![Page 1: Invariant Generation for Parametrized Systems using Self ...software.imdea.org/~asanchez/talks/2014-cav.pdf · LEAP A Tool for the Parametrized Veri cation of Concurrent Datatypes](https://reader034.vdocuments.us/reader034/viewer/2022042321/5f0ac76c7e708231d42d4c9a/html5/thumbnails/1.jpg)
LEAPA Tool for the Parametrized Verification
of Concurrent Datatypes
1IMDEA Software Institute, Spain
CAV’14, Vienna, 21 July 2014
2Institute for Information Security (CSIC), Spain
Alejandro Sanchez1 Cesar Sanchez1,2
![Page 2: Invariant Generation for Parametrized Systems using Self ...software.imdea.org/~asanchez/talks/2014-cav.pdf · LEAP A Tool for the Parametrized Veri cation of Concurrent Datatypes](https://reader034.vdocuments.us/reader034/viewer/2022042321/5f0ac76c7e708231d42d4c9a/html5/thumbnails/2.jpg)
LEAP: Objectives
![Page 3: Invariant Generation for Parametrized Systems using Self ...software.imdea.org/~asanchez/talks/2014-cav.pdf · LEAP A Tool for the Parametrized Veri cation of Concurrent Datatypes](https://reader034.vdocuments.us/reader034/viewer/2022042321/5f0ac76c7e708231d42d4c9a/html5/thumbnails/3.jpg)
LEAP: Objectives
0
3
12
46 5
∞0
21
34
56
∞
Temporal Properties
![Page 4: Invariant Generation for Parametrized Systems using Self ...software.imdea.org/~asanchez/talks/2014-cav.pdf · LEAP A Tool for the Parametrized Veri cation of Concurrent Datatypes](https://reader034.vdocuments.us/reader034/viewer/2022042321/5f0ac76c7e708231d42d4c9a/html5/thumbnails/4.jpg)
LEAP: Objectives
Concurrent Datatypes
0
3
12
46 5
∞0
21
34
56
∞
Temporal Properties
![Page 5: Invariant Generation for Parametrized Systems using Self ...software.imdea.org/~asanchez/talks/2014-cav.pdf · LEAP A Tool for the Parametrized Veri cation of Concurrent Datatypes](https://reader034.vdocuments.us/reader034/viewer/2022042321/5f0ac76c7e708231d42d4c9a/html5/thumbnails/5.jpg)
LEAP: Objectives
Concurrent Datatypes
True
False
42
5
0
3
12
46 5
∞0
21
34
56
∞
32
Temporal Properties
![Page 6: Invariant Generation for Parametrized Systems using Self ...software.imdea.org/~asanchez/talks/2014-cav.pdf · LEAP A Tool for the Parametrized Veri cation of Concurrent Datatypes](https://reader034.vdocuments.us/reader034/viewer/2022042321/5f0ac76c7e708231d42d4c9a/html5/thumbnails/6.jpg)
LEAP: Objectives
Concurrent Datatypes
True
False
42
5
0
3
12
46 5
∞0
21
34
56
∞
32
Temporal Properties
![Page 7: Invariant Generation for Parametrized Systems using Self ...software.imdea.org/~asanchez/talks/2014-cav.pdf · LEAP A Tool for the Parametrized Veri cation of Concurrent Datatypes](https://reader034.vdocuments.us/reader034/viewer/2022042321/5f0ac76c7e708231d42d4c9a/html5/thumbnails/7.jpg)
LEAP: Objectives
Concurrent Datatypes
Parametrized Verification
True
False
42
5
0
3
12
46 5
∞0
21
34
56
∞
32
Temporal Properties
![Page 8: Invariant Generation for Parametrized Systems using Self ...software.imdea.org/~asanchez/talks/2014-cav.pdf · LEAP A Tool for the Parametrized Veri cation of Concurrent Datatypes](https://reader034.vdocuments.us/reader034/viewer/2022042321/5f0ac76c7e708231d42d4c9a/html5/thumbnails/8.jpg)
LEAP: Objectives
Concurrent Datatypes
Parametrized Verification
True
False
42
5
0
3
12
46 5
∞0
21
34
56
∞
32
Deductivemethods
+Decision
procedures
Temporal Properties
![Page 9: Invariant Generation for Parametrized Systems using Self ...software.imdea.org/~asanchez/talks/2014-cav.pdf · LEAP A Tool for the Parametrized Veri cation of Concurrent Datatypes](https://reader034.vdocuments.us/reader034/viewer/2022042321/5f0ac76c7e708231d42d4c9a/html5/thumbnails/9.jpg)
LEAP: Description
I Deductive theorem prover
I Designed to verify concurrent datatypes
I Aims verification of temporal properties
I Specific for parametrized systems
I Targets both safety and liveness verification
I Automation based on decision procedures
I Built on top of state-of-the-art SMT solvers
![Page 10: Invariant Generation for Parametrized Systems using Self ...software.imdea.org/~asanchez/talks/2014-cav.pdf · LEAP A Tool for the Parametrized Veri cation of Concurrent Datatypes](https://reader034.vdocuments.us/reader034/viewer/2022042321/5f0ac76c7e708231d42d4c9a/html5/thumbnails/10.jpg)
LEAP: Structure
LEAP
![Page 11: Invariant Generation for Parametrized Systems using Self ...software.imdea.org/~asanchez/talks/2014-cav.pdf · LEAP A Tool for the Parametrized Veri cation of Concurrent Datatypes](https://reader034.vdocuments.us/reader034/viewer/2022042321/5f0ac76c7e708231d42d4c9a/html5/thumbnails/11.jpg)
LEAP: Structure
globaladdr head, tail; ghost addrSet region;
procedure insert (e:elem)addr prev, curr, aux;
begin1: prev := head;2: prev->lock;3: curr := prev->next;4: curr->lock;5: while curr->data < e do
......
......6: end while7: if curr != null /\curr->data > e then8: aux := malloc(e,null,#);9: aux->next := curr;
:connect10: prev->next := aux
$region := region Union {aux};$11: end if
......12: return(inserted)
end procedure
Program
LEAP
Program Parser
14:
1:
4:5:
11:
13:
15:
16:
2:3:
12:
20:
![Page 12: Invariant Generation for Parametrized Systems using Self ...software.imdea.org/~asanchez/talks/2014-cav.pdf · LEAP A Tool for the Parametrized Veri cation of Concurrent Datatypes](https://reader034.vdocuments.us/reader034/viewer/2022042321/5f0ac76c7e708231d42d4c9a/html5/thumbnails/12.jpg)
LEAP: Structure
globaladdr head, tail; ghost addrSet region;
procedure insert (e:elem)addr prev, curr, aux;
begin1: prev := head;2: prev->lock;3: curr := prev->next;4: curr->lock;5: while curr->data < e do
......
