Verifying Transactional Programs with Programmer-Defined Conflict Detection Omer Subasi, Serdar...
-
Upload
sabrina-hawkins -
Category
Documents
-
view
225 -
download
0
description
Transcript of Verifying Transactional Programs with Programmer-Defined Conflict Detection Omer Subasi, Serdar...
![Page 1: Verifying Transactional Programs with Programmer-Defined Conflict Detection Omer Subasi, Serdar Tasiran (Ko University) Tim Harris (Microsoft Research)](https://reader035.fdocuments.in/reader035/viewer/2022062600/5a4d1bb47f8b9ab0599ce1c6/html5/thumbnails/1.jpg)
Verifying Transactional Programs with
Programmer-Defined Conflict Detection
Omer Subasi, Serdar Tasiran (Koç University) Tim Harris (Microsoft Research)
Adrian Cristal, Osman Unsal (Barcelona SC)Ruben Titos-Gil (University of Murcia)
![Page 2: Verifying Transactional Programs with Programmer-Defined Conflict Detection Omer Subasi, Serdar Tasiran (Ko University) Tim Harris (Microsoft Research)](https://reader035.fdocuments.in/reader035/viewer/2022062600/5a4d1bb47f8b9ab0599ce1c6/html5/thumbnails/2.jpg)
Motivation: Linked List from Genome
1 3 6 9 12 15 17Head
5
16
Insert 5
Insert 16
![Page 3: Verifying Transactional Programs with Programmer-Defined Conflict Detection Omer Subasi, Serdar Tasiran (Ko University) Tim Harris (Microsoft Research)](https://reader035.fdocuments.in/reader035/viewer/2022062600/5a4d1bb47f8b9ab0599ce1c6/html5/thumbnails/3.jpg)
1 3 6 9 12 15 17HeadREAD
![Page 4: Verifying Transactional Programs with Programmer-Defined Conflict Detection Omer Subasi, Serdar Tasiran (Ko University) Tim Harris (Microsoft Research)](https://reader035.fdocuments.in/reader035/viewer/2022062600/5a4d1bb47f8b9ab0599ce1c6/html5/thumbnails/4.jpg)
1 3 6 9 12 15 17Head
5
WRITE
READ
![Page 5: Verifying Transactional Programs with Programmer-Defined Conflict Detection Omer Subasi, Serdar Tasiran (Ko University) Tim Harris (Microsoft Research)](https://reader035.fdocuments.in/reader035/viewer/2022062600/5a4d1bb47f8b9ab0599ce1c6/html5/thumbnails/5.jpg)
Write-After-Read
conflict!
1 3 6 9 12 15 17Head
5
16
WRITE
WRITE
READ
![Page 6: Verifying Transactional Programs with Programmer-Defined Conflict Detection Omer Subasi, Serdar Tasiran (Ko University) Tim Harris (Microsoft Research)](https://reader035.fdocuments.in/reader035/viewer/2022062600/5a4d1bb47f8b9ab0599ce1c6/html5/thumbnails/6.jpg)
Write-After-Read
conflict!
1 3 6 9 12 15 17Head
5
16
WRITE
WRITE
READ
• Conventional TM conflict detection– Insertions conflict often
![Page 7: Verifying Transactional Programs with Programmer-Defined Conflict Detection Omer Subasi, Serdar Tasiran (Ko University) Tim Harris (Microsoft Research)](https://reader035.fdocuments.in/reader035/viewer/2022062600/5a4d1bb47f8b9ab0599ce1c6/html5/thumbnails/7.jpg)
1 3 6 9 12 15 17Head
5
16
• But, both insertions OK even if we ignore WAR conflict⇒Relaxed conflict detection
![Page 8: Verifying Transactional Programs with Programmer-Defined Conflict Detection Omer Subasi, Serdar Tasiran (Ko University) Tim Harris (Microsoft Research)](https://reader035.fdocuments.in/reader035/viewer/2022062600/5a4d1bb47f8b9ab0599ce1c6/html5/thumbnails/8.jpg)
8
User-Defined Conflict Detection
• Ignore write-after-read conflicts (Titos et al):
atomic[!WAR]{insert method body
}
![Page 9: Verifying Transactional Programs with Programmer-Defined Conflict Detection Omer Subasi, Serdar Tasiran (Ko University) Tim Harris (Microsoft Research)](https://reader035.fdocuments.in/reader035/viewer/2022062600/5a4d1bb47f8b9ab0599ce1c6/html5/thumbnails/9.jpg)
9
Linked List: Insertlist_insert(list_t *listPtr, node_t *node) {
atomic {
*curr = listPtr->head; do {
prev = curr; curr = curr->next; } while (curr != NULL &&
curr->key < node->key);
node->next = curr; prev->next = node;
}}
![Page 10: Verifying Transactional Programs with Programmer-Defined Conflict Detection Omer Subasi, Serdar Tasiran (Ko University) Tim Harris (Microsoft Research)](https://reader035.fdocuments.in/reader035/viewer/2022062600/5a4d1bb47f8b9ab0599ce1c6/html5/thumbnails/10.jpg)
10
Linked List: Insertlist_insert(list_t *listPtr, node_t *node) {
atomic {
*curr = listPtr->head; do {
prev = curr; curr = curr->next; } while (curr != NULL &&
curr->key < node->key);
node->next = curr; prev->next = node;
assert(node is in the list && list is sorted); }
}
Strict conflict detection:
Can reason about transaction code sequentially.
