Results 1 
8 of
8
A.: Inductive data flow graphs
 In: POPL
, 2013
"... The correctness of a sequential program can be shown by the annotation of its control flow graph with inductive assertions. We propose inductive data flow graphs, data flow graphs with incorporated inductive assertions, as the basis of an approach to verifying concurrent programs. An inductive da ..."
Abstract

Cited by 12 (3 self)
 Add to MetaCart
(Show Context)
The correctness of a sequential program can be shown by the annotation of its control flow graph with inductive assertions. We propose inductive data flow graphs, data flow graphs with incorporated inductive assertions, as the basis of an approach to verifying concurrent programs. An inductive data flow graph accounts for a set of dependencies between program actions in interleaved thread executions, and therefore stands as a representation for the set of concurrent program traces which give rise to these dependencies. The approach first constructs an inductive data flow graph and then checks whether all program traces are represented. The size of the inductive data flow graph is polynomial in the number of data dependencies (in a sense that can be made formal); it does not grow exponentially in the number of threads unless the data dependencies do. The approach shifts the burden of the exponential explosion towards the check whether all program traces are represented, i.e., to a combinatorial problem (over finite graphs).
Invariant Generation for Parametrized Systems using SelfReflection
 SAS 2012
, 2012
"... We examine the problem of inferring invariants for parametrized systems. Parametrized systems are concurrent systems consisting of an a priori unbounded number of process instances running the same program. Such systems are commonly encountered in many situations including device drivers, distribu ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
(Show Context)
We examine the problem of inferring invariants for parametrized systems. Parametrized systems are concurrent systems consisting of an a priori unbounded number of process instances running the same program. Such systems are commonly encountered in many situations including device drivers, distributed systems, and robotic swarms. In this paper we describe a technique that enables leveraging offtheshelf invariant generators designed for sequential programs to infer invariants of parametrized systems. The central challenge in invariant inference for parametrized systems is that naïvely exploding the transition system with all interleavings is not just impractical but impossible. In our approach, the key enabler is the notion of a reflective abstraction that we prove has an important correspondence with inductive invariants. This correspondence naturally gives rise to an iterative invariant generation procedure that alternates between computing candidate invariants and creating reflective abstractions.
Proofs That Count
"... Counting arguments are among the most basic proof methods in mathematics. Within the field of formal verification, they are useful for reasoning about programs with infinite control, such as programs with an unbounded number of threads, or (concurrent) programs with recursive procedures. While co ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
(Show Context)
Counting arguments are among the most basic proof methods in mathematics. Within the field of formal verification, they are useful for reasoning about programs with infinite control, such as programs with an unbounded number of threads, or (concurrent) programs with recursive procedures. While counting arguments are common in informal, handwritten proofs of such programs, there are no fully automated techniques to construct counting arguments. The key questions involved in automating counting arguments are: how to decide what should be counted?, and how to decide when a counting argument is valid? In this paper, we present a technique for automatically constructing and checking counting arguments, which includes novel solutions to these questions.
Duet: Static Analysis for Unbounded Parallelism
"... Abstract. Duet is a static analysis tool for concurrent programs in which the number of executing threads is not statically bounded. Duet has a modular architecture, which is based on separating the invariant synthesis problem in two subtasks: (1) data dependence analysis, which is used to construc ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
(Show Context)
Abstract. Duet is a static analysis tool for concurrent programs in which the number of executing threads is not statically bounded. Duet has a modular architecture, which is based on separating the invariant synthesis problem in two subtasks: (1) data dependence analysis, which is used to construct a data flow model of the program, and (2) domain, which generates invariants. This separation of concerns allows researchers working on data dependence analysis and abstract domains to combine their efforts toward solving the challenging problem of static analysis for unbounded concurrency. In this paper, we discuss the architecture of Duet as well as two data dependence analyses that have been implemented in the tool. 1
Selective ContextSensitivity Guided by Impact PreAnalysis
"... We present a method for selectively applying contextsensitivity during interprocedural program analysis. Our method applies contextsensitivity only when and where doing so is likely to improve the precision that matters for resolving given queries. The idea is to use a preanalysis to estimate th ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
We present a method for selectively applying contextsensitivity during interprocedural program analysis. Our method applies contextsensitivity only when and where doing so is likely to improve the precision that matters for resolving given queries. The idea is to use a preanalysis to estimate the impact of contextsensitivity on the main analysis’s precision, and to use this information to find out when and where the main analysis should turn on or off its contextsensitivity. We formalize this approach and prove that the analysis always benefits from the preanalysisguided contextsensitivity. We implemented this selective method for an existing industrialstrength interval analyzer for full C. The method reduced the number of (false) alarms by 24.4%, while increasing the analysis cost by 27.8 % on average. The use of the selective method is not limited to contextsensitivity. We demonstrate this generality by following the same principle and developing a selective relational analysis. Our experiments show that the method costeffectively improves the precision in the relational analysis as well. 1.
Proof Spaces for Unbounded Parallelism
"... In this paper, we present a new approach to automatically verify multithreaded programs which are executed by an unbounded number of threads running in parallel. The starting point for our work is the problem of how we can leverage existing automated verification technology for sequential programs ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
(Show Context)
In this paper, we present a new approach to automatically verify multithreaded programs which are executed by an unbounded number of threads running in parallel. The starting point for our work is the problem of how we can leverage existing automated verification technology for sequential programs (abstract interpretation, Craig interpolation, constraint solving, etc.) for multithreaded programs. Suppose that we are given a correctness proof for a trace of a program (or for some other program fragment). We observe that the proof can always be decomposed into a finite set of Hoare triples, and we ask what can be proved from the finite set of Hoare triples using only simple combinatorial inference rules (without access to a theorem prover and without the possibility to infer genuinely new Hoare triples)? We introduce a proof system where one proves the correctness of a multithreaded program by showing that for each trace of the program, there exists a correctness proof in the space of proofs that are derivable from a finite set of axioms using simple combinatorial inference rules. This proof system is complete with respect to the classical proof method of establishing an inductive invariant (which uses thread quantification and control predicates). Moreover, it is possible to algorithmically check whether a given set of axioms is sufficient to prove the correctness of a multithreaded program, using ideas from wellstructured transition systems. 1.
Lost in abstraction: Monotonicity in multithreaded programs (extended technical report
, 2014
"... Abstract. Monotonicity in concurrent systems stipulates that, in any global state, extant system actions remain executable when new processes are added to the state. This concept is not only natural and common in multithreaded software, but also useful: if every thread’s memory is finite, monotonic ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
Abstract. Monotonicity in concurrent systems stipulates that, in any global state, extant system actions remain executable when new processes are added to the state. This concept is not only natural and common in multithreaded software, but also useful: if every thread’s memory is finite, monotonicity often guarantees the decidability of safety property verification even when the number of running threads is unknown. In this paper, we show that the act of obtaining finitedata thread abstractions for model checking can be at odds with monotonicity: Predicateabstracting certain widely used monotone software results in nonmonotone multithreaded Boolean programs — the monotonicity is lost in the abstraction. As a result, wellestablished sound and complete safety checking algorithms become inapplicable; in fact, safety checking turns out to be undecidable for the obtained class of unboundedthread Boolean programs. We demonstrate how the abstract programs can be modified into monotone ones, without affecting safety properties of the nonmonotone abstraction. This significantly improves earlier approaches of enforcing monotonicity via overapproximations. 1