Presentation is loading. Please wait.

Presentation is loading. Please wait.

Reducing Context-bounded Concurrent Reachability to Sequential Reachability Gennaro Parlato University of Illinois at Urbana-Champaign Salvatore La Torre.

Published byLeslie Gordon Modified over 9 years ago

Similar presentations

Presentation on theme: "Reducing Context-bounded Concurrent Reachability to Sequential Reachability Gennaro Parlato University of Illinois at Urbana-Champaign Salvatore La Torre."— Presentation transcript:

1 Reducing Context-bounded Concurrent Reachability to Sequential Reachability Gennaro Parlato University of Illinois at Urbana-Champaign Salvatore La Torre (U. Salerno, Italy) P. Madhusudan (U. Illinois U.-C., U.S.A.)

2 What is this talk about?  Translation from concurrent recursive programs to sequential programs that preserves reachability  Use existing technique for sequential programs to analyze concurrent programs Model checkers, Deductive verification, … T1T1 T2T2 TnTn shared vars … Seq. program

3 From concurrent to sequential  Always possible but can be inefficient simulate the global behavior (track all locals of each thread) current techniques do not work  What do we want? avoid the extreme blow-up track at any point only the locals of one thread  What we want is not always possible  But is possible restricted : bounded context-switching reahability [Quadeer,Wu, PLDI’04] errors manifest within few contest-switches [Musuvathi, Qadeer, PLDI’07]

4 Concurrent programs  fixed number of (recursive) threads running in parallel  each thread T i has its own local variables  threads communicate through shared variables T1T1 T2T2 TnTn shared vars … loc

5 Anatomy of a k-CS execution (l, s 1 ) (l, s 2 ) (l’ 1,s 1 ) (l’ 2,s 2 ) T1T1 T2T2

6 A transformation already exists  [Lal, Reps CAV’08] Sequential program 1.Execute T 1 to completion 2.Remember s 1, s 2,…, s k 3.Execute T 2 to completion (l 1,s 1 ) s1s1 s2s2 s3s3 s4s4 s5s5 T1T1 (l 1,s 2 ) (l 2,s 3 ) (l 2,s 4 ) (l 3,s 5 ) store s 1 guess s 2 store s 3 guess s 4 store s 5 T2T2

7 A transformation already exists  [Lal, Reps CAV’08] Sequential program 1.Execute T 1 to completion 2.Remember s 1, s 2,…, s k 3.Execute T 2 to completion (l’ 1,s 1 ) s1s1 s2s2 s3s3 s4s4 s5s5 T1T1 (l’ 2,s 2 ) (l’ 2,s 3 ) (l’ 3,s 4 ) (l’ 3,s 5 ) T2T2 s 2 -> s 3 s 4 -> s 5

8 A transformation already exists  [Lal, Reps CAV’08] s1s1 s2s2 s3s3 s4s4 s5s5 T1T1 s 2 is guessed s 2 may be unreachable EAGER T2T2

9 Eager transformation: disadvantages void thread1() { while (blocked) skip; x = x/y; if (x%2==1) ERROR; } void thread2() { x=12; y=2; //unblock thread2 blocked=false; } // shared variables bool blocked=true; int x=0, y=0; Inv: y != 0 blocked=true blocked=false guess y=0

10 We want a lazy transformation The lazy sequential program explores only reachable states of the concurrent program Why is it desirable? In model-checking it can drastically reduce the explored state-space Better invariants for deductive verification  A lazy transformation to sequential programs was not known

11 Our contribution  Lazy transformation from concurrent to sequential programs that reduces the k context-switches reachability problem  Model-checking Lazy => unreachable states not explored Implementation of translation for Boolean programs Evaluation on a Bluetooth device driver

12 Lazy transformation

13 Lazy transformation: main idea  Execute T 1  Context-switch: store s 1 and abort  Execute T 2 from s 1  store s 2 and abort (l 1,s 1 ) (l’ 1,s 1 ) (l’ 2,s 2 ) T1T1 (l 0,s 0 ) T2T2 store s 1 & abort store s 2 & abort

14 Lazy transformation: main idea  Re-execute T1 till it reaches s1  May reach a new local state!  But is anyway correct !! (l 1,s 1 ) (l’ 1,s 1 ) (l’ 2,s 2 ) T1T1 (l 0,s 0 ) T2T2 store s 1 & abort store s 2 & abort (l’’ 1,s 1 ) store s 3 & abort (l’’ 1,s 2 )

