Reducing Context-bounded Concurrent Reachability to Sequential Reachability Gennaro Parlato University of Illinois at Urbana-Champaign Salvatore La Torre

  • View
    213

  • Download
    1

Embed Size (px)

Text of Reducing Context-bounded Concurrent Reachability to Sequential Reachability Gennaro Parlato...

  • Slide 1
  • Reducing Context-bounded Concurrent Reachability to Sequential Reachability Gennaro Parlato University of Illinois at Urbana-Champaign Salvatore La Torre (U. Salerno, Italy) P. Madhusudan (U. Illinois U.-C., U.S.A.)
  • Slide 2
  • What is this talk about? Translation from concurrent recursive programs to sequential programs that preserves reachability Use existing technique for sequential programs to analyze concurrent programs Model checkers, Deductive verification, T1T1 T2T2 TnTn shared vars Seq. program
  • Slide 3
  • From concurrent to sequential Always possible but can be inefficient simulate the global behavior (track all locals of each thread) current techniques do not work What do we want? avoid the extreme blow-up track at any point only the locals of one thread What we want is not always possible But is possible restricted : bounded context-switching reahability [Quadeer,Wu, PLDI04] errors manifest within few contest-switches [Musuvathi, Qadeer, PLDI07]
  • Slide 4
  • Concurrent programs fixed number of (recursive) threads running in parallel each thread T i has its own local variables threads communicate through shared variables T1T1 T2T2 TnTn shared vars loc
  • Slide 5
  • Anatomy of a k-CS execution (l, s 1 ) (l, s 2 ) (l 1,s 1 ) (l 2,s 2 ) T1T1 T2T2
  • Slide 6
  • A transformation already exists [Lal, Reps CAV08] Sequential program 1.Execute T 1 to completion 2.Remember s 1, s 2,, s k 3.Execute T 2 to completion (l 1,s 1 ) s1s1 s2s2 s3s3 s4s4 s5s5 T1T1 (l 1,s 2 ) (l 2,s 3 ) (l 2,s 4 ) (l 3,s 5 ) store s 1 guess s 2 store s 3 guess s 4 store s 5 T2T2
  • Slide 7
  • A transformation already exists [Lal, Reps CAV08] Sequential program 1.Execute T 1 to completion 2.Remember s 1, s 2,, s k 3.Execute T 2 to completion (l 1,s 1 ) s1s1 s2s2 s3s3 s4s4 s5s5 T1T1 (l 2,s 2 ) (l 2,s 3 ) (l 3,s 4 ) (l 3,s 5 ) T2T2 s 2 -> s 3 s 4 -> s 5
  • Slide 8
  • A transformation already exists [Lal, Reps CAV08] s1s1 s2s2 s3s3 s4s4 s5s5 T1T1 s 2 is guessed s 2 may be unreachable EAGER T2T2
  • Slide 9
  • Eager transformation: disadvantages void thread1() { while (blocked) skip; x = x/y; if (x%2==1) ERROR; } void thread2() { x=12; y=2; //unblock thread2 blocked=false; } // shared variables bool blocked=true; int x=0, y=0; Inv: y != 0 blocked=true blocked=false guess y=0
  • Slide 10
  • We want a lazy transformation The lazy sequential program explores only reachable states of the concurrent program Why is it desirable? In model-checking it can drastically reduce the explored state-space Better invariants for deductive verification A lazy transformation to sequential programs was not known
  • Slide 11
  • Our contribution Lazy transformation from concurrent to sequential programs that reduces the k context-switches reachability problem Model-checking Lazy => unreachable states not explored Implementation of translation for Boolean programs Evaluation on a Bluetooth device driver
  • Slide 12
  • Lazy transformation
