Thread Quantification for Concurrent Shape Analysis - PowerPoint PPT Presentation

1 / 45
About This Presentation
Title:

Thread Quantification for Concurrent Shape Analysis

Description:

Thread Quantification for Concurrent Shape Analysis Josh Berdine MSR Cambridge Tal Lev-Ami Tel Aviv University Roman Manevich Tel Aviv University – PowerPoint PPT presentation

Number of Views:95
Avg rating:3.0/5.0
Slides: 46
Provided by: RomanMa5
Category:

less

Transcript and Presenter's Notes

Title: Thread Quantification for Concurrent Shape Analysis


1
Thread Quantificationfor Concurrent Shape
Analysis
Josh Berdine MSR CambridgeTal Lev-Ami Tel
Aviv UniversityRoman Manevich Tel Aviv
UniversityMooly Sagiv Tel Aviv
UniversityGanesan Ramalingam MSR India
2
Non-blocking stack Treiber,86
void push(Stack S, data_type v) 1
Node x alloc(sizeof(Node))2 x-gtd
v3 do 4 Node t S-gtTop5
x-gtn t6 while
(!CAS(S-gtTop,t,x))7
x points to valid memory?does list remain
acyclic?
  • ? Automatic proof of linearizabilityfor an
    unbounded number of threads

data_type pop(Stack S)8 do 9
Node t S-gtTop10 if (t
NULL)11 return EMPTY12
Node s t-gtn13 data_type r
t-gtd14 while (!CAS(S-gtTop,t,s))15
return r16
stack linearizable?
benign data races
3
Linearizability Herlihy and Wing, TOPLAS'90
  • Linearizable data structure
  • Sequential specification defines legal sequential
    executions
  • Concurrent operations allowed to be interleaved
  • Operations appear to execute atomically
  • External observer gets the illusion that each
    operation takes effect instantaneously at some
    point between its invocation and its response

First Out
Last In
4
Non-linearizable pairs stack
void push2(Stack S, data_type v1, data_type
v2) push(s, v1) push(s, v2)
void pop2(Stack S, data_type v1, data_type
v2) v2 pop(s) v1 pop(s)
time
illegal sequential execution
5
Non-linearizable pairs stack
void push2(Stack S, data_type v1, data_type
v2) push(s, v1) push(s, v2)
void pop2(Stack S, data_type v1, data_type
v2) v2 pop(s) v1 pop(s)
time
illegal sequential execution
6
Main results
  • New parametric shape analysis
  • Universally quantified shape abstractions
  • Extra level of quantification over shape
    abstraction
  • Fine-grained concurrency
  • Unbounded number of threads
  • Thread-modular aspects
  • Sound transformers
  • Application
  • Checking linearizability of concurrent data
    structures

7
Outline
  • Motivation what is linearizability
  • Universally quantified shape abstractions
  • Checking linearizability via conjoined execution
    and delta abstraction
  • Experimental results

8
Universally QuantifiedShape Abstractions
9
Concurrent heaps Yahav, POPL01
  • Heaps contain both threads and objects
  • Logical structure, or
  • Formula in subset of FOTC Yorsh et al., TOCL07

thread-local variable
thread object with program counter
t
x
x
list object
n
list field
10
Concurrent heaps Yahav, POPL01
  • Heaps contain both threads and objects
  • Logical structure, or
  • Formula in subset of FOTC Yorsh et al., TOCL07

tr2
tr1
v1
t
x
x
v2
n
v3
11
Unbounded concurrent heaps
void push(Stack S, data_type v) 1
Node x alloc(sizeof(Node))2 x-gtd
v3 do 4 Node t S-gtTop5
x-gtn t6 while
(!CAS(S-gtTop,t,x))7
Unbounded parallel compositionpush(Top,?)
... push(Top,?)
Top
t
t
x
x
n
n
t
t
x
x
n
x
x
n
12
Local heaps
  • Each local heap
  • Presents a view of heap relative to one thread
  • Can be instantiated 0 times

Top
pc2
pc6
pc1
pc4
x
x
Top
Top
t
x
t
Top
n
n
n
n
n
n
n
n
n
13
Bounded local heaps
  • Each local heap
  • Presents a view of heap relative to one thread
  • Can be instantiated 0 times
  • Bounded by finitary abstraction (Canonical
    Abstraction)

