On Sequentializing Concurrent Programs (Bounded Model Checking) Gennaro Parlato University of...
-
Upload
benjamin-webb -
Category
Documents
-
view
219 -
download
0
Transcript of On Sequentializing Concurrent Programs (Bounded Model Checking) Gennaro Parlato University of...
![Page 1: On Sequentializing Concurrent Programs (Bounded Model Checking) Gennaro Parlato University of Southampton, UK UPMARC 7 th Summer School on Multicore Computing,](https://reader034.fdocuments.in/reader034/viewer/2022051316/5697bf761a28abf838c80b10/html5/thumbnails/1.jpg)
On Sequentializing Concurrent Programs
(Bounded Model Checking)
Gennaro ParlatoUniversity of Southampton, UK
UPMARC 7th Summer School on Multicore Computing, June 8-10, 2015
![Page 2: On Sequentializing Concurrent Programs (Bounded Model Checking) Gennaro Parlato University of Southampton, UK UPMARC 7 th Summer School on Multicore Computing,](https://reader034.fdocuments.in/reader034/viewer/2022051316/5697bf761a28abf838c80b10/html5/thumbnails/2.jpg)
Concurrent Programs - Reachability Problem
concurrent C programs• POSIX threads• SC memory model
reachability• assertion failure• out-of-bound array• division-by-zero, …
bounded model checking (BMC)• bug-finding, not complete analysis
SHARED MEMORY
…
T1 T2TN
THREADS
![Page 3: On Sequentializing Concurrent Programs (Bounded Model Checking) Gennaro Parlato University of Southampton, UK UPMARC 7 th Summer School on Multicore Computing,](https://reader034.fdocuments.in/reader034/viewer/2022051316/5697bf761a28abf838c80b10/html5/thumbnails/3.jpg)
BMC approach – Sequential Programs
Efficient tools for C• BLITZ [ Cho, D'Silva, Song – ASE’13 ]• CBMC [ Clarke, Kroening, Lerda – TACAS’04 ] • LLBMC [ Falke, Merz, Sinz – ASE’13 ]• ESBMC [ Cordeiro, Fischer, Marques-Silva – ASE’09 ]
PROGRAMBOUNDEDPROGRAM
SAT/SMTFORMULA
SOLVER
inliningunrollingSSA form
![Page 4: On Sequentializing Concurrent Programs (Bounded Model Checking) Gennaro Parlato University of Southampton, UK UPMARC 7 th Summer School on Multicore Computing,](https://reader034.fdocuments.in/reader034/viewer/2022051316/5697bf761a28abf838c80b10/html5/thumbnails/4.jpg)
direct SAT/SMT approach• encode each thread as in the sequential case • add a conjunct for shared memory operations• all possible interleavings in the bounded program
φthreads ∧ φconcurrency
papers:• [ Sinha, Wang – POPL’11 ]• [ Alglave, Kroening, Tautschnig – CAV’13 ]
BMC approach - Concurrent C Programs
CONCPROGRAM
BOUNDEDPROGRAM
SAT/SMTFORMULA
SOLVER
concurrencyhandling
![Page 5: On Sequentializing Concurrent Programs (Bounded Model Checking) Gennaro Parlato University of Southampton, UK UPMARC 7 th Summer School on Multicore Computing,](https://reader034.fdocuments.in/reader034/viewer/2022051316/5697bf761a28abf838c80b10/html5/thumbnails/5.jpg)
SE
QU
EN
TIA
LIZ
AT
ION
(cod
e-to
-cod
e tr
ansl
atio
n)
Sequentialization
papers
• proposal [ Qadeer, Wu – PLDI’04 ]• eager, bounded context-switch, finite # threads [ Lal, Reps – CAV’08 ]• lazy, finite # threads, parameterized [La Torre, Madhusudan, Parlato – CAV’09, CAV’10]• thread creation [Bouajjani, Emmi, Parlato – SAS’11] [Emmi, Qadeer, Rakamaric – POPL’11]• Lal/Reps for real-time systems [Chaki, Gurfinkel, Strichman – FMCAD’11]• message-passing programs [Bouajjani, Emmi -- TACAS’12]
CONCPROGRAM
BOUNDEDPROGRAM
SAT/SMTFORMULA
SOLVER
SEQPROGRAM
BMCSEQ TOOL
![Page 6: On Sequentializing Concurrent Programs (Bounded Model Checking) Gennaro Parlato University of Southampton, UK UPMARC 7 th Summer School on Multicore Computing,](https://reader034.fdocuments.in/reader034/viewer/2022051316/5697bf761a28abf838c80b10/html5/thumbnails/6.jpg)
SE
QU
EN
TIA
LIZ
AT
ION
(cod
e-to
-cod
e tr
ansl
atio
n)
Sequentialization
BMC-based tools (Implementations of variants of Lal/Reps schema)
• Corral (microsoft research) [ Lal, Qadeer, Lahiri – CAV’12, FSE’14 ]
• Rek [ Chaki, Gurfinkel, Strichman – FMCAD’11 ]
• STORM [ Lahiri,Qadeer,Rakamaric CAV’09 ]
CONCPROGRAM
BOUNDEDPROGRAM
SAT/SMTFORMULA
SOLVER
SEQPROGRAM
BMCSEQ TOOL
![Page 7: On Sequentializing Concurrent Programs (Bounded Model Checking) Gennaro Parlato University of Southampton, UK UPMARC 7 th Summer School on Multicore Computing,](https://reader034.fdocuments.in/reader034/viewer/2022051316/5697bf761a28abf838c80b10/html5/thumbnails/7.jpg)
Sequentialization
We have designed new sequentializations targeting BMC scalable analyses + surprisingly simple
•Lazy-CSeq•Memory Unwinding
CONCPROGRAM
BOUNDEDPROGRAM
SAT/SMTFORMULA
SOLVER
SEQPROGRAM
SE
QU
EN
TIA
LIZ
AT
ION
(cod
e-to
-cod
e tr
ansl
atio
n)
BMCSEQ TOOL
