Results 1  10
of
20
Symmetryaware predicate abstraction for sharedvariable concurrent programs
 In CAV
, 2011
"... Abstract. Predicate abstraction is a key enabling technology for applying finitestate model checkers to programs written in mainstream languages. It has been used very successfully for debugging sequential systemlevel C code. Although model checking was originally designed for analyzing concurrent ..."
Abstract

Cited by 10 (5 self)
 Add to MetaCart
Abstract. Predicate abstraction is a key enabling technology for applying finitestate model checkers to programs written in mainstream languages. It has been used very successfully for debugging sequential systemlevel C code. Although model checking was originally designed for analyzing concurrent systems, there is little evidence of fruitful applications of predicate abstraction to sharedvariable concurrent software. The goal of this paper is to close this gap. We have developed a symmetryaware predicate abstraction strategy: it takes into account the replicated structure of C programs that consist of many threads executing the same procedure, and generates a Boolean program template whose multithreaded execution soundly overapproximates the concurrent C program. State explosion during model checking parallel instantiations of this template can now be absorbed by exploiting symmetry. We have implemented our method in the SATABS predicate abstraction framework, and demonstrate its superior performance over alternative approaches on a large range of synchronization programs.
Efficient coverability analysis by proof minimization
 IN: CONCUR
"... We consider multithreaded programs with an unbounded number of threads executing a finitestate, nonrecursive procedure. Safety properties of such programs can be checked via reduction to the coverability problem for wellstructured transition systems (WSTS). In this paper, we present a novel, s ..."
Abstract

Cited by 9 (3 self)
 Add to MetaCart
(Show Context)
We consider multithreaded programs with an unbounded number of threads executing a finitestate, nonrecursive procedure. Safety properties of such programs can be checked via reduction to the coverability problem for wellstructured transition systems (WSTS). In this paper, we present a novel, sound and complete yet empirically much improved solution to this problem. The key idea to achieve a compact search structure is to track uncoverability only for minimal uncoverable elements, even if these elements are not part of the original coverability query. To this end, our algorithm examines elements in the downward closure of elements backwardreachable from the initial queries. A downside is that the algorithm may unnecessarily explore elements that turn out coverable and thus fail to contribute to the proof minimization. We counter this effect using a forward search engine that simultaneously generates (a subset of all) coverable elements, e.g. a generalized KarpMiller procedure. We demonstrate in extensive experiments on C programs that our approach targeting minimal uncoverability proofs outperforms existing techniques by orders of magnitude.
Z.: Verification of parameterized concurrent programs by modular reasoning about data and control
 In: POPL’12
, 2012
"... In this paper, we consider the problem of verifying threadstate properties of multithreaded programs in which the number of active threads cannot be statically bounded. Our approach is based on decomposing the task into two modules, where one reasons about data and the other reasons about control. ..."
Abstract

Cited by 8 (4 self)
 Add to MetaCart
(Show Context)
In this paper, we consider the problem of verifying threadstate properties of multithreaded programs in which the number of active threads cannot be statically bounded. Our approach is based on decomposing the task into two modules, where one reasons about data and the other reasons about control. The data module computes threadstate invariants (e.g., linear constraints over global variables and local variables of one thread) using the thread interference information computed by the control module. The control module computes a representation of thread interference, as an incrementally constructed data flow graph, using the data invariants provided by the data module. These invariants are used to rule out patterns of thread interference that can not occur in a real program execution. The two modules are incorporated into a feedback loop, so that the abstractions of data and interference are iteratively coars
A Cutoff Technique for the Verification of Parameterised Interpreted Systems with Parameterised Environment
, 2013
"... We put forward a cutoff technique for determining the number of agents that is sufficient to consider when checking temporalepistemic specifications on a system of any size. We identify a special class of interleaved interpreted systems for which we give a parameterised semantics and an abstraction ..."
Abstract

