using abstract interpretation to correct synchronization
play

Using abstract interpretation to correct synchronization faults - PowerPoint PPT Presentation

Sep 03, 2022 •110 likes •578 views

Using abstract interpretation to correct synchronization faults Pietro Ferrara Omer Tripp Peng Liu Eric Koskinen JuliaSoft Google IBM Research Yale University VMCAI 17 January 2017 Concurrency is here to stay. Thread 1 Thread 2

  1. Using abstract interpretation to correct synchronization faults Pietro Ferrara Omer Tripp Peng Liu Eric Koskinen JuliaSoft Google IBM Research Yale University VMCAI · 17 January 2017

  2. Concurrency is here to stay.

  3. … Thread 1 Thread 2 Thread n Queue HashMap List

  4. updateReservation(Slot old_slot, Slot new_slot) : Reservation = { var r = map. remove (old_slot) // remove if exists if (r == null) { Slot Res r = new Res() } 10:00 α val clobbered = map. replace (new_slot, r) return clobbered; 11:00 β } 12:00 γ 13:00 —

  5. updateReservation(Slot old_slot, Slot new_slot) : Reservation = { var r = map. remove (old_slot) // remove if exists if (r == null) { Slot Res r = new Res() } 10:00 α t 1 val clobbered = map. replace (new_slot, r) return clobbered; 11:00 β } t 2 12:00 γ 13:00 —

  6. updateReservation(Slot old_slot, Slot new_slot) : Reservation = { var r = map. remove (old_slot) // remove if exists if (r == null) { Slot Res r = new Res() } 10:00 α t 1 val clobbered = map. replace (new_slot, r) return clobbered; 11:00 β } t 2 12:00 γ t 1 goes first 13:00 — t 2 goes second t 1 : remove (10:00) / α t 2 : remove (13:00) / null t 1 : if (…) t 2 : new Res() / δ t 2 : replace (11:00) / β But returns δ ? Now: 11:00 —> α t 1 : replace (11:00) / δ t 1 : return δ Returns β ? Not serializable! t 2 : return β

  7. updateReservation(Slot old_slot, Slot new_slot) : Reservation = { var r = map. remove (old_slot) // remove if exists if (r == null) { Slot Res r = new Res() } 10:00 α t 1 val clobbered = map. replace (new_slot, r) return clobbered; 11:00 β } t 2 12:00 γ 13:00 — Acceptable Final States: t 1 first, returns β t 2 first, returns β t 2 second, returns α t 1 second, returns δ Slot Res Slot Res 10:00 — 10:00 — 11:00 δ 11:00 α 12:00 γ 12:00 γ 13:00 — 13:00 —

  8. updateReservation(Slot old_slot, Slot new_slot) : Reservation = { var r = map. remove (old_slot) // remove if exists if (r == null) { Slot Res r = new Res() } 10:00 α t 1 val clobbered = map. replace (new_slot, r) return clobbered; 11:00 β } t 2 12:00 γ 13:00 — Existing approaches to enforcing serializability . . .

  9. updateReservation(Slot old_slot, Slot new_slot) : Reservation = { var r = map. remove (old_slot) // remove if exists if (r == null) { Slot Res r = new Res() } t 1 10:00 α t 1 val clobbered = map. replace (new_slot, r) t 1 return clobbered; 11:00 β } t 2 12:00 γ t 2 Pessimistic 13:00 — t 1 : lock (10:00); lock (11:00) t 2 : lock (13:00); t 1 : remove (10:00) / α t 1 : if (…) t 1 : replace (11:00) / β t 1 : return β

  10. updateReservation(Slot old_slot, Slot new_slot) : Reservation = { var r = map. remove (old_slot) // remove if exists if (r == null) { Slot Res r = new Res() } t 1 10:00 α t 1 val clobbered = map. replace (new_slot, r) t 1 return clobbered; 11:00 β } t 2 12:00 γ t 2 Pessimistic 13:00 — t 1 : lock (10:00); lock (11:00) t 2 : lock (13:00); lock (11:00) t 1 : remove (10:00) / α t 1 : if (…) t 1 : replace (11:00) / β t 1 : return β

  11. updateReservation(Slot old_slot, Slot new_slot) : Reservation = { var r = map. remove (old_slot) // remove if exists if (r == null) { r = new Res() } val clobbered = map. replace (new_slot, r) return clobbered; } Pessimistic pessimis,c% remove if replace t 1 % get$ if(…)$ new$ putIfAbsent$ return$ remove new replace t 2 % get$ if(…)$ new$ putIfAbsent$ return$

