reducing context-bounded concurrent reachability to sequential reachability
DESCRIPTION
Reducing Context-bounded Concurrent Reachability to Sequential Reachability. Gennaro Parlato University of Illinois at Urbana-Champaign Salvatore La Torre (U. Salerno, Italy) P. Madhusudan (U . Illinois U.-C., U.S.A.). What is this talk about?. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Reducing Context-bounded Concurrent Reachability to Sequential Reachability](https://reader035.vdocuments.us/reader035/viewer/2022062502/56814c48550346895db94f08/html5/thumbnails/1.jpg)
Reducing Context-bounded Concurrent Reachability to Sequential Reachability
Gennaro ParlatoUniversity of Illinois at Urbana-Champaign
Salvatore La Torre (U. Salerno, Italy)P. Madhusudan (U . Illinois U.-C., U.S.A.)
![Page 2: Reducing Context-bounded Concurrent Reachability to Sequential Reachability](https://reader035.vdocuments.us/reader035/viewer/2022062502/56814c48550346895db94f08/html5/thumbnails/2.jpg)
What is this talk about? Translation from concurrent recursive programs to
sequential programs that preserves reachability
Use existing technique for sequential programs to analyze concurrent programs Model checkers, Deductive verification, …
T1 T2 Tn
shared vars
…Seq.
program
![Page 3: Reducing Context-bounded Concurrent Reachability to Sequential Reachability](https://reader035.vdocuments.us/reader035/viewer/2022062502/56814c48550346895db94f08/html5/thumbnails/3.jpg)
From concurrent to sequential
Always possible but can be inefficient simulate the global behavior (track all locals of each thread) current techniques do not work
What do we want? avoid the extreme blow-up track at any point only the locals of one thread
What we want is not always possible
But is possible restricted : bounded context-switching reahability [Quadeer,Wu, PLDI’04] errors manifest within few contest-switches [Musuvathi, Qadeer, PLDI’07]
![Page 4: Reducing Context-bounded Concurrent Reachability to Sequential Reachability](https://reader035.vdocuments.us/reader035/viewer/2022062502/56814c48550346895db94f08/html5/thumbnails/4.jpg)
Concurrent programs fixed number of (recursive) threads running in parallel
each thread Ti has its own local variables
threads communicate through shared variables
T1 T2 Tn
shared vars
…loc loc loc
![Page 5: Reducing Context-bounded Concurrent Reachability to Sequential Reachability](https://reader035.vdocuments.us/reader035/viewer/2022062502/56814c48550346895db94f08/html5/thumbnails/5.jpg)
Anatomy of a k-CS execution
(l, s1)
(l, s2)
(l’1,s1)
(l’2,s2)
T1 T2
![Page 6: Reducing Context-bounded Concurrent Reachability to Sequential Reachability](https://reader035.vdocuments.us/reader035/viewer/2022062502/56814c48550346895db94f08/html5/thumbnails/6.jpg)
A transformation already exists [Lal, Reps CAV’08]
Sequential program
1. Execute T1 to completion
2. Remember s1, s2,…, sk
3. Execute T2 to completion
(l1,s1)
s1
s2
s3
s4
s5
T1
(l1,s2)
(l2,s3)
(l2,s4)
(l3,s5)
store s1
guess s2
store s3
guess s4
store s5
T2
![Page 7: Reducing Context-bounded Concurrent Reachability to Sequential Reachability](https://reader035.vdocuments.us/reader035/viewer/2022062502/56814c48550346895db94f08/html5/thumbnails/7.jpg)
A transformation already exists [Lal, Reps CAV’08]
Sequential program
1. Execute T1 to completion
2. Remember s1, s2,…, sk
3. Execute T2 to completion
(l’1,s1)
s1
s2
s3
s4
s5
T1
(l’2,s2)
(l’2,s3)
(l’3,s4)
(l’3,s5)
T2
s2-> s3
s4-> s5
![Page 8: Reducing Context-bounded Concurrent Reachability to Sequential Reachability](https://reader035.vdocuments.us/reader035/viewer/2022062502/56814c48550346895db94f08/html5/thumbnails/8.jpg)
A transformation already exists [Lal, Reps CAV’08]
s1
s2
s3
s4
s5
T1
s2 is guesseds2 may be unreachable
EAGER
T2
![Page 9: Reducing Context-bounded Concurrent Reachability to Sequential Reachability](https://reader035.vdocuments.us/reader035/viewer/2022062502/56814c48550346895db94f08/html5/thumbnails/9.jpg)
Eager transformation: disadvantages
void thread1() { while (blocked) skip; x = x/y; if (x%2==1) ERROR; }
void thread2() { x=12; y=2;
//unblock thread2 blocked=false;}
// shared variablesbool blocked=true;int x=0, y=0;
Inv: y != 0
blocked=true
blocked=false
guess y=0
![Page 10: Reducing Context-bounded Concurrent Reachability to Sequential Reachability](https://reader035.vdocuments.us/reader035/viewer/2022062502/56814c48550346895db94f08/html5/thumbnails/10.jpg)
We want a lazy transformation
The lazy sequential program explores only reachable states of the concurrent program
Why is it desirable?
