Presentation is loading. Please wait.

Presentation is loading. Please wait.

Sequentializing Parameterized Programs

Published byEvan Payne Modified over 6 years ago

Similar presentations

Presentation on theme: "Sequentializing Parameterized Programs"— Presentation transcript:

1 Sequentializing Parameterized Programs
Salvatore La Torre Università degli Studi di Salerno P. Madhusudan (U . Illinois U.-C., U.S.A.) Gennaro Parlato (U. Southampton)

2 Parameterized programs
Fixed number of programs P1 , , Pn (each possibly with recursive function calls) Memory is shared (a fixed number of shared vars) Executions are those of all the concurrent programs: (for each m) each thread Tj is the execution of a program Pi each program Pi can be run in unboundedly many threads T1 T2 Tm shared vars loc

3 Parameterized programs
Interesting class of programs (e.g., device drivers) Complex class of programs (infinite states): each thread is essentially a pushdown system number of threads is unbounded Basic decision problems are undecidable reachability with just two threads is already undecidable Reachability within a bounded number of context-switches is decidable [La Torre–Madhusudan–Parlato CAV’10]

4 Bounded context-switching
Switching between threads is allowed only a bounded number of times [Qadeer-Rehof TACAS’05] Under this restriction Analysis is an effective technique for bug detection bugs of concurrent programs are likely to occur within few context-switches [Musuvathi-Qadeer PLDI’07] Efficient sequentializations can be obtained

5 Sequentialization Param. Seq. program program …
Translation from a multithreaded program to an “equivalent” sequential one Advantage: use existing techniques for sequential programs to analyze parameterized programs Model checkers, Deductive verification, … Param. program Seq. program T1 T2 Tm shared vars loc

6 Sequentialization A sequentialization that simply simulates the global behavior of the program is always possible track the locals of each thread (may require additional unbounded storage) in general, inefficient (current tools do not work) Under bounded-context switching, efficient sequentializations are known (for concurrent programs) track only the locals of one thread at a time need to store multiple copies of shared vars [Lal-Reps CAV’08 & La Torre-Madhusudan-Parlato CAV’09]

7 Sequentialization of param. progs
A simple sequentialization for parameterized programs can be obtained by extending the “eager” approach [Lal-Reps CAV 2008] : each thread is executed up to completion (jumping across context-switches) after computing a thread, nondeterministically (1) terminate and check if all the computed executions form a computation and (2) compute next thread the values of shared variables at context-switches are passed to the next thread (l2,s1) (l4,s2) (l1,s1) (l3,s2) (l5,s3) (l1,s3)

8 Eager seq. does not preserve assertions
// shared variables bool blocked=true; int x=0, y=0; y!=0 is an invariant of the statement x=x/y in the param. progr. but not in the sequential program (blocked can be nondeterministically assigned to false across a context-switch while processing a thread of P1) process P1: main() begin while (blocked) skip; assert(y!=0); x = x/y; end process P2: main() begin x=12; y=2; //unblock threads of P1 blocked=false; end

9 Main contribution Sequentialization up to k context-switches that maps a parameterized program P to a sequential program Pseq s.t. only (k-c.s.) reachable states of P can be explored via Pseq assertion invariants are preserved at any point of a Pseq run, the local state of only one thread and at most O(k) copies of shared variables are tracked no additional unbounded memory is used (no additional queues, or counters) Note: it reduces bounded context-switch reachability of param. programs to reachability of seq. programs

10 Rest of the talk Details of the sequentialization Related work
linear interfaces structure of Pseq correctness and lazyness Related work Conclusions

11 Linear interfaces Crucial concept exploited in the sequentialization
Summarize the effects of a block of unboundedly many threads on the shared variables executions arranged in rounds of round-robin scheduling linear interface (In,Out) of dim. 3 Ti Ti+1 Tj in1 out1 in2 out2 in3 out3

12 Linear interface of a run
(In,Out) s.t. ini+1=outi i=1,…,k-1 k=3 T1 T2 Tm in1 out1 in2 out2 in3 out3

13 Computation of a P run by Pseq
Pseq mimics a computation of P by increasing round numbers and (within each round) by increasing context numbers nondeterministically chooses if this is the last thread in the round the linear interface (<in1>,<out1>) is stored T1 T2 T3 T4 in1 out1

