Abstract
A thread-modular proof for the correctness of a concurrent program is based on an inductive and interference-free annotation of each thread. It is well-known that the corresponding proof system is not complete (unless one adds auxiliary variables). We describe a hierarchy of proof systems where each level k corresponds to a generalized notion of thread modularity (level 1 corresponds to the original notion). Each level is strictly more expressive than the previous. Further, each level precisely captures programs that can be proved using uniform Ashcroft invariants with k universal quantifiers. We demonstrate the usefulness of the hierarchy by giving a compositional proof of the Mach shootdown algorithm for TLB consistency. We show a proof at level 2 that shows the algorithm is correct for an arbitrary number of CPUs. However, there is no proof for the algorithm at level 1 which does not involve auxiliary state.
- Mart´ın Abadi and Leslie Lamport. Conjoining specifications. Transactions on Programming Languages and Systems, 17(3), 1995. Google Scholar
Digital Library
- P. A. Abdulla, K. ˇ Cerans, B. Jonsson, and Y.-K. Tsay. Algorithmic analysis of programs with well quasi-ordered domains. Information and Computation, 160(1–2), 2000. Google Scholar
Digital Library
- Parosh Aziz Abdulla, Yu-Fang Chen, Giorgio Delzanno, Frédéric Haziza, Chih-Duo Hong, and Ahmed Rezine. Constrained monotonic abstraction: A CEGAR for parameterized verification. In CONCUR, 2010.Google Scholar
Cross Ref
- Parosh Aziz Abdulla, Frédéric Haziza, and Lukás Hol´ık. All for the price of few. In VMCAI, 2013. Google Scholar
Digital Library
- Parosh Aziz Abdulla, Frédéric Haziza, and Lukás Hol´ık. Parameterized verification through view abstraction. STTT, 18(5), 2016. Google Scholar
Digital Library
- Krzysztof R. Apt, Frank S. de Boer, and Ernst-Rüdiger Olderog. Verification of Sequential and Concurrent Programs. Springer, 2009. Google Scholar
Digital Library
- Tamarah Arons, Amir Pnueli, Sitvanit Ruah, Jiazhao Xu, and Lenore D. Zuck. Parameterized verification with automatically computed inductive assertions. In CAV, 2001. Google Scholar
Digital Library
- Edward A. Ashcroft. Proving assertions about parallel programs. J. Comput. Syst. Sci., 10(1), 1975. Google Scholar
Digital Library
- Thomas Ball, Andreas Podelski, and Sriram K. Rajamani. Boolean and cartesian abstraction for model checking C programs. STTT, 5(1), 2003. Google Scholar
Digital Library
- Josh Berdine, Tal Lev-Ami, Roman Manevich, G. Ramalingam, and Shmuel Sagiv. Thread quantification for concurrent shape analysis. In CAV, 2008. Google Scholar
Digital Library
- Josh Berdine, Tal Lev-Ami, Roman Manevich, G. Ramalingam, and Shmuel Sagiv. Thread quantification for concurrent shape analysis. In CAV, 2008. Google Scholar
Digital Library
- David L. Black. Personal communication., 2016.Google Scholar
- David L. Black, Richard F. Rashid, David B. Golub, Charles R. Hill, and Robert V. Baron. Translation lookaside buffer consistency: A software approach. In ASPLOS-III, 1989. Google Scholar
Digital Library
- Ariel Cohen and Kedar S. Namjoshi. Local proofs for global safety properties. Formal Methods in System Design, 34(2), 2009. Google Scholar
Digital Library
- Patrick Cousot and Radhia Cousot. Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In POPL, 1977. Google Scholar
Digital Library
- Patrick Cousot and Radhia Cousot. Reasoning about program invariance proof methods. Res. rep. CRIN-80-P050, Centre de Recherche en Informatique de Nancy (CRIN), Institut National Polytechnique de Lorraine, Nancy, France, July 1980.Google Scholar
- Patrick Cousot and Radhia Cousot. Invariance proof methods and analysis techniques for parallel programs. In Automatic program construction techniques. Macmillan, 1984.Google Scholar
- Alastair Donaldson, Alexander Kaiser, Daniel Kroening, and Thomas Wahl. Symmetry-aware predicate abstraction for shared-variable concurrent programs. In CAV, volume 6806, 2011. Google Scholar
Digital Library
- Alastair F. Donaldson, Alexander Kaiser, Daniel Kroening, Michael Tautschnig, and Thomas Wahl. Counterexample-guided abstraction refinement for symmetric concurrent programs. Formal Methods in System Design, 41(1), 2012. Google Scholar
Digital Library
- Klaus Dräger, Andrey Kupriyanov, Bernd Finkbeiner, and Heike Wehrheim. SLAB: A certifying model checker for infinite-state concurrent systems. In TACAS, 2010.Google Scholar
Digital Library
- Michael Emmi, Rupak Majumdar, and Roman Manevich. Parameterized verification of transactional memories. In PLDI, 2010. Google Scholar
Digital Library
- Azadeh Farzan and Zachary Kincaid. Verification of parameterized concurrent programs by modular reasoning about data and control. In POPL, 2012. Google Scholar
Digital Library
- Azadeh Farzan, Zachary Kincaid, and Andreas Podelski. Inductive data flow graphs. In POPL, 2013. Google Scholar
Digital Library
- Azadeh Farzan, Zachary Kincaid, and Andreas Podelski. Proofs that count. In POPL, 2014. Google Scholar
Digital Library
- Azadeh Farzan, Zachary Kincaid, and Andreas Podelski. Proof spaces for unbounded parallelism. In POPL, 2015. Google Scholar
Digital Library
- Azadeh Farzan, Zachary Kincaid, and Andreas Podelski. Proving liveness of parameterized programs. In LICS, 2016. Google Scholar
Digital Library
