Presentation is loading. Please wait.

Presentation is loading. Please wait.

Scope-bounded Multistack Pushdown Systems: - fixed-point - sequentialization - tree-width 1 Salvatore La Torre Gennaro Parlato (U. Salerno, Italy) (U.

Published byEthan Cross Modified over 9 years ago

Similar presentations

Presentation on theme: "Scope-bounded Multistack Pushdown Systems: - fixed-point - sequentialization - tree-width 1 Salvatore La Torre Gennaro Parlato (U. Salerno, Italy) (U."— Presentation transcript:

1 Scope-bounded Multistack Pushdown Systems: - fixed-point - sequentialization - tree-width 1 Salvatore La Torre Gennaro Parlato (U. Salerno, Italy) (U. Southampton, UK)

2 Multi-stack Pushdown Systems (MPS) n stacks sharing a finite control – configurations: s,,, …, – transitions: push one symbol onto stack i pop one symbol from stack i internal move: stacks stay unchanged, only control location is altered problem: control-state reachability 1 2 n

3 Multi-stack Pushdown Systems (MPS) Interesting model for concurrency – allows accurate modeling of the control flow of concurrent programs with shared memory and recursive procedure calls Too expressive – two stacks suffice to encode a Turing machine Several decidable restrictions in literature

4 bounded context-switch (round) runs round 1 round 2 boudedbouded moves on stack 1 moves on stack 2 moves on stack 3 round 3 round 4 round 5 round 6 round 7 …… … … bounded round reachability is decidable [Qadeer-Rehof, TACAS’05 ] (solution based on automata)

5 bounded round analysis (compositional) moves on stack 1 moves on stack 2 moves on stack 3 compute interface for stack 1 compute interface for stack 1 compute interface for stack 2 compute interface for stack 2 compute interface for stack 3 compute interface for stack 3 compute interface for stack 1 + stack 2 compute interface for stack 1 + stack 2 compute interface for stack 1 + stack 2 + stack 3 compute interface for stack 1 + stack 2 + stack 3 - Sequentialization [Lal-Reps, CAV’08 ] - Interfaces & Getafix [La Torre-Madhusudan-Parlato, PLDI’09, CAV’10, FIT’12 ]

6 Tools based on compositional alg. Sequentialization (programming languages) – Poirot+Corral (MSR) [Lahiri-Lal-Qadeer, POPL’11, CAV’12] – Cseq (code-to-code translation for C prgms + Pthread) [Cseq+ESBMC. Fischer-Inverso-Parlato, SV-COMP’13] Model-Checkers for Boolean programs (abstracted device drivers) – Getafix [La Torre – Madhusudan - Parlato, PLDI’09, CAV’10]

7 beyond bounded-round restriction: scope-bounded runs moves on stack 1 moves on stack 2 moves on stack 3 …… … Decidable reachability [La Torre-Napoli, CONCUR’11 ] solution based on automata, compositional ??? Fix a bound k. A run is k-scope if for all push, pop. ( matching(push, pop) ∧ (round(pop) – round(push) ≤ k ) ) pop push

8 What is this talk about? Compositional algorithm for bounded-scope reachability can be implemented as a – fixed-point (using interfaces) – sequentialization (from multi to one stack) Bounded-scope multiply nested words have bounded tree-width – decidability of reachability, LTL, …, MSO

9 Compositional algorithm for bounded-scope reachability fixed-point sequentialization 9

10 compositional algorithm (fixed point) interface stack 1 interface stack 2 interface stack 3 interface stack 4 The compositional algorithm for bounded rounds won’t work we don’t know a bound on # of needed rounds (semi-algorithm) Our solution computes the cross product of interfaces in parallel

11 interface decomposition for k-scope every k-scope interface can be obtained as a concatenation of several k-round interfaces simple concatenation k-scope k-round k-scope k-round <- first round last -> round overlapping concatenation q

12 compositional algorithm (fixed point) initial -> control state interface stack 1 interface stack 2 interface stack 3 interface stack 4 Init: insert an initial interface for stack 1 with at most k rounds Rules: (Add) concatenate a feasible interface (with at most k rounds) to the stack interface with the lowest incomplete round (Remove) if the first tracked round is complete then remove it Termination: one line left with the target control state at the end target <- state Always reaches a fixed point: - configuration: O( k*n) control states ^ ^ | | #scope #stacks Comparison with bounded-round restriction - bounded rounds requires only O( k ) control states - n cannot be eliminated from O (k n) (additional price to pay)

13 Sequentialization 13

14 Code-to-code translation as a plug-in for sequential verification tools A convenient way to get new tools for conc. programs … Sequ. tool Sequ. tool Conc  sequ translation Conc  sequ translation Instrumentation for the Sequ. tool Instrumentation for the Sequ. tool Concurrent Program T 1 T 2 T n shared vars … Sequ. program Sequ. program Concurrent Program

