Presentation is loading. Please wait.

Presentation is loading. Please wait.

On Sequentializing Concurrent Programs (Bounded Model Checking) Gennaro Parlato University of Southampton, UK UPMARC 7 th Summer School on Multicore Computing,

Published byBenjamin Webb Modified over 8 years ago

Similar presentations

Presentation on theme: "On Sequentializing Concurrent Programs (Bounded Model Checking) Gennaro Parlato University of Southampton, UK UPMARC 7 th Summer School on Multicore Computing,"— Presentation transcript:

1 On Sequentializing Concurrent Programs (Bounded Model Checking) Gennaro Parlato University of Southampton, UK UPMARC 7 th Summer School on Multicore Computing, June 8-10, 2015

2 Concurrent Programs - Reachability Problem concurrent C programs POSIX threads SC memory model reachability assertion failure out-of-bound array division-by-zero, … bounded model checking (BMC) bug-finding, not complete analysis SHARED MEMORY … T1T1 T2T2 TNTN THREADS

3 BMC approach – Sequential Programs Efficient tools for C BLITZ [ Cho, D'Silva, Song – ASE’13 ] CBMC [ Clarke, Kroening, Lerda – TACAS’04 ] LLBMC [ Falke, Merz, Sinz – ASE’13 ] ESBMC [ Cordeiro, Fischer, Marques-Silva – ASE’09 ] PROGRAM BOUNDED PROGRAM SAT/SMT FORMULA SOLVER inlining unrolling SSA form

4 direct SAT/SMT approach encode each thread as in the sequential case add a conjunct for shared memory operations all possible interleavings in the bounded program φ threads ∧ φ concurrency papers: [ Sinha, Wang – POPL’11 ] [ Alglave, Kroening, Tautschnig – CAV’13 ] BMC approach - Concurrent C Programs CONC PROGRAM BOUNDED PROGRAM SAT/SMT FORMULA SOLVER concurrency handling

5 Sequentialization pros reuse robust BMC sequential analysis tools fast prototyping of concurrency handling delegating all sequential reasoning to an existing target analysis tool easier to implement than full-fledged tools CONC PROGRAM BOUNDED PROGRAM SAT/SMT FORMULA SOLVER SEQ PROGRAM SEQUENTIALIZATION (code-to-code translation) BMC SEQ TOOL

6 SEQUENTIALIZATION (code-to-code translation) Sequentialization papers proposal [ Qadeer, Wu – PLDI’04 ] eager, bounded context-switch, finite # threads [ Lal, Reps – CAV’08 ] lazy, finite # threads, parameterized [La Torre, Madhusudan, Parlato – CAV’09, CAV’10] thread creation [Bouajjani, Emmi, Parlato – SAS’11] [Emmi, Qadeer, Rakamaric – POPL’11] Lal/Reps for real-time systems [Chaki, Gurfinkel, Strichman – FMCAD’11] message-passing programs [Bouajjani, Emmi -- TACAS’12] CONC PROGRAM BOUNDED PROGRAM SAT/SMT FORMULA SOLVER SEQ PROGRAM BMC SEQ TOOL

7 SEQUENTIALIZATION (code-to-code translation) Sequentialization BMC-based tools (Implementations of variants of Lal/Reps schema) Corral (microsoft research) [ Lal, Qadeer, Lahiri – CAV’12, FSE’14 ] Rek [ Chaki, Gurfinkel, Strichman – FMCAD’11 ] STORM [ Lahiri,Qadeer,Rakamaric CAV’09 ] CONC PROGRAM BOUNDED PROGRAM SAT/SMT FORMULA SOLVER SEQ PROGRAM BMC SEQ TOOL

8 Sequentialization We have designed new sequentializations targeting BMC scalable analyses + surprisingly simple Lazy-CSeq Memory Unwinding CONC PROGRAM BOUNDED PROGRAM SAT/SMT FORMULA SOLVER SEQ PROGRAM SEQUENTIALIZATION (code-to-code translation) BMC SEQ TOOL

