From Array Domains to Abstract Interpretation Under - - PowerPoint PPT Presentation

From Array Domains to Abstract Interpretation Under Store-Buffer-Based Memory Models

Thibault Suzanne, Antoine Miné Static Analysis: 23rd International Symposium, SAS 2016 September, 2016, Edinburgh, UK

1 Pirmin Schmid Seminar Software Engineering December 7, 2016

De quoi s’agit-il?

• New abstract interpretation of concurrent programs
• Setting: Weak memory consistency
• Model: store-buffer (FIFO) of infinite size
• including theoretical model, proof and

working implementation (OCaml)

2

Memory models in Hardware and Languages

• Strong consistency

4

RAM shared cache(s) cache(s) cache(s) cache(s) cache(s) core 0 core 1 core 2 core 3

Memory models in Hardware and Languages

• Weak consistency

5

RAM shared cache(s) cache(s) cache(s) cache(s) cache(s) core 0 core 1 core 2 core 3

Memory models in Hardware and Languages

• Weak consistency. TSO: total store ordering (x86)

6

core 0 shared memory core 1

Array buffer FIFO pipeline

Memory models in Hardware and Languages

• Weak consistency. TSO: total store ordering (x86)

7

core 0 shared memory (X=0; Y=0)

initial, shared X=0; Y=0 1: X = 1 2: Y = 2 3:

core 1

What can it see?

Memory models in Hardware and Languages

• Weak consistency. TSO: total store ordering (x86)

8

core 0 shared memory

initial, shared X=0; Y=0 1: X = 1 1b: ? flush 2: Y = 2 2b: ? flush 3:

core 1

• Weak consistency. TSO: total store ordering (x86)

X = 1

Memory models in Hardware and Languages

9

core 0 shared memory

initial, shared X=0; Y=0 1: X = 1 1b: ? flush 2: Y = 2 2b: ? flush 3:

core 1

• Weak consistency. TSO: total store ordering (x86)

Y = 2 X = 1

Memory models in Hardware and Languages

10

core 0 shared memory

initial, shared X=0; Y=0 1: X = 1 1b: ? flush 2: Y = 2 2b: ? flush 3:

core 1

What can it see?

• Weak consistency. PSO: partial store ordering (ARM)

X:

Memory models in Hardware and Languages

11

shared memory

initial, shared X=0; Y=0 1: X = 1 1b: ? flush 2: Y = 2 2b: ? flush 3:

core 1

What can it see? Y:

core 0

• Weak consistency. PSO: partial store ordering (ARM)

X: 1

Memory models in Hardware and Languages

12

shared memory

initial, shared X=0; Y=0 1: X = 1 1b: ? flush 2: Y = 2 2b: ? flush 3:

core 1

Y:

core 0

• Weak consistency. PSO: partial store ordering (ARM)

X: 1

Memory models in Hardware and Languages

13

shared memory

initial, shared X=0; Y=0 1: X = 1 1b: ? flush 2: Y = 2 2b: ? flush 3:

core 1

Y: 2

core 0

What can it see?

• Weak consistency. PSO: partial store ordering (ARM)

X: 1

Memory models in Hardware and Languages

14

shared memory

initial, shared X=0; Y=0 1: X = 1 1b: ? flush 2: Y = 2 2b: ? flush 3: fence 4:

core 1

Y: 2

core 0

What can it see?

Verification: Model checkers

• Promela / spin
• Scyther: crypto protocols
• Limitation: only finite state space
• State space explosion

15

Verification: Abstract interpretation. SC

16

Verification: Abstract interpretation. Dan et al.

17

Verification: Abstract interpretation. This study

18

Comparison

19

buffer size n ∞ state size m Model Checker

• ∞

Dan et al. This study

x11 x21 x31 x41 x51

PSO model: concrete domain

20

shared: xmem, ymem, zmem

y11 y21 y31

thread 1

x12 x22 z12 z22 z32

thread 2

x11 x21 x31 x41 x51

PSO model: concrete domain

21

shared: xmem, ymem, zmem

y11 y21 y31

thread 1

x12 x22 z12 z22 z32

thread 2

x11 x21 x31 x41 x51

PSO model: concrete domain

22

shared: xmem, ymem, zmem

y11 y21 y31

thread 1

x12 x22 z12 z22 z32

thread 2

x11 x21 x31 x41 x51

PSO model: concrete domain

23

shared: xmem, ymem, zmem

y11 y21 y31

thread 1

x12 x22 z12 z22 z32

thread 2

x11 x21 x31 x41 x51

PSO model: concrete semantics

24

shared: xmem, ymem, zmem

y11 y21 y31

thread 1

x12 x22 z12 z22 z32

thread 2

x11 x21 x31 x41 x51

PSO model: concrete semantics

25

shared: xmem, ymem, zmem

y11 y21 y31

thread 1

x12 x22 z12 z22 z32

thread 2

x11 x21 x31 x41 x51

PSO model: concrete semantics

26

shared: xmem, ymem, zmem

y11 y21 y31

thread 1

x12=e x22 x32 z12 z22 z32

thread 2

x11 x21 x31 x41 x51

PSO model: concrete semantics

27

shared: xmem, ymem, zmem

y11 y21 y31

thread 1

x12 x22 x32 z12 z22 z32

thread 2

x11 x21 x31 x41 x51

PSO model: concrete semantics

28

shared: xmem, ymem, zmem

y11 y21 y31

thread 1

x12 x22 x32 z12 z22 z32

thread 2

x11 x21 x31 x41 x51

PSO model: concrete semantics

29

shared: xmem, ymem, zmem

y11 y21 y31

thread 1

x12 x22 z12 z22 z32

thread 2

• Key insight: summarize and partition.

x11 x21 x31 x41 x51

Abstraction: handling ∞

32

shared: xmem, ymem, zmem

y11 y21 y31

thread 1

x12 z12 z22 z32

thread 2

𝛽"#$ :

• Key insight: summarize and partition.

x11 xbot1

Abstraction: handling ∞

33

shared: xmem, ymem, zmem

y11 ybot1

thread 1

x12 z12 zbot2

thread 2

𝛽"#$ :

• Key insight: summarize and partition.

x11 xbot1

Abstraction: handling ∞

34

shared: xmem, ymem, zmem

y11 ybot1

thread 1

x12 z12 zbot2

thread 2

𝛽"#$ :

∞ solved cost: loosing precision

x11 xbot1

Abstraction: partial buffer state information

35

shared: xmem, ymem, zmem

y11 ybot1

thread 1

x12 z12 zbot2

thread 2

x11 xbot1

Abstraction: partial buffer state information

36

shared: xmem, ymem, zmem

y11 ybot1

thread 1

x12 z12 zbot2

thread 2 2 steps: 1) summarize 2) resolve partition

Abstract transformers

37

Abstract transformers on partitions {.}

38

Abstract transformers on partitions {.}

39

Abstract transformers [[.]] using the {.}

40

x11 xbot1

Abstraction: partial buffer state information

41

shared: xmem, ymem, zmem

y11 ybot1

thread 1

x12 z12 zbot2

thread 2 2 steps: 1) summarize 2) resolve partition

My own code example

42

Result

43

PSO

My own code example with fences

44

Result with fences

45

Code example from paper

46

Benchmark

47

Benchmark

48

Benchmark

49

Benchmark

50

Benchmark

51

Discussion

• Good things
• Limitations
• Suggested improvements

52

Acknowledgment

• Thibault Suzanne for the VM with the working analyzer
• Andrei Dan for interesting discussion

53