15 features of a good sequentialization A direct simulation doesn’t lead to scalable solutions: state: C 1 X C 2 X … X C n X Shared Simulation: at each step non-deterministically simulate one move of a thread -data structures for the configurations (n stacks) State space explosion ! Avoid cross product (compositional) 1 stack for the simulation 1 local state, fixed # of shared states Conc. & Sequ. Programs are in the same class i.e. no additional data structures to simulate parallelism Example: concurrent Boolean programs  Boolean (sequential) program Parameterized: increasing the parameter more behaviors are captured at the expense of more computational resources Explore as many behaviors as possible

16 related work (sequentialization) Up 2 context-switches (KISS) [Qadeer-Wu, PLDI’04] bounded-round schedules & finite # of threads Eager [Lal-Reps, CAV’08] Lazy [La Torre-Madhusudan-Parlato, CAV’09] bounded-round schedule & parameterized programs Lazy [La Torre, Madhusudan-Parlato, CAV’10, FIT’12] Delay-bounded schedules (thread creation) [Emmi-Qadeer-Rakamaric, POPL’11] Bounded semantics [Bouajjani-Emmi-Parlato, SAS’11]

17 from fixed point to sequentialization Fixed-point algorithm Init: insert an initial interface for stack 1 with at most k rounds Rules: (Add) Fill any hole with a feasible interface with at most k rounds (Remove) If the first tracked line is complete then remove it Termination: one line left with the target control state at the end Sequentialization Our fixed point leads to a straightforward sequentialization (1stack+2kn shared vars) Global variables: 2k copies of the shared variable to store tuple-interface Additional functions: - INTERFACE( thread_id ); // non-deterministically build an interface for thread thread_id - Init() // implements Init - remove_first_round() //implements Remove rule - add_interface() //implements Add rule Code-to-code translation: Init(); while (true) { if (Remove) remove_first_round(); else add_interface(); if (termination) ERROR; }

18 bounded-scope runs => bounded tree-width of k-scope multiply nested words 18

19 nested words A nested word NW graph captures the behavior of a run – The stack is compiled down into the nested word (nesting edges) push int pop int pop int push int pop q1q1 q2q2 q3q3 q4q4 q5q5 q6q6 q7q7 q8q8 q9q9 q 10 q 11 q 12 q 13 q 14 final

20 multiply nested words (MNW) A MNW graph captures the behavior of an MPS run – Stacks are compiled down into the graph (nesting edges) – One nesting relation per stack push 1 push 2 pop 1 pop 2 pop 1 int push 1 pop 2 pop 1

21 decidability for multistack systems [Madhusudan-Parlato, POPL’11] Several decidable restrictions of Multistack pushdown systems lead to bounded tree-width multiply nested words Decidability: Courcelle/Seese theorem – bounded-contexts [Rehof - Qadeer, TACAS’05 ] – bounded-phases [La Torre – Madhusudan - Parlato, LICS’07 ] – ordered (Breveglieri – Cherubini – Citrini - Crespi Reghizzi, Int. J. Found. Comput. Sci.’95] – Parameterized pushdown automata with k-rounds [La Torre - Madhusudan – Parlato, CAV’10 ] – Delay bounded [Emmi – Qadeer – Rakamarik, POPL’11 ] – Bounded semantics [Bouajjani – Emmi - Parlato, SAS’11 ] – Bounded-Scope [La Torre - Napoli, CONCUR’11 ] (More details in the “Verification of Infinite-State Systems” talk)

22 Conclusions 22

23 Conclusions & Future Work Bounded-scoped model-checking Compositional algorithm – Fixed point algorithm can be encoded in Getafix [La Torre - Madhusudan - Parlato, PLDI’09] – Sequentialization (under-approximation) code-to-code translation (for C programs + Pthread library) sequential tool can be used to analyze concurrent programs empirical evaluation (can we find new bugs?) [Multi-Pushdown Systems with Budget. Abdulla-Atig-Rezine-Stenman - ‘12] bounded tree-width runs + MSO definable [MSO decidability of multi-pushdown systems via split-width. Cyriac - Gastin - Kumar, CONCUR’12] – reachability/LTL  Seese/Courcelle’s theorem (decidable) [A temporal logic for multi-threaded programs. La Torre - Napoli, IFIP TCS’12] [LTL model-checking for multithreaded programs under scope-bounding. Atig, Bouajjani, Kumar, Saivasan – ATVA’12]

Download ppt "Scope-bounded Multistack Pushdown Systems: - fixed-point - sequentialization - tree-width 1 Salvatore La Torre Gennaro Parlato (U. Salerno, Italy) (U."

