dynamic reductions for model checking concurrent software
play

Dynamic Reductions for Model Checking Concurrent Software Alfons - PowerPoint PPT Presentation

Sep 21, 2022 •382 likes •905 views

Introduction Transactions Dynamic Experiments Conclusion Dynamic Reductions for Model Checking Concurrent Software Alfons Laarman alfons@laarman.com Henning G unther , Ana Sokolova and Georg Weissenbacher Formal Methods in Systems

  1. Introduction Transactions Dynamic Experiments Conclusion Dynamic Reductions for Model Checking Concurrent Software Alfons Laarman alfons@laarman.com Henning G¨ unther , Ana Sokolova and Georg Weissenbacher Formal Methods in Systems Engineering Vienna University of Technology March 21, 2017 1/14 Alfons Laarman (TU Wien)

  2. Introduction Transactions Dynamic Experiments Conclusion Reductions Model Checking of Concurrent Software 1 Explosion of interleavings 2 Partial-order reduction vs Lipton reduction 3 Symbolic is a challenge 4 Global commutativity is needed, but a severe bottleneck 2/14 Alfons Laarman (TU Wien)

  3. Introduction Transactions Dynamic Experiments Conclusion Reductions Model Checking of Concurrent Software 1 Explosion of interleavings 2 Partial-order reduction vs Lipton reduction 3 Symbolic is a challenge 4 Global commutativity is needed, but a severe bottleneck x = 1; � a = 1; x += 2; b = 2; x += 3; 2/14 Alfons Laarman (TU Wien)

  4. Introduction Transactions Dynamic Experiments Conclusion Reductions Model Checking of Concurrent Software 1 Explosion of interleavings 2 Partial-order reduction vs Lipton reduction 3 Symbolic is a challenge 4 Global commutativity is needed, but a severe bottleneck x = 1; x = 1; � a = 1; x += 2; b = 2; x += 3; 2/14 Alfons Laarman (TU Wien)

  5. Introduction Transactions Dynamic Experiments Conclusion Lipton vs Partial-Order Reduction (POR) l 1 l a a=0; x=1; l 2 l b b=2; y=2; l 3 l c 3/14 Alfons Laarman (TU Wien)

  6. Introduction Transactions Dynamic Experiments Conclusion Lipton vs Partial-Order Reduction (POR) l 1 l a a=0; x=1; a=0; x=1; b=2; x=1; a=0; y=2; l 2 l b b=2; y=2; x=1; b=2; y=2; a=0; l 3 l c y=2; b=2; 3/14 Alfons Laarman (TU Wien)

  7. Introduction Transactions Dynamic Experiments Conclusion Lipton vs Partial-Order Reduction (POR) l 1 l a a=0; a=0; x=1; a=0; x=1; x=1; b=2; x=1; a=0; y=2; l 2 l b b=2; y=2; x=1; b=2; b=2; y=2; a=0; l 3 l c y=2; y=2; b=2; 3/14 Alfons Laarman (TU Wien)

  8. Introduction Transactions Dynamic Experiments Conclusion Lipton vs Partial-Order Reduction (POR) a,b=0,2; x,y=1,2; l 1 l a a=0; a=0; x=1; a=0; x=1; x=1; b=2; x=1; a=0; y=2; l 2 l b b=2; y=2; x=1; b=2; b=2; y=2; a=0; l 3 l c y=2; y=2; b=2; x,y=1,2; a,b=0,2; 3/14 Alfons Laarman (TU Wien)

  9. Introduction Transactions Dynamic Experiments Conclusion Transactions in databases lock A lock B lock C UPDATE unlock C unlock B unlock A 4/14 Alfons Laarman (TU Wien)

  10. Introduction Transactions Dynamic Experiments Conclusion Transactions in databases internal lock A lock B lock C UPDATE unlock C unlock B unlock A 4/14 Alfons Laarman (TU Wien)

