Skip to main content
SpringerLink
Log in

Bounded phase analysis of message-passing programs

  • TACAS 2012
  • Published:
International Journal on Software Tools for Technology Transfer Aims and scope Submit manuscript

Abstract

We describe a novel technique for bounded analysis of asynchronous message-passing programs with ordered message queues. Our bounding parameter does not limit the number of pending messages, nor the number of “context-switches” between processes. Instead, we limit the number of process communication cycles, in which an unbounded number of messages are sent to an unbounded number of processes across an unbounded number of contexts. We show that remarkably, despite the potential for such vast exploration, our bounding scheme gives rise to a simple and efficient program analysis by reduction to sequential programs. As our reduction avoids explicitly representing message queues, our analysis scales irrespectively of queue content and variation.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17

Similar content being viewed by others

Notes

  1. Since the assume statement may block executions depending on earlier nondeterministic choices, we consider only the values reached in completed executions as reachable; this avoids the problematic situation where a valuation is reached in an execution which cannot later complete because of finally non-realizable nondeterministic choices.

  2. We assume each task in a given execution has implicitly a unique task-identifier.

  3. For simplicity our examples do not pass arguments to tasks; in general, one should also store in the task-queue array the values of arguments passed to each posted procedure.

  4. The number \(n\) of explored tasks is controlled by limiting the number of loop unrollings in the bounded task-queue encoding, and limiting the recursion depth, and phase-bound, in the bounded-phase encoding.

  5. For simplicity, this description supposes the scheduler can be the only source of program nondeterminism.

References

  1. Abdulla, P.A., Jonsson, B.: Verifying programs with unreliable channels. In: LICS ’93: Proceedings of the 8th Annual IEEE Symposium on Logic in Computer Science, pp. 160–170. IEEE Computer Society (1993)

  2. Abdulla, P.A., Bouajjani, A., Jonsson, B.: On-the-fly analysis of systems with unbounded, lossy fifo channels. In: CAV ’98: Proceedings of the 10th International Conference on Computer Aided Verification, vol. 1427 of LNCS, pp. 305–318. Springer, Berlin (1998)

  3. Atig, M.F., Bollig, B., Habermehl, P.: Emptiness of multi-pushdown automata is 2etime-complete. In: DLT ’08: Proceedings of the 12th International Conference on Developments in Language Theory, vol. 5257 of LNCS, pp. 121–133. Springer, Heidelberg (2008)

  4. Atig, M.F., Bouajjani, A., Emmi, M., Lal, A.: Detecting fair non-termination in multithreaded programs. In: CAV ’12: Proceedings of the 24th International Conference on Computer Aided Verification, vol. 7358 of LNCS. Springer, Heidelberg (2012)

  5. Barnett, M., Leino, K.R.M. Moskal, M., Schulte W.: Boogie: an intermediate verification language. http://research.microsoft.com/en-us/projects/boogie/. Accessed 1 Jan 2012

  6. Boigelot, B., Godefroid, P.: Symbolic verification of communication protocols with infinite state spaces using QDDs. Form. Methods Syst. Design 14(3), 237–255 (1999)

    Article  Google Scholar 

  7. Bouajjani, A., Emmi, M.: Bounded phase analysis of message-passing programs. In: TACAS ’12: Proceedings of the 18th International Conference on Tools and Algorithms for the Construction and Analysis of Systems, vol. 7214 of LNCS, pp. 451–465. Springer, Heidelberg (2012)

  8. Bouajjani, A., Habermehl, P.: Symbolic reachability analysis of fifo-channel systems with nonregular sets of configurations. Theor. Comput. Sci. 221(1–2), 211–250 (1999)

    Article  MATH  MathSciNet  Google Scholar 

  9. Bouajjani, A., Habermehl, P., Vojnar, T.: Verification of parametric concurrent systems with prioritised FIFO resource management. Form. Methods Syst. Design 32(2), 129–172 (2008)

