L:

T2

0: y=2

1: x+=1

2: assert x !=y

0,10,2

2,00,0

y=2

if (y==0)

1,10,2

2,10,2

x++

x+=1

2,21,2

2,11,2

x+=1

3,22,2


Examples intuition

Examples Intuition

  • If we can show disjoint access wecan avoid synchronization

  • Requires abstractions rich enough to capture access pattern to shared data

Parity

Intervals


Examples

Examples


Summary

Summary

  • An algorithm for Abstraction-Guided Synthesis

    • Synthesize efficient and correct synchronization

    • Handles infinite-state systems based on abstract interpretation

    • Refine the abstraction and/or restrict program behavior

    • Interplay between abstraction and synchronization

  • Quantitative Synthesis

    • Separate characterization of solution from choosing optimal solutions (e.g., smallest atomic sections)


  • Login