......6: end while7: if curr != null /\curr->data > e then8: aux := malloc(e,null,#);9: aux->next := curr;
:connect10: prev->next := aux
$region := region Union {aux};$11: end if
......12: return(inserted)
end procedure
Program
LEAP
Program Parser
14:
1:
4:5:
11:
13:
15:
16:
2:3:
12:
20:
Conditionals, loops
![Page 13: Invariant Generation for Parametrized Systems using Self ...software.imdea.org/~asanchez/talks/2014-cav.pdf · LEAP A Tool for the Parametrized Veri cation of Concurrent Datatypes](https://reader034.vdocuments.us/reader034/viewer/2022042321/5f0ac76c7e708231d42d4c9a/html5/thumbnails/13.jpg)
LEAP: Structure
globaladdr head, tail; ghost addrSet region;
procedure insert (e:elem)addr prev, curr, aux;
begin1: prev := head;2: prev->lock;3: curr := prev->next;4: curr->lock;5: while curr->data < e do
......
......6: end while7: if curr != null /\curr->data > e then8: aux := malloc(e,null,#);9: aux->next := curr;
:connect10: prev->next := aux
$region := region Union {aux};$11: end if
......12: return(inserted)
end procedure
Program
LEAP
Program Parser
Pointers
14:
1:
4:5:
11:
13:
15:
16:
2:3:
12:
20:
Conditionals, loopsConditionals, loopsglobal
addr head, tail; ghost addrSet region;procedure insert (e:elem)
addr prev, curr, aux;begin
1: prev := head;2: prev->lock;3: curr := prev->next;4: curr->lock;5: while curr->data < e do
......
......6: end while7: if curr != null /\curr->data > e then8: aux := malloc(e,null,#);9: aux->next := curr;
:connect10: prev->next := aux
$region := region Union {aux};$11: end if
......12: return(inserted)
end procedure
14:
1:
4:5:
11:
13:
15:
16:
2:3:
12:
20:
![Page 14: Invariant Generation for Parametrized Systems using Self ...software.imdea.org/~asanchez/talks/2014-cav.pdf · LEAP A Tool for the Parametrized Veri cation of Concurrent Datatypes](https://reader034.vdocuments.us/reader034/viewer/2022042321/5f0ac76c7e708231d42d4c9a/html5/thumbnails/14.jpg)
LEAP: Structure
globaladdr head, tail; ghost addrSet region;
procedure insert (e:elem)addr prev, curr, aux;
begin1: prev := head;2: prev->lock;3: curr := prev->next;4: curr->lock;5: while curr->data < e do
......
......6: end while7: if curr != null /\curr->data > e then8: aux := malloc(e,null,#);9: aux->next := curr;
:connect10: prev->next := aux
$region := region Union {aux};$11: end if
......12: return(inserted)
end procedure
globaladdr head, tail; ghost addrSet region;
procedure insert (e:elem)addr prev, curr, aux;
begin1: prev := head;2: prev->lock;3: curr := prev->next;4: curr->lock;5: while curr->data < e do
......
......6: end while7: if curr != null /\curr->data > e then8: aux := malloc(e,null,#);9: aux->next := curr;
:connect10: prev->next := aux
$region := region Union {aux};$11: end if
......12: return(inserted)
end procedure
Program
LEAP
Function calls (no recursion)
Program Parser
Pointers
14:
1:
4:5:
11:
13:
15:
16:
2:3:
12:
20:
Conditionals, loopsConditionals, loops
Pointers
14:
1:
4:5:
11:
13:
15:
16:
2:3:
12:
20:
![Page 15: Invariant Generation for Parametrized Systems using Self ...software.imdea.org/~asanchez/talks/2014-cav.pdf · LEAP A Tool for the Parametrized Veri cation of Concurrent Datatypes](https://reader034.vdocuments.us/reader034/viewer/2022042321/5f0ac76c7e708231d42d4c9a/html5/thumbnails/15.jpg)
LEAP: Structure
globaladdr head, tail; ghost addrSet region;
procedure insert (e:elem)addr prev, curr, aux;
begin1: prev := head;2: prev->lock;3: curr := prev->next;4: curr->lock;5: while curr->data < e do
......
......6: end while7: if curr != null /\curr->data > e then8: aux := malloc(e,null,#);9: aux->next := curr;
:connect10: prev->next := aux
$region := region Union {aux};$11: end if
......12: return(inserted)
end procedure
Program
LEAP
Function calls (no recursion)
Program Parser
Pointers
Memory allocation
14:
1:
4:5:
11:
13:
15:
16:
2:3:
12:
20:
Conditionals, loopsConditionals, loops
PointersFunction calls (no recursion)
globaladdr head, tail; ghost addrSet region;
procedure insert (e:elem)addr prev, curr, aux;
begin1: prev := head;2: prev->lock;3: curr := prev->next;4: curr->lock;5: while curr->data < e do
......
......6: end while7: if curr != null /\curr->data > e then8: aux := malloc(e,null,#);9: aux->next := curr;
:connect10: prev->next := aux
$region := region Union {aux};$11: end if
......12: return(inserted)
end procedure
14:
1:
4:5:
11:
13:
15:
16:
2:3:
12:
20:
![Page 16: Invariant Generation for Parametrized Systems using Self ...software.imdea.org/~asanchez/talks/2014-cav.pdf · LEAP A Tool for the Parametrized Veri cation of Concurrent Datatypes](https://reader034.vdocuments.us/reader034/viewer/2022042321/5f0ac76c7e708231d42d4c9a/html5/thumbnails/16.jpg)
LEAP: Structure
globaladdr head, tail; ghost addrSet region;
procedure insert (e:elem)addr prev, curr, aux;
begin1: prev := head;2: prev->lock;3: curr := prev->next;4: curr->lock;5: while curr->data < e do
......