  11. Introduction Transactions Dynamic Experiments Conclusion Transactions in databases internal lock A lock B lock C UPDATE unlock C unlock B unlock A commit pre-phase post-phase 4/14 Alfons Laarman (TU Wien)

  12. Introduction Transactions Dynamic Experiments Conclusion Commutativity Action α right commutes with β , i ff α can always be delayed after β : β β α α � 5/14 Alfons Laarman (TU Wien)

  13. Introduction Transactions Dynamic Experiments Conclusion Commutativity Action α right commutes with β , i ff α can always be delayed after β : β β α α � → Definition (Right commutativity ( ⊲ ⊳ )) σ 1 σ 1 β σ 4 → → α ⊲ ⊳ β i ff ∀ σ 1 ,σ 2 ,σ 3 : → ⇒ ∃ σ 4 : → → α α α σ 2 β σ 3 σ 2 β σ 3 → → 5/14 Alfons Laarman (TU Wien)

  14. Introduction Transactions Dynamic Experiments Conclusion Commutativity Action α right commutes with β , i ff α can always be delayed after β : β β α α � → Definition (Right commutativity ( ⊲ ⊳ )) σ 1 σ 1 β σ 4 → → α ⊲ ⊳ β i ff ∀ σ 1 ,σ 2 ,σ 3 : → ⇒ ∃ σ 4 : → → α α α σ 2 β σ 3 σ 2 β σ 3 → → Example An action both-commutes with all actions that access a disjoint set of variables. A lock(/unlock) right(/right)-commutes with other lock and unlock operations. 5/14 Alfons Laarman (TU Wien)

  15. Introduction Transactions Dynamic Experiments Conclusion Commutativity Action α right commutes with β , i ff α can always be delayed after β : β β α α � → Definition (Right commutativity ( ⊲ ⊳ )) σ 1 σ 1 β σ 4 → → α ⊲ ⊳ β i ff ∀ σ 1 ,σ 2 ,σ 3 : → ⇒ ∃ σ 4 : → → α α α σ 2 β σ 3 σ 2 β σ 3 → → Example An action both-commutes with all actions that access a disjoint set of variables. A lock(/unlock) right(/right)-commutes with other lock and unlock operations. Definition (Right-Movability) The action α of thread i is a right-mover, i ff for all j � i : α → → i ⊲ ⊳ → j 5/14 Alfons Laarman (TU Wien)

  16. Introduction Transactions Dynamic Experiments Conclusion Lipton Reduction [Lipton ’77, Lamport et al. ’89] Example (A statement sequence, where x is the only global variable) a = 1; x = 2; b = 3; c = 4; 6/14 Alfons Laarman (TU Wien)

  17. Introduction Transactions Dynamic Experiments Conclusion Lipton Reduction [Lipton ’77, Lamport et al. ’89] Example (A statement sequence, where x is the only global variable) a = 1; x = 2; b = 3; c = 4; a, x, b, c = 1, 2, 3, 4; � 6/14 Alfons Laarman (TU Wien)

  18. Introduction Transactions Dynamic Experiments Conclusion Lipton Reduction [Lipton ’77, Lamport et al. ’89] Lipton Reduction A statement α 1 ; ... ; α n of thread i can be reduced to α 1 ◦ ··· ◦ α n , if for some 1 ≤ k < n , and all j � i : → α 1 ,...,α k − 1 ⊲ ⊳ → j ( pre-phase statements (before α k ) are right movers ) 1 ← ⊳ → j ( post-phase statements (after α k ) are left movers ) α k + 1 ,...,α n ⊲ 2 α 2 α n ∀ σ ∃ σ ′ : σ → i σ ′ → i ◦···◦ (statements after α 1 do not block) 3 Example (A statement sequence, where x is the only global variable) a = 1; x = 2; b = 3; c = 4; a, x, b, c = 1, 2, 3, 4; � 6/14 Alfons Laarman (TU Wien)

