1 / 23

Scope-bounded Multistack Pushdown Systems: - f ixed- p oint - s equentialization - tree-width

Scope-bounded Multistack Pushdown Systems: - f ixed- p oint - s equentialization - tree-width. Salvatore La Torre Gennaro Parlato (U. Salerno, Italy) (U. Southampton, UK). Multi-stack Pushdown Systems (MPS). n stacks sharing a finite control

aldis
Download Presentation

Scope-bounded Multistack Pushdown Systems: - f ixed- p oint - s equentialization - tree-width

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Scope-bounded MultistackPushdown Systems:-fixed-point - sequentialization - tree-width Salvatore La Torre Gennaro Parlato (U. Salerno, Italy) (U. Southampton, UK)

  2. Multi-stack Pushdown Systems (MPS) n stacks sharing a finite control configurations: s, , , … , transitions: push one symbol onto stack i pop one symbol from stack i internal move: stacks stay unchanged, only control location is altered problem: control-statereachability n 2 1

  3. Multi-stack Pushdown Systems (MPS) Interesting model for concurrency allows accurate modeling of the control flow of concurrent programs with shared memory and recursive procedure calls Too expressive two stacks suffice to encode a Turing machine Several decidable restrictions in literature

  4. bounded context-switch (round) runs moves on stack 1 moves on stack 2 moves on stack 3 b o u d e d round 1 round 2 round 3 round 4 round 5 round 6 round 7 … … … … bounded round reachability is decidable [Qadeer-Rehof, TACAS’05 ] (solution based on automata)

  5. bounded round analysis (compositional) moves on stack 1 moves on stack 2 moves on stack 3 compute interface for stack 2 compute interface for stack 1 + stack 2 compute interface for stack 1 + stack 2 + stack 3 compute interface for stack 3 compute interface for stack 1 - Sequentialization [Lal-Reps, CAV’08 ] - Interfaces & Getafix [La Torre-Madhusudan-Parlato, PLDI’09, CAV’10, FIT’12 ]

  6. Tools based on compositional alg. Sequentialization(programming languages) Poirot+Corral (MSR) [Lahiri-Lal-Qadeer, POPL’11, CAV’12] Cseq(code-to-code translation for C prgms + Pthread) [Cseq+ESBMC. Fischer-Inverso-Parlato, SV-COMP’13] Model-Checkers for Boolean programs (abstracted device drivers) Getafix[La Torre – Madhusudan - Parlato, PLDI’09, CAV’10]

  7. beyond bounded-round restriction:scope-bounded runs moves on stack 1 moves on stack 2 moves on stack 3 push pop Fix a bound k. A run is k-scope if for all push, pop. ( matching(push, pop) ∧ (round(pop) – round(push) ≤ k ) ) • Decidable reachability [La Torre-Napoli, CONCUR’11 ] • solution based on automata, • compositional ??? … … …

  8. What is this talk about? Compositional algorithm for bounded-scope reachability can be implemented as a fixed-point(using interfaces) sequentialization(from multi to one stack) Bounded-scope multiply nested words have boundedtree-width decidability of reachability, LTL, …, MSO

  9. Compositional algorithm for bounded-scope reachability • fixed-point • sequentialization

  10. compositional algorithm (fixed point) • The compositional algorithm for bounded rounds won’t work • we don’t know a bound on # of needed rounds (semi-algorithm) • Our solution computes the cross product of interfaces in parallel interface stack 1 interface stack 2 interface stack 3 interface stack 4

  11. interface decomposition for k-scope every k-scope interface can be obtained as a concatenation of several k-round interfaces overlapping concatenation simple concatenation k-round k-round q last -> round <- first round k-scope k-scope

  12. compositional algorithm (fixed point) • Init: insert an initial interface for stack 1 with at most k rounds • Rules: (Add) concatenate a feasible interface (with at most krounds) • to the stack interface with the lowest incomplete round • (Remove) if the first tracked round is complete then remove it • Termination: one line left with the target control state at the end interface stack 1 interface stack 2 interface stack 3 interface stack 4 Always reaches a fixed point: - configuration: O( k*n) control states ^ ^ | | #scope #stacks Comparison with bounded-round restriction - bounded rounds requires only O( k ) control states - n cannot be eliminated from O (k n) (additional price to pay) initial -> control state target <- state

  13. Sequentialization

  14. Code-to-code translation as a plug-in for sequential verification tools Concurrent Program shared vars A convenient way to get new tools for conc. programs … Concurrent Program Concsequ translation T1 T2 Tn … Instrumentation for the Sequ. tool Sequ. program Sequ. tool

