## Evaluating Deadlock Detection Methods for Concurrent Software (1996)

Venue: | IEEE Transactions on Software Engineering |

Citations: | 122 - 6 self |

### BibTeX

@ARTICLE{Corbett96evaluatingdeadlock,

author = {James C. Corbett},

title = {Evaluating Deadlock Detection Methods for Concurrent Software},

journal = {IEEE Transactions on Software Engineering},

year = {1996},

volume = {22},

pages = {161--180}

}

### Years of Citing Articles

### OpenURL

### Abstract

Static analysis of concurrent programs has been hindered by the well known state explosion problem. Although many different techniques have been proposed to combat this state explosion, there is little empirical data comparing the performance of the methods. This information is essential for assessing the practical value of a technique and for choosing the best method for a particular problem. In this paper, we carry out an evaluation of three techniques for combating the state explosion problem in deadlock detection: reachability search with a partial order state space reduction, symbolic model checking, and inequality necessary conditions. We justify the method used for the comparison, and carefully analyze several sources of potential bias. The results of our evaluation provide valuable data on the kinds of programs to which each technique might best be applied. Furthermore, we believe that the methodological issues we discuss are of general significance in comparison of analysis te...

### Citations

876 | Symbolic Boolean manipulation with ordered binary-decision diagrams
- Bryant
- 1992
(Show Context)
Citation Context ..."symbolically" by \Delta = f(i; a; (i + 1)mod 2 n )g. One way to represent \Delta symbolically is to encode the relation as a boolean function represented by an Ordered Binary Decision Diagr=-=am (OBDD) [3]-=-. OBDDs represent many frequently occurring boolean functions very compactly (e.g., symmetric functions, addition). An OBDD for a function f(x 1 ; : : : ; xn ) and a total order ! on the boolean varia... |

825 | The program dependence graph and its use in optimization
- Ferrante, Ottenstein, et al.
- 1987
(Show Context)
Citation Context ... canonical form, we view the front end of INCA only as a tool for constructing the canonical form. INCA constructs the FSA for each task using standard techniques for constructing control flow graphs =-=[17]-=-; these automata are very similar to those produced (internally) by SPIN or any other tool that constructs a finite-state representation of the control flow of imperative code. Thus we do not believe ... |

623 | Model Checking and Abstraction
- Clarke, Grumberg, et al.
- 1994
(Show Context)
Citation Context ... of processes. Many techniques have been proposed to combat this explosion, including state space reductions [20,29,40,42], symbolic model checking [4, 32], compositional techniques [43], abstraction =-=[6]-=-, dataflow analysis [16, 30], and integer programming techniques [1, Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional p... |

323 |
Symbolic model checking: 10 states and beyond
- Burch, Clarke, et al.
- 1990
(Show Context)
Citation Context ...stem tends to increase exponentially with the number of processes. Many techniques have been proposed to combat this explosion, including state space reductions [20,29,40,42], symbolic model checking =-=[4, 32]-=-, compositional techniques [43], abstraction [6], dataflow analysis [16, 30], and integer programming techniques [1, Personal use of this material is permitted. However, permission to reprint/republis... |

160 |
Using partial orders for the efficient verification of deadlock freedom and safety properties, CAV ’91
- Godefroid, Wolper
- 1992
(Show Context)
Citation Context ...one class of systems, our restriction to one particular property limits the scope of our results. We note, however, that the verification of any safety property can be reduced to a check for deadlock =-=[21]-=-. C. Implementation The implementation of a technique can greatly affect its performance. The developer of a technique has a strong incentive to implement the technique as efficiently as possible in o... |

142 | Data flow analysis for verifying properties of concurrent programs
- Dwyer, Clarke
- 1994
(Show Context)
Citation Context ...hniques have been proposed to combat this explosion, including state space reductions [20,29,40,42], symbolic model checking [4, 32], compositional techniques [43], abstraction [6], dataflow analysis =-=[16, 30]-=-, and integer programming techniques [1, Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new ... |

102 | The Concurrency Workbench: A semantics based tool for the verification of concurrent systems
- Cleaveland, Parrow, et al.
- 1993
(Show Context)
Citation Context ...resentation of a system's states, which is sometimes much more compact than an explicit enumeration. These techniques have proven especially successful in verifying hardware. Compositional techniques =-=[5,7,43]-=- exploit modularity in a system by dividing it into smaller subsystems, verifying each subsystem, and then combining the results of these analyses to verify the full system. If the subsystems have sim... |

70 | Automated analysis of concurrent systems with the constrained expression toolset
- Avrunin, Buy, et al.
- 1991
(Show Context)
Citation Context ...iques and report the results of this evaluation. Specifically, we evaluate the efficacy of a partial order state space reduction [20], symbolic model checking [4], and inequality necessary conditions =-=[1]-=- in detecting communication deadlocks of Ada tasking programs. While we found that none of the techniques was clearly superior to the others overall, there was significant variation in the performance... |