  • Slide 13
  • Lazy transformation: main idea Execute T 1 Context-switch: store s 1 and abort Execute T 2 from s 1 store s 2 and abort (l 1,s 1 ) (l 1,s 1 ) (l 2,s 2 ) T1T1 (l 0,s 0 ) T2T2 store s 1 & abort store s 2 & abort
  • Slide 14
  • Lazy transformation: main idea Re-execute T1 till it reaches s1 May reach a new local state! But is anyway correct !! (l 1,s 1 ) (l 1,s 1 ) (l 2,s 2 ) T1T1 (l 0,s 0 ) T2T2 store s 1 & abort store s 2 & abort (l 1,s 1 ) store s 3 & abort (l 1,s 2 )
  • Slide 15
  • Lazy transformation: main idea Switch to T2 Execute till it reaches s2 Continue computation (l 1,s 1 ) (l 1,s 1 ) (l 2,s 2 ) T1T1 (l 0,s 0 ) T2T2 store s 1 & abort store s 2 & abort (l 1,s 1 ) store s 3 & abort (l 1,s 2 ) (l 1,s 2 ) (l 1,s 3 ) store s 4 & abort
  • Slide 16
  • Lazy transformation: main idea T1T1 T2T2 store s 1 store s 2 store s 3 store s 4 store s 5 end s1s1 s2s2 s3s3 s4s4 s1s1 s2s2 s3s3 s4s4 s5s5
  • Slide 17
  • Lazy translation scheme main() Thread1() Output is a sequential program consisting of: Thread2()
  • Slide 18
  • Lazy translation scheme main() Thread1() stmt1; stmt2; Output is a sequential program consisting of: Thread2() Guess scheduling Orchestrate calls to threads Nondet jump to next context where this thread is active At last context-switch, store shared state, abort, and return to main
  • Slide 19
  • Reduction of bounded context-switch reachability Theorem: Let C be a concurrent program, k>0 and pc be a program counter of C pc is reachable in C within k context switches iff pc is reachable in SeqProg k (C)
  • Slide 20
  • Lazy translation Explores only reachable states Preserves invariants across the translation Tracks local state of one thread at any time Tracks values of shared variables at context switches (s 1, s 2, , s k ) Requires recomputation of local states
  • Slide 21
  • Experiments
  • Slide 22
  • Model checking concurrent Boolean programs Boolean programs Concurrent Boolean programs Boolean programs We have implemented the eager and lazy translator for concurrent Boolean programs Download: http://www.cs.uiuc.edu/~madhu/getafix/cbp2bphttp://www.cs.uiuc.edu/~madhu/getafix/cbp2bp Eager => explores unreachable states Lazy => explores only reachable states
  • Slide 23
  • Experiments: Windows NT Bluetooth driver Context switches 1-adder 1-stopper 2-adders 1-stopper 1-adder 2-stoppers 2-adders 2-stoppers eagerlazyeagerlazyeagerlazyeagerlazy 123456123456 NNNNNNNNNNNN 0.1 0.3 43.3 73.6 930.0 - 0.1 0.2 1.4 5.5 20.2 66.8 NNNYYYNNNYYY 0.2 0.9 135.9 1601.0 - 0.1 0.8 6.3 2.6 18.0 122.9 NNYYYYNNYYYY 0.1 0.7 70.1 597.2 - 0.1 0.9 0.4 2.9 14.0 66.1 NNYYYYNNYYYY 0.2 1.6 177.6 out of mem. 0.1 2.0 0.8 7.5 66.5 535.9
  • Slide 24
  • Related Work KISS project [Qadeer-Wu,PLDI04] Decidability of context-bounded analysis [Qadeer-Rehof,TACAS05] Automata-based symbolic solution [Suwimonteerabuth-Esparza-Schwoon,SPIN08]] Symbolic fixed-point solution to lazy computation of reachable states [La Torre-Madhusudan-Parlato,PLDI09] Eager translation and symbolic algorithm to compute reachable states lazily [Lal-Reps,CAV08] Translation for deductive verification [Lahiri-Qadeer-Rakamaric, CAV09] next talk!!
  • Slide 25
  • Future work We have a lazy transformation for unbounded number of threads!!!