15 Lazy transformation: main idea  Switch to T2  Execute till it reaches s2  Continue computation (l 1,s 1 ) (l’ 1,s 1 ) (l’ 2,s 2 ) T1T1 (l 0,s 0 ) T2T2 store s 1 & abort store s 2 & abort (l’’ 1,s 1 ) store s 3 & abort (l’’’ 1,s 2 ) (l’’ 1,s 2 ) (l’’’ 1,s 3 ) store s 4 & abort

16 Lazy transformation: main idea T1T1 T2T2 store s 1 store s 2 store s 3 store s 4 store s 5 end s1s1 s2s2 s3s3 s4s4 s1s1 s2s2 s3s3 s4s4 s5s5

17 Lazy translation scheme main() Thread1() Output is a sequential program consisting of: Thread2()

18 Lazy translation scheme main() Thread1() stmt1; stmt2; Output is a sequential program consisting of: Thread2()  Guess scheduling  Orchestrate calls to threads  Nondet jump to next context where this thread is active  At last context-switch, store shared state, abort, and return to main

19 Reduction of bounded context-switch reachability Theorem: Let C be a concurrent program, k>0 and pc be a program counter of C pc is reachable in C within k context switches iff pc is reachable in SeqProg k (C)

20 Lazy translation  Explores only reachable states  Preserves invariants across the translation  Tracks local state of one thread at any time  Tracks values of shared variables at context switches (s 1, s 2, …, s k )  Requires recomputation of local states

21 Experiments

22 Model checking concurrent Boolean programs  Boolean programs  Concurrent Boolean programs Boolean programs  We have implemented the eager and lazy translator for concurrent Boolean programs Download: http://www.cs.uiuc.edu/~madhu/getafix/cbp2bphttp://www.cs.uiuc.edu/~madhu/getafix/cbp2bp Eager => explores unreachable states Lazy => explores only reachable states

23 Experiments: Windows NT Bluetooth driver Context switches 1-adder 1-stopper 2-adders 1-stopper 1-adder 2-stoppers 2-adders 2-stoppers eagerlazyeagerlazyeagerlazyeagerlazy 123456123456 NNNNNNNNNNNN 0.1 0.3 43.3 73.6 930.0 - 0.1 0.2 1.4 5.5 20.2 66.8 NNNYYYNNNYYY 0.2 0.9 135.9 1601.0 - 0.1 0.8 6.3 2.6 18.0 122.9 NNYYYYNNYYYY 0.1 0.7 70.1 597.2 - 0.1 0.9 0.4 2.9 14.0 66.1 NNYYYYNNYYYY 0.2 1.6 177.6 out of mem. 0.1 2.0 0.8 7.5 66.5 535.9

24 Related Work  KISS project [Qadeer-Wu,PLDI’04]  Decidability of context-bounded analysis [Qadeer-Rehof,TACAS05]  Automata-based symbolic solution [Suwimonteerabuth-Esparza-Schwoon,SPIN’08]]  Symbolic fixed-point solution to lazy computation of reachable states [La Torre-Madhusudan-Parlato,PLDI’09]  Eager translation and symbolic algorithm to compute reachable states lazily [Lal-Reps,CAV’08]  Translation for deductive verification [Lahiri-Qadeer-Rakamaric, CAV09] next talk!!

25 Future work We have a lazy transformation for unbounded number of threads!!!

Download ppt "Reducing Context-bounded Concurrent Reachability to Sequential Reachability Gennaro Parlato University of Illinois at Urbana-Champaign Salvatore La Torre."

Similar presentations

Bounded Model Checking of Concurrent Data Types on Relaxed Memory Models: A Case Study Sebastian Burckhardt Rajeev Alur Milo M. K. Martin Department of.

Bounded Model Checking of Concurrent Data Types on Relaxed Memory Models: A Case Study Sebastian Burckhardt Rajeev Alur Milo M. K. Martin Department of.
Ermenegildo Tomasco University of Southampton, UK Omar Inverso University of Southampton, UK Bernd Fischer Stellenbosch University, South Africa Salvatore.

Ermenegildo Tomasco University of Southampton, UK Omar Inverso University of Southampton, UK Bernd Fischer Stellenbosch University, South Africa Salvatore.
Writing Model-Checkers for Boolean Recursive Programs using a Fixed-Point Calculus Gennaro Parlato - UIUC Joint work with Madhusudan - UIUC Salvatore La.

