Abstract
A classical result by Ramalingam about synchronization-sensitive interprocedural program analysis implies that reachability for concurrent threads running recursive procedures is undecidable. A technique proposed by Qadeer and Rehof, to bound the number of context switches allowed between the threads, leads to an incomplete solution that is, however, believed to catch “most bugs” in practice, as errors tend to occur within few contexts. The question of whether the technique can also prove the absence of bugs at least in some cases has remained largely open.
Toward closing this gap, we introduce in this article the generic verification paradigm of observation sequences for resource-parameterized programs. Such a sequence observes how increasing the resource parameter affects the reachability of states satisfying a given property. The goal is to show that increases beyond some “cutoff” parameter value have no impact on the reachability—the sequence has converged. This allows us to conclude that the property holds for all parameter values.
We applied this paradigm to the context-unbounded program analysis problem, choosing the resource to be the number of permitted thread context switches. The result is a partially correct interprocedural reachability analysis technique for concurrent shared-memory programs. Our technique may not terminate but is able to both refute and prove context-unbounded safety for such programs. We demonstrate the effectiveness and efficiency of the technique using a variety of benchmark programs. The safe instances cannot be proved safe by earlier, context-bounded methods.
- Parosh Abdulla, Frédéric Haziza, and Lukáš Holík. 2016. Parameterized verification through view abstraction. Int. J. Softw. Tools Technol. Transf. 18, 5 (Oct. 2016), 495--516. DOI:https://doi.org/10.1007/s10009-015-0406-xGoogle Scholar
- Rajeev Alur and P. Madhusudan. 2004. Visibly pushdown languages. In Proceedings of the 36th Annual ACM Symposium on Theory of Computing (STOC’04). ACM, New York, NY, 202--211. http://doi.acm.org/10.1145/1007352.1007390Google Scholar
- Rajeev Alur and P. Madhusudan. 2009. Adding nesting structure to words. J. ACM 56, 3 (May 2009), Article 16, 43 pages. http://doi.acm.org/10.1145/1516512.1516518Google Scholar
Digital Library
- Mohamed Faouzi Atig, Benedikt Bollig, and Peter Habermehl. 2008. Emptiness of multi-pushdown automata is 2ETIME-complete. In Proceedings of the 12th International Conference on Developments in Language Theory (DLT’08). 121--133.Google Scholar
Digital Library
- Mohamed Faouzi Atig, Ahmed Bouajjani, and Shaz Qadeer. 2009. Context-bounded analysis for concurrent programs with dynamic creation of threads. In Proceedings of the 15th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS’09). 107--123. DOI:https://doi.org/10.1007/978-3-642-00768-2_11Google Scholar
Digital Library
- Thomas Ball and Sriram K. Rajamani. 2000. Bebop: A symbolic model checker for Boolean programs. In Proceedings of the International SPIN Workshop on Model Checking of Software (SPIN’00). 113--130.Google Scholar
Cross Ref
- Dirk Beyer. 2019. Sv-benchmarks. Retrieved October 16, 2020 from https://github.com/sosy-lab/sv-benchmarks/tree/master/clauses/BOOL.Google Scholar
- Jesse D. Bingham. 2005. A new approach to upward-closed set backward reachability analysis. Electr. Notes Theor. Comput. Sci. 138, 3 (2005), 37--48. DOI:https://doi.org/10.1016/j.entcs.2005.01.045Google Scholar
Digital Library
- Benedikt Bollig, Dietrich Kuske, and Roy Mennicke. 2017. The complexity of model checking multi-stack systems. Theor. Comp. Sys. 60, 4 (May 2017), 695--736. DOI:https://doi.org/10.1007/s00224-016-9700-6Google Scholar
- Ahmed Bouajjani, Michael Emmi, and Gennaro Parlato. 2011. On sequentializing concurrent programs. In Proceedings of the 18th International Conference on Static Analysis (SAS’11). 129--145. http://dl.acm.org/citation.cfm?id=2041552.2041565.Google Scholar