14 Computation of a P run by Pseq
Second round is executed matching (<in1>,<out1>) Note that threads do not need to be the same we used in the first round and not even in the same number The third round is executed similarly by matching (<in1,in2>,<out1,out2>) T’1 T’2 T’3 in1 context switch in last thread is allowed only with globals out1 a1 b1 out1 can context switch provided that <b1,out1> is a linear interface can context switch provided that <a1,out1> is a linear interface in2=out1 a2 b2 out2

15 Structure of Pseq main function: linear_int:
initialize the shared variables starts the computation of each round by calling linear_int linear_int: selects and starts next thread to execute (if any) returns a valuation of the global vars that forms a linear interface with the valuations received as parameters control code (interlined within the given code) drives the recomputation task calls linear_int to check conditions on context-switching manage the returns from calls (flags that the end of the round has been successfully reached)

16 Interlined control code
if (terminate) then return; if (!atom ) then while (*) if (last) then if ( j = bound) then terminate := T; return; else assume(q′j = s); j++; s := qj; else qj := s; save:= g; call linear int(q1,k,q′1,k−1, j); if ( j = bound) then return; else assume(q′j =s); g:=save; terminate := F; j++; s:=qj;

17 Property of linear_int
a call to linear_int(in1,…,ini,out1,…,outi-1) returns outi such that in1 in1 out1 out1 ini-1 ini-1 outi-1 outi-1 ini outi

18 Correctness and lazyness
I2 I3 Suppose: we compute: such that: in1 out’1 I1 in1 out1 in2 out’2 out1 out2 in2 in3=out2 out2 out’3 I2 in1 out’1 out’’1 out’’1 in2 out’2 out1 out’’2 out’’2 in3 out’3 out2 out’’3

19 The newly discovered states are all reachable
This equals to say T1 Tj Tj+1 Suppose  run: we ensure the existence of any run: Tm in1 out’1 out1 in2 out’2 out2 in3 out’3 T’1 T’h T’h+1 T’h+2 T’m’ in1 out’’1 out’1 out1 in2 out’’2 The newly discovered states are all reachable out’2 out2 in3 out’’3 out’3

20 Reduction of bounded context-switch reachability
Theorem: Let P be a parameterized program, k>0 and pc be a program counter of P pc is reachable in P within k context switches iff pc is reachable in Pseq

21 Related Work Seq. up to 2 contexts [Quadeer-Wu PLDI’04]
Seq. of concurrent programs: eager [Lal-RepsTACAS’08] lazy [La Torre-Madhusudan-Parlato CAV’09] Seq. combined to deductive verification [Lahiri-Qadeer-Rakamaric CAV09] Symbolic fixed-point solution to computation of reachable states for parameterized programs [La Torre-Madhusudan-Parlato CAV’10] Seq. for delay bounded schedulers with dynamic creation of threads [Emmi-Qadeer-Rakamaric POPL’11] Sufficient conditions for sequentialization of concurrent programs [Garg-Madhusudan TACAS’11] Seq. of programs communicating through asynchronous message passing [Emmi-Bouajjani TACAS’12] Seq. of scope-bounded conc. programs [La Torre-Parlato 2012]

22 Conclusions Sequentializations are a hot research topic
Some good experimental results have been obtained combining SMT solvers and eager seq. Lazy seq. do not work well with SMT since introduces recursion Lazy seq. is more suitable for accurate analysis it is worth trying it with other kinds of techniques

Download ppt "Sequentializing Parameterized Programs"

Similar presentations

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Ermenegildo Tomasco University of Southampton, UK Omar Inverso University of Southampton, UK Bernd Fischer Stellenbosch University, South Africa Salvatore.

Ermenegildo Tomasco University of Southampton, UK Omar Inverso University of Southampton, UK Bernd Fischer Stellenbosch University, South Africa Salvatore.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
A Program Transformation For Faster Goal-Directed Search Akash Lal, Shaz Qadeer Microsoft Research.

A Program Transformation For Faster Goal-Directed Search Akash Lal, Shaz Qadeer Microsoft Research.
1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.

1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
Α ϒ ʎ …… Reachability Modulo Theories Akash Lal Shaz Qadeer, Shuvendu Lahiri Microsoft Research.