![Page 8: On Sequentializing Concurrent Programs (Bounded Model Checking) Gennaro Parlato University of Southampton, UK UPMARC 7 th Summer School on Multicore Computing,](https://reader034.fdocuments.in/reader034/viewer/2022051316/5697bf761a28abf838c80b10/html5/thumbnails/8.jpg)
Lazy-CSeq: Schema Overview(new sequentialization for BMC)
[ Inverso–Tomasco–Fischer–La Torre–Parlato, CAV’14 ]
![Page 9: On Sequentializing Concurrent Programs (Bounded Model Checking) Gennaro Parlato University of Southampton, UK UPMARC 7 th Summer School on Multicore Computing,](https://reader034.fdocuments.in/reader034/viewer/2022051316/5697bf761a28abf838c80b10/html5/thumbnails/9.jpg)
Lazy-CSeq Approach
BOUNDEDPROGRAM
BMC SEQUENTIAL
TOOL
SEQPROGRAM
SE
QU
EN
TIA
LIZ
AT
ION
(cod
e-to
-cod
e tr
ansl
atio
n)
CONCPROGRAM
![Page 10: On Sequentializing Concurrent Programs (Bounded Model Checking) Gennaro Parlato University of Southampton, UK UPMARC 7 th Summer School on Multicore Computing,](https://reader034.fdocuments.in/reader034/viewer/2022051316/5697bf761a28abf838c80b10/html5/thumbnails/10.jpg)
Bounded Concurrent Programs
main()
T0 TNTN-1T1 …
• no loops• no function calls• Control flow only forward• one procedure for each thread
![Page 11: On Sequentializing Concurrent Programs (Bounded Model Checking) Gennaro Parlato University of Southampton, UK UPMARC 7 th Summer School on Multicore Computing,](https://reader034.fdocuments.in/reader034/viewer/2022051316/5697bf761a28abf838c80b10/html5/thumbnails/11.jpg)
Round Robin Schedule
main()
T0 TNTN-1T1
…
Lazy-Cseq sequentialization:•captures all bounded Round-Robin computations for a given bound•error manifest themselves within very few rounds [ Musuvathi, Qadeer – PLDI’07 ]
round 1
round 2
round k
round 3
![Page 12: On Sequentializing Concurrent Programs (Bounded Model Checking) Gennaro Parlato University of Southampton, UK UPMARC 7 th Summer School on Multicore Computing,](https://reader034.fdocuments.in/reader034/viewer/2022051316/5697bf761a28abf838c80b10/html5/thumbnails/12.jpg)
Schema Overview
…main()T0 T1
TN
…F0 F1
FN main()
bounded concurrent program
“equivalent”
Sequential program with non determinism
Sequentialization(code-to-code translation)
Sequentialized functions Driver
translatestranslates
…
translatestranslates
translatestranslates
![Page 13: On Sequentializing Concurrent Programs (Bounded Model Checking) Gennaro Parlato University of Southampton, UK UPMARC 7 th Summer School on Multicore Computing,](https://reader034.fdocuments.in/reader034/viewer/2022051316/5697bf761a28abf838c80b10/html5/thumbnails/13.jpg)
Naïve Lazy Sequentialization: CROSS PRODUCT SIMULATION
pc0=0; ... pcN=0;local0; ... localk;
main() { for (r=0; r<K; r++) for (i=0; i<N; i++) // simulate Ti
if (activei)
Fi();}
main driver• a global pc for each thread • thread locals thread global
![Page 14: On Sequentializing Concurrent Programs (Bounded Model Checking) Gennaro Parlato University of Southampton, UK UPMARC 7 th Summer School on Multicore Computing,](https://reader034.fdocuments.in/reader034/viewer/2022051316/5697bf761a28abf838c80b10/html5/thumbnails/14.jpg)
Naïve Lazy Sequentialization: CROSS PRODUCT SIMULATION
pc0=0; ... pcN=0;local0; ... localk;
main() { for (r=0; r<K; r++) for (i=0; i<N; i++) // simulate Ti
if (activei)
Fi();}
main driverfor each round
for each thread Ti
simulate Ti
![Page 15: On Sequentializing Concurrent Programs (Bounded Model Checking) Gennaro Parlato University of Southampton, UK UPMARC 7 th Summer School on Multicore Computing,](https://reader034.fdocuments.in/reader034/viewer/2022051316/5697bf761a28abf838c80b10/html5/thumbnails/15.jpg)
Naïve Lazy Sequentialization: CROSS PRODUCT SIMULATION
pc0=0; ... pcN=0;local0; ... localk;
main() { for (r=0; r<K; r++) for (i=0; i<N; i++) // simulate Ti
if (activei)
Fi();}
switch(pck) { case 0: goto 0; case 1: goto 1; case 2: goto 2;
... case M: goto M;}
1: CS(0); stmt0;2: CS(1); stmt1;3: CS(2); stmt2; . . . E XE . . .M: CS(M); stmtM;
main driver
Fi()
![Page 16: On Sequentializing Concurrent Programs (Bounded Model Checking) Gennaro Parlato University of Southampton, UK UPMARC 7 th Summer School on Multicore Computing,](https://reader034.fdocuments.in/reader034/viewer/2022051316/5697bf761a28abf838c80b10/html5/thumbnails/16.jpg)
Naïve Lazy Sequentialization: CROSS PRODUCT SIMULATION
pc0=0; ... pcN=0;local0; ... localk;
main() { for (r=0; r<K; r++) for (i=0; i<N; i++) // simulate Ti
if (activei)
Fi();}
switch(pci) { case 0: goto 0; case 1: goto 1; case 2: goto 2;
... case M: goto M;}
1: CS(0); stmt0;2: CS(1); stmt1;3: CS(2); stmt2; . . . E XE . . .M: CS(M); stmtM;
main driver
Fi()
... ...