  12. updateReservation(Slot old_slot, Slot new_slot) : Reservation = { var r = map. remove (old_slot) // remove if exists if (r == null) { r = new Res() } val clobbered = map. replace (new_slot, r) return clobbered; } Optimistic t 1 : remove (10:00) / α t 2 : remove (13:00) / null t 1 : if (…) t 2 : new Res() / δ t 2 : replace (11:00) / β t 1 : replace (11:00) / β t 1 : return β t 2 : return β

  13. updateReservation(Slot old_slot, Slot new_slot) : Reservation = { var r = map. remove (old_slot) // remove if exists if (r == null) { r = new Res() } val clobbered = map. replace (new_slot, r) return clobbered; } Optimistic t 1 : remove (10:00) / α t 2 : remove (13:00) / null t 1 : if (…) t 2 : new Res() / δ t 2 : replace (11:00) / β t 1 : replace (11:00) / β conflict. t 1 : return β t 2 : return β

  14. updateReservation(Slot old_slot, Slot new_slot) : Reservation = { var r = map. remove (old_slot) // remove if exists if (r == null) { r = new Res() } val clobbered = map. replace (new_slot, r) return clobbered; } Optimistic pessimis,c% remove if replace t 1 % get$ if(…)$ new$ putIfAbsent$ return$ remove new replace t 2 % get$ if(…)$ new$ putIfAbsent$ return$ remove if replace op,mis,c% t 1 % get$ if(…)$ new$ putIfAbsent$ return$ t 2 % remove new replace remove new replace get$ if(…)$ new$ putIfAbsent$ get$ if(…)$ new$ putIfAbsent$ return$ retry%

  15. updateReservation(Slot old_slot, Slot new_slot) : Reservation = { var r = map. remove (old_slot) // remove if exists if (r == null) { r = new Res() } val clobbered = map. replace (new_slot, r) return clobbered; } Other options? Perform a correction!

  16. updateReservation(Slot old_slot, Slot new_slot) : Reservation = { var r = map. remove (old_slot) // remove if exists if (r == null) { Slot Res r = new Res() } 10:00 α t 1 val clobbered = map. replace (new_slot, r) return clobbered; 11:00 β } t 2 12:00 γ 13:00 — t 1 : remove (10:00) / α t 2 : remove (13:00) / null t 1 : if (…) t 2 : new Res() / δ t 2 : replace (11:00) / β t 1 : replace (11:00) / δ t 1 : return δ Not serializable! t 2 : return β

  17. updateReservation(Slot old_slot, Slot new_slot) : Reservation = { var r = map. remove (old_slot) // remove if exists if (r == null) { Slot Res r = new Res() } 10:00 α t 1 val clobbered = map. replace (new_slot, r) return clobbered; 11:00 β } t 2 12:00 γ 13:00 —

  18. Serializable Target t 1 first, returns β updateReservation(Slot old_slot, Slot new_slot) : Reservation = { var r = map. remove (old_slot) // remove if exists t 2 second, returns α if (r == null) { Slot Res r = new Res() ♥ Slot Res } 10:00 — val clobbered = map. replace (new_slot, r) 10:00 — δ return clobbered; 11:00 β } 11:00 δ 12:00 γ 12:00 γ 13:00 — 13:00 — t 1 : remove (10:00) / α t 2 : remove (13:00) / null t 1 : if (…) t 2 : new Res() / δ t 2 : replace (11:00) / β α t 1 : replace (11:00) / δ β t 1 : return δ β t 2 : return β α

  19. Serializable Target t 2 first, returns β updateReservation(Slot old_slot, Slot new_slot) : Reservation = { var r = map. remove (old_slot) // remove if exists t 1 second, returns δ if (r == null) { Slot Res r = new Res() ♥ Slot Res } 10:00 — val clobbered = map. replace (new_slot, r) 10:00 — α return clobbered; 11:00 β } 11:00 α 12:00 γ 12:00 γ 13:00 — 13:00 — t 1 : remove (10:00) / α t 2 : remove (13:00) / null t 1 : if (…) t 2 : new Res() / δ t 2 : replace (11:00) / β t 1 : replace (11:00) / δ t 1 : return δ t 2 : return β

