Results 1  10
of
21
Algorithms for Scalable Synchronization on SharedMemory Multiprocessors
 ACM Transactions on Computer Systems
, 1991
"... Busywait techniques are heavily used for mutual exclusion and barrier synchronization in sharedmemory parallel programs. Unfortunately, typical implementations of busywaiting tend to produce large amounts of memory and interconnect contention, introducing performance bottlenecks that become marke ..."
Abstract

Cited by 487 (31 self)
 Add to MetaCart
Busywait techniques are heavily used for mutual exclusion and barrier synchronization in sharedmemory parallel programs. Unfortunately, typical implementations of busywaiting tend to produce large amounts of memory and interconnect contention, introducing performance bottlenecks that become markedly more pronounced as applications scale. We argue that this problem is not fundamental, and that one can in fact construct busywait synchronization algorithms that induce no memory or interconnect contention. The key to these algorithms is for every processor to spin on separate locallyaccessible ag variables, and for some other processor to terminate the spin with a single remote write operation at an appropriate time. Flag variables may be locallyaccessible as a result of coherent caching, or by virtue of allocation in the local portion of physically distributed shared memory. We present a new scalable algorithm for spin locks that generates O(1) remote references per lock acquisition, independent of the number of processors attempting to acquire the lock. Our algorithm provides reasonable latency in the absence of contention, requires only a constant amount of space per lock, and requires no hardware support other than
Better Verification Through Symmetry
, 1996
"... A fundamental difficulty in automatic formal verification of finitestate systems is the state explosion problem  even relatively simple systems can produce very large state spaces, causing great difficulties for methods that rely on explicit state enumeration. We address the problem by exploiting ..."
Abstract

Cited by 185 (8 self)
 Add to MetaCart
A fundamental difficulty in automatic formal verification of finitestate systems is the state explosion problem  even relatively simple systems can produce very large state spaces, causing great difficulties for methods that rely on explicit state enumeration. We address the problem by exploiting structural symmetries in the description of the system to be verified. We make symmetries easy to detect by introducing a new data type scalarset, a finite and unordered set, to our description language. The operations on scalarsets are restricted so that states are guaranteed to have the same future behaviors, up to permutation of the elements of the scalarsets. Using the symmetries implied by scalarsets, a verifier can automatically generate a reduced state space, on the fly. We provide a proof of the soundness of the new symmetrybased verification algorithm based on a definition of the formal semantics of a simple description language with scalarsets. The algorithm has been implemented ...
Reasoning about Rings
, 1995
"... The ring is a useful means of structuring concurrent processes. Processes communicate by passing a token in a fixed direction; the process that possesses the token is allowed to perfrom certain actions. Usually, correctness properties are expected to hold irrespective of the size of the ring. We sho ..."
Abstract

Cited by 82 (6 self)
 Add to MetaCart
The ring is a useful means of structuring concurrent processes. Processes communicate by passing a token in a fixed direction; the process that possesses the token is allowed to perfrom certain actions. Usually, correctness properties are expected to hold irrespective of the size of the ring. We show that the problem of checking many useful correctness properties for rings of all sizes can be reduced to checking them on ring of sizes up to a small cutoff size. We apply our results to the verification of a mutual exclusion protocol and Milner's scheduler protocol. 1
Symbolic Verification with Periodic Sets
, 1994
"... Symbolic approaches attack the state explosion problem by introducing implicit representations that allow the simultaneous manipulation of large sets of states. The most commonly used representation in this context is the Binary Decision Diagram (BDD). This paper takes the point of view that other s ..."
Abstract