In model-checking it can drastically reduce the explored state-space Better invariants for deductive verification
A lazy transformation to sequential programs was not known
![Page 11: Reducing Context-bounded Concurrent Reachability to Sequential Reachability](https://reader035.vdocuments.us/reader035/viewer/2022062502/56814c48550346895db94f08/html5/thumbnails/11.jpg)
Our contribution
Lazy transformation from concurrent to sequential programs that reduces the k context-switches reachability problem
Model-checking Lazy => unreachable states not explored Implementation of translation for Boolean programs Evaluation on a Bluetooth device driver
![Page 12: Reducing Context-bounded Concurrent Reachability to Sequential Reachability](https://reader035.vdocuments.us/reader035/viewer/2022062502/56814c48550346895db94f08/html5/thumbnails/12.jpg)
Lazy transformation
![Page 13: Reducing Context-bounded Concurrent Reachability to Sequential Reachability](https://reader035.vdocuments.us/reader035/viewer/2022062502/56814c48550346895db94f08/html5/thumbnails/13.jpg)
Lazy transformation: main idea
Execute T1
Context-switch: store s1
and abort
Execute T2 from s1
store s2 and abort
(l1,s1)
(l’1,s1)
(l’2,s2)
T1(l0,s0)
T2
store s1
& abort store s2
& abort
![Page 14: Reducing Context-bounded Concurrent Reachability to Sequential Reachability](https://reader035.vdocuments.us/reader035/viewer/2022062502/56814c48550346895db94f08/html5/thumbnails/14.jpg)
Lazy transformation: main idea
Re-execute T1 till it reaches s1
May reach a new local state!
But is anyway correct !!
(l1,s1)
(l’1,s1)
(l’2,s2)
T1(l0,s0)
T2
store s1
& abort store s2
& abort(l’’1,s1)
store s3
& abort
(l’’1,s2)
![Page 15: Reducing Context-bounded Concurrent Reachability to Sequential Reachability](https://reader035.vdocuments.us/reader035/viewer/2022062502/56814c48550346895db94f08/html5/thumbnails/15.jpg)
Lazy transformation: main idea
Switch to T2
Execute till it reaches s2
Continue computation
(l1,s1)
(l’1,s1)
(l’2,s2)
T1(l0,s0)
T2
store s1
& abort store s2
& abort(l’’1,s1)
store s3
& abort
(l’’’1,s2)
(l’’1,s2) (l’’’1,s3)
store s4
& abort
![Page 16: Reducing Context-bounded Concurrent Reachability to Sequential Reachability](https://reader035.vdocuments.us/reader035/viewer/2022062502/56814c48550346895db94f08/html5/thumbnails/16.jpg)
Lazy transformation: main idea
T1 T2
store s1
store s2
store s3
store s4
store s5
end
s1
s2
s3s4
s1
s2
s3
s4
s5
![Page 17: Reducing Context-bounded Concurrent Reachability to Sequential Reachability](https://reader035.vdocuments.us/reader035/viewer/2022062502/56814c48550346895db94f08/html5/thumbnails/17.jpg)
Lazy translation scheme
main()
Thread1()
Output is a sequential program consisting of:
Thread2()
![Page 18: Reducing Context-bounded Concurrent Reachability to Sequential Reachability](https://reader035.vdocuments.us/reader035/viewer/2022062502/56814c48550346895db94f08/html5/thumbnails/18.jpg)
Lazy translation scheme
main()
Thread1()
stmt1;
stmt2;
Output is a sequential program consisting of:
Thread2()
Guess scheduling Orchestrate calls to threads
Nondet jump to next context where this thread is active At last context-switch, store shared state, abort, and return to main
