Abstract
We study an automated verification method for functional correctness of parallel programs running on GPUs. Our method is based on Kojima and Igarashi’s Hoare logic for GPU programs. Our algorithm generates verification conditions (VCs) from a program annotated by specifications and loop invariants and pass them to off-the-shelf SMT solvers. It is often impossible, however, to solve naively generated VCs in reasonable time. A main difficulty stems from quantifiers over threads due to the parallel nature of GPU programs. To overcome this difficulty, we additionally apply several transformations to simplify VCs before calling SMT solvers.
Our implementation successfully verifies correctness of several GPU programs, including matrix multiplication optimized by using shared memory. In contrast to many existing tools, our verifier succeeds in verifying fully parameterized programs: parameters such as the number of threads and the sizes of matrices are all symbolic. We empirically confirm that our simplification heuristics is highly effective for improving efficiency of the verification procedure.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
We choose these initial values to explain what happens when the control branches. These initial values do not satisfy the precondition on the first line, so the asserted invariant is not preserved during execution.
- 2.
Some of the terms appearing in this expression are not well-typed. We could write \( assign (b_2, (\lambda t.i_2(t) < \textit{len}_0), b_1, (\lambda t.i_2(t)), (\lambda t.a_0(i_2(t))))\), but for brevity we abbreviate it as above.
- 3.
In this case \(t+1, t+2, \dots \) are also \(\forall \)-bounds, but we do not take them into account. Practically, considering only t seems sufficient in many cases.
- 4.
Currently we use Why3 only for manipulating formulas and calling SMT solvers, although it provides a programming language WhyML.
- 5.
- 6.
Several examples are found at https://fmt.ewi.utwente.nl/redmine/projects/vercors- verifier/wiki/Examples.
References
Betts, A., Chong, N., Donaldson, A.F., Ketema, J., Qadeer, S., Thomson, P., Wickerson, J.: The design and implementation of a verification technique for GPU kernels. ACM Trans. Program. Lang. Syst. 37(3), 10:1–10:49 (2015)
Blom, S., Huisman, M., Mihelčić, M.: Specification and verification of GPGPU programs. Sci. Comput. Prog. 95(3), 376–388 (2014)
Bobot, F., Filliâtre, J.C., Marché, C., Paskevich, A.: Why3: shepherd your herd of provers. In: 1st International Workshop on Intermediate Verification Languages, Boogie 2011, pp. 53–64, Wroclaw, Poland (2011)
Bozga, M., Iosif, R.: On decidability within the arithmetic of addition and divisibility. In: Sassone, V. (ed.) FoSSaCS 2005. LNCS, vol. 3441, pp. 425–439. Springer, Heidelberg (2005). doi:10.1007/978-3-540-31982-5_27. http://dx.doi.org/10.1007/b106850
Cachera, D., Jensen, T.P., Jobin, A., Kirchner, F.: Inference of polynomial invariants for imperative programs: a farewell to Gröbner bases. Sci. Comput. Prog. 93, 89–109 (2014)
Collingbourne, P., Cadar, C., Kelly, P.H.J.: Symbolic testing of OpenCL code. In: Eder, K., Lourenço, J., Shehory, O. (eds.) HVC 2011. LNCS, vol. 7261, pp. 203–218. Springer, Heidelberg (2012). doi:10.1007/978-3-642-34188-5_18
Flanagan, C., Leino, K.R.M.: Houdini, an annotation assistant for ESC/Java. In: Oliveira, J.N., Zave, P. (eds.) FME 2001. LNCS, vol. 2021, pp. 500–517. Springer, Heidelberg (2001). doi:10.1007/3-540-45251-6_29
Flanagan, C., Saxe, J.B.: Avoiding exponential explosion: generating compact verification conditions. In: Proceedings of ACM POPL, pp. 193–205 (2001)
