1 / 11

Software Verification 1 Deductive Verification

This research by Prof. Dr. Holger Schlingloff investigates the challenges of parallelism, particularly with multicore processors and multithreading in C. It delves into synchronization issues that make parallel programming complex and error-prone. The study introduces new constructs to the language of while-programs, enabling clearer expression of parallel execution and atomic actions. Through illustrative examples and interleaving semantics, the work addresses deadlocks and invariants in parallel programs, contributing to safer and more reliable software verification methods.

clay
Télécharger la présentation

Software Verification 1 Deductive Verification

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Software Verification 1Deductive Verification Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt Universität und Fraunhofer Institut für Rechnerarchitektur und Softwaretechnik

  2. Research is calling...

  3. Parallelism • increasing importance (multicore processors) • in C, parallelism by multithreading • POSIX: pthread_create (name, function, args) • pthread_join, pthread_exit, ... • key issue: synchronization • hard to understand, error-prone

  4. Concept Language • we add the following new constructs to the language of while-programs • { 1 || 2 } or, more generally, { 1 || ... || n } • await (b) ; • semantics • parallel (interleaved) execution of the i • blocking wait until condition is satisfied; program fragment within await is noninterruptable • for simplicity, assignments are atomic actions

  5. Examples • int n=0; { for (int i = 0; i<100; i++) n++;|| for (int i = 0; i<100; i++) n--;} • int n=0; int l, r; {for (int i = 0; i<100; i++) {l=n; l++; n=l;}|| for (int i = 0; i<100; i++) {r=n; r--; n=r;}} • int n=0; {for (int i = 0; i<100; i++) await (1) {l=n; l++; n=l;}|| for (int i = 0; i<100; i++) await (1) {r=n; r--; n=r;}}

  6. More Examples • a=0; {a*=a; a-=5; || a=2*a+3; a=1-a;} • a=0; {a++; || a--;} • {a=0; a++; || a=0; a--} • a=0; {await (a>=0); a++; || await (a<=0); a--} • a=0; {await (a>=0) a++; || await (a<=0) a--}

  7. A realistic example a=n; b=0; c=1; { while (a!=n-k) {c=c*a; a--;} || while (b!=k) {b++; await (a+b<=n); c=c/b;} } program calculates binomial coefficient

  8. Interleaving Semantics • A state of the program consists of • an assignment of values to variables • a set of program counters (depending on the number of parallel components), and • SOS-rules for parallel programs • if (U,I,V) ⊨ b and (, V)* (skip,V’), then (await (b) , V) (skip,V’) • if (1, V) (1’,V’), then ({1 ||  2}, V) ({1’ || 2},V’)if (2, V) (2’,V’), then ({1 ||  2}, V) ({1 || 2’},V’)({skip || skip}, V) (skip,V) • In general, several possible executions! (tree of possibilities)

  9. A realistic example a=n; b=0; c=1; :{ 1: while (a!=n-k) { 2: c=c*a; 3: a--; } 4: || 1: while (b!=k) { 2: b++; 3: await (a+b<=n); 4: c=c/b; } 5: }

  10. Deadlocks • a=0; b=0;{await (a!=0) || await (b!=0)} • a=0; b=0;{await (a==1) b=1 || await (b==1) a=1} • prt=T; dsk=T;{await (prt) prt=F; await(dsk) dsk=F; foo; prt=T; dsk=T; || await (dsk) dsk=F; await(prt) prt=F; bar; prt=T; dsk=T;}

  11. Invariants for Parallel Programs • Assume  is a formula such that {}  {}for every subprogram  of { 1 || 2 }.Then {}{ 1 || 2 }{} • Example:a=0; : {a++; : || a--; :} : Invariant a==0+- (or, more explicit: (¬¬a==0  a==0  ¬a==1  ¬a==-1) ) • int n=0; { for (int i = 0; i<100; i++) n++;|| for (int j = 0; j<100; j++) n--;} Invariant n=i-j

More Related