......6: end while7: if curr != null /\curr->data > e then8: aux := malloc(e,null,#);9: aux->next := curr;
:connect10: prev->next := aux
$region := region Union {aux};$11: end if
......12: return(inserted)
end procedure
Program
LEAP
Function calls (no recursion)
Program Parser
Pointers
Memory allocation
Atomic sections14:
1:
4:5:
11:
13:
15:
16:
2:3:
12:
20:
Conditionals, loopsConditionals, loops
PointersFunction calls (no recursion)
Memory allocation
![Page 17: Invariant Generation for Parametrized Systems using Self ...software.imdea.org/~asanchez/talks/2014-cav.pdf · LEAP A Tool for the Parametrized Veri cation of Concurrent Datatypes](https://reader034.vdocuments.us/reader034/viewer/2022042321/5f0ac76c7e708231d42d4c9a/html5/thumbnails/17.jpg)
LEAP: Structure
globaladdr head, tail; ghost addrSet region;
procedure insert (e:elem)addr prev, curr, aux;
begin1: prev := head;2: prev->lock;3: curr := prev->next;4: curr->lock;5: while curr->data < e do
......
......6: end while7: if curr != null /\curr->data > e then8: aux := malloc(e,null,#);9: aux->next := curr;
:connect10: prev->next := aux
$region := region Union {aux};$11: end if
......12: return(inserted)
end procedure
Ghost code
Program
LEAP
Function calls (no recursion)
Program Parser
Pointers
Memory allocation
Atomic sections14:
1:
4:5:
11:
13:
15:
16:
2:3:
12:
20:
Conditionals, loopsConditionals, loops
PointersFunction calls (no recursion)
Memory allocation
Atomic sections
globaladdr head, tail; ghost addrSet region;
procedure insert (e:elem)addr prev, curr, aux;
begin1: prev := head;2: prev->lock;3: curr := prev->next;4: curr->lock;5: while curr->data < e do
......
......6: end while7: if curr != null /\curr->data > e then8: aux := malloc(e,null,#);9: aux->next := curr;
:connect10: prev->next := aux
$region := region Union {aux};$11: end if
......12: return(inserted)
end procedure
14:
1:
4:5:
11:
13:
15:
16:
2:3:
12:
20:
![Page 18: Invariant Generation for Parametrized Systems using Self ...software.imdea.org/~asanchez/talks/2014-cav.pdf · LEAP A Tool for the Parametrized Veri cation of Concurrent Datatypes](https://reader034.vdocuments.us/reader034/viewer/2022042321/5f0ac76c7e708231d42d4c9a/html5/thumbnails/18.jpg)
LEAP: Structure
globaladdr head, tail; ghost addrSet region;
procedure insert (e:elem)addr prev, curr, aux;
begin1: prev := head;2: prev->lock;3: curr := prev->next;4: curr->lock;5: while curr->data < e do
......
......6: end while7: if curr != null /\curr->data > e then8: aux := malloc(e,null,#);9: aux->next := curr;
:connect10: prev->next := aux
$region := region Union {aux};$11: end if
......12: return(inserted)
end procedure
Ghost code
Program
LEAP
Function calls (no recursion)
Program Parser
Pointers
Location labeling
Memory allocation
Atomic sections14:
1:
4:5:
11:
13:
15:
16:
2:3:
12:
20:
Conditionals, loopsConditionals, loops
PointersFunction calls (no recursion)
Memory allocation
Atomic sectionsGhost code
globaladdr head, tail; ghost addrSet region;
procedure insert (e:elem)addr prev, curr, aux;
begin1: prev := head;2: prev->lock;3: curr := prev->next;4: curr->lock;5: while curr->data < e do
......
......6: end while7: if curr != null /\curr->data > e then8: aux := malloc(e,null,#);9: aux->next := curr;
:connect10: prev->next := aux
$region := region Union {aux};$11: end if
......12: return(inserted)
end procedure
14:
1:
4:5:
11:
13:
15:
16:
2:3:
12:
20:
![Page 19: Invariant Generation for Parametrized Systems using Self ...software.imdea.org/~asanchez/talks/2014-cav.pdf · LEAP A Tool for the Parametrized Veri cation of Concurrent Datatypes](https://reader034.vdocuments.us/reader034/viewer/2022042321/5f0ac76c7e708231d42d4c9a/html5/thumbnails/19.jpg)
LEAP: Structure
globaladdr head, tail; ghost addrSet region;
procedure insert (e:elem)addr prev, curr, aux;
begin1: prev := head;2: prev->lock;3: curr := prev->next;4: curr->lock;5: while curr->data < e do
......
......6: end while7: if curr != null /\curr->data > e then8: aux := malloc(e,null,#);9: aux->next := curr;
:connect10: prev->next := aux
$region := region Union {aux};$11: end if
......12: return(inserted)
end procedure
Program
Program Parser
LEAP
14:
1:
4:5:
11:
13:
15:
16:
2:3:
12:
20:
Transition System Generator
T1 T2 TN· · ·‖ ‖ ‖S[N ] =
![Page 20: Invariant Generation for Parametrized Systems using Self ...software.imdea.org/~asanchez/talks/2014-cav.pdf · LEAP A Tool for the Parametrized Veri cation of Concurrent Datatypes](https://reader034.vdocuments.us/reader034/viewer/2022042321/5f0ac76c7e708231d42d4c9a/html5/thumbnails/20.jpg)
LEAP: Structure
Program
Specs
Program Parser
LEAP
S1
S2
S3
Formula Parser
vars: tid i
specification [aux_ready] :
@connect(i). ->
(rd(heap, prev(i)).data < e /\
rd(heap, curr(i)).data > e /\
rd(heap, aux(i) ).data = e /\
rd(heap, prev(i)).next = curr(i) /\
rd(heap, aux(i) ).next = curr(i))
Transition System Generator
e
prev(i)
aux(i)
−∞ +∞
curr(i)
![Page 21: Invariant Generation for Parametrized Systems using Self ...software.imdea.org/~asanchez/talks/2014-cav.pdf · LEAP A Tool for the Parametrized Veri cation of Concurrent Datatypes](https://reader034.vdocuments.us/reader034/viewer/2022042321/5f0ac76c7e708231d42d4c9a/html5/thumbnails/21.jpg)
LEAP: Structure
Program
Specs
Program Parser
LEAP
S1
S2
S3
Formula Parser
vars: tid i
specification [aux_ready] :
@connect(i). ->
(rd(heap, prev(i)).data < e /\
rd(heap, curr(i)).data > e /\
rd(heap, aux(i) ).data = e /\
rd(heap, prev(i)).next = curr(i) /\
rd(heap, aux(i) ).next = curr(i))
Transition System Generator
e
prev(i)
aux(i)
−∞ +∞
curr(i)
![Page 22: Invariant Generation for Parametrized Systems using Self ...software.imdea.org/~asanchez/talks/2014-cav.pdf · LEAP A Tool for the Parametrized Veri cation of Concurrent Datatypes](https://reader034.vdocuments.us/reader034/viewer/2022042321/5f0ac76c7e708231d42d4c9a/html5/thumbnails/22.jpg)
LEAP: Structure
Program
Specs
Program Parser
Formula Parser
LEAP
S1
S2
S3
Transition System Generator
VC Generator
Each VC represents a small-step in the execution
All VC are QF as long as specs are QF
LEAP supports heuristics and tactics to aid verification
![Page 23: Invariant Generation for Parametrized Systems using Self ...software.imdea.org/~asanchez/talks/2014-cav.pdf · LEAP A Tool for the Parametrized Veri cation of Concurrent Datatypes](https://reader034.vdocuments.us/reader034/viewer/2022042321/5f0ac76c7e708231d42d4c9a/html5/thumbnails/23.jpg)
LEAP: Structure
Program
Specs
Program Parser
Formula Parser VC Generator
LEAP
S1
S2
S3
Transition System Generator
Each VC represents a small-step in the execution
Yices Z3 CVC4
Decision Procedures
Pos Skiplists Lists Num
Check validity using specialized decision procedures
All VC are QF as long as specs are QF
LEAP supports heuristics and tactics to aid verification
![Page 24: Invariant Generation for Parametrized Systems using Self ...software.imdea.org/~asanchez/talks/2014-cav.pdf · LEAP A Tool for the Parametrized Veri cation of Concurrent Datatypes](https://reader034.vdocuments.us/reader034/viewer/2022042321/5f0ac76c7e708231d42d4c9a/html5/thumbnails/24.jpg)
LEAP: Structure
Program
Specs
Program Parser
Formula Parser VC Generator
LEAP
vc1 XXvc2
vc3 X
vc4 Xvc5 X
counter example
counter exampleYices Z3 CVC4
Decision Procedures
Pos Skiplists Lists Num
S1
S2
S3
Transition System Generator
All VCs are checked valid?
