Lazy Sequentialization Unbounded Concurrent Programs

Lazy Sequentialization Unbounded Concurrent Programs
for the Safety Verification of Unbounded Concurrent Programs Truc Lam Nguyen University of Southampton, UK Bernd Fischer Stellenbosch University, South Africa Salvatore La Torre Università di Salerno, Italy Gennaro Parlato

Concurrent Program - Reachability Problem
concurrent C programs POSIX threads SC memory model reachability assertion failure out-of-bound array division-by-zero, … SHARED MEMORY … T1 T2 TN N THREADS goals: Proving correctness Finding bugs

Concurrent Program - Reachability Problem
concurrent C programs POSIX threads SC memory model reachability assertion failure out-of-bound array division-by-zero, … SHARED MEMORY … T1 T2 TN N THREADS goals: Proving correctness Finding bugs Our contribution: an automatic verification approach based on sequentialization

What is Sequentialization?
CONC PROGRAM SEQUENTIALIZATION (code-to-code translation) SEQ PROGRAM SEQ TOOL advantages reuse robust sequential analysis tools fast prototyping of concurrency handling delegating all sequential reasoning to an existing target analysis tool easier to implement than full-fledged tools

Sequentialization: literature
CONC PROGRAM SEQUENTIALIZATION (code-to-code translation) SEQ PROGRAM SEQ TOOL papers proposal [ Qadeer, Wu - PLDI’04 ] eager, bounded context-switch, finite # threads [ Lal, Reps - CAV’08 ] lazy, finite # threads, parameterized [La Torre, Madhusudan, Parlato - CAV’09, CAV’10] thread creation [Bouajjani, Emmi, Parlato - SAS’11] [Emmi, Qadeer, Rakamaric - POPL’11] Lal/Reps for real-time systems [Chaki, Gurfinkel, Strichman - FMCAD’11] message-passing programs [Bouajjani, Emmi - TACAS’12] lazy sequentialization [Inverso, Tomasco, Fischer, La Torre, Parlato - CAV’14] memory unwinding [Tomasco, Inverso, Fischer, La Torre, Parlato - TACAS’15] weak memory models [Tomasco, Nguyen, Fischer, La Torre, Parlato - FMCAD’16]

Sequentialization: verification tools
CONC PROGRAM SEQUENTIALIZATION (code-to-code translation) SEQ PROGRAM SEQ TOOL tools (Implementations of variants of Lal/Reps schema) Corral [ Lal, Qadeer, Lahiri – CAV’12 ] CSeq [ Fischer, Inverso, Parlato – ASE’13,15 ] Rek [ Chaki, Gurfinkel, Strichman – FMCAD’11 ] STORM [ Lahiri,Qadeer,Rakamaric – CAV’09 ] only suitable for finding bugs

Recall Lazy Sequentialization
Outline Recall Lazy Sequentialization Unbounded Lazy Sequentialization Tool & Experiments Conclusion & Future Work

Lazy Sequentialization
for bug finding CAV’14

Lazy Sequentialization
CONC PROGRAM BOUNDED PROGRAM SEQUENTIALIZATION (code-to-code translation) BMC SEQUENTIAL TOOL SEQ PROGRAM Implemented in CSeq framework [Fischer, Inverso, Parlato - ASE’13] C99 + PThread + counter-example [Inverso, Nguyen, Fischer, La Torre, Parlato - ASE’15] Medals at SV-COMP ( ), concurrency category Extended for weak memory models [Tomasco, Nguyen, Inverso, Fischer, La Torre, Parlato - FMCAD’16] Very effective at finding bugs in complex benchmarks other approaches fail

… Round robin schedule T0 T1 TN-1 TN
main() T0 T1 … TN-1 TN round k captures all bounded Round-Robin computations for a given bound error manifest themselves within very few rounds [ Musuvathi, Qadeer – PLDI’07 ]