Α ϒ ʎ …… Reachability Modulo Theories Akash Lal Shaz Qadeer, Shuvendu Lahiri Microsoft Research.
1 1 Regression Verification for Multi-Threaded Programs Sagar Chaki, SEI-Pittsburgh Arie Gurfinkel, SEI-Pittsburgh Ofer Strichman, Technion-Haifa Originally.

1 1 Regression Verification for Multi-Threaded Programs Sagar Chaki, SEI-Pittsburgh Arie Gurfinkel, SEI-Pittsburgh Ofer Strichman, Technion-Haifa Originally.
1 Symbolic Execution for Model Checking and Testing Corina Păsăreanu (Kestrel) Joint work with Sarfraz Khurshid (MIT) and Willem Visser (RIACS)

1 Symbolic Execution for Model Checking and Testing Corina Păsăreanu (Kestrel) Joint work with Sarfraz Khurshid (MIT) and Willem Visser (RIACS)
1/20 Generalized Symbolic Execution for Model Checking and Testing Charngki PSWLAB Generalized Symbolic Execution for Model Checking and Testing.

1/20 Generalized Symbolic Execution for Model Checking and Testing Charngki PSWLAB Generalized Symbolic Execution for Model Checking and Testing.
Ch. 7 Process Synchronization (1/2) 2015-04-17. 7.I Background F Producer - Consumer process :  Compiler, Assembler, Loader, · · · · · · F Bounded buffer.

Ch. 7 Process Synchronization (1/2) I Background F Producer - Consumer process :  Compiler, Assembler, Loader, · · · · · · F Bounded buffer.
Reducing Context-bounded Concurrent Reachability to Sequential Reachability Gennaro Parlato University of Illinois at Urbana-Champaign Salvatore La Torre.

Reducing Context-bounded Concurrent Reachability to Sequential Reachability Gennaro Parlato University of Illinois at Urbana-Champaign Salvatore La Torre.
Iterative Context Bounding for Systematic Testing of Multithreaded Programs Madan Musuvathi Shaz Qadeer Microsoft Research.

Iterative Context Bounding for Systematic Testing of Multithreaded Programs Madan Musuvathi Shaz Qadeer Microsoft Research.
The Tree-Width of auxiliary storage Gennaro Parlato (University of Southampton, UK) Joint work: P. Madhusudan – UIUC, USA.

The Tree-Width of auxiliary storage Gennaro Parlato (University of Southampton, UK) Joint work: P. Madhusudan – UIUC, USA.
1 Formal Methods in SE Qaisar Javaid Assistant Professor Lecture 05.

1 Formal Methods in SE Qaisar Javaid Assistant Professor Lecture 05.
The Language Theory of Bounded Context-Switching Gennaro Parlato (U. of Illinois, U.S.A.) Joint work with: Salvatore La Torre (U. of Salerno, Italy) P.

The Language Theory of Bounded Context-Switching Gennaro Parlato (U. of Illinois, U.S.A.) Joint work with: Salvatore La Torre (U. of Salerno, Italy) P.
Summarizing Procedures in Concurrent Programs Shaz Qadeer Sriram K. Rajamani Jakob Rehof Microsoft Research.

Summarizing Procedures in Concurrent Programs Shaz Qadeer Sriram K. Rajamani Jakob Rehof Microsoft Research.
On Sequentializing Concurrent Programs Ahmed Bouajjani LIAFA, University of Paris 7, France LIAFA, University of Paris 7, France Michael Emmi LIAFA, University.

On Sequentializing Concurrent Programs Ahmed Bouajjani LIAFA, University of Paris 7, France LIAFA, University of Paris 7, France Michael Emmi LIAFA, University.
The Tree-Width of automata with auxiliary storage Gennaro Parlato (LIAFA, CNRS, Paris, France) joint work with P. Madhusudan (Univ of Illinois at Urbana-Champaign,

The Tree-Width of automata with auxiliary storage Gennaro Parlato (LIAFA, CNRS, Paris, France) joint work with P. Madhusudan (Univ of Illinois at Urbana-Champaign,
Lazy-CSeq A Lazy Sequentialization Tool for C Omar Inverso University of Southampton, UK Ermenegildo Tomasco University of Southampton, UK Bernd Fischer.

Lazy-CSeq A Lazy Sequentialization Tool for C Omar Inverso University of Southampton, UK Ermenegildo Tomasco University of Southampton, UK Bernd Fischer.

Similar presentations

Ads by Google