1 / 25

Context-Bounded Analysis of Concurrent Queue Systems

Context-Bounded Analysis of Concurrent Queue Systems. Gennaro Parlato University of Illinois at Urbana-Champaign Università degli Studi di Salerno Salvatore La Torre (U. Salerno) P. Madhusudan (U. Illinois U-C). Queue Systems. Architecture A node is a process: Finite control

ama
Télécharger la présentation

Context-Bounded Analysis of Concurrent Queue Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Context-Bounded Analysis of Concurrent Queue Systems Gennaro Parlato University of Illinois at Urbana-Champaign Università degli Studi di Salerno Salvatore La Torre (U. Salerno) P. Madhusudan (U. Illinois U-C)

  2. Queue Systems • Architecture • A node is a process: • Finite control • Recursive (call-stack) • An edge is a FIFO channel • Unbounded capacity queue • Finite message alphabet • Finite shared memory shared memory p2 p1 Self-loops not allowed!

  3. finite unbounded Queue Systems • A configuration C = ( LS1, ...,LSn, SM, St1, ..., Stn, Q1, ..., Qm) • LSi= local states SM = shared memory Sti= stack content of process pi Qi= content of queue i • An action for a process pi: • internal (changes LSi/ SM ) • push or pop from its own stack • send or receive a message from a queue

  4. A natural model • Asynchronous or event-driven programs • Multi-core systems • Libasync-smp (Zeldovich et al, USENIX’03) • Single-processor systems (e.g. Java, web service design) • Callbacks • NesC(Gay et al, PLDI’03) • Distributed systems communicating via FIFO message channels • Distributed communication protocols

  5. Model-Check Queue Systems • Reachability problem for queue systems Given a set of global control states T, is any state in T reachable? • Reachability is undecidable • Weakening the model to tackle undecidability • Lossy channels (Abdulla-Jonsson, LICS’93) • Model queues as bags (Sen-Viswanathan, CAV’06) (Jhala-Majumdar, POPL’07) • Our contribution: a new way to curb undecidability where queues are modeled accurately

  6. Bounded context-switch reachability • In a context • only one process evolves • dequeue only from one queue • it can enqueue on all outgoing queues • Well-queuing (for recursive processes) • Dequeue only when stack is empty • Bounded context-switch reachability problem Given • kN • a set of global control states T, Is T reachable within k context-switches?

  7. Context-Bounded analysis for concurrent systems • Introduced by • Context-Bounded Model Checking of Concurrent Software (Qadeer-Rehof, TACAS’05) • Experimental results: Large state coverage with few contexts • Iterative context bounding for systematic testing of multithreaded programs (Musuvathi-Qadeer, PLDI’07) • CHESS at MSR • Context-bounded analysis for otherwise intractable systems • Reachability Analysis of Multithreaded Software with Asynchronous Communication (Bouajjani-Esparza-Kiefer-Schwoon, FSTTCS’05) • Context-Bounded Analysis of Multithreaded Programs with Dynamic Linked Structures (Bouajjani-Fratani-Qadeer, CAV’07) • A Robust Class of Context-Sensitive Languages (La Torre-P.Madhusudan-Parlato, LICS’07)

  8. Our Results • Bounded Context-Switch Reachability is decidable • for non-recursive queuing processes • for well-queuing recursive processes • Precise characterization of architectures that admit a decidable (unbounded) reachability problem • with shared memory is undecidable for simple architectures) • no shared memory & well-queuing recursive: directed forest architectures • no shared memory & non recursive: underlyingundirected graph is a forest • Decidability: reduction to BCS reachability problem

  9. Outline of the talk • Overview • Solving Bounded Context-Switch Reachability • Unbounded context-switching reachability: Precise characterization of decidable architectures • Conclusions

  10. Bounded-phase multi-stack pushdown automata[La Torre, P.Madhusudan, Parlato, LICS’07)] phase-switch phase-switch RUN phase phase phase • Finite set of states Q • An initial state qoQ • Actions: • internal move • push onto one stack • pop from one stack • Bounded-Phase Reachability Problem • Given • k N • a set of control states T, • is any state of T reachable with at most k phases? • Theorem • Bounded-phase reachability is decidable. • Complexity: • time exponential in Q • double-exponential in k. finite control • Multiply nested structures • MSO on multiply nested structures to MSO on trees • Quite complex proof A phase is a sub-run where only • A unique stack can be popped • all stacks can be pushed onto

  11. Bounded context-switch reachability for Non-Recursive processes • Theorem • The bounded context-switch reachability for non-recursive QS • is decidable • Complexity: • 2-Exptime in the number of context-switches • Exptime in the size of the system Proof. Reduction to bounded-phase reachability for multi-stack systems. …. 

