proof spaces for unbounded parallelism
play

Proof Spaces for Unbounded Parallelism Zachary Kincaid University - PowerPoint PPT Presentation

Apr 21, 2023 •310 likes •917 views

Proof Spaces for Unbounded Parallelism Zachary Kincaid University of Toronto January 16, 2015 Joint work with: Azadeh Farzan, University of Toronto Andreas Podelski, University of Freiburg Single template T executed by every thread

  1. Proof Spaces for Unbounded Parallelism Zachary Kincaid University of Toronto January 16, 2015 Joint work with: Azadeh Farzan, University of Toronto Andreas Podelski, University of Freiburg

  2. • Single template T executed by every thread • Goal: prove that a given program is free of (certain types of) errors. Multi-threaded program verification T Property Yes No Verifier Program N times T T T T N Diverge • Unbounded/unknown number of threads • E.g., webservers, computations parallelized over N processors, ...

  3. • Goal: prove that a given program is free of (certain types of) errors. Multi-threaded program verification T Property Yes No Verifier Program N times Diverge • Unbounded/unknown number of threads • E.g., webservers, computations parallelized over N processors, ... • Single template T executed by every thread T N = T ∥ T ∥· · · ∥ T � �� �

  4. Multi-threaded program verification Program T Property Yes No Verifier N times Diverge • Unbounded/unknown number of threads • E.g., webservers, computations parallelized over N processors, ... • Single template T executed by every thread T N = T ∥ T ∥· · · ∥ T � �� � • Goal: prove that a given program is free of (certain types of) errors.

  5. Multi-threaded program verification Program T Property Yes No Verifier N times Diverge • Unbounded/unknown number of threads • E.g., webservers, computations parallelized over N processors, ... • Single template T executed by every thread T N = T ∥ T ∥· · · ∥ T � �� � • Goal: prove that a given program is free of (certain types of) errors.

  6. global t : int // ticket counter global s : int // service counter local m : int // my ticket m := t++ // acquire ticket do { // busy wait } until (m <= s) // critical section s++ // bump service counter init s ≤ t

  7. Proving correctness of a trace of a multi-threaded program is easy. • Re-use sequential verification! Proving correctness of a multi-threaded program is hard. Program is correct each of its traces are correct. ∀ i , j ∈ Thread . pc ( i ) ̸ = init ∧ pc ( j ) ̸ = init ∧ m ( i ) = m ( j ) ⇒ i = j

  8. Proving correctness of a multi-threaded program is hard. Program is correct each of its traces are correct. ∀ i , j ∈ Thread . pc ( i ) ̸ = init ∧ pc ( j ) ̸ = init ∧ m ( i ) = m ( j ) ⇒ i = j Proving correctness of a trace of a multi-threaded program is easy. • Re-use sequential verification!

  9. Proving correctness of a multi-threaded program is hard. ∀ i , j ∈ Thread . pc ( i ) ̸ = init ∧ pc ( j ) ̸ = init ∧ m ( i ) = m ( j ) ⇒ i = j Proving correctness of a trace of a multi-threaded program is easy. • Re-use sequential verification! Program is correct ⇐ ⇒ each of its traces are correct.

  10. Proof Spaces

  11. init m := t++ by construction or approximation of fixpoints. POPL’77. P. Cousot & R. Cousot. Abstract interpretation: a unified lattice model for static analysis of programs T A. Henzinger, R. Jhala, R. Majumdar, K. L. McMillan. Abstractions from proofs. POPL’04 // bump service counter s++ // critical section } until (m <= s) // busy wait do { // acquire ticket // my ticket wait local m : int // service counter global s : int // ticket counter global t : int s++ [m > s] [m <= s] m := t++ exit crit P. Cousot. Abstracting Induction by Extrapolation and Interpolation. VMCAI’15. init s ≤ t

  12. init m := t++ by construction or approximation of fixpoints. POPL’77. P. Cousot & R. Cousot. Abstract interpretation: a unified lattice model for static analysis of programs T A. Henzinger, R. Jhala, R. Majumdar, K. L. McMillan. Abstractions from proofs. POPL’04 // bump service counter s++ // critical section } until (m <= s) // busy wait do { // acquire ticket // my ticket wait local m : int // service counter global s : int // ticket counter global t : int s++ [m > s] [m <= s] m := t++ exit crit P. Cousot. Abstracting Induction by Extrapolation and Interpolation. VMCAI’15. init s ≤ t

