1 / 27

Two tasks for automated specialization of interpreters.

This article discusses two tasks for automated specialization of interpreters in programming languages, with a focus on verification and cache coherence protocols. It explores the use of a supercompiler as a specializer and the application of linear inequalities to express safety properties. Examples of parameterized cache coherence protocols are provided.

sdayton
Download Presentation

Two tasks for automated specialization of interpreters.

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. A Note on Specialization of Interpreters. Alexei P. LisitsaThe University of Liverpool. Andrei P. NemytykhProgram Systems Institute, Russian Academy of Sciences.

  2. Two tasks for automated specialization of interpreters. • L, M - programming languages, the semantics of L described by an interpreter int(p,d) written in M, where p ranges over the L-programs, d ranges over the L-data. • A famous task for automated specialization of the interpreter with respect to the first argument: int(p0,d) q(d) = int(p0,d) q can be seen as a result of compilation of p0from L to M.

  3. Two tasks for automated specialization of interpreters. • L, M - programming languages, the semantics of L described by an interpreter int(p,d) written in M, where p ranges over the L-programs, d ranges over the L-data. • The second task for specialization. The known part δ0 of the data is separated from the unknown part d: int(p,d,δ0) q(p,d) = int(p,d,δ0) Such a task may be reasonable and leads to interesting applications in verification.

  4. Verification via specialization. intM(pL,d,δ0) qM(pL,d) = intM(pL,d,δ0) • For the sake of simplicity, let L,M be predicative, i.e. defining only partial predicates rather than arbitrary recursive functions. • intM terminates for all pL,d,δ; • intM may terminate with abnormal stop.

  5. Verification via specialization. intM(pL,d,δ0) qM(pL,d) = intM(pL,d,δ0) • Let qM be a partial constant function TRUE and this property is expressed explicitlyin syntax of qM. E.g., we assume that the specializer • was weak enough not to be able to optimize intM as qM(pL,d) { return TRUE; } • but was strong enough to eliminate all constructors of the form return FALSE;

  6. Verification via specialization. intM(pL,d,δ0) qM(pL,d) = intM(pL,d,δ0) • We assume that the specializer • was weak enough not to be able to optimize intM as qM(pL,d) { return TRUE; } • but was strong enough to eliminate all constructors of the form return FALSE; In such a case, the result of specialization can be considered as a proof of the partial constant property.

  7. Verification via specialization:general case.

  8. Notes on history and the tool. • We use the supercompiler SCP4 (by A.P. Nemytykh, V.F. Turchin) as a specializer for REFAL (by V.F. Turchin). It is written once again in REFAL-5. • The idea of using supercompilation for proving that p implies q by composing a filter for p with a predicate for q is not new and is originated by V.F. Turchin. • A filter p(x) is a function f such that f(x) = x if p(x) and undefined if not.

  9. A class parameterized cache coherence protocols. • G. Delzanno specifies a class of parameterized cache coherence protocols with global correctness conditions in terms of Extended Finite State Machines (EFSM): transition systems with data variables ranging over non-negative numbers.

  10. A class parameterized cache coherence protocols. • Evolution of EFSM can be thought of as non-deterministic movement of pebbles between baskets and safety properties of the protocols are expressed as systems of linear inequalities imposed on the numbers of the pebbles in the baskets.

  11. An example: MESI parameterized cache coherence protocol (I). • Here modified, exclusive, shared, invalid are non-negative integer variables of EFSM model, which represent counting abstraction of original parameterized automata model: the names denote various states of the automaton (cache) and the values of the variables keep track of the number of automata in corresponding states.

