Lazy-CSeq-SP: Boosting Sequentialization-Based Verification of Multi-threaded C Programs via Symbolic Pruning of Redundant Schedules

Abstract. Sequentialization has been shown to be an effective symbolic verification technique for concurrent C programs using POSIX threads. Lazy-CSeq, a tool that applies a lazy sequentialization scheme, has won the Concurrency division of the last two editions of the Competition on Software Verification. The tool encodes all thread schedules up to a given bound into a single non-deterministic sequential C program and then invokes a C model checker. This paper presents a novel optimized imple-mentation of lazy sequentialization, which integrates symbolic pruning of redundant schedules into the encoding. Experimental evaluation shows that our tool outperforms Lazy-CSeq significantly on many benchmarks

Symbolic Partial-Order Execution for Testing Multi-Threaded Programs

We describe a technique for systematic testing of multi-threaded programs. We combine Quasi-Optimal Partial-Order Reduction, a state-of-the-art technique that tackles path explosion due to interleaving non-determinism, with symbolic execution to handle data non-determinism. Our technique iteratively and exhaustively finds all executions of the program. It represents program executions using partial orders and finds the next execution using an underlying unfolding semantics. We avoid the exploration of redundant program traces using cutoff events. We implemented our technique as an extension of KLEE and evaluated it on a set of large multi-threaded C programs. Our experiments found several previously undiscovered bugs and undefined behaviors in memcached and GNU sort, showing that the new method is capable of finding bugs in industrial-size benchmarks.Comment: Extended version of a paper presented at CAV'2

Extracting Safe Thread Schedules from Incomplete Model Checking Results

Model checkers frequently fail to completely verify a concurrent program, even if partial-order reduction is applied. The verification engineer is left in doubt whether the program is safe and the effort toward verifying the program is wasted. We present a technique that uses the results of such incomplete verification attempts to construct a (fair) scheduler that allows the safe execution of the partially verified concurrent program. This scheduler restricts the execution to schedules that have been proven safe (and prevents executions that were found to be erroneous). We evaluate the performance of our technique and show how it can be improved using partial-order reduction. While constraining the scheduler results in a considerable performance penalty in general, we show that in some cases our approach—somewhat surprisingly—even leads to faster executions

NASH limits anti-tumour surveillance in immunotherapy-treated HCC

Hepatocellular carcinoma (HCC) can have viral or non-viral causes(1-5). Non-alcoholic steatohepatitis (NASH) is an important driver of HCC. Immunotherapy has been approved for treating HCC, but biomarker-based stratification of patients for optimal response to therapy is an unmet need(6,7). Here we report the progressive accumulation of exhausted, unconventionally activated CD8(+)PD1(+) T cells in NASH-affected livers. In preclinical models of NASH-induced HCC, therapeutic immunotherapy targeted at programmed death-1 (PD1) expanded activated CD8(+)PD1(+) T cells within tumours but did not lead to tumour regression, which indicates that tumour immune surveillance was impaired. When given prophylactically, anti-PD1 treatment led to an increase in the incidence of NASH-HCC and in the number and size of tumour nodules, which correlated with increased hepatic CD8(+)PD1(+)CXCR6(+), TOX+, and TNF+ T cells. The increase in HCC triggered by anti-PD1 treatment was prevented by depletion of CD8(+) T cells or TNF neutralization, suggesting that CD8(+) T cells help to induce NASH-HCC, rather than invigorating or executing immune surveillance. We found similar phenotypic and functional profiles in hepatic CD8(+)PD1(+) T cells from humans with NAFLD or NASH. A meta-analysis of three randomized phase III clinical trials that tested inhibitors of PDL1 (programmed death-ligand 1) or PD1 in more than 1,600 patients with advanced HCC revealed that immune therapy did not improve survival in patients with non-viral HCC. In two additional cohorts, patients with NASH-driven HCC who received anti-PD1 or anti-PDL1 treatment showed reduced overall survival compared to patients with other aetiologies. Collectively, these data show that non-viral HCC, and particularly NASH-HCC, might be less responsive to immunotherapy, probably owing to NASH-related aberrant T cell activation causing tissue damage that leads to impaired immune surveillance. Our data provide a rationale for stratification of patients with HCC according to underlying aetiology in studies of immunotherapy as a primary or adjuvant treatment

Romans-mass-driven flows on the D2-brane

The addition of supersymmetric Chern-Simons terms to ${\cal N}=8$ super-Yang-Mills theory in three-dimensions is expected to make the latter flow into infrared superconformal phases. We address this problem holographically by studying the effect of the Romans mass on the D2-brane near-horizon geometry. Working in a consistent, effective four-dimensional setting provided by $D=4$ ${\cal N}=8$ supergravity with a dyonic $\textrm{ISO(7)}$ gauging, we verify the existence of a rich web of supersymmetric domain walls triggered by the Romans mass that interpolate between the (four-dimensional description of the) D2-brane and various superconformal phases. We also construct domain walls for which both endpoints are superconformal. While most of our results are numerical, we provide analytic results for the $\textrm{SU}(3)\times \textrm{U}(1)$-invariant flow into an ${\cal N}=2$ conformal phase recently discovered.Comment: 20 pages plus appendices, 5 figures. v2: typos corrected, published tex