context-switch resum
e m
echanism
![Page 17: On Sequentializing Concurrent Programs (Bounded Model Checking) Gennaro Parlato University of Southampton, UK UPMARC 7 th Summer School on Multicore Computing,](https://reader034.fdocuments.in/reader034/viewer/2022051316/5697bf761a28abf838c80b10/html5/thumbnails/17.jpg)
Naïve Lazy Sequentialization: CROSS PRODUCT SIMULATION
pc0=0; ... pcN=0;local0; ... localk;
main() { for (r=0; r<K; r++) for (i=0; i<N; i++) // simulate Ti
if (activei)
Fi();}
switch(pck) { case 0: goto 0; case 1: goto 1; case 2: goto 2;
... case M: goto M;}
1: CS(1); stmt0;2: CS(2); stmt1;3: CS(3); stmt2; . . . E XE . . .M: CS(M); stmtM;
main driver
Fi() ...
... ...
Context-switch simulation: #define CS(j) if (*) { pci=j; return; }
Context-switch simulation: #define CS(j) if (*) { pci=j; return; }
![Page 18: On Sequentializing Concurrent Programs (Bounded Model Checking) Gennaro Parlato University of Southampton, UK UPMARC 7 th Summer School on Multicore Computing,](https://reader034.fdocuments.in/reader034/viewer/2022051316/5697bf761a28abf838c80b10/html5/thumbnails/18.jpg)
Naïve Lazy Sequentialization: CROSS PRODUCT SIMULATION
pc0=0; ... pcN=0;local0; ... localk;
main() { for (r=0; r<K; r++) for (i=0; i<N; i++) // simulate Ti
if (activei)
Fi();}
switch(pck) { case 0: goto 0; case 1: goto 1; case 2: goto 2;
... case M: goto M;}
1: CS(1); stmt0;2: CS(2); stmt1;3: CS(3); stmt2; . . . E XE . . .M: CS(M); stmtM;
main driver
Fi() ...
... ...
![Page 19: On Sequentializing Concurrent Programs (Bounded Model Checking) Gennaro Parlato University of Southampton, UK UPMARC 7 th Summer School on Multicore Computing,](https://reader034.fdocuments.in/reader034/viewer/2022051316/5697bf761a28abf838c80b10/html5/thumbnails/19.jpg)
Naïve Lazy Sequentialization: CROSS PRODUCT SIMULATION
pc0=0; pc1=0; ... pcN=0;local0; local1; ... localk;
main() { for (r=0; r<R; r++) for (k=0; k<N; k++) // simulate Tk
Fk();}
switch(pck) { case 0: goto 0; case 1: goto 1; case 2: goto 2;
... case M: goto M;}
1: CS(0); stmt0;2: CS(1); stmt1;3: CS(2); stmt2; . . . E XE . . .M: CS(M); stmtM;
main driver
...
... ...
Formula encoding:
goto statement to formula
add a guard for each crossing control-flow edge
= O(M2) guards
Formula encoding:
goto statement to formula
add a guard for each crossing control-flow edge
= O(M2) guards
![Page 20: On Sequentializing Concurrent Programs (Bounded Model Checking) Gennaro Parlato University of Southampton, UK UPMARC 7 th Summer School on Multicore Computing,](https://reader034.fdocuments.in/reader034/viewer/2022051316/5697bf761a28abf838c80b10/html5/thumbnails/20.jpg)
pc0=0; ... pcN=0;local0; ... localk;
main() { for (r=0; r<K; r++) for (i=0; i<N; i++) // simulate Ti
if (activei) Fi();}
switch(pck) { case 0: goto 0; case 1: goto 1; case 2: goto 2;
... case M: goto M;}
1: CS(0); stmt0;2: CS(1); stmt1;3: CS(2); stmt2; . . . E XE . . .M: CS(M); stmtM;
main driver
Fi() ...
