1 / 22

Sequentializing Parameterized Programs

Sequentializing Parameterized Programs. Salvatore La Torre Università degli Studi di Salerno P . Madhusudan (U . Illinois U.-C., U.S.A .) Gennaro Parlato (U. Southampton ). Parameterized programs. shared vars. T 1. T 2. T m. loc. loc. loc. ….

susanroberts
Download Presentation

Sequentializing Parameterized Programs

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Sequentializing Parameterized Programs Salvatore La Torre Università degli Studi di Salerno P. Madhusudan (U . Illinois U.-C., U.S.A.) Gennaro Parlato (U. Southampton)

  2. Parameterized programs shared vars T1 T2 Tm loc loc loc … • Fixed number of programs P1 , . . . , Pn(each possibly with recursive function calls) • Memory is shared (a fixed number of shared vars) • Executions are those of all the concurrent programs: (for each m) • each thread Tj is the execution of a program Pi • each program Pi can be run in unboundedly many threads

  3. Parameterized programs • Interesting class of programs (e.g., device drivers) • Complex class of programs (infinite states): • each thread is essentially a pushdown system • number of threads is unbounded • Basic decision problems are undecidable • reachability with just two threads is already undecidable • Reachability within a bounded number of context-switches is decidable [La Torre–Madhusudan–Parlato CAV’10]

  4. Bounded context-switching • Switching between threads is allowed only a bounded number of times [Qadeer-Rehof TACAS’05] Under this restriction • Analysis is an effective technique for bug detection • bugs of concurrent programs are likely to occur within few context-switches [Musuvathi-Qadeer PLDI’07] • Efficient sequentializations can be obtained

  5. Sequentialization Param. program Seq. program shared vars T1 T2 Tm loc loc loc … • Translation from a multithreaded program to an “equivalent” sequential one • Advantage: use existing techniques for sequential programs to analyze parameterized programs • Model checkers, Deductive verification, …

  6. Sequentialization • A sequentialization that simply simulates the global behavior of the program is always possible • track the locals of each thread (may require additional unbounded storage) • in general, inefficient (current tools do not work) • Under bounded-context switching, efficient sequentializations are known (for concurrent programs) • track only the locals of one thread at a time • need to store multiple copies of shared vars [Lal-Reps CAV’08 & La Torre-Madhusudan-Parlato CAV’09]

  7. Sequentialization of param. progs T3 T2 T1 (l4,s2) (l2,s1) (l1,s1) (l3,s2) (l5,s3) (l1,s3) • A simple sequentialization for parameterized programs can be obtained by extending the “eager” approach [Lal-Reps CAV 2008] : • each thread is executed up to completion (jumping across context-switches) • after computing a thread, nondeterministically (1) terminate and check if all the computed executions form a computation and (2) compute next thread • the values of shared variables at context-switches are passed to the next thread

  8. Eager seq. does not preserve assertions // shared variables bool blocked=true; int x=0, y=0; process P1: main() begin while (blocked) skip; assert(y!=0); x = x/y; end process P2: main() begin x=12; y=2; //unblock threads of P1 blocked=false; end • y!=0 is an invariant of the statement x=x/y in the param. progr. • butnot in the sequential program (blocked can be nondeterministicallyassigned to false across a context-switchwhile processing a thread of P1)

  9. Main contribution • Sequentialization up to k context-switchesthat maps a parameterized program P to a sequential program Pseq s.t. • only (k-c.s.) reachable states of P can be explored via Pseq • assertion invariants are preserved • at any point of a Pseqrun, the local state of only one thread and at most O(k) copies of shared variables are tracked • no additional unbounded memory is used (no additional queues, or counters) • Note: itreducesboundedcontext-switchreachability of param. programs to reachability of seq. programs

  10. Rest of the talk • Details of the sequentialization • linear interfaces • structure of Pseq • correctness and lazyness • Related work • Conclusions

  11. Linear interfaces Tj Ti Ti+1 in1 out1 in2 out2 in3 out3 • Crucialconceptexploited in the sequentialization • Summarize the effects of a blockof unboundedlymanythreads on the sharedvariables • executionsarranged in rounds of round-robinscheduling linear interface (In,Out) of dim. 3