9 Lazy-CSeq: Schema Overview (new sequentialization for BMC) [ Inverso–Tomasco–Fischer–La Torre–Parlato, CAV’14 ]

10 Lazy-CSeq Approach BOUNDED PROGRAM BMC SEQUENTIAL TOOL SEQ PROGRAM SEQUENTIALIZATION (code-to-code translation) CONC PROGRAM

11 Bounded Concurrent Programs main() T 0 TNTN T N-1 T1T1 … no loops no function calls Control flow only forward one procedure for each thread

12 Round Robin Schedule main() T 0 TNTN T N-1 T1T1 … Lazy-Cseq sequentialization: captures all bounded Round-Robin computations for a given bound error manifest themselves within very few rounds [ Musuvathi, Qadeer – PLDI’07 ] round 1 round 2 round k round 3

13 Schema Overview … main() T 0 T1T1 TNTN … F0F0 F1F1 FNFN main() bounded concurrent program “equivalent” Sequential program with non determinism Sequentialization (code-to-code translation) Sequentialized functions Driver translates …

14 Naïve Lazy Sequentialization: CROSS PRODUCT SIMULATION pc 0 =0;... pc N =0; local 0 ;... local k ; main() { for (r=0; r<K; r++) for (i=0; i<N; i++) // simulate T i if (active i ) F i (); } main driver a global pc for each thread thread locals  thread global

15 Naïve Lazy Sequentialization: CROSS PRODUCT SIMULATION pc 0 =0;... pc N =0; local 0 ;... local k ; main() { for (r=0; r<K; r++) for (i=0; i<N; i++) // simulate T i if (active i ) F i (); } main driver for each round for each thread T i simulate T i

16 Naïve Lazy Sequentialization: CROSS PRODUCT SIMULATION pc 0 =0;... pc N =0; local 0 ;... local k ; main() { for (r=0; r<K; r++) for (i=0; i<N; i++) // simulate T i if (active i ) F i (); } switch(pc k ) { case 0: goto 0; case 1: goto 1; case 2: goto 2;... case M: goto M; } 1: CS(0); stmt0; 2: CS(1); stmt1; 3: CS(2); stmt2;.. E XE.. M: CS(M); stmt M; main driver F i ()

17 Naïve Lazy Sequentialization: CROSS PRODUCT SIMULATION pc 0 =0;... pc N =0; local 0 ;... local k ; main() { for (r=0; r<K; r++) for (i=0; i<N; i++) // simulate T i if (active i ) F i (); } switch(pc i ) { case 0: goto 0; case 1: goto 1; case 2: goto 2;... case M: goto M; } 1: CS(0); stmt0; 2: CS(1); stmt1; 3: CS(2); stmt2;.. E XE.. M: CS(M); stmt M; main driver F i ()... context-switch resume mechanism

18 Naïve Lazy Sequentialization: CROSS PRODUCT SIMULATION pc 0 =0;... pc N =0; local 0 ;... local k ; main() { for (r=0; r<K; r++) for (i=0; i<N; i++) // simulate T i if (active i ) F i (); } switch(pc k ) { case 0: goto 0; case 1: goto 1; case 2: goto 2;... case M: goto M; } 1: CS(1); stmt0; 2: CS(2); stmt1; 3: CS(3); stmt2;.. E XE... M: CS(M); stmt M; main driver F i ()... Context-switch simulation: #define CS(j) if (*) { pc i =j; return; } Context-switch simulation: #define CS(j) if (*) { pc i =j; return; }

19 Naïve Lazy Sequentialization: CROSS PRODUCT SIMULATION pc 0 =0;... pc N =0; local 0 ;... local k ; main() { for (r=0; r<K; r++) for (i=0; i<N; i++) // simulate T i if (active i ) F i (); } switch(pc k ) { case 0: goto 0; case 1: goto 1; case 2: goto 2;... case M: goto M; } 1: CS(1); stmt0; 2: CS(2); stmt1; 3: CS(3); stmt2;.. E XE... M: CS(M); stmt M; main driver F i ()...