... ...
CSeq-Lazy Sequentialization: CROSS PRODUCT SIMULATION
![Page 21: On Sequentializing Concurrent Programs (Bounded Model Checking) Gennaro Parlato University of Southampton, UK UPMARC 7 th Summer School on Multicore Computing,](https://reader034.fdocuments.in/reader034/viewer/2022051316/5697bf761a28abf838c80b10/html5/thumbnails/21.jpg)
pc0=0; ... pcN=0;local0; ... localk;
main() { for (r=0; r<K; r++) for (i=0; i<N; i++) // simulate Ti
if (activei) Fi();}
switch(pck) { case 0: goto 0; case 1: goto 1; case 2: goto 2;
... case M: goto M;}
1: CS(0); stmt0;2: CS(1); stmt1;3: CS(2); stmt2; . . . E XE . . .M: CS(M); stmtM;
main driver
Fi() ...
... ...
CSeq-Lazy Sequentialization: CROSS PRODUCT SIMULATION
![Page 22: On Sequentializing Concurrent Programs (Bounded Model Checking) Gennaro Parlato University of Southampton, UK UPMARC 7 th Summer School on Multicore Computing,](https://reader034.fdocuments.in/reader034/viewer/2022051316/5697bf761a28abf838c80b10/html5/thumbnails/22.jpg)
pc0=0; ... pcN=0; local0; ... localk;
main() { for (r=0; r<K; r++) for (i=0; i<N; i++) // simulate Ti
if (activei) Fi();}
switch(pck) { case 0: goto 0; case 1: goto 1; case 2: goto 2;
... case M: goto M;}
1: CS(0); stmt0;2: CS(1); stmt1;3: CS(2); stmt2; . . . E XE . . .M: CS(M); stmtM;
main driver
Fi() ...
CSeq-Lazy Sequentialization: CROSS PRODUCT SIMULATION
![Page 23: On Sequentializing Concurrent Programs (Bounded Model Checking) Gennaro Parlato University of Southampton, UK UPMARC 7 th Summer School on Multicore Computing,](https://reader034.fdocuments.in/reader034/viewer/2022051316/5697bf761a28abf838c80b10/html5/thumbnails/23.jpg)
switch(pck) { case 0: goto 0; case 1: goto 1; case 2: goto 2;
... case M: goto M;}
1: CS(1); stmt0;2: CS(2); stmt1;3: CS(3); stmt2; . . . E XE . . .M: CS(M); stmtM;
main driver
Fi() ...
CSeq-Lazy Sequentialization: CROSS PRODUCT SIMULATION
#define CS(j) NEW if (j<pci || j>=nextCS) goto j+1; #define CS(j) NEW if (j<pci || j>=nextCS) goto j+1;
pc0=0; ... pcN=0; local0; ... localk;nextCS;main() for (r=0; r<K; r++) for (i=0; i<N; i++) // simulate Ti
if (activei) nextCS = nondet; assume(nextCS>=pci) Fi(); pci = nextCS;
![Page 24: On Sequentializing Concurrent Programs (Bounded Model Checking) Gennaro Parlato University of Southampton, UK UPMARC 7 th Summer School on Multicore Computing,](https://reader034.fdocuments.in/reader034/viewer/2022051316/5697bf761a28abf838c80b10/html5/thumbnails/24.jpg)
switch(pck) { case 0: goto 0; case 1: goto 1; case 2: goto 2;
... case M: goto M;}
1: CS(1); stmt0;2: CS(2); stmt1;3: CS(3); stmt2; . . . E XE . . .M: CS(M); stmtM;
main driver
Fi()
CSeq-Lazy Sequentialization: CROSS PRODUCT SIMULATION
#define CS(j) NEW if (j<pci || j>=nextCS) goto j+1; #define CS(j) NEW if (j<pci || j>=nextCS) goto j+1;
pc0=0; ... pcN=0; local0; ... localk;nextCS;main() for (r=0; r<K; r++) for (i=0; i<N; i++) // simulate Ti
if (activei) nextCS = nondet; assume(nextCS>=pci) Fi(); pci = nextCS;
![Page 25: On Sequentializing Concurrent Programs (Bounded Model Checking) Gennaro Parlato University of Southampton, UK UPMARC 7 th Summer School on Multicore Computing,](https://reader034.fdocuments.in/reader034/viewer/2022051316/5697bf761a28abf838c80b10/html5/thumbnails/25.jpg)
switch(pck) { case 0: goto 0; case 1: goto 1; case 2: goto 2;
... case M: goto M;}
1: CS(0); stmt0;2: CS(1); stmt1;3: CS(2); stmt2; . . . E XE . . .M: CS(M); stmtM;
main driver
Fi()
CSeq-Lazy Sequentialization: CROSS PRODUCT SIMULATION
#define CS(j) NEW if (j<pci || j>=nextCS) goto j+1; #define CS(j) NEW if (j<pci || j>=nextCS) goto j+1;
...
