Model Checking of Parameterized Systems on Weak Memory David Declerck Laboratoire de Recherche en Informatique Universit´ e Paris-Sud October 3rd, 2017 Work supported by French ANR project PARDI (DS0703) David Declerck A Backward Reachability Algorithm for Parameterized Systems on Weak Memory
Weak Memory ◮ order of memory access � = interleaving of memory instructions ◮ we choose a TSO-like model ◮ reorderings can be prevented using fences ◮ harder to reason about concurrent programs Shared Memory Write buffer ... ... P 1 P 2 P n − 1 P n David Declerck A Backward Reachability Algorithm for Parameterized Systems on Weak Memory 1 / 4
Parameterized Systems ◮ concurrent systems ◮ unbounded number of processes ◮ unbounded process-indexed arrays Example : naive mutual exclusion type loc = Idle | Want | Crit transition t req ([ p ]) array PC[ proc ] : loc requires { PC[ p ] = Idle } weak array X[ proc ] : bool { PC[ p ] := Want; X[ p ] := True } init ( p ) { PC[ p ] = Idle transition t enter ([ p ]) && X[ p ] = False } requires { PC[ p ] = Want && fence ( p ) && forall other p . X[ p ] = False } unsafe ( p1 p2 ) { PC[ p1 ] = Crit { PC[ p ] := Crit } && PC[ p2 ] = Crit } David Declerck A Backward Reachability Algorithm for Parameterized Systems on Weak Memory 2 / 4
Our approach Base framework : ◮ Model Checking Modulo Theories ◮ check safety properties of parameterized systems ◮ assumes a sequentially consistent memory ◮ relies on a backward reachability algorithm Our extension : ◮ add TSO reasoning using an axiomatic model ◮ maps memory instructions to read/write events ◮ builds a global happens-before relation over events David Declerck A Backward Reachability Algorithm for Parameterized Systems on Weak Memory 3 / 4
Backward Reachability Example PC [# 1 ] = Crit ∧ PC [# 2 ] = Crit David Declerck A Backward Reachability Algorithm for Parameterized Systems on Weak Memory 4 / 4
Backward Reachability Example PC [# 1 ] = Crit ∧ PC [# 2 ] = Want Rd X ( e 1 , # 2 , # 1 ) ∧ Val ( e 1 ) = ⊥ fence (# 2 , e 1 ) t enter (# 2 ) PC [# 1 ] = Crit ∧ PC [# 2 ] = Crit David Declerck A Backward Reachability Algorithm for Parameterized Systems on Weak Memory 4 / 4
Backward Reachability Example PC [# 1 ] = Want ∧ PC [# 2 ] = Want Rd X ( e 1 , # 2 , # 1 ) ∧ Val ( e 1 ) = ⊥ Rd X ( e 2 , # 1 , # 2 ) ∧ Val ( e 2 ) = ⊥ fence (# 2 , e 1 ) ∧ fence (# 1 , e 2 ) t enter (# 1 ) PC [# 1 ] = Crit ∧ PC [# 2 ] = Want Rd X ( e 1 , # 2 , # 1 ) ∧ Val ( e 1 ) = ⊥ fence (# 2 , e 1 ) t enter (# 2 ) PC [# 1 ] = Crit ∧ PC [# 2 ] = Crit David Declerck A Backward Reachability Algorithm for Parameterized Systems on Weak Memory 4 / 4