Digital Library
- Ahmed Bouajjani, Javier Esparza, and Oded Maler. 1997. Reachability analysis of pushdown automata: Application to model-checking. In Proceedings of the 8th International Conference on Concurrency Theory (CONCUR’97). 135--150. http://dl.acm.org/citation.cfm?id=646732.701281.Google Scholar
Digital Library
- Ahmed Bouajjani, Javier Esparza, Stefan Schwoon, and Jan Strejček. 2005. Reachability analysis of multithreaded software with asynchronous communication. In Proceedings of the 25th International Conference on Foundations of Software Technology and Theoretical Computer Science (FSTTCS’05). 348--359. DOI:https://doi.org/10.1007/11590156_28Google Scholar
Digital Library
- Ahmed Bouajjani, Séverine Fratani, and Shaz Qadeer. 2007. Context-bounded analysis of multithreaded programs with dynamic linked structures. In Proceedings of the 19th International Conference on Computer-Aided Verification (CAV’07). 207--220. http://dl.acm.org/citation.cfm?id=1770351.1770383.Google Scholar
Digital Library
- Ahmed Bouajjani, Markus Müller-Olm, and Tayssir Touili. 2005. Regular symbolic analysis of dynamic networks of pushdown systems. In Proceedings of the 16th International Conference on Concurrency Theory (CONCUR’05). 473--487. DOI:https://doi.org/10.1007/11539452_36Google Scholar
Digital Library
- Luca Breveglieri, Alessandra Cherubini, Claudio Citrini, and Stefano Crespi Reghizzi. 1996. Multi-pushdown languages and grammars. Int. J. Found. Comput. Sci. 07, 03 (1996), 253--291. https://doi.org/10.1142/S0129054196000191Google Scholar
Cross Ref
- S. Chaki, E. Clarke, N. Kidd, T. Reps, and T. Touili. 2006. Verifying concurrent message-passing C programs with recursive calls. In Proceedings of the 12th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS’06). 334--349. DOI:https://doi.org/10.1007/11691372_22Google Scholar
- Patrick Cousot and Radhia Cousot. 1977. Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In Proceedings of the 4th ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages (POPL’77). 238--252.Google Scholar
Digital Library
- E. Allen Emerson and Vineet Kahlon. 2000. Reducing model checking of the many to the few. In Proceedings of the 17th International Conference on Automated Deduction (CADE-17). 236--254. http://dl.acm.org/citation.cfm?id=648236.753642.Google Scholar
Digital Library
- Michael Emmi, Shaz Qadeer, and Zvonimir Rakamarić. 2011. Delay-bounded scheduling. In Proceedings of the 38th ACM SIGPLAN Symposium on Principles of Programming Languages (POPL’11). ACM, New York, NY, 411--422. DOI:https://doi.org/10.1145/1926385.1926432Google Scholar
Digital Library
- Alain Finkel, Bernard Willems, and Pierre Wolper. 1997. A direct symbolic approach to model checking pushdown systems. Elec. Not. Theor. Comput. Sci. 9 (1997), 27--37. DOI:https://doi.org/10.1016/S1571-0661(05)80426-8Google Scholar
Cross Ref
- Naghmeh Ghafari, Alan J. Hu, and Zvonimir Rakamarić. 2010. Context-bounded translations for concurrent software: An empirical evaluation. In Proceedings of the 17th International SPIN Conference on Model Checking Software (SPIN’10). 227--244. http://dl.acm.org/citation.cfm?id=1928137.1928160.Google Scholar
Cross Ref
- John Hopcroft and Jeffrey Ullman. 1979. Introduction to Automata Theory, Languages and Computation. Addison-Wesley.Google Scholar
- Vineet Kahlon and Aarti Gupta. 2007. On the analysis of interacting pushdown systems. In Proceedings of the 34th ACM SIGPLAN Symposium on Principles of Programming Languages (POPL’07). ACM, New York, NY, 303--314. DOI:https://doi.org/10.1145/1190216.1190262Google Scholar
Digital Library
- Vineet Kahlon, Franjo Ivančić, and Aarti Gupta. 2005. Reasoning about threads communicating via locks. In Proceedings of the 17th International Conference on Computer-Aided Verification (CAV’05). 505--518. DOI:https://doi.org/10.1007/11513988_49Google Scholar
Digital Library
