Verifying Parallel Optimizations with PTRANSWilliam Mansky and Elsa L. Gunter, UIUC
1
Problem
• Practical program correctness depends on compiler• Real-world compilers have bugs (see for
instance Csmith)• Verification is possible (e.g. CompCert) but
difficult, especially of optimizations• Frontiers of compiler research (e.g., multicore
opts) require correctness tools2
Our Solution
• VeriF-OPT: a Verification Framework for Optimizations and Program Transformations• Language-independent• Designed for parallel programming models• Will support optimization design, testing, and
verification• Core component: PTRANS specification
language• CFG rewrites + temporal logic side conditions 3
Control Flow Graphs
4
seq
Start
store 1, m
x := e2x := e1
y := x
seq
seq
false
seq
seq
true
store y, mseq
Exit
if …
seq
Threaded Control Flow Graphs
5
Start
store 1, m
x := e2x := e1
y := x
seq
seq
false
seq
seq
true
store y, mseq
Exit
if …
seq
Start
x := load m
x := x – 1x := x + 1
z := x
seq
seq
false
seq
seq
true
store z, mseq
Exit
if x < 0
t1 t2
Redundant Store Elimination
6
seq
Start
store 1, m
x := e2x := e1
y := x
seq
seq
false
seq
seq
true
store y, mseq
Exit
if …
Redundant Store Elimination
7
seq
Start
store 1, m
x := e2x := e1
y := x
seq
seq
false
seq
seq
true
store y, mseq
Exit
if …
seq
Start
skip
x := e2x := e1
y := x
seq
seq
false
seq
seq
true
store y, mseq
Exit
if …
Building RSE in PTRANS
<transformation>if<condition>
8
CFG Rewrites – Actions
• Actions are the basic units of rewriting
• add_edge(n,m,e) – add an edge from n to m labeled e• remove_edge(n,m,e) – remove an edge from n to
m labeled e• replace n with p1,...,pk – replace the instr at n with
instrs p1,...,pk
• split_edge(n,m,e,q) – insert q in the middle of the edge from n to m
9
Building RSE in PTRANS
replace n with skipif<pattern/condition>
10
Temporal Logic Side Conditions
• CTL quantifies over paths through branching systems• stmtt(s), nodet(n) – atomic predicates• Also external analyses (e.g. alias analysis)
• E φ1U φ2, A φ1U φ2, φ1B φ2, φ1B φ2 – φ1 until φ2 along path(s) forward or backward through CFG• Can define EF, EG, AF, AG, etc.
11
Building RSE in PTRANS
replace n with skipifEF nodet(n) stmtt(store e1, e2)
12
Building RSE in PTRANS
replace n with skipifEF nodet(n) stmtt(store e1, e2) ?
13
Memory Models
• In shared-memory concurrency: what values can be read?• Allow, e.g., reads to be delayed past
unrelated writes• Reflects behavior of multicore architecture• Affect correctness conditions!
14
A Few Memory Models
• Sequential Consistency: exists a single external total order on memory operations• Can be modeled by single shared store
• Total Store Order: reads can be moved past unrelated writes• Can be modeled by write buffers
• Partial Store Order: writes can be moved past unrelated writes• Can be modeled by per-location write buffers 15
Building RSE in PTRANS
replace n with skipifEF nodet(n) stmtt(store e1, e2)
16
A No other thread touches the memory at e2 (enforced by locks) U stmtt(store e’, e2)
A No read of e2 or store to any location U stmtt(store e’, e2)
A No read or write to e2 U stmtt(store e’, e2)
SC TSO PSO
Verification
• Defined formal semantics of PTRANS in Isabelle• Verified RSE for LLVM-like IR under all three
memory models• Locales allow us to parameterize by (and later
plug in) memory models in program semantics – modular proof• Correctness via simulation => no new
behaviors 17
In Conclusion
• PTRANS helps state and verify optimizations on parallel programs• Optimizations verified in Isabelle under
multiple memory models• Can reuse proof components common across
memory models• Future work:• Dynamic thread creation (e.g., fork/join)• Executable semantics for design/testing 18
Thank You!
• Questions?
19
TSO in Action
Start: m1 0 and m2 0
Result: x = 0 and y = 0
20
store 1, m1
x := load m2
store 1, m2
y := load m1
• Read delayed past write
PSO in Action
Start: m1 0 and m2 0
Result: x = 0 and y = 1
21
store 1, m1
store 1, m2
y := load m2
x := load m1
• Write delayed past write
PTRANS in Action
22
replace n with skip if … A … U stmtt(store e’, e2)
seq
Start
store 1, m
x := e2x := e1
y := x
seq
seq
false
seq
seq
true
store y, mseq
Exit
if …
PTRANS in Action
23
replace n with skip if … A … U stmtt(store e’, e2)
seq
Start
store 1, m
x := e2x := e1
y := x
seq
seq
false
seq
seq
true
store y, mseq
Exit
if …
PTRANS in Action
24
replace n with skip if … A … U stmtt(store e’, e2)
seq
Start
store 1, m
x := e2x := e1
y := x
seq
seq
false
seq
seq
true
store y, mseq
Exit
if …
PTRANS in Action
25
replace n with skip if … A … U stmtt(store e’, e2)
seq
Start
store 1, m
x := e2x := e1
y := x
seq
seq
false
seq
seq
true
store y, mseq
Exit
if …
PTRANS in Action
26
seq
Start
store 1, m
x := e2x := e1
y := x
seq
seq
false
seq
seq
true
store y, mseq
Exit
if …
seq
Start
skip
x := e2x := e1
y := x
seq
seq
false
seq
seq
true
store y, mseq
Exit
if …