![Page 19: Reducing Context-bounded Concurrent Reachability to Sequential Reachability](https://reader035.vdocuments.us/reader035/viewer/2022062502/56814c48550346895db94f08/html5/thumbnails/19.jpg)
Reduction of bounded context-switch reachability
Theorem:Let C be a concurrent program, k>0 and pc be a program counter of C
pc is reachable in C within k context switches iff pc is reachable in SeqProgk(C)
![Page 20: Reducing Context-bounded Concurrent Reachability to Sequential Reachability](https://reader035.vdocuments.us/reader035/viewer/2022062502/56814c48550346895db94f08/html5/thumbnails/20.jpg)
Lazy translation
Explores only reachable states
Preserves invariants across the translation
Tracks local state of one thread at any time
Tracks values of shared variables at context switches (s1, s2, …, sk)
Requires recomputation of local states
![Page 21: Reducing Context-bounded Concurrent Reachability to Sequential Reachability](https://reader035.vdocuments.us/reader035/viewer/2022062502/56814c48550346895db94f08/html5/thumbnails/21.jpg)
Experiments
![Page 22: Reducing Context-bounded Concurrent Reachability to Sequential Reachability](https://reader035.vdocuments.us/reader035/viewer/2022062502/56814c48550346895db94f08/html5/thumbnails/22.jpg)
Model checking concurrent Boolean programs
Boolean programs Concurrent Boolean programs Boolean programs
We have implemented the eager and lazy translator for concurrent Boolean programs
Download: http://www.cs.uiuc.edu/~madhu/getafix/cbp2bp Eager => explores unreachable states Lazy => explores only reachable states
![Page 23: Reducing Context-bounded Concurrent Reachability to Sequential Reachability](https://reader035.vdocuments.us/reader035/viewer/2022062502/56814c48550346895db94f08/html5/thumbnails/23.jpg)
Experiments: Windows NT Bluetooth driver
Contextswitches
1-adder1-stopper
2-adders1-stopper
1-adder 2-stoppers
2-adders 2-stoppers
eager lazy eager lazy eager lazy eager lazy
123456
NNNNNN
0.10.3
43.373.6
930.0-
0.10.21.45.5
20.266.8
NNNYYY
0.20.9
135.91601.0
--
0.10.86.32.6
18.0122.9
NNYYYY
0.10.7
70.1597.2
--
0.10.90.42.9
14.066.1
NNYYYY
0.21.6
177.6out of mem.out of mem.out of mem.
0.12.00.87.5
66.5535.9
![Page 24: Reducing Context-bounded Concurrent Reachability to Sequential Reachability](https://reader035.vdocuments.us/reader035/viewer/2022062502/56814c48550346895db94f08/html5/thumbnails/24.jpg)
Related Work
KISS project [Qadeer-Wu,PLDI’04]
Decidability of context-bounded analysis [Qadeer-Rehof,TACAS05]
Automata-based symbolic solution [Suwimonteerabuth-Esparza-Schwoon,SPIN’08]]
Symbolic fixed-point solution to lazy computation of reachable states [La Torre-Madhusudan-Parlato,PLDI’09]
Eager translation and symbolic algorithm to compute reachable states lazily
[Lal-Reps,CAV’08]
Translation for deductive verification [Lahiri-Qadeer-Rakamaric, CAV09]
next talk!!
![Page 25: Reducing Context-bounded Concurrent Reachability to Sequential Reachability](https://reader035.vdocuments.us/reader035/viewer/2022062502/56814c48550346895db94f08/html5/thumbnails/25.jpg)
Future work
We have a lazy transformation for unbounded number of threads!!!