Results 1  10
of
18
Thread Quantification for Concurrent Shape Analysis
"... Abstract. We present new algorithms for automatically verifying properties of programs with an unbounded number of threads. Our algorithms are based on a new abstract domain whose elements represent threadquantified invariants: i.e., invariants satified by all threads. We exploit existing abstracti ..."
Abstract

Cited by 21 (3 self)
 Add to MetaCart
Abstract. We present new algorithms for automatically verifying properties of programs with an unbounded number of threads. Our algorithms are based on a new abstract domain whose elements represent threadquantified invariants: i.e., invariants satified by all threads. We exploit existing abstractions to represent the invariants. Thus, our technique lifts existing abstractions by wrapping universal quantification around elements of the base abstract domain. Such abstractions are effective because they are threadmodular: e.g., they can capture correlations between the local variables of the same thread as well as correlations between the local variables of a thread and global variables, but forget correlations between the states of distinct threads. (The exact nature of the abstraction, of course, depends on the base abstraction lifted in this style.) We present techniques for computing sound transformers for the new abstraction by using transformers of the base abstract domain. We illustrate our technique in this paper by instantiating it to the Boolean Heap abstraction, producing a Quantified Boolean Heap abstraction. We have implemented an instantiation of our technique with Canonical Abstraction as the base abstraction and used it to successfully verify linearizability of datastructures in the presence of an unbounded number of threads. 1
Statically Inferring Complex Heap, Array, and Numeric Invariants
"... Abstract. We describe Deskcheck, a parametric static analyzer that is able to establish properties of programs that manipulate dynamically allocated memory, arrays, and integers. Deskcheck can verify quantified invariants over mixed abstract domains, e.g., heap and numeric domains. These domains nee ..."
Abstract

Cited by 8 (2 self)
 Add to MetaCart
Abstract. We describe Deskcheck, a parametric static analyzer that is able to establish properties of programs that manipulate dynamically allocated memory, arrays, and integers. Deskcheck can verify quantified invariants over mixed abstract domains, e.g., heap and numeric domains. These domains need only minor extensions to work with our domain combination framework. The technique used for managing the communication between domains is reminiscent of the NelsonOppen technique for combining decision procedures, in that the two domains share a common predicate language to exchange shared facts. However, whereas the NelsonOppen technique is limited to a common predicate language of shared equalities, the technique described in this paper uses a common predicate language in which shared facts can be quantified predicates expressed in firstorder logic with transitive closure. We explain how we used Deskcheck to establish memory safety of the
Going with the Flow: Parameterized Verification using Message Flows. www.markrtuttle.com/fmcad08. 4 The proof in [9] is infact incomplete; so more lemmas will be needed in their case
"... Abstract—A message flow is a sequence of messages sent among processors during the execution of a protocol, usually illustrated with something like a message sequence chart. Protocol designers use message flows to describe and reason about their protocols. We show how to derive highquality invarian ..."
Abstract