20 Naïve Lazy Sequentialization: CROSS PRODUCT SIMULATION pc 0 =0; pc 1 =0;... pc N =0; local 0 ; local 1 ;... local k ; main() { for (r=0; r<R; r++) for (k=0; k<N; k++) // simulate T k F k (); } switch(pc k ) { case 0: goto 0; case 1: goto 1; case 2: goto 2;... case M: goto M; } 1: CS(0); stmt0; 2: CS(1); stmt1; 3: CS(2); stmt2;.. E XE... M: CS(M); stmt M; main driver... Formula encoding: goto statement to formula add a guard for each crossing control-flow edge = O(M 2 ) guards Formula encoding: goto statement to formula add a guard for each crossing control-flow edge = O(M 2 ) guards

21 pc 0 =0;... pc N =0; local 0 ;... local k ; main() { for (r=0; r<K; r++) for (i=0; i<N; i++) // simulate T i if (active i ) F i (); } switch(pc k ) { case 0: goto 0; case 1: goto 1; case 2: goto 2;... case M: goto M; } 1: CS(0); stmt0; 2: CS(1); stmt1; 3: CS(2); stmt2;.. E XE... M: CS(M); stmt M; main driver F i ()... CSeq-Lazy Sequentialization: CROSS PRODUCT SIMULATION

22 pc 0 =0;... pc N =0; local 0 ;... local k ; main() { for (r=0; r<K; r++) for (i=0; i<N; i++) // simulate T i if (active i ) F i (); } switch(pc k ) { case 0: goto 0; case 1: goto 1; case 2: goto 2;... case M: goto M; } 1: CS(0); stmt0; 2: CS(1); stmt1; 3: CS(2); stmt2;.. E XE... M: CS(M); stmt M; main driver F i ()... CSeq-Lazy Sequentialization: CROSS PRODUCT SIMULATION

23 pc 0 =0;... pc N =0; local 0 ;... local k ; main() { for (r=0; r<K; r++) for (i=0; i<N; i++) // simulate T i if (active i ) F i (); } switch(pc k ) { case 0: goto 0; case 1: goto 1; case 2: goto 2;... case M: goto M; } 1: CS(0); stmt0; 2: CS(1); stmt1; 3: CS(2); stmt2;.. E XE... M: CS(M); stmt M; main driver F i ()... CSeq-Lazy Sequentialization: CROSS PRODUCT SIMULATION

24 switch(pc k ) { case 0: goto 0; case 1: goto 1; case 2: goto 2;... case M: goto M; } 1: CS(1); stmt0; 2: CS(2); stmt1; 3: CS(3); stmt2;.. E XE... M: CS(M); stmt M; main driver F i ()... CSeq-Lazy Sequentialization: CROSS PRODUCT SIMULATION #define CS(j) NEW if (j =nextCS) goto j+1; #define CS(j) NEW if (j =nextCS) goto j+1; pc 0 =0;... pc N =0; local 0 ;... local k ; nextCS; main() for (r=0; r<K; r++) for (i=0; i<N; i++) // simulate T i if (active i ) nextCS = nondet; assume(nextCS>=pc i ) F i (); pc i = nextCS;

25 switch(pc k ) { case 0: goto 0; case 1: goto 1; case 2: goto 2;... case M: goto M; } 1: CS(1); stmt0; 2: CS(2); stmt1; 3: CS(3); stmt2;.. E XE... M: CS(M); stmt M; main driver F i () CSeq-Lazy Sequentialization: CROSS PRODUCT SIMULATION #define CS(j) NEW if (j =nextCS) goto j+1; #define CS(j) NEW if (j =nextCS) goto j+1; pc 0 =0;... pc N =0; local 0 ;... local k ; nextCS; main() for (r=0; r<K; r++) for (i=0; i<N; i++) // simulate T i if (active i ) nextCS = nondet; assume(nextCS>=pc i ) F i (); pc i = nextCS;