Garg, P., Löding, C., Madhusudan, P., Neider, D.: ICE: a robust framework for learning invariants. In: Biere, A., Bloem, R. (eds.) CAV 2014. LNCS, vol. 8559, pp. 69–87. Springer, Heidelberg (2014). doi:10.1007/978-3-319-08867-9_5
Kojima, K., Igarashi, A.: A hoare logic for SIMT programs. In: Shan, C. (ed.) APLAS 2013. LNCS, vol. 8301, pp. 58–73. Springer, Heidelberg (2013). doi:10.1007/978-3-319-03542-0_5
Komuravelli, A., Bjørner, N., Gurfinkel, A., McMillan, K.L.: Compositional verification of procedural programs using Horn clauses over integers and arrays. In: Formal Methods in Computer-Aided Design, FMCAD 2015, pp. 89–96, Austin, Texas, USA, 27–30 September 2015
Kovács, L., Voronkov, A.: Finding loop invariants for programs over arrays using a theorem prover. In: Chechik, M., Wirsing, M. (eds.) FASE 2009. LNCS, vol. 5503, pp. 470–485. Springer, Heidelberg (2009). doi:10.1007/978-3-642-00593-0_33
Lechner, A., Ouaknine, J., Worrell, J.: On the complexity of linear arithmetic with divisibility. In: Proceedings of 30th Annual ACM/IEEE Symposium on Logic in Computer Science, (LICS 2015), pp. 667–676 (2015)
Li, G., Gopalakrishnan, G.: Scalable SMT-based verification of GPU kernel functions. In: Proceedings of the 18th ACM SIGSOFT International Symposium on Foundations of Software Engineering (FSE 2010), pp. 187–196. ACM (2010)
Li, G., Gopalakrishnan, G.: Parameterized verification of GPU kernel programs. In: IPDPS Workshop on Multicore and GPU Programming Models, Languages and Compilers Wokshop, pp. 2450–2459. IEEE (2012)
Li, G., Li, P., Sawaya, G., Gopalakrishnan, G., Ghosh, I., Rajan, S.P.: GKLEE: concolic verification and test generation for GPUs. In: Proceedings of ACM PPoPP, pp. 215–224 (2012)
Li, P., Li, G., Gopalakrishnan, G.: Parametric flows: automated behavior equivalencing for symbolic analysis of races in CUDA programs. In: Proceedings of the International Conference on High Performance Computing, Networking, Storage and Analysis (SC 2012). IEEE Computer Society Press (2012)
Li, P., Li, G., Gopalakrishnan, G.: Practical symbolic race checking of GPU programs. In: Proceedings of International Conference for High Performance Computing, Networking, Storage and Analysis (SC 2014), pp. 179–190 (2014)
McMillan, K.L.: Quantified invariant generation using an interpolating saturation prover. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 413–427. Springer, Heidelberg (2008). doi:10.1007/978-3-540-78800-3_31
Necula, G.C., McPeak, S., Rahul, S.P., Weimer, W.: CIL: intermediate language and tools for analysis and transformation of C programs. In: Horspool, R.N. (ed.) CC 2002. LNCS, vol. 2304, pp. 213–228. Springer, Heidelberg (2002). doi:10.1007/3-540-45937-5_16
Nguyen, H.: GPU Gems 3, 1st edn. Addison-Wesley Professional, Reading (2007). http://developer.nvidia.com/object/gpu-gems-3.html
NVIDIA: NVIDIA CUDA C Programming Guide (2014). http://docs.nvidia.com/cuda/cuda-c-programming-guide/index.html
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Kojima, K., Imanishi, A., Igarashi, A. (2016). Automated Verification of Functional Correctness of Race-Free GPU Programs. In: Blazy, S., Chechik, M. (eds) Verified Software. Theories, Tools, and Experiments. VSTTE 2016. Lecture Notes in Computer Science(), vol 9971. Springer, Cham. https://doi.org/10.1007/978-3-319-48869-1_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-48869-1_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-48868-4
Online ISBN: 978-3-319-48869-1
eBook Packages: Computer ScienceComputer Science (R0)