Lazy Sequentialization: Schema overview
… main() T0 bounded concurrent program T1 TN Sequentialization (code-to-code translation) translates translates … translates … sequential program F0 F1 FN main() Sequentialized functions Driver

Lazy Sequentialization: Main driver
pc0=0 ; ..., pcN=0; local0; ..., localN; main() { while(i <= K){ ... if(createdi) Fi(); i++; } bounded loop to simulate K rounds of computations

pc0=0 ; ..., pcN=0; local0; ..., localN; main() { while(i <= K){ ... if(createdi) Fi(); i++; } bounded loop to simulate K rounds of computations thread simulation function (for each thread i)

a global pc for each thread thread locals → thread global main driver pc0=0 ; ..., pcN=0; local0; ..., localN; main() { while(i <= K){ ... if(createdi) Fi(); i++; } bounded loop to simulate K rounds of computations thread simulation function (for each thread i)

Unbounded Lazy Sequentialization

a global pc for each thread thread locals → thread global main driver pc0=0 ; ..., pcN=0; local0; ..., localN; main() { while(i <= K){ ... if(createdi) Fi(); i++; } bounded loop to simulate K rounds of computations thread simulation function (for each thread i)

Lazy Sequentialization: Main driver (extended)
a global pc for each thread thread locals → thread global main driver pc0=0 ; ..., pcN=0; local0; ..., localN; main() { while(true){ ... if(createdi) Fi(); } infinite loop to simulate unbounded # rounds thread simulation function (for each thread i)

Lazy Sequentialization: Schema overview

Lazy Sequentialization: Schema (extended)

UL Sequentialization: Thread Simulation
l1: stmt1; l2: stmt2; l3: stmt3; . lM: stmtM;

l1: stmt1; l2: stmt2; l3: stmt3; . lM: stmtM; l1: stmt1; l2: stmt2; l3: stmt3; . lM: stmtM; translate

Fi l1: stmt1; l2: stmt2; l3: stmt3; . lM: stmtM; l1: stmt1; l2: stmt2; l3: stmt3; . lM: stmtM; [[ l1: stmt1 ]]; [[ l2: stmt2 ]]; [[ l3: stmt3 ]]; . [[ lM: stmtM ]]; translate translates

execute statements Fi [[ l1: stmt1 ]]; [[ l2: stmt2 ]]; [[ l3: stmt3 ]]; . [[ lM: stmtM ]]; skip ... RESUME EXECUTE

suspend execution Fi [[ l1: stmt1 ]]; [[ l2: stmt2 ]]; [[ l3: stmt3 ]]; . [[ lM: stmtM ]]; skip ... RESUME EXECUTE SUSPEND skip ...

UL Sequentialization: Translation for Simple Stmts
Simple statements: assignment, goto, return [[ l: simple_stmt ]]

Simple statements: assignment, goto, return [[ l: simple_stmt ]] translates into CONTR(l) l: EXEC(simple_stmt)

Simple statements: assignment, goto, return [[ l: simple_stmt ]] translates into CONTR(l) l: EXEC(simple_stmt) #define CONTR(l) if(s=RESUME && pci=l) s:=EXECUTE; if(s=EXECUTE && *) { pci:=l; s:=SUSPEND;}

Simple statements: assignment, goto, return [[ l: simple_stmt ]] translates into CONTR(l) l: EXEC(simple_stmt) #define EXEC(stmt) if(s=EXECUTE) {stmt;}

UL Sequentialization: Translation for Loop Stmts
[[ l: while (b) do {... k: stm} ]]

[[ l: while (b) do {... k: stm} ]] translates into CONTR(l) l: skip

[[ l: while (b) do {... k: stm} ]] translates into CONTR(l) l: while( (s=RESUME && pci <= k) || (s=EXECUTE && b) ) do [[{... k: stm}]] skip

UL Sequentialization: Translation for Conditional Stmts
[[ l: if (b) {... k: stm1} else {... h: stm2} ]]

[[ l: if (b) {... k: stm1} else {... h: stm2} ]] translates into CONTR(l) l:

[[ l: if (b) {... k: stm1} else {... h: stm2} ]] translates into CONTR(l) l: if((s=RESUME && pci <= k) ||(s=EXECUTE && b)) [[{... k: stm1}]] else if ((s=RESUME && pci <= h) ||(s=EXECUTE)) [[{... h: stm2}]]

Tool / Empirical Evaluation

UL-CSeq UL-CSeq tool sequential tools P P' Implementation
concurrent C program sequential non-deterministic C program UL-CSeq ANSWER sequential tools P P' Implementation CSeq framework Input: C99 + POSIX threads Support backends Proving correctness: SeaHorn, Ultimate Automizer, CPAChecker, VVT Finding bugs: CBMC, ESBMC, LLBMC

Experiments: Proving Correctness
category #file #LOC UL-CSeq + SeaHorn UL-CSeq + UAutomizer UL-CSeq + CPAChecker UL-CSeq + VVT pass fail t.o. time pthread 15 1285 3 2 10 67.3 390.8 204.9 5 7 247.3 pthread-atomic 9 1136 6 1 167.9 456.7 4 352.6 171.8 pthread-ext 45 3679 27 18 199.1 12 31 226.5 30 214.6 16 24 179.7 pthread-lit 8 427 23.3 544.9 164.1 79.8 pthread-wmm 144 29426 32.5 60 84 421.6 26 118 271.3 141 275.3 [FMCAD’13] 542 51.1 238.6 244.7 133.1 [TACAS’11] 290 5.7 181.8 44.9 17.2 Totals 234 36785 194 37 59.9 87 376.2 171 235.7 180 11 43 248.2 SV-COMP Benchmark [Beyer - TACAS’16] SAFE instances [Watcher, Kroening, Ouaknine - FMCAD’13] [Garg, Madhusudan - TACAS’11]

category #file #LOC UL-CSeq + SeaHorn UL-CSeq + UAutomizer UL-CSeq + CPAChecker UL-CSeq + VVT pass fail t.o. time pthread 15 1285 3 2 10 67.3 390.8 204.9 5 7 247.3 pthread-atomic 9 1136 6 1 167.9 456.7 4 352.6 171.8 pthread-ext 45 3679 27 18 199.1 12 31 226.5 30 214.6 16 24 179.7 pthread-lit 8 427 23.3 544.9 164.1 79.8 pthread-wmm 144 29426 32.5 60 84 421.6 26 118 271.3 141 275.3 [FMCAD’13] 542 51.1 238.6 244.7 133.1 [TACAS’11] 290 5.7 181.8 44.9 17.2 Totals 234 36785 194 37 59.9 87 376.2 171 235.7 180 11 43 248.2 Time is measures in second, t.o is timeout

category #file #LOC UL-CSeq + SeaHorn UL-CSeq + UAutomizer UL-CSeq + CPAChecker UL-CSeq + VVT pass fail t.o. time pthread 15 1285 3 2 10 67.3 390.8 204.9 5 7 247.3 pthread-atomic 9 1136 6 1 167.9 456.7 4 352.6 171.8 pthread-ext 45 3679 27 18 199.1 12 31 226.5 30 214.6 16 24 179.7 pthread-lit 8 427 23.3 544.9 164.1 79.8 pthread-wmm 144 29426 32.5 60 84 421.6 26 118 271.3 141 275.3 [FMCAD’13] 542 51.1 238.6 244.7 133.1 [TACAS’11] 290 5.7 181.8 44.9 17.2 Totals 234 36785 194 37 59.9 87 376.2 171 235.7 180 11 43 248.2 Impara Satabs Threader Time is measures in second, t.o is timeout