26 switch(pc k ) { case 0: goto 0; case 1: goto 1; case 2: goto 2;... case M: goto M; } 1: CS(0); stmt0; 2: CS(1); stmt1; 3: CS(2); stmt2;.. E XE... M: CS(M); stmt M; main driver F i () CSeq-Lazy Sequentialization: CROSS PRODUCT SIMULATION #define CS(j) NEW if (j =nextCS) goto j+1; #define CS(j) NEW if (j =nextCS) goto j+1;... pc 0 =0;... pc N =0; local 0 ;... local k ; nextCS; main() for (r=0; r<K; r++) for (i=0; i<N; i++) // simulate T i if (active i ) nextCS = nondet; assume(nextCS>=pc i ) F i (); pc i = nextCS;

27 resuming + context-switch 1: CS(1); stmt1; 2: CS(2); stmt2; 3: CS(3); stmt3; EXECUTE M: CS(M); stmt M; nextCS... skip pc i... skip #define CS(j) NEW if (j =nextCS) goto j+1; #define CS(j) NEW if (j =nextCS) goto j+1; CSeq-Lazy Sequentialization: CROSS PRODUCT SIMULATION

28 Individual Threads Sequentialization 1: CS(1); stmt1; 2: CS(2); stmt2; 3: CS(3); stmt3; EXECUTE M: CS(M); stmt M;... Formula encoding: goto statement to formula add a guard for each crossing control-flow edge = O(M) guards Formula encoding: goto statement to formula add a guard for each crossing control-flow edge = O(M) guards

29 Individual Threads Sequentialization 1: CS(1); stmt1; 2: CS(2); stmt2; 3: CS(3); stmt3; EXECUTE M: CS(M); stmt M;... #define CS(j) if (j =next_CS) goto pc+1; #define CS(j) if (j =next_CS) goto pc+1; inject light-weight, non- invasive control code no non-determinism no assignments no return inject light-weight, non- invasive control code no non-determinism no assignments no return

30 Experiments

31 Evaluation: bug-hunting SVCOMP’14, Concurrency (UNSAFE instances) Lazy-CSeqConcurrent Tools UR BLITZ CBMC ESBMC LLBMC CBMC ESBMC Corral CSeq Threade r 27_Boop_simple_vf220.3 0.80.4 TO1.91.0117.6 28_buggy_simple_...210.2 0.3 624.70.80.20.3 32_pthread5_vs220.40.30.2 0.8TO2.2n/aTO 40_barrier_vf410.2 0.3 0.6n/a0.8n/a0.7 49_bigshot_p120.3 0.60.31.7n/a 50_bigshot_s120.3 0.60.54.0n/a 53_fib_bench5536.61.015.22.11.831.15.86.36.9 55_fib_bench_longer66155.51.5402.13.13.2150.914.47.210.4 57_fib_bench_longest11 TO214.0TO 75.2TO n/a54.3 61_lazy01110.30.2 0.40.5398.61.30.77.1 63_qrcu121.40.80.7safe0.7TO5.8safeTO 65_queue221.68.81.1TO20.9TOn/a128.7n/a 67_read_write_lock120.50.30.4safe0.4TO1.82.638.4 69_reorder_2210.30.6n/a1.30.7TO1.3n/a2.4 70_reorder_5410.40.9n/a3.30.7TO1.9n/a3.5 72_sigma1611.47.8n/a73.0219.1TOn/a 73_singleton130.70.5 safe1.6TOn/a 75_stack210.20.3 1.00.8TO2.1 151.9 77_stateful01110.2 0.30.50.7TO2.00.70.9 82_twostage_3210.30.8n/a8.04.9TO3.6n/aTO