Top
pc2
pc6
pc1
pc4
x
x
Top
Top
t
x
t
Top
n
n
n
n
n
n
n
n
n
14
Concurrent heap
pc(tr1)6 ? pc(tr2)2 ? ?v1,v2,v3. Top(v1) ?
x(tr1,v2) ? t(tr1,v1)
? x(tr2,v3) ? n(v2,v1)
tr1
tr2
t
v1
x
x
n
v3
v2
15
Universally quantifiedlocal heaps
pc(t)6 ? ?v1,v2. Top(v1) ? x(t,v2) ? t(t,v1) ?
n(v2,v1)
?t.
?
pc(t)2 ? ?v1,v3. Top(v1) ? x(t,v3)
overlappinglocal heaps
t
t
t
x
v1
x
v1
n
v3
v2
16
Meaning of quantified invariant
pc(t)6 ? ?v1,v2. Top(v1) ? x(t,v2) ? t(t,v1) ?
n(v2,v1)
  • Information maintained
  • (dis)equalities between local variables of each
    thread and global variables
  • Objects reachable from global variables
  • Information lost
  • Number of threads
  • (dis)equalities between local variables of
    different threads

?t.
?
pc(t)2 ? ?v1,v3. Top(v1) ? x(t,v3)
?
n
m
t
x
x
n
17
Loss of non-aliasing information
pc(t)6 ? ?v1,v2. Top(v1) ? x(t,v2) ? t(t,v1) ?
n(v2,v1)
?t.
unwanted aliasingconsider x-gtnt
t
t
x
x
n
n
Remedy record non-aliasing information explicitly
x
n
t
t
x
n
18
Adding non-aliasing information
pc(t)6 ? ?v1,v2. Top(v1) ? x(t,v2) ? t(t,v1) ?
n(v2,v1) ? Private(v1) ? Private(v2)
?t.
Referencedby exactlyone thread
t
t
x
x
n
P
n
P
x
n
t
t
x
n
P
19
Adding non-aliasing information
pc(t)6 ? ?v1,v2. Top(v1) ? x(t,v2) ? t(t,v1) ?
n(v2,v1) ? Private(v1) ? Private(v2)
?t.
t
t
x
x
Operation on private objects invisible to other
threads
n
P
n
P
n
t
t
x
x
P
n
P
20
Recap
  • Add universal quantification on top of finitary
    heap abstractions
  • Handle unbounded number of threads
  • Local heaps can overlap
  • Handle fine-grained concurrency
  • Strengthen local heaps by Private predicate
  • Private objects cannot be affected by actions of
    other threads
  • Missing transformers (see paper)

21
Checking linearizabilityfor an unbounded
numberof threads
22
Verification of fixed linearization points Amit
et al., CAV07
  • Compare each concurrent execution to a specific
    sequential execution
  • Show that every (terminating) concurrent
    operation returns the same result as its
    sequential counterpart

linearizationpoint
Concurrent Execution
...
linearizationpoint
compare results
Conjoined Execution
compare results
Sequential Execution
23
Linearization pointsfor Treibers stack
void push(Stack S, data_type v) 1
Node x alloc(sizeof(Node))2 x-gtd
v3 do 4 Node t S-gtTop5
x-gtn t6 while
(!CAS(S-gtTop,t,x)) // _at_LINEARIZE on CAS7
data_type pop(Stack S)8 do 9
Node t S-gtTop // _at_LINEARIZE10
if (t NULL)11 return EMPTY
12 Node s t-gtn13
data_type r t-gtd14 while
(!CAS(S-gtTop,t,s)) // _at_LINEARIZE on CAS15
return r16
24
Shape analysis with delta abstraction Amit et
al., CAV07
  • Tracks bounded differences between concurrent and
    sequential execution
  • Abstracts two heaps together
  • Limited to bounded number of threads
  • Tracks correlations between all threads
  • Feasible up to 4 threads

What about an unboundednumber of threads?
25
Our approach
  • Tracks bounded differences between concurrent and
    sequential executionper thread
  • Handles unbounded number of threads
  • Abstracts correlations between threads
  • Thread-modular characteristics

26
Conjoined execution for push
void push(Stack S, data_type v) 1
Node x alloc(sizeof(Node))2 x-gtd
v3 do 4 Node t S-gtTop5
x-gtn t6 while
(!CAS(S-gtTop,t,x)) // LINEARIZE on CAS7
Top
concurrent state
isomorphismrelation
Top
sequential view
27
Conjoined execution for push
void push(Stack S, data_type v) 1
Node x alloc(sizeof(Node))2 x-gtd
v3 do 4 Node t S-gtTop5
x-gtn t6 while
(!CAS(S-gtTop,t,x)) // LINEARIZE on CAS7
conjoined state
Top
Top
duo-object
28
Conjoined execution for push
void push(Stack S, data_type v) 1
Node x alloc(sizeof(Node))2 x-gtd
v3 do 4 Node t S-gtTop5
x-gtn t6 while
(!CAS(S-gtTop,t,x)) // LINEARIZE on CAS7
Top
Top
Top
Top
x
P
delta object
29
Conjoined execution for push
void push(Stack S, data_type v) 1
Node x alloc(sizeof(Node))2 x-gtd
v3 do 4 Node t S-gtTop5
x-gtn t6 while
(!CAS(S-gtTop,t,x)) // LINEARIZE on CAS7
Top
Top
if (S?Top t) S?Top x evaluate to
trueelse evaluate to false

