verifying concurrent programs
play

Verifying Concurrent Programs (Tutorial) Aarti Gupta Systems - PowerPoint PPT Presentation

Mar 30, 2024 •249 likes •982 views

Verifying Concurrent Programs (Tutorial) Aarti Gupta Systems Analysis & Verification Group NEC Labs America, Princeton, USA www.nec-labs.com Tutorial: Verifying Concurrent Programs Oct 2011 Acknowledgements Malay Ganai, Vineet

  1. Verifying Concurrent Programs (Tutorial) Aarti Gupta Systems Analysis & Verification Group NEC Labs America, Princeton, USA www.nec-labs.com Tutorial: Verifying Concurrent Programs Oct 2011

  2. Acknowledgements  Malay Ganai, Vineet Kahlon, Nishant Sinha*, Chao Wang* (NEC Labs)  Akash Lal (MSR, India)  Madanlal Musuvathi (MSR)  Antoine Miné (CNRS)  Kedar Namjoshi (Alcatel-Lucent)  Andrey Rybalchenko, Ashutosh Gupta, Corneliu Poppea (TU Munich), Alexander Malkis (Imdea)  Arnab Sinha (Princeton University)  Tayssir Touili (LIAFA)  Thomas Wahl (Northeastern University) Tutorial: Verifying Concurrent Programs 2 Oct 2011

  3. Motivation  Key Computing Trends  Parallel/Multi-threaded Programming – Difficult to get right • Dependencies due to shared data • Subtle effects of synchronizations • Often manually parallelized – Difficult to debug Mobile Server Gaming • too many interleavings of threads • hard to reproduce bugs High Performance, Low Power – Single core solutions don’t work Thread 1 Thread 2 Thread 3 Thread 1 Thread 2 – Multi-core platforms – Need parallel, multi-threaded Thread 2 Thread 1 Thread 3 Thread 1 Thread 2 programming Thread 2 Thread 3 Thread 2 Thread 1 Thread 1 Data centers, Cloud platforms – Distributed, networked systems Tutorial: Verifying Concurrent Programs 3 Oct 2011

  4. What will I (try to) cover?  Basic elements – Model of concurrency • Asynchronous interleaving model (unlike synchronous hardware) • Explosion in interleavings – Synchronization & Communication (S&C) • Shared variables: between threads or shared memory for processes • Locks, semaphores: for critical sections, producer/consumer scenarios • Atomic blocks: for expressing atomicity (non-interference) • Pair-wise rendezvous • Asynchronous rendezvous • Broadcast: one-to-many communication – On top of other features of sequential programs • Recursive procedures, Loops, Heaps, Pointers, Objects, … • (Orthogonal concerns and techniques)  Will cover Static and Dynamic verification techniques Tutorial: Verifying Concurrent Programs 4 Oct 2011

  5. What I will not be able to cover  Active topics of research (but out of scope here) – Parallel programs: Message-passing (e.g. MPI libraries), HPC applications – Synthesis/Optimization of locks/synchronizations for performance – Memory models: Relaxed memory models (e.g.TSO), Transactional memories – Object-based verification: Linearizability checking – Concurrent data structures/libraries: Lock-free structures – Separation logic: pointers & heaps, local reasoning – Theorem- proving , type analysis, runtime monitoring … Tutorial: Verifying Concurrent Programs 5 Oct 2011

  6. Models for Verifying Concurrent Programs  Finite state systems – Asynchronous composition, S&C (including buffers/channels for messages), but no recursion – Setting: Inline procedures up to some bound to get finite models – Techniques: Bounded analysis (e.g. dynamic analysis, BMC)  Sequential programs – Recursive procedures and other features, but no S&C and no interleavings – Setting: Add support for S&C and interleavings (thread interference) – Techniques: Bounded as well as unbounded analysis  Pushdown system models – Stack of a pushdown system (PDS) models recursion, finite control, data is finite or infinite (with abstractions) – Setting: Consider interacting PDSs with various S&C – Techniques: PDS-based model checking Tutorial: Verifying Concurrent Programs 6 Oct 2011