Specification is verified Generate small counterexamples to aid the programmer
X X
![Page 25: Invariant Generation for Parametrized Systems using Self ...software.imdea.org/~asanchez/talks/2014-cav.pdf · LEAP A Tool for the Parametrized Veri cation of Concurrent Datatypes](https://reader034.vdocuments.us/reader034/viewer/2022042321/5f0ac76c7e708231d42d4c9a/html5/thumbnails/25.jpg)
LEAP: Current Status
I Full implementation for safety properties
I Ongoing implementation for liveness properties [TIME’14]
I Specialized decision procedures for:Presburger arithmetic with setsConcurrent fine-grained and lock-free lists [ICFEM’10]Concurrent fine-grained bounded height skiplists [NFM’11]Unbounded skiplists [ATVA’14]
I We have verified structural and functional specifications of:Mutual exclusion protocols based on integers and setsConcurrent lock-coupling single-linked listsLock-free queues and stacksBounded and unbounded skiplists
![Page 26: Invariant Generation for Parametrized Systems using Self ...software.imdea.org/~asanchez/talks/2014-cav.pdf · LEAP A Tool for the Parametrized Veri cation of Concurrent Datatypes](https://reader034.vdocuments.us/reader034/viewer/2022042321/5f0ac76c7e708231d42d4c9a/html5/thumbnails/26.jpg)
LEAP: Experimental Results
formula #solved vc Brute Heurist. DP time(s.) LEAPidx #vc pos dp time(s.) time(s.) slowest average time(s.)
1 list 0 61 38 23 ∞ 18.67 11.90 0.30 0.202 order 1 121 62 59 998.35 1.12 0.03 0.01 0.473 lock 1 121 76 45 778.15 0.47 0.02 0.01 0.184 next 1 121 60 61 ∞ 2.11 0.61 0.01 0.595 region 1 121 95 26 ∞ 22.58 18.17 0.18 0.236 disj 2 181 177 4 121.74 0.19 0.01 0.01 0.12
7 funSchLinear 1 121 97 24 ∞ 6.29 3.04 0.05 0.088 funSchInsert 1 121 93 28 ∞ 4.15 1.91 0.03 0.089 funSchRemove 1 121 93 28 ∞ 5.40 2.60 0.04 0.10
10 funSearch 1 208 198 10 ∞ 3.54 1.57 0.01 0.3411 funInsert 1 208 200 8 ∞ 0.50 0.01 0.01 0.2212 funRemove 1 208 200 8 ∞ 1.41 0.95 0.01 0.24
13 skiplist3 0 154 92 62 ∞ 1221.97 776.45 15.27 0.4514 region3 0 124 97 27 ∞ 27.50 17.36 0.34 0.5815 next3 0 84 65 19 ∞ 0.67 0.09 0.01 0.2016 order3 0 84 59 25 ∞ 9.66 7.80 0.10 1.31
17 skiplist 0 560 532 28 ∞ 19.79 5.40 0.24 0.1518 region 0 1583 1527 56 ∞ 44.28 22.66 0.54 1.3519 next 0 1899 1869 30 ∞ 3.19 0.32 0.02 1.5920 order 0 2531 2474 57 ∞ 11.19 2.35 0.84 6.75
21 mutex 2 28 26 2 0.32 0.01 0.01 0.01 0.0122 minticket 1 19 18 1 0.04 0.01 0.01 0.01 0.0123 notsame 2 28 26 2 0.13 0.03 0.01 0.01 0.01
24 mutexS 2 28 26 2 0.44 0.04 0.01 0.01 0.0125 minticketS 1 19 18 1 0.31 0.01 0.01 0.01 0.0126 notsameS 2 28 26 2 0.14 0.02 0.01 0.01 0.01
![Page 27: Invariant Generation for Parametrized Systems using Self ...software.imdea.org/~asanchez/talks/2014-cav.pdf · LEAP A Tool for the Parametrized Veri cation of Concurrent Datatypes](https://reader034.vdocuments.us/reader034/viewer/2022042321/5f0ac76c7e708231d42d4c9a/html5/thumbnails/27.jpg)
LEAP: Experimental Results
formula #solved vc Brute Heurist. DP time(s.) LEAPidx #vc pos dp time(s.) time(s.) slowest average time(s.)