  12. Linear interface of a run Tm T1 T2 in1 out1 in2 out2 in3 out3 • (In,Out) s.t. ini+1=outi i=1,…,k-1 k=3

  13. Computation of a P run by Pseq T1 T2 T3 T4 in1 out1 • Pseqmimics a computation of P • by increasing round numbers and • (withineach round) by increasingcontextnumbers • nondeterministicallychoosesifthisis the last thread in the round • the linear interface (<in1>,<out1>) isstored

  14. Computation of a P run by Pseq T’1 T’2 T’3 in1 context switch in last thread is allowed only with globals out1 a1 b1 out1 can context switch provided that <b1,out1> is a linear interface can context switch provided that <a1,out1> is a linear interface in2=out1 a2 b2 out2 • Second round isexecutedmatching (<in1>,<out1>) • Note thatthreads do notneed to be the sameweused in the first round and noteven in the samenumber • The third round isexecutedsimilarly by matching (<in1,in2>,<out1,out2>)

  15. Structure of Pseq • mainfunction: • initialize the sharedvariables • starts the computation of each round by callinglinear_int • linear_int: • selects and startsnextthread to execute (ifany) • returns a valuation of the global varsthatforms a linear interface with the valuationsreceivedasparameters • control code (interlinedwithinthe given code) • drives the recomputation task • callslinear_int to checkconditions on context-switching • manage the returns from calls (flagsthat the end of the round hasbeensuccessfullyreached)

  16. Interlined control code if (terminate) then return; if (!atom ) then while (*) if (last) then if ( j = bound) then terminate := T; return; else assume(q′j = s); j++; s := qj; else qj:= s; save:= g; call linear int(q1,k,q′1,k−1, j); if ( j = bound) then return; else assume(q′j=s); g:=save; terminate := F; j++; s:=qj;

  17. Property of linear_int in1 in1 out1 out1 ini-1 ini-1 outi-1 outi-1 ini outi • a call to linear_int(in1,…,ini,out1,…,outi-1) returnsoutisuchthat

  18. Correctness and lazyness I2 I3 in1 out’1 I1 in1 out1 in2 out’2 out1 out2 in2 in3=out2 out2 out’3 I2 in1 out’1 out’’1 out’’1 out’2 in2 out1 out’’2 out’’2 out’3 in3 out2 out’’3 • Suppose: • we compute: suchthat:

  19. This equals to say T1 Tj Tj+1 Tm in1 out’1 out1 in2 out’2 out2 in3 out’3 T’1 T’h T’h+1 T’h+2 T’m’ in1 out’’1 out’1 out1 in2 out’’2 The newlydiscoveredstates are allreachable out’2 out2 in3 out’’3 out’3 • Suppose run: • weensure the existence of anyrun:

  20. Reduction of bounded context-switch reachability Theorem: Let P be a parameterized program, k>0 and pc be a program counter of P pc is reachable in P within k context switches iff pc is reachable in Pseq

  21. Related Work • Seq. up to 2 contexts [Quadeer-Wu PLDI’04] • Seq. of concurrentprograms: eager[Lal-RepsTACAS’08] lazy[La Torre-Madhusudan-Parlato CAV’09] • Seq. combined to deductiveverification[Lahiri-Qadeer-Rakamaric CAV09] • Symbolicfixed-pointsolution to computation of reachablestates for parameterizedprograms[La Torre-Madhusudan-Parlato CAV’10] • Seq. for delay boundedschedulers with dynamiccreation of threads[Emmi-Qadeer-Rakamaric POPL’11] • Sufficientconditions for sequentialization of concurrentprograms[Garg-Madhusudan TACAS’11] • Seq. of programs communicating through asynchronous message passing [Emmi-Bouajjani TACAS’12] • Seq. of scope-bounded conc. programs [La Torre-Parlato 2012]

  22. Conclusions • Sequentializations are a hot research topic • Some good experimental results have been obtained combining SMT solvers and eager seq. • Lazy seq. do not work well with SMT since introduces recursion • Lazy seq. is more suitable for accurate analysis • it is worth trying it with other kinds of techniques

More Related