Backward Reachability Example PC [# 1 ] = Want ∧ PC [# 2 ] = Idle Rd X ( e 1 , # 2 , # 1 ) ∧ Val ( e 1 ) = ⊥ Rd X ( e 2 , # 1 , # 2 ) ∧ Val ( e 2 ) = ⊥ Wr X ( e 3 , # 2 , # 2 ) ∧ Val ( e 3 ) = ⊤ fence (# 2 , e 1 ) ∧ fence (# 1 , e 2 ) t req (# 2 ) ghb ( e 3 , e 1 ) Val ( e 2 ) = Val ( e 3 ) PC [# 1 ] = Want ∧ PC [# 2 ] = Want Rd X ( e 1 , # 2 , # 1 ) ∧ Val ( e 1 ) = ⊥ Rd X ( e 2 , # 1 , # 2 ) ∧ Val ( e 2 ) = ⊥ fence (# 2 , e 1 ) ∧ fence (# 1 , e 2 ) t enter (# 1 ) PC [# 1 ] = Crit ∧ PC [# 2 ] = Want Rd X ( e 1 , # 2 , # 1 ) ∧ Val ( e 1 ) = ⊥ fence (# 2 , e 1 ) t enter (# 2 ) PC [# 1 ] = Crit ∧ PC [# 2 ] = Crit David Declerck A Backward Reachability Algorithm for Parameterized Systems on Weak Memory 4 / 4
Backward Reachability Example PC [# 1 ] = Want ∧ PC [# 2 ] = Idle Rd X ( e 1 , # 2 , # 1 ) ∧ Val ( e 1 ) = ⊥ Rd X ( e 2 , # 1 , # 2 ) ∧ Val ( e 2 ) = ⊥ Wr X ( e 3 , # 2 , # 2 ) ∧ Val ( e 3 ) = ⊤ fence (# 2 , e 1 ) ∧ fence (# 1 , e 2 ) t req (# 2 ) ghb ( e 3 , e 1 ) Val ( e 2 ) = Val ( e 3 ) PC [# 1 ] = Want ∧ PC [# 2 ] = Want Rd X ( e 1 , # 2 , # 1 ) ∧ Val ( e 1 ) = ⊥ Rd X ( e 2 , # 1 , # 2 ) ∧ Val ( e 2 ) = ⊥ fence (# 2 , e 1 ) ∧ fence (# 1 , e 2 ) t enter (# 1 ) PC [# 1 ] = Crit ∧ PC [# 2 ] = Want Rd X ( e 1 , # 2 , # 1 ) ∧ Val ( e 1 ) = ⊥ fence (# 2 , e 1 ) t enter (# 2 ) PC [# 1 ] = Crit ∧ PC [# 2 ] = Crit David Declerck A Backward Reachability Algorithm for Parameterized Systems on Weak Memory 4 / 4
Backward Reachability Example PC [# 1 ] = Want ∧ PC [# 2 ] = Idle PC [# 1 ] = Want ∧ PC [# 2 ] = Idle Rd X ( e 1 , # 2 , # 1 ) ∧ Val ( e 1 ) = ⊥ Rd X ( e 1 , # 2 , # 1 ) ∧ Val ( e 1 ) = ⊥ Rd X ( e 2 , # 1 , # 2 ) ∧ Val ( e 2 ) = ⊥ Rd X ( e 2 , # 1 , # 2 ) ∧ Val ( e 2 ) = ⊥ Wr X ( e 3 , # 2 , # 2 ) ∧ Val ( e 3 ) = ⊤ Wr X ( e 3 , # 2 , # 2 ) fence (# 2 , e 1 ) ∧ fence (# 1 , e 2 ) fence (# 2 , e 1 ) ∧ fence (# 1 , e 2 ) t req (# 2 ) ghb ( e 3 , e 1 ) ghb ( e 3 , e 1 ) Val ( e 2 ) = Val ( e 3 ) PC [# 1 ] = Want ∧ PC [# 2 ] = Want Rd X ( e 1 , # 2 , # 1 ) ∧ Val ( e 1 ) = ⊥ Rd X ( e 2 , # 1 , # 2 ) ∧ Val ( e 2 ) = ⊥ fence (# 2 , e 1 ) ∧ fence (# 1 , e 2 ) t enter (# 1 ) PC [# 1 ] = Crit ∧ PC [# 2 ] = Want Rd X ( e 1 , # 2 , # 1 ) ∧ Val ( e 1 ) = ⊥ fence (# 2 , e 1 ) t enter (# 2 ) PC [# 1 ] = Crit ∧ PC [# 2 ] = Crit David Declerck A Backward Reachability Algorithm for Parameterized Systems on Weak Memory 4 / 4
Recommend
More recommend