Advertisement

Formal Methods in System Design

, Volume 28, Issue 3, pp 263–289 | Cite as

Optimistic synchronization-based state-space reduction

  • Scott D. Stoller
  • Ernie Cohen
Article

Abstract

Reductions that aggregate fine-grained transitions into coarser transitions can significantly reduce the cost of automated verification, by reducing the size of the state space. We propose a reduction that can exploit common synchronization disciplines, such as the use of mutual exclusion for accesses to shared data structures. Exploiting them using traditional reduction theorems requires checking that the discipline is followed in the original (i.e., unreduced) system. That check can be prohibitively expensive. This paper presents a reduction that instead requires checking whether the discipline is followed in the reduced system. This check may be much cheaper, because the reachable state space is smaller.

Keywords:

Partial-order methods Reduction Model checking Omega algebra 

Notes

Acknowledgments

We thank Shaz Qadeer for telling us about exclusive access predicates, Liqiang Wang for doing the experiments with JPF, and Patrice Godefroid for insightful comments about partial-order methods.

References

  1. 1.
    G. Brat, K. Havelund, S. Park, and W. Visser, “Model checking programs,” in IEEE Int'l. Conference on Automated Software Engineering (ASE), 2000, pp. 3–12.Google Scholar
  2. 2.
    E.M. Clarke, Jr., O. Grumberg, and D.A. Peled, Model Checking, MIT Press, 1999.Google Scholar
  3. 3.
    E. Cohen and L. Lamport, “Reduction in TLA,” in Proc. 9th Int'l. Conference on Concurrency Theory (CONCUR), vol. 1466 of Lecture Notes in Computer Science, Springer-Verlag, 1998, pp. 317–331.Google Scholar
  4. 4.
    E. Cohen, “Separation and reduction,” in Proc. 5th Int'l. Conference on Mathematics of Program Construction, vol. 1837 of Lecture Notes in Computer Science, Springer-Verlag, 2000.Google Scholar
  5. 5.
    C. Flanagan and S. Freund, “Detecting race conditions in large programs,” in Workshop on Program Analysis for Software Tools and Engineering (PASTE), ACM Press, 2001, pp. 90–96.Google Scholar
  6. 6.
    C. Flanagan, S.N. Freund, and S. Qadeer, “Thread-modular verification for shared-memory programs,” in Proc. European Symposium on Programming (ESOP), 2002, pp. 262–277.Google Scholar
  7. 7.
    C. Flanagan, S. Qadeer, and S. Seshia, “A modular checker for multithreaded programs,” in Proc. 14th Int'l. Conference on Computer-Aided Verification (CAV), vol. 2404 of Lecture Notes in Computer Science, Springer-Verlag, 2002, pp. 180–194.Google Scholar
  8. 8.
    C. Flanagan and S. Qadeer, “Transactions for software model checking,” in Proc. 2nd Workshop on Software Model Checking, vol. 89(3) of Electronic Notes in Theoretical Computer Science. Elsevier, 2003.Google Scholar
  9. 9.
    P. Godefroid, Partial-Order Methods for the Verification of Concurrent Systems, vol. 1032 of Lecture Notes in Computer Science. Springer-Verlag, 1996.Google Scholar
  10. 10.
    P. Godefroid, “Model checking for programming languages using VeriSoft,” in Proc. 24th ACM Symposium on Principles of Programming Languages (POPL), ACM Press, 1997, pp. 174–186.Google Scholar
  11. 11.
    K. Havelund and T. Pressburger, “Model checking Java programs using Java PathFinder,” Int. J. on Softw. Tools for Technol. Trans., Vol. 2, No. 4, 2000.Google Scholar
  12. 12.
    G.J. Holzmann, “The Spin model checker,” IEEE Trans. Softw. Engi., Vol. 23, No. 5, pp. 279–295, 1997.Google Scholar
  13. 13.
    G.J. Holzmann and D. Peled, “An improvement in formal verification,” in Proc. 7th Int'l. Conference on Formal Description Techniques (FORTE ′94), Chapman & Hall, 1995, pp. 197–211.Google Scholar
  14. 14.
    D. Kozen, “A completeness theorem for Kleene algebras and the algebra of regular events,” Inform. Comput., Vol. 110, No. 2, pp. 366–390, 1994.Google Scholar
  15. 15.
    R.J. Lipton, “Reduction: A method of proving properties of parallel programs,” Communications of the ACM, Vol. 18, No. 12, pp. 717–721, 1975.Google Scholar
  16. 16.
    S. Savage, M. Burrows, G. Nelson, P. Sobalvarro, and T.E. Anderson, “Eraser: A dynamic data race detector for multi-threaded programs,” ACM Trans. on Comp. Syst., Vol. 15, No. 4, pp. 391–411, 1997.Google Scholar
  17. 17.
    S.D. Stoller and E. Cohen, “Optimistic synchronization-based state-space reduction,” in Proceedings of the 9th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS), vol. 2619 of Lecture Notes in Computer Science, Springer-Verlag, 2003, pp. 489–504.Google Scholar
  18. 18.
    S.D. Stoller, “Model-checking multi-threaded distributed Java programs,” Int. J. on Softw. Tools for Technol. Trans., Vol. 4, No. 1, pp. 71–91, 2002.Google Scholar
  19. 19.
    A. Valmari, “Stubborn set methods for process algebras,” in D. Peled, V.R. Pratt, and G.J. Holzmann (Eds.), Proc. Workshop on Partial Order Methods in Verification, vol. 29 of DIMACS Series, American Mathematical Society, 1997, pp. 213–231.Google Scholar
  20. 20.
    C. von Praun and T.R. Gross, “Object race detection,” in Proc. 16th ACM Conference on Object-Oriented Programming, Systems, Languages and Applications (OOPSLA), vol. 36(11) of SIGPLAN Notices, ACM Press, 2001, pp. 70–82.Google Scholar
  21. 21.
    J. Whaley and M.C. Rinard, “Compositional pointer and escape analysis for Java programs,” in Proc. ACM Conf. on Object-Oriented Programming, Systems, Languages and Applications (OOPSLA), ACM Press, 1999, pp. 187–206.Google Scholar

Copyright information

© Springer Science + Business Media, LLC 2006

Authors and Affiliations

  1. 1.Computer Science DepartmentStony Brook UniversityStony BrookUSA
  2. 2.Microsoft Corp.One Microsoft WayRedmondUSA

Personalised recommendations