category #file #LOC UL-CSeq + SeaHorn UL-CSeq + UAutomizer UL-CSeq + CPAChecker UL-CSeq + VVT pass fail t.o. time pthread 15 1285 3 2 10 67.3 390.8 204.9 5 7 247.3 pthread-atomic 9 1136 6 1 167.9 456.7 4 352.6 171.8 pthread-ext 45 3679 27 18 199.1 12 31 226.5 30 214.6 16 24 179.7 pthread-lit 8 427 23.3 544.9 164.1 79.8 pthread-wmm 144 29426 32.5 60 84 421.6 26 118 271.3 141 275.3 [FMCAD’13] 542 51.1 238.6 244.7 133.1 [TACAS’11] 290 5.7 181.8 44.9 17.2 Totals 234 36785 194 37 59.9 87 376.2 171 235.7 180 11 43 248.2 Impara Satabs Threader 12.2 308.7 128.4 7.3 61.8 1.3 24.4 143.7 8.7 13 17 34.6 36 104.8 38 66.2 0.4 8.1 N/A 120 100 22 312.2 130 14 222.2 0.5 27.5 154.7 2.7 0.8 58.2 8.8 77 154 11.2 134 52 48 244 57 164 88.2 192 172.6 Time is measures in second, t.o is timeout

Experiments: Finding Bugs
category #file LOC UL-CSEQ + CBMC Lazy-CSeq + CBMC CBMC CIVL Smack pass t.o. time pthread 17 4085 14 3 12.2 19.4 16 1 63.1 14.9 8 9 84.2 atomic 2 204 1.4 0.4 3.4 15 ext 780 0.3 7 12 47.2 lit 148 1.3 0.2 2.7 11.1 wmm 754 237700 1.1 1.2 0.5 6.1 753 78.1 Totals 784 242917 781 1.6 2.9 6.2 772 77.6 SV-COMP Benchmark [Beyer - TACAS’16] UNSAFE instances Time is measures in second, t.o is timeout

category #file LOC UL-CSEQ + CBMC Lazy-CSeq + CBMC pass t.o. time pthread 17 4085 14 3 12.2 19.4 atomic 2 204 1.4 1 ext 8 780 0.3 lit 148 1.3 wmm 754 237700 1.1 1.2 Totals 784 242917 781 1.6 Time is measures in second, t.o is timeout

category #file LOC UL-CSEQ + CBMC Lazy-CSeq + CBMC CBMC CIVL Smack pass t.o. time pthread 17 4085 14 3 12.2 19.4 atomic 2 204 1.4 1 ext 8 780 0.3 lit 148 1.3 wmm 754 237700 1.1 1.2 Totals 784 242917 781 1.6 Time is measures in second, t.o is timeout

category #file LOC UL-CSEQ + CBMC Lazy-CSeq + CBMC CBMC CIVL Smack pass t.o. time pthread 17 4085 14 3 12.2 19.4 16 1 63.1 14.9 8 9 84.2 atomic 2 204 1.4 0.4 3.4 15 ext 780 0.3 7 12 47.2 lit 148 1.3 0.2 2.7 11.1 wmm 754 237700 1.1 1.2 0.5 6.1 753 78.1 Totals 784 242917 781 1.6 2.9 6.2 772 77.6 Time is measures in second, t.o is timeout

Conclusions

Conclusion & Future Work
We have presented a new sequentialization Lazy Unbounded context switches Preserving loop Simple to implement (CSeq framework), support multiple backends Proving correctness Finding bugs Competitive with existing approaches (bug-finding + correctness) Future Work Application to Embedded systems Extended to unbounded thread creation Weak Memory Models (WMM)

users.ecs.soton.ac.uk/gp4/cseq
Thank You users.ecs.soton.ac.uk/gp4/cseq

Lazy Sequentialization Unbounded Concurrent Programs

Similar presentations

Presentation on theme: "Lazy Sequentialization Unbounded Concurrent Programs"— Presentation transcript:

Similar presentations

About project

Feedback

Log in

Auth with social network:

Lazy Sequentialization Unbounded Concurrent Programs

Similar presentations

Presentation on theme: "Lazy Sequentialization Unbounded Concurrent Programs"— Presentation transcript:

Similar presentations

About project

Feedback