Download pptx - On Sequentializing Concurrent Programs Ahmed Bouajjani LIAFA, University of Paris 7, France LIAFA, University of Paris 7, France Michael Emmi LIAFA, University

On Sequentializing Concurrent Programs

Ahmed Bouajjani LIAFA, University of Paris 7, France

Michael Emmi LIAFA, University of Paris 7, France

Gennaro Parlato ✓

University of Southampton, UK

What is this talk about?

Use of verification tools for sequential programs

to analyze concurrent programs

Write a sequential program that simulates the concurrent program

Kiss: Keep It Simple and Sequential [Qadeer, Wu—PLDI’04]

Many efficient solutions have been developed for sequential programs:

SMT-based Bounded Model-Checkers, BDD-based model-checkers, approximation techniques, deductive verification, …

Why don’t we exploit them?

code-to-code translation as a plug-in for sequential tools

A convenient way to get new tools for conc. programs …

Sequ. tool

Concsequtranlsation

Instrumentationfor the Sequ. tool

Concurrent Program

T1 T2 Tn

shared vars(SC semantics)

…

Sequ.program

What would it be a good sequential simulation?

First attempt:

Tracking state: C1 X C2 X … Ci … X Cn X Shared

Simulation: at each step simulate one move of a thread

State space explosion !

Q: Can we avoid such an explosion (cross product of locals)?

Yes, if we consider at most 2 context-switches

[Qadeer, Wu—PLDI’04]

13

2

132

Q: Can we avoid such an explosion (cross product of locals)?

A: YES, for certain under-approximation

Q: What about complete simulations ?

A: NO! (for theoretical reasons)

Related works• Up 2 context-switches [Qadeer, Wu—

PLDI’04]

• Many concurrency errors manifest themselves within few context-switches [Musuvathi, Qadeer—PLDI`07]

• Any fixed # context-switches (finite # of threads) • Eager [Lal, Reps—CAV`08]• Lazy [La Torre, Parlato, Madhusudan—CAV`09]

• Round-Robin schedules & parametrized programs• Lazy [La Torre, Parlato, Madhusudan—CAV`10]

• Delay-bounded schedules (thread creation) [Emmi, Qadeer, Rakamaric—POPL`11]

• Over-approximation [Garg, Madhusudan, TACAS`11]

Proposed sequentializations common characteristics

Avoid cross product (compositional)• 1 stack for the simulation• 1 local state, fixed # of shared states

Conc. & Sequ. Programs are in the same class• i.e. no additional data structures to simulate parallelism• Example: Boolean conc. programs Boolean

(sequential) program

Parametrized: increasing the parameter • more and more behaviors are captured• at the expense of more computational resources

Explore as many behaviors as possible• Goal

Our contribution

General mechanism enabling compositional sequentializations• Under-approximations

Captures at least or more behaviors than existing sequentializations

Existing sequentializations can be seen as a restrictions of ours

Our

Concurrent Sequential

Translation

- Compositional semantics- Thread interfaces

- Bounded semantics (restricted compositional semantics)

Compositional Semantics(code-to-code translation to sequ.

programs)P ::= var g:T H

H ::= proc p (var l:T ) s

s ::= s; s | x := e | skip | assume e

| if e then s else s | while e do s

| call x := p e | return e

| post p e | yield //Concurrent stmt

x ::= g | l

T1 T2 Tn

shared vars(SC semantics)

…

Main idea of the sequentialization• Transform each thread creation into a procedure call:

post p e call g:=p e

Only one interaction • Solution (return all possible interactions)

post p e call INTERFACE:=p e

Key concept: Thread interface

An interface of a thread T in an execution

captures the interactions (shared states)

of

T and all its sub-threads

with

the remaining threads involved in the execution

Thread interface

s1 s1’

s2

s3

s4

s5

s2’

s3’

s4’

s5’

How to compute Thread interface

• Every thread creation is transformed into a procedure call

• A thread procedure • computes an interface of the thread by simulating its

code

• The thread procedure keeps the following data structure to compute the interface

EXP: Interface to exportBAG: Interfaces imported from posted threads

Updating the interface data-structure:initialization

The procedure that simulates a thread first initializes the interface data-structure:

• interface to export is initialized with one round ( s1, s1 )

( s1 is a guessed shared state)• bag of imported interfaces is empty

∅s1 s1


Updating the interface data-structure:

thread creation (post)

At any thread creation:

post p e transformed interface := call thread-p e;

Add( BAG, interface );


Updating the interface data-structure

context-switch (yield)

At any yield point non deterministically either 1. interact at least once with internal threads, or

2. interact with an external thread

a

a b

b


Updating the interface data-structure

context-switch (yield)

At any yield point non deterministically either 1. interact at least once with internal threads, or

2. interact with an external thread • Add a new round (a,a) to the interface to export ( a is guessed )


a a

Sequential semantics for conc. programs

We’ve obtained a sequential program that simulates the conc. program by computing interfaces

Each Thread code p is replaced by the procedure thread-p:• Variables: Locals + Interface data-structure• Initialize the interface data-structure• The code of the original thread is attached• Only post, and yield statement are replaced with new code

(simulating the operations presented previously)

• At yield a yield statement (or return) return the exported interface

interface data-structure is unbounded

• An interface as a list:

aceg

bdfh

a b

c d

e f

g h

Bounding & Compressing


• Bound the # nodes in the interface data structure

• Compress the bag of exported interface as a DAGWe merge two node (x, y) and (y,z) into (x,z)

x y y z

- Ex 1. - Ex 2.

x y

y z

Our Sequentialization

Compositional Semantics

+


All existing sequentializations can be

simulated- Up 2 context-switches [Qadeer, Wu—PLDI’04]

- Any fixed # context-switches (finite # of threads) - Eager [Lal, Reps—CAV`08]- Lazy [La Torre, Parlato, Madhusudan—CAV`09]

- Round-Robin schedules & parametrized programs- Lazy [La Torre, Parlato, Madhusudan—CAV`10]

- Delay bounded schedules (thread creation) [Emmi, Qadeer, Rakamaric—

POPL`11]

T1 T2 Tn

initialshared state

round 1

round 2

round k

Sequ. for any fixed # context-switches

(finite # of threads) [Lal, Reps—CAV`08]

1 23

Conclusions

Conclusions:We have presented a general mechanism enabling compositional sequentializations of concurrent programs (under SC)

- parameterized (bounding & compressing the # of nodes in the interfaces)- more behaviors than existing sequentializations- Thread creation, parameterized programs, finite # threads- All existing sequentializations can be explained within our framework

Weak Memory models:- Translation TSO SC [Atig, Bouajjani, Parlato—CAV`11]- TSO SC sequential

Future works:- Experimental evaluation- Sequentializations for distributed programs (FIFO channels) ?

- The Tree-width of Auxiliary Storage [Madhusudan, Parlato—

POPL`11] - Lazy transformation of our sequentialization [La Torre, Madhusudan, Parlato—CAV`09, CAV`10]

Thanks!