On Sequentializing Concurrent Programs Ahmed Bouajjani LIAFA, University of Paris 7, France LIAFA,...
-
date post
19-Dec-2015 -
Category
Documents
-
view
217 -
download
0
Transcript of On Sequentializing Concurrent Programs Ahmed Bouajjani LIAFA, University of Paris 7, France LIAFA,...
On Sequentializing Concurrent Programs
Ahmed Bouajjani LIAFA, University of Paris 7, France
Michael Emmi LIAFA, University of Paris 7, France
Gennaro Parlato ✓
University of Southampton, UK
What is this talk about?
Use of verification tools for sequential programs
to analyze concurrent programs
Write a sequential program that simulates the concurrent program
Kiss: Keep It Simple and Sequential [Qadeer, Wu—PLDI’04]
Many efficient solutions have been developed for sequential programs:
SMT-based Bounded Model-Checkers, BDD-based model-checkers, approximation techniques, deductive verification, …
Why don’t we exploit them?
code-to-code translation as a plug-in for sequential tools
A convenient way to get new tools for conc. programs …
Sequ. tool
Concsequtranlsation
Instrumentationfor the Sequ. tool
Concurrent Program
T1 T2 Tn
shared vars(SC semantics)
…
Sequ.program
What would it be a good sequential simulation?
First attempt:
Tracking state: C1 X C2 X … Ci … X Cn X Shared
Simulation: at each step simulate one move of a thread
State space explosion !
Q: Can we avoid such an explosion (cross product of locals)?
Yes, if we consider at most 2 context-switches
[Qadeer, Wu—PLDI’04]
13
2
132
Q: Can we avoid such an explosion (cross product of locals)?
A: YES, for certain under-approximation
Q: What about complete simulations ?
A: NO! (for theoretical reasons)
Related works• Up 2 context-switches [Qadeer, Wu—
PLDI’04]
• Many concurrency errors manifest themselves within few context-switches [Musuvathi, Qadeer—PLDI`07]
• Any fixed # context-switches (finite # of threads) • Eager [Lal, Reps—CAV`08]• Lazy [La Torre, Parlato, Madhusudan—CAV`09]
• Round-Robin schedules & parametrized programs• Lazy [La Torre, Parlato, Madhusudan—CAV`10]
• Delay-bounded schedules (thread creation) [Emmi, Qadeer, Rakamaric—POPL`11]
• Over-approximation [Garg, Madhusudan, TACAS`11]
Proposed sequentializations common characteristics
Avoid cross product (compositional)• 1 stack for the simulation• 1 local state, fixed # of shared states
Conc. & Sequ. Programs are in the same class• i.e. no additional data structures to simulate parallelism• Example: Boolean conc. programs Boolean
(sequential) program
Parametrized: increasing the parameter • more and more behaviors are captured• at the expense of more computational resources
Explore as many behaviors as possible• Goal
Our contribution
General mechanism enabling compositional sequentializations• Under-approximations
Captures at least or more behaviors than existing sequentializations
Existing sequentializations can be seen as a restrictions of ours
Our
Concurrent Sequential
Translation
- Compositional semantics- Thread interfaces
- Bounded semantics (restricted compositional semantics)
Compositional Semantics(code-to-code translation to sequ.
programs)P ::= var g:T H
H ::= proc p (var l:T ) s
s ::= s; s | x := e | skip | assume e
| if e then s else s | while e do s
| call x := p e | return e
| post p e | yield //Concurrent stmt
x ::= g | l
T1 T2 Tn
shared vars(SC semantics)
…
Main idea of the sequentialization• Transform each thread creation into a procedure call:
post p e call g:=p e
Only one interaction • Solution (return all possible interactions)
post p e call INTERFACE:=p e
Key concept: Thread interface
An interface of a thread T in an execution
captures the interactions (shared states)
of
T and all its sub-threads
with
the remaining threads involved in the execution
Thread interface
s1 s1’
s2
s3
s4
s5
s2’
s3’
s4’
s5’
How to compute Thread interface
• Every thread creation is transformed into a procedure call
• A thread procedure • computes an interface of the thread by simulating its
code
• The thread procedure keeps the following data structure to compute the interface
EXP: Interface to exportBAG: Interfaces imported from posted threads
Updating the interface data-structure:initialization
The procedure that simulates a thread first initializes the interface data-structure:
• interface to export is initialized with one round ( s1, s1 )
( s1 is a guessed shared state)• bag of imported interfaces is empty
∅s1 s1
EXP: Interface to exportBAG: Interfaces imported from posted threads
Updating the interface data-structure:
thread creation (post)
At any thread creation:
post p e transformed interface := call thread-p e;
Add( BAG, interface );
EXP: Interface to exportBAG: Interfaces imported from posted threads
Updating the interface data-structure
context-switch (yield)
At any yield point non deterministically either 1. interact at least once with internal threads, or
2. interact with an external thread
a
a b
b
EXP: Interface to exportBAG: Interfaces imported from posted threads
Updating the interface data-structure
context-switch (yield)
At any yield point non deterministically either 1. interact at least once with internal threads, or
2. interact with an external thread • Add a new round (a,a) to the interface to export ( a is guessed )
EXP: Interface to exportBAG: Interfaces imported from posted threads
a a
Sequential semantics for conc. programs
We’ve obtained a sequential program that simulates the conc. program by computing interfaces
Each Thread code p is replaced by the procedure thread-p:• Variables: Locals + Interface data-structure• Initialize the interface data-structure• The code of the original thread is attached• Only post, and yield statement are replaced with new code
(simulating the operations presented previously)
• At yield a yield statement (or return) return the exported interface
interface data-structure is unbounded
Bounding & Compressing
• Bound the # nodes in the interface data structure
• Compress the bag of exported interface as a DAGWe merge two node (x, y) and (y,z) into (x,z)
x y y z
- Ex 1. - Ex 2.
x y
y z
All existing sequentializations can be
simulated- Up 2 context-switches [Qadeer, Wu—PLDI’04]
- Any fixed # context-switches (finite # of threads) - Eager [Lal, Reps—CAV`08]- Lazy [La Torre, Parlato, Madhusudan—CAV`09]
- Round-Robin schedules & parametrized programs- Lazy [La Torre, Parlato, Madhusudan—CAV`10]
- Delay bounded schedules (thread creation) [Emmi, Qadeer, Rakamaric—
POPL`11]
T1 T2 Tn
initialshared state
round 1
round 2
round k
Sequ. for any fixed # context-switches
(finite # of threads) [Lal, Reps—CAV`08]
1 23
Conclusions:We have presented a general mechanism enabling compositional sequentializations of concurrent programs (under SC)
- parameterized (bounding & compressing the # of nodes in the interfaces)- more behaviors than existing sequentializations- Thread creation, parameterized programs, finite # threads- All existing sequentializations can be explained within our framework
Weak Memory models:- Translation TSO SC [Atig, Bouajjani, Parlato—CAV`11]- TSO SC sequential
Future works:- Experimental evaluation- Sequentializations for distributed programs (FIFO channels) ?
- The Tree-width of Auxiliary Storage [Madhusudan, Parlato—
POPL`11] - Lazy transformation of our sequentialization [La Torre, Madhusudan, Parlato—CAV`09, CAV`10]
Thanks!