From Concurrent Programs to Simulating Sequential Programs: Correctness of a Transformation VPT 2017 Allan Blanchard, Fr´ ed´ eric Loulergue, Nikolai Kosmatov April 29 th , 2017
From Concurrent Programs to Simulating Sequential Programs Correctness of a Transformation Conclusion and Future Work Table of Contents 1 From Concurrent Programs to Simulating Sequential Programs 2 Correctness of a Transformation 3 Conclusion and Future Work April 29 th , 2017 — N. Kosmatov — p. 2
From Concurrent Programs to Simulating Sequential Programs Correctness of a Transformation Conclusion and Future Work Table of Contents 1 From Concurrent Programs to Simulating Sequential Programs Concurrent Program Analysis Considered Language Principle of the Transformation 2 Correctness of a Transformation 3 Conclusion and Future Work April 29 th , 2017 — N. Kosmatov — p. 3
From Concurrent Programs to Simulating Sequential Programs Correctness of a Transformation Conclusion and Future Work Dedicated Analysis Most concurrent program analyzers are dedicated to this task they implement a specific analysis they are often hard to design April 29 th , 2017 — N. Kosmatov — p. 4
From Concurrent Programs to Simulating Sequential Programs Correctness of a Transformation Conclusion and Future Work Sequential Code Analyzers Sequential code analyzers work well How can we bring them to concurrent code analysis? Especially when we have many of them The Frama-C code analysis platform ( frama-c.com ) Deductive verification (WP) Abstract Interpretation (Eva) Runtime assertion checking (E-ACSL) ... April 29 th , 2017 — N. Kosmatov — p. 5
From Concurrent Programs to Simulating Sequential Programs Correctness of a Transformation Conclusion and Future Work Simulating Code: Motivation Idea 1: Intrinsically concurrent analysis tools better integration but hard to develop Idea 2: Simulate concurrent programs by sequential ones sequential analyzers will be able to treat it April 29 th , 2017 — N. Kosmatov — p. 6
From Concurrent Programs to Simulating Sequential Programs Correctness of a Transformation Conclusion and Future Work A Simple Imperative Language proc ::= m ( x ) c m ∈ Name ::= x := e local assignment instr | x [ y ] := e writing to the heap | x := y [ e ] reading from the heap | while e do c | if e then c else c | m ( e ) procedure call | atomic ( c ) atomic block C ∋ c ::= {} | instr ; c ::= [( l 1 , size l 1 ); . . . ; ( l m , size l m )] memory prog seq ::= proc memory ::= (where mains : T → Name ) prog par proc memory mains April 29 th , 2017 — N. Kosmatov — p. 7
From Concurrent Programs to Simulating Sequential Programs Correctness of a Transformation Conclusion and Future Work A Simple Imperative Language with Concurrency proc ::= m ( x ) c m ∈ Name ::= x := e local assignment instr | x [ y ] := e writing to the heap | x := y [ e ] reading from the heap | while e do c | if e then c else c | m ( e ) procedure call | atomic ( c ) atomic block C ∋ c ::= {} | instr ; c ::= [( l 1 , size l 1 ); . . . ; ( l m , size l m )] memory prog seq ::= proc memory ::= (where mains : T → Name ) prog par proc memory mains April 29 th , 2017 — N. Kosmatov — p. 7
From Concurrent Programs to Simulating Sequential Programs Correctness of a Transformation Conclusion and Future Work Overview of the Transformation I Variables Original heap is kept Each local variable x is simulated by a heap location &x Assumption Static memory allocation April 29 th , 2017 — N. Kosmatov — p. 8
From Concurrent Programs to Simulating Sequential Programs Correctness of a Transformation Conclusion and Future Work Overview of the Transformation II Statements Maintain a program counter ( pct ) for each thread Each statement is simulated by a procedure that Recieves in parameter the thread ( tid ) to execute Executes the same action using simulating variables Updates the program counter April 29 th , 2017 — N. Kosmatov — p. 9
From Concurrent Programs to Simulating Sequential Programs Correctness of a Transformation Conclusion and Future Work Overview of the Transformation III Procedure calls and returns For each procedure p , we add a heap location from ( p ). It records the program point to return to from p . Simulating a call of p 2 from p 1 : Update from ( p 2 ) with the next instruction of p 1 Place the program counter on the first instruction of p 2 Simulating a return from p 2 to p 1 : Put the program counter on the instruction from ( p 2 ) Assumption No recursive call April 29 th , 2017 — N. Kosmatov — p. 10
