1 / 80

CS294-32: Dynamic Partial Order Reduction

CS294-32: Dynamic Partial Order Reduction. Koushik Sen UC Berkeley. t1: if (x==100) a = 1 else a = 2. t2: if (y==9) a = 3 else a = 4. Exponential Blowup. Computation tree for a single thread . Conditional statement.

toby
Télécharger la présentation

CS294-32: Dynamic Partial Order Reduction

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CS294-32: Dynamic Partial Order Reduction Koushik Sen UC Berkeley

  2. t1: if (x==100) a = 1 else a = 2 t2: if (y==9) a = 3 else a = 4 Exponential Blowup Computation tree for a single thread Conditional statement Computation tree for two threads Scheduler choice: thread switch

  3. Solution • All paths in the tree are not important for statement reachability • Many paths are equivalent to each other • Prune equivalent paths => Partial Order Reduction • Generate inputs along with Partial Order Reduction

  4. Initially x = 0 and y = 0 x=3 y=2 x=3 y=2 t1: x = 3 t2: y = 2 Equivalent Paths x=0, y=0 x=0, y=0 One partial order Same partial order Different linear order => Different Path => Equivalent Path

  5. R B R B Independent transitions • B and R are independent transitions if • they commute: B ∘ R = R ∘ B • neither enables nor disables the other s • Example: x = 3 and y = 2 are independent

  6. Existing Approaches • Static Partial Order Reduction • Valmari 91, Peled 93, Godefroid 96, SPIN model checkerby Holzmann, Verisoft • Limitation • Results in a large dependent relation • Pointers -> Whether two pointers point to the same location is determined conservatively (May point-to) • Results in over-approximation of the dependency relation • Limited POR

  7. may-alias (according to static analysis) Example: static partial-order reduction • Static analysis gives • i1, i2 are thread-local • x is protected by m • but a[i1] and a[i2] may alias • Static POR gives O(n2) explored states and transitions • but only two possible terminating states Global Vars lock m int i1,i2 int x=0 int n=100 char[] a Thread 1 lock(m) i1 := x++ unlock(m) for( ;i1<n; i1+=2) a[i1] := ‘b’ Thread 2 lock(m) i2 := x++ unlock(m) for( ;i2<n; i2+=2) a[i2] := ‘r’ never alias (in practice)

  8. Dynamic partial-order reduction • Static POR relies on static analysis • to yield approximate information about run-time behavior • pointers => coarse information => limited POR => path explosion • Dynamic POR • while model checker executes the program, it sees exactly which threads access which locations • use to simultaneously reduce the path space while model-checking

  9. Focus on Race-Detection and Flipping Algorithm and Concolic Testing: jCUTE • Race-Detection and Flipping Algorithm is a simplified form of DPOR • Proof of correctness in the presence of inputs and conditionals

  10. Event • (t,l,a) • If thread t executes the statement labeled l and the access type is a • a 2 {w,r,l,u,?} • An execution path  is a sequence of events

  11. 5: x=3 e5 11: y=5 e12 8: lock(m) e9 12: halt e13 1: x=1 e1 9: x=4 e10 3: y=2 e3 2: fork(8) e2 7: halt e7 4: lock(m) e4 6: unlock(m) e6 t0 10: unlock(m) e11 t1 e8 Sequential Relation • e = (t,l,a) and e’ = (t’,l’,a’) • e C e’ • e = e', or • t=t’ and e appears before e' in , or • t  t’, t created the thread t’, and e appears before e'' in , where e'' is the fork event on t creating the thread t’, or • there exists an event e'' in  such that e C e'' and e'' C e'.

