1 / 25

Reducing Context-bounded Concurrent Reachability to Sequential Reachability

Reducing Context-bounded Concurrent Reachability to Sequential Reachability. Gennaro Parlato University of Illinois at Urbana-Champaign Salvatore La Torre (U. Salerno, Italy) P. Madhusudan (U . Illinois U.-C., U.S.A.). What is this talk about?.

salbrecht
Télécharger la présentation

Reducing Context-bounded Concurrent Reachability to Sequential Reachability

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Reducing Context-bounded Concurrent Reachability to Sequential Reachability Gennaro Parlato University of Illinois at Urbana-Champaign Salvatore La Torre (U. Salerno, Italy) P. Madhusudan (U . Illinois U.-C., U.S.A.)

  2. What is this talk about? • Translation from concurrent recursive programs to sequential programs that preserves reachability • Use existing technique for sequential programs to analyze concurrent programs • Model checkers, Deductive verification, … shared vars Seq. program T1 T2 Tn …

  3. From concurrent to sequential • Always possible but can be inefficient • simulate the global behavior (track all locals of each thread) • current techniques do not work • What do we want? • avoid the extreme blow-up • track at any point only the locals of one thread • What we want is not always possible • But is possible • restricted : bounded context-switching reahability [Quadeer,Wu, PLDI’04] • errors manifest within few contest-switches [Musuvathi, Qadeer, PLDI’07]

  4. Concurrent programs • fixed number of (recursive) threads running in parallel • each thread Ti has its own local variables • threads communicate through shared variables shared vars T1 T2 Tn loc loc loc …

  5. Anatomy of a k-CS execution T2 T1 (l’1,s1) (l, s1) (l’2,s2) (l, s2)

  6. A transformation already exists • [Lal, Reps CAV’08] T2 T1 Sequential program • Execute T1 to completion • Remember s1, s2,…, sk • Execute T2 to completion s1 (l1,s1) s2 store s1 guess s2 s3 (l1,s2) (l2,s3) s4 store s3 guess s4 s5 (l2,s4) (l3,s5) store s5

  7. A transformation already exists • [Lal, Reps CAV’08] T2 T1 Sequential program • Execute T1 to completion • Remember s1, s2,…, sk • Execute T2 to completion (l’1,s1) s2-> s3 (l’2,s2) s1 s2 (l’2,s3) s4-> s5 (l’3,s4) s3 (l’3,s5) s4 s5

  8. A transformation already exists • [Lal, Reps CAV’08] T2 T1 s2 is guessed s2 may be unreachable EAGER s1 s2 s3 s4 s5

  9. blocked=true blocked=false guess y=0 Eager transformation: disadvantages // shared variables bool blocked=true; int x=0, y=0; Inv: y != 0 void thread1() { while (blocked) skip; x = x/y; if (x%2==1) ERROR; } void thread2() { x=12; y=2; //unblock thread2 blocked=false; }

  10. We want a lazy transformation The lazy sequential program explores only reachable states of the concurrent program Why is it desirable? • In model-checking it can drastically reduce the explored state-space • Better invariants for deductive verification • A lazy transformation to sequential programs was not known

  11. Our contribution • Lazy transformation from concurrent to sequential programs that reduces the k context-switches reachability problem • Model-checking • Lazy => unreachable states not explored • Implementation of translation for Boolean programs • Evaluation on a Bluetooth device driver

  12. Lazy transformation

  13. Lazy transformation: main idea • Execute T1 • Context-switch: store s1and abort • Execute T2 from s1 • store s2and abort T1 T2 (l’1,s1) (l0,s0) (l1,s1) (l’2,s2) store s1 & abort store s2 & abort

  14. Lazy transformation: main idea • Re-execute T1 till it reaches s1 • May reach a new local state! • But is anyway correct !! T1 T2 (l’1,s1) (l0,s0) (l1,s1) (l’2,s2) store s1 & abort (l’’1,s1) store s2 & abort (l’’1,s2) store s3 & abort

  15. Lazy transformation: main idea • Switch to T2 • Execute till it reaches s2 • Continue computation T1 T2 (l’1,s1) (l0,s0) (l1,s1) (l’2,s2) store s1 & abort (l’’’1,s2) (l’’1,s1) store s2 & abort (l’’1,s2) (l’’’1,s3) store s4 & abort store s3 & abort

  16. Lazy transformation: main idea T1 T2 s1 s1 s2 s3 s2 store s1 store s2 s4 s3 s5 s4 store s4 store s3 store s5 end

  17. Lazy translation scheme Output is a sequential program consisting of: main() Thread1() Thread2()

  18. Lazy translation scheme • Guess scheduling • Orchestrate calls to threads Output is a sequential program consisting of: main() Thread1() stmt1; stmt2; Thread2() • Nondet jump to next context where this thread is active • At last context-switch, store shared state, abort, and return to main

  19. Reduction of bounded context-switch reachability Theorem: Let C be a concurrent program, k>0 and pc be a program counter of C pc is reachable in C within k context switches iff pc is reachable in SeqProgk(C)

  20. Lazy translation • Explores only reachable states • Preserves invariants across the translation • Tracks local state of one thread at any time • Tracks values of shared variables at context switches (s1, s2, …, sk) • Requires recomputation of local states

  21. Experiments

  22. Model checking concurrent Boolean programs • Boolean programs • Concurrent Boolean programs Boolean programs • We have implemented the eager and lazy translator for concurrent Boolean programs • Download: http://www.cs.uiuc.edu/~madhu/getafix/cbp2bp • Eager => explores unreachable states • Lazy => explores only reachable states

  23. Experiments: Windows NT Bluetooth driver

  24. Related Work • KISS project [Qadeer-Wu,PLDI’04] • Decidability of context-bounded analysis [Qadeer-Rehof,TACAS05] • Automata-based symbolic solution [Suwimonteerabuth-Esparza-Schwoon,SPIN’08]] • Symbolic fixed-point solution to lazy computation of reachable states [La Torre-Madhusudan-Parlato,PLDI’09] • Eager translation and symbolic algorithm to compute reachable states lazily [Lal-Reps,CAV’08] • Translation for deductive verification [Lahiri-Qadeer-Rakamaric, CAV09] next talk!!

  25. Future work We have a lazy transformation for unbounded number of threads!!!

More Related