1 / 30

Guy Gueta Tel Aviv University Cormac Flanagan University of California, Santa Cruz

Cartesian Partial-Order Reduction. Guy Gueta Tel Aviv University Cormac Flanagan University of California, Santa Cruz Eran Yahav IBM Watson Mooly Sagiv Tel Aviv University. Thread 2 x2 := 1. Thread n xn := 1. Thread 1 x1 := 1. Motivation.

tehya
Download Presentation

Guy Gueta Tel Aviv University Cormac Flanagan University of California, Santa Cruz

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cartesian Partial-Order Reduction Guy Gueta Tel Aviv University Cormac Flanagan University of California, Santa Cruz Eran Yahav IBM Watson Mooly Sagiv Tel Aviv University

  2. . . . Thread 2 x2 := 1 Thread n xn := 1 Thread 1 x1 := 1 Motivation • State space explosion is a big problem for model checkers • One of the main causes is scheduling nondeterminism • Example: • State space: 2n states • naive model checker: 2n states • Partial-order reduction algorithms • perform model checking by considering a subset of the state space

  3. Main Results A new Dynamic POR algorithm Identifies dependencies during state-space exploration Does not require a preliminary static analysis to identify dependencies Handles cyclic state spaces Preliminary experiments show significant savings Parallelizable Multiple processors often yield improved running times 3

  4. x=0 y=0 PC1=1 PC2=0 x=0 y=2 PC1=0 PC2=1 Naïve Exploration Thread 1: 0: nop 1: x=1 2: y=1 3: … Thread 2: 0: y=2 1: nop 2: x=2 3: … x=0 y=0 PC1=0 PC2=0 Use the next atomic instruction of each thread nop y=2 Explores the entire state space

  5. x=1 y=0 PC1=2 PC2=0 x=2 y=2 PC1=0 PC2=3 Our approach Thread 1: 0: nop 1: x=1 2: y=1 3: … Thread 2: 0: y=2 1: nop 2: x=2 3: … x=0 y=0 PC1=0 PC2=0 Try to use more than one atomic instruction of each thread nop ; x=1 ; y=2 ; nop ; x=2 ; not necsesarily atomic block Explores a subset of the state space

  6. s B B R R Independent Transitions • B and R are independent transitions if they commute:B ∘ R = R ∘ B • Examples: • x := 1 and y := 3 are independent • x++ and x++ are independent • Not Independent = Dependent

  7. t1 t2 S1 S S2 p1: t’1 t’2 t’3 t’4 S’1 S S’2 S’3 S’4 p2: Cartesian Vector (P1 ,P2) is a Cartesian Vector from a state S if: • P1 and P2 are sequences of states and transitions that begin from state S • P1 is executed by thread 1 and P2 is executed by thread 2 • If a transition from P1 is dependent with a transition from P2 then these transitions are the last transitions of P1 and P2 Thread1 Thread2

  8. Cartesian Vector - Example Not a Cartesian Vector: x := 1 is not the last transition and is dependent with x := 2; The last transitions are dependent. Any other two transitions are independent. A Cartesian Vector: No dependent transitions at all b++ x:=1 b++ S1 S0 S2 S3 p1: Thread1 c++ c++ c++ x:=2 Q1 S0 Q2 Q3 Q4 p2: Thread2 Can be extended for n≥2 threads

  9. Cartesian Function •  : States → CartesianVectors • For SStates, (S) is a Cartesian Vector from S • Our algorithm uses a cartesian function to determine the progress from each state

  10. x=1 y=0 PC1=2 PC2=0 nop ; x=1 ; (S0)= y=2 ; nop ; x=2 ; S1 x=2 y=2 PC1=0 PC2=3 S2 Thread 1: 0: nop 1: x=1 2: y=1 3: … Thread 2: 0: y=2 1: nop 2: x=2 3: … A cartesian function  is given to the algorithm nop ; x=1 ; x=0 y=0 PC1=0 PC2=0 y=2 ; nop ; x=2 ; S0

  11. x=1 y=1 PC1=3 PC2=0 y=1 ; S3 (S1)= y=2 ; x=1 y=2 PC1=2 PC2=1 x=2 y=2 PC1=0 PC2=3 S4 S2 Thread 1: 0: nop 1: x=1 2: y=1 3: … Thread 2: 0: y=2 1: nop 2: x=2 3: … y=1 ; x=1 y=0 PC1=2 PC2=0 nop ; x=1 ; y=2 ; x=0 y=0 PC1=0 PC2=0 S1 y=2 ; nop ; x=2 ; S0

  12. x=1 y=1 PC1=3 PC2=0 x=1 y=1 PC1=3 PC2=1 y=1 ; S3 (S4)= nop ; x=2 ; S5 x=2 y=2 PC1=2 PC2=3 x=2 y=2 PC1=0 PC2=3 S6 S2 Thread 1: 0: nop 1: x=1 2: y=1 3: … Thread 2: 0: y=2 1: nop 2: x=2 3: … y=1 ; x=1 y=0 PC1=2 PC2=0 nop ; x=1 ; y=2 ; x=0 y=0 PC1=0 PC2=0 y=1 ; S1 x=1 y=2 PC1=2 PC2=1 y=2 ; nop ; x=2 ; nop ; x=2 ; S0 S4