  12. 5: x=3 e5 11: y=5 e12 8: lock(m) e9 12: halt e13 1: x=1 e1 9: x=4 e10 3: y=2 e3 2: fork(8) e2 7: halt e7 4: lock(m) e4 6: unlock(m) e6 t0 10: unlock(m) e11 t1 e8 Causal Relation (Happens-Before Relation) • e = (t,l,a) and e’ = (t’,l’,a’) • e ¹ e’ • e C e’, or • e appears before e' in  and both access a shared memory location m and one of the accesses is update (write, lock acquire, release), or • there exists an event e'' in  such that e ¹ e'' and e'' ¹ e'. • ¹is a partial order relation

  13. Equivalent Paths • Definition: Two execution paths are equivalent if they are linearizations of the same partial order • Proposition: Exploration of one linear order of each partial order is sufficient for statement reachability

  14. Not so strict definition (see paper for the strict definition) e = (t,l,a) and e’ = (t’,l’,a’) e l e’ e ¹ e’ Not (e C e’ or e’ C e) There exists no e1 such that e ¹ e1 and e1¹ e’ Where e1 is not equal to e or e’ x := 1 y := 2 y := 3 x := 4 Partial Order Race Relation • Events in race relation can be permuted by changing schedule • What happens if we have locks? (see paper)

  15. Thread t1: 1: x := 1 2: y := 2 Thread t2: 1: y := 3 2: x := 4 DPOR (Race-detection and flipping) Example

  16. Thread t1: 1: x := 1 2: y := 2 Thread t2: 1: y := 3 2: x := 4 x := 1 y := 2 y := 3 x := 4 DPOR (Race-detection and flipping) Example Execution 1

  17. Thread t1: 1: x := 1 2: y := 2 Thread t2: 1: y := 3 2: x := 4 x := 1 x := 1 y := 2 y := 2 y := 3 y := 3 x := 4 x := 4 Partial Order DPOR (Race-detection and flipping) Example Postponed Execution 1 { } { } { } { }

  18. Thread t1: 1: x := 1 2: y := 2 Thread t2: 1: y := 3 2: x := 4 x := 1 y := 2 y := 3 x := 4 Partial Order DPOR (Race-detection and flipping) Example Postponed Execution 1 { } x := 1 { t1} y := 2 { } Race y := 3 { } x := 4

  19. Thread t1: 1: x := 1 2: y := 2 Thread t2: 1: y := 3 2: x := 4 x := 1 y := 2 y := 3 x := 4 Partial Order DPOR (Race-detection and flipping) Example Postponed Execution 1 { } x := 1 Backtrack Here { t1} y := 2 { } Race y := 3 { } x := 4

  20. Thread t1: 1: x := 1 2: y := 2 Thread t2: 1: y := 3 2: x := 4 x := 1 y := 2 y := 3 x := 4 Partial Order DPOR (Race-detection and flipping) Example Postponed Execution 1 { } x := 1 Backtrack Here { t1} y := 2 Race y := 3 x := 4

  21. Thread t1: 1: x := 1 2: y := 2 Thread t2: 1: y := 3 2: x := 4 x := 1 y := 2 y := 3 x := 4 Partial Order DPOR (Race-detection and flipping) Example Postponed Execution 2 { } x := 1 { t1} y := 3 { } x := 4 { } y := 2

  22. Thread t1: 1: x := 1 2: y := 2 Thread t2: 1: y := 3 2: x := 4 x := 1 y := 2 y := 3 x := 4 Partial Order DPOR (Race-detection and flipping) Example Postponed Execution 2 { t1} x := 1 { t1 ,t2} Race y := 3 { } Race x := 4 { } y := 2

  23. Thread t1: 1: x := 1 2: y := 2 Thread t2: 1: y := 3 2: x := 4 x := 1 y := 2 y := 3 x := 4 Partial Order DPOR (Race-detection and flipping) Example Postponed Execution 2 { t1} x := 1 Cannot Backtrack Here { t1 ,t2} Race y := 3 { } Race x := 4 { } y := 2

  24. Thread t1: 1: x := 1 2: y := 2 Thread t2: 1: y := 3 2: x := 4 x := 1 y := 2 y := 3 x := 4 Partial Order DPOR (Race-detection and flipping) Example Postponed Execution 2 Backtrack Here { t1} x := 1 { t1 ,t2} Race y := 3 { } Race x := 4 { } y := 2

  25. Thread t1: 1: x := 1 2: y := 2 Thread t2: 1: y := 3 2: x := 4 x := 1 y := 2 y := 3 x := 4 Partial Order DPOR (Race-detection and flipping) Example Postponed Execution 2 Backtrack Here { t1} x := 1 Race y := 3 Race x := 4 y := 2