pc0=0; ... pcN=0; local0; ... localk;nextCS;main() for (r=0; r<K; r++) for (i=0; i<N; i++) // simulate Ti
if (activei) nextCS = nondet; assume(nextCS>=pci) Fi(); pci = nextCS;
![Page 26: On Sequentializing Concurrent Programs (Bounded Model Checking) Gennaro Parlato University of Southampton, UK UPMARC 7 th Summer School on Multicore Computing,](https://reader034.fdocuments.in/reader034/viewer/2022051316/5697bf761a28abf838c80b10/html5/thumbnails/26.jpg)
resuming + context-switch
1: CS(1); stmt1;2: CS(2); stmt2;3: CS(3); stmt3;
EXECUTE
M: CS(M); stmtM;
nextCS
...
skip
pci
...
skip
#define CS(j) NEW if (j<pci || j>=nextCS) goto j+1; #define CS(j) NEW if (j<pci || j>=nextCS) goto j+1;
CSeq-Lazy Sequentialization: CROSS PRODUCT SIMULATION
![Page 27: On Sequentializing Concurrent Programs (Bounded Model Checking) Gennaro Parlato University of Southampton, UK UPMARC 7 th Summer School on Multicore Computing,](https://reader034.fdocuments.in/reader034/viewer/2022051316/5697bf761a28abf838c80b10/html5/thumbnails/27.jpg)
Individual Threads Sequentialization
1: CS(1); stmt1;2: CS(2); stmt2;3: CS(3); stmt3;
EXECUTE
M: CS(M); stmtM;
...
...
Formula encoding:
goto statement to formula
add a guard for each crossing control-flow edge
= O(M) guards
Formula encoding:
goto statement to formula
add a guard for each crossing control-flow edge
= O(M) guards
![Page 28: On Sequentializing Concurrent Programs (Bounded Model Checking) Gennaro Parlato University of Southampton, UK UPMARC 7 th Summer School on Multicore Computing,](https://reader034.fdocuments.in/reader034/viewer/2022051316/5697bf761a28abf838c80b10/html5/thumbnails/28.jpg)
Individual Threads Sequentialization
1: CS(1); stmt1;2: CS(2); stmt2;3: CS(3); stmt3;
EXECUTE
M: CS(M); stmtM;
...
...
#define CS(j) if (j<pci || j>=next_CS) goto pc+1; #define CS(j) if (j<pci || j>=next_CS) goto pc+1;
inject light-weight, non-invasive control code
•no non-determinism•no assignments•no return
inject light-weight, non-invasive control code
•no non-determinism•no assignments•no return
![Page 29: On Sequentializing Concurrent Programs (Bounded Model Checking) Gennaro Parlato University of Southampton, UK UPMARC 7 th Summer School on Multicore Computing,](https://reader034.fdocuments.in/reader034/viewer/2022051316/5697bf761a28abf838c80b10/html5/thumbnails/29.jpg)
Experiments
![Page 30: On Sequentializing Concurrent Programs (Bounded Model Checking) Gennaro Parlato University of Southampton, UK UPMARC 7 th Summer School on Multicore Computing,](https://reader034.fdocuments.in/reader034/viewer/2022051316/5697bf761a28abf838c80b10/html5/thumbnails/30.jpg)
Evaluation: bug-hunting SVCOMP’14, Concurrency (UNSAFE instances)
![Page 31: On Sequentializing Concurrent Programs (Bounded Model Checking) Gennaro Parlato University of Southampton, UK UPMARC 7 th Summer School on Multicore Computing,](https://reader034.fdocuments.in/reader034/viewer/2022051316/5697bf761a28abf838c80b10/html5/thumbnails/31.jpg)
Evaluation: bug-hunting SVCOMP’14, Concurrency (UNSAFE instances)
![Page 32: On Sequentializing Concurrent Programs (Bounded Model Checking) Gennaro Parlato University of Southampton, UK UPMARC 7 th Summer School on Multicore Computing,](https://reader034.fdocuments.in/reader034/viewer/2022051316/5697bf761a28abf838c80b10/html5/thumbnails/32.jpg)
Remarks
Lazy-CSeq is a new sequentialization targeted to BMC backends• lazy• based on bounded round-robin computations• efficient for bug-hunting• simple to implement (CSeq framework)
Eager vs Lazy• no empirical evidence that lazy is faster • Lazy does not require an implementation of a memory model and handling of error
checks (as opposed to LR sequentialization)
Lazy-CSeq won 2 gold medals in the Concurrency category of the last two editions of the software verification competition SV-COMP
• all verification tasks solved• 30x faster than the best tool with native
concurrency handling
![Page 33: On Sequentializing Concurrent Programs (Bounded Model Checking) Gennaro Parlato University of Southampton, UK UPMARC 7 th Summer School on Multicore Computing,](https://reader034.fdocuments.in/reader034/viewer/2022051316/5697bf761a28abf838c80b10/html5/thumbnails/33.jpg)
Sequentialization based on
Memory Unwinding
[ Tomasco–Inverso–Fischer–La Torre–Parlato, TACAS’15 ]
![Page 34: On Sequentializing Concurrent Programs (Bounded Model Checking) Gennaro Parlato University of Southampton, UK UPMARC 7 th Summer School on Multicore Computing,](https://reader034.fdocuments.in/reader034/viewer/2022051316/5697bf761a28abf838c80b10/html5/thumbnails/34.jpg)
