Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

(Relative) Safety Properties for Relaxed Approximate Programs


Published on

Presentation by Michael Carbin.
Paper and more information:

Published in: Technology, Education
  • Be the first to comment

  • Be the first to like this

(Relative) Safety Properties for Relaxed Approximate Programs

  1. 1. (Relative) Safety Properties forRelaxed Approximate ProgramsMichael Carbin and Martin RinardMIT EECS and CSAIL
  2. 2. Approximate ComputingMedia Processing, Machine Learning, Search
  3. 3. Fuzzy = Tradeoff of Accuracy and CostAccuracyTime/Resources/Cost0%100%Highly Accurate,ExpensiveLess accurate,Inexpensive
  4. 4. Standard Program ModelAccuracyTime/Resources/Cost0%100%One point in tradeoff space
  5. 5. Relaxed Program ModelAccuracyTime/Resources/Cost0%100%Admits executions at multiplepoints in tradeoff spaceRelaxed programs can dynamically and automatically adapt
  6. 6. Producing Relaxed ProgramsTask Skipping/Loop Perforation - Rinard ICS ‘06, Misailovic ICSE ‘10Dynamic Knobs - Hoffmann ASPLOS ‘11Approximate Memories - Lui ASPLOS ‘11, Sampson PLDI ‘11Approximate Memoization - Chaudhuri FSE ‘11Unsynchronized Parallelization - Misailovic MIT-TR ‘10, Rinard RACES ‘12
  7. 7. Unsynchronized ParallelizationWhen is this acceptable?
  8. 8. Defining AcceptableIntegrityAccuracyKey: any implementation that satisfies thestated acceptability properties is acceptableAcceptability Properties
  9. 9. Defining AcceptableIntegrityAccuracyKey: any implementation that satisfies thestated acceptability properties is acceptableAcceptability PropertiesSafety
  10. 10. How do we verify the safetyof relaxed programs?
  11. 11. Program Logic (Hoare Logic){x = 1} x = x + 1 {x = 2}If we know P is true of the program,then after execution of s, Q is also true}{}{ QsPStandard Hoare Logicdoesn’t capture what we want
  12. 12. General Model for Relaxed ProgramsA general primitive for relaxed sequential programs [1]:relax (n) st (n <= old(n));for (uint i = 0; i < n; ++i) {...}[1] Proving Acceptability Properties of Nondeterministic RelaxedApproximate Programs. Carbin, Kim, Misailovic, Rinard. PLDI ‘12Modified VariablesRelaxation PredicateLoop Perforation!
  13. 13. Applying Standard Hoare Logic• Note: relaxation doesn’t modify y• If S(y) holds in the original program,then it also holds in relaxed program<...>{ P(x, y) && Q(y) }relax (x) st (true);{ Q(y) }<...>{ R(x, y) && S(y)}assert R(x, y) && S(y);Lose P because x ismodifiedProve both R and S
  14. 14. Relational Program Logic{x<r> == x<o> && y<r> == y<o>}relax (x) st (true);{y<r> == y<o>}relrel QsP
  15. 15. Applying Relational Program Logic<...>{x<r> == x<o> && y<r> == y<o>}relax (x) st (true);{ y<r> == y<o> }<...>{R(x<r>, y<r>) && y<r> == y<o> }assert R(x, y) && S(y) ;x different buty the sameOnly prove RIf S(y<o>) is trueand y<r> == y<o>then S(y<r>) is trueRelational reasoning is the bridge
  16. 16. If original program satisfies all assertions,then the relaxed program satisfies all assertionsRelative SafetyMore in our RACES paper:• Small formalization of unsynchronized parallelization• Formal statement of relative safety• Simple example from the Jade Benchmarks suiteEstablished through any means:verification, testing, code review
  17. 17. TakeawayRelax Semantics. Preserve Safety. Reuse Proofs