Cited by 73 (6 self)
 Add to MetaCart
Symbolic approaches attack the state explosion problem by introducing implicit representations that allow the simultaneous manipulation of large sets of states. The most commonly used representation in this context is the Binary Decision Diagram (BDD). This paper takes the point of view that other structures than BDD's can be useful for representing sets of values, and that combining implicit and explicit representations can be fruitful. It introduces a representation of complex periodic sets of integer values, shows how this representation can be manipulated, and describes its application to the statespace exploration of protocols. Preliminary experimental results indicate that the method can dramatically reduce the resources required for statespace exploration.
Race Checking by Context Inference
 In PLDI
, 2004
"... Software model checking has been successful for sequential programs, where predicate abstraction offers suitable models, and counterexampleguided abstraction refinement permits the automatic inference of models. When checking concurrent programs, we need to abstract threads as well as the contexts ..."
Abstract

Cited by 70 (3 self)
 Add to MetaCart
Software model checking has been successful for sequential programs, where predicate abstraction offers suitable models, and counterexampleguided abstraction refinement permits the automatic inference of models. When checking concurrent programs, we need to abstract threads as well as the contexts in which they execute. Stateless context models, such as predicates on global variables, prove insufficient for showing the absence of race conditions in many examples. We therefore use richer context models, which combine (1) predicates for abstracting data state, (2) control ow quotients for abstracting control state, and (3) counters for abstracting an unbounded number of threads. We infer suitable context models automatically by a combination of counterexampleguided abstraction refinement, bisimulation minimization, circular assumeguarantee reasoning, and parametric reasoning about an unbounded number of threads. This algorithm, called CIRC, has been implemented in Blast and succeeds in checking many examples of nesC code for data races. In particular, Blast proves the absence of races in several cases where previous race checkers give false positives.
Automatic Verification of Parameterized Synchronous Systems (Extended Abstract)
 In Proc. 8th Int'l. Conference on ComputerAided Verification (CAV
, 1996
"... ) E. Allen Emerson and Kedar S. Namjoshi Department of Computer Sciences, The University of Texas at Austin, U.S.A. Abstract. Systems with an arbitrary number of homogeneous processes occur in many applications. The Parameterized Model Checking Problem (PMCP) is to determine whether a temporal pro ..."
Abstract

Cited by 56 (6 self)
 Add to MetaCart
) E. Allen Emerson and Kedar S. Namjoshi Department of Computer Sciences, The University of Texas at Austin, U.S.A. Abstract. Systems with an arbitrary number of homogeneous processes occur in many applications. The Parameterized Model Checking Problem (PMCP) is to determine whether a temporal property is true of every size instance of the system. We consider systems formed by a synchronous parallel composition of a single control process with an arbitrary number of homogeneous user processes, and show that the PMCP is decidable for properties expressed in an indexed propositional temporal logic. While the problem is in general PSPACEcomplete, our initial experimental results indicate that the method is usable in practice. 1 Introduction Systems with an arbitrary number of homogeneous processes occur in many contexts, especially in protocols for data communication, cache coherence, and classical synchronization problems. Current verification work on such systems has focussed mostly...
Reducing model checking of the many to the few
 In 17th International Conference on Automated Deduction (CADE17
, 2000
"... Abstract. Systems with an arbitrary number of homogeneous processes occur in many applications. The Parametrized Model Checking Problem (PMCP) is to determine whether a temporal property is true for every size instance of the system. Unfortunately, it is undecidable in general. We are able to establ ..."
Abstract

Cited by 48 (6 self)
 Add to MetaCart
Abstract. Systems with an arbitrary number of homogeneous processes occur in many applications. The Parametrized Model Checking Problem (PMCP) is to determine whether a temporal property is true for every size instance of the system. Unfortunately, it is undecidable in general. We are able to establish, nonetheless, decidability of the PMCP in quite a broad framework. We consider asynchronous systems comprised of an arbitrary number ¢ of homogeneous copies of a generic process template. The process template is represented as a synchronization skeleton while correctness properties are expressed using Indexed CTL* £ X. We reduce model checking for systems of arbitrary size ¢ to model checking for systems of size (up to) a small cutoff size ¤. This establishes decidability of PMCP as it is only necessary model check a finite number of relatively small systems. The results generalize to systems comprised of multiple heterogeneous classes of processes, where each class is instantiated by many homogenous copies of the class template (e.g., ¥ readers and ¢ writers). 1
Verifying Systems with Replicated Components in Murφ
, 1997
"... An extension to the Murphi verifier is presented to verify systems with replicated identical components. Although most systems are finitestate in nature, many of them are also designed to be scalable, so that a description gives a family of systems, each member of which has a different number of re ..."
Abstract

