23
On Sequentializing Concurrent Programs Ahmed Bouajjani LIAFA, University of Paris 7, France Michael Emmi LIAFA, University of Paris 7, France Gennaro Parlato ✓ University of Southampton, UK
On Sequentializing Concurrent Programs
Ahmed Bouajjani LIAFA, University of Paris 7, France
Michael Emmi LIAFA, University of Paris 7, France
Gennaro Parlato ✓
University of Southampton, UK
What is this talk about?Use of verification tools for sequential programs
to analyze concurrent programs
Write a sequential program that simulates the concurrent program Kiss: Keep It Simple and Sequential [Qadeer, Wu—
PLDI’04]
Many efficient solutions have been developed for sequential programs:
SMT-based Bounded Model-Checkers, BDD-based model-checkers, approximation techniques, deductive verification, …
Why don’t we exploit them?
code-to-code translation as a plug-in for sequential tools
A convenient way to get new tools for conc. programs …
Sequ. tool
Concsequtranlsation
Instrumentationfor the Sequ. tool
Concurrent Program
T1 T2 Tn
shared vars(SC semantics)
…
Sequ.program
What would it be a good sequential simulation?
First attempt: Tracking state: C1 X C2 X … Ci … X Cn X Shared
Simulation: at each step simulate one move of a thread
State space explosion !
Q: Can we avoid such an explosion (cross product of locals)?
Yes, if we consider at most 2 context-switches[Qadeer, Wu—PLDI’04]
13
2
132
Q: Can we avoid such an explosion (cross product of locals)?
A: YES, for certain under-approximation
Q: What about complete simulations ?
A: NO! (for theoretical reasons)
Related works• Up 2 context-switches [Qadeer, Wu—
PLDI’04]
• Many concurrency errors manifest themselves within few context-switches [Musuvathi, Qadeer—PLDI`07]
• Any fixed # context-switches (finite # of threads) • Eager [Lal, Reps—CAV`08]• Lazy [La Torre, Parlato, Madhusudan—CAV`09]
• Round-Robin schedules & parametrized programs• Lazy [La Torre, Parlato, Madhusudan—CAV`10]
• Delay-bounded schedules (thread creation) [Emmi, Qadeer, Rakamaric—POPL`11]
• Over-approximation [Garg, Madhusudan, TACAS`11]
Proposed sequentializations common characteristics
Avoid cross product (compositional)• 1 stack for the simulation• 1 local state, fixed # of shared states
Conc. & Sequ. Programs are in the same class• i.e. no additional data structures to simulate parallelism• Example: Boolean conc. programs Boolean
(sequential) program
Parametrized: increasing the parameter • more and more behaviors are captured• at the expense of more computational resources
Explore as many behaviors as possible• Goal
Our contribution
General mechanism enabling compositional sequentializations• Under-approximations
Captures at least or more behaviors than existing sequentializations
Existing sequentializations can be seen as a restrictions of ours
Our Concurrent Sequential
Translation
- Compositional semantics- Thread interfaces
- Bounded semantics (restricted compositional semantics)
Compositional Semantics(code-to-code translation to sequ.
programs)P ::= var g:T H
H ::= proc p (var l:T ) s
s ::= s; s | x := e | skip | assume e
| if e then s else s | while e do s
| call x := p e | return e
| post p e | yield //Concurrent stmt
x ::= g | l
T1 T2 Tn
shared vars(SC semantics)
…
Main idea of the sequentialization• Transform each thread creation into a procedure call:
post p e call g:=p eOnly one interaction • Solution (return all possible interactions)
post p e call INTERFACE:=p e
Key concept: Thread interface
An interface of a thread T in an executioncaptures the interactions (shared states) of T and all its sub-threads with the remaining threads involved in the executionThread interface
s1 s1’
s2
s3
s4
s5
s2’
s3’
s4’
s5’
How to compute Thread interface
• Every thread creation is transformed into a procedure call
• A thread procedure • computes an interface of the thread by simulating its
code
• The thread procedure keeps the following data structure to compute the interface
EXP: Interface to exportBAG: Interfaces imported from posted threads
Updating the interface data-structure:initialization
The procedure that simulates a thread first initializes the interface data-structure:• interface to export is initialized with one round ( s1, s1 ) ( s1 is a guessed shared state)• bag of imported interfaces is empty
∅s1 s1
EXP: Interface to exportBAG: Interfaces imported from posted threads
Updating the interface data-structure:
thread creation (post)
At any thread creation:
post p e transformed interface := call thread-p e; Add( BAG, interface );
EXP: Interface to exportBAG: Interfaces imported from posted threads
Updating the interface data-structure
context-switch (yield)
At any yield point non deterministically either 1. interact at least once with internal threads, or2. interact with an external thread
a
a b
b
EXP: Interface to exportBAG: Interfaces imported from posted threads
Updating the interface data-structure
context-switch (yield)
At any yield point non deterministically either 1. interact at least once with internal threads, or2. interact with an external thread
• Add a new round (a,a) to the interface to export ( a is guessed )
EXP: Interface to exportBAG: Interfaces imported from posted threads
a a
Sequential semantics for conc. programs
We’ve obtained a sequential program that simulates the conc. program by computing interfacesEach Thread code p is replaced by the procedure thread-p:• Variables: Locals + Interface data-structure• Initialize the interface data-structure• The code of the original thread is attached• Only post, and yield statement are replaced with new code
(simulating the operations presented previously)• At yield a yield statement (or return) return the exported
interface
interface data-structure is unbounded
• An interface as a list:
aceg
bdfh
a b
c d
e f
g h
Bounding & Compressing
Bounding & Compressing • Bound the # nodes in the interface data
structure• Compress the bag of exported interface as a
DAGWe merge two node (x, y) and (y,z) into (x,z)
x y y z
- Ex 1. - Ex 2.
x y
y z
Our Sequentialization
Compositional Semantics+
Bounding & Compressing
All existing sequentializations can be
simulated- Up 2 context-switches [Qadeer, Wu—PLDI’04]
- Any fixed # context-switches (finite # of threads) - Eager [Lal, Reps—CAV`08]- Lazy [La Torre, Parlato, Madhusudan—CAV`09]
- Round-Robin schedules & parametrized programs- Lazy [La Torre, Parlato, Madhusudan—CAV`10]
- Delay bounded schedules (thread creation) [Emmi, Qadeer, Rakamaric—
POPL`11]
T1 T2 Tn
initialshared state
round 1round 2
round k
Sequ. for any fixed # context-switches
(finite # of threads) [Lal, Reps—CAV`08]
1 23
Conclusions
Conclusions:We have presented a general mechanism enabling compositional sequentializations of concurrent programs (under SC)
- parameterized (bounding & compressing the # of nodes in the interfaces)- more behaviors than existing sequentializations- Thread creation, parameterized programs, finite # threads- All existing sequentializations can be explained within our framework
Weak Memory models:- Translation TSO SC [Atig, Bouajjani, Parlato—CAV`11]- TSO SC sequential
Future works:- Experimental evaluation- Sequentializations for distributed programs (FIFO channels) ?
- The Tree-width of Auxiliary Storage [Madhusudan, Parlato—POPL`11]
- Lazy transformation of our sequentialization [La Torre, Madhusudan, Parlato—CAV`09, CAV`10]Thanks!