    Article  MATH  Google Scholar 

  10. Bouajjani, A. Emmi, M., Parlato G.: On sequentializing concurrent programs. In: SAS ’11: Proceedings of the 18th International Symposium on Static Analysis, vol. 6887 of LNCS, pp. 129–145. Springer, Heidelberg (2011)

  11. Brand, D., Zafiropulo, P.: On communicating finite-state machines. J. ACM 30(2), 323–342 (1983)

    Article  MATH  MathSciNet  Google Scholar 

  12. Chaudhuri, S.: Subcubic algorithms for recursive state machines. In: POPL ’08: Proceedings of the 35th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 159–169. ACM, New York (2008)

  13. Dahl, R.: Node.js: Evented I/O for V8 JavaScript. http://nodejs.org/. Accessed 1 Jan 2012

  14. Emmi, M., Lal, A.: Finding non-terminating executions in distributed asynchronous programs. In: SAS ’12: Proceedings of the 19th International Static Analysis Symposium, LNCS, pp. 439–455. Springer, Berlin (2012)

  15. Emmi, M. Qadeer, S., Rakamaric, Z.: Delay-bounded scheduling. In: POPL ’11: Proceedings of the 38th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 411–422. ACM, New York (2011)

  16. Emmi, M., Lal, A., Qadeer, S.: Asynchronous programs with prioritized task-buffers. In: FSE ’12: Proceedings of the 20th International Symposium on the Foundations of Software Engineering. ACM, New York (2012)

  17. Esparza, J., Kucera, A., Schwoon, S.: Model checking ltl with regular valuations for pushdown systems. Inf. Comput. 186(2), 355–376 (2003)

    Article  MATH  MathSciNet  Google Scholar 

  18. Ganty, P., Majumdar, R.: Algorithmic verification of asynchronous programs. ACM Trans. Program. Lang. Syst. 34(1), 6 (2012)

    Google Scholar 

  19. Ganty, P., Majumdar, R., Rybalchenko, A.: Verifying liveness for asynchronous programs. In: POPL 09: Proceedings of the 36th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 102–113. ACM, New York (2009)

  20. Haller, P., Odersky, M.: Scala actors: unifying thread-based and event-based programming. Theor. Comput. Sci. 410(2–3), 202–220 (2009)

    Article  MATH  MathSciNet  Google Scholar 

  21. Heußner, A., Leroux, J., Muscholl, A., Sutre, G.: Reachability analysis of communicating pushdown systems. In: FOSSACS ’10: Proceedings of the 13th International Conference on Foundations of Software Science and Computational Structures, vol. 6014 of LNCS, pp. 267–281. Springer, Heidelberg (2010)

  22. HTML5: A vocabulary and associated APIs for HTML and XHTML. http://dev.w3.org/html5/spec/Overview.html. Accessed 1 Jan 2012

  23. Jhala, R., Majumdar, R.: Interprocedural analysis of asynchronous programs. In: POPL ’07: Proceedings of the 34th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 339–350. ACM, New York (2007)

  24. Kidd, N., Jagannathan, S., Vitek, J.: One stack to run them all: reducing concurrent analysis to sequential analysis under priority scheduling. In: SPIN ’10: Proceedings of the 17th International Workshop on Model Checking Software, vol. 6349 of LNCS, pp. 245–261. Springer, Heidelberg (2010)

  25. La Torre S., Parlato, G.: Scope-bounded multistack pushdown systems: fixed-point, sequentialization, and tree-width. In: FSTTCS ’12: Proceedings of the IARCS Annual Conference on Foundations of Software Technology and Theoretical Computer Science, vol. 18 of LIPIcs, pp. 173–184. Schloss Dagstuhl-Leibniz-Zentrum fuer Informatik (2012)

  26. La Torre, S., Madhusudan, P., Parlato, G.: A robust class of context-sensitive languages. In: LICS ’07: Proceedings of the 22nd IEEE Symposium on Logic in Computer Science, pp. 161–170. IEEE Computer Society (2007)

