Results 1  10
of
27
Reducing Concurrent Analysis Under a Context Bound to Sequential Analysis
"... Abstract. This paper addresses the analysis of concurrent programs with shared memory. Such an analysis is undecidable in the presence of multiple procedures. One approach used in recent work obtains decidability by providing only a partial guarantee of correctness: the approach bounds the number of ..."
Abstract

Cited by 47 (10 self)
 Add to MetaCart
Abstract. This paper addresses the analysis of concurrent programs with shared memory. Such an analysis is undecidable in the presence of multiple procedures. One approach used in recent work obtains decidability by providing only a partial guarantee of correctness: the approach bounds the number of context switches allowed in the concurrent program, and aims to prove safety, or find bugs, under the given bound. In this paper, we show how to obtain simple and efficient algorithms for the analysis of concurrent programs with a context bound. We give a general reduction from a concurrent program P, and a given context bound K, to a slightly larger sequential program P K s such that the analysis of P K s can be used to prove properties about P. The reduction introduces symbolic constants and assume statements in P K s. Thus, any sequential analysis that can deal with these two additions can be extended to handle concurrent programs as well, under the context bound. We give instances of the reduction for common program models used in model checking, such as Boolean programs, pushdown systems (PDSs), and symbolic PDSs. 1
Static and precise detection of concurrency errors in systems code using SMT solvers
 In CAV
, 2009
"... Abstract. Contextbounded analysis is an attractive approach to verification of concurrent programs. Bounding the number of contexts executed per thread not only reduces the asymptotic complexity, but also the complexity increases gradually from checking a purely sequential program. Lal and Reps [14 ..."
Abstract

Cited by 30 (5 self)
 Add to MetaCart
Abstract. Contextbounded analysis is an attractive approach to verification of concurrent programs. Bounding the number of contexts executed per thread not only reduces the asymptotic complexity, but also the complexity increases gradually from checking a purely sequential program. Lal and Reps [14] provided a method for reducing the contextbounded verification of a concurrent boolean program to the verification of a sequential boolean program, thereby allowing sequential reasoning to be employed for verifying concurrent programs. In this work, we adapt the encoding to work for systems programs written in C with the heap and accompanying lowlevel operations such as pointer arithmetic and casts. Our approach is completely automatic: we use a verification condition generator and SMT solvers, instead of a boolean model checker, in order to avoid manual extraction of boolean programs and false alarms introduced by the abstraction. We demonstrate the use of field slicing for improving the scalability and (in some cases) coverage of our checking. We evaluate our tool STORM on a set of realworld Windows device drivers, and has discovered a bug that could not be detected by extensive application of previous tools. 1
Symbolic contextbounded analysis of multithreaded Java programs
 In Intl. SPIN Workshop on Model Checking Software
, 2008
"... Abstract. The reachability problem is undecidable for programs with both recursive procedures and multiple threads communicating through shared memory. Attempts to overcome this problem have been the focus of much recent research. One approach is to use contextbounded reachability, i.e. to consider ..."
Abstract

Cited by 14 (1 self)
 Add to MetaCart
Abstract. The reachability problem is undecidable for programs with both recursive procedures and multiple threads communicating through shared memory. Attempts to overcome this problem have been the focus of much recent research. One approach is to use contextbounded reachability, i.e. to consider only those runs in which the active thread changes at most k times, where k is fixed. However, to the best of our knowledge, contextbounded reachability has not been implemented in any tool so far, primarily because its worstcase runtime is prohibitively high, i.e. O(n k), where n is the size of the shared memory. Moreover, existing algorithms for contextbounded reachability do not admit a meaningful symbolic implementation (e.g., using BDDs) to reduce the runtime in practice. In this paper, we propose an improvement that overcomes this problem. We have implemented our approach in the tool jMoped and report on experiments. 1
Error propagation analysis for file systems
 In Proceedings of the ACM SIGPLAN 2009 Conference on Programming Language Design and Implementation
, 2009
"... Unchecked errors are especially pernicious in operating system file management code. Transient or permanent hardware failures are inevitable, and errormanagement bugs at the file system layer can cause silent, unrecoverable data corruption. We propose an interprocedural static analysis that tracks ..."
Abstract