  19. Introduction Transactions Dynamic Experiments Conclusion Lipton Reduction [Lipton ’77, Lamport et al. ’89] Lipton Reduction A statement α 1 ; ... ; α n of thread i can be reduced to α 1 ◦ ··· ◦ α n , if for some 1 ≤ k < n , and all j � i : → α 1 ,...,α k − 1 ⊲ ⊳ → j ( pre-phase statements (before α k ) are right movers ) 1 ← ⊳ → j ( post-phase statements (after α k ) are left movers ) α k + 1 ,...,α n ⊲ 2 α 2 α n ∀ σ ∃ σ ′ : σ → i σ ′ → i ◦···◦ (statements after α 1 do not block) 3 Example (A statement sequence, where x is the only global variable) a = 1; x = 2; b = 3; c = 4; a, x, b, c = 1, 2, 3, 4; � x = 6 a = 1 x = 7 x = 8 x = 2 b = 3 x = 9 c = 4 6/14 Alfons Laarman (TU Wien)

  20. Introduction Transactions Dynamic Experiments Conclusion Lipton Reduction [Lipton ’77, Lamport et al. ’89] Lipton Reduction A statement α 1 ; ... ; α n of thread i can be reduced to α 1 ◦ ··· ◦ α n , if for some 1 ≤ k < n , and all j � i : → α 1 ,...,α k − 1 ⊲ ⊳ → j ( pre-phase statements (before α k ) are right movers ) 1 ← ⊳ → j ( post-phase statements (after α k ) are left movers ) α k + 1 ,...,α n ⊲ 2 α 2 α n ∀ σ ∃ σ ′ : σ → i σ ′ → i ◦···◦ (statements after α 1 do not block) 3 Example (A statement sequence, where x is the only global variable) a = 1; x = 2; b = 3; c = 4; a, x, b, c = 1, 2, 3, 4; � x = 6 a = 1 x = 7 x = 8 x = 2 b = 3 x = 9 c = 4 x = 6 x = 7 a = 1 x = 8 x = 2 b = 3 x = 9 c = 4 6/14 Alfons Laarman (TU Wien)

  21. Introduction Transactions Dynamic Experiments Conclusion Lipton Reduction [Lipton ’77, Lamport et al. ’89] Lipton Reduction A statement α 1 ; ... ; α n of thread i can be reduced to α 1 ◦ ··· ◦ α n , if for some 1 ≤ k < n , and all j � i : → α 1 ,...,α k − 1 ⊲ ⊳ → j ( pre-phase statements (before α k ) are right movers ) 1 ← ⊳ → j ( post-phase statements (after α k ) are left movers ) α k + 1 ,...,α n ⊲ 2 α 2 α n ∀ σ ∃ σ ′ : σ → i σ ′ → i ◦···◦ (statements after α 1 do not block) 3 Example (A statement sequence, where x is the only global variable) a = 1; x = 2; b = 3; c = 4; a, x, b, c = 1, 2, 3, 4; � x = 6 a = 1 x = 7 x = 8 x = 2 b = 3 x = 9 c = 4 x = 6 x = 7 a = 1 x = 8 x = 2 b = 3 x = 9 c = 4 x = 6 x = 7 x = 8 a = 1 x = 2 b = 3 x = 9 c = 4 6/14 Alfons Laarman (TU Wien)