From Concurrent Programs to Simulating Sequential Programs Correctness of a Transformation Conclusion and Future Work Overview of the Transformation IV Main procedure Initialize program counters Initialize from () for each main procedure Loop until each thread has executed all its instructions: Choose a thread that still has instructions to execute Resolve its program counter Execute the corresponding simulating procedure Assumption Interleaving semantics April 29 th , 2017 — N. Kosmatov — p. 11
From Concurrent Programs to Simulating Sequential Programs Correctness of a Transformation Conclusion and Future Work Statements Simulating conditional sim_1(tid){ Original code ptr := &x ; x := ptr[tid] ; if(x > 0) then if (x > 0) then { p[0] := x ptr := pct ; ptr[tid] := 2 else p[0] := 42 } else { ptr := pct ; ptr[tid] := 4 } } April 29 th , 2017 — N. Kosmatov — p. 12
From Concurrent Programs to Simulating Sequential Programs Correctness of a Transformation Conclusion and Future Work Statements Simulating memory write Original code sim_2(tid){ ptr := &x ; x := ptr[tid] ; if (x > 0) then ptr := &p ; p[0] := x p := ptr[tid] ; else p[0] := x ; p[0] := 42 ptr := pct ; ptr[tid] := 5 } April 29 th , 2017 — N. Kosmatov — p. 13
From Concurrent Programs to Simulating Sequential Programs Correctness of a Transformation Conclusion and Future Work Table of Contents 1 From Concurrent Programs to Simulating Sequential Programs 2 Correctness of a Transformation Bi-simulation Property Equivalence Relations Basic Ideas of the Proof 3 Conclusion and Future Work April 29 th , 2017 — N. Kosmatov — p. 14
From Concurrent Programs to Simulating Sequential Programs Correctness of a Transformation Conclusion and Future Work Bi-simulation Property I Theorem Let prog par be a safe parallel program, prog sim its simulating pro- gram, σ init par (resp. σ init sim ) an initial state of prog par (resp. prog sim ). 1. From σ init sim , we can reach, by the initialization sequence, σ 0 sim equivalent to σ init par . 2. For all σ par reachable from σ init par , there exists an equivalent σ sim reachable from σ 0 sim with an equivalent trace (Forward simulation). 3. For all σ sim reachable from σ 0 sim , there exists an equivalent σ par reachable from σ init par with an equivalent trace (Backward simulation). April 29 th , 2017 — N. Kosmatov — p. 15
From Concurrent Programs to Simulating Sequential Programs Correctness of a Transformation Conclusion and Future Work Bi-simulation Property I Theorem Let prog par be a safe parallel program, prog sim its simulating pro- gram, σ init par (resp. σ init sim ) an initial state of prog par (resp. prog sim ). 1. From σ init sim , we can reach, by the initialization sequence, σ 0 sim equivalent to σ init par . 2. For all σ par reachable from σ init par , there exists an equivalent Initialization establishes equivalence σ sim reachable from σ 0 sim with an equivalent trace (Forward simulation). 3. For all σ sim reachable from σ 0 sim , there exists an equivalent σ par reachable from σ init par with an equivalent trace (Backward simulation). April 29 th , 2017 — N. Kosmatov — p. 15
From Concurrent Programs to Simulating Sequential Programs Correctness of a Transformation Conclusion and Future Work Bi-simulation Property I Theorem Let prog par be a safe parallel program, prog sim its simulating pro- gram, σ init par (resp. σ init sim ) an initial state of prog par (resp. prog sim ). 1. From σ init sim , we can reach, by the initialization sequence, σ 0 sim equivalent to σ init par . 2. For all σ par reachable from σ init par , there exists an equivalent σ sim reachable from σ 0 sim with an equivalent trace (Forward simulation). 3. For all σ sim reachable from σ 0 sim , there exists an equivalent All existing parallel executions are simulated σ par reachable from σ init par with an equivalent trace (Backward simulation). April 29 th , 2017 — N. Kosmatov — p. 15
From Concurrent Programs to Simulating Sequential Programs Correctness of a Transformation Conclusion and Future Work Bi-simulation Property I Theorem Let prog par be a safe parallel program, prog sim its simulating pro- gram, σ init par (resp. σ init sim ) an initial state of prog par (resp. prog sim ). 1. From σ init sim , we can reach, by the initialization sequence, σ 0 sim equivalent to σ init par . 2. For all σ par reachable from σ init par , there exists an equivalent σ sim reachable from σ 0 sim with an equivalent trace (Forward Only existing parallel executions are simulated simulation). 3. For all σ sim reachable from σ 0 sim , there exists an equivalent σ par reachable from σ init par with an equivalent trace (Backward simulation). April 29 th , 2017 — N. Kosmatov — p. 15
Recommend
More recommend