1 / 24

Abstraction-Guided Synthesis of synchronization

This work addresses the challenge of ensuring correct and efficient synchronization in concurrent programming through abstraction-guided synthesis. By utilizing abstract interpretation, the proposed approach aims to identify minimal synchronization points that prevent bad interleavings while allowing as many beneficial interleavings as possible. This method also addresses infinite-state programs, providing a framework for automatic inference of synchronization constraints to support programmers in creating robust systems. Key aspects include atomicity constraints and the interplay between abstraction and synchronization.

brook
Télécharger la présentation

Abstraction-Guided Synthesis of synchronization

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Martin Vechev • EranYahav • Greta Yorsh Abstraction-Guided Synthesis of synchronization • IBM T.J. Watson Research Center

  2. Challenge: Correct and Efficient Synchronization P1() P2() P3() { …………………………… ……………………. … } Assist the programmer by automatically inferring correct and efficient synchronization { ……………… …… …………………. ……………………. ………………………… } { ………………….. …… ……………………. ……………… …………………… } atomic atomic atomic Safety Specification: S

  3. Challenge: Correct and Efficient Synchronization P1() P2() P3() { …………………………… ……………………. … } Assist the programmer by automatically inferring correct and efficient synchronization { ……………… …… …………………. ……………………. ………………………… } { ………………….. …… ……………………. ……………… …………………… } Safety Specification: S

  4. Challenge • Assumption: we can prove that serial executions satisfy the specification • Interested in bad behaviors due to concurrency • Find minimal synchronization that makes the program satisfy the specification • Avoid all bad interleaving while permitting as many good interleavings as possible • Handle infinite-state programs

  5. Our Approach • Synthesis of synchronization via abstract interpretation • Compute over-approximation of all possible program executions • Add minimal atomics to avoid (over-approximation of) bad interleavings • Interplay between abstraction and synchronization • Finer abstraction may enable finer synchronization • Coarse synchronization may enable coarser abstraction

  6. A Standard Approach: Abstraction Refinement program Valid specification Abstract counterexample Verify abstraction Abstract counterexample  AbstractionRefinement Change the abstraction to match the program

  7. Our Approach: Abstraction-Guided Synthesis program  P’ ProgramRestriction Implement specification Abstractcounterexample Verify abstraction Abstract counterexample  AbstractionRefinement Change the program to match the abstraction

  8. AGS Algorithm – High Level • Input: Program P, Specification S, Abstraction  • Output: Program P’ satisfying S under   = true while(true) { Traces = { |   (P ) and  S } if (Traces is empty) return implement(P,) select   Traces if (?) {  = avoid() if (  false)  =    else abort } else { ’ = refine(, ) if (’ )  = ’ eles abort } }

  9. Avoiding an interleaving • By adding atomicity constraints • Atomicity predicate [l1,l2] – no context switch allowed between execution of statements at l1 and l2 • avoid() • A disjunction of all possible atomicity predicates that would prevent  • Example •  = A1 B1 A2 B2 • avoid() = [A1,A2]  [B1,B2] • (abuse of notation)

  10. Example T1 1: x += z 2: x += z T2 1: z++ 2: z++ T3 1: y1 = f(x) 2: y2 = x 3: assert(y1 != y2) f(x) { if (x == 1) return 3 else if (x == 2) return 6 else return 5 }

  11. y1 6 Example: Parity Abstraction 5 4 3 2 1 y2 0 1 2 3 4 y1 6 5 4 3 2 1 y2 0 1 2 3 4 Parity abstraction (even/odd) Concrete values

  12. Example: Avoiding Bad Interleavings  = true while(true) { Traces={|(P ) and  S } if (Traces is empty) return implement(P,) select   Traces if (?) {  =   avoid() } else {  = refine(, ) } } avoid(1) = [z++,z++]  = [z++,z++]  = true

  13. Example: Avoiding Bad Interleavings  = true while(true) { Traces={|(P ) and  S } if (Traces is empty) return implement(P,) select   Traces if (?) {  =   avoid() } else {  = refine(, ) } } avoid(2) =[x+=z,x+=z]  = [z++,z++]  = [z++,z++][x+=z,x+=z]

  14. Example: Avoiding Bad Interleavings T1 1: x += z 2: x += z  = true while(true) { Traces={|(P ) and  S } if (Traces is empty) return implement(P,) select   Traces if (?) {  =   avoid() } else {  = refine(, ) } } T2 1: z++ 2: z++ T3 1: y1 = f(x) 2: y2 = x 3: assert(y1 != y2)  = [z++,z++][x+=z,x+=z]