Cited by 42 (3 self)
 Add to MetaCart
An extension to the Murphi verifier is presented to verify systems with replicated identical components. Although most systems are finitestate in nature, many of them are also designed to be scalable, so that a description gives a family of systems, each member of which has a different number of replicated components. It is therefore desirable to be able to verify the entire family of systems, independent of the exact number of replicated components. The verification is performed by explicit state enumeration in an abstract state space where states do not record the exact numbers of components. We provide an extension to the existing Murphi language, by which a designer can easily specify a system in its concrete form. Through a new datatype, called RepetitiveID, a designer can suggest the use of this abstraction to verify a family of systems. First of all, Murphi automatically checks the soundness of this abstraction. Then it automatically translates the system description to an abstract ...
Interprocedural Analysis of Asynchronous Programs
, 2007
"... An asynchronous program is one that contains procedure calls which are not immediately executed from the callsite, but stored and “dispatched” in a nondeterministic order by an external scheduler at a later point. We formalize the problem of interprocedural dataflow analysis for asynchronous progra ..."
Abstract

Cited by 26 (2 self)
 Add to MetaCart
An asynchronous program is one that contains procedure calls which are not immediately executed from the callsite, but stored and “dispatched” in a nondeterministic order by an external scheduler at a later point. We formalize the problem of interprocedural dataflow analysis for asynchronous programs as AIFDS problems, a generalization of the IFDS problems for interprocedural dataflow analysis. We give an algorithm for computing the precise meetovervalidpaths solution for any AIFDS instance, as well as a demanddriven algorithm for solving the corresponding demand AIFDS instances. Our algorithm can be easily implemented on top of any existing interprocedural dataflow analysis framework. We have implemented the algorithm on top of BLAST, thereby obtaining the first safety verification tool for unbounded asynchronous programs. Though the problem of solving AIFDS instances is EXPSPACEhard, we find that in practice our technique can efficiently analyze programs by exploiting standard optimizations of interprocedural dataflow analyses.
Thread Quantification for Concurrent Shape Analysis
"... Abstract. We present new algorithms for automatically verifying properties of programs with an unbounded number of threads. Our algorithms are based on a new abstract domain whose elements represent threadquantified invariants: i.e., invariants satified by all threads. We exploit existing abstracti ..."
Abstract

Cited by 21 (3 self)
 Add to MetaCart
Abstract. We present new algorithms for automatically verifying properties of programs with an unbounded number of threads. Our algorithms are based on a new abstract domain whose elements represent threadquantified invariants: i.e., invariants satified by all threads. We exploit existing abstractions to represent the invariants. Thus, our technique lifts existing abstractions by wrapping universal quantification around elements of the base abstract domain. Such abstractions are effective because they are threadmodular: e.g., they can capture correlations between the local variables of the same thread as well as correlations between the local variables of a thread and global variables, but forget correlations between the states of distinct threads. (The exact nature of the abstraction, of course, depends on the base abstraction lifted in this style.) We present techniques for computing sound transformers for the new abstraction by using transformers of the base abstract domain. We illustrate our technique in this paper by instantiating it to the Boolean Heap abstraction, producing a Quantified Boolean Heap abstraction. We have implemented an instantiation of our technique with Canonical Abstraction as the base abstraction and used it to successfully verify linearizability of datastructures in the presence of an unbounded number of threads. 1