  13. init [m <= s] : 1 by construction or approximation of fixpoints. POPL’77. P. Cousot & R. Cousot. Abstract interpretation: a unified lattice model for static analysis of programs T A. Henzinger, R. Jhala, R. Majumdar, K. L. McMillan. Abstractions from proofs. POPL’04 Thread IDs Commands [m <= s] : 2 m := t++ : 2 wait m := t++ : 1 s++ [m > s] [m <= s] m := t++ exit crit P. Cousot. Abstracting Induction by Extrapolation and Interpolation. VMCAI’15. Error trace ∈ (Σ × N ) ∗

  14. Infeasible traces Feasible traces No corresponding executions At least one corresponding execution Error traces Error is reachable! Proof Space

  15. Infeasible traces Feasible traces No corresponding executions At least one corresponding execution Error traces Error is reachable! Proof Space

  16. Infeasible traces Feasible traces No corresponding executions At least one corresponding execution Error traces Error is reachable! Proof Space

  17. Infeasible traces Feasible traces No corresponding executions At least one corresponding execution Error traces Error is reachable! Proof Space

  18. Infeasible traces Feasible traces No corresponding executions At least one corresponding execution Error traces Error is reachable! Proof Space

  19. Infeasible traces Feasible traces No corresponding executions At least one corresponding execution Error traces Error is reachable! Proof Space

  20. Infeasible traces Feasible traces No corresponding executions At least one corresponding execution Error traces Error is reachable! Proof Space

  21. Infeasible traces Feasible traces No corresponding executions At least one corresponding execution Error traces Error is reachable! Proof Space

  22. Infeasible traces Feasible traces No corresponding executions At least one corresponding execution Error traces Error is reachable! Proof Space

  23. Infeasible traces Feasible traces No corresponding executions At least one corresponding execution Error traces Error is reachable! Proof Space

  24. init m by construction or approximation of fixpoints. POPL’77. P. Cousot & R. Cousot. Abstract interpretation: a unified lattice model for static analysis of programs T A. Henzinger, R. Jhala, R. Majumdar, K. L. McMillan. Abstractions from proofs. POPL’04 ... Dual narrowing, Abstract post, Craig interpolation, Intermediate assertions [m <= s] : 2 m m m s [m <= s] : 1 m wait m crit exit m := t++ [m <= s] [m > s] s++ m := t++ : 1 s m m t m := t++ : 2 s P. Cousot. Abstracting Induction by Extrapolation and Interpolation. VMCAI’15. { s ≤ t } { false }

  25. init m := t++ : 1 by construction or approximation of fixpoints. POPL’77. ... Intermediate assertions [m <= s] : 2 wait m := t++ : 2 [m <= s] : 1 m := t++ [m <= s] s++ crit [m > s] exit { s ≤ t } { s ≤ m (1) ∧ m (1) < t } Craig interpolation, 1 { s ≤ m (1) ∧ m (1) < m (2) } Abstract post, 2 Dual narrowing, 3 { s ≤ m (1) ∧ m (1) < m (2) } { false } 1 T A. Henzinger, R. Jhala, R. Majumdar, K. L. McMillan. Abstractions from proofs. POPL’04 2 P. Cousot & R. Cousot. Abstract interpretation: a unified lattice model for static analysis of programs 3 P. Cousot. Abstracting Induction by Extrapolation and Interpolation. VMCAI’15.

  26. “Small theorems” from sequential verifiers m := t++ : 1 m := t++ : 1 m := t++ : 2 [m <= s] : 2 s++ : 1 { s ≤ t } { s ≤ m (1) } { s ≤ m (1) ∧ m (1) < m (2) } { true } { false } { m (1) < t } { s ≤ m (1) ∧ m (1) < m (2) } { m (1) < t } { s ≤ m (2) } { m (1) < m (2) }

  27. Infeasible traces Feasible traces No corresponding executions At least one corresponding execution Error traces Error is reachable! Proof Space

  28. Infeasible traces Feasible traces No corresponding executions At least one corresponding execution Error traces Error is reachable! Proof Space