![Page 11: Verifying Transactional Programs with Programmer-Defined Conflict Detection Omer Subasi, Serdar Tasiran (Ko University) Tim Harris (Microsoft Research)](https://reader035.fdocuments.in/reader035/viewer/2022062600/5a4d1bb47f8b9ab0599ce1c6/html5/thumbnails/11.jpg)
11
Linked List: Insertlist_insert(list_t *listPtr, node_t *node) {
atomic [!WAR]{
*curr = listPtr->head; do {
prev = curr; curr = curr->next; } while (curr != NULL &&
curr->key < node->key);
node->next = curr; prev->next = node;
assert(node is in the list && list is sorted); }
}
Ignore Write-After-Readconflicts:
• Writes by others can occur between read phase and write phase
• Lost ability to reasonsequentially
1 3 6
5
WRITE
READ
![Page 12: Verifying Transactional Programs with Programmer-Defined Conflict Detection Omer Subasi, Serdar Tasiran (Ko University) Tim Harris (Microsoft Research)](https://reader035.fdocuments.in/reader035/viewer/2022062600/5a4d1bb47f8b9ab0599ce1c6/html5/thumbnails/12.jpg)
12
Making !WAR block atomiclist_insert(list_t *listPtr, node_t *node) {
atomic [!WAR]{
*curr = listPtr->head; do {
prev = curr; curr = curr->next; } while (curr != NULL &&
curr->key < node->key);
node->next = curr; prev->next = node;
assert(node is in the list && list is sorted); }
}
Would like this action to be “right mover”
• Can commute to the right of any actionby another thread
![Page 13: Verifying Transactional Programs with Programmer-Defined Conflict Detection Omer Subasi, Serdar Tasiran (Ko University) Tim Harris (Microsoft Research)](https://reader035.fdocuments.in/reader035/viewer/2022062600/5a4d1bb47f8b9ab0599ce1c6/html5/thumbnails/13.jpg)
13
Right Mover
commutes to the right of if ; goes to state S then ; goes to same state S.
If is right-mover:
; ;
![Page 14: Verifying Transactional Programs with Programmer-Defined Conflict Detection Omer Subasi, Serdar Tasiran (Ko University) Tim Harris (Microsoft Research)](https://reader035.fdocuments.in/reader035/viewer/2022062600/5a4d1bb47f8b9ab0599ce1c6/html5/thumbnails/14.jpg)
14
Making !WAR block atomiclist_insert(list_t *listPtr, node_t *node) {
atomic [!WAR]{
*curr = listPtr->head; do {
prev = curr; currT1 = currT1->next; } while (curr != NULL &&
curr->key < node->key);
node->next = curr; prev->next = node;
assert(node is in the list && list is sorted); }
}
nodeT2->next = curr;
Ignored WAR conflict:
currT1 = currT1->next;
does not move to the right of
nodeT2->next = curr;
Solution: Abstraction
![Page 15: Verifying Transactional Programs with Programmer-Defined Conflict Detection Omer Subasi, Serdar Tasiran (Ko University) Tim Harris (Microsoft Research)](https://reader035.fdocuments.in/reader035/viewer/2022062600/5a4d1bb47f8b9ab0599ce1c6/html5/thumbnails/15.jpg)
15
Abstraction intuition
1 3 6
5READ 6; WRITE 5
1 3 6
5WRITE 5; READ 5
Want to read 6 again!
