1/25 Context-Bounded Analysis of Concurrent Queue Systems Gennaro Parlato University of Illinois at Urbana-Champaign Università degli Studi di Salerno.

Slides:

Advertisements

Similar presentations

Siddharth Srivastava, Shlomo Zilberstein, Neil Immerman University of Massachusetts Amherst Hector Geffner Universitat Pompeu Fabra.

Advertisements

N-Consensus is the Second Strongest Object for N+1 Processes Eli Gafni UCLA Petr Kuznetsov Max Planck Institute for Software Systems.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

Lecture 24 MAS 714 Hartmut Klauck

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

8/25/2009 Sofya Raskhodnikova Intro to Theory of Computation L ECTURE 1 Theory of Computation Course information Overview of the area Finite Automata Sofya.

Lecture 8: Asynchronous Network Algorithms

Chapter 15 Basic Asynchronous Network Algorithms

Pushdown Automata Chapter 12. Recognizing Context-Free Languages We need a device similar to an FSM except that it needs more power. The insight: Precisely.

Keeping a Crowd Safe On the Complexity of Parameterized Verification Javier Esparza Technical University of Munich.

1/25 An Infinite Automaton Characterization of Double Exponential Time Gennaro Parlato University of Illinois at Urbana-Champaign Università degli Studi.

A Fixpoint Calculus for Local and Global Program Flows Swarat Chaudhuri, U.Penn (with Rajeev Alur and P. Madhusudan)

Reducing Context-bounded Concurrent Reachability to Sequential Reachability Gennaro Parlato University of Illinois at Urbana-Champaign Salvatore La Torre.

Pushdown Systems Koushik Sen EECS, UC Berkeley Slide Source: Sanjit A. Seshia.

Breadth-First Search Text Read Weiss, § 9.3 (pp ) Breadth-First Search Algorithms.

Iterative Context Bounding for Systematic Testing of Multithreaded Programs Madan Musuvathi Shaz Qadeer Microsoft Research.

The Tree-Width of auxiliary storage Gennaro Parlato (University of Southampton, UK) Joint work: P. Madhusudan – UIUC, USA.

The Language Theory of Bounded Context-Switching Gennaro Parlato (U. of Illinois, U.S.A.) Joint work with: Salvatore La Torre (U. of Salerno, Italy) P.

January 5, 2015CS21 Lecture 11 CS21 Decidability and Tractability Lecture 1 January 5, 2015.

CS21 Decidability and Tractability

1 Introduction to Computability Theory Lecture12: Decidable Languages Prof. Amos Israeli.

On Sequentializing Concurrent Programs Ahmed Bouajjani LIAFA, University of Paris 7, France LIAFA, University of Paris 7, France Michael Emmi LIAFA, University.

The Tree-Width of automata with auxiliary storage Gennaro Parlato (LIAFA, CNRS, Paris, France) joint work with P. Madhusudan (Univ of Illinois at Urbana-Champaign,

Model Checking Lecture 5. Outline 1 Specifications: logic vs. automata, linear vs. branching, safety vs. liveness 2 Graph algorithms for model checking.

Hierarchical and Recursive State Machines with Context- Dependent Properties Salvatore La Torre, Margherita Napoli, Mimmo Parente and Gennaro Parlato Dipartimento.

A temporal logic for calls and returns P. Madhusudan University of Pennsylvania Joint work with Rajeev Alur and Kousha Etessami Talk at HCES 2004, Philadelphia.

1 Brief Announcement: Distributed Broadcasting and Mapping Protocols in Directed Anonymous Networks Michael Langberg: Open University of Israel Moshe Schwartz:

Fall 2006Costas Busch - RPI1 CSCI-2400 Models of Computation.

Part 2: Reachability analysis of stack-based systems.

Model Checking Lecture 5. Outline 1 Specifications: logic vs. automata, linear vs. branching, safety vs. liveness 2 Graph algorithms for model checking.

272: Software Engineering Fall 2012 Instructor: Tevfik Bultan Lecture 4: SMT-based Bounded Model Checking of Concurrent Software.