  29. Sequencing m := t++ : 1 m := t++ : 2 s t m := t++ : 1; m := t++ : 2 m m { s ≤ t } { m (1) < t } { m (1) < t } { m (1) < m (2) }

  30. Sequencing m := t++ : 1 m := t++ : 2 m := t++ : 1; m := t++ : 2 { s ≤ t } { s ≤ t } { m (1) < t } { m (1) < t } { m (1) < m (2) } { m (1) < m (2) }

  31. Symmetry N times [m <= s] : 2 T N = T ∥ T ∥· · · ∥ T � �� � { s ≤ m (1) ∧ m (1) < m (2) } { false }

  32. Symmetry N times [m <= s] : 2 [m <= s] : 1 T N = T ∥ T ∥· · · ∥ T � �� � { s ≤ m (1) ∧ m (1) < m (2) } { s ≤ m (2) ∧ m (2) < m (1) } [1 �→ 2] [2 �→ 1] { false } { false }

  33. Symmetry N times [m <= s] : 2 [m <= s] : 3 T N = T ∥ T ∥· · · ∥ T � �� � { s ≤ m (1) ∧ m (1) < m (2) } { s ≤ m (2) ∧ m (2) < m (3) } [1 �→ 2] [2 �→ 3] { false } { false }

  34. Conjunction m := t++ : 3 m := t++ : 3 m t m t m := t++ : 3 m m m m { m (1) < t } { m (2) < t } { m (1) < m (3) } { m (2) < m (3) }

  35. Conjunction m := t++ : 3 m := t++ : 3 m := t++ : 3 { m (1) < t } { m (2) < t } { m (1) < m (3) } { m (2) < m (3) } { m (1) < t ∧ m (2) < t } { m (1) < m (3) ∧ m (2) < m (3) }

Recommend

Linear structures of continuous, integrable and unbounded functions Pablo Jos e Gerlach Mena

Linear structures of continuous, integrable and unbounded functions Pablo Jos e Gerlach Mena

Previous Concepts Continuous, integrable and unbounded functions Sequence spaces Linear structures of continuous, integrable and unbounded functions Pablo Jos e Gerlach Mena Dpto. An alisis Matem atico Joint work with M.C.

359 views • 31 slides
Pervasive Parallelism Laboratory Stanford University ppl.stanford.edu Make parallelism

Pervasive Parallelism Laboratory Stanford University ppl.stanford.edu Make parallelism

Kunle Olukotun Pervasive Parallelism Laboratory Stanford University ppl.stanford.edu Make parallelism accessible to all programmers Parallelism is not for the average programmer Too difficult to find parallelism, to debug, maintain

593 views • 40 slides
CO444H parallelism Ben Livshits 1 Why Parallelism? One way to speed up a computation is to

CO444H parallelism Ben Livshits 1 Why Parallelism? One way to speed up a computation is to

Loops and CO444H parallelism Ben Livshits 1 Why Parallelism? One way to speed up a computation is to use parallelism. Unfortunately, it is not easy to develop software that can take advantage of parallel machines. Dividing the

659 views • 54 slides
Gromov hyperbolic spaces in proof assistants Sbastien Gouzel CNRS and LMJL, Universit de

Gromov hyperbolic spaces in proof assistants Sbastien Gouzel CNRS and LMJL, Universit de

Gromov hyperbolic spaces in proof assistants Sbastien Gouzel CNRS and LMJL, Universit de Nantes January 6, 2020 S. Gouzel and A. Karlsson, Subadditive and multiplicative ergodic theorems, Journal of the European Mathematical Society , to

774 views • 39 slides
Chapter 17: Parallel Databases Introduction I/O Parallelism Interquery Parallelism

Chapter 17: Parallel Databases Introduction I/O Parallelism Interquery Parallelism

' $ Chapter 17: Parallel Databases Introduction I/O Parallelism Interquery Parallelism Intraquery Parallelism Intraoperation Parallelism Interoperation Parallelism Design of Parallel Systems &amp; % Database Systems

341 views • 21 slides
Proof mining in -trees and hyperbolic spaces Laurent iu Leus tean TU Darmstadt, Germany

Proof mining in -trees and hyperbolic spaces Laurent iu Leus tean TU Darmstadt, Germany