32 Evaluation: bug-hunting SVCOMP’14, Concurrency (UNSAFE instances) Lazy-CSeqConcurrent Tools UR BLITZ CBMC ESBMC LLBMC CBMC ESBMC Corral CSeq Threade r 27_Boop_simple_vf220.3 0.80.4 TO1.91.0117.6 28_buggy_simple_...210.2 0.3 624.70.80.20.3 32_pthread5_vs220.40.30.2 0.8TO2.2n/aTO 40_barrier_vf410.2 0.3 0.6n/a0.8n/a0.7 49_bigshot_p120.3 0.60.31.7n/a 50_bigshot_s120.3 0.60.54.0n/a 53_fib_bench5536.61.015.22.11.831.15.86.36.9 55_fib_bench_longer66155.51.5402.13.13.2150.914.47.210.4 57_fib_bench_longest11 TO214.0TO 75.2TO n/a54.3 61_lazy01110.30.2 0.40.5398.61.30.77.1 63_qrcu121.40.80.7safe0.7TO5.8safeTO 65_queue221.68.81.1TO20.9TOn/a128.7n/a 67_read_write_lock120.50.30.4safe0.4TO1.82.638.4 69_reorder_2210.30.6n/a1.30.7TO1.3n/a2.4 70_reorder_5410.40.9n/a3.30.7TO1.9n/a3.5 72_sigma1611.47.8n/a73.0219.1TOn/a 73_singleton130.70.5 safe1.6TOn/a 75_stack210.20.3 1.00.8TO2.1 151.9 77_stateful01110.2 0.30.50.7TO2.00.70.9 82_twostage_3210.30.8n/a8.04.9TO3.6n/aTO

33 Remarks Lazy-CSeq is a new sequentialization targeted to BMC backends lazy based on bounded round-robin computations efficient for bug-hunting simple to implement (CSeq framework) Eager vs Lazy no empirical evidence that lazy is faster Lazy does not require an implementation of a memory model and handling of error checks (as opposed to LR sequentialization) Lazy-CSeq won 2 gold medals in the Concurrency category of the last two editions of the software verification competition SV-COMP all verification tasks solved 30x faster than the best tool with native concurrency handling

34 Sequentialization based on Memory Unwinding [ Tomasco–Inverso–Fischer–La Torre–Parlato, TACAS’15 ]

35 T1T2 T3 Interleaving semantics rxwxrxwyrxwxrywyryrxwywx run

36 T1T2 T3 From interleavings to memory unwinding rxwxrxwyrxwxrywy run ryrxwy accesses to shared memory writes rxwxrxwyrxwxrywyryrxwy wx ⇒ Memory unwinding models thread interaction history by data MEMORY UNWINDING wx wywx wy wx wywx wy

37 Memory unwindings as thread interfaces T1T2 Assume-guarantee reasoning style decomposition of verification TASK 1 TASK 2 T1 bounding parameter: # of shared write operations -most concurrency bugs exposed by few interactions [Lu, Park, Seo, Zhou – ASPLOS 2008]

38 Assume-guarantee reasoning T1T2 TASK 1 TASK 2 Thread T2 assumes: MU writes of other threads guarantees: its own MU writes  Task 1:Task 2: Thread T1 assumes: MU writes of other threads guarantees: its own MU writes

39 Verification using MU y=1 …. a=x+5..... x=1 …. for each write check: - right thread id - right variable - right value ensure all writes are matched for each read: - pick value from write in right range x=2 y=1 x=1 x=3 y=8 z=2 Checking assume-guarantee condition for each thread:

40 Simulating a thread against an MU y=1 …. a=x+5..... x=1 …. x=2 y=1 x=1 x=3 y=8 z=2 pc mc Global variable write – check against current MU entry void write(uint t, uint v, int val) { mc[t] = th_nxt_wr[t][mc[t]]; assume(var[mc[t]] == v); assume(val[mc[t]] == val); } pc void write(uint t, uint v, int val) { mc[t] = th_nxt_wr[t][mc[t]]; } mc

41 Simulating a thread against an MU y=1 …. a=x+5..... x=1 …. x=2 y=1 x=1 x=3 y=8 z=2 pc mc Local statement (no global variables) – update pc, keep mc pc

42 Simulating a thread against an MU y=1 …. a=x+5..... x=1 …. x=2 y=1 x=1 x=3 y=8 z=2 pc mc Global variable read – “pick write position in range” int read(uint t, uint v) { if (thr_terminated()) return 0; if (var_fst_wr[v]==0) return 0; uint r_from = *; assume((r_from <= last_wr_pos) && (r_from < th_nxt_wr[t][mc[t]])); assume(var[r_from] == v); if (r_from < mc[t]) assume(var_nxt_wr[r_from] > mc[t]); else { if (r_from < var_fst_wr[v]) return 0; mc[t] = r_from; }; return value[r_from]; } non- deterministic assignment