  15. 6 Example: Avoiding Bad Interleavings T1 T1 T1 x+=z; x+=z x+=z; x+=z x+=z; x+=z 5 4 z++; z++; z++; z++; z++; z++; T2 T2 T2 3 T3 T3 T3 y1=f(x) y2=x assert y1!= y2 y1=f(x) y2=x assert y1!= y2 y1=f(x) y2=x assert y1!= y2 2 1 0 1 2 3 4 y1    parity parity parity 6 6 5 5 4 4 3 3 2 2 1 1 y2 0 1 2 3 4 0 1 2 3 4 But we can also refine the abstraction…

  16.   parity parity parity 6 6 T1 T1 T1 T1 T1 T1 T1 5 x+=z; x+=z x+=z; x+=z x+=z; x+=z x+=z; x+=z x+=z; x+=z x+=z; x+=z x+=z; x+=z 5 4 4 z++; z++; z++; z++; z++; z++; z++; z++; z++; z++; z++; z++; z++; z++; T2 T2 T2 T2 T2 T2 T2 3 3 2 T3 T3 T3 T3 T3 T3 T3 y1=f(x) y2=x assert y1!= y2 y1=f(x) y2=x assert y1!= y2 y1=f(x) y2=x assert y1!= y2 y1=f(x) y2=x assert y1!= y2 y1=f(x) y2=x assert y1!= y2 y1=f(x) y2=x assert y1!= y2 y1=f(x) y2=x assert y1!= y2 2 1 1 0 1 2 3 4 0 1 2 3 4 (a) (b) (c) interval interval   y1 6 6 6 5 5 5 4 4 4 3 3 3 2 2 2 1 1 1 0 1 2 3 4 y2 (d) (e) 0 1 2 3 4 0 1 2 3 4   octagon octagon 6 5 6 4 5 3 4 2 3 1 2 1 0 1 2 3 4 (f) (g) 0 1 2 3 4

  17. Quantitative Synthesis • Performance: smallest atomic sections • Interval abstraction for our example produces the atomicity constraint:([x+=z,x+=z] ∨ [z++,z++])∧ ([y1=f(x),y2=x] ∨ [x+=z,x+=z] ∨ [z++,z++]) • Minimal satisfying assignments • 1 = [z++,z++] • 2 = [x+=z,x+=z]

  18. AGS Algorithm – More Details Forward Abstract Interpretation, taking  into account for pruning infeasible interleavings • Input: Program P, Specification S, Abstraction  • Output: Program P’ satisfying S under   = true while(true) { Traces = { |   (P ) and  S } if (Traces is empty) return implement(P,) select   Traces if (?) {  =   avoid() } else {  = refine(, ) } } Order of selection matters • Choosing between abstraction refinement and program restriction • not always possible to refine/avoid • may try and backtrack Backward exploration of invalid Interleavings using  to prune infeasible interleavings. Up to this point did not commit to a synchronization mechanism

  19. Implementability • Separation between schedule constraints and how they are realized • Can realize in program: atomic sections, locks,… • Can realize in scheduler: benevolent scheduler • No program transformations (e.g., loop unrolling) • Memoryless strategy T1 1: while(*) { 2: x++ 3: x++ 4: } T2 1: assert (x != 1)

  20. Choosing a trace to avoid 0,00,0 y=2 if (y==0) 0,10,2 2,00,0 T1 0: if (y==0) goto L 1: x++ 2: L: T2 0: y=2 1: x+=1 2: assert x !=y y=2 if (y==0) 1,10,2 2,10,2 x++ x+=1 2,21,2 2,11,2 x+=1 3,22,2

  21. Examples Intuition • If we can show disjoint access wecan avoid synchronization • Requires abstractions rich enough to capture access pattern to shared data Parity Intervals

  22. Examples

  23. Summary • An algorithm for Abstraction-Guided Synthesis • Synthesize efficient and correct synchronization • Handles infinite-state systems based on abstract interpretation • Refine the abstraction and/or restrict program behavior • Interplay between abstraction and synchronization • Quantitative Synthesis • Separate characterization of solution from choosing optimal solutions (e.g., smallest atomic sections)

  24. Invited Questions • What about other synchronization mechanisms? • Why not start from the most constrained program and work downwards (relaxing constraints)? • Can’t you solve the problem purely by brute force search of all atomic section placements? • Why are you enumerating traces? Can’t you compute your solution via state-based semantics? • Why use only a single CEX at a time? Could use information about the whole (abstract) transition system? • Is this related to supervisor synthesis?

More Related