  12. Proof (non-recursive case) We define a MSPS that simulates the QS Simulation • of a context • Sending m to queue q  push onto stq • Receiving m from q  pop from red stack • of a context-switch (p,q)  (p’,q’) • Reverse stack q • Reverse stack q’

  13. Proof (recursive case) Simulate incoming queue and call-stack using a single stack! (exploit well-queuing assumption)

  14. with only 2 context-switches Removing conditions gives undecidability • BCS reachability is undecidable for non well-queuing recursive processes • BCS reachability is undecidable if we allow to dequeuing from two queues in the same context q1 p1 p3 p2 q2

  15. Outline of the talk • Overview • Solving Bounded Context-Switch Reachability • Unbounded context-switching reachability: Precise characterization of decidable architectures • Conclusions

  16. Decidable Architectures with shared memory is undecidable With shared memory reachability is undecidable even for simple architectures: (reduction from the membership problem for Turing machines ) • Non-recursive: • Two non-recursive processes • One queue • Recursive • Two recursive processes • No queues p1 p2 p1 p2 s1 s2

  17. Decidable Architectures recursive processes & no shared memory Theorem: An architecture admits decidable reachability for well-queuing QSs with no shared memory iff it is a directed forest Complexity • in 2-Exptime in the number of processes • in Exptime in the size of the QS

  18. p1 p2 p5 p3 p4 Decidable Architecturesrecursive processes & no shared memory Reachability is decidable on directed forests • reduction to bounded context-switch reachability • Fix an order over the processes such that p > parent(p) p1, p2, p3, p4, p5 • In the context i process pi evolves

  19. p1 q1 q1 q p3 p1 p2 p2 q2 p p’ q2 • Precise characterization • Recursive processes • No shared memory • directed forests Undecidable Architectures recursive processes & no shared memory • Reachability is undecidable for all other architectures. • Reduction from the emptiness of the intersection of two CFLs • reduction from the membership problem for Turing machines • (even for non-recursive)

  20. Decidable Architectures non-recursive processes & no shared memory Theorem: An architecture admits decidable reachability for non-recursive QSs with no shared memory iff the undirected architecture graph is a forest Complexity: Pspace-complete

  21. Decidable Architectures non-recursive processes & no shared memory Reachability is decidable when the undirected underlying graph is a forest • Algorithm • Reverse edges • Solvable using bounded context-switch reachability • Better solution • bounded size queue (1 message) • leads to a Pspace procedure • Complexity: • Pspace-complete q p1 p2 p2 q p1

  22. p1 p2 Undecidable Architecturesnon-recursive processes & no shared memory Reachability is undecidable when the undirected underlying graph there is a cycle • Precise characterization • Non-recursive processes • No shared memory • undirected architecture graph is a forest p1 p2

  23. Outline of the talk • Overview • Solving Bounded Context-Switch Reachability • Unbounded context-switching reachability: Precise characterization of decidable architectures • Conclusions

  24. Conclusions • Bounded Context-Switch Reachability decidable in 2-EXPTIME • Unbounded context-switching reachability: Precise characterization of decidable architectures Well-queuing Recursive processes Non-Recursive processes Shared Memory No Shared Memory

  25. A Future Direction Practical algorithm for - non recursive processes - no-shared memory • undirected forest architectures • We proposed a Pspace algorithm • Each queue can be considered only of bounded size (one message) • This can be modeled as a finite state transition system • Implementations using standard model checkers (like NuSMV) Approximate schemes to solve bounded context switching reachability for recursive queue systems - a la [Jhala-Majumdar,POPL07] for [Sen-Viswanathan:CAV06]

More Related