Similar presentations

Bounded Model Checking of Concurrent Data Types on Relaxed Memory Models: A Case Study Sebastian Burckhardt Rajeev Alur Milo M. K. Martin Department of.

Bounded Model Checking of Concurrent Data Types on Relaxed Memory Models: A Case Study Sebastian Burckhardt Rajeev Alur Milo M. K. Martin Department of.
Ermenegildo Tomasco University of Southampton, UK Omar Inverso University of Southampton, UK Bernd Fischer Stellenbosch University, South Africa Salvatore.

Ermenegildo Tomasco University of Southampton, UK Omar Inverso University of Southampton, UK Bernd Fischer Stellenbosch University, South Africa Salvatore.
Writing Model-Checkers for Boolean Recursive Programs using a Fixed-Point Calculus Gennaro Parlato - UIUC Joint work with Madhusudan - UIUC Salvatore La.

Writing Model-Checkers for Boolean Recursive Programs using a Fixed-Point Calculus Gennaro Parlato - UIUC Joint work with Madhusudan - UIUC Salvatore La.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
A Program Transformation For Faster Goal-Directed Search Akash Lal, Shaz Qadeer Microsoft Research.

A Program Transformation For Faster Goal-Directed Search Akash Lal, Shaz Qadeer Microsoft Research.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
Α ϒ ʎ …… Reachability Modulo Theories Akash Lal Shaz Qadeer, Shuvendu Lahiri Microsoft Research.

Α ϒ ʎ …… Reachability Modulo Theories Akash Lal Shaz Qadeer, Shuvendu Lahiri Microsoft Research.
1/20 Generalized Symbolic Execution for Model Checking and Testing Charngki PSWLAB Generalized Symbolic Execution for Model Checking and Testing.

1/20 Generalized Symbolic Execution for Model Checking and Testing Charngki PSWLAB Generalized Symbolic Execution for Model Checking and Testing.
Bebop: A Symbolic Model Checker for Boolean Programs Thomas Ball Sriram K. Rajamani

Bebop: A Symbolic Model Checker for Boolean Programs Thomas Ball Sriram K. Rajamani
Timed Automata.

Timed Automata.
Keeping a Crowd Safe On the Complexity of Parameterized Verification Javier Esparza Technical University of Munich.

Keeping a Crowd Safe On the Complexity of Parameterized Verification Javier Esparza Technical University of Munich.
1/25 An Infinite Automaton Characterization of Double Exponential Time Gennaro Parlato University of Illinois at Urbana-Champaign Università degli Studi.

1/25 An Infinite Automaton Characterization of Double Exponential Time Gennaro Parlato University of Illinois at Urbana-Champaign Università degli Studi.
Background for “KISS: Keep It Simple and Sequential” cs264 Ras Bodik spring 2005.

Background for “KISS: Keep It Simple and Sequential” cs264 Ras Bodik spring 2005.
A Fixpoint Calculus for Local and Global Program Flows Swarat Chaudhuri, U.Penn (with Rajeev Alur and P. Madhusudan)

A Fixpoint Calculus for Local and Global Program Flows Swarat Chaudhuri, U.Penn (with Rajeev Alur and P. Madhusudan)
Verification of Hybrid Systems An Assessment of Current Techniques Holly Bowen.

Verification of Hybrid Systems An Assessment of Current Techniques Holly Bowen.
Reducing Context-bounded Concurrent Reachability to Sequential Reachability Gennaro Parlato University of Illinois at Urbana-Champaign Salvatore La Torre.

Reducing Context-bounded Concurrent Reachability to Sequential Reachability Gennaro Parlato University of Illinois at Urbana-Champaign Salvatore La Torre.
Pushdown Systems Koushik Sen EECS, UC Berkeley Slide Source: Sanjit A. Seshia.

Pushdown Systems Koushik Sen EECS, UC Berkeley Slide Source: Sanjit A. Seshia.
The Tree-Width of auxiliary storage Gennaro Parlato (University of Southampton, UK) Joint work: P. Madhusudan – UIUC, USA.

The Tree-Width of auxiliary storage Gennaro Parlato (University of Southampton, UK) Joint work: P. Madhusudan – UIUC, USA.
CIS 540 Principles of Embedded Computation Spring 2015 Instructor: Rajeev Alur

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
The Language Theory of Bounded Context-Switching Gennaro Parlato (U. of Illinois, U.S.A.) Joint work with: Salvatore La Torre (U. of Salerno, Italy) P.

The Language Theory of Bounded Context-Switching Gennaro Parlato (U. of Illinois, U.S.A.) Joint work with: Salvatore La Torre (U. of Salerno, Italy) P.

Similar presentations

Ads by Google