Loading in 5 sec....

Abstraction-Guided Synthesis of SynchronizationPowerPoint Presentation

Abstraction-Guided Synthesis of Synchronization

- 99 Views
- Uploaded on

Download Presentation
## PowerPoint Slideshow about ' Abstraction-Guided Synthesis of Synchronization' - saskia

**An Image/Link below is provided (as is) to download presentation**

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

Challenge: Correct and Efficient Synchronization

T1()

T2()

T3()

{

……………………………

…………………….

…

}

Assist the programmer by automatically inferring correct and efficient synchronization

{

………………

……

………………….

…………………….

…………………………

}

{

…………………..

……

…………………….

………………

……………………

}

atomic

atomic

atomic

Challenge: Correct and Efficient Synchronization

T1()

T2()

T3()

{

……………………………

…………………….

…

}

Assist the programmer by automatically inferring correct and efficient synchronization

{

………………

……

………………….

…………………….

…………………………

}

{

…………………..

……

…………………….

………………

……………………

}

Challenge

- Find minimal synchronization that makes the program satisfy the specification
- Avoid all bad interleaving while permitting as many good interleavings as possible
- Handle infinite-state programs

A Standard Approach: Abstraction Refinement

program

specification

Abstract

counterexample

Verify

abstraction

Refine

Change the abstraction to match the program

A Standard Approach: Abstraction Refinement

concurrent program

Restrict

synchronized program

safety specification

Abstract

counterexample

Verify

state abstraction

Refine

Change the program to match the abstraction

Our Approach

- Synthesis of synchronization via abstract interpretation
- Compute over-approximation of all possible program executions
- Add minimal atomics to avoid (over-approximation of) bad interleavings

- Interplay between abstraction and synchronization
- Finer abstraction may enable finer synchronization
- Coarse synchronization may enable coarser abstraction

AGS Algorithm – High Level

- Input: Program P, Specification S, Abstraction
- Output: Program P’ satisfying S under

= true

while(true) {

Traces = { | (P ) and S }

if (Traces is empty) return implement(P,)

select Traces

if (?) {

’ = avoid()

if (’ is false) abort else = ’

} else {

’ = refine(, )

if ( = ‘) abort else = ‘

}

}

Avoiding an interleaving

- By adding atomicity constraints
- Atomicity predicate [l1,l2] – no context switch allowed between execution of statements at l1 and l2

- avoid()
- A disjunction of all possible atomicity predicates that would prevent

- Example
- = A1 B1 A2 B2
- avoid() = [A1,A2] [B1,B2]
- (abuse of notation)

Example

T1

1: x += z

2: x += z

T2

1: z++

2: z++

T3

1: y1 = f(x)

2: y2 = x

3: assert(y1 != y2)

f(x) {

if (x == 1) return 3

else if (x == 2) return 6

else return 5

}

6

Example: Parity Abstraction5

4

3

2

1

y2

0

1

2

3

4

y1

6

5

4

3

2

1

y2

0

1

2

3

4

Parity abstraction (even/odd)

Concrete values

Example: Avoiding Bad Interleavings

= true

while(true) {

Traces={|(P ) and

S }

if (Traces is empty)

return implement(P,)

select Traces

if (?) {

= avoid()

} else {

= refine(, )

}

}

avoid(1) = [z++,z++]

= [z++,z++]

= true

Example: Avoiding Bad Interleavings

= true

while(true) {

Traces={|(P ) and

S }

if (Traces is empty)

return implement(P,)

select Traces

if (?) {

= avoid()

} else {

= refine(, )

}

}

avoid(2) =[x+=z,x+=z]

= [z++,z++]

= [z++,z++][x+=z,x+=z]

Example: Avoiding Bad Interleavings

T1

1: x += z

2: x += z

= true

while(true) {

Traces={|(P ) and

S }

if (Traces is empty)

return implement(P,)

select Traces

if (?) {

= avoid()

} else {

= refine(, )

}

}

T2

1: z++

2: z++

T3

1: y1 = f(x)

2: y2 = x

3: assert(y1 != y2)

= [z++,z++][x+=z,x+=z]

Example: Avoiding Bad Interleavings

T1

T1

T1

x+=z; x+=z

x+=z; x+=z

x+=z; x+=z

5

4

z++;

z++;

z++;

z++;

z++;

z++;