Cited by 4 (4 self)
 Add to MetaCart
We put forward a cutoff technique for determining the number of agents that is sufficient to consider when checking temporalepistemic specifications on a system of any size. We identify a special class of interleaved interpreted systems for which we give a parameterised semantics and an abstraction methodology. This enables us to overcome the significant limitations in expressivity present in the stateoftheart. We present an implementation and discuss experimental results.
Parameterized verification of asynchronous sharedmemory systems
 CAV 2013, volume 8044 of LNCS
, 2013
"... Abstract. We characterize the complexity of the safety verification problem for parameterized systems consisting of a leader process and arbitrarily many anonymous and identical contributors. Processes communicate through a shared, boundedvalue register. While each operation on the register is atom ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
(Show Context)
Abstract. We characterize the complexity of the safety verification problem for parameterized systems consisting of a leader process and arbitrarily many anonymous and identical contributors. Processes communicate through a shared, boundedvalue register. While each operation on the register is atomic, there is no synchronization primitive to execute a sequence of operations atomically. We analyze the complexity of the safety verification problem when processes are modeled by finitestate machines, pushdown machines, and Turing machines. The problem is coNPcomplete when all processes are finitestate machines, and is PSPACEcomplete when they are pushdown machines. The complexity remains coNPcomplete when each Turing machine is allowed boundedly many interactions with the register. Our proofs use combinatorial characterizations of computations in the model, and in case of pushdownsystems, some languagetheoretic constructions of independent interest. 1
Keeping a crowd safe: On the complexity of parameterized verification (invited talk
 STACS, volume 25 of LIPIcs
, 2014
"... ar ..."
(Show Context)
An SMTbased approach to coverability analysis
 In CAV 2014
, 2014
"... Abstract. Model checkers based on Petri net coverability have been used successfully in recent years to verify safety properties of concurrent sharedmemory or asynchronous messagepassing software. We revisit a constraint approach to coverability based on classical Petri net analysis techniques. We ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
(Show Context)
Abstract. Model checkers based on Petri net coverability have been used successfully in recent years to verify safety properties of concurrent sharedmemory or asynchronous messagepassing software. We revisit a constraint approach to coverability based on classical Petri net analysis techniques. We show how to utilize an SMT solver to implement the constraint approach, and additionally, to generate an inductive invariant from a safety proof. We empirically evaluate our procedure on a large set of existing Petri net benchmarks. Even though our technique is incomplete, it can quickly discharge most of the safe instances. Additionally, the inductive invariants computed are usually orders of magnitude smaller than those produced by existing solvers. 1
Proofs That Count
"... Counting arguments are among the most basic proof methods in mathematics. Within the field of formal verification, they are useful for reasoning about programs with infinite control, such as programs with an unbounded number of threads, or (concurrent) programs with recursive procedures. While co ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
(Show Context)
Counting arguments are among the most basic proof methods in mathematics. Within the field of formal verification, they are useful for reasoning about programs with infinite control, such as programs with an unbounded number of threads, or (concurrent) programs with recursive procedures. While counting arguments are common in informal, handwritten proofs of such programs, there are no fully automated techniques to construct counting arguments. The key questions involved in automating counting arguments are: how to decide what should be counted?, and how to decide when a counting argument is valid? In this paper, we present a technique for automatically constructing and checking counting arguments, which includes novel solutions to these questions.
Duet: Static Analysis for Unbounded Parallelism
"... Abstract. Duet is a static analysis tool for concurrent programs in which the number of executing threads is not statically bounded. Duet has a modular architecture, which is based on separating the invariant synthesis problem in two subtasks: (1) data dependence analysis, which is used to construc ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
(Show Context)
Abstract. Duet is a static analysis tool for concurrent programs in which the number of executing threads is not statically bounded. Duet has a modular architecture, which is based on separating the invariant synthesis problem in two subtasks: (1) data dependence analysis, which is used to construct a data flow model of the program, and (2) domain, which generates invariants. This separation of concerns allows researchers working on data dependence analysis and abstract domains to combine their efforts toward solving the challenging problem of static analysis for unbounded concurrency. In this paper, we discuss the architecture of Duet as well as two data dependence analyses that have been implemented in the tool. 1