  26. Thread t1: 1: x := 1 2: y := 2 Thread t2: 1: y := 3 2: x := 4 x := 1 y := 2 y := 3 x := 4 Partial Order DPOR (Race-detection and flipping) Example Postponed Execution 3 { t1} y := 3 { } x := 4 { } x := 1 { } y := 2

  27. Thread t1: 1: x := 1 2: y := 2 Thread t2: 1: y := 3 2: x := 4 x := 1 y := 2 y := 3 x := 4 Partial Order DPOR (Race-detection and flipping) Example Postponed Execution 3 { t1} y := 3 { t2} x := 4 { } Race x := 1 { } y := 2

  28. Thread t1: 1: x := 1 2: y := 2 Thread t2: 1: y := 3 2: x := 4 x := 1 y := 2 y := 3 x := 4 Partial Order DPOR (Race-detection and flipping) Example Postponed Execution 3 { t1} y := 3 Backtrack Here { t2} x := 4 { } Race x := 1 { } y := 2

  29. Thread t1: 1: x := 1 2: y := 2 Thread t2: 1: y := 3 2: x := 4 x := 1 y := 2 y := 3 x := 4 Partial Order DPOR (Race-detection and flipping) Example Postponed Execution 3 { t1} y := 3 Backtrack Here { t2} x := 4 Race x := 1 y := 2

  30. Thread t1: 1: x := 1 2: y := 2 Thread t2: 1: y := 3 2: x := 4 x := 1 y := 2 y := 3 x := 4 Partial Order DPOR (Race-detection and flipping) Example Postponed Execution 4 { t1} y := 3 { t2} x := 1 { } y := 2 { } x := 4

  31. Thread t1: 1: x := 1 2: y := 2 Thread t2: 1: y := 3 2: x := 4 x := 1 y := 2 y := 3 x := 4 Partial Order DPOR (Race-detection and flipping) Example Postponed Execution 4 Cannot Backtrack Here { t1,t2} y := 3 Cannot Backtrack Here { t1,t2} Race x := 1 { } y := 2 Race { } x := 4 Done!

  32. Thread t1: 1: x := 1 2: y := 2 Thread t2: 1: y := 3 2: x := 4 x := 1 y := 2 y := 3 x := 4 Partial Order DPOR (POPL 05) Example Postponed Persistent Execution 1 { } { } x := 1 { t1} { t2} y := 2 { } { } Race y := 3 { } { } x := 4

  33. Thread t1: 1: x := 1 2: y := 2 Thread t2: 1: y := 3 2: x := 4 x := 1 y := 2 y := 3 x := 4 Partial Order DPOR (POPL 05) Example Postponed Persistent Execution 2 { t1} { t2} x := 1 { t1 ,t2} { t1 ,t2} y := 3 { } { } x := 4 { } { } y := 2

  34. Thread t1: 1: x := 1 2: y := 2 Thread t2: 1: y := 3 2: x := 4 x := 1 y := 2 y := 3 x := 4 Partial Order DPOR (POPL 05) Example Postponed Persistent Execution 3 { t1} { t2} y := 3 { t2} { t1} x := 4 { } { } x := 1 { } { } y := 2

  35. Thread t1: 1: x := 1 2: y := 2 Thread t2: 1: y := 3 2: x := 4 x := 1 y := 2 y := 3 x := 4 Partial Order DPOR (POPL 05) Example Postponed Persistent Execution 4 { t1,t2} { t1,t2} y := 3 { t1,t2} { t1,t2} x := 1 { } { } y := 2 { } { } x := 4

  36. Thread t1: 1: x := 1 2: x := 2 Thread t2: 1: y := 1 2: x := 3 DPOR Problem • DPOR (both approaches) explores all 6 execution paths => No reduction • Example in the POPL 05 paper has error • Think about it • Need Sleep Set to obtain reduction

  37. Sleep Set Example

  38. Thread t1: 1: x := 1 2: y := 2 Thread t2: 1: y := 3 2: x := 4 DPOR (Race-detection and flipping) Example

  39. Thread t1: 1: x := 1 2: y := 2 Thread t2: 1: y := 3 2: x := 4 x := 1 y := 2 y := 3 x := 4 DPOR (Race-detection and flipping) Example Execution 1

