Reducing Context-bounded Concurrent Reachability to Sequential Reachability

  • View
    27

  • Download
    1

Embed Size (px)

DESCRIPTION

Reducing Context-bounded Concurrent Reachability to Sequential Reachability. Gennaro Parlato University of Illinois at Urbana-Champaign Salvatore La Torre (U. Salerno, Italy) P. Madhusudan (U . Illinois U.-C., U.S.A.). What is this talk about?. - PowerPoint PPT Presentation

Text of Reducing Context-bounded Concurrent Reachability to Sequential Reachability

  • Reducing Context-bounded Concurrent Reachability to Sequential Reachability

    Gennaro ParlatoUniversity of Illinois at Urbana-Champaign

    Salvatore La Torre (U. Salerno, Italy)P. Madhusudan (U . Illinois U.-C., U.S.A.)

  • What is this talk about?Translation from concurrent recursive programs to sequential programs that preserves reachability

    Use existing technique for sequential programs to analyze concurrent programsModel checkers, Deductive verification,

    T1

    T2

    Tnshared varsSeq.program

  • From concurrent to sequential

    Always possible but can be inefficientsimulate the global behavior (track all locals of each thread)current techniques do not work

    What do we want?avoid the extreme blow-uptrack at any point only the locals of one thread

    What we want is not always possible

    But is possiblerestricted : bounded context-switching reahability [Quadeer,Wu, PLDI04]errors manifest within few contest-switches [Musuvathi, Qadeer, PLDI07]

  • Concurrent programsfixed number of (recursive) threads running in parallel

    each thread Ti has its own local variables

    threads communicate through shared variables

    T1

    T2

    Tnshared varsloclocloc

  • Anatomy of a k-CS execution(l, s1)(l, s2)(l1,s1)(l2,s2)T1T2

  • A transformation already exists[Lal, Reps CAV08]

    Sequential program

    Execute T1 to completionRemember s1, s2,, skExecute T2 to completion(l1,s1)s1s2s3s4s5T1(l1,s2)(l2,s3)(l2,s4)(l3,s5)store s1guess s2store s3guess s4store s5T2

  • A transformation already exists[Lal, Reps CAV08]

    Sequential program

    Execute T1 to completionRemember s1, s2,, skExecute T2 to completion(l1,s1)s1s2s3s4s5T1(l2,s2)(l2,s3)(l3,s4)(l3,s5)T2s2-> s3s4-> s5

  • A transformation already exists[Lal, Reps CAV08] s1s2s3s4s5T1s2 is guesseds2 may be unreachable

    EAGERT2

  • Eager transformation: disadvantagesvoid thread1() { while (blocked) skip; x = x/y; if (x%2==1) ERROR; }void thread2() { x=12; y=2;

    //unblock thread2 blocked=false;}// shared variablesbool blocked=true;int x=0, y=0;Inv: y != 0

  • We want a lazy transformation

    The lazy sequential program explores only reachable states of the concurrent program Why is it desirable? In model-checking it can drastically reduce the explored state-spaceBetter invariants for deductive verification

    A lazy transformation to sequential programs was not known

  • Our contributionLazy transformation from concurrent to sequential programs that reduces the k context-switches reachability problem

    Model-checkingLazy => unreachable states not exploredImplementation of translation for Boolean programsEvaluation on a Bluetooth device driver

  • Lazy transformation

  • Lazy transformation: main idea

    Execute T1

    Context-switch: store s1 and abort

    Execute T2 from s1

    store s2 and abort(l1,s1)(l1,s1)(l2,s2)T1(l0,s0)T2store s1& abortstore s2& abort

  • Lazy transformation: main idea

    Re-execute T1 till it reaches s1

    May reach a new local state!

    But is anyway correct !! (l1,s1)(l1,s1)(l2,s2)T1(l0,s0)T2store s1& abortstore s2& abort(l1,s1)store s3& abort(l1,s2)

  • Lazy transformation: main idea

    Switch to T2

    Execute till it reaches s2

    Continue computation (l1,s1)(l1,s1)(l2,s2)T1(l0,s0)T2store s1& abortstore s2& abort(l1,s1)store s3& abort(l1,s2)(l1,s2)(l1,s3)store s4& abort

  • Lazy transformation: main ideaT1T2store s1store s2store s3store s4store s5ends1s2s3s4s1s2s3s4s5

  • Lazy translation schememain()Thread1()Output is a sequential program consisting of:Thread2()

  • Lazy translation schememain()Thread1()

    stmt1; stmt2;Output is a sequential program consisting of:Thread2()

    Guess scheduling Orchestrate calls to threads

    Nondet jump to next context where this thread is active At last context-switch, store shared state, abort, and return to main

  • Reduction of bounded context-switch reachability

    Theorem:Let C be a concurrent program, k>0 and pc be a program counter of C

    pc is reachable in C within k context switches iff pc is reachable in SeqProgk(C)

  • Lazy translation

    Explores only reachable states

    Preserves invariants across the translation

    Tracks local state of one thread at any time

    Tracks values of shared variables at context switches (s1, s2, , sk) Requires recomputation of local states

  • Experiments

  • Model checking concurrent Boolean programs

    Boolean programs Concurrent Boolean programs Boolean programs

    We have implemented the eager and lazy translator for concurrent Boolean programsDownload: http://www.cs.uiuc.edu/~madhu/getafix/cbp2bpEager => explores unreachable statesLazy => explores only reachable states

  • Experiments: Windows NT Bluetooth driver

    Contextswitches1-adder1-stopper2-adders1-stopper1-adder 2-stoppers2-adders 2-stopperseagerlazyeagerlazyeagerlazyeagerlazy123456NNNNNN0.10.343.373.6930.0-0.10.21.45.520.266.8NNNYYY0.20.9135.91601.0--0.10.86.32.618.0122.9NNYYYY0.10.770.1597.2--0.10.90.42.914.066.1NNYYYY0.21.6177.6out of mem.out of mem.out of mem.0.12.00.87.566.5535.9

  • Related Work

    KISS project [Qadeer-Wu,PLDI04]

    Decidability of context-bounded analysis [Qadeer-Rehof,TACAS05]

    Automata-based symbolic solution [Suwimonteerabuth-Esparza-Schwoon,SPIN08]]

    Symbolic fixed-point solution to lazy computation of reachable states [La Torre-Madhusudan-Parlato,PLDI09]

    Eager translation and symbolic algorithm to compute reachable states lazily [Lal-Reps,CAV08] Translation for deductive verification [Lahiri-Qadeer-Rakamaric, CAV09] next talk!!

  • Future workWe have a lazy transformation for unbounded number of threads!!!

    *

View more >