Abstract
Automated verification of multi-threaded programs requires explicit identification of the interplay between interacting threads, so-called environment transitions, to enable scalable, compositional reasoning. Once the environment transitions are identified, we can prove program properties by considering each program thread in isolation, as the environment transitions keep track of the interleaving with other threads. Finding adequate environment transitions that are sufficiently precise to yield conclusive results and yet do not overwhelm the verifier with unnecessary details about the interleaving with other threads is a major challenge. In this paper we propose a method for safety verification of multi-threaded programs that applies (transition) predicate abstraction-based discovery of environment transitions, exposing a minimal amount of information about the thread interleaving. The crux of our method is an abstraction refinement procedure that uses recursion-free Horn clauses to declaratively state abstraction refinement queries. Then, the queries are resolved by a corresponding constraint solving algorithm. We present preliminary experimental results for mutual exclusion protocols and multi-threaded device drivers.
Supplemental Material
- Y. Bar-David and G. Taubenfeld. Automatic discovery of mutual exclusion algorithms. In DISC, pages 136--150, 2003.Google Scholar
Digital Library
- G. Basler, M. Mazzucchi, T. Wahl, and D. Kroening. Symbolic counter abstraction for concurrent software. In CAV, pages 64--78, 2009. Google Scholar
Digital Library
- G. Basler, M. Hague, D. Kroening, C.-H. L. Ong, T. Wahl, and H. Zhao. Boom: Taking boolean program model checking one step further. In TACAS, pages 145--149, 2010. Google Scholar
Digital Library
- E. M. Clarke, O. Grumberg, S. Jha, Y. Lu, and H. Veith. Counterexample-guided abstraction refinement. In CAV, pages 154--169, 2000. Google Scholar
Digital Library
- A. Cohen and K. S. Namjoshi. Local proofs for global safety properties. FMSD, 34 (2): 104--125, 2009. Google Scholar
Digital Library
- J. Corbet, A. Rubini, and G. Kroah-Hartman. Linux Device Drivers, 3rd Edition. O'Reilly Media, Inc., 2005. Google Scholar
Digital Library
- P. Cousot and R. Cousot. Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In POPL, pages 238--252, 1977. Google Scholar
Digital Library
- C. Flanagan and P. Godefroid. Dynamic partial-order reduction for model checking software. In POPL, pages 110--121, 2005. Google Scholar
Digital Library
- C. Flanagan and S. Qadeer. Thread-modular model checking. In SPIN, pages 213--224, 2003. Google Scholar
Digital Library
- C. Flanagan, S. N. Freund, and S. Qadeer. Thread-modular verification for shared-memory programs. In ESOP, pages 262--277, 2002. Google Scholar
Digital Library
- P. Godefroid. Partial-Order Methods for the Verification of Concurrent Systems - An Approach to the State-Explosion Problem. PhD thesis, University of Liege, Computer Science Department, 1994.Google Scholar
- S. Graf and H. Saıdi. Construction of abstract state graphs with PVS. In CAV, pages 72--83, 1997. Google Scholar
Digital Library
- A. Gupta, C. Popeea, and A. Rybalchenko. Non-monotonic refinement of control abstraction for concurrent programs. In phATVA, pages 188--202, 2010. Google Scholar
Digital Library
- T. A. Henzinger, R. Jhala, R. Majumdar, and G. Sutre. Lazy abstraction. In POPL, pages 58--70, 2002. Google Scholar
Digital Library
- T. A. Henzinger, R. Jhala, and R. Majumdar. Race checking by context inference. In PLDI, pages 1--13, 2004. Google Scholar
Digital Library
- C. B. Jones. Tentative steps toward a development method for interfering programs. ACM Trans. Program. Lang. Syst., 5 (4): 596--619, 1983. Google Scholar
Digital Library
- C. B. Jones. Specification and design of (parallel) programs. In IFIP Congress, pages 321--332, 1983.Google Scholar
- L. Lamport. A new solution of Dijkstra's concurrent programming problem. Commun. ACM, 17 (8): 453--455, 1974. Google Scholar
Digital Library
- L. Lamport. A fast mutual exclusion algorithm. ACM Trans. Comput. Syst., 5 (1): 1--11, 1987. Google Scholar
Digital Library
- S. Lu, S. Park, E. Seo, and Y. Zhou. Learning from mistakes: a comprehensive study on real world concurrency bug characteristics. In ASPLOS, pages 329--339, 2008. Google Scholar
Digital Library
- A. Malkis, A. Podelski, and A. Rybalchenko. Thread-modular verification is cartesian abstract interpretation. In ICTAC, pages 183--197, 2006. Google Scholar
Digital Library
- Z. Manna and A. Pnueli. Temporal verification of reactive systems: safety. Springer-Verlag, 1995. Google Scholar
Digital Library
- P. McKenney. Using Promela and Spin to verify parallel algorithms. LWN.net weekly edition, 2007.Google Scholar
- M. Musuvathi, S. Qadeer, T. Ball, G. Basler, P. A. Nainar, and I. Neamtiu. Finding and reproducing Heisenbugs in concurrent programs. In OSDI, pages 267--280, 2008. Google Scholar
Digital Library
- G. C. Necula, S. McPeak, S. P. Rahul, and W. Weimer. CIL: Intermediate language and tools for analysis and transformation of C programs. In CC, pages 213--228, 2002. Google Scholar
Digital Library
- S. S. Owicki and D. Gries. An axiomatic proof technique for parallel programs I. Acta Inf., 6: 319--340, 1976.Google Scholar
Digital Library
- A. Pnueli, J. Xu, and L. D. Zuck. Liveness with (0, 1, infty)-counter abstraction. In CAV, pages 107--122, 2002. Google Scholar
Digital Library
- A. Podelski and A. Rybalchenko. Transition predicate abstraction and fair termination. In POPL, pages 132--144, 2005. Google Scholar
Digital Library
- A. Podelski and A. Rybalchenko. Armc: The logical choice for software model checking with abstraction refinement. In PADL, pages 245--259, 2007. Google Scholar
Digital Library
- S. Qadeer and D. Wu. KISS: keep it simple and sequential. In PLDI, pages 14--24, 2004. Google Scholar
Digital Library
- A. Rybalchenko. The ARMC tool. Available from http://www7.in.tum.de/ rybal/armc/.Google Scholar
- B. K. Szymanski. A simple solution to Lamport's concurrent programming problem with linear wait. In ICS, pages 621--626, 1988. Google Scholar
Digital Library
- The Intelligent Systems Laboratory. SICStus Prolog User's Manual. Swedish Institute of Computer Science, 2001. Release 3.8.7.Google Scholar
- C. Wang, Z. Yang, V. Kahlon, and A. Gupta. Peephole partial order reduction. In TACAS, pages 382--396, 2008. Google Scholar
Digital Library
Index Terms
Predicate abstraction and refinement for verifying multi-threaded programs
Recommendations
Predicate abstraction and refinement for verifying multi-threaded programs
POPL '11: Proceedings of the 38th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languagesAutomated verification of multi-threaded programs requires explicit identification of the interplay between interacting threads, so-called environment transitions, to enable scalable, compositional reasoning. Once the environment transitions are ...
Compositional Abstraction Refinement for Timed Systems
TASE '10: Proceedings of the 2010 4th IEEE International Symposium on Theoretical Aspects of Software EngineeringModel checking suffers from the state explosion problem. Compositional abstraction and abstraction refinement have been investigated in many areas to address this problem. This paper considers the compositional model checking for timed systems. We ...







Comments