T1 T2 T3
Interleaving semantics
rxwx rx wy rxwxrywy ryrx wywxrun
![Page 35: On Sequentializing Concurrent Programs (Bounded Model Checking) Gennaro Parlato University of Southampton, UK UPMARC 7 th Summer School on Multicore Computing,](https://reader034.fdocuments.in/reader034/viewer/2022051316/5697bf761a28abf838c80b10/html5/thumbnails/35.jpg)
T1 T2 T3
From interleavings to memory unwinding
rxwx rx wy rxwxrywyrun ryrx wy
accesses to shared memory
writes
rxwx rx wy rxwxrywy ryrx wy
wx
⇒ Memory unwinding models thread interaction history by data
MEMORYUNWINDINGwx wy wxwy wywx wy wxwy wy
![Page 36: On Sequentializing Concurrent Programs (Bounded Model Checking) Gennaro Parlato University of Southampton, UK UPMARC 7 th Summer School on Multicore Computing,](https://reader034.fdocuments.in/reader034/viewer/2022051316/5697bf761a28abf838c80b10/html5/thumbnails/36.jpg)
Memory unwindings as thread interfaces
T1 T2
Assume-guarantee reasoning style decomposition of verification
TASK 1 TASK 2
T1
bounding parameter: # of shared write operations-most concurrency bugs exposed by few interactions [Lu, Park, Seo, Zhou – ASPLOS 2008]
![Page 37: On Sequentializing Concurrent Programs (Bounded Model Checking) Gennaro Parlato University of Southampton, UK UPMARC 7 th Summer School on Multicore Computing,](https://reader034.fdocuments.in/reader034/viewer/2022051316/5697bf761a28abf838c80b10/html5/thumbnails/37.jpg)
Assume-guarantee reasoning
T1 T2
TASK 1 TASK 2
Thread T2
assumes: MU writes of other threads
guarantees: its own MU writes
Task 1: Task 2:
Thread T1
assumes: MU writes of other threads
guarantees: its own MU writes
![Page 38: On Sequentializing Concurrent Programs (Bounded Model Checking) Gennaro Parlato University of Southampton, UK UPMARC 7 th Summer School on Multicore Computing,](https://reader034.fdocuments.in/reader034/viewer/2022051316/5697bf761a28abf838c80b10/html5/thumbnails/38.jpg)
Simulating a thread against an MU
y=1 …. a=x+5 ..... x=1 ….
x=2y=1y=1
x=1
x=3y=8
z=2
pcmc
Global variable write – check against current MU entry
void write(uint t, uint v, int val) { mc[t] = th_nxt_wr[t][mc[t]]; assume(var[mc[t]] == v); assume(val[mc[t]] == val);}
pc
void write(uint t, uint v, int val) { mc[t] = th_nxt_wr[t][mc[t]];
}mc
![Page 39: On Sequentializing Concurrent Programs (Bounded Model Checking) Gennaro Parlato University of Southampton, UK UPMARC 7 th Summer School on Multicore Computing,](https://reader034.fdocuments.in/reader034/viewer/2022051316/5697bf761a28abf838c80b10/html5/thumbnails/39.jpg)
Simulating a thread against an MU
y=1 …. a=x+5 ..... x=1 ….
x=2y=1y=1
x=1
x=3y=8
z=2
pc
mc
Local statement (no global variables) – update pc, keep mc
pc
![Page 40: On Sequentializing Concurrent Programs (Bounded Model Checking) Gennaro Parlato University of Southampton, UK UPMARC 7 th Summer School on Multicore Computing,](https://reader034.fdocuments.in/reader034/viewer/2022051316/5697bf761a28abf838c80b10/html5/thumbnails/40.jpg)
Simulating a thread against an MU
y=1 …. a=x+5 ..... x=1 ….
x=2y=1y=1
x=1
x=3y=8
z=2
pcmc
Global variable read – “pick write position in range”
int read(uint t, uint v) { if (thr_terminated()) return 0; if (var_fst_wr[v]==0) return 0; uint r_from = *; assume((r_from <= last_wr_pos) && (r_from < th_nxt_wr[t][mc[t]])); assume(var[r_from] == v); if (r_from < mc[t]) assume(var_nxt_wr[r_from] > mc[t]); else { if (r_from < var_fst_wr[v]) return 0; mc[t] = r_from; }; return value[r_from];}
non-deterministic assignment
non-deterministic assignment
![Page 41: On Sequentializing Concurrent Programs (Bounded Model Checking) Gennaro Parlato University of Southampton, UK UPMARC 7 th Summer School on Multicore Computing,](https://reader034.fdocuments.in/reader034/viewer/2022051316/5697bf761a28abf838c80b10/html5/thumbnails/41.jpg)
Simulating a thread against an MU
y=1 …. a=x+5 ..... x=1 ….
x=2y=1y=1
x=1
x=3y=8
z=2
pcmc
Global variable read – “pick write position in range”
int read(uint t, uint v) { if (thr_terminated()) return 0; if (var_fst_wr[v]==0) return 0; uint r_from = *; assume((r_from <= last_wr_pos) && (r_from < th_nxt_wr[t][mc[t]])); assume(var[r_from] == v); if (r_from < mc[t]) assume(var_nxt_wr[r_from] > mc[t]); else { if (r_from < var_fst_wr[v]) return 0; mc[t] = r_from; }; return value[r_from];}
...before next write of thread...