  7. Outline  Introduction  PDS-based Model Checking – Theoretical results  Static Verification Methods – Reduction: Partial order reduction, Symmetry – Bounding: Context-bounded analysis, Memory Consistency-based analysis – Program Abstraction: Static analysis, Thread-modular reasoning  Dynamic Verification Methods – Preemptive context bounding – Predictive analysis – Coverage-guided systematic testing  Conclusions Tutorial: Verifying Concurrent Programs 7 Oct 2011

  8. Pushdown System (PDS) Model  Each thread is modeled as a PDS: – Finite Control : models control flow in a thread (data is abstracted) – Stack : models recursion, i.e., function calls and returns  PDS Example: States: {s,t,u,v} Stack Symbols: {A,B,C,D} Transition Rules: <s,A>  < t, e > <s,A>  < t, B > <s,A>  < t, C B > PDS1 If the state is s, and A is the symbol at the top of the stack, then transit to state t, pop A, and push B, C on the stack Tutorial: Verifying Concurrent Programs 8 Oct 2011

  9. PDS-based Model Checking  Close relationship between Data Flow Analysis for sequential programs and the model checking problem for Pushdown Systems (PDS) – The set of configurations satisfying a given property is regular – Has been applied to verification of sequential Boolean programs [Bouajjani et al ., Walukeiwicz, Esparza et al. ]  Analogous to the sequential case, dataflow analysis for concurrent program reduces to the model checking problem for interacting PDSs  Problems of Interest: To study multi-PDSs interacting via the standard synchronization primitives – Locks – Pairwise and Asynchronous Rendezvous – Broadcasts Tutorial: Verifying Concurrent Programs 9 Oct 2011

  10. Interacting PDSs  Problem: For multi-PDS systems, the set of configurations satisfying a given property is not regular, in general  Strategy: exploit the situations where PDSs are loosely coupled PDS1 PDS2 Automaton B capturing Automaton A capturing locally reachable (A, B) locally reachable configurations of PDS2 configurations of PDS1 Key Challenge Capture interaction based on synchronization patterns Tutorial: Verifying Concurrent Programs 10 Oct 2011

  11. Capturing Interaction in presence of Synchronizations  Key primitive: Static Reachability – A global control state t is statically reachable from state s if there exists a computation from s to t that respects the constraints imposed by synchronization primitives, e.g., locks, wait/notifies, …  However, static reachability is undecidable – for pairwise rendezvous [Ramalingam 00] – for arbitrary lock accesses [Kahlon et al. 05] – Undecidability hinges on a close interaction between synchronization and recursion – (Note: Even for finite data abstractions)  Strategies to get around this undecidability – Special cases of programming patterns: Nested Locks, Bounded Lock Chains – Place restrictions on synchronization and communication (S&C) Tutorial: Verifying Concurrent Programs 11 Oct 2011

  12. Programming Pattern: Nested Locks Nested Locks: Along every computation, each thread can only release that lock which it acquired last, and that has not yet been released  Example: f( ) { g( ){ h( ){ acquire(b) ; acquire(a); acquire(c); g ( ); release(a); release(b); // h ( ); release(b); } f calls g: nested locks release(c); acquire(c); f calls h: non-nested locks } }  Programming guidelines typically recommend that programmers use locks in a nested fashion  Multiple locks are enforced to be nested in Java 1.4 and C# Tutorial: Verifying Concurrent Programs 12 Oct 2011

  13. Programming Pattern: Lock Chains  Lock Chains  Nested Locks: Chains of length one  Most lock usage is nested  Non-nested usage occurs in niche applications, often bounded chains – Serialization, e.g. 2-phase commit protocol uses chains of length 2 – Interaction of mutexes with synchronization primitives like wait/notify – Traversal of shared data structures, e.g. length of a statically-allocated array Tutorial: Verifying Concurrent Programs 13 Oct 2011

  14. Interacting PDSs with Locks PDS1 PDS2 (A, B) Key Challenge: Capture interaction based on synchronization patterns General Problem for arbitrary lock patterns: Undecidable [Kahlon et al. CAV 2005] For nested locks and bounded lock chains: Decidable [POPL 07,LICS 09,CONCUR 11] • Tracks lock access patterns thread-locally as regular automata • Incorporates a consistency check in the acceptance condition Tutorial: Verifying Concurrent Programs 14 Oct 2011

  15. Restrict Synchronization & Communication: Example Reachability is decidable for PDS Networks with: [Atig et al. 08] - acyclic communication graph - lossy FIFO channels Tutorial: Verifying Concurrent Programs 15 Oct 2011

