6 research outputs found
Lost in Abstraction: Monotonicity in Multi-Threaded Programs (Extended Technical Report)
Monotonicity in concurrent systems stipulates that, in any global state,
extant system actions remain executable when new processes are added to the
state. This concept is not only natural and common in multi-threaded software,
but also useful: if every thread's memory is finite, monotonicity often
guarantees the decidability of safety property verification even when the
number of running threads is unknown. In this paper, we show that the act of
obtaining finite-data thread abstractions for model checking can be at odds
with monotonicity: Predicate-abstracting certain widely used monotone software
results in non-monotone multi-threaded Boolean programs - the monotonicity is
lost in the abstraction. As a result, well-established sound and complete
safety checking algorithms become inapplicable; in fact, safety checking turns
out to be undecidable for the obtained class of unbounded-thread Boolean
programs. We demonstrate how the abstract programs can be modified into
monotone ones, without affecting safety properties of the non-monotone
abstraction. This significantly improves earlier approaches of enforcing
monotonicity via overapproximations
Symmetry-Aware Predicate Abstraction for Shared-Variable Concurrent Programs (Extended Technical Report)
Predicate abstraction is a key enabling technology for applying finite-state
model checkers to programs written in mainstream languages. It has been used
very successfully for debugging sequential system-level C code. Although model
checking was originally designed for analyzing concurrent systems, there is
little evidence of fruitful applications of predicate abstraction to
shared-variable concurrent software. The goal of this paper is to close this
gap. We have developed a symmetry-aware predicate abstraction strategy: it
takes into account the replicated structure of C programs that consist of many
threads executing the same procedure, and generates a Boolean program template
whose multi-threaded execution soundly overapproximates the concurrent C
program. State explosion during model checking parallel instantiations of this
template can now be absorbed by exploiting symmetry. We have implemented our
method in the SATABS predicate abstraction framework, and demonstrate its
superior performance over alternative approaches on a large range of
synchronization programs
Dynamic Cutoff Detection in Parameterized Concurrent Programs
Abstract. We consider the class of finite-state programs executed by an unbounded number of replicated threads communicating via shared variables. The thread-state reachability problem for this class is essential in software verification using predicate abstraction. While this problem is decidable via Petri net coverability analysis, techniques solely based on coverability suffer from the problem’s exponential-space complexity. In this paper, we present an alternative method based on a thread-state cutoff: a number n of threads that suffice to generate all reachable thread states. We give a condition, verifiable dynamically during reachability analysis for increasing n, that is sufficient to conclude that n is a cutoff. We then make the method complete, via a coverability query that is of low cost in practice. We demonstrate the efficiency of the approach on Petri net encodings of communication protocols, as well as on non-recursive Boolean programs run by arbitrarily many parallel threads.
Context-Bounded Analysis For Concurrent Programs With Dynamic Creation of Threads
Context-bounded analysis has been shown to be both efficient and effective at
finding bugs in concurrent programs. According to its original definition,
context-bounded analysis explores all behaviors of a concurrent program up to
some fixed number of context switches between threads. This definition is
inadequate for programs that create threads dynamically because bounding the
number of context switches in a computation also bounds the number of threads
involved in the computation. In this paper, we propose a more general
definition of context-bounded analysis useful for programs with dynamic thread
creation. The idea is to bound the number of context switches for each thread
instead of bounding the number of switches of all threads. We consider several
variants based on this new definition, and we establish decidability and
complexity results for the analysis induced by them
Verification of Boolean programs with unbounded thread creation
Most symbolic software model checkers use abstraction techniques to reduce the verification of infinite-state programs to that of decidable classes. Boolean programs [T. Ball, S.K. Rajamani, Bebop: A symbolic model checker for Boolean programs, in: SPIN 00, in: Lecture Notes in Computer Science, vol. 1885, Springer, 2000, pp. 113–130] are the most popular representation for these abstractions. Unfortunately, today’s symbolic software model checkers are limited to the analysis of sequential programs due to the fact that reachability in Boolean programs with unbounded thread creation is undecidable. We address this limitation with a novel algorithm for over-approximating reachability in Boolean programs with unbounded thread creation. Although the Boolean programs are not of finite state, the algorithm always reaches a fix-point. The fixed points are detected by projecting the state of the threads to the globally visible parts, which are finite