76 research outputs found
CARET analysis of multithreaded programs
Dynamic Pushdown Networks (DPNs) are a natural model for multithreaded
programs with (recursive) procedure calls and thread creation. On the other
hand, CARET is a temporal logic that allows to write linear temporal formulas
while taking into account the matching between calls and returns. We consider
in this paper the model-checking problem of DPNs against CARET formulas. We
show that this problem can be effectively solved by a reduction to the
emptiness problem of B\"uchi Dynamic Pushdown Systems. We then show that CARET
model checking is also decidable for DPNs communicating with locks. Our results
can, in particular, be used for the detection of concurrent malware.Comment: Pre-proceedings paper presented at the 27th International Symposium
on Logic-Based Program Synthesis and Transformation (LOPSTR 2017), Namur,
Belgium, 10-12 October 2017 (arXiv:1708.07854
Reasoning about Threads with Bounded Lock Chains
The problem of model checking threads interacting purely via the standard synchronization primitives is key for many concurrent program analyses, particularly dataflow analysis. Unfortunately, it is undecidable even for the most commonly used synchronization primitive, i.e., mutex locks. Lock usage in concurrent programs can be characterized in terms of lock chains, where a sequence of mutex locks is said to be chained if the scopes of adjacent (non-nested) mutexes overlap. Although the model checking problem for fragments of Linear Temporal Logic (LTL) is known to be decidable for threads interacting via nested locks, i.e., chains of length one, these techniques don’t extend to pro-grams with non-nested locks used in crucial applications like databases and device drivers. We exploit the fact that lock usage patterns in real life programs do not produce unbounded lock chains. For such a framework, we show, by using the new concept of Lock Causality Automata (LCA), that pre∗-closures of regular sets of states can be computed efficiently. Leveraging this new technique then allows us to formulate decision procedures for model checking threads communicating via bounded lock chains for fragments of LTL. Our new results narrow the decidability gap for LTL model checking of threads communicating via locks by pro-viding a more refined characterization for it in terms of boundedness of lock chains rather than the current state-of-the-art, i.e., nestedness of locks (chains of length one).
Locality and Singularity for Store-Atomic Memory Models
Robustness is a correctness notion for concurrent programs running under
relaxed consistency models. The task is to check that the relaxed behavior
coincides (up to traces) with sequential consistency (SC). Although
computationally simple on paper (robustness has been shown to be
PSPACE-complete for TSO, PGAS, and Power), building a practical robustness
checker remains a challenge. The problem is that the various relaxations lead
to a dramatic number of computations, only few of which violate robustness.
In the present paper, we set out to reduce the search space for robustness
checkers. We focus on store-atomic consistency models and establish two
completeness results. The first result, called locality, states that a
non-robust program always contains a violating computation where only one
thread delays commands. The second result, called singularity, is even stronger
but restricted to programs without lightweight fences. It states that there is
a violating computation where a single store is delayed.
As an application of the results, we derive a linear-size source-to-source
translation of robustness to SC-reachability. It applies to general programs,
regardless of the data domain and potentially with an unbounded number of
threads and with unbounded buffers. We have implemented the translation and
verified, for the first time, PGAS algorithms in a fully automated fashion. For
TSO, our analysis outperforms existing tools
Algorithmic Verification of Asynchronous Programs
Asynchronous programming is a ubiquitous systems programming idiom to manage
concurrent interactions with the environment. In this style, instead of waiting
for time-consuming operations to complete, the programmer makes a non-blocking
call to the operation and posts a callback task to a task buffer that is
executed later when the time-consuming operation completes. A co-operative
scheduler mediates the interaction by picking and executing callback tasks from
the task buffer to completion (and these callbacks can post further callbacks
to be executed later). Writing correct asynchronous programs is hard because
the use of callbacks, while efficient, obscures program control flow.
We provide a formal model underlying asynchronous programs and study
verification problems for this model. We show that the safety verification
problem for finite-data asynchronous programs is expspace-complete. We show
that liveness verification for finite-data asynchronous programs is decidable
and polynomial-time equivalent to Petri Net reachability. Decidability is not
obvious, since even if the data is finite-state, asynchronous programs
constitute infinite-state transition systems: both the program stack and the
task buffer of pending asynchronous calls can be potentially unbounded.
Our main technical construction is a polynomial-time semantics-preserving
reduction from asynchronous programs to Petri Nets and conversely. The
reduction allows the use of algorithmic techniques on Petri Nets to the
verification of asynchronous programs.
We also study several extensions to the basic models of asynchronous programs
that are inspired by additional capabilities provided by implementations of
asynchronous libraries, and classify the decidability and undecidability of
verification questions on these extensions.Comment: 46 pages, 9 figure
Software Verification for Weak Memory via Program Transformation
Despite multiprocessors implementing weak memory models, verification methods
often assume Sequential Consistency (SC), thus may miss bugs due to weak
memory. We propose a sound transformation of the program to verify, enabling SC
tools to perform verification w.r.t. weak memory. We present experiments for a
broad variety of models (from x86/TSO to Power/ARM) and a vast range of
verification tools, quantify the additional cost of the transformation and
highlight the cases when we can drastically reduce it. Our benchmarks include
work-queue management code from PostgreSQL
Finite Automata for the Sub- and Superword Closure of CFLs: Descriptional and Computational Complexity
We answer two open questions by (Gruber, Holzer, Kutrib, 2009) on the
state-complexity of representing sub- or superword closures of context-free
grammars (CFGs): (1) We prove a (tight) upper bound of on
the size of nondeterministic finite automata (NFAs) representing the subword
closure of a CFG of size . (2) We present a family of CFGs for which the
minimal deterministic finite automata representing their subword closure
matches the upper-bound of following from (1).
Furthermore, we prove that the inequivalence problem for NFAs representing sub-
or superword-closed languages is only NP-complete as opposed to PSPACE-complete
for general NFAs. Finally, we extend our results into an approximation method
to attack inequivalence problems for CFGs
Context-Bounded Analysis For Concurrent Programs With Dynamic Creation of Threads
Context-bounded analysis has been shown to be both efficient and effective at
finding bugs in concurrent programs. According to its original definition,
context-bounded analysis explores all behaviors of a concurrent program up to
some fixed number of context switches between threads. This definition is
inadequate for programs that create threads dynamically because bounding the
number of context switches in a computation also bounds the number of threads
involved in the computation. In this paper, we propose a more general
definition of context-bounded analysis useful for programs with dynamic thread
creation. The idea is to bound the number of context switches for each thread
instead of bounding the number of switches of all threads. We consider several
variants based on this new definition, and we establish decidability and
complexity results for the analysis induced by them
Ogre and Pythia: An Invariance Proof Method for Weak Consistency Models
We design an invariance proof method for concurrent programs parameterised by a weak consistency model. The calculational design of the invariance proof method is by abstract interpretation of a truly parallel analytic semantics. This generalises the methods by Lamport and Owicki-Gries for sequential consistency. We use cat as an example of language to write consistency specifications of both concurrent programs and machine architectures
Prediction of the dynamic oscillation threshold in a clarinet model with a linearly increasing blowing pressure
- …