Formal Methods in System Design

, Volume 25, Issue 2–3, pp 199–240 | Cite as

Exploiting Object Escape and Locking Information in Partial-Order Reductions for Concurrent Object-Oriented Programs

  • Matthew B. Dwyer
  • John Hatcliff
  • Robby
  • Venkatesh Prasad Ranganath

Abstract

Explicit-state model checking tools often incorporate partial-order reductions to reduce the number of system states explored (and thus the time and memory required) for verification. As model checking techniques are scaled up to software systems, it is important to develop and assess partial-order reduction strategies that are effective for addressing the complex structures found in software and for reducing the tremendous cost of model checking software systems.

In this paper, we consider a number of reduction strategies for model checking concurrent object-oriented software. We investigate a range of techniques that have been proposed in the literature, improve on those in several ways, and develop five novel reduction techniques that advance the state of the art in partial-order reduction for concurrent object-oriented systems. These reduction strategies are based on (a) detecting heap objects that are thread-local (i.e., can be accessed by a single thread) and (b) exploiting information about patterns of lock-acquisition and release in a program (building on previous work). We present empirical results that demonstrate upwards of a hundred fold reduction in both space and time over existing approaches to model checking concurrent Java programs. In addition to validating their effectiveness, we prove that the reductions preserve LTL−X properties and describe an implementation architecture that allows them to be easily incorporated into existing explicit-state software model checkers.