Scope-Bounded Pushdown Languages Salvatore La Torre Università degli Studi di Salerno joint work with Margherita Napoli Università degli Studi di Salerno.

1 A Mutual Exclusion Algorithm for Ad Hoc Mobile networks Presentation by Sanjeev Verma For COEN th Nov, 2003 J. E. Walter, J. L. Welch and N. Vaidya.

1 Theory of Computation 計算理論 2 Instructor: 顏嗣鈞 Web: Time: 9:10-12:10 PM, Monday Place: BL 103.

Chapters 7, 8, & 9 Quiz 3 Review 1. 2 Algorithms Algorithm A set of unambiguous instructions for solving a problem or subproblem in a finite amount of.

Languages of nested trees Swarat Chaudhuri University of Pennsylvania (with Rajeev Alur and P. Madhusudan)

Scope-Bounded Pushdown Languages Salvatore La Torre Università degli Studi di Salerno joint work with Margherita Napoli Università degli Studi di Salerno.

The Tree-Width of Decidable Problems 1 Gennaro Parlato (U. Southampton, UK) joint work with: P. Madhusudan (UIUC, USA) Salvatore La Torre (U. Salerno,

Scope-bounded Multistack Pushdown Systems: - fixed-point - sequentialization - tree-width 1 Salvatore La Torre Gennaro Parlato (U. Salerno, Italy) (U.

Algorithmic Software Verification III. Finite state games and pushdown automata.

Computer Science and Engineering Parallel and Distributed Processing CSE 8380 February 10, 2005 Session 9.

1 Theory of Computation 計算理論 2 Instructor: 顏嗣鈞 Web: Time: 9:10-12:10 PM, Monday Place: BL.

Models of Computation. Computation: Computation is a general term for any type of information processing information processing CPU memory.

Algorithmic Software Verification Rajeev Alur University of Pennsylvania ARO Review, May 2005.

 2005 SDU Lecture13 Reducibility — A methodology for proving undecidability.

Weighted Automata and Concurrency Akash Lal Microsoft Research, India Tayssir Touili, Nicholas Kidd and Tom Reps ACTS II, Chennai Mathematical Institute.

Compositionality Entails Sequentializability Pranav Garg, P. Madhusudan University of Illinois at Urbana-Champaign.

Getting Rid of Store-Buffers in TSO Analysis Mohamed Faouzi Atig Uppsala University, Sweden Ahmed Bouajjani LIAFA, University of Paris 7, France LIAFA,

CSCI 2670 Introduction to Theory of Computing October 13, 2005.

Fault tolerance and related issues in distributed computing Shmuel Zaks GSSI - Feb

Logics, automata and algorithms for graphs p. madhusudan (madhu) University of Illinois at Urbana-Champaign, USA.

Symbolic Model Checking of Software Nishant Sinha with Edmund Clarke, Flavio Lerda, Michael Theobald Carnegie Mellon University.

Chapter 9 Turing Machines What would happen if we change the stack in Pushdown Automata into some other storage device? Truing Machines, which maintains.

On Sequentializing Concurrent Programs

Why Study Automata Theory and Formal Languages?

Set Collection A Bag is a general collection class that implements the Collection interface. A Set is a collection that resembles a Bag with the provision.

Why Study Automata? What the Course is About Administrivia

PROTOCOL CORRECTNESS Tutorial 3 Theoretical

CS-300 Theory of Computation 2nd Sem 2017 Lecture 1.

Introduction to the Theory of Computation

Chapter 15 Lists Objectives

Sequentializing Parameterized Programs

Clockless Computing COMP

Lecture 9: Asynchronous Network Algorithms

Lazy Sequentialization Unbounded Concurrent Programs

CSCI-2400 Models of Computation.

A Lazy Sequentialization Tool for Unbounded Context Switches

Algorithms for Extracting Timeliness Graphs

Decidability continued….