Cited by 10 (7 self)
 Add to MetaCart
Unchecked errors are especially pernicious in operating system file management code. Transient or permanent hardware failures are inevitable, and errormanagement bugs at the file system layer can cause silent, unrecoverable data corruption. We propose an interprocedural static analysis that tracks errors as they propagate through file system code. Our implementation detects overwritten, outofscope, and unsaved unchecked errors. Analysis of four widelyused Linux file system implementations (CIFS, ext3, IBM JFS and ReiserFS), a relatively new file system implementation (ext4), and shared virtual file system (VFS) code uncovers 312 error propagation bugs. Our flow and contextsensitive approach produces more precise results than related techniques while providing better diagnostic information, including possible execution paths that demonstrate each bug found.
Complexity of Patternbased Verification for Multithreaded Programs
, 2011
"... Patternbased verification checks the correctness of the program executions that follow a given pattern, a regular expression over the alphabet of program transitions of the form w ∗ 1... w ∗ n. For multithreaded programs, the alphabet of the pattern is given by the synchronization operations betwee ..."
Abstract

Cited by 9 (4 self)
 Add to MetaCart
Patternbased verification checks the correctness of the program executions that follow a given pattern, a regular expression over the alphabet of program transitions of the form w ∗ 1... w ∗ n. For multithreaded programs, the alphabet of the pattern is given by the synchronization operations between threads. We study the complexity of patternbased verification for abstracted multithreaded programs in which, as usual in program analysis, conditions have been replaced by nondeterminism (the technique works also for boolean programs). While unrestricted verification is undecidable for abstracted multithreaded programs with recursive procedures and PSPACEcomplete for abstracted multithreaded whileprograms, we show that patternbased verification is NPcomplete for both classes. We then conduct a multiparameter analysis in which we study the complexity in the number of threads, the number of procedures per thread, the size of the procedures, and the size of the pattern. We first show that no algorithm for patternbased verification can be polynomial in the number of threads, procedures per thread, or the size of the pattern (unless P=NP). Then, using recent results about Parikh images of regular languages and semilinear sets, we present an algorithm exponential in the number of threads, procedures per thread, and size of the pattern, but polynomial in the size of the procedures.
Interpolants from z3 proofs
 In FMCAD. IEEE Computer Society
, 2011
"... Abstract—Interpolating provers have a number of applications in formal verification, including abstraction refinement and invariant generation. It has proved difficult, however, to construct efficient interpolating provers for rich theories. We consider the problem of deriving interpolants from proo ..."
Abstract

Cited by 7 (2 self)
 Add to MetaCart
Abstract—Interpolating provers have a number of applications in formal verification, including abstraction refinement and invariant generation. It has proved difficult, however, to construct efficient interpolating provers for rich theories. We consider the problem of deriving interpolants from proofs generated by the highly efficient SMT solver Z3 in the quantified theory of arrays, uninterpreted function symbols and linear integer arithmetic (AUFLIA) a theory that is commonly used in program verification. We do not directly interpolate the proofs from Z3. Rather, we divide them into small lemmas that can be handled by a secondary interpolating prover for a restricted theory. We show experimentally that the overhead of this secondary prover is negligible. Moreover, the efficiency of Z3 makes it possible to handle problems that are beyond the reach of existing interpolating provers, as we demonstrate using benchmarks derived from bounded verification of sequential and concurrent programs. I.
Summarization For Termination: No Return!
"... We propose a program analysis method for proving termination of recursive programs. The analysis is based on a reduction of termination to two separate problems: reachability of recursive programs, and termination of nonrecursive programs. Our reduction works through a program transformation that ..."
Abstract