  27. La Torre, S. Madhusudan, P., Parlato G.: Context-bounded analysis of concurrent queue systems. In: TACAS ’08: Proceedings of the 14th International Conference on Tools and Algorithms for the Construction and Analysis of Systems, vol. 4963 of LNCS, pp. 299–314. Springer, Heidelberg (2008)

  28. La Torre, S. Madhusudan, P., Parlato, G.: Reducing context-bounded concurrent reachability to sequential reachability. In: CAV ’09: Proceedings of the 21st International Conference on Computer Aided Verification, vol. 5643 of LNCS, pp. 477–492. Springer, Heidelberg (2009)

  29. La Torre, S., Madhusudan, P., Parlato, G.: Model-checking parameterized concurrent programs using linear interfaces. In: CAV ’10: Proceedings of the 22nd International Conference on Computer Aided Verification, vol. 6174 of LNCS, pp. 629–644. Springer, Heidelberg (2010)

  30. La Torre, S., Madhusudan, P., Parlato, G.: Sequentializing parameterized programs. In: FIT ’12: Proceedings of the Fourth Workshop on Foundations of Interface Technologies, vol. 87 of EPTCS, pp. 34–47 (2012)

  31. Lal, A., Reps, T.W.: Reducing concurrent analysis under a context bound to sequential analysis. Form. Methods Syst. Design 35(1), 73–97 (2009)

    Article  MATH  Google Scholar 

  32. Lal, A. Qadeer, S., Lahiri, S.K.: A solver for reachability modulo theories. In: CAV ’12: Proceedings of the 24th International Conference on Computer Aided Verification, vol. 7358 of LNCS, pp. 427–443. Springer, Heidelberg (2012)

  33. Lynch, N.A.: Distributed algorithms. ISBN 1-55860-348-4. Morgan Kaufmann, San Francisco (1996)

  34. Miller, M.S., Tribble, E.D., Shapiro, J.S.: Concurrency among strangers. In: TGC ’05: Proceedings of the International Symposium on Trustworthy Global Computing, vol. 3705 of LNCS, pp. 195–229. Springer, Heidelberg (2005)

  35. Post, E.L.: A variant of a recursively unsolvable problem. Bull. Am. Math. Soc 52(4), 264–268 (1946)

    Article  MATH  MathSciNet  Google Scholar 

  36. Qadeer, S., Rehof, J.: Context-bounded model checking of concurrent software. In: TACAS ’05: Proceedings of the 11th International Conference on Tools and Algorithms for the Construction and Analysis of Systems, vol. 3440 of LNCS, pp. 93–107. Springer, Heidelberg (2005)

  37. Qadeer, S., Wu, D.: KISS: keep it simple and sequential. In: PLDI ’04: Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 14–24. ACM, New York (2004)

  38. Reps, T.W., Horwitz, S., Sagiv, S.: Precise interprocedural dataflow analysis via graph reachability. In: POPL ’95: Proceedings of the 22th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 49–61. ACM, New York (1995)

  39. Sen, K., Viswanathan, M.: Model checking multithreaded programs with asynchronous atomic methods. In: CAV ’06: Proceedings of the 18th International Conference on Computer Aided Verification, vol. 4144 of LNCS, pp. 300–314. Springer, Heidelberg (2006)

  40. Sharir, M., Pnueli, A.: Two approaches to interprocedural data-flow analysis. In: Muchnick, S.S., Jones, N.D. (eds.) Program Flow Analysis: Theory and Applications, chapter 7, pp. 189–234. Prentice-Hall, Englewood Cliffs (1981)

  41. Svensson, H., Arts, T.: A new leader election implementation. In: Erlang ’05: Proceedings of the 2005 ACM SIGPLAN Workshop on Erlang, pp. 35–39. ACM, New York (2005)

  42. Trottier-Hebert, F.: Learn you some Erlang for great good! http://learnyousomeerlang.com/. Accessed 1 Jan 2012

Download references

Acknowledgments

We graciously thank Constantin Enea, Cezara Dragoi, Pierre Ganty, Salvatore La Torre, and the anonymous TACAS and STTT reviewers for helpful feedback.