Instructor: Aaron Roth

Presentation transcript:

1/25 Context-Bounded Analysis of Concurrent Queue Systems Gennaro Parlato University of Illinois at Urbana-Champaign Università degli Studi di Salerno Salvatore La Torre (U. Salerno) P. Madhusudan (U. Illinois U-C)

2/25 Queue Systems  Architecture A node is a process:  Finite control  Recursive (call-stack) An edge is a FIFO channel  Unbounded capacity queue  Finite message alphabet  Finite shared memory shared memory p1p1 p2p2 Self-loops not allowed!

3/25 Queue Systems  A configuration C = ( LS 1,...,LS n, SM, St 1,..., St n, Q 1,..., Q m )  LS i = local states SM = shared memory St i = stack content of process pi Q i = content of queue i  An action for a process p i : internal (changes LS i / SM ) push or pop from its own stack send or receive a message from a queue finiteunbounded

4/25 A natural model  Asynchronous or event-driven programs Multi-core systems  Libasync-smp (Zeldovich et al, USENIX’03) Single-processor systems (e.g. Java, web service design)  Callbacks  NesC (Gay et al, PLDI’03)  Distributed systems communicating via FIFO message channels Distributed communication protocols

5/25 Model-Check Queue Systems  Reachability problem for queue systems Given a set of global control states T, is any state in T reachable?  Reachability is undecidable  Weakening the model to tackle undecidability Lossy channels (Abdulla-Jonsson, LICS’93) Model queues as bags (Sen-Viswanathan, CAV’06) (Jhala-Majumdar, POPL’07)  Our contribution: a new way to curb undecidability where queues are modeled accurately

6/25 Bounded context-switch reachability  In a context only one process evolves dequeue only from one queue it can enqueue on all outgoing queues Well-queuing (for recursive processes)  Dequeue only when stack is empty  Bounded context-switch reachability problem Given k N a set of global control states T, Is T reachable within k context-switches?

7/25 Context-Bounded analysis for concurrent systems  Introduced by Context-Bounded Model Checking of Concurrent Software (Qadeer-Rehof, TACAS’05)  Experimental results: Large state coverage with few contexts Iterative context bounding for systematic testing of multithreaded programs (Musuvathi-Qadeer, PLDI’07) CHESS at MSR  Context-bounded analysis for otherwise intractable systems Reachability Analysis of Multithreaded Software with Asynchronous Communication (Bouajjani-Esparza-Kiefer-Schwoon, FSTTCS’05) Context-Bounded Analysis of Multithreaded Programs with Dynamic Linked Structures (Bouajjani-Fratani-Qadeer, CAV’07) A Robust Class of Context-Sensitive Languages (La Torre-P.Madhusudan-Parlato, LICS’07)

8/25 Our Results  Bounded Context-Switch Reachability is decidable for non-recursive queuing processes for well-queuing recursive processes  Precise characterization of architectures that admit a decidable (unbounded) reachability problem with shared memory is undecidable for simple architectures) no shared memory & well-queuing recursive: directed forest architectures no shared memory & non recursive: underlying undirected graph is a forest Decidability: reduction to BCS reachability problem

9/25 Outline of the talk  Overview  Solving Bounded Context-Switch Reachability  Unbounded context-switching reachability: Precise characterization of decidable architectures  Conclusions

10/25 Bounded-phase multi-stack pushdown automata [La Torre, P.Madhusudan, Parlato, LICS’07)] finite control A phase is a sub-run where only A unique stack can be popped all stacks can be pushed onto  Finite set of states Q  An initial state q o  Q  Actions: internal move push onto one stack pop from one stack phase-switch phase-switch RUN phase phase phase Bounded-Phase Reachability Problem Given k  N a set of control states T, is any state of T reachable with at most k phases? Theorem Bounded-phase reachability is decidable. Complexity: time exponential in Q double-exponential in k.  Multiply nested structures  MSO on multiply nested structures to MSO on trees  Quite complex proof