1 list 0 61 38 23 ∞ 18.67 11.90 0.30 0.202 order 1 121 62 59 998.35 1.12 0.03 0.01 0.473 lock 1 121 76 45 778.15 0.47 0.02 0.01 0.184 next 1 121 60 61 ∞ 2.11 0.61 0.01 0.595 region 1 121 95 26 ∞ 22.58 18.17 0.18 0.236 disj 2 181 177 4 121.74 0.19 0.01 0.01 0.12
7 funSchLinear 1 121 97 24 ∞ 6.29 3.04 0.05 0.088 funSchInsert 1 121 93 28 ∞ 4.15 1.91 0.03 0.089 funSchRemove 1 121 93 28 ∞ 5.40 2.60 0.04 0.10
10 funSearch 1 208 198 10 ∞ 3.54 1.57 0.01 0.3411 funInsert 1 208 200 8 ∞ 0.50 0.01 0.01 0.2212 funRemove 1 208 200 8 ∞ 1.41 0.95 0.01 0.24
13 skiplist3 0 154 92 62 ∞ 1221.97 776.45 15.27 0.4514 region3 0 124 97 27 ∞ 27.50 17.36 0.34 0.5815 next3 0 84 65 19 ∞ 0.67 0.09 0.01 0.2016 order3 0 84 59 25 ∞ 9.66 7.80 0.10 1.31
17 skiplist 0 560 532 28 ∞ 19.79 5.40 0.24 0.1518 region 0 1583 1527 56 ∞ 44.28 22.66 0.54 1.3519 next 0 1899 1869 30 ∞ 3.19 0.32 0.02 1.5920 order 0 2531 2474 57 ∞ 11.19 2.35 0.84 6.75
21 mutex 2 28 26 2 0.32 0.01 0.01 0.01 0.0122 minticket 1 19 18 1 0.04 0.01 0.01 0.01 0.0123 notsame 2 28 26 2 0.13 0.03 0.01 0.01 0.01
24 mutexS 2 28 26 2 0.44 0.04 0.01 0.01 0.0125 minticketS 1 19 18 1 0.31 0.01 0.01 0.01 0.0126 notsameS 2 28 26 2 0.14 0.02 0.01 0.01 0.01
![Page 28: Invariant Generation for Parametrized Systems using Self ...software.imdea.org/~asanchez/talks/2014-cav.pdf · LEAP A Tool for the Parametrized Veri cation of Concurrent Datatypes](https://reader034.vdocuments.us/reader034/viewer/2022042321/5f0ac76c7e708231d42d4c9a/html5/thumbnails/28.jpg)
LEAP: Experimental Results
formula #solved vc Brute Heurist. DP time(s.) LEAPidx #vc pos dp time(s.) time(s.) slowest average time(s.)
1 list 0 61 38 23 ∞ 18.67 11.90 0.30 0.202 order 1 121 62 59 998.35 1.12 0.03 0.01 0.473 lock 1 121 76 45 778.15 0.47 0.02 0.01 0.184 next 1 121 60 61 ∞ 2.11 0.61 0.01 0.595 region 1 121 95 26 ∞ 22.58 18.17 0.18 0.236 disj 2 181 177 4 121.74 0.19 0.01 0.01 0.12
7 funSchLinear 1 121 97 24 ∞ 6.29 3.04 0.05 0.088 funSchInsert 1 121 93 28 ∞ 4.15 1.91 0.03 0.089 funSchRemove 1 121 93 28 ∞ 5.40 2.60 0.04 0.10
10 funSearch 1 208 198 10 ∞ 3.54 1.57 0.01 0.3411 funInsert 1 208 200 8 ∞ 0.50 0.01 0.01 0.2212 funRemove 1 208 200 8 ∞ 1.41 0.95 0.01 0.24
13 skiplist3 0 154 92 62 ∞ 1221.97 776.45 15.27 0.4514 region3 0 124 97 27 ∞ 27.50 17.36 0.34 0.5815 next3 0 84 65 19 ∞ 0.67 0.09 0.01 0.2016 order3 0 84 59 25 ∞ 9.66 7.80 0.10 1.31
17 skiplist 0 560 532 28 ∞ 19.79 5.40 0.24 0.1518 region 0 1583 1527 56 ∞ 44.28 22.66 0.54 1.3519 next 0 1899 1869 30 ∞ 3.19 0.32 0.02 1.5920 order 0 2531 2474 57 ∞ 11.19 2.35 0.84 6.75
21 mutex 2 28 26 2 0.32 0.01 0.01 0.01 0.0122 minticket 1 19 18 1 0.04 0.01 0.01 0.01 0.0123 notsame 2 28 26 2 0.13 0.03 0.01 0.01 0.01
24 mutexS 2 28 26 2 0.44 0.04 0.01 0.01 0.0125 minticketS 1 19 18 1 0.31 0.01 0.01 0.01 0.0126 notsameS 2 28 26 2 0.14 0.02 0.01 0.01 0.01
![Page 29: Invariant Generation for Parametrized Systems using Self ...software.imdea.org/~asanchez/talks/2014-cav.pdf · LEAP A Tool for the Parametrized Veri cation of Concurrent Datatypes](https://reader034.vdocuments.us/reader034/viewer/2022042321/5f0ac76c7e708231d42d4c9a/html5/thumbnails/29.jpg)
LEAP: Experimental Results
formula #solved vc Brute Heurist. DP time(s.) LEAPidx #vc pos dp time(s.) time(s.) slowest average time(s.)
1 list 0 61 38 23 ∞ 18.67 11.90 0.30 0.202 order 1 121 62 59 998.35 1.12 0.03 0.01 0.473 lock 1 121 76 45 778.15 0.47 0.02 0.01 0.184 next 1 121 60 61 ∞ 2.11 0.61 0.01 0.595 region 1 121 95 26 ∞ 22.58 18.17 0.18 0.236 disj 2 181 177 4 121.74 0.19 0.01 0.01 0.12
7 funSchLinear 1 121 97 24 ∞ 6.29 3.04 0.05 0.088 funSchInsert 1 121 93 28 ∞ 4.15 1.91 0.03 0.089 funSchRemove 1 121 93 28 ∞ 5.40 2.60 0.04 0.10
10 funSearch 1 208 198 10 ∞ 3.54 1.57 0.01 0.3411 funInsert 1 208 200 8 ∞ 0.50 0.01 0.01 0.2212 funRemove 1 208 200 8 ∞ 1.41 0.95 0.01 0.24
13 skiplist3 0 154 92 62 ∞ 1221.97 776.45 15.27 0.4514 region3 0 124 97 27 ∞ 27.50 17.36 0.34 0.5815 next3 0 84 65 19 ∞ 0.67 0.09 0.01 0.2016 order3 0 84 59 25 ∞ 9.66 7.80 0.10 1.31
17 skiplist 0 560 532 28 ∞ 19.79 5.40 0.24 0.1518 region 0 1583 1527 56 ∞ 44.28 22.66 0.54 1.3519 next 0 1899 1869 30 ∞ 3.19 0.32 0.02 1.5920 order 0 2531 2474 57 ∞ 11.19 2.35 0.84 6.75
21 mutex 2 28 26 2 0.32 0.01 0.01 0.01 0.0122 minticket 1 19 18 1 0.04 0.01 0.01 0.01 0.0123 notsame 2 28 26 2 0.13 0.03 0.01 0.01 0.01
24 mutexS 2 28 26 2 0.44 0.04 0.01 0.01 0.0125 minticketS 1 19 18 1 0.31 0.01 0.01 0.01 0.0126 notsameS 2 28 26 2 0.14 0.02 0.01 0.01 0.01
![Page 30: Invariant Generation for Parametrized Systems using Self ...software.imdea.org/~asanchez/talks/2014-cav.pdf · LEAP A Tool for the Parametrized Veri cation of Concurrent Datatypes](https://reader034.vdocuments.us/reader034/viewer/2022042321/5f0ac76c7e708231d42d4c9a/html5/thumbnails/30.jpg)
LEAP: Experimental Results
formula #solved vc Brute Heurist. DP time(s.) LEAPidx #vc pos dp time(s.) time(s.) slowest average time(s.)