  22. Introduction Transactions Dynamic Experiments Conclusion Lipton Reduction [Lipton ’77, Lamport et al. ’89] Lipton Reduction A statement α 1 ; ... ; α n of thread i can be reduced to α 1 ◦ ··· ◦ α n , if for some 1 ≤ k < n , and all j � i : → α 1 ,...,α k − 1 ⊲ ⊳ → j ( pre-phase statements (before α k ) are right movers ) 1 ← ⊳ → j ( post-phase statements (after α k ) are left movers ) α k + 1 ,...,α n ⊲ 2 α 2 α n ∀ σ ∃ σ ′ : σ → i σ ′ → i ◦···◦ (statements after α 1 do not block) 3 Example (A statement sequence, where x is the only global variable) a = 1; x = 2; b = 3; c = 4; a, x, b, c = 1, 2, 3, 4; � x = 6 a = 1 x = 7 x = 8 x = 2 b = 3 x = 9 c = 4 x = 6 x = 7 a = 1 x = 8 x = 2 b = 3 x = 9 c = 4 x = 6 x = 7 x = 8 a = 1 x = 2 b = 3 x = 9 c = 4 x = 6 x = 7 x = 8 a = 1 x = 2 b = 3 c = 4 x = 9 6/14 Alfons Laarman (TU Wien)

Recommend

Checking Consistency Properties: Tractable Reductions to Reachability Constantin Enea IRIF ,

Checking Consistency Properties: Tractable Reductions to Reachability Constantin Enea IRIF ,

Checking Consistency Properties: Tractable Reductions to Reachability Constantin Enea IRIF , University Paris Diderot Concurrent/Distributed Objects Modern computer software is increasingly concurrent performance improvements often

522 views • 29 slides
Dynamic Partial-Order Reduction for Model Checking Software Cormac Flanagan Patrice Godefroid

Dynamic Partial-Order Reduction for Model Checking Software Cormac Flanagan Patrice Godefroid

Dynamic Partial-Order Reduction for Model Checking Software Cormac Flanagan Patrice Godefroid UC Santa Cruz Bell Labs Presented by: Ulrich Mller Model Checking Given a multithreaded program Wed like to check for deadlocks and

462 views • 17 slides
Modeling and Analyzing Concurrent Systems using Model Checking Robert B. France 1 What is

Modeling and Analyzing Concurrent Systems using Model Checking Robert B. France 1 What is

Modeling and Analyzing Concurrent Systems using Model Checking Robert B. France 1 What is Model Checking? Model checking is an automated technique that, given a finite-state model of a system and a logical property , systematically

484 views • 36 slides
Software Model Checking Software Model Checking via Static and Dynamic via Static and Dynamic

Software Model Checking Software Model Checking via Static and Dynamic via Static and Dynamic

Software Model Checking Software Model Checking via Static and Dynamic via Static and Dynamic Program Analysis Program Analysis Patrice Godefroid Godefroid Patrice Bell Laboratories, Lucent Technologies Bell Laboratories, Lucent

1.05k views • 56 slides
Software Model Checking Using Bogor Software Model Checking Using Bogor a Modular and

Software Model Checking Using Bogor Software Model Checking Using Bogor a Modular and

Software Model Checking Using Bogor Software Model Checking Using Bogor a Modular and Extensible Model Checking Framework a Modular and Extensible Model Checking Framework 3rd Estonian Summer School in Computer and System Science

628 views • 34 slides
Software Model Checking Using Bogor Software Model Checking Using Bogor a Modular and

Software Model Checking Using Bogor Software Model Checking Using Bogor a Modular and

Software Model Checking Using Bogor Software Model Checking Using Bogor a Modular and Extensible Model Checking Framework a Modular and Extensible Model Checking Framework 3rd Estonian Summer School in Computer and System Science

777 views • 31 slides
Software Model Checking Using Bogor Software Model Checking Using Bogor a Modular and

Software Model Checking Using Bogor Software Model Checking Using Bogor a Modular and

Software Model Checking Using Bogor Software Model Checking Using Bogor a Modular and Extensible Model Checking Framework a Modular and Extensible Model Checking Framework 3rd Estonian Summer School in Computer and System Science

301 views • 8 slides
Towards efficient model checking for variants of ATL under different semantics Wojciech Penczek

Towards efficient model checking for variants of ATL under different semantics Wojciech Penczek