30
Run operation sequentially
void push(Stack S, data_type v) 1
Node x alloc(sizeof(Node))2 x-gtd
v3 do 4 Node t S-gtTop5
x-gtn t6 while
(!CAS(S-gtTop,t,x)) // LINEARIZE on CAS7
31
Run operation sequentially
void push(Stack S, data_type v) 1
Node x alloc(sizeof(Node))2 x-gtd
v3 do 4 Node t S-gtTop5
x-gtn t6 while
(!CAS(S-gtTop,t,x)) // LINEARIZE on CAS7
But how do you handleunboundedness due
torecursive data structures?
Employ CanonicalHeap Abstraction
32
An unbounded state
void push(Stack S, data_type v) 1
Node x alloc(sizeof(Node))2 x-gtd
v3 do 4 Node t S-gtTop5
x-gtn t6 while
(!CAS(S-gtTop,t,x)) LINEARIZE on CAS7
unboundednumber ofdelta objects
Top
t
t
x
x
P
P
n
n
t
t
x
x
P
P
x
n
x
P
P
n
33
Bounded local states
number ofdelta objectsper local heapbounded
Top
Top
Top
Top
t
t
x
x
P
n
P
n
n
n
n
x
P
n
n
n
n
34
Observations used
  • Unbounded number of heap objects
  • Number of delta objects created per thread is
    bounded
  • Objects in recursive data structures bounded by
    known shape abstractions
  • Delta objects always referenced bylocal
    variables global variables
  • Captured by local heaps
  • Threads mutate data structure near global access
    points

35
Experimental results
Verified Programs states time (sec.)
Treibers stack1986 764 7
Two-lock queueMichael Scott, PODC96 3,415 17
Non-blocking queue Doherty Groves, FORTE04 10,333 252
  • First automatic verification of linearizability
    for unbounded number of threads

36
Whats missing from the talk?
  • Generic technique for lifting abstract domains
    with universal quantifiers
  • Abstract transformers
  • Thread instantiation
  • Combining universal quantification with heap
    decomposition

37
Related work
  • Yahav, POPL01
  • Shape analysis with counter abstraction
  • Gotsman et al., PLDI07
  • Thread-modular shape analysis for coarse-grained
    concurrency
  • Amit et al., CAV07
  • Linearizability for a bounded number of threads
  • Vafeiadis et al.,06,07,08
  • Linearizability for an unbounded number of
    threads withRely-Guarantee reasoning w.
    separation logic
  • Requires user annotations
  • Gulwani et al., POPL08
  • Lifting abstract interpreters to quantified
    logical domains
  • Pnueli et al., TACAS01 Clarke et al.,
    TACAS08Namjoshi, VMCAI07
  • Model checking concurrent systems

38
Conclusion
  • Parametric shape abstraction for an unbounded
    number of threads
  • Fine-grained concurrency
  • Thread-modular aspects
  • Integrated into TVLA
  • Automatically proves linearizability
    offine-grained concurrent implementations

39
Thank You
40
Can you handle mutex?
  • Yes with Canonical Abstraction?t1. . ?t2.
  • Not with Boolean Heaps
  • Only one level of quantification

41
Requirements frombase domain
  • Support free variables ?(u,v,w)
  • Support join and meet operations

42
Thread-modular analysis
Non-disjoint resource invariantsthis
paperFine-grained concurrency
Separated resource invariantsGotsman et al.,
PLDI 07Coarse-grained concurrency
Single global resource invariantFlanagan
Qadeer, SPIN 03
43
Constructing the correlation relation
  • Incrementally constructed during execution
  • Nodes allocated by matching push operations are
    correlated
  • Correlated nodes have equal data values
  • Show that matching pops return data values of
    correlated nodes

44
Fixed linearization points
  • Every operation has (user-specified) fixed
    linearization point
  • Statement at which the operation appears to take
    effect
  • Show that these linearization points are correct
    for every concurrent execution
  • User may specify
  • Several (alternative) linearization points
  • Certain types of conditional linearization
    pointse.g., successful CAS operations

45
Stack's most-general client
void client (Stack ?S) do if
(?) push(S, rand()) else pop(S)
while ( 1 )
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Thread Quantification for Concurrent Shape Analysis" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!