Presentation is loading. Please wait.

Presentation is loading. Please wait.

Reducing Context-bounded Concurrent Reachability to Sequential Reachability Gennaro Parlato University of Illinois at Urbana-Champaign Salvatore La Torre.

Similar presentations


Presentation on theme: "Reducing Context-bounded Concurrent Reachability to Sequential Reachability Gennaro Parlato University of Illinois at Urbana-Champaign Salvatore La Torre."— Presentation transcript:

1 Reducing Context-bounded Concurrent Reachability to Sequential Reachability Gennaro Parlato University of Illinois at Urbana-Champaign Salvatore La Torre (U. Salerno, Italy) P. Madhusudan (U. Illinois U.-C., U.S.A.)

2 What is this talk about?  Translation from concurrent recursive programs to sequential programs that preserves reachability  Use existing technique for sequential programs to analyze concurrent programs Model checkers, Deductive verification, … T1T1 T2T2 TnTn shared vars … Seq. program

3 From concurrent to sequential  Always possible but can be inefficient simulate the global behavior (track all locals of each thread) current techniques do not work  What do we want? avoid the extreme blow-up track at any point only the locals of one thread  What we want is not always possible  But is possible restricted : bounded context-switching reahability [Quadeer,Wu, PLDI’04] errors manifest within few contest-switches [Musuvathi, Qadeer, PLDI’07]

4 Concurrent programs  fixed number of (recursive) threads running in parallel  each thread T i has its own local variables  threads communicate through shared variables T1T1 T2T2 TnTn shared vars … loc

5 Anatomy of a k-CS execution (l, s 1 ) (l, s 2 ) (l’ 1,s 1 ) (l’ 2,s 2 ) T1T1 T2T2

6 A transformation already exists  [Lal, Reps CAV’08] Sequential program 1.Execute T 1 to completion 2.Remember s 1, s 2,…, s k 3.Execute T 2 to completion (l 1,s 1 ) s1s1 s2s2 s3s3 s4s4 s5s5 T1T1 (l 1,s 2 ) (l 2,s 3 ) (l 2,s 4 ) (l 3,s 5 ) store s 1 guess s 2 store s 3 guess s 4 store s 5 T2T2

7 A transformation already exists  [Lal, Reps CAV’08] Sequential program 1.Execute T 1 to completion 2.Remember s 1, s 2,…, s k 3.Execute T 2 to completion (l’ 1,s 1 ) s1s1 s2s2 s3s3 s4s4 s5s5 T1T1 (l’ 2,s 2 ) (l’ 2,s 3 ) (l’ 3,s 4 ) (l’ 3,s 5 ) T2T2 s 2 -> s 3 s 4 -> s 5

8 A transformation already exists  [Lal, Reps CAV’08] s1s1 s2s2 s3s3 s4s4 s5s5 T1T1 s 2 is guessed s 2 may be unreachable EAGER T2T2

9 Eager transformation: disadvantages void thread1() { while (blocked) skip; x = x/y; if (x%2==1) ERROR; } void thread2() { x=12; y=2; //unblock thread2 blocked=false; } // shared variables bool blocked=true; int x=0, y=0; Inv: y != 0 blocked=true blocked=false guess y=0

10 We want a lazy transformation The lazy sequential program explores only reachable states of the concurrent program Why is it desirable? In model-checking it can drastically reduce the explored state-space Better invariants for deductive verification  A lazy transformation to sequential programs was not known

11 Our contribution  Lazy transformation from concurrent to sequential programs that reduces the k context-switches reachability problem  Model-checking Lazy => unreachable states not explored Implementation of translation for Boolean programs Evaluation on a Bluetooth device driver

12 Lazy transformation

13 Lazy transformation: main idea  Execute T 1  Context-switch: store s 1 and abort  Execute T 2 from s 1  store s 2 and abort (l 1,s 1 ) (l’ 1,s 1 ) (l’ 2,s 2 ) T1T1 (l 0,s 0 ) T2T2 store s 1 & abort store s 2 & abort

14 Lazy transformation: main idea  Re-execute T1 till it reaches s1  May reach a new local state!  But is anyway correct !! (l 1,s 1 ) (l’ 1,s 1 ) (l’ 2,s 2 ) T1T1 (l 0,s 0 ) T2T2 store s 1 & abort store s 2 & abort (l’’ 1,s 1 ) store s 3 & abort (l’’ 1,s 2 )

15 Lazy transformation: main idea  Switch to T2  Execute till it reaches s2  Continue computation (l 1,s 1 ) (l’ 1,s 1 ) (l’ 2,s 2 ) T1T1 (l 0,s 0 ) T2T2 store s 1 & abort store s 2 & abort (l’’ 1,s 1 ) store s 3 & abort (l’’’ 1,s 2 ) (l’’ 1,s 2 ) (l’’’ 1,s 3 ) store s 4 & abort

16 Lazy transformation: main idea T1T1 T2T2 store s 1 store s 2 store s 3 store s 4 store s 5 end s1s1 s2s2 s3s3 s4s4 s1s1 s2s2 s3s3 s4s4 s5s5

17 Lazy translation scheme main() Thread1() Output is a sequential program consisting of: Thread2()

18 Lazy translation scheme main() Thread1() stmt1; stmt2; Output is a sequential program consisting of: Thread2()  Guess scheduling  Orchestrate calls to threads  Nondet jump to next context where this thread is active  At last context-switch, store shared state, abort, and return to main

19 Reduction of bounded context-switch reachability Theorem: Let C be a concurrent program, k>0 and pc be a program counter of C pc is reachable in C within k context switches iff pc is reachable in SeqProg k (C)

20 Lazy translation  Explores only reachable states  Preserves invariants across the translation  Tracks local state of one thread at any time  Tracks values of shared variables at context switches (s 1, s 2, …, s k )  Requires recomputation of local states

21 Experiments

22 Model checking concurrent Boolean programs  Boolean programs  Concurrent Boolean programs Boolean programs  We have implemented the eager and lazy translator for concurrent Boolean programs Download: Eager => explores unreachable states Lazy => explores only reachable states

23 Experiments: Windows NT Bluetooth driver Context switches 1-adder 1-stopper 2-adders 1-stopper 1-adder 2-stoppers 2-adders 2-stoppers eagerlazyeagerlazyeagerlazyeagerlazy NNNNNNNNNNNN NNNYYYNNNYYY NNYYYYNNYYYY NNYYYYNNYYYY out of mem

24 Related Work  KISS project [Qadeer-Wu,PLDI’04]  Decidability of context-bounded analysis [Qadeer-Rehof,TACAS05]  Automata-based symbolic solution [Suwimonteerabuth-Esparza-Schwoon,SPIN’08]]  Symbolic fixed-point solution to lazy computation of reachable states [La Torre-Madhusudan-Parlato,PLDI’09]  Eager translation and symbolic algorithm to compute reachable states lazily [Lal-Reps,CAV’08]  Translation for deductive verification [Lahiri-Qadeer-Rakamaric, CAV09] next talk!!

25 Future work We have a lazy transformation for unbounded number of threads!!!


Download ppt "Reducing Context-bounded Concurrent Reachability to Sequential Reachability Gennaro Parlato University of Illinois at Urbana-Champaign Salvatore La Torre."

Similar presentations


Ads by Google