4 research outputs found
Value-centric Dynamic Partial Order Reduction
The verification of concurrent programs remains an open challenge, as thread
interaction has to be accounted for, which leads to state-space explosion.
Stateless model checking battles this problem by exploring traces rather than
states of the program. As there are exponentially many traces, dynamic
partial-order reduction (DPOR) techniques are used to partition the trace space
into equivalence classes, and explore a few representatives from each class.
The standard equivalence that underlies most DPOR techniques is the
happens-before equivalence, however recent works have spawned a vivid interest
towards coarser equivalences. The efficiency of such approaches is a product of
two parameters: (i) the size of the partitioning induced by the equivalence,
and (ii) the time spent by the exploration algorithm in each class of the
partitioning.
In this work, we present a new equivalence, called value-happens-before and
show that it has two appealing features. First, value-happens-before is always
at least as coarse as the happens-before equivalence, and can be even
exponentially coarser. Second, the value-happens-before partitioning is
efficiently explorable when the number of threads is bounded. We present an
algorithm called value-centric DPOR (VCDPOR), which explores the underlying
partitioning using polynomial time per class. Finally, we perform an
experimental evaluation of VCDPOR on various benchmarks, and compare it against
other state-of-the-art approaches. Our results show that value-happens-before
typically induces a significant reduction in the size of the underlying
partitioning, which leads to a considerable reduction in the running time for
exploring the whole partitioning
How Hard is Weak-Memory Testing?
Weak-memory models are standard formal specifications of concurrency across
hardware, programming languages, and distributed systems. A fundamental
computational problem is consistency testing: is the observed execution of a
concurrent program in alignment with the specification of the underlying
system? The problem has been studied extensively across Sequential Consistency
(SC) and weak memory, and proven to be NP-complete when some aspect of the
input (e.g., number of threads/memory locations) is unbounded. This
unboundedness has left a natural question open: are there efficient
parameterized algorithms for testing?
The main contribution of this paper is a deep hardness result for consistency
testing under many popular weak-memory models: the problem remains NP-complete
even in its bounded setting, where candidate executions contain a bounded
number of threads, memory locations, and values. This hardness spreads across
several Release-Acquire variants of C11, a popular variant of its Relaxed
fragment, popular Causal Consistency models, and the POWER architecture. To our
knowledge, this is the first result that fully exposes the hardness of
weak-memory testing and proves that the problem admits no parameterization
under standard input parameters. It also yields a computational separation of
these models from SC, x86-TSO, PSO, and Relaxed, for which bounded consistency
testing is either known (for SC), or shown here (for the rest), to be in
polynomial time
The Reads-From Equivalence for the TSO and PSO Memory Models
The verification of concurrent programs remains an open challenge due to the
non-determinism in inter-process communication. Instead of exploring concrete
executions, stateless model-checking (SMC) techniques partition the execution
space into equivalence classes, and explore each class as opposed to each
execution. For the relaxed memory models of TSO and PSO (total/partial store
order), the standard equivalence has been Shasha-Snir traces, seen as an
extension of the classic Mazurkiewicz equivalence from SC (sequential
consistency) to TSO and PSO. The reads-from (RF) equivalence was recently shown
to be coarser than the Mazurkiewicz equivalence, leading to impressive
scalability improvements for SMC under SC. The generalization of RF to TSO and
PSO requires to overcome two challenges, namely, verifying execution
consistency and SMC algorithm. We address these two fundamental problems in
this work.
Our first set of contributions is on the problem of verifying TSO- and
PSO-consistent executions given a reads-from map, VTSO-rf and VPSO-rf,
respectively. The problem has been heavily studied under SC due to its numerous
applications, but little is known for TSO and PSO. For an execution of
events over threads and variables, we establish novel bounds that scale
as for TSO and as for PSO.
Our second contribution is an algorithm for SMC under TSO and PSO using the RF
equivalence. Our algorithm is exploration-optimal, in the sense that it is
guaranteed to explore each class of the RF partitioning exactly once, and
spends polynomial time per class when is bounded. Our experimental
evaluation shows that the RF equivalence is often exponentially coarser than
Shasha-Snir traces, and our SMC algorithm scales much better than
state-of-the-art tools based on Shasha-Snir traces
IST Austria Thesis
The design and verification of concurrent systems remains an open challenge due to the non-determinism that arises from the inter-process communication. In particular, concurrent programs are notoriously difficult both to be written correctly and to be analyzed formally, as complex thread interaction has to be accounted for. The difficulties are further exacerbated when concurrent programs get executed on modern-day hardware, which contains various buffering and caching mechanisms for efficiency reasons. This causes further subtle non-determinism, which can often produce very unintuitive behavior of the concurrent programs. Model checking is at the forefront of tackling the verification problem, where the task is to decide, given as input a concurrent system and a desired property, whether the system satisfies the property. The inherent state-space explosion problem in model checking of concurrent systems causes naïve explicit methods not to scale, thus more inventive methods are required. One such method is stateless model checking (SMC), which explores in memory-efficient manner the program executions rather than the states of the program. State-of-the-art SMC is typically coupled with partial order reduction (POR) techniques, which argue that certain executions provably produce identical system behavior, thus limiting the amount of executions one needs to explore in order to cover all possible behaviors. Another method to tackle the state-space explosion is symbolic model checking, where the considered techniques operate on a succinct implicit representation of the input system rather than explicitly accessing the system. In this thesis we present new techniques for verification of concurrent systems. We present several novel POR methods for SMC of concurrent programs under various models of semantics, some of which account for write-buffering mechanisms. Additionally, we present novel algorithms for symbolic model checking of finite-state concurrent systems, where the desired property of the systems is to ensure a formally defined notion of fairness