43 Simulating a thread against an MU y=1 …. a=x+5..... x=1 …. x=2 y=1 x=1 x=3 y=8 z=2 pc mc Global variable read – “pick write position in range” int read(uint t, uint v) { if (thr_terminated()) return 0; if (var_fst_wr[v]==0) return 0; uint r_from = *; assume((r_from <= last_wr_pos) && (r_from < th_nxt_wr[t][mc[t]])); assume(var[r_from] == v); if (r_from < mc[t]) assume(var_nxt_wr[r_from] > mc[t]); else { if (r_from < var_fst_wr[v]) return 0; mc[t] = r_from; }; return value[r_from]; }...before next write of thread... Check in unwinding...

44 Simulating a thread against an MU y=1 …. a=x+5..... x=1 …. x=2 y=1 x=1 x=3 y=8 z=2 pc mc Global variable read – “pick write position in range” int read(uint t, uint v) { if (thr_terminated()) return 0; if (var_fst_wr[v]==0) return 0; uint r_from = *; assume((r_from <= last_wr_pos) && (r_from < th_nxt_wr[t][mc[t]])); assume(var[r_from] == v); if (r_from< mc[t]) assume(var_nxt_wr[nxt_mc] > mc[t]); else { if (r_from< var_fst_wr[v]) return 0; mc[t] = r_from; }; return value[r_from]; }...before next write of thread......right variable...

45 Simulating a thread against an MU y=1 …. a=x+5..... x=1 …. x=2 y=1 x=1 x=3 y=8 z=2 pc mc Global variable read – “pick write position in range” int read(uint t, uint v) { if (thr_terminated()) return 0; if (var_fst_wr[v]==0) return 0; uint r_from = *; assume((r_from <= last_wr_pos) && (r_from < th_nxt_wr[t][mc[t]])); assume(var[r_from] == v); if (r_from < mc[t]) assume(var_nxt_wr[r_from] > mc[t]); else { if (r_from < var_fst_wr[v]) return 0; mc[t] = r_from; }; return value[r_from]; }...right variable......next write of variable in future...

46 Simulating a thread against an MU y=1 …. a=x+5..... x=1 …. x=2 y=1 x=1 x=3 y=8 z=2 pc mc Global variable read – “pick write position in range” int read(uint t, uint v) { if (thr_terminated()) return 0; if (var_fst_wr[v]==0) return 0; uint r_from = *; assume((r_from <= last_wr_pos) && (r_from < th_nxt_wr[t][mc[t]])); assume(var[r_from] == v); if (r_from < mc[t]) assume(var_nxt_wr[r_from] > mc[t]); else { if (r_from < var_fst_wr[v]) return 0; mc[t] = r_from; }; return value[r_from]; }...before next write of variable......else update mc. mc Return value. pc

47 Simulating a thread against an MU y=1 …. a=x+5..... x=1 …. assert(b); x=2 y=1 x=1 x=3 y=8 z=2 Handling errors – “flag that an error occurs” pc translates to if (! b) _error = 1; (computation might not be feasible) translates to if (! b) _error = 1; (computation might not be feasible)

48 Our apporach: sequentialization by MU … T0T0 T1T1 TNTN … F0F0 F1F1 FNFN main() Concurrent program Sequential program Sequentialization (code-to-code translation) Simulation functions translates … MEMORY UNWINDING

49 Main Sequential Program void main(void){ memory_init(W); ct := mem_thread_create(); F 0 (); thread_terminate(ct); all_thread_simulated(); assert(_error == 0) } main instantiate memory unwinding error check all writes of the thread are executed simulation starts from main thread all writes of the MU are executed register main thread Thread creation