1 list 0 61 38 23 ∞ 18.67 11.90 0.30 0.202 order 1 121 62 59 998.35 1.12 0.03 0.01 0.473 lock 1 121 76 45 778.15 0.47 0.02 0.01 0.184 next 1 121 60 61 ∞ 2.11 0.61 0.01 0.595 region 1 121 95 26 ∞ 22.58 18.17 0.18 0.236 disj 2 181 177 4 121.74 0.19 0.01 0.01 0.12
7 funSchLinear 1 121 97 24 ∞ 6.29 3.04 0.05 0.088 funSchInsert 1 121 93 28 ∞ 4.15 1.91 0.03 0.089 funSchRemove 1 121 93 28 ∞ 5.40 2.60 0.04 0.10
10 funSearch 1 208 198 10 ∞ 3.54 1.57 0.01 0.3411 funInsert 1 208 200 8 ∞ 0.50 0.01 0.01 0.2212 funRemove 1 208 200 8 ∞ 1.41 0.95 0.01 0.24
13 skiplist3 0 154 92 62 ∞ 1221.97 776.45 15.27 0.4514 region3 0 124 97 27 ∞ 27.50 17.36 0.34 0.5815 next3 0 84 65 19 ∞ 0.67 0.09 0.01 0.2016 order3 0 84 59 25 ∞ 9.66 7.80 0.10 1.31
17 skiplist 0 560 532 28 ∞ 19.79 5.40 0.24 0.1518 region 0 1583 1527 56 ∞ 44.28 22.66 0.54 1.3519 next 0 1899 1869 30 ∞ 3.19 0.32 0.02 1.5920 order 0 2531 2474 57 ∞ 11.19 2.35 0.84 6.75
21 mutex 2 28 26 2 0.32 0.01 0.01 0.01 0.0122 minticket 1 19 18 1 0.04 0.01 0.01 0.01 0.0123 notsame 2 28 26 2 0.13 0.03 0.01 0.01 0.01
24 mutexS 2 28 26 2 0.44 0.04 0.01 0.01 0.0125 minticketS 1 19 18 1 0.31 0.01 0.01 0.01 0.0126 notsameS 2 28 26 2 0.14 0.02 0.01 0.01 0.01
![Page 31: Invariant Generation for Parametrized Systems using Self ...software.imdea.org/~asanchez/talks/2014-cav.pdf · LEAP A Tool for the Parametrized Veri cation of Concurrent Datatypes](https://reader034.vdocuments.us/reader034/viewer/2022042321/5f0ac76c7e708231d42d4c9a/html5/thumbnails/31.jpg)
LEAP: Experimental Results
formula #solved vc Brute Heurist. DP time(s.) LEAPidx #vc pos dp time(s.) time(s.) slowest average time(s.)
1 list 0 61 38 23 ∞ 18.67 11.90 0.30 0.202 order 1 121 62 59 998.35 1.12 0.03 0.01 0.473 lock 1 121 76 45 778.15 0.47 0.02 0.01 0.184 next 1 121 60 61 ∞ 2.11 0.61 0.01 0.595 region 1 121 95 26 ∞ 22.58 18.17 0.18 0.236 disj 2 181 177 4 121.74 0.19 0.01 0.01 0.12
7 funSchLinear 1 121 97 24 ∞ 6.29 3.04 0.05 0.088 funSchInsert 1 121 93 28 ∞ 4.15 1.91 0.03 0.089 funSchRemove 1 121 93 28 ∞ 5.40 2.60 0.04 0.10
10 funSearch 1 208 198 10 ∞ 3.54 1.57 0.01 0.3411 funInsert 1 208 200 8 ∞ 0.50 0.01 0.01 0.2212 funRemove 1 208 200 8 ∞ 1.41 0.95 0.01 0.24
13 skiplist3 0 154 92 62 ∞ 1221.97 776.45 15.27 0.4514 region3 0 124 97 27 ∞ 27.50 17.36 0.34 0.5815 next3 0 84 65 19 ∞ 0.67 0.09 0.01 0.2016 order3 0 84 59 25 ∞ 9.66 7.80 0.10 1.31
17 skiplist 0 560 532 28 ∞ 19.79 5.40 0.24 0.1518 region 0 1583 1527 56 ∞ 44.28 22.66 0.54 1.3519 next 0 1899 1869 30 ∞ 3.19 0.32 0.02 1.5920 order 0 2531 2474 57 ∞ 11.19 2.35 0.84 6.75
21 mutex 2 28 26 2 0.32 0.01 0.01 0.01 0.0122 minticket 1 19 18 1 0.04 0.01 0.01 0.01 0.0123 notsame 2 28 26 2 0.13 0.03 0.01 0.01 0.01
24 mutexS 2 28 26 2 0.44 0.04 0.01 0.01 0.0125 minticketS 1 19 18 1 0.31 0.01 0.01 0.01 0.0126 notsameS 2 28 26 2 0.14 0.02 0.01 0.01 0.01
Heuristics arefundamental
![Page 32: Invariant Generation for Parametrized Systems using Self ...software.imdea.org/~asanchez/talks/2014-cav.pdf · LEAP A Tool for the Parametrized Veri cation of Concurrent Datatypes](https://reader034.vdocuments.us/reader034/viewer/2022042321/5f0ac76c7e708231d42d4c9a/html5/thumbnails/32.jpg)
LEAP: Experimental Results
formula #solved vc Brute Heurist. DP time(s.) LEAPidx #vc pos dp time(s.) time(s.) slowest average time(s.)