- Alexander Kaiser, Daniel Kroening, and Thomas Wahl. 2010. Dynamic cutoff detection in parameterized concurrent programs. In Proceedings of the 22nd International Conference on Computer-Aided Verification (CAV’10). 645--659. DOI:https://doi.org/10.1007/978-3-642-14295-6_55Google Scholar
Digital Library
- Anvesh Komuravelli, Arie Gurfinkel, and Sagar Chaki. 2014. SMT-based model checking for recursive programs. In Proceedings of the 16th International Conference on Computer-Aided Verification (CAV’14). 17--34.Google Scholar
Digital Library
- Dénes König. 1927. Über eine Schlussweise aus dem Endlichen ins Unendliche (in German). Acta Sci. Math. (Szeged) 3, 2–3, 121--130.Google Scholar
- H. T. Kung and Philip L. Lehman. 1980. Concurrent manipulation of binary search trees. ACM Trans. Database Syst. 5, 3 (Sept. 1980), 354--382. DOI:https://doi.org/10.1145/320613.320619Google Scholar
Digital Library
- Salvatore La Torre, Parthasarathy Madhusudan, and Gennaro Parlato. 2007. A robust class of context-sensitive languages. In Proceedings of the 22nd Annual IEEE Symposium on Logic in Computer Science (LICS’07). IEEE, Los Alamitos, CA, 161--170. DOI:https://doi.org/10.1109/LICS.2007.9Google Scholar
Digital Library
- Salvatore La Torre, P. Madhusudan, and Gennaro Parlato. 2008. Context-bounded analysis of concurrent queue systems. In Proceedings of the 14th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS’08). 299--314. http://dl.acm.org/citation.cfm?id=1792734.1792762.Google Scholar
Digital Library
- Salvatore La Torre, P. Madhusudan, and Gennaro Parlato. 2009. Reducing context-bounded concurrent reachability to sequential reachability. In Proceedings of the 21st International Conference on Computer-Aided Verification (CAV’09). 477--492. DOI:https://doi.org/10.1007/978-3-642-02658-4_36Google Scholar
Digital Library
- Salvatore La Torre, P. Madhusudan, and Gennaro Parlato. 2010. Model-checking parameterized concurrent programs using linear interfaces. In Proceedings of the 22nd International Conference on Computer-Aided Verification (CAV’10). 629--644. DOI:https://doi.org/10.1007/978-3-642-14295-6_54Google Scholar
Digital Library
- Salvatore La Torre and Margherita Napoli. 2011. Reachability of multistack pushdown systems with scope-bounded matching relations. In Proceedings of the 22nd International Conference on Concurrency Theory (CONCUR’11). 203--218. http://dl.acm.org/citation.cfm?id=2040235.2040253.Google Scholar
Digital Library
- Salvatore La Torre, Margherita Napoli, and Gennaro Parlato. 2016. Scope-bounded pushdown languages. Int. J. Found. Comput. Sci. 27, 02 (2016), 215--233. DOI:https://doi.org/10.1142/S0129054116400074Google Scholar
Cross Ref
- Salvatore La Torre, Madhusudan Parthasarathy, and Gennaro Parlato. 2009. Analyzing recursive programs using a fixed-point calculus. In Proceedings of the 30th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI’09). ACM, New York, NY, 211--222. DOI:https://doi.org/10.1145/1542476.1542500Google Scholar
Digital Library
- Akash Lal and Thomas Reps. 2009. Reducing concurrent analysis under a context bound to sequential analysis. Form. Methods Syst. Des. 35, 1 (Aug. 2009), 73--97. DOI:https://doi.org/10.1007/s10703-009-0078-9Google Scholar
Digital Library
- Peizun Liu and Thomas Wahl. 2018. CUBA: Interprocedural context-unbounded analysis of concurrent programs. In Proceedings of the 39th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI’18). 105--119.Google Scholar
Digital Library
- Peizun Liu and Thomas Wahl. 2018. Resource-Aware Program Analysis Using Observation Sequences: CUBA. Received December 1, 2019 from https://lpzun.github.io/rapa/apps/cuba/.Google Scholar
Cross Ref
- Peizun Liu, Thomas Wahl, and Akash Lal. 2019. Verifying asynchronous event-driven programs using partial abstract transformers. In Proceedings of the 31st International Conference on Computer-Aided Verification (CAV’19). 386--404.Google Scholar
Cross Ref
