10 research outputs found
Property-Driven Fence Insertion using Reorder Bounded Model Checking
Modern architectures provide weaker memory consistency guarantees than
sequential consistency. These weaker guarantees allow programs to exhibit
behaviours where the program statements appear to have executed out of program
order. Fortunately, modern architectures provide memory barriers (fences) to
enforce the program order between a pair of statements if needed. Due to the
intricate semantics of weak memory models, the placement of fences is
challenging even for experienced programmers. Too few fences lead to bugs
whereas overuse of fences results in performance degradation. This motivates
automated placement of fences. Tools that restore sequential consistency in the
program may insert more fences than necessary for the program to be correct.
Therefore, we propose a property-driven technique that introduces
"reorder-bounded exploration" to identify the smallest number of program
locations for fence placement. We implemented our technique on top of CBMC;
however, in principle, our technique is generic enough to be used with any
model checker. Our experimental results show that our technique is faster and
solves more instances of relevant benchmarks as compared to earlier approaches.Comment: 18 pages, 3 figures, 4 algorithms. Version change reason : new set of
results and publication ready version of FM 201
Programming Not Only by Example
In recent years, there has been tremendous progress in automated synthesis
techniques that are able to automatically generate code based on some intent
expressed by the programmer. A major challenge for the adoption of synthesis
remains in having the programmer communicate their intent. When the expressed
intent is coarse-grained (for example, restriction on the expected type of an
expression), the synthesizer often produces a long list of results for the
programmer to choose from, shifting the heavy-lifting to the user. An
alternative approach, successfully used in end-user synthesis is programming by
example (PBE), where the user leverages examples to interactively and
iteratively refine the intent. However, using only examples is not expressive
enough for programmers, who can observe the generated program and refine the
intent by directly relating to parts of the generated program.
We present a novel approach to interacting with a synthesizer using a
granular interaction model. Our approach employs a rich interaction model where
(i) the synthesizer decorates a candidate program with debug information that
assists in understanding the program and identifying good or bad parts, and
(ii) the user is allowed to provide feedback not only on the expected output of
a program, but also on the underlying program itself. That is, when the user
identifies a program as (partially) correct or incorrect, they can also
explicitly indicate the good or bad parts, to allow the synthesizer to accept
or discard parts of the program instead of discarding the program as a whole.
We show the value of our approach in a controlled user study. Our study shows
that participants have strong preference to using granular feedback instead of
examples, and are able to provide granular feedback much faster
BMC with Memory Models as Modules
This paper reports progress in verification tool engineering for weak memory models. We present two bounded model checking tools for concurrent programs. Their distinguishing feature is modularity: Besides a program, they expect as input a module describing the hardware architecture for which the program should be verified. DARTAGNAN verifies state reachability under the given memory model using a novel SMT encoding. PORTHOS checks state equivalence under two given memory models using a guided search strategy. We have performed experiments to compare our tools against other memory model-aware verifiers and find them very competitive, despite the modularity offered by our approach.Peer reviewe
Optimal Stateless Model Checking under the Release-Acquire Semantics
We present a framework for the efficient application of stateless model
checking (SMC) to concurrent programs running under the Release-Acquire (RA)
fragment of the C/C++11 memory model. Our approach is based on exploring the
possible program orders, which define the order in which instructions of a
thread are executed, and read-from relations, which specify how reads obtain
their values from writes. This is in contrast to previous approaches, which
also explore the possible coherence orders, i.e., orderings between conflicting
writes. Since unexpected test results such as program crashes or assertion
violations depend only on the read-from relation, we avoid a potentially
significant source of redundancy. Our framework is based on a novel technique
for determining whether a particular read-from relation is feasible under the
RA semantics. We define an SMC algorithm which is provably optimal in the sense
that it explores each program order and read-from relation exactly once. This
optimality result is strictly stronger than previous analogous optimality
results, which also take coherence order into account. We have implemented our
framework in the tool Tracer. Experiments show that Tracer can be significantly
faster than state-of-the-art tools that can handle the RA semantics.Comment: Accepted paper in OOPSLA'1
Recommended from our members
Prove Once, Run Efficiently Anywhere: Tools for Lock-free Concurrent Algorithms
The multi-core revolution has pushed programmers and algorithm designers to build algorithms that leverage concurrency. This notoriously difficult task is futher complicated by the existence of weak architecture and language memory models. The presence of many such memory models has traditionally forced correctness proofs for lock-free concurrent algorithms to be performed on a per-model basis, resulting in a significant duplication of effort. We demonstrate that the correctness of lock-free concurrent algorithms can be proved once for implementations that can be compiled to run correctly and efficiently on all mainstream memory models
Proceedings of the 21st Conference on Formal Methods in Computer-Aided Design – FMCAD 2021
The Conference on Formal Methods in Computer-Aided Design (FMCAD) is an annual conference on the theory and applications of formal methods in hardware and system verification. FMCAD provides a leading forum to researchers in academia and industry for presenting and discussing groundbreaking methods, technologies, theoretical results, and tools for reasoning formally about computing systems. FMCAD covers formal aspects of computer-aided system design including verification, specification, synthesis, and testing
Computer Aided Verification
This open access two-volume set LNCS 11561 and 11562 constitutes the refereed proceedings of the 31st International Conference on Computer Aided Verification, CAV 2019, held in New York City, USA, in July 2019. The 52 full papers presented together with 13 tool papers and 2 case studies, were carefully reviewed and selected from 258 submissions. The papers were organized in the following topical sections: Part I: automata and timed systems; security and hyperproperties; synthesis; model checking; cyber-physical systems and machine learning; probabilistic systems, runtime techniques; dynamical, hybrid, and reactive systems; Part II: logics, decision procedures; and solvers; numerical programs; verification; distributed systems and networks; verification and invariants; and concurrency
Dynamic synthesis for relaxed memory models
Modern architectures implement relaxed memory models which may reorder memory operations or execute them non-atomically. Special instructions called memory fences are provided, allowing control of this behavior. To implement a concurrent algorithm for a modern architecture, the programmer is forced to manually reason about subtle relaxed behaviors and figure out ways to control these behaviors by adding fences to the program. Not only is this process time consuming and error-prone, but it has to be repeated every time the implementation is ported to a different architecture. In this paper, we present the first scalable framework for han-dling real-world concurrent algorithms running on relaxed archi-tectures. Given a concurrent C program, a safety specification, and a description of the memory model, our framework tests the pro-gram on the memory model to expose violations of the specifica-tion, and synthesizes a set of necessary ordering constraints that prevent these violations. The ordering constraints are then realized as additional fences in the program. We implemented our approach in a tool called DFENCE based on LLVM and used it to infer fences in a number of concurrent al-gorithms. Using DFENCE, we perform the first in-depth study of the interaction between fences in real-world concurrent C programs, correctness criteria such as sequential consistency and linearizabil-ity, and memory models such as TSO and PSO, yielding many in-teresting observations. We believe that this is the first tool that can handle programs at the scale and complexity of a lock-free memory allocator