...before next write of thread...
Check in unwinding...
Check in unwinding...
![Page 42: On Sequentializing Concurrent Programs (Bounded Model Checking) Gennaro Parlato University of Southampton, UK UPMARC 7 th Summer School on Multicore Computing,](https://reader034.fdocuments.in/reader034/viewer/2022051316/5697bf761a28abf838c80b10/html5/thumbnails/42.jpg)
Simulating a thread against an MU
y=1 …. a=x+5 ..... x=1 ….
x=2y=1y=1
x=1
x=3y=8
z=2
pcmc
Global variable read – “pick write position in range”
int read(uint t, uint v) { if (thr_terminated()) return 0; if (var_fst_wr[v]==0) return 0; uint r_from = *; assume((r_from <= last_wr_pos) && (r_from < th_nxt_wr[t][mc[t]])); assume(var[r_from] == v); if (r_from< mc[t]) assume(var_nxt_wr[nxt_mc] > mc[t]); else { if (r_from< var_fst_wr[v]) return 0; mc[t] = r_from; }; return value[r_from];}
...before next write of thread...
...before next write of thread...
...right variable......right variable...
![Page 43: On Sequentializing Concurrent Programs (Bounded Model Checking) Gennaro Parlato University of Southampton, UK UPMARC 7 th Summer School on Multicore Computing,](https://reader034.fdocuments.in/reader034/viewer/2022051316/5697bf761a28abf838c80b10/html5/thumbnails/43.jpg)
Simulating a thread against an MU
y=1 …. a=x+5 ..... x=1 ….
x=2y=1y=1
x=1
x=3y=8
z=2
pcmc
Global variable read – “pick write position in range”
int read(uint t, uint v) { if (thr_terminated()) return 0; if (var_fst_wr[v]==0) return 0; uint r_from = *; assume((r_from <= last_wr_pos) && (r_from < th_nxt_wr[t][mc[t]])); assume(var[r_from] == v); if (r_from < mc[t]) assume(var_nxt_wr[r_from] > mc[t]); else { if (r_from < var_fst_wr[v]) return 0; mc[t] = r_from; }; return value[r_from];}
...right variable......right variable......next write of variable in
future...
...next write of variable in
future...
![Page 44: On Sequentializing Concurrent Programs (Bounded Model Checking) Gennaro Parlato University of Southampton, UK UPMARC 7 th Summer School on Multicore Computing,](https://reader034.fdocuments.in/reader034/viewer/2022051316/5697bf761a28abf838c80b10/html5/thumbnails/44.jpg)
Simulating a thread against an MU
y=1 …. a=x+5 ..... x=1 ….
x=2y=1y=1
x=1
x=3y=8
z=2
pcmc
Global variable read – “pick write position in range”
int read(uint t, uint v) { if (thr_terminated()) return 0; if (var_fst_wr[v]==0) return 0; uint r_from = *; assume((r_from <= last_wr_pos) && (r_from < th_nxt_wr[t][mc[t]])); assume(var[r_from] == v); if (r_from < mc[t]) assume(var_nxt_wr[r_from] > mc[t]); else { if (r_from < var_fst_wr[v]) return 0; mc[t] = r_from; }; return value[r_from];}
...before next write of
variable...
...before next write of
variable...
...else update mc.
...else update mc.
mc
Return value.Return value.
pc
![Page 45: On Sequentializing Concurrent Programs (Bounded Model Checking) Gennaro Parlato University of Southampton, UK UPMARC 7 th Summer School on Multicore Computing,](https://reader034.fdocuments.in/reader034/viewer/2022051316/5697bf761a28abf838c80b10/html5/thumbnails/45.jpg)
Simulating a thread against an MU
y=1 …. a=x+5 ..... x=1 ….