  20. updateReservation(Slot old_slot, Slot new_slot) : Reservation = { var r = map. remove (old_slot) // remove if exists if (r == null) { r = new Res() } val clobbered = map. replace (new_slot, r) return clobbered; } Corrective pessimis,c% remove if replace t 1 % get$ if(…)$ new$ putIfAbsent$ return$ remove new replace t 2 % get$ if(…)$ new$ putIfAbsent$ return$ remove if replace op,mis,c% t 1 % get$ if(…)$ new$ putIfAbsent$ return$ t 2 % remove new replace remove new replace get$ if(…)$ new$ putIfAbsent$ get$ if(…)$ new$ putIfAbsent$ return$ retry% remove if replace correc,ve% t 1 % get$ if(…)$ new$ putIfAbsent$ return$ remove new replace t 2 % get$ if(…)$ new$ putIfAbsent$ return$ correct%

  21. remove if replace correc,ve% t 1 % get$ if(…)$ new$ putIfAbsent$ return$ Corrective remove new replace t 2 % get$ if(…)$ new$ putIfAbsent$ return$ correct% Challenges & Contributions • Is this serializable? 
 Yes, we have proved so. • How to compute each thread’s alternative post- states? 
 Via a static abstract interpretation . • Given an incorrect state, how to efficiently recover to a correct post-state? 
 Via a dynamic runtime system .

  22. remove if replace correc,ve% t 1 % get$ if(…)$ new$ putIfAbsent$ return$ Corrective remove new replace t 2 % get$ if(…)$ new$ putIfAbsent$ return$ correct% Formalization Transition System

  23. remove if replace correc,ve% t 1 % get$ if(…)$ new$ putIfAbsent$ return$ Corrective remove new replace t 2 % get$ if(…)$ new$ putIfAbsent$ return$ correct% Formalization Remember where we started t

  24. remove if replace correc,ve% t 1 % get$ if(…)$ new$ putIfAbsent$ return$ Corrective remove new replace t 2 % get$ if(…)$ new$ putIfAbsent$ return$ correct% Formalization Remember the operation that was performed , op t ) L t ' , L t •op t )], σ , L ) Act sort of optimistically: march ahead w local changes

  25. remove if replace correc,ve% t 1 % get$ if(…)$ new$ putIfAbsent$ return$ Corrective remove new replace t 2 % get$ if(…)$ new$ putIfAbsent$ return$ correct% Formalization Parameterize by property of interest (Serializability) , op t ) L t , L t •op t )], σ , L ) Replay the mutations on the shared state

Recommend

Abstract interpretation based Analysis [FPCA 95], Predicate Abstraction [Mannas festschrift

Abstract interpretation based Analysis [FPCA 95], Predicate Abstraction [Mannas festschrift

Abstract interpretation The Verification Grand Challenge - Abstract interpretation is a mathematical theory of - - and Abstract Interpretation sound approximation of properties of formal sys- tems (including program specifications, semantics,

422 views • 10 slides
Correctness of Abstract Interpretation Deepak Dsouza and K. V. Raghavan Summary: What is an

Correctness of Abstract Interpretation Deepak Dsouza and K. V. Raghavan Summary: What is an

Correctness of Abstract Interpretation Deepak Dsouza and K. V. Raghavan Summary: What is an abstract interpretation (AI)? Given: A complete join semi-lattice D . This is the abstract semantic domain. A monotonic

297 views • 25 slides
Abstract Interpretation Harry Xu CS 253/INF 212 Spring 2013 Acknowledgements Many slides in

Abstract Interpretation Harry Xu CS 253/INF 212 Spring 2013 Acknowledgements Many slides in

Abstract Interpretation Harry Xu CS 253/INF 212 Spring 2013 Acknowledgements Many slides in this file were taken from the tutorial slides that Patrick Cousot used in VMCAI05 Abstract Interpretation A theory of sound approximation of

946 views • 92 slides
Ariane 5.01 failure Patriot failure Mars orbiter loss (overflow) (float rounding) (unit error)

Ariane 5.01 failure Patriot failure Mars orbiter loss (overflow) (float rounding) (unit error)

Motivation (1 mn) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Abstract interpretation, reminder (10 mn) . . . . . . . . . . . . . . . . . . 6 Applications of abstract interpretation (2 mn) . . . . . . . . .