58 |
Refining dependencies improves partial-order verification methods
- Godefroid, Pirottin
- 1992
(Show Context)
Citation Context ...the number of states in a concurrent system tends to increase exponentially with the number of processes. Many techniques have been proposed to combat this explosion, including state space reductions =-=[20,29,40,42]-=-, symbolic model checking [4, 32], compositional techniques [43], abstraction [6], dataflow analysis [16, 30], and integer programming techniques [1, Personal use of this material is permitted. Howeve... |

40 | Using Integer Programming to Verify General Safety and
- Corbett, Avrunin
(Show Context)
Citation Context ... fixed point of a set of flow equations. Integer programming has been used in the analysis of certain kinds of deadlocks [34] and in a conservative analysis for general safety and liveness properties =-=[1, 12]-=-. These techniques reduce the verification of a property to a question about the integral solutions of linear systems. B. Selecting Methods to Evaluate Of all the techniques available, we selected a p... |

25 |
Partial Order Methods for the Verification of Concurrent Systems
- Godefroid
- 1996
(Show Context)
Citation Context ...h set of transitions enabled in the system's start state. By firing only one of these transitions, we represent only one possible order of the two events, reducing the number of states generated. See =-=[19, 20]-=- for details. D. Symbolic Model Checking Another approach to making deadlock detection more tractable is to use a different representation for M . Statespace searches typically generate the states of ... |

17 | Data Flow Analysis for Verifying Correctness Properties of Concurrent Programs - DWYER - 1995 |

16 | Automated derivation of time bounds in uniprocessor concurrent systems
- Avrunin, Corbett, et al.
- 1994
(Show Context)
Citation Context ... m scheduler tasks to keep m customer tasks loosely synchronized. Divide and Conquer (DAC) A program modeling a divide and conquer computation by forking up to m solver tasks that proceed in parallel =-=[2, 11]-=-. Dartes Program (DARTES) The communication skeleton of a fairly complex Ada program with 32 tasks [30]. Dining Philosophers (DP, DPH, DPD, DPFM) Although not a very realistic problem, it does contain... |

15 |
Using state space reduction methods for deadlock analysis in Ada tasking
- Duri, Buy, et al.
- 1993
(Show Context)
Citation Context ...andard benchmark examples from the concurrency analysis literature. The examples analyzed are listed in Section V-A. Our choice of Ada reflects a standard in the field of concurrent software analysis =-=[1,14,28,30,43,46]-=-. B. Selecting a Property We used the techniques to test for deadlock in the communications protocol used by the tasks. We selected deadlock since it is almost always an undesirable property in this s... |

9 | An empirical evaluation of three methods for deadlock analysis of ada tasking programs
- Corbett
- 1994
(Show Context)
Citation Context ...l measurements, which are dominated by fixed overhead. Rather than finding the largest size each tool can handle given certain resource constraints, as we did in the preliminary version of this paper =-=[10]-=-, we simply measure the growth in the resources consumed as the example is scaled up (the calculation of these growth rates is described in Section V-E). We believe these growth rates are more meaning... |

9 |
Concurrent algorithms for real-time memory management
- Ford
- 1988
(Show Context)
Citation Context ...ber of customer tasks a parameter (m). The size m version has m+ 5 tasks. Distributed Memory Manager (MMGT) The communication skeleton of an Ada program implementing the memory management scheme from =-=[18]-=- with m users. The size m version has m + 4 tasks. Overtake Protocol (OVER) An Ada version of an automated highway system overtake protocol in [22] for m cars comprising 2m + 1 tasks. Q User Interface... |

8 | A practical method for bounding the time between events in concurrent real-time systems - Corbett, Avrunin - 1993 |

7 |
Verifying general safety and liveness properties with integer programming
- Corbett
(Show Context)
Citation Context ...ditions in the form of linear inequalities have been used to verify a variety of different properties of concurrent system, including freedom from deadlock [1], general safety and liveness properties =-=[8]-=-, and real-time properties [2, 11]. The basic idea is to view each FSA M i as a flowgraph and find a flow from the start state to some final state. This flow represents the path M i takes in the trace... |

3 | Enhancing compositional reachability analysis using context constraints - Cheung, Kramer - 1993 |

1 | An SEDL translator
- Corbett
- 1993
(Show Context)
Citation Context ...roduces a bias; we discuss this issue in Section IV-E. A description of the algorithm used by the front end of INCA to translate our Ada-like specification language into communicatingFSAs is given in =-=[9]-=-. Since the details of this translation are extensive and probably beyond the scope of this paper, here we give only an example of a sample specification and the FSAs generated from it. Fig. 5 shows o... |