  12. An example: MESI parameterized cache coherence protocol (II). • The parameterized initial configuration: • The potentially unsafe states are expressed with the two following constraints:

  13. Verification via specialization. intM(pL,d,δ0) qM(pL,d) = intM(pL,d,δ0) • Let qM be a partial constant function TRUE and this property is expressed explicitlyin syntax of qM. E.g., we assume that the specializer • was weak enough not to be able to optimize intM as qM(pL,d) { return TRUE; } • but was strong enough to eliminate all constructors of the form return FALSE;

  14. Verification via specialization:general case.

  15. The logical structure of the encoding of MESI protocol:(fint interpreter)

  16. The logical structure of the encoding of MESI protocol:(fint interpreter) fint(ps, <invs,mods,shars,excs>) { if null(ps) then return <invs,mods,shars,excs>; else fint( cdr(ps), move( car(ps), <invs,mods,shars,excs> ) );} move(p, <invs,mods,shars,excs>) { // RH - trivial. Nothing to do. if p =? RM && !null(invs) then return <cdr(invs),[],[], I : append(mods, append(shars, excs))>; // WH1 - trivial. Nothing to do. else if p =? WH2 && !null(excs) then return <invs, I : mods, shars, cdr(excs)>; else if p =? WH3 && !null(shars) then return <append(invs, append(mods,append(cdr(shars), excs))),[],[],I>; else if p =? WM && !null(invs) then return <append(cdr(invs), append(mods,append(shars, excs))),[],[],I>;}

  17. The logical structure of the encoding of MESI protocol:(the predicate) • Testing the data consistency: • The composition int =∘ fint:

  18. The logical structure of the encoding of MESI protocol:(the predicate) • Testing the data consistency: phi(<invs,mods,shars,excs>) { if !null(mods) && !null(shars) then return FALSE; else if !null(cdr(mods)) then return FALSE; else return TRUE; } • The composition int =∘ fint: int(ps, <invs,mods,shars,excs>) { if null(ps) then return phi(<invs,mods,shars,excs>); else fint( cdr(ps), move( car(ps), <invs,mods,shars,excs> ) ); }

  19. An example: MESI parameterized cache coherence protocol (II). • The parameterized initial configuration: • The potentially unsafe states are expressed with the two following constraints:

  20. The inductive automatic proof of the MESI data consistency.

  21. A parameter of the encoding. Our encoding of the protocols is not unique and it has a natural parameter - the order in which clauses corresponding to different moves in protocol games are expressed. For the MESI we have 24 (i.e. 4!) different permutations for these clauses and thus 24 different specialization tasks.

  22. The inductive automatic proof of the MESI data consistency.

  23. On the structure of the automatic proof. • The graph given in the previous slide represents the structure of the inductive proof of the MESI safety condition. The graph was constructed from the residual program and reflects its syntactical properties. • Induction on the length of the program evaluating the protocol. • Automatic construction of generalized hypothesis by means of generalization of the protocol configurations. • The hypothesis become true simultaneously.

  24. Verification of parameterized systems by the supercompiler SCP4. ( http://refal.botik.ru/protocols/ ) • Successful experiments on verification of global snooping cache coherence protocols: • IEEE Futurebus+, MOESI, MESI, MSI, “The University of Illinois”, Synapse N+1, DEC Firefly, “Berkeley”, Xerox PARC Dragon. • Parameterized directory client-server protocols: • Steve German's directory-based consistency protocol, Load Balancing Monitor protocol. • More global parameterized protocols: • Java Meta-Locking Algorithm, Reader-Writer protocol.

  25. The MOESI protocol.(The proof by SCP4: induction on time) Theorem1 Theorem2 True 8 True 2 # $ $ $ # Lemma $ True 4 # $ 5 $ 6 True 7

  26. Verification of the Xerox PARC Dragon cache coherence protocol. • An error in a description of the protocol has been foundas a result of analyzing of the residual program: • G. Delzanno, Automatic Verification of Parameterized Cache Coherence Protocols. and a test indicating the error was constructed. • Successful verification of a corrected version of the description of the protocol was done: • http://www.disi.unige.it/person/DelzannoG/protocol.html

  27. Thank you!

More Related