skip to main content
research-article

Natural proofs for asynchronous programs using almost-synchronous reductions

Authors Info & Claims
Published:15 October 2014Publication History
Skip Abstract Section

Abstract

We consider the problem of provably verifying that an asynchronous message-passing system satisfies its local assertions. We present a novel reduction scheme for asynchronous event-driven programs that finds almost-synchronous invariants - invariants consisting of global states where message buffers are close to empty. The reduction finds almost-synchronous invariants and simultaneously argues that they cover all local states. We show that asynchronous programs often have almost-synchronous invariants and that we can exploit this to build natural proofs that they are correct. We implement our reduction strategy, which is sound and complete, and show that it is more effective in proving programs correct as well as more efficient in finding bugs in several programs, compared to current search strategies which almost always diverge. The high point of our experiments is that our technique can prove the Windows Phone USB Driver written in P [9]correct for the responsiveness property, which was hitherto not provable using state-of-the-art model-checkers.

References

  1. P. Abdulla, S. Aronis, B. Jonsson, and K. Sagonas. Optimal dynamic partial order reduction. POPL '14, pages 373--384, New York, NY, USA, 2014. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. P. A. Abdulla and B. Jonsson. Verifying programs with unreliable channels. In LICS, pages 160--170, 1993.Google ScholarGoogle ScholarCross RefCross Ref
  3. R. Alur and M. Yannakakis. Model checking of message sequence charts. CONCUR '99, pages 114--129, London, UK, UK, 1999. Springer-Verlag. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. T. Andrews, S. Qadeer, S. K. Rajamani, J. Rehof, and Y. Xie. Zing: A model checker for concurrent software. In CAV, pages 484--487, 2004.Google ScholarGoogle Scholar
  5. S. Basu and T. Bultan. Choreography conformance via synchronizability. WWW '11, pages 795--804, New York, NY, USA, 2011. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. S. Basu, T. Bultan, and M. Ouederni. Synchronizability for verification of asynchronously communicating systems. In VMCAI, pages 56--71, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. A. Bouajjani and M. Emmi. Bounded phase analysis of message-passing programs. TACAS'12, pages 451--465, Berlin, Heidelberg, 2012. Springer-Verlag. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. D. Brand and P. Zafiropulo. On communicating finite-state machines. J. ACM, 30(2):323--342, Apr. 1983. ISSN 0004-5411. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. A. Desai, V. Gupta, E. K. Jackson, S. Qadeer, S. K. Rajamani, and D. Zufferey. P: safe asynchronous event-driven programming. In PLDI, pages 321--332, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. M. Emmi, S. Qadeer, and Z. Rakamarić. Delay-bounded scheduling. POPL '11, pages 411--422, New York, NY, USA, 2011. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. J. Fisher, T. A. Henzinger, M. Mateescu, and N. Piterman. Bounded asynchrony: Concurrency for modeling cell-cell interactions. In FMSB, pages 17--32, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. C. Flanagan and P. Godefroid. Dynamic partial-order reduction for model checking software. POPL '05, pages 110--121, New York, NY, USA, 2005. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. P. Godefroid. Model checking for programming languages using verisoft. POPL '97, pages 174--186, New York, NY, USA, 1997. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. P. Godefroid. Partial-Order Methods for the Verification of Concurrent Systems - An Approach to the State-Explosion Problem. PhD thesis, University of Liege, 1995.Google ScholarGoogle Scholar
  15. P. Godefroid and D. Pirottin. Refining dependencies improves partial-order verification methods (extended abstract). CAV '93, pages 438--449, London, UK, UK, 1993. Springer-Verlag. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. P. Godefroid and P. Wolper. Using partial orders for the efficient verification of deadlock freedom and safety properties. Formal Methods in System Design, 2(2):149--164, 1993. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. M. G. Gouda, E. M. Gurari, T. H. Lai, and L. E. Rosier. On deadlock detection in systems of communicating finite state machines. Comput. Artif. Intell., 6(3):209--228, July 1987. ISSN 0232-0274. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. G. C. Hunt and J. R. Larus. Singularity: Rethinking the software stack. SIGOPS Oper. Syst. Rev., 41(2):37--49, Apr. 2007. ISSN 0163--5980. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. R. Jhala and R. Majumdar. Interprocedural analysis of asynchronous programs. POPL '07, pages 339--350, New York, NY, USA, 2007. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. C. B. Jones. Tentative steps toward a development method for interfering programs. ACM Trans. Program. Lang. Syst., 5(4): 596--619, 1983. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. S. La Torre, P. Madhusudan, and G. Parlato. A robust class of context-sensitive languages. In LICS, pages 161--170, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. S. La Torre, P. Madhusudan, and G. Parlato. Context-bounded analysis of concurrent queue systems. In TACAS, pages 299--314, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. S. Lauterburg, M. Dotta, D. Marinov, and G. Agha. A framework for state-space exploration of java-based actor programs. ASE '09, pages 468--479,Washington, DC, USA, 2009. IEEE Computer Society. ISBN 978-0-7695-3891-4. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. S. Lauterburg, R. K. Karmani, D. Marinov, and G. Agha. Evaluating ordering heuristics for dynamic partial-order reduction techniques. FASE'10, pages 308--322, Berlin, Heidelberg, 2010. Springer-Verlag. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. P. Madhusudan. Reasoning about sequential and branching behaviours of message sequence graphs. ICALP '01, pages 809--820, London, UK, UK, 2001. Springer-Verlag. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. P. Madhusudan and B. Meenakshi. Beyond message sequence graphs. In FSTTCS, pages 256--267, 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. P. Madhusudan and G. Parlato. The tree width of auxiliary storage. In POPL, pages 283--294, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. P. Madhusudan, X. Qiu, and A. Stefanescu. Recursive proofs for inductive tree data-structures. In POPL, pages 123--136, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. A.W. Mazurkiewicz. Trace theory. In Advances in Petri Nets, pages 279--324, 1986. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. M. Musuvathi and S. Qadeer. Iterative context bounding for systematic testing of multithreaded programs. In Proceedings of the 2007 ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI '07, pages 446--455, New York, NY, USA, 2007. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. M. Musuvathi and S. Qadeer. Iterative context bounding for systematic testing of multithreaded programs. PLDI '07, pages 446--455, New York, NY, USA, 2007. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. R. Palmer, G. Gopalakrishnan, and R. M. Kirby. Semantics driven dynamic partial-order reduction of mpi-based parallel programs. PADTAD '07, pages 43--53, New York, NY, USA, 2007. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. E. Pek, X. Qiu, and P. Madhusudan. Natural proofs for data structure manipulation in c using separation logic. In PLDI, page 46, 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. W. Peng and S. Puroshothaman. Data flow analysis of communicating finite state machines. ACM Trans. Program. Lang. Syst., 13(3):399--442, July 1991. ISSN 0164-0925. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. W. Peng and S. Purushothaman. Analysis of a class of communicating finite state machines. Acta Inf., 29(6/7):499--522, 1992. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. S. Qadeer and J. Rehof. Context-bounded model checking of concurrent software. TACAS'05, pages 93--107, Berlin, Heidelberg, 2005. Springer-Verlag. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. S. Qadeer and D. Wu. Kiss: keep it simple and sequential. In PLDI, pages 14--24, 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. X. Qiu, P. Garg, A. Stefanescu, and P. Madhusudan. Natural proofs for structure, data, and separation. In PLDI, pages 231--242, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. K. Sen and M. Viswanathan. Model checking multithreaded programs with asynchronous atomic methods. CAV'06, pages 300--314, Berlin, Heidelberg, 2006. Springer-Verlag. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. S. F. Siegel. Efficient verification of halting properties for mpi programs with wildcard receives. VMCAI'05, pages 413--429, Berlin, Heidelberg, 2005. Springer-Verlag. Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. S. F. Siegel and G. S. Avrunin. Modeling wildcard-free mpi programs for verification. In PPOPP, pages 95--106, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. S. Tasharofi, R. K. Karmani, S. Lauterburg, A. Legay, D. Marinov, and G. Agha. Transdpor: A novel dynamic partial-order reduction technique for testing actor programs. FMOODS'12/FORTE'12, pages 219--234, Berlin, Heidelberg, 2012. Springer-Verlag. Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. P. Thomson, A. F. Donaldson, and A. Betts. Concurrency testing using schedule bounding: An empirical study. In Proceedings of the 19th ACM SIGPLAN Symposium on Principles and Practice of Parallel Programming, PPoPP '14, pages 15--28, New York, NY, USA, 2014. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. A. Udupa, A. Desai, and S. K. Rajamani. Depth bounded explicit-state model checking. In SPIN, pages 57--74, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. A. Valmari. Stubborn sets for reduced state space generation. In Proceedings of the 10th International Conference on Applications and Theory of Petri Nets: Advances in Petri Nets 1990, pages 491--515, London, UK, UK, 1991. Springer-Verlag. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Natural proofs for asynchronous programs using almost-synchronous reductions

              Recommendations

              Comments

              Login options

              Check if you have access through your login credentials or your institution to get full access on this article.

              Sign in

              Full Access

              PDF Format

              View or Download as a PDF file.

              PDF

              eReader

              View online with eReader.

              eReader
              About Cookies On This Site

              We use cookies to ensure that we give you the best experience on our website.

              Learn more

              Got it!