  40. Thread t1: 1: x := 1 2: y := 2 Thread t2: 1: y := 3 2: x := 4 x := 1 x := 1 y := 2 y := 2 y := 3 y := 3 x := 4 x := 4 Partial Order DPOR (Race-detection and flipping) Example Postponed Delayed Execution 1 { } { } { } { } { } { } { } { }

  41. Thread t1: 1: x := 1 2: y := 2 Thread t2: 1: y := 3 2: x := 4 x := 1 y := 2 y := 3 x := 4 Partial Order DPOR (Race-detection and flipping) Example Postponed Delayed Execution 1 { } { } x := 1 { t1} { } y := 2 { } { } Race y := 3 { } { } x := 4

  42. Thread t1: 1: x := 1 2: y := 2 Thread t2: 1: y := 3 2: x := 4 x := 1 y := 2 y := 3 x := 4 Partial Order DPOR (Race-detection and flipping) Example Postponed Delayed Execution 1 { } { } x := 1 Backtrack Here { t1} { } y := 2 { } { } Race y := 3 { } { } x := 4

  43. Thread t1: 1: x := 1 2: y := 2 Thread t2: 1: y := 3 2: x := 4 x := 1 y := 2 y := 3 x := 4 Partial Order DPOR (Race-detection and flipping) Example Postponed Delayed Execution 1 { } { } x := 1 Backtrack Here { t1} { } y := 2 { } Race y := 3 { } x := 4

  44. Thread t1: 1: x := 1 2: y := 2 Thread t2: 1: y := 3 2: x := 4 x := 1 y := 2 y := 3 x := 4 Partial Order DPOR (Race-detection and flipping) Example Postponed Delayed Execution 2 { } { } x := 1 { t1} { t1 } y := 3 { } { t1 } x := 4 { } { } y := 2

  45. Thread t1: 1: x := 1 2: y := 2 Thread t2: 1: y := 3 2: x := 4 x := 1 y := 2 y := 3 x := 4 Partial Order DPOR (Race-detection and flipping) Example Postponed Delayed Execution 2 { t1} { } x := 1 { t1} { t1 } Race y := 3 { } { t1 } X Race x := 4 { } { } y := 2

  46. Thread t1: 1: x := 1 2: y := 2 Thread t2: 1: y := 3 2: x := 4 x := 1 y := 2 y := 3 x := 4 Partial Order DPOR (Race-detection and flipping) Example Postponed Delayed Execution 2 { t1} { } x := 1 Nothing to Backtrack Here { t1} { t1 } Race y := 3 { } { t1 } X Race x := 4 { } { } y := 2

  47. Thread t1: 1: x := 1 2: y := 2 Thread t2: 1: y := 3 2: x := 4 x := 1 y := 2 y := 3 x := 4 Partial Order DPOR (Race-detection and flipping) Example Postponed Delayed Execution 2 Backtrack Here { t1} { } x := 1 { t1} { t1 } Race y := 3 { } { t1 } X Race x := 4 { } { } y := 2

  48. Thread t1: 1: x := 1 2: y := 2 Thread t2: 1: y := 3 2: x := 4 x := 1 y := 2 y := 3 x := 4 Partial Order DPOR (Race-detection and flipping) Example Postponed Delayed Execution 2 Backtrack Here { t1} { } x := 1 { t1 } Race y := 3 { t1 } X Race x := 4 { } y := 2

  49. Thread t1: 1: x := 1 2: y := 2 Thread t2: 1: y := 3 2: x := 4 x := 1 y := 2 y := 3 x := 4 Partial Order DPOR (Race-detection and flipping) Example Postponed Delayed Execution 3 { t1} { t1 } y := 3 { } { t1 } x := 4 { } { } x := 1 { } { } y := 2

  50. Thread t1: 1: x := 1 2: y := 2 Thread t2: 1: y := 3 2: x := 4 x := 1 y := 2 y := 3 x := 4 Partial Order DPOR (Race-detection and flipping) Example Postponed Delayed Execution 3 { t1} { t1 } y := 3 { } { t1 } x := 4 { } { } Race X x := 1 { } { } y := 2

More Related