- Shan Lu, Soyeon Park, Eunsoo Seo, and Yuanyuan Zhou. 2008. Learning from mistakes: A comprehensive study on real world concurrency bug characteristics. In Proceedings of the 13th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS XIII). ACM, New York, NY, 329--339. DOI:https://doi.org/10.1145/1346281.1346323Google Scholar
Digital Library
- Truc L. Nguyen, Bernd Fischer, Salvatore La Torre, and Gennaro Parlato. 2015. Unbounded lazy-CSeq: A lazy sequentialization tool for C programs with unbounded context switches. In Proceedings of the 21st International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS’15), Vol. 9035. 461--463. DOI:https://doi.org/10.1007/978-3-662-46681-0_45Google Scholar
Digital Library
- Truc L. Nguyen, Bernd Fischer, Salvatore La Torre, and Gennaro Parlato. 2016. Lazy sequentialization for the safety verification of unbounded concurrent programs. In Proceedings of the 14th International Symposium on Automated Technology for Verification and Analysis (ATVA’16). 174--191. DOI:https://doi.org/10.1007/978-3-319-46520-3_12Google Scholar
Cross Ref
- Prathmesh Prabhu, Thomas Reps, Akash Lal, and Nicholas Kidd. 2011. Verifying Concurrent Programs via Bounded Context-Switching and Induction. Technical Report TR-1701. Computer Sciences Department, University of Wisconsin, Madison, WI.Google Scholar
- Shaz Qadeer, Sriram K. Rajamani, and Jakob Rehof. 2004. Summarizing procedures in concurrent programs. In Proceedings of the 31st ACM SIGPLAN Symposium on Principles of Programming Languages (POPL’04). ACM, New York, NY, 245--255. DOI:https://doi.org/10.1145/964001.964022Google Scholar
Digital Library
- Shaz Qadeer and Jakob Rehof. 2005. Context-bounded model checking of concurrent software. In Proceedings of the 11th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS’05). 93--107. DOI:https://doi.org/10.1007/978-3-540-31980-1_7Google Scholar
Digital Library
- Shaz Qadeer and Dinghao Wu. 2004. KISS: Keep it simple and sequential. In Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI’04). ACM, New York, NY, 14--24. DOI:https://doi.org/10.1145/996841.996845Google Scholar
Digital Library
- G. Ramalingam. 2000. Context-sensitive synchronization-sensitive analysis is undecidable. ACM Trans. Program. Lang. Syst. 22, 2 (March 2000), 416--430. DOI:https://doi.org/10.1145/349214.349241Google Scholar
Digital Library
- Stefan Schwoon. 2000. Model-Checking Pushdown Systems. Ph.D. Dissertation. Lehrstuhl für Informatik VII der Technischen Universität München.Google Scholar
- Dejvuth Suwimonteerabuth, Javier Esparza, and Stefan Schwoon. 2008. Symbolic context-bounded analysis of multithreaded Java programs. In Proceedings of the 15th International SPIN Workshop on Model Checking Software (SPIN’08). 270--287. DOI:https://doi.org/10.1007/978-3-540-85114-1_19Google Scholar
Digital Library
Index Terms
Interprocedural Context-Unbounded Program Analysis Using Observation Sequences
Recommendations
CUBA: interprocedural Context-UnBounded Analysis of concurrent programs
PLDI 2018: Proceedings of the 39th ACM SIGPLAN Conference on Programming Language Design and ImplementationA classical result by Ramalingam about synchronization-sensitive interprocedural program analysis implies that reachability for concurrent threads running recursive procedures is undecidable. A technique proposed by Qadeer and Rehof, to bound the number ...
Interprocedural pointer alias analysis
We present practical approximation methods for computing and representing interprocedural aliases for a program written in a language that includes pointers, reference parameters, and recursion. We present the following contributions: (1) a framework ...
CUBA: interprocedural Context-UnBounded Analysis of concurrent programs
PLDI '18A classical result by Ramalingam about synchronization-sensitive interprocedural program analysis implies that reachability for concurrent threads running recursive procedures is undecidable. A technique proposed by Qadeer and Rehof, to bound the number ...






Comments