T2

T2

T2

3

T3

T3

T3

y1=f(x)

y2=x

assert

y1!= y2

y1=f(x)

y2=x

assert

y1!= y2

y1=f(x)

y2=x

assert

y1!= y2

2

1

0

1

2

3

4

y1

parity

parity

parity

6

6

5

5

4

4

3

3

2

2

1

1

y2

0

1

2

3

4

0

1

2

3

4

But we can also refine the abstraction…

parity

parity

parity

6

6

T1

T1

T1

T1

T1

T1

T1

5

x+=z; x+=z

x+=z; x+=z

x+=z; x+=z

x+=z; x+=z

x+=z; x+=z

x+=z; x+=z

x+=z; x+=z

5

4

4

z++;

z++;

z++;

z++;

z++;

z++;

z++;

z++;

z++;

z++;

z++;

z++;

z++;

z++;

T2

T2

T2

T2

T2

T2

T2

3

3

2

T3

T3

T3

T3

T3

T3

T3

y1=f(x)

y2=x

assert

y1!= y2

y1=f(x)

y2=x

assert

y1!= y2

y1=f(x)

y2=x

assert

y1!= y2

y1=f(x)

y2=x

assert

y1!= y2

y1=f(x)

y2=x

assert

y1!= y2

y1=f(x)

y2=x

assert

y1!= y2

y1=f(x)

y2=x

assert

y1!= y2

2

1

1

0

1

2

3

4

0

1

2

3

4

(a)

(b)

(c)

interval

interval

y1

6

6

6

5

5

5

4

4

4

3

3

3

2

2

2

1

1

1

0

1

2

3

4

y2

(d)

(e)

0

1

2

3

4

0

1

2

3

4

octagon

octagon

6

5

6

4

5

3

4

2

3

1

2

1

0

1

2

3

4

(f)

(g)

0

1

2

3

4

Quantitative Synthesis

- Performance: smallest atomic sections
- Interval abstraction for our example produces the atomicity constraint:([x+=z,x+=z] ∨ [z++,z++])∧ ([y1=f(x),y2=x] ∨ [x+=z,x+=z] ∨ [z++,z++])
- Minimal satisfying assignments
- 1 = [z++,z++]
- 2 = [x+=z,x+=z]

AGS Algorithm – More Details

Forward Abstract Interpretation, taking into account for pruning infeasible interleavings

- Input: Program P, Specification S, Abstraction
- Output: Program P’ satisfying S under

= true

while(true) {

Traces = { | (P ) and S }

if (Traces is empty) return implement(P,)

select Traces

if (?) {

= avoid()

} else {

= refine(, )

}

}

Order of selection matters

- Choosing between abstraction refinement and program restriction
- not always possible to refine/avoid
- may try and backtrack

Backward exploration of invalid Interleavings using to prune infeasible interleavings.

Up to this point did not commit to a synchronization mechanism

Implementability

- Separation between schedule constraints and how they are realized
- Can realize in program: atomic sections, locks,…
- Can realize in scheduler: benevolent scheduler

- No program transformations (e.g., loop unrolling)
- Memoryless strategy

T1

1: while(*) {

2: x++

3: x++

4: }

T2

1: assert (x != 1)

Choosing a trace to avoid

0,00,0

y=2

if (y==0)

T1

0: if (y==0) goto L

1: x++

2: L:

T2

0: y=2

1: x+=1

2: assert x !=y

0,10,2

2,00,0

y=2

if (y==0)

1,10,2

2,10,2

x++

x+=1

2,21,2

2,11,2

x+=1

3,22,2

Examples Intuition

- If we can show disjoint access wecan avoid synchronization
- Requires abstractions rich enough to capture access pattern to shared data

Parity

Intervals

Summary

- An algorithm for Abstraction-Guided Synthesis
- Synthesize efficient and correct synchronization
- Handles infinite-state systems based on abstract interpretation
- Refine the abstraction and/or restrict program behavior
- Interplay between abstraction and synchronization

- Quantitative Synthesis
- Separate characterization of solution from choosing optimal solutions (e.g., smallest atomic sections)

Download Presentation

Connecting to Server..