50 CSeq framework + Evaluation

51 CSeq framework sequential non-deterministic C program P'P' concurrent C program P sequential analysis tool code-to-code translation is a framework that simplifies code-to-code translations -for C programs + Pthread -comprises several code-to-code translation modules -supports several sequential analysis back-end tools Internal modules -unrolling -function inlining -counter-example … Sequentialisations -Memory-Unwinding -Lazy-CSeq -LR-CSeq … testing Klee bounded model-checking -BLITZ -CBMC -ESBMC -LLBM abstraction -CPA-checker -Frama-C -SATABS http://users.ecs.soton.ac.uk/gp4/cseq/

52 Evaluation [ SV–COMP 2014 2015 ] SV-COMP software verification competition @ TACAS Concurrency category benchmarks: 1003 files Lazy-CSeq won 2 GOLD medals (2014, 2015) MU-CSeq won 2 SILVER medals (2014, 2015)

53 Ongoing & Future Work

54 Sequentializations based on BMC and Abstraction for programs communication through FIFO channels weak memory models (TSO) [Atig, Bouajjani, – CAV 2011 ] message passing interface (MPI) Symbolic partial order reduction based on interleaving partitioning (CEGAR) combining: abstraction interpretation to discard “safe” partitions bug-finding for partitions with “potential” bugs with few interleavings swarm verification (on clusters) implemented using Lazy- and MU-Cseq sequentialization Foundational work: Reasoning about programs using graph representations. Analysis based on graph decompositions. [“The Tree Width of Automata with Auxiliary Storage” Madhusudan, Parlato – POPL 2011 ] for multi-stack pushdown automata communicating either through shared variables or queues) Ongoing work & Future work

55 Sequentializations based on BMC and Abstraction for programs communication through FIFO channels weak memory models (TSO) [Atig, Bouajjani, – CAV 2011 ] message passing interface (MPI) Symbolic partial order reduction based on interleaving partitioning (CEGAR) combining: abstraction interpretation to discard “safe” partitions bug-finding for partitions with “potential” bugs with few interleavings swarm verification (on clusters) implemented using Lazy- and MU-Cseq sequentialization Foundational work: Reasoning about programs using graph representations. Analysis based on graph decompositions. [“The Tree Width of Automata with Auxiliary Storage” Madhusudan, Parlato – POPL 2011 ] for multi-stack pushdown automata communicating either through shared variables or queues) Ongoing work & Future work

56 Thank You users.ecs.soton.ac.uk/gp4/cseq

Download ppt "On Sequentializing Concurrent Programs (Bounded Model Checking) Gennaro Parlato University of Southampton, UK UPMARC 7 th Summer School on Multicore Computing,"

Similar presentations

Bounded Model Checking of Concurrent Data Types on Relaxed Memory Models: A Case Study Sebastian Burckhardt Rajeev Alur Milo M. K. Martin Department of.

Bounded Model Checking of Concurrent Data Types on Relaxed Memory Models: A Case Study Sebastian Burckhardt Rajeev Alur Milo M. K. Martin Department of.
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
© 2007 Eaton Corporation. All rights reserved. LabVIEW State Machine Architectures Presented By Scott Sirrine Eaton Corporation.

© 2007 Eaton Corporation. All rights reserved. LabVIEW State Machine Architectures Presented By Scott Sirrine Eaton Corporation.
Ermenegildo Tomasco University of Southampton, UK Omar Inverso University of Southampton, UK Bernd Fischer Stellenbosch University, South Africa Salvatore.

Ermenegildo Tomasco University of Southampton, UK Omar Inverso University of Southampton, UK Bernd Fischer Stellenbosch University, South Africa Salvatore.
Jeremy Morse, Mikhail Ramalho, Lucas Cordeiro, Denis Nicole, Bernd Fischer ESBMC 1.22 (Competition Contribution)

Jeremy Morse, Mikhail Ramalho, Lucas Cordeiro, Denis Nicole, Bernd Fischer ESBMC 1.22 (Competition Contribution)
A Program Transformation For Faster Goal-Directed Search Akash Lal, Shaz Qadeer Microsoft Research.

A Program Transformation For Faster Goal-Directed Search Akash Lal, Shaz Qadeer Microsoft Research.
An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.