Writing Model-Checkers for Boolean Recursive Programs using a Fixed-Point Calculus Gennaro Parlato - UIUC Joint work with Madhusudan - UIUC Salvatore La.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
1 Savitch and Immerman- Szelepcsènyi Theorems. 2 Space Compression  For every k-tape S(n) space bounded offline (with a separate read-only input tape)

1 Savitch and Immerman- Szelepcsènyi Theorems. 2 Space Compression  For every k-tape S(n) space bounded offline (with a separate read-only input tape)
A Program Transformation For Faster Goal-Directed Search Akash Lal, Shaz Qadeer Microsoft Research.

A Program Transformation For Faster Goal-Directed Search Akash Lal, Shaz Qadeer Microsoft Research.
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
Α ϒ ʎ …… Reachability Modulo Theories Akash Lal Shaz Qadeer, Shuvendu Lahiri Microsoft Research.

Α ϒ ʎ …… Reachability Modulo Theories Akash Lal Shaz Qadeer, Shuvendu Lahiri Microsoft Research.
Model-based reasoning meets code verification Michael Butler 21 May 2014 WG 2.3 Meeting 55, Orlando.

Model-based reasoning meets code verification Michael Butler 21 May 2014 WG 2.3 Meeting 55, Orlando.
1/20 Generalized Symbolic Execution for Model Checking and Testing Charngki PSWLAB Generalized Symbolic Execution for Model Checking and Testing.

1/20 Generalized Symbolic Execution for Model Checking and Testing Charngki PSWLAB Generalized Symbolic Execution for Model Checking and Testing.
Ch. 7 Process Synchronization (1/2) 2015-04-17. 7.I Background F Producer - Consumer process :  Compiler, Assembler, Loader, · · · · · · F Bounded buffer.

Ch. 7 Process Synchronization (1/2) I Background F Producer - Consumer process :  Compiler, Assembler, Loader, · · · · · · F Bounded buffer.
Keeping a Crowd Safe On the Complexity of Parameterized Verification Javier Esparza Technical University of Munich.

Keeping a Crowd Safe On the Complexity of Parameterized Verification Javier Esparza Technical University of Munich.
Background for “KISS: Keep It Simple and Sequential” cs264 Ras Bodik spring 2005.

Background for “KISS: Keep It Simple and Sequential” cs264 Ras Bodik spring 2005.
Efficient Reachability Analysis for Verification of Asynchronous Systems Nishant Sinha.

Efficient Reachability Analysis for Verification of Asynchronous Systems Nishant Sinha.
Iterative Context Bounding for Systematic Testing of Multithreaded Programs Madan Musuvathi Shaz Qadeer Microsoft Research.

Iterative Context Bounding for Systematic Testing of Multithreaded Programs Madan Musuvathi Shaz Qadeer Microsoft Research.
Verification for Concurrency Part 2: Incomplete techniques and bug finding.

Verification for Concurrency Part 2: Incomplete techniques and bug finding.
The Tree-Width of auxiliary storage Gennaro Parlato (University of Southampton, UK) Joint work: P. Madhusudan – UIUC, USA.

The Tree-Width of auxiliary storage Gennaro Parlato (University of Southampton, UK) Joint work: P. Madhusudan – UIUC, USA.
1 Beyond Reduction.... 2 Busy Acquire atomic void busy_acquire() { while (true) { if (CAS(m,0,1)) break; } } if (m == 0) { m = 1; return true; } else.

1 Beyond Reduction Busy Acquire atomic void busy_acquire() { while (true) { if (CAS(m,0,1)) break; } } if (m == 0) { m = 1; return true; } else.
The Language Theory of Bounded Context-Switching Gennaro Parlato (U. of Illinois, U.S.A.) Joint work with: Salvatore La Torre (U. of Salerno, Italy) P.

The Language Theory of Bounded Context-Switching Gennaro Parlato (U. of Illinois, U.S.A.) Joint work with: Salvatore La Torre (U. of Salerno, Italy) P.
Summarizing Procedures in Concurrent Programs Shaz Qadeer Sriram K. Rajamani Jakob Rehof Microsoft Research.

Summarizing Procedures in Concurrent Programs Shaz Qadeer Sriram K. Rajamani Jakob Rehof Microsoft Research.

Similar presentations

Ads by Google