1 3 6
5ABSTRACT READ 6; WRITE 5
1 3 6
5WRITE 5; ABSTRACT READ 6
Need to jump over
5.
ABSTRACT READ: Read anything forward but do
not pass the key.
![Page 16: Verifying Transactional Programs with Programmer-Defined Conflict Detection Omer Subasi, Serdar Tasiran (Ko University) Tim Harris (Microsoft Research)](https://reader035.fdocuments.in/reader035/viewer/2022062600/5a4d1bb47f8b9ab0599ce1c6/html5/thumbnails/16.jpg)
16
Abstraction intuition
1 3 6
5READ 6; WRITE 5
1 3 6
5WRITE 5; READ 5
Want to read 6 again!
1 3 6
5ABSTRACT READ 6; WRITE 5
1 3 6
5WRITE 5; ABSTRACT READ 6
Need to jump over
5.
curr = curr->next; with curr = curr->next*; but don’t go past key.
![Page 17: Verifying Transactional Programs with Programmer-Defined Conflict Detection Omer Subasi, Serdar Tasiran (Ko University) Tim Harris (Microsoft Research)](https://reader035.fdocuments.in/reader035/viewer/2022062600/5a4d1bb47f8b9ab0599ce1c6/html5/thumbnails/17.jpg)
17
Abstractionlist_insert(list_t *listPtr, node_t *node) {
atomic [!WAR]{
*curr = listPtr->head; do {
prev = curr; currT1 = currT1->next*; } while (curr != NULL &&
curr->key < node->key);
node->next = curr; prev->next = node;
assert(node is in the list && list is sorted); }
}
Solution: Abstraction
Replace
currT1 = currT1->next; with currT1 = currT1->next*; but don’t go past key.
• Now the block is atomic.• Can do sequential verification.• Use a sequential verification tool such as HAVOC, VCC…
![Page 18: Verifying Transactional Programs with Programmer-Defined Conflict Detection Omer Subasi, Serdar Tasiran (Ko University) Tim Harris (Microsoft Research)](https://reader035.fdocuments.in/reader035/viewer/2022062600/5a4d1bb47f8b9ab0599ce1c6/html5/thumbnails/18.jpg)
18
1. Sequentially prove the original code
list_insert(list_t *listPtr, node_t *node) {
*curr = listPtr->head; do {prev = curr; curr = curr->next; } while (curr != NULL && curr->key < node->key);
node->next = curr; prev->next = node;
assert(node is in the list && list is sorted); }
}
![Page 19: Verifying Transactional Programs with Programmer-Defined Conflict Detection Omer Subasi, Serdar Tasiran (Ko University) Tim Harris (Microsoft Research)](https://reader035.fdocuments.in/reader035/viewer/2022062600/5a4d1bb47f8b9ab0599ce1c6/html5/thumbnails/19.jpg)
19
2. Apply the program transformation
list_insert(list_t *listPtr, node_t *node) {
*curr = listPtr->head; do {prev = curr; curr = curr->next*; } while (curr != NULL && curr->key < node->key);
node->next = curr; prev->next = node;
assert(node is in the list && list is sorted); }
}
Do global read abstractions Abstract transaction becomes
atomic .
![Page 20: Verifying Transactional Programs with Programmer-Defined Conflict Detection Omer Subasi, Serdar Tasiran (Ko University) Tim Harris (Microsoft Research)](https://reader035.fdocuments.in/reader035/viewer/2022062600/5a4d1bb47f8b9ab0599ce1c6/html5/thumbnails/20.jpg)
20
3. Prove sequentially properties on abstract code
list_insert(list_t *listPtr, node_t *node) {
*curr = listPtr->head; do {prev = curr; curr = curr->next*; } while (curr != NULL && curr->key < node->key);
node->next = curr; prev->next = node;
assert(node is in the list && list is sorted); }
} Finally: Soundness theorem says properties hold on original code, with !WAR ignored.
![Page 21: Verifying Transactional Programs with Programmer-Defined Conflict Detection Omer Subasi, Serdar Tasiran (Ko University) Tim Harris (Microsoft Research)](https://reader035.fdocuments.in/reader035/viewer/2022062600/5a4d1bb47f8b9ab0599ce1c6/html5/thumbnails/21.jpg)
21
Other proofs
• Labyrinth from STAMP.• StringBuffer pool.• Can apply to any program that has the pattern
where: • a large portion of the shared data is read first• local computations is done and then• a small portion of shared data is updated