1 / 21

Reasoning about Relaxed Programs

Reasoning about Relaxed Programs. Michael Carbin Deokhwan Kim, Sasa Misailovic , and Martin Rinard. Research Focus. Non-Traditional Program Transformation Program Repair Eliminate memory leaks Eliminate memory errors (buffer overflows, segfaults ) Escape from infinite loops

kendis
Download Presentation

Reasoning about Relaxed Programs

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Reasoning about Relaxed Programs Michael Carbin Deokhwan Kim, SasaMisailovic, and Martin Rinard

  2. Research Focus • Non-Traditional Program Transformation • Program Repair • Eliminate memory leaks • Eliminate memory errors (buffer overflows, segfaults) • Escape from infinite loops • Accuracy-Aware Program Optimization • Trade accuracy of result for performance

  3. Traditional Program Transformation Transformation .c .c ≡

  4. Non-Traditional Program Transformation Transformation .c .c ≅

  5. Loop Perforation of Motion Estimation in x264 (Misailovic, etal) Reference Frame Current Frame ?

  6. Loop Perforation intmotion_estimation(block_t[] blocks, int n) { intidx = 0, best = INT_MAX, num_iters = 0, i = 0; while (i < n) { int cur = compute_distance(blocks[i]); if (cur < best) { idx = i; best = cur; } num_iters = num_iters + 1; i = i + 1; } assert (0 <= idx < n); return idx; }

  7. Loop Perforation intmotion_estimation(block_t[] blocks, int n) { intidx = 0, best = INT_MAX, num_iters = 0, i = 0; while (i < n) { int cur = compute_distance(blocks[i]); if (cur < best) { idx = i; best = cur; } num_iters = num_iters + 1; i = i + 2; } assert (0 <= idx < n); return idx; }

  8. Loop Perforation intmotion_estimation(block_t[] blocks, int n) { intidx = 0, best = INT_MAX, num_iters = 0, i = 0; while (i < n) { int cur = compute_distance(blocks[i]); if (cur < best) { idx = i; best = cur; } num_iters = num_iters + 1; i = i + 4; } assert (0 <= idx < n); return idx; }

  9. Quality of Service Profiling • Automatically explore alternate versions QoS model Quality of Service profiler Program Subcomputation Transformation TransformationEvaluation Time Profiler Input(s) timing info performance vs QoS info

  10. Research Questions Is it possible to write an implementation and specify flexibility at the same time? Or write program and later relaxits semantics? What can we say about the correctness of the resulting program?

  11. Loop Perforation Example intmotion_estimation(block_t[] blocks, int n) { intidx = 0, best = INT_MAX, step = 1, num_iters = 0, i = 0; while (i < n) { int cur = compute_distance(blocks[i]); if (cur < best) { idx = i; best = cur; } num_iters = num_iters + 1; relax (step) st step == 1 || step == 2; i = i + step; } assert (0 <= idx < n); accept (num_iters<o> / 2 <= num_iters<r>); return idx; }

  12. Relaxed Program • Single Program Text, Two Semantics • One interpretation with the original semantics (ignore relax statements) • One interpretation with the relaxed semantics(include relax statements) Two semantics are related by nondeterministic transformations of the program state: relax (step) st step == 1 || step == 2;

  13. Relaxed Programming Assertions • accept (P*) • Relational assertion – relates both semantics. • assert (P) • Non-relational assertion- holds for individually. • assume (P) • Non-relational assumption - like admitin Coq. assert (0 <= idx < n);

  14. Program Semantics Formalization • Dynamic Semantics • One for original semantics : original execution. • One for relaxed semantics : relaxed execution. • Axiomatic Semantics for Verification • Variant of Relational Hoare Logic.

  15. Axiomatic Semantics Input Relaxed Execution Original Execution ≅ accept (num_iters<o> / 2 <= num_iters<r>);

  16. Verification Guarantees • Acceptability • An original execution and relaxed execution on the same input satisfy accept statements. • Non-interference withassert and assume • Still valid for relaxed executions.

  17. Coq Development • About 6000 lines of code and proof. • Some automation, but mostly manual. • Coq instructed the proof strategy. • Chose big-step dynamic semantics. • Small-step proofs were very complicated. • More difficult in general, but amplified by Coq. • Majority of work in relational assertion logic. • Substitution lemmas, etc.

  18. Coq Experience “Most complicated system I’ve ever seen.” “Very powerful – you can express anything you want.” “Difficult to navigate multiple layers of abstractions/automations.”

  19. Conclusion • Relaxed Programming in Coq • Work in progress (in submission). • Ask me after class ifyou have more questions. • Is Coq useful? • A natural discussion if you bring up Coq. • Utility = benefit / cost

  20. Conclusion (cont.) • A lot of research on lowering costs • Better abstractions • More Automation • But less research on benefits • Correctness... but, software can always be better. • Is there a system we can build with Coq that is impossible to build with traditional methods?

  21. The End

More Related