An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.
Α ϒ ʎ …… Reachability Modulo Theories Akash Lal Shaz Qadeer, Shuvendu Lahiri Microsoft Research.

Α ϒ ʎ …… Reachability Modulo Theories Akash Lal Shaz Qadeer, Shuvendu Lahiri Microsoft Research.
“FENDER” AUTOMATIC MEMORY FENCE INFERENCE Presented by Michael Kuperstein, Technion Joint work with Martin Vechev and Eran Yahav, IBM Research 1.

“FENDER” AUTOMATIC MEMORY FENCE INFERENCE Presented by Michael Kuperstein, Technion Joint work with Martin Vechev and Eran Yahav, IBM Research 1.
1 1 Regression Verification for Multi-Threaded Programs Sagar Chaki, SEI-Pittsburgh Arie Gurfinkel, SEI-Pittsburgh Ofer Strichman, Technion-Haifa Originally.

1 1 Regression Verification for Multi-Threaded Programs Sagar Chaki, SEI-Pittsburgh Arie Gurfinkel, SEI-Pittsburgh Ofer Strichman, Technion-Haifa Originally.
1/20 Generalized Symbolic Execution for Model Checking and Testing Charngki PSWLAB Generalized Symbolic Execution for Model Checking and Testing.

1/20 Generalized Symbolic Execution for Model Checking and Testing Charngki PSWLAB Generalized Symbolic Execution for Model Checking and Testing.
© 2012 Carnegie Mellon University Introduction to CBMC Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Arie Gurfinkel November.

© 2012 Carnegie Mellon University Introduction to CBMC Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Arie Gurfinkel November.
Reducing Context-bounded Concurrent Reachability to Sequential Reachability Gennaro Parlato University of Illinois at Urbana-Champaign Salvatore La Torre.

Reducing Context-bounded Concurrent Reachability to Sequential Reachability Gennaro Parlato University of Illinois at Urbana-Champaign Salvatore La Torre.
Verification for Concurrency Part 2: Incomplete techniques and bug finding.

Verification for Concurrency Part 2: Incomplete techniques and bug finding.
The Tree-Width of auxiliary storage Gennaro Parlato (University of Southampton, UK) Joint work: P. Madhusudan – UIUC, USA.

The Tree-Width of auxiliary storage Gennaro Parlato (University of Southampton, UK) Joint work: P. Madhusudan – UIUC, USA.
Symmetry-Aware Predicate Abstraction for Shared-Variable Concurrent Programs Alastair Donaldson, Alexander Kaiser, Daniel Kroening, and Thomas Wahl Computer.

Symmetry-Aware Predicate Abstraction for Shared-Variable Concurrent Programs Alastair Donaldson, Alexander Kaiser, Daniel Kroening, and Thomas Wahl Computer.
1 Spin Model Checker Samaneh Navabpour Electrical and Computer Engineering Department University of Waterloo SE-464 Summer 2011.

1 Spin Model Checker Samaneh Navabpour Electrical and Computer Engineering Department University of Waterloo SE-464 Summer 2011.
The Software Model Checker BLAST by Dirk Beyer, Thomas A. Henzinger, Ranjit Jhala and Rupak Majumdar Presented by Yunho Kim Provable Software Lab, KAIST.

The Software Model Checker BLAST by Dirk Beyer, Thomas A. Henzinger, Ranjit Jhala and Rupak Majumdar Presented by Yunho Kim Provable Software Lab, KAIST.
Testing and Analysis of Device Drivers Supervisor: Abhik Roychoudhury Author: Pham Van Thuan 1.

Testing and Analysis of Device Drivers Supervisor: Abhik Roychoudhury Author: Pham Van Thuan 1.
The Language Theory of Bounded Context-Switching Gennaro Parlato (U. of Illinois, U.S.A.) Joint work with: Salvatore La Torre (U. of Salerno, Italy) P.

The Language Theory of Bounded Context-Switching Gennaro Parlato (U. of Illinois, U.S.A.) Joint work with: Salvatore La Torre (U. of Salerno, Italy) P.

Similar presentations

Ads by Google