  15. features of agood sequentialization Avoid cross product (compositional) • 1 stack for the simulation • 1 local state, fixed # of shared states Conc. & Sequ. Programs are in the same class • i.e. no additional data structures to simulate parallelism • Example: concurrent Boolean programs  Boolean (sequential) program Parameterized:increasing the parameter • more behaviors are captured • at the expense of more computational resources Explore as many behaviors as possible A direct simulation doesn’t lead to scalable solutions: state: C1X C2X … XCnX Shared Simulation: at each step non-deterministically simulate one move of a thread • data structures for the configurations (n stacks) State space explosion !

  16. related work (sequentialization) Up 2 context-switches (KISS)[Qadeer-Wu, PLDI’04] bounded-round schedules & finite # of threads • Eager [Lal-Reps, CAV’08] • Lazy[La Torre-Madhusudan-Parlato, CAV’09] bounded-round schedule & parameterized programs • Lazy [La Torre, Madhusudan-Parlato, CAV’10, FIT’12] Delay-bounded schedules (thread creation) [Emmi-Qadeer-Rakamaric, POPL’11] Bounded semantics [Bouajjani-Emmi-Parlato, SAS’11]

  17. from fixed point to sequentialization • Fixed-point algorithm • Init: insert an initial interface for stack 1 with at most k rounds • Rules: (Add) Fill any hole with a feasible interface with at most k rounds • (Remove) If the first tracked line is complete then remove it • Termination: one line left with the target control state at the end Sequentialization Our fixed point leads to a straightforward sequentialization (1stack+2kn shared vars) Global variables: 2k copies of the shared variable to store tuple-interface Additional functions: - INTERFACE( thread_id ); // non-deterministically build an interface for thread thread_id - Init() // implements Init - remove_first_round() //implements Remove rule - add_interface() //implements Add rule Code-to-code translation: Init(); while (true) { if (Remove) remove_first_round(); else add_interface(); if (termination) ERROR; }

  18. bounded-scope runs => bounded tree-width of k-scope multiply nested words

  19. nested words • A nested word NW graph captures the behavior of a run • The stack is compiled down into the nested word (nesting edges) push push push pop pop push pop pop int int int int int q7 q1 q9 q3 q11 q13 q5 q8 q2 q10 q4 q12 q6 q14 final

  20. multiply nested words (MNW) A MNW graph captures the behavior of an MPS run • Stacks are compiled down into the graph (nesting edges) • One nesting relation per stack push2 push2 pop2 pop2 int pop1 pop1 push1 push1 push1 push1 pop1 pop1

  21. decidability for multistack systems[Madhusudan-Parlato, POPL’11] Several decidable restrictions of Multistackpushdown systems lead to bounded tree-width multiply nested words Decidability: Courcelle/Seese theorem • bounded-contexts[Rehof- Qadeer, TACAS’05] • bounded-phases[La Torre – Madhusudan- Parlato,LICS’07] • ordered(Breveglieri– Cherubini – Citrini- CrespiReghizzi, Int.J. Found. Comput. Sci.’95] • Parameterized pushdown automata with k-rounds [La Torre - Madhusudan– Parlato,CAV’10] • Delay bounded[Emmi – Qadeer – Rakamarik,POPL’11] • Bounded semantics[Bouajjani – Emmi - Parlato, SAS’11] • Bounded-Scope[La Torre - Napoli, CONCUR’11] (More details in the “Verification of Infinite-State Systems” talk)

  22. Conclusions

  23. Conclusions & Future WorkBounded-scoped model-checking Compositional algorithm • Fixed point algorithm • can be encoded in Getafix[La Torre - Madhusudan - Parlato,PLDI’09] • Sequentialization (under-approximation) • code-to-code translation (for C programs + Pthread library) • sequential tool can be used to analyze concurrent programs • empirical evaluation (can we find new bugs?) [Multi-Pushdown Systems with Budget. Abdulla-Atig-Rezine-Stenman - ‘12] bounded tree-width runs + MSO definable [MSO decidability of multi-pushdown systems via split-width. Cyriac - Gastin - Kumar, CONCUR’12] • reachability/LTL  Seese/Courcelle’s theorem (decidable) [A temporal logic for multi-threaded programs. La Torre - Napoli, IFIP TCS’12] [LTL model-checking for multithreaded programs under scope-bounding. Atig, Bouajjani, Kumar, Saivasan– ATVA’12]

More Related