Specification of Strategic Abilities in ATL* Model checking Multi-Valued ATL* Partial order reductions for sATL* Simpler strategies for Timed ATL Conclusions Towards efficient model checking for variants of ATL under different semantics

1.1k views • 88 slides
SMT-based Software Model Checking: Experimental Comparison of Four Algorithms Matthias Dangl

SMT-based Software Model Checking: Experimental Comparison of Four Algorithms Matthias Dangl

SMT-based Software Model Checking: Experimental Comparison of Four Algorithms Matthias Dangl Joint work with Dirk Beyer University of Passau, Germany SMT-based Software Model Checking Bounded Model Checking ( Cbmc , CPAchecker , Esbmc ,

496 views • 26 slides
Context-Bounded Model Checking of LTL Properties for ANSI-C Software Jeremy Morse, Lucas

Context-Bounded Model Checking of LTL Properties for ANSI-C Software Jeremy Morse, Lucas

Context-Bounded Model Checking of LTL Properties for ANSI-C Software Jeremy Morse, Lucas Cordeiro, Bernd Fischer, Denis Nicole Model Checking C Model checking: normally applied to formal state transition systems checks safety and

439 views • 17 slides
Model Checking Concurrent Systems with Unboundedly Many Processes Using Data Logics Ahmet Kara

Model Checking Concurrent Systems with Unboundedly Many Processes Using Data Logics Ahmet Kara

Model Checking Concurrent Systems with Unboundedly Many Processes Using Data Logics Ahmet Kara MOVEP 2012, Marseille Interaction of Unboundedly Many Processes n m o 1 2 3 p 4 Ahmet Kara Model Checking Concurrent Systems with

852 views • 59 slides
SMT-Based Bounded Model Checking for Embedded ANSI-C Software for Embedded ANSI-C Software

SMT-Based Bounded Model Checking for Embedded ANSI-C Software for Embedded ANSI-C Software

SMT-Based Bounded Model Checking for Embedded ANSI-C Software for Embedded ANSI-C Software Lucas Cordeiro, Bernd Fischer, Joao Marques-Silva b.fischer@ecs.soton.ac.uk Bounded Model Checking (BMC) Basic Idea: check negation of given property

957 views • 33 slides
McErlang a Model Checker for Erlang Programs Lars- Ake Fredlund, Clara Benac Earle

McErlang a Model Checker for Erlang Programs Lars- Ake Fredlund, Clara Benac Earle

McErlang a Model Checker for Erlang Programs Lars- Ake Fredlund, Clara Benac Earle Universidad Polit ecnica de Madrid McErlang basics McErlang is useful for checking concurrent software , not for checking sequential software

957 views • 78 slides
Finding and Understanding Bugs in Software Model Checkers Chengyu Zhang , Ting Su, Yichen Yan,

Finding and Understanding Bugs in Software Model Checkers Chengyu Zhang , Ting Su, Yichen Yan,

Finding and Understanding Bugs in Software Model Checkers Chengyu Zhang , Ting Su, Yichen Yan, Fuyuan Zhang, Geguang Pu, Zhendong Su Software Model Checking 2 Software Model Checking P 3 Software Model Checking P 4 Software

1.41k views • 114 slides
Heuristics for Checking Liveness Properties with Partial Order Reductions A. Duret-Lutz, F.

Heuristics for Checking Liveness Properties with Partial Order Reductions A. Duret-Lutz, F.

Heuristics for Checking Liveness Properties with Partial Order Reductions A. Duret-Lutz, F. Kordon, D. Poitrenaud, E. Renault Tuesday, October 18th E. Renault ATVA16 Tuesday, October 18th 1 / 17 State Space Explosion Two concurrent

941 views • 52 slides
Statistical Statistical Statistical Model Statistical Model Model Checking Model Checking

Statistical Statistical Statistical Model Statistical Model Model Checking Model Checking

Statistical Statistical Statistical Model Statistical Model Model Checking Model Checking Checking Checking for Timed Automata Timed Automata Coll C l C ll b llabora orators: t ors: Peter Bulychev, Alexandre David Axel Legay, Marius

