HELIX: A Case Study of a Formal Verification of High Performance - PowerPoint PPT Presentation

HELIX: A Case Study of a Formal Verification of High Performance Program Generation Vadim Zaliva Franz Franchetti Department of Electrical and Computer Engineering Carnegie Mellon University FHPC’18 Vadim Zaliva, Franz Franchetti (CMU) HELIX: A Case Study of a Formal Verification of High Performance Program Generation FHPC’18 1 / 71

Outline Introduction 1 Motivating Example 2 Chebyshev Distance in HCOL Chebyshev Distance in Σ- HCOL Code Generation HELIX 3 Sparsity Iterative Operators Verification 4 Summary 5 Vadim Zaliva, Franz Franchetti (CMU) HELIX: A Case Study of a Formal Verification of High Performance Program Generation FHPC’18 2 / 71

Introduction Vadim Zaliva, Franz Franchetti (CMU) HELIX: A Case Study of a Formal Verification of High Performance Program Generation FHPC’18 3 / 71

Spiral and HELIX SPIRAL is a program generation system which can generate high-performance implementation for a variety of linear algebra algorithms, such as discrete Fourier transform, discrete cosine transform, convolutions, and the discrete wavelet transform, optimizing for such features of target architecture as multiple cores, single-instruction multiple-data (SIMD) vector instruction sets, and deep memory hierarchies. It is developed by interdisciplinary team from CMU, ETH Zurich, Drexel, UIUC, and industry collaborators. HELIX is a CMU research project to bring the rigor of formal verification to SPIRAL. Vadim Zaliva, Franz Franchetti (CMU) HELIX: A Case Study of a Formal Verification of High Performance Program Generation FHPC’18 5 / 71

Ы Real-life Use-Case (Cyber-physical System) Safety Model constraint TRACE 1 .�rule�OLCompose_Assoc SPIRAL HELIX 2.�rule�PointWise_ISumUnion 3.�rule Reduction_ISumReduction Code Proofs Code 4.�rule�ISumXXX_YYY C�Program LLVM�IR 5.�rule�OLCompose_Assoc _ScatHUnion store�float*�%Y,�float**�%193,�align�8 store�float*�%X,�float**�%194,�align�8 C�Compiler Code�(LLVM) %1�=�load�float*,�float**�%194,�align�8 %2�=�bitcast�float*�%1�to�<4�x�float>* Proofs�(VELLVM) store�<4�x�float>*�%2,�<4�x�float>** %a45,�align�8 %3�=�load�<4�x�float>* HA Robot Vadim Zaliva, Franz Franchetti (CMU) HELIX: A Case Study of a Formal Verification of High Performance Program Generation FHPC’18 6 / 71

Motivating Example Vadim Zaliva, Franz Franchetti (CMU) HELIX: A Case Study of a Formal Verification of High Performance Program Generation FHPC’18 7 / 71

Motivating Example Chebyshev distance As an example, we consider the Chebyshev distance , which is a metric defined on a vector space, induced by the infinity norm: d ∞ : R n × R n → R with a , � a − � d ∞ ( � b ) = || � b || ∞ Infinity norm The infinity norm is a vector norm of a vector defined as: || · || ∞ : R n → R with || � x || ∞ = max | � x i | i Vadim Zaliva, Franz Franchetti (CMU) HELIX: A Case Study of a Formal Verification of High Performance Program Generation FHPC’18 8 / 71

Chebyshev Distance in HCOL HCOL operators are unary functions on real-valued finite-dimensional vectors. The scalar values are represented as single element vectors ( R ∼ = R 1 ), and tuples of vectors are flattened ( R m × R n ∼ = R m + n ). The Chebyshev distance and the infinity norm HCOL operators have the following types: ChebyshevDist : R 2 n → R 1 InfinityNorm : R n → R 1 Vadim Zaliva, Franz Franchetti (CMU) HELIX: A Case Study of a Formal Verification of High Performance Program Generation FHPC’18 9 / 71

Some basic HCOL operators Three more HCOL operators correspond to common functional programming primitives: fold , map , and zipWith : Reduce f , z : R n → R 1 Map f : R n → R n Binop f : R 2 n → R n HCOL operators can be combined using functional composition, for which we will use infix notation: A ◦ B . Vadim Zaliva, Franz Franchetti (CMU) HELIX: A Case Study of a Formal Verification of High Performance Program Generation FHPC’18 10 / 71

Chebyshev distance breakdown in HCOL We can write an HCOL expression for the Chebyshev distance as a composition of an InfinityNorm operator and an element-wise vector subtraction, expressed as Binop parameterized by a binary subtraction function ( sub : R → R → R ): ChebyshevDist = InfinityNorm ◦ Binop sub In turn, an infinity norm can be broken down further into simpler operators resulting in the final HCOL expression for Chebyshev distance: ChebyshevDist = Reduce max , 0 ◦ Map abs ◦ Binop sub Vadim Zaliva, Franz Franchetti (CMU) HELIX: A Case Study of a Formal Verification of High Performance Program Generation FHPC’18 11 / 71

