Verification of Parameterized Concurrent Programs By Modular Reasoning about Data and Control Zachary Kincaid Azadeh Farzan University of Toronto January 18, 2013 Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, 2013 1 / 22
Parameterized concurrent programs Goal Compute numerical invariants (e.g. intervals, octagons, polyhedra) for parameterized concurrent programs. Solution: annotation ι such that if some thread T ’s program counter is at v , then ι ( v ) holds over the globals & locals of T . Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, 2013 2 / 22
Parameterized concurrent programs Goal Compute numerical invariants (e.g. intervals, octagons, polyhedra) for parameterized concurrent programs. Solution: annotation ι such that if some thread T ’s program counter is at v , then ι ( v ) holds over the globals & locals of T . Our program model has: • Unbounded concurrency : program is the parallel composition of n copies of some thread T , where n is a parameter • Invariants must be sound for all n Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, 2013 2 / 22
Parameterized concurrent programs Goal Compute numerical invariants (e.g. intervals, octagons, polyhedra) for parameterized concurrent programs. Solution: annotation ι such that if some thread T ’s program counter is at v , then ι ( v ) holds over the globals & locals of T . Our program model has: • Unbounded concurrency : program is the parallel composition of n copies of some thread T , where n is a parameter • Invariants must be sound for all n • Unbounded data domains Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, 2013 2 / 22
Parameterized concurrent programs Goal Compute numerical invariants (e.g. intervals, octagons, polyhedra) for parameterized concurrent programs. Solution: annotation ι such that if some thread T ’s program counter is at v , then ι ( v ) holds over the globals & locals of T . Our program model has: • Unbounded concurrency : program is the parallel composition of n copies of some thread T , where n is a parameter • Invariants must be sound for all n • Unbounded data domains Natural model for device drivers, file systems, client/server-type programs, ... Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, 2013 2 / 22
Contributions 1 We develop an attack on the parameterized verification problem based on separating it into a data module and a control module • Data module computes numerical invariants • Control module computes a program model Data module Control module Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, 2013 3 / 22
Contributions 1 We develop an attack on the parameterized verification problem based on separating it into a data module and a control module • Data module computes numerical invariants • Control module computes a program model Data module Control module 2 We propose data flow graphs as a program representation for (parameterized) concurrent programs Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, 2013 3 / 22
Contributions 1 We develop an attack on the parameterized verification problem based on separating it into a data module and a control module • Data module computes numerical invariants • Control module computes a program model Data module Control module 2 We propose data flow graphs as a program representation for (parameterized) concurrent programs 3 We give a semicompositional algorithm for constructing data flow graphs Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, 2013 3 / 22
Contributions 1 We develop an attack on the parameterized verification problem based on separating it into a data module and a control module • Data module computes numerical invariants • Control module computes a program model Data module Control module 2 We propose data flow graphs as a program representation for (parameterized) concurrent programs 3 We give a semicompositional algorithm for constructing data flow graphs Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, 2013 3 / 22
Sequential program analysis • Flow analysis: solve a system of equations valued over some abstract domain • For sequential programs, equations come from the control flow graph: IN ( t ) = ⊤ OUT ( t ) = � t � ( IN ( t )) t IN ( u ) = OUT ( t ) ∨ OUT ( w ) OUT ( u ) = � u � ( IN ( u )) IN ( v ) = OUT ( t ) u v OUT ( v ) = � v � ( IN ( v )) IN ( w ) = OUT ( u ) ∨ OUT ( v ) w OUT ( w ) = � w � ( IN ( w )) Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, 2013 4 / 22
Sequential program analysis • Flow analysis: solve a system of equations valued over some abstract domain • For sequential programs, equations come from the control flow graph: IN ( t ) = ⊤ OUT ( t ) = � t � ( IN ( t )) t IN ( u ) = OUT ( t ) ∨ OUT ( w ) OUT ( u ) = � u � ( IN ( u )) IN ( v ) = OUT ( t ) u v OUT ( v ) = � v � ( IN ( v )) IN ( w ) = OUT ( u ) ∨ OUT ( v ) w OUT ( w ) = � w � ( IN ( w )) • How about parameterized programs? Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, 2013 4 / 22
Data flow Represent data flow , not control flow: ABC x := x + 1 y := 1 x := x + y x := -x Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, 2013 5 / 22
Data flow Represent data flow , not control flow: ABC x := x + 1 x y := 1 y x := x + y x x := -x Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, 2013 5 / 22
Data flow Represent data flow , not control flow: ABC uninit y x y x := x + 1 x x y := 1 y y x := x + y x x := -x Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, 2013 5 / 22
Why data flow? Invariant: x = 0 y := 0 acquire(lock) acquire(lock) Break invariant x := 1 x ? Restore invariant assert(x = 0) x := 0 release(lock) release(lock) Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, 2013 6 / 22
Data flow graphs A DFG for a program P is a directed graph P ♯ = � Loc, →� , where • →⊆ Loc × V ars × Loc is a set of directed edges labeled by program variables x x := x + y x := x + 1 • Loc contains a distinguished uninit vertex • Note: # of vertices does not depend on # of threads Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, 2013 7 / 22
Representing traces • A program is represented by a DFG P ♯ if all its feasible traces are represented by P ♯ . Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, 2013 8 / 22
Representing traces • A program is represented by a DFG P ♯ if all its feasible traces are represented by P ♯ . • A trace is represented by a DFG P ♯ if all data flow edges it witnesses belong to P ♯ Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, 2013 8 / 22
Representing traces • A program is represented by a DFG P ♯ if all its feasible traces are represented by P ♯ . • A trace is represented by a DFG P ♯ if all data flow edges it witnesses belong to P ♯ • A trace witnesses a data flow u → x v iff it is of the form: Thread n executes u , u modifies x Thread m at v � T n , u � No modifications to x ( x local ⇒ requires n = m ) Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, 2013 8 / 22
Representing traces • A program is represented by a DFG P ♯ if all its feasible traces are represented by P ♯ . • A trace is represented by a DFG P ♯ if all data flow edges it witnesses belong to P ♯ • A trace witnesses a data flow u → x v iff it is of the form: ABC uninit y x Thread n executes u , u modifies x y x := x + 1 Thread m at v x � T n , u � x y := 1 No modifications to x y ( x local ⇒ requires n = m ) y x := x + y x x := -x Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, 2013 8 / 22
Computing invariants with DFGs • DFGs induce a set of equations: � IN ( v ) x = ∃ ( V ars \ { x } ) .OUT ( u ) u → xv � IN ( v ) = IN ( v ) x x ∈ V ar OUT ( v ) = � v � ( IN ( v )) • Define an inductive annotation to be a solution to these equations. Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, 2013 9 / 22
Computing invariants with DFGs • DFGs induce a set of equations: � IN ( v ) x = ∃ ( V ars \ { x } ) .OUT ( u ) u → xv � IN ( v ) = IN ( v ) x x ∈ V ar OUT ( v ) = � v � ( IN ( v )) • Define an inductive annotation to be a solution to these equations. Theorem (DFG soundness) If σ is a trace represented by a DFG P ♯ , and ι is an inductive annotation for P ♯ , then ι safely approximates the states reached by σ . Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, 2013 9 / 22
Overview Data module Control module Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, 2013 10 / 22
Overview Data module Control module Z. Kincaid (U. Toronto) Modular Reasoning about Data and Control January 18, 2013 10 / 22
Recommend
More recommend