876 views • 16 slides
Abstract Interpretation III Semantics and Application to Program Verification Antoine Min e

Abstract Interpretation III Semantics and Application to Program Verification Antoine Min e

Abstract Interpretation III Semantics and Application to Program Verification Antoine Min e Ecole normale sup erieure, Paris year 20152016 Course 12 20 May 2016 Course 12 Abstract Interpretation III Antoine Min e p. 1 / 60

706 views • 67 slides
A Reconstruction of a Types-and-Effects Analysis by Abstract Interpretation Letterio Galletta

A Reconstruction of a Types-and-Effects Analysis by Abstract Interpretation Letterio Galletta

A Reconstruction of a Types-and-Effects Analysis by Abstract Interpretation Letterio Galletta Dipartimento di Informatica - Universit di Pisa 19/09/2012 - ITCTCS 2012 Outline 1 Type and Effect Systems 2 Abstract Interpretation 3

762 views • 24 slides
Tracing Compilation by Abstract Interpretation S. Dissegna, F. Logozzo, F. Ranzato Thophile

Tracing Compilation by Abstract Interpretation S. Dissegna, F. Logozzo, F. Ranzato Thophile

Just-In-Time compilation Study setup Abstract interpretation Correctness proof Tracing Compilation by Abstract Interpretation S. Dissegna, F. Logozzo, F. Ranzato Thophile Bastian March 7, 2018 Slides: https://tiny.tobast.fr/m2-absint-slides

445 views • 16 slides
30 Years of Abstract Interpretation Thomas Jaudon Ball Microsoft Research [This is the text of a

30 Years of Abstract Interpretation Thomas Jaudon Ball Microsoft Research [This is the text of a

30 Years of Abstract Interpretation Thomas Jaudon Ball Microsoft Research [This is the text of a 20 minute talk I gave at the 30 Years of Abstract Interpretation Workshop in San Francisco, California, USA on January 9, 2008. The subsections

196 views • 9 slides
Logical Abstract Interpretation Sumit Gulwani Microsoft Research, Redmond Final Goal of the

Logical Abstract Interpretation Sumit Gulwani Microsoft Research, Redmond Final Goal of the

Logical Abstract Interpretation Sumit Gulwani Microsoft Research, Redmond Final Goal of the class Automatically verify partial correctness of programs like the following using abstract interpretation. Void Init(int* A, int n) { for (i := 0;

908 views • 62 slides
Static Program Analysis Foundations of Abstract Interpretation Sebastian Hack, Christian Hammer,

Static Program Analysis Foundations of Abstract Interpretation Sebastian Hack, Christian Hammer,

Static Program Analysis Foundations of Abstract Interpretation Sebastian Hack, Christian Hammer, Jan Reineke Advanced Lecture, Winter 2014/15 Abstract Interpretation Semantics-based approach to program analysis Framework to develop

487 views • 33 slides
Outline Static Analysis: Overview, Syntactic Analysis and Abstract Interpretation Overview

Outline Static Analysis: Overview, Syntactic Analysis and Abstract Interpretation Overview

Outline Static Analysis: Overview, Syntactic Analysis and Abstract Interpretation Overview TDDC90: Software Security Syntactic Analysis Ahmed Rezine Abstract Interpretation IDA, Linkpings Universitet Hsttermin 2014 Static Program

75 views • 7 slides
Constraints in Abstract Model Checking Direct implementation of an abstract interpretation John

Constraints in Abstract Model Checking Direct implementation of an abstract interpretation John

Constraints in Abstract Model Checking Direct implementation of an abstract interpretation John Gallagher 12 1 Roskilde University 2 IMDEA Software Institute, Madrid CP meets CAV Turun, Turkey John Gallagher Constraints in Abstract Model

375 views • 16 slides
Basic Concepts of Abstract Interpretation Patrick Cousot cole normale suprieure 45

Basic Concepts of Abstract Interpretation Patrick Cousot cole normale suprieure 45

Basic Concepts of Abstract Interpretation Patrick Cousot cole normale suprieure 45 rue dUlm 75230 Paris cedex 05, France Patrick.Cousot@ens.fr www.di.ens.fr/~cousot IFIP WCC Topical day on Abstract Interpretation P.

1.95k views • 183 slides
Abstract Interpretation + Impure Catalysts Our Sparrow Experience YI Jhee, MS Jin, YB Jung, DH

Abstract Interpretation + Impure Catalysts Our Sparrow Experience YI Jhee, MS Jin, YB Jung, DH

Abstract Interpretation + Impure Catalysts Our Sparrow Experience YI Jhee, MS Jin, YB Jung, DH Kim, SH Kong, HJ Lee, HJ Oh, DJ Park, Kwangkeun Yi Programming Research Laboratory Seoul National University Korea 30 Years of Abstract

920 views • 37 slides
Tim e, and the lack thereof Outline Introduction A global notion of the correct time

Tim e, and the lack thereof Outline Introduction A global notion of the correct time

Distributed System s Fall 2 0 0 9 Time and Synchronization Tim e, and the lack thereof Outline Introduction A global notion of the correct time would be tremendously useful. Basic definitions Synchronization algorithms Why?

