KISS: Keep It Simple and Sequential

Сл Текст Сл Текст
1Background for “KISS: Keep It Simple 7refined definition data race: when two
and Sequential”. cs264 Ras Bodik spring accesses are not separated by a
2005. synchronization.
2Guest Lecture. Shaz Qadeer, Microsoft 8Assertions. Some bugs are
Research Monday, Jan 24, 4pm in 320 Soda program-specific cannot be described with
title: Context-Bounded Model Checking of a general pattern like “data race”
Concurrent Software based on two papers Programmers have a way to catch these
KISS: Keep It Simple and Sequential bugs: assertions check the program state
[PLDI’04] Context-Bounded Model Checking at some program point ex. does ‘x.parent’
of Concurrent Software [MSR-TR] guest indeed point to x’s parent node? check the
lecture replaces Wed, Jan 26, cs264 program state across several program
lecture read the first paper and write a points ex. has the tree been traversed in
summary due Monday 3pm email it to sorted order by the ‘data’ field? may
cs264@imail.eecs.berkeley.edu graded Pass require instrumenting the program with a
/ Fail. “state” variable ex. a global variable
3Paper summary: 5 short paragraphs. storing the value of last ‘data’ field A
Summary: what’s the problem? what’s the programmer evaluates assertions at
solution? paraphrase the paper offer a run-time but they can also be “evaluated”
different spin cut through the hype (if by a static analyzer static debugging:
applicable) Key new ideas: what’s good prove that no assertion can fail, for any
about the paper? what new insights or input.
techniques made this paper possible? or 9Model checking. KISS reduces parallel
simply, what did you like? Limitations: analysis into sequential analysis
what’s weak in the paper? limitations not translates a multithreaded program P into
mentioned in the paper impact of a sequential P’ P’ simulates (some)
limitations, whether mentioned or not. parallelism in P simulation by P’ serving
4Paper summary: 5 short paragraphs. as its own scheduler The sequential P’
What next? applications of the technique analyzed in a model checker SLAM What’s a
future directions cs264 project ideas model checker? very simplified view:
Missing background which parts of the constant propagator that checks if any
paper you didn’t understand background you assertion can fail an important detail: i)
didn’t have to understand the paper analyze branches to exclude infeasible
unfamiliar formalisms: e.g., type paths ii) may also analyze each path
inference rules, semantics unfamiliar separately (no path merges).
techniques: e.g., model checking 10Instrumentation. Serves two purposes!
unfamiliar lingo: e.g., happens-before Adds assertions to check for temporal
relation. properties ex. thread must not enter
5Upcoming reading assignment. Read driver after driver was stopped in this
Chapter 1 from textbook by Friday next paper, done manually Translates P into P’
week overview of analysis techniques 30 adds simulation of thread scheduling
pages, somewhat technical textbook may not automatic.
be in the bookstore by Monday but I’ll 11Abstract language. Explain the
have photocopies of Chapter 1 for you on technique for C is too hard so the paper
Monday pick them up at the guest talk or explains it on a simplified language Side
from mailbox on my door. note: KISS translates twice from P in C to
6Topics. some background for the KISS P in the “parallel language” from parallel
paper data race assertions model checking P to sequential P’ The parallel language
instrumenting the program defined using (abstract) syntax (in Fig 3)
under-approximation abstract language. semantic defined informally in the text.
7Data race. Concurrency bugs like other 12Under-approximation. Soundness is hard
bugs, have various forms is there one for this problem because the problem is
pattern that describes many of them? Data undecidable would likely lead to many
race: a race condition on data accesses false positives Solution:
when two threads (may) access same memory under-approximate in contrast to sound
location simultaneously (but two loads ok) (conservative) static analysis, this
It’s (only) a heuristic false positives: collects a subset of facts that may happen
some data races are not bugs (example?) because it examines a subset of possible
false negatives: doesn’t catch all bugs parallel executions how to approximate is
(example?) False positives inspire a the art of program analysis.