Cited by 7 (1 self)
 Add to MetaCart
We propose a program analysis method for proving termination of recursive programs. The analysis is based on a reduction of termination to two separate problems: reachability of recursive programs, and termination of nonrecursive programs. Our reduction works through a program transformation that modifies the call sites and removes return edges. In the new, nonrecursive program, a procedure call may nondeterministically enter the procedure body (which means that it will never return) or apply a summary statement.
Staged Concurrent Program Analysis
"... Concurrent program verification is challenging because it involves exploring a large number of possible thread interleavings together with complex sequential reasoning. As a result, concurrent program verifiers resort to bimodal reasoning, which alternates between reasoning over intrathread (seque ..."
Abstract

Cited by 6 (1 self)
 Add to MetaCart
Concurrent program verification is challenging because it involves exploring a large number of possible thread interleavings together with complex sequential reasoning. As a result, concurrent program verifiers resort to bimodal reasoning, which alternates between reasoning over intrathread (sequential) semantics and interthread (concurrent) semantics. Such reasoning often involves repeated intrathread reasoning for exploring each interleaving (interthread reasoning) and leads to inefficiency. In this paper, we present a new twostage analysis which completely separates intra and interthread reasoning. The first stage uses sequential program semantics to obtain a precise summary of each thread in terms of the global accesses made by the thread. The second stage performs interthread reasoning by composing these threadmodular summaries using the notion of sequential consistency. Assertion violations and other concurrency errors are then checked in this composition with the help of an offtheshelf SMT solver. We have implemented our approach in the FUSION framework for checking concurrent C programs shows that avoiding redundant bimodal reasoning makes the analysis more scalable.
A.: Semantic reduction of thread interleavings in concurrent programs
 In: TACAS. Lecture Notes in Computer Science
"... Abstract. We propose a static analysis framework for concurrent programs based on reduction of thread interleavings using sound invariants on the top of partial order techniques. Starting from a product graph that represents transactions, we iteratively refine the graph to remove statically unreacha ..."
Abstract

Cited by 6 (2 self)
 Add to MetaCart
Abstract. We propose a static analysis framework for concurrent programs based on reduction of thread interleavings using sound invariants on the top of partial order techniques. Starting from a product graph that represents transactions, we iteratively refine the graph to remove statically unreachable nodes in the product graph using the results of these analyses. We use abstract interpretation to automatically derive program invariants, based on abstract domains of increasing precision. We demonstrate the benefits of this framework in an application to find data race bugs in concurrent programs, where our static analyses serve to reduce the number of false warnings captured by an initial lockset analysis. This framework also facilitates use of model checking on the remaining warnings to generate concrete error traces, where we leverage the preceding static analyses to generate small program slices and the derived invariants to improve scalability. We describe our experimental results on a suite of Linux device drivers. 1
Scopebounded Multistack Pushdown Systems: FixedPoint, Sequentialization, and TreeWidth
"... Abstract. Wepresentanovelfixedpointalgorithmtosolvereachability of multistack pushdown systems restricted to runs of boundedscope. The followed approach is compositional, in the sense that the runs of the system are summarized by boundedsize interfaces. Moreover, it is suitable for a direct impl ..."
Abstract

Cited by 5 (1 self)
 Add to MetaCart
Abstract. Wepresentanovelfixedpointalgorithmtosolvereachability of multistack pushdown systems restricted to runs of boundedscope. The followed approach is compositional, in the sense that the runs of the system are summarized by boundedsize interfaces. Moreover, it is suitable for a direct implementation and can be exploited to prove two new results. We give a sequentialization for this class of systems, i.e., for each such multistack pushdown system we construct an equivalent singlestack pushdown system that faithfully simulates the behaviour of each thread. We prove that the behaviour graphs (multiply nested words) for these systems have bounded threewidth, and thus a number of decidability results can be derived from Courcelle’s theorem. 1