  16. PDS-based Model Checking: Summary Reachability Problem  Undecidable for Pairwise Rendezvous [Ramalingam 00]  Undecidable for PDSs interacting via Locks [ Kahlon et al. CAV 05]  Decidable for PDSs interacting via Nested Locks [ Kahlon et al. CAV 05]  Decidable for PDSs interacting via Bounded Lock Chains [Kahlon LICS 09, CONCUR 11] Reachability/Model Checking is Decidable under Other Restrictions – Constrained Dynamic Pushdown Networks [Bouajjani et al . TACAS 07] – Asynchronous Dynamic Pushdown Network [Bouajjani et al . FSTTCS 05] – Reachability of Acyclic Networks of Pushdown Systems [Atig et al. CONCUR 08] – Context-bounded analysis for concurrent programs with dynamic creation of threads [Atig et al. TACAS 09] Tutorial: Verifying Concurrent Programs 16 Oct 2011

Recommend

Verifying Concurrent Programs Daniel Kroening 28 May 1 June 2012 Outline Shared-Variable

Verifying Concurrent Programs Daniel Kroening 28 May 1 June 2012 Outline Shared-Variable

Verifying Concurrent Programs Daniel Kroening 28 May 1 June 2012 Outline Shared-Variable Concurrency Predicate Abstraction for Concurrent Programs Boolean Programs with Bounded Replication Boolean Programs with Unbounded Replication D.

774 views • 50 slides
The Benefits of Duality in Verifying Concurrent Programs under TSO Parosh Aziz Abdulla 1 Ahmed

The Benefits of Duality in Verifying Concurrent Programs under TSO Parosh Aziz Abdulla 1 Ahmed

The Benefits of Duality in Verifying Concurrent Programs under TSO Parosh Aziz Abdulla 1 Ahmed Bouajjani 2 Mohamed Faouzi Atig 1 Tuan Phong Ngo 1 1 Uppsala University 2 IRIF, Universit Paris Diderot &amp; IUF CONCUR 2016 1 Motivation

1.66k views • 118 slides
Verifying Concurrent Programs using Contracts Ricardo J. Dias, Carla Ferreira, Jan Fiedor, Jo

Verifying Concurrent Programs using Contracts Ricardo J. Dias, Carla Ferreira, Jan Fiedor, Jo

Verifying Concurrent Programs using Contracts Ricardo J. Dias, Carla Ferreira, Jan Fiedor, Jo ao M. Lourenc o, Ale s Smr cka, Diogo G. Sousa, Tom a s Vojnar Brno University of Technology (BUT) Universidade Nova de Lisboa (UNL)

1.54k views • 125 slides
Specifying and Verifying Concurrent Algorithms with Histories and Subjectivity Ilya

Specifying and Verifying Concurrent Algorithms with Histories and Subjectivity Ilya

Specifying and Verifying Concurrent Algorithms with Histories and Subjectivity Ilya Sergey Aleks Nanevski Anindya Banerjee ESOP 2015 A logic-based approach for Specifying and Verifying Concurrent Algorithms An

2.36k views • 186 slides
SteelCore: An Extensible Concurrent Separation Logic for Effectful Dependent Programs Nikhil

SteelCore: An Extensible Concurrent Separation Logic for Effectful Dependent Programs Nikhil

SteelCore: An Extensible Concurrent Separation Logic for Effectful Dependent Programs Nikhil Swamy, Aseem Rastogi, Aymeric Fromherz , Denis Merigoux, Danel Ahman, Guido Martinez ICFP 2020 1/12 Verifying Concurrent Programs Lots of recent work

556 views • 37 slides
Verifying Concurrent ML programs a research proposal Gergely Buday Eszterhzy Kroly

Verifying Concurrent ML programs a research proposal Gergely Buday Eszterhzy Kroly

Verifying Concurrent ML programs a research proposal Gergely Buday Eszterhzy Kroly University Gyngys, Hungary Synchron 2016 Bamberg December 2016 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

486 views • 25 slides
Parallel Analysis of Parallelism Verifying Concurrent Software System Designs Using GPUs GTC

Parallel Analysis of Parallelism Verifying Concurrent Software System Designs Using GPUs GTC