106 views • 6 slides
A proof - theoretic approach to abstract interpretation Apostolos Tzimoulis joint work with

A proof - theoretic approach to abstract interpretation Apostolos Tzimoulis joint work with

A proof - theoretic approach to abstract interpretation Apostolos Tzimoulis joint work with Vijay DSilva, Alessandra Palmigiano and Caterina Urban (with images from Patrick Cousot) TACL 2017 - Prague A bstract interpretation A bstract

341 views • 14 slides
Evaluation of the Implementation of an Abstract Interpretation Algorithm using Tabled CLP n

Evaluation of the Implementation of an Abstract Interpretation Algorithm using Tabled CLP n

ICLP19 Las Cruces, September 22, 2019 Evaluation of the Implementation of an Abstract Interpretation Algorithm using Tabled CLP n Arias 1 , 2 Manuel Carro 1 , 2 Joaqu 1 IMDEA Software Institute, 2 Universidad Polit ecnica de Madrid

468 views • 42 slides
Second-Order Abstract Interpretation via Kleene Algebra Dexter Kozen Cornell University AVM

Second-Order Abstract Interpretation via Kleene Algebra Dexter Kozen Cornell University AVM

Second-Order Abstract Interpretation via Kleene Algebra Dexter Kozen Cornell University AVM 2015 Attersee, Austria 4 May 2015 Joint work with Lucja Kot CS Department Cornell University Abstract Interpretation Cousot & Cousot 79

737 views • 60 slides
Abstract Interpretation with Applications to Semantics and Static Analysis 1. The

Abstract Interpretation with Applications to Semantics and Static Analysis 1. The

Abstract Interpretation with Applications to Semantics and Static Analysis 1. The Problem: The Design of Safe and Secure Computer- Patrick Cousot cole normale suprieure Based Systems 45 rue dUlm, 75230 Paris cedex 05, France

288 views • 27 slides
Static Analysis: Overview, Syntactic Analysis and Abstract Interpretation TDDC90: Software

Static Analysis: Overview, Syntactic Analysis and Abstract Interpretation TDDC90: Software

Static Analysis: Overview, Syntactic Analysis and Abstract Interpretation TDDC90: Software Security Ahmed Rezine IDA, Linkpings Universitet Hsttermin 2019 Outline Overview Syntactic Analysis Abstract Interpretation Outline Overview

323 views • 28 slides
Kind-AI: When abstract interpretation and SMT-based model-checking meet Pierre-Loc Garoche

Kind-AI: When abstract interpretation and SMT-based model-checking meet Pierre-Loc Garoche

Kind-AI: When abstract interpretation and SMT-based model-checking meet Pierre-Loc Garoche Onera U. of Iowa joint work with T. Kashai and C. Tinelli 04/13/2012 Kind-AI: When abstract interpretation and SMT-based model-checking meet -

652 views • 53 slides
Calculating Graph Algorithms for Dominance and Shortest Path Ilya Sergey Jan Midtgaard

Calculating Graph Algorithms for Dominance and Shortest Path Ilya Sergey Jan Midtgaard

Calculating Graph Algorithms for Dominance and Shortest Path Ilya Sergey Jan Midtgaard Dave Clarke MPC 2012 How to derive two graph algorithms by means of Abstract Interpretation ? Abstract Interpretation Abstract Interpretation

1.27k views • 101 slides
Formalizing CyberPhysical System Model Transformation via Abstract Interpretation Natasha

Formalizing CyberPhysical System Model Transformation via Abstract Interpretation Natasha

Formalizing CyberPhysical System Model Transformation via Abstract Interpretation Natasha Jarus, Sahra Sedigh Sarvestani, and Ali Hurson Department of Electrical and Computer Engineering Missouri University of Science and Technology Rolla,

432 views • 21 slides
25 Years of Abstract Interpretation The German Perspective Andreas Podelski University of

25 Years of Abstract Interpretation The German Perspective Andreas Podelski University of

25 Years of Abstract Interpretation The German Perspective Andreas Podelski University of Freiburg Who? Reinhard Wilhelm Saarbrcken Bernhard Steffen Dortmund Jens Knoop Wien Markus Mller-Olm Mnster Helmut

507 views • 21 slides

More recommend