assert(b);
x=2y=1y=1
x=1
x=3y=8
z=2
Handling errors – “flag that an error occurs”
pc
translates to if (! b) _error = 1;
(computation might not be feasible)
translates to if (! b) _error = 1;
(computation might not be feasible)
![Page 46: On Sequentializing Concurrent Programs (Bounded Model Checking) Gennaro Parlato University of Southampton, UK UPMARC 7 th Summer School on Multicore Computing,](https://reader034.fdocuments.in/reader034/viewer/2022051316/5697bf761a28abf838c80b10/html5/thumbnails/46.jpg)
Our apporach: sequentialization by MU
…T0 T1
TN
…F0 F1
FN main()
Concurrent program
Sequential program
Sequentialization(code-to-code translation)
Simulation functions
translates
…
translates
translates
![Page 47: On Sequentializing Concurrent Programs (Bounded Model Checking) Gennaro Parlato University of Southampton, UK UPMARC 7 th Summer School on Multicore Computing,](https://reader034.fdocuments.in/reader034/viewer/2022051316/5697bf761a28abf838c80b10/html5/thumbnails/47.jpg)
Main Sequential Program
void main(void){
memory_init(W);
ct := mem_thread_create();
F0();
thread_terminate(ct);
all_thread_simulated();
assert(_error == 0) }
main
instantiate memory unwinding
error check
all writes of the thread are executed
simulation starts from main thread
all writes of the MU are executed
register main thread
Thread creationThread creation
![Page 48: On Sequentializing Concurrent Programs (Bounded Model Checking) Gennaro Parlato University of Southampton, UK UPMARC 7 th Summer School on Multicore Computing,](https://reader034.fdocuments.in/reader034/viewer/2022051316/5697bf761a28abf838c80b10/html5/thumbnails/48.jpg)
CSeq framework + Evaluation
![Page 49: On Sequentializing Concurrent Programs (Bounded Model Checking) Gennaro Parlato University of Southampton, UK UPMARC 7 th Summer School on Multicore Computing,](https://reader034.fdocuments.in/reader034/viewer/2022051316/5697bf761a28abf838c80b10/html5/thumbnails/49.jpg)
CSeq framework
sequentialnon-deterministic
C program
P'
concurrentC program
P
sequentialanalysis
toolcode-to-codetranslation
is a framework that simplifies code-to-code translations- for C programs + Pthread- comprises several code-to-code translation modules- supports several sequential analysis back-end tools
Internal modules-unrolling-function inlining-counter-example
…
Sequentialisations-Memory-Unwinding-Lazy-CSeq-LR-CSeq
…
testingKlee
bounded model-checking-BLITZ-CBMC-ESBMC-LLBM
abstraction-CPA-checker-Frama-C-SATABS
http://users.ecs.soton.ac.uk/gp4/cseq/
![Page 50: On Sequentializing Concurrent Programs (Bounded Model Checking) Gennaro Parlato University of Southampton, UK UPMARC 7 th Summer School on Multicore Computing,](https://reader034.fdocuments.in/reader034/viewer/2022051316/5697bf761a28abf838c80b10/html5/thumbnails/50.jpg)
Evaluation [ SV–COMP 2014 2015 ]
SV-COMP software verification competition @ TACASConcurrency category benchmarks: 1003 files •Lazy-CSeq won 2 GOLD medals (2014, 2015)•MU-CSeq won 2 SILVER medals (2014, 2015)
![Page 51: On Sequentializing Concurrent Programs (Bounded Model Checking) Gennaro Parlato University of Southampton, UK UPMARC 7 th Summer School on Multicore Computing,](https://reader034.fdocuments.in/reader034/viewer/2022051316/5697bf761a28abf838c80b10/html5/thumbnails/51.jpg)
Ongoing & Future Work
![Page 52: On Sequentializing Concurrent Programs (Bounded Model Checking) Gennaro Parlato University of Southampton, UK UPMARC 7 th Summer School on Multicore Computing,](https://reader034.fdocuments.in/reader034/viewer/2022051316/5697bf761a28abf838c80b10/html5/thumbnails/52.jpg)
Sequentializations based on BMC and Abstraction for programs communication through FIFO channels
• weak memory models (TSO) [Atig, Bouajjani, – CAV 2011 ]• message passing interface (MPI)
Symbolic partial order reduction based on interleaving partitioning (CEGAR) combining:
• abstraction interpretation to discard “safe” partitions• bug-finding for partitions with “potential” bugs with few interleavings• swarm verification (on clusters)• implemented using Lazy- and MU-Cseq sequentialization
Foundational work: Reasoning about programs using graph representations. Analysis based on graph decompositions.
[“The Tree Width of Automata with Auxiliary Storage” Madhusudan, Parlato – POPL 2011 ]for multi-stack pushdown automata communicating either through shared variables or queues)
Ongoing work & Future work
![Page 53: On Sequentializing Concurrent Programs (Bounded Model Checking) Gennaro Parlato University of Southampton, UK UPMARC 7 th Summer School on Multicore Computing,](https://reader034.fdocuments.in/reader034/viewer/2022051316/5697bf761a28abf838c80b10/html5/thumbnails/53.jpg)
Sequentializations based on BMC and Abstraction for programs communication through FIFO channels
• weak memory models (TSO) [Atig, Bouajjani, – CAV 2011 ]• message passing interface (MPI)
Symbolic partial order reduction based on interleaving partitioning (CEGAR) combining:
• abstraction interpretation to discard “safe” partitions• bug-finding for partitions with “potential” bugs with few interleavings• swarm verification (on clusters)• implemented using Lazy- and MU-Cseq sequentialization
Foundational work: Reasoning about programs using graph representations. Analysis based on graph decompositions.
[“The Tree Width of Automata with Auxiliary Storage” Madhusudan, Parlato – POPL 2011 ]for multi-stack pushdown automata communicating either through shared variables or queues)
Ongoing work & Future work
![Page 54: On Sequentializing Concurrent Programs (Bounded Model Checking) Gennaro Parlato University of Southampton, UK UPMARC 7 th Summer School on Multicore Computing,](https://reader034.fdocuments.in/reader034/viewer/2022051316/5697bf761a28abf838c80b10/html5/thumbnails/54.jpg)
Thank You
users.ecs.soton.ac.uk/gp4/cseq