Parallel Analysis of Parallelism Verifying Concurrent Software System Designs Using GPUs GTC 2015 Anton Wijs Correctness of Concurrent Systems Distributed, concurrent systems common-place, but very

633 views • 52 slides
Verifying concurrent software using movers in CSPEC Tej Chajed , Frans Kaashoek, Butler Lampson*,

Verifying concurrent software using movers in CSPEC Tej Chajed , Frans Kaashoek, Butler Lampson*,

Verifying concurrent software using movers in CSPEC Tej Chajed , Frans Kaashoek, Butler Lampson*, Nickolai Zeldovich MIT CSAIL and *Microsoft Concurrent software is difficult to get right Programmer cannot reason about code in sequence 2

1.2k views • 72 slides
VCC: A Practical System for Verifying Concurrent C Ernie Cohen 1 , Markus Dahlweid 2 , Mark

VCC: A Practical System for Verifying Concurrent C Ernie Cohen 1 , Markus Dahlweid 2 , Mark

VCC: A Practical System for Verifying Concurrent C Ernie Cohen 1 , Markus Dahlweid 2 , Mark Hillebrand 3 , Dirk Leinenbach 3 , Michal Moskal 2 , Thomas Santen 2 , Wolfram Schulte 4 and Stephan Tobies 2 1 Microsoft Corporation, Redmond, WA, USA 2

553 views • 27 slides
From Concurrent Programs to Simulating Sequential Programs: Correctness of a Transformation VPT

From Concurrent Programs to Simulating Sequential Programs: Correctness of a Transformation VPT

From Concurrent Programs to Simulating Sequential Programs: Correctness of a Transformation VPT 2017 Allan Blanchard, Fr ed eric Loulergue, Nikolai Kosmatov April 29 th , 2017 From Concurrent Programs to Simulating Sequential Programs

488 views • 37 slides
+ The HARPO Verifier Status 2018 October 15 Verifying the Correctness of HARPO Programs 1

+ The HARPO Verifier Status 2018 October 15 Verifying the Correctness of HARPO Programs 1

+ The HARPO Verifier Status 2018 October 15 Verifying the Correctness of HARPO Programs 1 Verifying the Correctness of HARPO Programs Presented at NECEC 2018, St. Johns NL Inaam Ahmed Computer Engineering Research Labs, Dept. ECE, MUN

492 views • 23 slides
Concurrent Datatype Verification Verifying lock free data types using CSP and FDR Jonathan

Concurrent Datatype Verification Verifying lock free data types using CSP and FDR Jonathan

Concurrent Datatype Verification 01 Concurrent Datatype Verification Verifying lock free data types using CSP and FDR Jonathan Lawrence jonathan.lawrence@cs.ox.ac.uk Concurrent Datatype Verification 02 Introduction Case study using

618 views • 27 slides
Verifying a Concurrent Garbage Collector Delphine Demange Suresh Jagannathan Gustavo Petri

Verifying a Concurrent Garbage Collector Delphine Demange Suresh Jagannathan Gustavo Petri

Verifying a Concurrent Garbage Collector Delphine Demange Suresh Jagannathan Gustavo Petri David Pichardie Jan Vitek Yannick Zakowski Why are high level languages difficult to compile? Easy to compile in C Obj.f := v What about Java? A

1.17k views • 73 slides
Verifying that a compiler preserves concurrent value-dependent information-flow security Robert

Verifying that a compiler preserves concurrent value-dependent information-flow security Robert

Verifying that a compiler preserves concurrent value-dependent information-flow security Robert Sison (UNSW Sydney, Data61) and Toby Murray (University of Melbourne) September 2019 THE UNIVERSITY OF NEW SOUTH WALES www.data61.csiro.au So

1.94k views • 156 slides
Verifying concurrent Go code in Coq with Goose Tej Chajed , Joseph Tassarotti*, Frans Kaashoek,

Verifying concurrent Go code in Coq with Goose Tej Chajed , Joseph Tassarotti*, Frans Kaashoek,

Verifying concurrent Go code in Coq with Goose Tej Chajed , Joseph Tassarotti*, Frans Kaashoek, Nickolai Zeldovich MIT and *Boston College Systems verification, broadly impl proof specification 2 Systems verification requires connecting

859 views • 48 slides
Verifying concurrent, crash-safe systems with Perennial Tej Chajed , Joseph Tassarotti*, Frans