  13. x=1 y=1 PC1=3 PC2=0 x=1 y=1 PC1=3 PC2=1 y=1 ; S3 (S4)= nop ; x=2 ; S5 x=2 y=2 PC1=2 PC2=3 x=2 y=2 PC1=0 PC2=3 S6 S2 Thread 1: 0: nop 1: x=1 2: y=1 3: … Thread 2: 0: y=2 1: nop 2: x=2 3: … y=1 ; x=1 y=0 PC1=2 PC2=0 nop ; x=1 ; y=2 ; x=0 y=0 PC1=0 PC2=0 y=1 ; S1 x=1 y=2 PC1=2 PC2=1 y=2 ; nop ; x=2 ; nop ; x=2 ; S0 S4

  14. Violated in some executions Asserts • The algorithm detects all the assert violations • for any given cartesian function • Example Thread 1: 0: nop 1: x=1 2: y=1 3: … Thread 2: 0: y=2 1: nop 2: x=2 3: assert(y=2) 4: nop 3: …

  15. Thread 1: 0: nop 1: x=1 2: y=1 3: … Thread 2: 0: y=2 1: nop 2: x=2 3: assert(y=2) 4: nop x=1 y=1 PC1=3 PC2=0 x=1 y=0 PC1=2 PC2=0 ??? S3 (S5)= nop; x=2 ; assert(y=2) ; nop ; S1 x=1 y=2 PC1=2 PC2=1 x=2 y=2 PC1=2 PC2=3 x=2 y=2 PC1=0 PC2=3 S4 S6 S2 x=1 y=1 PC1=3 PC2=1 nop; x=2 ; assert(y=2) ; nop ; y=1 x=0 y=0 PC1=0 PC2=0 S5 AssertViolation S0

  16. Calculating Cartesian Vectors • Input: a state S • Output: a Cartesianvector from S • Basic Idea: • Start with a single transition in each sequence • Extend the sequences as long as the vector is a Cartesian vector y=1; is dependent with y=2; x = 1 ; y = 1; P1: nop ; nop ; P2: y = 2 ;

  17. Identifying Dependencies y is already affcted by P2 x = 1 ; y = 1; P1: nop ; • Improvement: keep 2 sets for each sequence – one for read variables and one for write variables Affected Variables: x nop ; P2: y = 2 ; Affected Variables: y

  18. Thread 1: 0: x++ 1: x-- 2: goto 0 Thread 2: 0: y++ 1: y-- 2: goto 0 x-- x++ S1 S0 S2 P1: goto 0 y++ y-- S’1 S0 S’2 P2: goto 0 Infinite loops • Remember the states of each sequence and stop extending a sequence when a cycle is detected

  19. Concurrent Exploration • In large portion of the execution time the algorithm calculates vectors • Calculate n>1 vectors in parallel • Each vector on a different processor

  20. Thread 1: 0: nop 1: x=1 2: y=1 3: … Thread 2: 0: y=2 1: nop 2: x=2 3: assert(y=2) 4: nop 3 Processors can calculate (S2), (S5), (S6) in parallel x=1 y=1 PC1=3 PC2=0 3 Processors x=1 y=0 PC1=2 PC2=0 x=1 y=1 PC1=3 PC2=1 S3 x=0 y=0 PC1=0 PC2=0 x=1 y=2 PC1=2 PC2=1 S1 S5 x=2 y=2 PC1=0 PC2=3 x=2 y=2 PC1=2 PC2=3 S0 S4 S2 S6

  21. Evaluation • 7 (small) benchmarks • Methods • Naive Exploration (no POR) • SPIN’s POR • Cartesian POR • DPOR05 [Flanagan-Godefroid POPL05] • for 3 of the acyclic benchmarks • Combination of DPOR05 and Sleep-Sets

  22. Cartesian vs. Naïve(Transitions)

  23. Cartesian vs. Naïve (Stored States)

  24. Cartesian vs. Naïve (Execution Time)

  25. Indexer

  26. SharedArray (2 threads)

  27. Concurrent Exploration with 4 processors (Execution time)

  28. Thread 1: 0: x++ 1: x++ 2: x++ 3: assert(yC) 4: end Thread 2: 0: y++ 1: y++ 2: y++ 3: assert(xC) 4: end Cartesian versus Persistent-Sets (0,4) (0,3) (0,2) (0,0) (1,0) (2,0) (3,0) (4,0) (0,1) (1,4) (1,3) (1,1) (2,1) (3,1) (4,1) (1,2) (2,4) (2,2) (3,2) (4,2) (2,3) (3,3) (4,3) (3,4) (4,4)

  29. Cartesian versus Persistent-Sets Thread 1: 0: x++ 1: x++ 2: x++ 3: assert(yC) 4: end Thread 2: 0: y++ 1: y++ 2: y++ 3: assert(xC) 4: end (0,4) (0,3) (0,2) (0,0) (1,0) (2,0) (3,0) (4,0) (0,1) (1,4) (1,3) (1,1) (2,1) (3,1) (4,1) (1,2) (2,4) (2,2) (3,2) (4,2) (2,3) (3,3) (4,3) (3,4) (4,4)

  30. The End

More Related