Author information

Authors and Affiliations

  1. LIAFA, Université Paris Diderot, Paris, France

    Ahmed Bouajjani & Michael Emmi

Authors
  1. Ahmed Bouajjani
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Michael Emmi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Michael Emmi.

Additional information

Michael was supported by a post-doctoral fellowship from la Fondation Sciences Mathématiques de Paris.

Appendices

Appendix A: Syntactic extensions used in our translations

The following syntactic extensions are reducible to the original program syntax of Sect. 2.1. Here we freely assume the existence of various type- and expression-constructors. This does not present a problem since our program semantics does not restrict the language of types nor expressions.

Multiple types. Multiple type labels \(T_1,\ldots , T_j\) can be encoded by systematically replacing each \(T_i\) with the sum-type \(T = \Sigma _{i=1}^{j} T_i\). This allows local and global variables with distinct types.

Multiple variables. Additional variables x \({}_1\): \(T_1\), ..., x \({}_j\): \(T_j\) can be encoded with a single record-typed variable x: \(T\), where \(T\) is the record type

$$\begin{aligned} \{\mathtt{{f}}_1: T_1, \ldots , \mathtt{{f}}_j: T_j\} \end{aligned}$$

and all occurrences of \(\mathtt{{x}}_i\) are replaced by \(\mathtt{{x.f}}_i\). When combined with the extension allowing multiple types, this allows each procedure to declare any number and type of local variable parameters, distinct from the number and type of global variables.

Local variable declarations. Additional (non-parameter) local variable declarations var l’: \(T\) to a procedure \(p\) can be encoded by adding l’ to the list of parameters, and systematically adding an initialization expression (e.g., the choice expression \(^*\), or false) to the corresponding position in the list of arguments at each call site of \(p\) to ensure that l’ begins correctly (un)initialized.

Unused values. Call assignments call x := \(p\; e\), where x is not subsequently used, can be written as call _:= \(p\) \(e\), where _: \(T\) is an additional unread local variable, or simpler yet as call \(p\) \(e\).

Unused branches. if \(e\) then \(s\) else skip is abbreviated by if \(e\) then \(s\).

Increment. Increment operations \(x\)++ are encoded as \(x\) := \(x\) + 1.

Let bindings. Let bindings of the form let x: \(T\) = \(e\) in can be encoded by declaring x as a local variable var x: \(T\) immediately followed by an assignment x := \(e\). This construct is used to explicate that the value of x remains constant once initialized. The binding let x: \(T\) in is encoded by the binding let x: \(T\) = * in where * is the choice expression.

Arrays. Finite arrays with \(j\) elements of type \(T\) can be encoded as records of type \(\{\mathtt{{f}}_1: T, \ldots , \mathtt{{f}}_j: T\}\), where \(\mathtt{f}_1 \ldots \mathtt{f}_j\) are fresh names. Occurrences of terms a[i] are replaced by \(\mathtt{{a.f}}_i\), and array-expressions \([e_1, \ldots , e_j]\) are replaced by record-expressions \(\{\mathtt{{f}}_1 = e_1,\; \ldots , \mathtt{{f}}_j = e_j\}\).

Appendix B: Source code of programs analyzed in Sect. 6

figure a
figure b
figure c
figure d
figure e
figure f

Rights and permissions

Reprints and permissions

About this article

Cite this article

Bouajjani, A., Emmi, M. Bounded phase analysis of message-passing programs. Int J Softw Tools Technol Transfer 16, 127–146 (2014). https://doi.org/10.1007/s10009-013-0276-z

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10009-013-0276-z

Keywords

Search

Navigation