1 list 0 61 38 23 ∞ 18.67 11.90 0.30 0.202 order 1 121 62 59 998.35 1.12 0.03 0.01 0.473 lock 1 121 76 45 778.15 0.47 0.02 0.01 0.184 next 1 121 60 61 ∞ 2.11 0.61 0.01 0.595 region 1 121 95 26 ∞ 22.58 18.17 0.18 0.236 disj 2 181 177 4 121.74 0.19 0.01 0.01 0.12
7 funSchLinear 1 121 97 24 ∞ 6.29 3.04 0.05 0.088 funSchInsert 1 121 93 28 ∞ 4.15 1.91 0.03 0.089 funSchRemove 1 121 93 28 ∞ 5.40 2.60 0.04 0.10
10 funSearch 1 208 198 10 ∞ 3.54 1.57 0.01 0.3411 funInsert 1 208 200 8 ∞ 0.50 0.01 0.01 0.2212 funRemove 1 208 200 8 ∞ 1.41 0.95 0.01 0.24
13 skiplist3 0 154 92 62 ∞ 1221.97 776.45 15.27 0.4514 region3 0 124 97 27 ∞ 27.50 17.36 0.34 0.5815 next3 0 84 65 19 ∞ 0.67 0.09 0.01 0.2016 order3 0 84 59 25 ∞ 9.66 7.80 0.10 1.31
17 skiplist 0 560 532 28 ∞ 19.79 5.40 0.24 0.1518 region 0 1583 1527 56 ∞ 44.28 22.66 0.54 1.3519 next 0 1899 1869 30 ∞ 3.19 0.32 0.02 1.5920 order 0 2531 2474 57 ∞ 11.19 2.35 0.84 6.75
21 mutex 2 28 26 2 0.32 0.01 0.01 0.01 0.0122 minticket 1 19 18 1 0.04 0.01 0.01 0.01 0.0123 notsame 2 28 26 2 0.13 0.03 0.01 0.01 0.01
24 mutexS 2 28 26 2 0.44 0.04 0.01 0.01 0.0125 minticketS 1 19 18 1 0.31 0.01 0.01 0.01 0.0126 notsameS 2 28 26 2 0.14 0.02 0.01 0.01 0.01
LEAP analysis timeremains insignificant
![Page 33: Invariant Generation for Parametrized Systems using Self ...software.imdea.org/~asanchez/talks/2014-cav.pdf · LEAP A Tool for the Parametrized Veri cation of Concurrent Datatypes](https://reader034.vdocuments.us/reader034/viewer/2022042321/5f0ac76c7e708231d42d4c9a/html5/thumbnails/33.jpg)
LEAP: Experimental Results
formula #solved vc Brute Heurist. DP time(s.) LEAPidx #vc pos dp time(s.) time(s.) slowest average time(s.)
1 list 0 61 38 23 ∞ 18.67 11.90 0.30 0.202 order 1 121 62 59 998.35 1.12 0.03 0.01 0.473 lock 1 121 76 45 778.15 0.47 0.02 0.01 0.184 next 1 121 60 61 ∞ 2.11 0.61 0.01 0.595 region 1 121 95 26 ∞ 22.58 18.17 0.18 0.236 disj 2 181 177 4 121.74 0.19 0.01 0.01 0.12
7 funSchLinear 1 121 97 24 ∞ 6.29 3.04 0.05 0.088 funSchInsert 1 121 93 28 ∞ 4.15 1.91 0.03 0.089 funSchRemove 1 121 93 28 ∞ 5.40 2.60 0.04 0.10
10 funSearch 1 208 198 10 ∞ 3.54 1.57 0.01 0.3411 funInsert 1 208 200 8 ∞ 0.50 0.01 0.01 0.2212 funRemove 1 208 200 8 ∞ 1.41 0.95 0.01 0.24
13 skiplist3 0 154 92 62 ∞ 1221.97 776.45 15.27 0.4514 region3 0 124 97 27 ∞ 27.50 17.36 0.34 0.5815 next3 0 84 65 19 ∞ 0.67 0.09 0.01 0.2016 order3 0 84 59 25 ∞ 9.66 7.80 0.10 1.31
17 skiplist 0 560 532 28 ∞ 19.79 5.40 0.24 0.1518 region 0 1583 1527 56 ∞ 44.28 22.66 0.54 1.3519 next 0 1899 1869 30 ∞ 3.19 0.32 0.02 1.5920 order 0 2531 2474 57 ∞ 11.19 2.35 0.84 6.75
21 mutex 2 28 26 2 0.32 0.01 0.01 0.01 0.0122 minticket 1 19 18 1 0.04 0.01 0.01 0.01 0.0123 notsame 2 28 26 2 0.13 0.03 0.01 0.01 0.01
24 mutexS 2 28 26 2 0.44 0.04 0.01 0.01 0.0125 minticketS 1 19 18 1 0.31 0.01 0.01 0.01 0.0126 notsameS 2 28 26 2 0.14 0.02 0.01 0.01 0.01
Decision procedures perform well...but still room for improvements
![Page 34: Invariant Generation for Parametrized Systems using Self ...software.imdea.org/~asanchez/talks/2014-cav.pdf · LEAP A Tool for the Parametrized Veri cation of Concurrent Datatypes](https://reader034.vdocuments.us/reader034/viewer/2022042321/5f0ac76c7e708231d42d4c9a/html5/thumbnails/34.jpg)
LEAP: Future Directions and Ideas
Program
Specs
Program Parser
Formula Parser VC Generator
LEAP
vc1 XXvc2
vc3 X
vc4 Xvc5 X
counter example
counter exampleYices Z3 CVC4
Decision Procedures
Pos Skiplists Lists Num
S1
S2
S3
Transition System Generator
![Page 35: Invariant Generation for Parametrized Systems using Self ...software.imdea.org/~asanchez/talks/2014-cav.pdf · LEAP A Tool for the Parametrized Veri cation of Concurrent Datatypes](https://reader034.vdocuments.us/reader034/viewer/2022042321/5f0ac76c7e708231d42d4c9a/html5/thumbnails/35.jpg)
LEAP: Future Directions and Ideas
Program
Specs
Program Parser
Formula Parser VC Generator
LEAP
vc1 XXvc2
vc3 X
vc4 Xvc5 X
counter example
counter exampleYices Z3 CVC4
Decision Procedures
Pos Skiplists Lists Num
S1
S2
S3
Transition System Generator
Adapt parser for C,JAVA,...