- Cormac Flanagan, Stephen N. Freund, and Shaz Qadeer. Threadmodular verification for shared-memory programs. In ESOP, 2002. Google Scholar
Digital Library
- Cormac Flanagan, Stephen N. Freund, Shaz Qadeer, and Sanjit A. Seshia. Modular verification of multithreaded programs. Theoretical Computer Science, 338(1-3), 2005. Google Scholar
Digital Library
- Silvio Ghilardi and Silvio Ranise. Backward reachability of arraybased systems by SMT solving: Termination and invariant synthesis. Logical Methods in Computer Science, 6(4), 2010.Google Scholar
- Sergey Grebenshchikov, Nuno P. Lopes, Corneliu Popeea, and Andrey Rybalchenko. Synthesizing software verifiers from proof rules. In PLDI, 2012. Google Scholar
Digital Library
- Ashutosh Gupta, Corneliu Popeea, and Andrey Rybalchenko. Threader: A constraint-based verifier for multi-threaded programs. In CAV, 2011. Google Scholar
Digital Library
- Arie Gurfinkel, Sharon Shoham, and Yuri Meshman. SMT-based verification of parameterized systems. In FSE, 2016. Google Scholar
Digital Library
- Thomas A. Henzinger, Ranjit Jhala, and Rupak Majumdar. Race checking by context inference. In PLDI, 2004. Google Scholar
Digital Library
- Thomas A. Henzinger, Ranjit Jhala, Rupak Majumdar, and Shaz Qadeer. Thread-modular abstraction refinement. In CAV, 2003.Google Scholar
- Hossein Hojjat, Philipp Rümmer, Pavle Subotic, and Wang Yi. Horn clauses for communicating timed systems. In Workshop on Horn Clauses for Verification and Synthesis, 2014.Google Scholar
Cross Ref
- Joxan Jaffar and Andrew E. Santosa. Recursive abstractions for parameterized systems. In FM, 2009. Google Scholar
Digital Library
- Cliff B. Jones. Tentative steps toward a development method for interfering programs. Transactions on Programming Languages and Systems, 5(4), 1983. Google Scholar
Digital Library
- Alexander Kaiser, Daniel Kroening, and Thomas Wahl. Lost in abstraction: Monotonicity in multi-threaded programs. In CONCUR, 2014.Google Scholar
Cross Ref
- Shuvendu K. Lahiri, Alexander Malkis, and Shaz Qadeer. Abstract threads. In VMCAI, 2010. Google Scholar
Digital Library
- Leslie Lamport. Proving the correctness of multiprocess programs. Transactions on Software Engineering, 3(2), 1977. Google Scholar
Digital Library
- R. Lipton. The reachability problem is exponential-space hard. Technical Report 62, Department of Computer Science, Yale University, 1976.Google Scholar
- Alexander Malkis, Andreas Podelski, and Andrey Rybalchenko. Thread-modular verification is Cartesian abstract interpretation. In ICTAC, 2006. Google Scholar
Digital Library
- Alexander Malkis, Andreas Podelski, and Andrey Rybalchenko. Precise thread-modular verification. In SAS, 2007. Google Scholar
Digital Library
- David Monniaux and Laure Gonnord. Cell morphing: From array programs to array-free horn clauses. In SAS, 2016.Google Scholar
- Kedar S. Namjoshi. Symmetry and completeness in the analysis of parameterized systems. In VMCAI, 2007. Google Scholar
Digital Library
- Leonor Prensa Nieto. Completeness of the Owicki-Gries system for parameterized parallel programs. In IPDPS, 2001.Google Scholar
- Susan S. Owicki. Axiomatic proof techniques for parallel programs. PhD thesis, Cornell University, 1975. Google Scholar
Digital Library
- Amir Pnueli, Sitvanit Ruah, and Lenore D. Zuck. Automatic deductive verification with invisible invariants. In TACAS, 2001. Google Scholar
Digital Library
- Hartley Rogers, Jr. Theory of recursive functions and effective computability. MIT Press, 1987. Google Scholar
Digital Library
- Alejandro Sánchez and César Sánchez. Parametrized invariance for infinite state processes. Acta Inf., 52(6), 2015. Google Scholar
Digital Library
- Alejandro Sánchez, Sriram Sankaranarayanan, César Sánchez, and Bor-Yuh Evan Chang. Invariant generation for parametrized systems using self-reflection. In SAS, 2012.Google Scholar
Digital Library
- Michal Segalov, Tal Lev-Ami, Roman Manevich, Ganesan Ramalingam, and Mooly Sagiv. Abstract transformers for thread correlation analysis. In APLAS, 2009. Google Scholar
Digital Library
- Natarajan Shankar. Combining theorem proving and model checking through symbolic analysis. In CONCUR, 2000. Google Scholar
Digital Library
Index Terms
Thread modularity at many levels: a pearl in compositional verification
Recommendations
Thread modularity at many levels: a pearl in compositional verification
POPL '17: Proceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming LanguagesA thread-modular proof for the correctness of a concurrent program is based on an inductive and interference-free annotation of each thread. It is well-known that the corresponding proof system is not complete (unless one adds auxiliary variables). We ...
Parameterized verification of transactional memories
PLDI '10We describe an automatic verification method to check whether transactional memories ensure strict serializability a key property assumed of the transactional interface. Our main contribution is a technique for effectively verifying parameterized ...
Parameterized verification of transactional memories
PLDI '10: Proceedings of the 31st ACM SIGPLAN Conference on Programming Language Design and ImplementationWe describe an automatic verification method to check whether transactional memories ensure strict serializability a key property assumed of the transactional interface. Our main contribution is a technique for effectively verifying parameterized ...







Comments