1 Proof mining in -trees and hyperbolic spaces Laurent iu Leus tean TU Darmstadt, Germany and Institute of Mathematics Simion Stoilow of the Romanian Academy

237 views • 22 slides
New (and Old) Proof Systems for Lattice Problems Navid Alamati Chris Peikert Noah

New (and Old) Proof Systems for Lattice Problems Navid Alamati Chris Peikert Noah

New (and Old) Proof Systems for Lattice Problems Navid Alamati Chris Peikert Noah Stephens-Davidowitz PKC 2018 1 / 13 Zero-Knowledge Proofs [GoldwasserMicaliRackoff85] A protocol allowing an unbounded Prover P to convince a skeptical,

960 views • 68 slides
CSCI341 Lecture 37, Introduction to Parallelism PIPELINING Exploits potential parallelism

CSCI341 Lecture 37, Introduction to Parallelism PIPELINING Exploits potential parallelism

CSCI341 Lecture 37, Introduction to Parallelism PIPELINING Exploits potential parallelism among instructions. Instruction-level parallelism INSTRUCTION-LEVEL PARALLELISM Increase depth of pipeline (greater overlap of

646 views • 26 slides
CS 5220: Locality and parallelism in simulations I David Bindel 2017-09-12 1 Parallelism and

CS 5220: Locality and parallelism in simulations I David Bindel 2017-09-12 1 Parallelism and

CS 5220: Locality and parallelism in simulations I David Bindel 2017-09-12 1 Parallelism and locality Real world exhibits parallelism and locality Particles, people, etc function independently Nearby objects interact more strongly

443 views • 25 slides
Plan Parallelism Complexity Measures 1 Multithreaded Parallelism and Performance Measures cilk

Plan Parallelism Complexity Measures 1 Multithreaded Parallelism and Performance Measures cilk

Plan Parallelism Complexity Measures 1 Multithreaded Parallelism and Performance Measures cilk for Loops 2 Marc Moreno Maza Scheduling Theory and Implementation 3 University of Western Ontario, London, Ontario (Canada) Measuring Parallelism

531 views • 16 slides
3515ICT Theory of Computation Some sample proofs 4-0 Proof types 1. Proof

3515ICT Theory of Computation Some sample proofs 4-0 Proof types 1. Proof

Griffith University 3515ICT Theory of Computation Some sample proofs 4-0 Proof types 1. Proof by construction 2. Proof by equivalence 3. Proof by contradiction 4. Proof by case analysis 5. Proof by induction

549 views • 11 slides
Opportunities for Parallelism Dr. Michael K. Bane HIGH END COMPUTE Questions 1. What do you

Opportunities for Parallelism Dr. Michael K. Bane HIGH END COMPUTE Questions 1. What do you

Opportunities for Parallelism Dr. Michael K. Bane HIGH END COMPUTE Questions 1. What do you understand by &quot;parallelism&quot; 2. How/where is parallelism in computers? Parallel / parallelism Concurrent / concurrency Many things

827 views • 27 slides
Chapter 14: Fourier Transforms and Boundary Value Problems in an Unbounded Region Department of

Chapter 14: Fourier Transforms and Boundary Value Problems in an Unbounded Region Department of

Fourier Transforms BVPs in an Unbounded Region Chapter 14: Fourier Transforms and Boundary Value Problems in an Unbounded Region Department of Electrical Engineering National Taiwan University ihwang@ntu.edu.tw December 25, 2013 1 / 27

459 views • 27 slides
Hardware Parallelism vs. Software Parallelism USENIX Workshop on Hot Topics in Parallelism March

Hardware Parallelism vs. Software Parallelism USENIX Workshop on Hot Topics in Parallelism March

Hardware Parallelism vs. Software Parallelism USENIX Workshop on Hot Topics in Parallelism March 30, 2009 Billions of transistors Hardware Parallelism vs. Software Parallelism USENIX Workshop on Hot Topics in Parallelism March 30, 2009 Multicore

469 views • 23 slides
Advanced OpenMP Lecture 6: Nested parallelism Nested parallelism Nested parallelism is

Advanced OpenMP Lecture 6: Nested parallelism Nested parallelism Nested parallelism is