Verifying concurrent, crash-safe systems with Perennial Tej Chajed , Joseph Tassarotti*, Frans

Verifying concurrent, crash-safe systems with Perennial Tej Chajed , Joseph Tassarotti*, Frans Kaashoek, Nickolai Zeldovich MIT and *Boston College Many systems need concurrency and crash safety Examples: file systems, databases, and key-value

852 views • 46 slides
Testing and Verifying Atomicity of Composed Concurrent Operations Ohad Shacham Tel Aviv

Testing and Verifying Atomicity of Composed Concurrent Operations Ohad Shacham Tel Aviv

Testing and Verifying Atomicity of Composed Concurrent Operations Ohad Shacham Tel Aviv University Nathan Bronson Stanford University Alex Aiken Stanford University Mooly Sagiv Tel Aviv University Martin Vechev ETH Eran Yahav Technion

458 views • 35 slides
Verifying Distributed Programs via Canonical Sequentialization Klaus von Gleissenthall Joint

Verifying Distributed Programs via Canonical Sequentialization Klaus von Gleissenthall Joint

Verifying Distributed Programs via Canonical Sequentialization Klaus von Gleissenthall Joint work with Alexander Bakst, Ranjit Jhala and Rami Gkhan Kc 1 Writing distributed programs A bug appears Issue: random hangs / deadlock in

809 views • 79 slides
Verifying functional correctness of message-passing programs in Coq Robbert Krebbers, TU Delft

Verifying functional correctness of message-passing programs in Coq Robbert Krebbers, TU Delft

Verifying functional correctness of message-passing programs in Coq Robbert Krebbers, TU Delft Joint work with Jonas Kastberg Hinrichsen, ITU Jesper Bengtson, ITU 4 June 2020 @ VEST Workshop, Online 1 Type checking message-passing programs

601 views • 25 slides
Computational Logic Concurrent (Constraint) Logic Programming 1 Concurrent Logic Programs

Computational Logic Concurrent (Constraint) Logic Programming 1 Concurrent Logic Programs

Computational Logic Concurrent (Constraint) Logic Programming 1 Concurrent Logic Programs Predicate: Set of clauses Clause: Head :- Guard | Body. Head is an atom Guard and Body are conjunctions of atoms Resolvent: Set of goals

623 views • 28 slides
Java Concurrency 1 Shell CSCE 314 TAMU The World is Concurrent Concurrent programs: more than

Java Concurrency 1 Shell CSCE 314 TAMU The World is Concurrent Concurrent programs: more than

Shell CSCE 314 TAMU CSCE 314: Programming Languages Dr. Dylan Shell Java Concurrency 1 Shell CSCE 314 TAMU The World is Concurrent Concurrent programs: more than one activities execute simultaneously (concurrently) no interference

518 views • 35 slides
On Congruence Property of Scope Equivalence for Concurrent Programs with Higher-Order

On Congruence Property of Scope Equivalence for Concurrent Programs with Higher-Order

On Congruence Property of Scope Equivalence for Concurrent Programs with Higher-Order Communication Masaki Murakami Okayama University JAPAN A Formal Model of Concurrent Systems the model presented here is a translation of asynchronous

847 views • 31 slides
Verifying Safety and Accuracy of Approximate Parallel Programs via Canonical Sequentialization

Verifying Safety and Accuracy of Approximate Parallel Programs via Canonical Sequentialization

Verifying Safety and Accuracy of Approximate Parallel Programs via Canonical Sequentialization Vimuth Fernando , Keyur Joshi, Sasa Misailovic University of Illinois at Urbana-Champaign CCF-1629431 CCF-1703637 CCF-1846354 Compression

665 views • 63 slides
Lecture 2: Verification of Concurrent Programs Part 2: Under Approximate Analysis Ahmed

Lecture 2: Verification of Concurrent Programs Part 2: Under Approximate Analysis Ahmed

Lecture 2: Verification of Concurrent Programs Part 2: Under Approximate Analysis Ahmed Bouajjani LIAFA, University Paris Diderot Paris 7 VTSA, MPI-Saarbr ucken, September 2012 A. Bouajjani (LIAFA, UP7) Lecture 2: Concurrent Programs

654 views • 47 slides

More recommend