From HCOL to Σ- HCOL Most vector and matrix operations can be expressed as iterative computations on their elements. To generate efficient machine code for such computations, we transform our expressions into a form where these iterations will become explicit. For that, we extend the HCOL language in the following ways: 1 Iterative operators 2 Sparse vector data type We will call such language Σ- HCOL . In the next slides we will show simple example to demonstrate how sparsity and iterative operators interact. Vadim Zaliva, Franz Franchetti (CMU) HELIX: A Case Study of a Formal Verification of High Performance Program Generation FHPC’18 12 / 71

Map as iterative sum HCOL operator Map performs pointwise application of a function f : R → R to all elements of vector a . It could be represented as an iterative sum: a 0 f (a ) 0 0 0 f (a ) 0 0 a 0 f (a ) 0 0 f (a ) 1 1 1 Map f = + + + = a 0 0 f (a ) 0 f (a ) 2 2 2 a 0 0 0 f (a ) f (a ) 3 3 3 Which roughly corresponds to the following loop: f o r ( i =0; i < 4; i++) f ( s r c+i , dst+i ) ; Which requires 4 iterations. Vadim Zaliva, Franz Franchetti (CMU) HELIX: A Case Study of a Formal Verification of High Performance Program Generation FHPC’18 13 / 71

Pointwise as a vectorized iterative sum If we have a vectorized implementation of f with type f : R 2 → R 2 the sum will look like: a 0 f (a ) 0 f (a ) 0 0 a f (a ) 0 f (a ) 1 1 1 Map f = + = a 0 f (a ) f (a ) 2 2 2 a 0 f (a ) f (a ) 3 3 3 Which roughly corresponds to the following loop: f o r ( i =0; i < 2; i++) f ( s r c +2 ∗ i , dst+2 ∗ i ) ; Which now requires only 2 iterations. Vadim Zaliva, Franz Franchetti (CMU) HELIX: A Case Study of a Formal Verification of High Performance Program Generation FHPC’18 14 / 71

Lifting scalar functions We use notation � · � for the HCOL atomic operator, which lifts real-valued scalar functions to HCOL operators. f x 0 f(x ) 0 Input Output When lifting functions of multiple arguments, they are uncurried and their arguments are flattened into a vector. Thus, f : R → R is directly lifted to � f � : R 1 → R 1 , but g : R → R → R becomes � g � : R 2 → R 1 . Vadim Zaliva, Franz Franchetti (CMU) HELIX: A Case Study of a Formal Verification of High Performance Program Generation FHPC’18 15 / 71

Embedding and picking The Embed operator takes an element from a single-element vector and puts it at a specific index in a sparse vector of given length. The Pick operator does the opposite: it selects an element from the input vector at the given index and returns it as a single element vector: Embed n , i : R 1 → R n Pick i : R n → R 1 y x 0 0 1 1 2 2 x y 3 3 . 0 . 0 . . Input Output . . . . n-1 n-1 Output Input Vadim Zaliva, Franz Franchetti (CMU) HELIX: A Case Study of a Formal Verification of High Performance Program Generation FHPC’18 16 / 71

Index mapping functions An index mapping function f has domain of natural numbers N in interval [0 , m ) (denoted as I m ) and the codomain of N in interval [0 , n ) (denoted as I n ): f m → n : I m → I n Such function could be used to establish relation between indices of two vectors with respective sizes m and n . 0 0 1 1 f 4 =1 ) 2 2 ( 3 3 4 4 ... ... n-1 m-1 Vadim Zaliva, Franz Franchetti (CMU) HELIX: A Case Study of a Formal Verification of High Performance Program Generation FHPC’18 17 / 71

Families of Index Mapping Functions Function families We define a family f of k index mapping functions as: f j m → n : I m → I n ∀ j < k , –jections The family is called injective if it satisfies: ∀ n , ∀ m , ∀ i , ∀ j , f n ( i ) = f m ( j ) = ⇒ ( i = j ) ∧ ( n = m ) . The family is called surjective if it satisfies: ∀ j , ∃ n , ∃ i , f n ( i ) = j . The family is called bijective if it is both injective and surjective . Vadim Zaliva, Franz Franchetti (CMU) HELIX: A Case Study of a Formal Verification of High Performance Program Generation FHPC’18 18 / 71

Generalizing Embed as Scatter operator Given an injective index mapping function f n → m the scatter operator Scat f : R n → R m is defined as: � x i ∃ j < N , j = f ( i ) , y = Scat f ( x ) ⇐ ⇒ ∀ i < n , y j = θ otherwise . y x f(0) 0 0 1 f(1) 1 2 f(2) 2 3 . 3 � . � � � � � � . � � f(n-1) n-1 � Input m-1 Output Function f must be injective . That ensures that every output vector element is assigned exactly once. Additionally, if f is bijective it is a permutation . Vadim Zaliva, Franz Franchetti (CMU) HELIX: A Case Study of a Formal Verification of High Performance Program Generation FHPC’18 19 / 71