Cited by 6 (4 self)
 Add to MetaCart
Abstract—A message flow is a sequence of messages sent among processors during the execution of a protocol, usually illustrated with something like a message sequence chart. Protocol designers use message flows to describe and reason about their protocols. We show how to derive highquality invariants from message flows and use these invariants to accelerate a stateoftheart method for parameterized protocol verification called the CMP method. The CMP method works by iteratively strengthening and abstracting a protocol. The laborintensive portion of the method is finding the protocol invariants needed for each iteration. We provide a new analysis of the CMP method proving it works with any sound abstraction procedure. This facilitates the use of a new abstraction procedure tailored to our protocol invariants in the CMP method. Our experience is that messageflow derived invariants get to the heart of protocol correctness in the sense that only couple of additional invariants are needed for the CMP method to converge. I.
Behavioral Automata Composition for Automatic Topology Independent Verification of Parameterized Systems
"... Verifying correctness properties of parameterized systems is a longstanding problem. The challenge lies in the lack of guarantee that the property is satisfied for all instances of the parameterized system. Existing work on addressing this challenge aims to reduce this problem to checking the prope ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
Verifying correctness properties of parameterized systems is a longstanding problem. The challenge lies in the lack of guarantee that the property is satisfied for all instances of the parameterized system. Existing work on addressing this challenge aims to reduce this problem to checking the properties on smaller systems with a bound on the parameter referred to as the cutoff. A property satisfied on the system with the cutoff ensures that it is satisfied for systems with any larger parameter. The major problem with these techniques is that they only work for certain classes of systems with a specific communication topology such as ring topology, thus leaving other interesting classes of systems unverified. We contribute an automated technique for finding the cutoff of the parameterized system that works for systems defined with any topology. Given the specification and the topology of the system, our technique is able to automatically generate the cutoff specific to this system. We prove the soundness of our technique and demonstrate its effectiveness and practicality by applying it to several canonical examples where in some cases, our technique obtains smaller cutoff values than those presented in the existing literature.
Abstract transformers for thread correlation analysis
 IN: APLAS 2009
, 2009
"... We present a new technique for speeding up static analysis of (shared memory) concurrent programs. We focus on analyses that compute thread correlations: such analyses infer invariants that capture correlations between the local states of different threads (as well as the global state). Such invari ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
We present a new technique for speeding up static analysis of (shared memory) concurrent programs. We focus on analyses that compute thread correlations: such analyses infer invariants that capture correlations between the local states of different threads (as well as the global state). Such invariants are required for verifying many natural properties of concurrent programs. Tracking correlations between different thread states, however, is very expensive. A significant factor that makes such analysis expensive is the cost of applying abstract transformers. In this paper, we introduce a technique that exploits the notion of footprints and memoization to compute individual abstract transformers more efficiently. We have implemented this technique in our concurrent shape analysis framework. We have used this implementation to prove properties of finegrained concurrent programs with a shared, mutable, heap in the presence of an unbounded number of objects and threads. The properties we verified include memory safety, data structure invariants, partial correctness, and linearizability. Our empirical evaluation shows that our new technique reduces the analysis time significantly (e.g., by a factor of 35 in one case).
Automating Cutoff for Multiparameterized Systems ⋆
"... Abstract. Verifying that a parameterized system satisfies certain desired properties amounts to verifying an infinite family of the system instances. This problem is undecidable in general, and as such a number of sound and incomplete techniques have been proposed to address it. Existing techniques ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
Abstract. Verifying that a parameterized system satisfies certain desired properties amounts to verifying an infinite family of the system instances. This problem is undecidable in general, and as such a number of sound and incomplete techniques have been proposed to address it. Existing techniques typically focus on parameterized systems with a single parameter, (i.e., on systems where the number of processes of exactly one type is dependent on the parameter); however, many systems in practice are multiparameterized, where multiple parameters are used to specify the number of different types of processes in the system. In this work, we present an automatic verification technique for multiparameterized systems, prove its soundness and show that it can be applied to systems irrespective of their communication topology. We present a prototype realization of our technique in our tool Golok, and demonstrate its practical applicability using a number of multiparameterized systems. 1
Efficiently inferring thread correlations
, 2009
"... Abstract. We present a new analysis for proving properties of finegrained concurrent programs with a shared, mutable, heap in the presence of an unbounded number of objects and threads. The properties we address include memory safety, data structure invariants, partial correctness, and linearizabili ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
Abstract. We present a new analysis for proving properties of finegrained concurrent programs with a shared, mutable, heap in the presence of an unbounded number of objects and threads. The properties we address include memory safety, data structure invariants, partial correctness, and linearizability. Our techniques enable successful verification of programs that were not be handled by previous concurrent shape analysis algorithms. We present our techniques in an abstract framework we call threadcorrelation analysis. Threadcorrelation analysis infers invariants that capture the correlations between the local states of different threads and the global state (content of the heap). However, inferring such invariants is nontrivial, since it requires reasoning about a quadratic number of interactions between threads. We transformers. In our experiments, these techniques were able to reduce the time of the analysis by a factor of 35. 1
Monotonic Abstraction in Action (Automatic Verification of Distributed Mutex Algorithms)
"... Abstract. We consider verification of safety properties for parameterized distributed protocols. Such a protocol consists of an arbitrary number of (infinitestate) processes that communicate asynchronously over FIFO channels. The aim is to perform parameterized verification, i.e., showing correctne ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
Abstract. We consider verification of safety properties for parameterized distributed protocols. Such a protocol consists of an arbitrary number of (infinitestate) processes that communicate asynchronously over FIFO channels. The aim is to perform parameterized verification, i.e., showing correctness regardless of the number of processes inside the system. We consider two nontrivial case studies: the distributed Lamport and RicartAgrawala mutual exclusion protocols. We adapt the method of monotonic abstraction that considers an overapproximation of the system, in which the behavior is monotonic with respect to a given preorder on the set of configurations. We report on an implementation which is able to fully automatically verify mutual exclusion for both protocols. 1
Model Checking of ControlUser ComponentBased Parametrised Systems
"... Abstract. Many real componentbased systems, so called ControlUser systems, are composed of a stable part (control component) and a number of dynamic components of the same type (user components). Models of these systems are parametrised by the number of user components and thus potentially infinit ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
Abstract. Many real componentbased systems, so called ControlUser systems, are composed of a stable part (control component) and a number of dynamic components of the same type (user components). Models of these systems are parametrised by the number of user components and thus potentially infinite. Model checking techniques can be used to verify only specific instances of the systems. This paper presents an algorithmic technique for verification of safety interaction properties of ControlUser systems. The core of our verification method is a computation of a cutoff. If the system is proved to be correct for every number of user components lower than the cutoff then it is correct for any number of users. We present an onthefly model checking algorithm which integrates computation of a cutoff with the verification itself. Symmetry reduction can be applied during the verification to tackle the state explosion of the model. Applying the algorithm we verify models of several previously published componentbased systems. 1
Automatic Verification of Parameterised Interleaved MultiAgent Systems
"... A key problem in verification of multiagent systems by model checking concerns the fact that the statespace of the system grows exponentially with the number of agents present. This often makes practical model checking unfeasible whenever the system contains more than a few agents. In this paper w ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
A key problem in verification of multiagent systems by model checking concerns the fact that the statespace of the system grows exponentially with the number of agents present. This often makes practical model checking unfeasible whenever the system contains more than a few agents. In this paper we put forward a technique to establish a cutoff result, thereby showing that systems with an arbitrary number of agents can be verified by checking a single system consisting of a number of agents equal to the cutoff of the system. While this problem is undecidable in general, we here define a class of parameterised interpreted systems and a parameterised temporalepistemic logic for which the result can be shown. We exemplify the theoretical results on a robotic example and present an implementation of the technique as an extension of mcmas, an opensource model checker for multiagent systems.