Advanced OpenMP Lecture 6: Nested parallelism Nested parallelism Nested parallelism is supported in OpenMP. If a PARALLEL directive is encountered within another PARALLEL directive, a new team of threads will be created. This is

242 views • 11 slides
Parallelism vs. Concurrency Key concerns Concurrency: Parallelism: Correctly

Parallelism vs. Concurrency Key concerns Concurrency: Parallelism: Correctly

12/9/15 Parallelism vs. Concurrency Key concerns Concurrency: Parallelism: Correctly and efficiently manage Use extra resources to access to shared resources solve a problem

431 views • 3 slides
Instruction-Level Parallelism (ILP) Fine-grained parallelism Obtained by: instruction

Instruction-Level Parallelism (ILP) Fine-grained parallelism Obtained by: instruction

Instruction-Level Parallelism (ILP) Fine-grained parallelism Obtained by: instruction overlap in a pipeline executing instructions in parallel (later, with multiple instruction issue) ILP hindered by: data dependence : arises

340 views • 21 slides
spaces ( SB-CON-&lt;YEAR&gt;-&lt;NUM&gt;/SB-SEM-&lt;YEAR&gt;-&lt;NUM&gt; ) Spaces are directly

spaces ( SB-CON-&lt;YEAR&gt;-&lt;NUM&gt;/SB-SEM-&lt;YEAR&gt;-&lt;NUM&gt; ) Spaces are directly

Two new spaces available inside the SuperB Collaboration Space: Conference Talks Seminars Data dictionary updated to allow numeration schema and category management coherent with other spaces (

565 views • 11 slides
Compiling for Parallelism &amp; Locality Last time SSA and its uses Today

Compiling for Parallelism &amp; Locality Last time SSA and its uses Today

Compiling for Parallelism &amp; Locality Last time SSA and its uses Today Parallelism and locality Data dependences and loops CS553 Lecture Compiling for Parallelism &amp; Locality 1 The Problem: Mapping programs

660 views • 18 slides
Last time Today Next (Midterm) Hash tables Unbounded arrays Implementation Amortized

Last time Today Next (Midterm) Hash tables Unbounded arrays Implementation Amortized

Last time Today Next (Midterm) Hash tables Unbounded arrays Implementation Amortized analysis Stacks Queues Linked Lists Toward unbounded arrays Unsorted Arrays Linked Lists O(1) access Self-resizing PROS Built-in support

405 views • 39 slides
On%perpendicularity % % XXX% %and%a%few%words%about%parallelism,%too%

On%perpendicularity % % XXX% %and%a%few%words%about%parallelism,%too%

Timo%Tossavainen,%%Eger,%July%2013% On%perpendicularity % % XXX% %and%a%few%words%about%parallelism,%too% http://www.youtube.com/watch?v=vnnwfcDcNlY% Teaching)perpendicularity)and) Properties)of)perpendicularity) parallelism) !

588 views • 4 slides
Unit 8: Superscalar Pipelines Then: Static &amp; dynamic scheduling Extract much more

Unit 8: Superscalar Pipelines Then: Static &amp; dynamic scheduling Extract much more

A Key Theme: Parallelism Previously: pipeline-level parallelism Work on execute of one instruction in parallel with decode of next CIS 501: Computer Architecture Next: instruction-level parallelism (ILP) Execute multiple independent

441 views • 7 slides
MLP yes! Definitions ILP no ! MLP ILP = Instruction Level = Memory Level Parallelism Work

MLP yes! Definitions ILP no ! MLP ILP = Instruction Level = Memory Level Parallelism Work

MLP yes! Definitions ILP no ! MLP ILP = Instruction Level = Memory Level Parallelism Work on memory level parallelism. Parallelism IPC metric misleading Stop worrying about IPC. = Number cache misses (Inst. per Clock) simultaneously

407 views • 8 slides
Parallel Models Different ways to exploit parallelism Outline Shared-Variables Parallelism

Parallel Models Different ways to exploit parallelism Outline Shared-Variables Parallelism

Parallel Models Different ways to exploit parallelism Outline Shared-Variables Parallelism threads shared-memory architectures Message-Passing Parallelism processes distributed-memory architectures Practicalities

640 views • 34 slides

More recommend