Use CIL/Frama-Cas front-end
![Page 36: Invariant Generation for Parametrized Systems using Self ...software.imdea.org/~asanchez/talks/2014-cav.pdf · LEAP A Tool for the Parametrized Veri cation of Concurrent Datatypes](https://reader034.vdocuments.us/reader034/viewer/2022042321/5f0ac76c7e708231d42d4c9a/html5/thumbnails/36.jpg)
LEAP: Future Directions and Ideas
Program
Specs
Program Parser
Formula Parser VC Generator
LEAP
vc1 XXvc2
vc3 X
vc4 Xvc5 X
counter example
counter exampleYices Z3 CVC4
Decision Procedures
Pos Skiplists Lists Num
S1
S2
S3
Transition System Generator
Use generated infofor specs refinement
Adapt parser for C,JAVA,...
Use CIL/Frama-Cas front-end
![Page 37: Invariant Generation for Parametrized Systems using Self ...software.imdea.org/~asanchez/talks/2014-cav.pdf · LEAP A Tool for the Parametrized Veri cation of Concurrent Datatypes](https://reader034.vdocuments.us/reader034/viewer/2022042321/5f0ac76c7e708231d42d4c9a/html5/thumbnails/37.jpg)
LEAP: Future Directions and Ideas
Program
Specs
Program Parser
Formula Parser VC Generator
LEAP
vc1 XXvc2
vc3 X
vc4 Xvc5 X
counter example
counter exampleYices Z3 CVC4
Decision Procedures
Pos Skiplists Lists Num
S1
S2
S3
Transition System Generator
ImplementlivenessUse generated info
for specs refinement
Adapt parser for C,JAVA,...
Use CIL/Frama-Cas front-end
![Page 38: Invariant Generation for Parametrized Systems using Self ...software.imdea.org/~asanchez/talks/2014-cav.pdf · LEAP A Tool for the Parametrized Veri cation of Concurrent Datatypes](https://reader034.vdocuments.us/reader034/viewer/2022042321/5f0ac76c7e708231d42d4c9a/html5/thumbnails/38.jpg)
LEAP: Future Directions and Ideas
Program
Specs
Program Parser
Formula Parser VC Generator
LEAP
vc1 XXvc2
vc3 X
vc4 Xvc5 X
counter example
counter exampleYices Z3 CVC4
Decision Procedures
Pos Skiplists Lists Num
S1
S2
S3
Transition System Generator
ImplementlivenessUse generated info
for specs refinement
Adaptation ofabstract-interpretation
invariant generators
Adapt parser for C,JAVA,...
Use CIL/Frama-Cas front-end
![Page 39: Invariant Generation for Parametrized Systems using Self ...software.imdea.org/~asanchez/talks/2014-cav.pdf · LEAP A Tool for the Parametrized Veri cation of Concurrent Datatypes](https://reader034.vdocuments.us/reader034/viewer/2022042321/5f0ac76c7e708231d42d4c9a/html5/thumbnails/39.jpg)
LEAP: Future Directions and Ideas
Program
Specs
Program Parser
Formula Parser VC Generator
LEAP
vc1 XXvc2
vc3 X
vc4 Xvc5 X
counter example
counter exampleYices Z3 CVC4
Decision Procedures
Pos Skiplists Lists Num
S1
S2
S3
Transition System Generator
ImplementlivenessUse generated info
for specs refinement
More decision procedures:double-linked lists,
hashmaps,...
Adaptation ofabstract-interpretation
invariant generators
Adapt parser for C,JAVA,...
Use CIL/Frama-Cas front-end
![Page 40: Invariant Generation for Parametrized Systems using Self ...software.imdea.org/~asanchez/talks/2014-cav.pdf · LEAP A Tool for the Parametrized Veri cation of Concurrent Datatypes](https://reader034.vdocuments.us/reader034/viewer/2022042321/5f0ac76c7e708231d42d4c9a/html5/thumbnails/40.jpg)
Conclusions
I Deductive verification tool for concurrent datatypes...
I Aiming the verification of parametrized symmetric systems
I ... using specialized decision procedures
I Safety fully implemented, liveness ongoing work
LEAP and examples available online at
software.imdea.org/leap
(demo on demand)
![Page 41: Invariant Generation for Parametrized Systems using Self ...software.imdea.org/~asanchez/talks/2014-cav.pdf · LEAP A Tool for the Parametrized Veri cation of Concurrent Datatypes](https://reader034.vdocuments.us/reader034/viewer/2022042321/5f0ac76c7e708231d42d4c9a/html5/thumbnails/41.jpg)
Demo
I List preservation concurrent lock-coupling single-linked lists
head tail
−∞ +∞2 5 8 10
prev curr
6aux
region
![Page 42: Invariant Generation for Parametrized Systems using Self ...software.imdea.org/~asanchez/talks/2014-cav.pdf · LEAP A Tool for the Parametrized Veri cation of Concurrent Datatypes](https://reader034.vdocuments.us/reader034/viewer/2022042321/5f0ac76c7e708231d42d4c9a/html5/thumbnails/42.jpg)
Demo
I List preservation concurrent lock-coupling single-linked lists
head tail
−∞ +∞2 5 8 10
prev curr
6aux
I Transition 34: aux->next := curr
region
![Page 43: Invariant Generation for Parametrized Systems using Self ...software.imdea.org/~asanchez/talks/2014-cav.pdf · LEAP A Tool for the Parametrized Veri cation of Concurrent Datatypes](https://reader034.vdocuments.us/reader034/viewer/2022042321/5f0ac76c7e708231d42d4c9a/html5/thumbnails/43.jpg)
Demo
I List preservation concurrent lock-coupling single-linked lists
head tail
−∞ +∞2 5 8 10
prev curr
6aux
I Transition 34: aux->next := curr
region
I Counter example
head
−∞ 2
region
aux
tailcurr
![Page 44: Invariant Generation for Parametrized Systems using Self ...software.imdea.org/~asanchez/talks/2014-cav.pdf · LEAP A Tool for the Parametrized Veri cation of Concurrent Datatypes](https://reader034.vdocuments.us/reader034/viewer/2022042321/5f0ac76c7e708231d42d4c9a/html5/thumbnails/44.jpg)
Demo
I List preservation concurrent lock-coupling single-linked lists
head tail
−∞ +∞2 5 8 10
prev curr
6aux
I Transition 34: aux->next := curr
region
I Counter example
head
−∞ 2
region
aux
tailcurr
head
−∞ 2
region
aux
tail