725 views • 59 slides
Framework for Model Checking Concurrent Programs in Maude Gorka Surez-Garca Departamento de

Framework for Model Checking Concurrent Programs in Maude Gorka Surez-Garca Departamento de

Framework for Model Checking Concurrent Programs in Maude Gorka Surez-Garca Departamento de Sistemas Informticos y Computacin Universidad Complutense de Madrid gorka.suarez@ucm.es Table of Contents 1. Introduction 2. The Maude

512 views • 22 slides
Hoare Logic and Model Checking Model Checking Lecture 11: Model checking for Computation Tree

Hoare Logic and Model Checking Model Checking Lecture 11: Model checking for Computation Tree

Hoare Logic and Model Checking Model Checking Lecture 11: Model checking for Computation Tree Logic Dominic Mulligan Based on previous slides by Alan Mycroft and Mike Gordon Programming, Logic, and Semantics Group University of Cambridge

402 views • 25 slides
Software Verification with BLAST Model Checking Blast Motivation Rigorous Sofware Development

Software Verification with BLAST Model Checking Blast Motivation Rigorous Sofware Development

Software Verification with BLAST Daniele Sgandurra Introduction Software Verification with BLAST Model Checking Blast Motivation Rigorous Sofware Development via Model Checking Lazy Abstraction Reachability Tree Seminar Complete

970 views • 95 slides
Model Checking of Action-Based Concurrent Systems Radu Mateescu INRIA Rhne-Alpes / VASY

Model Checking of Action-Based Concurrent Systems Radu Mateescu INRIA Rhne-Alpes / VASY

Model Checking of Action-Based Concurrent Systems Radu Mateescu INRIA Rhne-Alpes / VASY http://www.inrialpes.fr/vasy Why formal verification? Therac-25 radiotherapy Ariane-5 launch Mars climate orbiter accidents (1985-1987) failure

1.16k views • 115 slides
Week-1: Introduction to model checking B. Srivathsan Chennai Mathematical Institute NPTEL-course

Week-1: Introduction to model checking B. Srivathsan Chennai Mathematical Institute NPTEL-course

Week-1: Introduction to model checking B. Srivathsan Chennai Mathematical Institute NPTEL-course July - November 2015 1 / 30 Module 4: Modeling concurrent systems 2 / 30 Concurrent systems Independent Shared variables Shared actions 3 / 30

844 views • 67 slides
Model Checking Continuous-Time Markov Chains Joost-Pieter Katoen Software Modeling and

Model Checking Continuous-Time Markov Chains Joost-Pieter Katoen Software Modeling and

Model Checking Continuous-Time Markov Chains Joost-Pieter Katoen Software Modeling and Verification Group RWTH Aachen University associated to University of Twente, Formal Methods and Tools Lecture at Quantitative Model Checking School, March

672 views • 66 slides
Model Checking Continuous-Time Markov Chains Joost-Pieter Katoen Software Modeling and

Model Checking Continuous-Time Markov Chains Joost-Pieter Katoen Software Modeling and

Model Checking Continuous-Time Markov Chains Joost-Pieter Katoen Software Modeling and Verification Group RWTH Aachen University associated to University of Twente, Formal Methods and Tools Lecture at Quantitative Model Checking School, March

638 views • 45 slides
Tractable Refinement Checking for Concurrent Objects Constantin Enea LIAFA, CNRS &amp;

Tractable Refinement Checking for Concurrent Objects Constantin Enea LIAFA, CNRS &amp;

Tractable Refinement Checking for Concurrent Objects Constantin Enea LIAFA, CNRS &amp; University Paris Diderot - Paris 7 joint work with Ahmed Bouajjani, Michael Emmi, Jad Hamza Concurrent objects Concurrent Object call (push, pop, )

442 views • 25 slides

More recommend