11/25 Bounded context-switch reachability for Non- Recursive processes Proof. Reduction to bounded-phase reachability for multi-stack systems. ….  Theorem The bounded context-switch reachability for non-recursive QS is decidable Complexity: 2-Exptime in the number of context-switches Exptime in the size of the system

12/25 Proof (non-recursive case) We define a MSPS that simulates the QS Simulation  of a context Sending m to queue q  push onto st q Receiving m from q  pop from red stack  of a context-switch (p,q)  (p’,q’) Reverse stack q Reverse stack q’

13/25 Proof (recursive case) Simulate incoming queue and call-stack using a single stack! (exploit well-queuing assumption)

14/25 Removing conditions gives undecidability  BCS reachability is undecidable for non well-queuing recursive processes  BCS reachability is undecidable if we allow to dequeuing from two queues in the same context with only 2 context-switches p3p3 q1q1 q2q2 p1p1 p2p2

15/25 Outline of the talk  Overview  Solving Bounded Context-Switch Reachability  Unbounded context-switching reachability: Precise characterization of decidable architectures  Conclusions

16/25 Decidable Architectures with shared memory is undecidable p 1 p 2 With shared memory reachability is undecidable even for simple architectures: (reduction from the membership problem for Turing machines ) Non-recursive:  Two non-recursive processes  One queue Recursive  Two recursive processes  No queues p 1 p 2 s 1 s 2

17/25 Decidable Architectures recursive processes & no shared memory Theorem: An architecture admits decidable reachability for well-queuing QSs with no shared memory iff it is a directed forest Complexity  in 2-Exptime in the number of processes  in Exptime in the size of the QS

18/25 Decidable Architectures recursive processes & no shared memory Reachability is decidable on directed forests reduction to bounded context-switch reachability  Fix an order over the processes such that p > parent(p) p 1, p 2, p 3, p 4, p 5  In the context i process p i evolves p1p1 p2p2 p3p3 p4p4 p5p5

19/25 Undecidable Architectures recursive processes & no shared memory  Reachability is undecidable for all other architectures. Reduction from the emptiness of the intersection of two CFLs reduction from the membership problem for Turing machines  (even for non-recursive) pp’ q p1p1 p2p2 q1q1 q2q2 p3p3 q1q1 q2q2 p2p2 p1p1 Precise characterization Recursive processes No shared memory directed forests

20/25 Decidable Architectures non-recursive processes & no shared memory Theorem: An architecture admits decidable reachability for non-recursive QSs with no shared memory iff the undirected architecture graph is a forest Complexity: Pspace-complete

21/25 Decidable Architectures non-recursive processes & no shared memory Reachability is decidable when the undirected underlying graph is a forest  Algorithm 1.Reverse edges 2.Solvable using bounded context- switch reachability 3.Better solution bounded size queue (1 message) leads to a Pspace procedure  Complexity: Pspace-complete p1 p2 q p1 q

22/25 Undecidable Architectures non-recursive processes & no shared memory Reachability is undecidable when the undirected underlying graph there is a cycle p 1 p 2 p 1 p 2 Precise characterization Non-recursive processes No shared memory undirected architecture graph is a forest

23/25 Outline of the talk  Overview  Solving Bounded Context-Switch Reachability  Unbounded context-switching reachability: Precise characterization of decidable architectures  Conclusions

24/25 Conclusions  Bounded Context-Switch Reachability decidable in 2-EXPTIME  Unbounded context-switching reachability: Precise characterization of decidable architectures Undecidable Decidable iff directed forest (in 2-EXPTIME) Decidable iff undirected forest (Pspace-complete) Shared Memory Well-queuing Recursive processes Non-Recursive processes No Shared Memory

25/25 A Future Direction Practical algorithm for - non recursive processes - no-shared memory -undirected forest architectures  We proposed a Pspace algorithm  Each queue can be considered only of bounded size (one message)  This can be modeled as a finite state transition system  Implementations using standard model checkers (like NuSMV) Approximate schemes to solve bounded context switching reachability for recursive queue systems - a la [Jhala-Majumdar,POPL07] for [Sen-Viswanathan:CAV06]