software model checking software verifcation partial order reduction escape analysis locking discipline 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    G.R. Andrews, Concurrent Programming: Principles and Practice. Addison–Wesley, 1991.Google Scholar
  2. 2.
    G. Behrmann, K.G. Larsen, and R. Pelánek, “To store or not to store,” in W.A.H. Jr. and F. Somenzi (Eds.), Proceedings of the 15th International Conference on Computer Aided Verification, Vol. 2725 of Lecture Notes in Computer Science, Springer, July 2003, pp. 433–445.Google Scholar
  3. 3.
    D. Bosnacki, D. Dams, and L. Holenderski, “Symmetric SPIN,” International Journal on Software Tools for Technology Transfer, 2002.Google Scholar
  4. 4.
    G. Brat and W. Visser, “Combining static analysis and model checking for software analysis,” in Proceedings of the 16th IEEE Conference on Automated Software Engineering, Nov. 2001.Google Scholar
  5. 5.
    J.–D. Choi, M. Gupta, M.J. Serrano, V.C. Sreedhar, and S.P. Midkiff, “Escape analysis for object oriented languages application to Java,” in OOPSLA'99 ACM Conference on Object–Oriented Systems, Languages and Applications, Vol. 34(10) of ACM SIGPLAN Notices, Denver, CO, ACM Press, Oct. 1999, pp. 1–19.Google Scholar
  6. 6.
    E. Clarke, O. Grumberg, and D. Peled, Model Checking. MIT Press, 2000.Google Scholar
  7. 7.
    J.C. Corbett, M.B. Dwyer, J. Hatcliff, S. Laubach, C.S. P?as?areanu, Robby, and H. Zheng, “Bandera: Extracting finite–state models from Java source code,” in Proceedings of the 22nd International Conference on Software Engineering, June 2000.Google Scholar
  8. 8.
    J.C. Corbett, M.B. Dwyer, J. Hatcliff, and Robby, “Expressing checkable properties of dynamic systems: The Bandera specification language,” International Journal on Software Tools for Technology Transfer, 2002.Google Scholar
  9. 9.
    C. Demartini, R. Iosif, and R. Sisto, “dSPIN: A dynamic extension of SPIN,” in Theoretical and Applied Aspects of SPIN Model Checking, LNCS 1680, Sept. 1999.Google Scholar
  10. 10.
    J. Dolby and A.A. Chien, “An automatic object inlining optimization and its evaluation,” In Proceedings of the ACM SIGPLAN '00 Conference on Programming Language Design and Implementation (PLDI–00), June 2000, pp. 345–357.Google Scholar
  11. 11.
    M.B. Dwyer, Robby, X. Deng, and J. Hatcliff, “Space reductions for model checking quasi–cyclic systems,” in Proceedings of the Third International Conference on Embedded Software, 2003.Google Scholar
  12. 12.
    M.B. Dwyer and V. Wallentine, “A framework for parallel adaptive grid simulations,” Concurrency: Practice and Experience. Vol. 9, No. 11, pp. 1293–1310, 1997.Google Scholar
  13. 13.
    C. Flanagan and S. Qadeer, “Transactions: A new approach to the state–explosion problem in software model checking,” in Proceedings of the 2nd Workshop on Software Model Chekcing, 2003.Google Scholar
  14. 14.
    C. Flanagan and S. Qadeer, “A type and effect system for atomicity,” in Proceedings of the ACM SIGPLAN 2003 Conference on Programming Language Design and Implementation, 2003.Google Scholar
  15. 15.
    P. Godefroid, Partial Order Methods for the Verification of Concurrent Systems, Vol. 1032 of Lecture Notes in Computer Science, Springer Verlag, 1996.Google Scholar
  16. 16.
    P. Godefroid, “Model–checking for programming languages using VeriSoft,” in Proceedings of the 24th ACM Symposium on Principles of Programming Languages (POPL'97), Jan. 1997, pp. 174–186.Google Scholar
  17. 17.
    B. Grant, M. Philipose, M. Mock, C. Chambers, and S.J. Eggers, “An evaluation of staged run–time optimizations in DyC,” in Proceedings of the ACM SIGPLAN '99 Conference on Programming Language Design and Implementation (PLDI–99), May 1999, pp. 293–304.Google Scholar
  18. 18.
    J. Hatcliff, M.B. Dwyer, and H. Zheng, “Slicing software for model construction,” Higher–order and Symbolic Computation, Vol. 13, No. 4, 2000.Google Scholar
  19. 19.
    J. Hatcliff, Robby, and M.B. Dwyer, “Verifying atomicity specifications for concurrent object–oriented software using model checking,” in M. Young (Ed.), Proceedings of the Fifth International Conference on Verifi–cation, Model Checking, and Abstract Interpretation (VMCAI 2004), No. 2937 in Lecture Notes in Computer Science, Jan. 2004.Google Scholar
  20. 20.
    G.J. Holzmann, “The model checker SPIN,” IEEE Transactions on Software Engineering, Vol. 23, No. 5, pp. 279–294, 1997.Google Scholar
  21. 21.
    G.J. Holzmann, “State compression in SPIN: Recursive indexing and compression training runs,” in Proceedings of Third International SPIN Workshop, Apr. 1997.Google Scholar
  22. 22.
    R. Iosif, “Symmetry reduction criteria for software model checking,” in Proceedings of Ninth International SPIN Workshop, Vol. 2318 of Lecture Notes in Computer Science, Springer–Verlag, Apr. 2002, pp. 22–41.Google Scholar
  23. 23.
    S. Katz and D. Peled, “Defining conditional independence using collapses,” Theoretical Computer Science, Vol. 101, pp. 337–359, 1992.Google Scholar
  24. 24.
    D. Lea, Concurrent Programming in Java, 2nd edn., Addison–Wesley, 2000.Google Scholar
  25. 25.
    T. Lindholm and F. Yellin, The Java Virtual Machine Specification. Addison–Wesley, 1999.Google Scholar
  26. 26.
    R.J. Lipton, “Reduction: A method of proving properties of parallel programs,” Communications of the ACM, Vol. 18, No. 12, 1975.Google Scholar
  27. 27.
    Robby, M.B. Dwyer, and J. Hatcliff, “Bogor: An extensible and highly–modular model checking framework,” in Proceedings of the 9th European Software Engineering Conference held jointly with the 11thACMSIGSOFT Symposium on the Foundations of Software Engineering, 2003.Google Scholar
  28. 28.
    Robby, M.B. Dwyer, J. Hatcliff, and R. Iosif, “Space–reduction strategies for model checking dynamic software,” in Proceedings of the 2nd Workshop on Software Model Chekcing, 2003.Google Scholar
  29. 29.
    E. Ruf, “Effective synchronization removal for java,” in Proceedings of the ACM SIGPLAN '00 Conference on Programming Language Design and Implementation (PLDI–00), June 2000, pp. 203–213.Google Scholar
  30. 30.
    S. Savage, M. Burrows, G. Nelson, P. Sobalvarro, and T. Anderson, “Eraser: A dynamic data race detector for multithreaded programs,” ACM Transactions on Computer Systems, Vol. 15, No. 4, pp. 391–411, 1997.Google Scholar
  31. 31.
    S. Stoller, “Model–checking multi–threaded distributed Java programs,” in International Journal on Software Tools for Technology Transfer. Springer–Verlag, 2002.Google Scholar
  32. 32.
    S. Stoller and E. Cohen, “Optimistic synchronization–based state–space reduction,” in Proceedings of the 9th International Conference on Tools and Algorithms for the Construction and Analysis of Systems, LNCS 2619, 2003.Google Scholar
  33. 33.
    W. Visser, K. Havelund, G. Brat, and S. Park, “Model checking programs,” in Proceedings of the 15th IEEE Conference on Automated Software Engineering, Sept. 2000.Google Scholar

Copyright information

© Kluwer Academic Publishers 2004

Authors and Affiliations

  • Matthew B. Dwyer
    • 1
  • John Hatcliff
    • 1
  • Robby
    • 1
  • Venkatesh Prasad Ranganath
    • 1
  1. 1.Department of Computing and Information SciencesKansas State UniversityManhattanUSA

Personalised recommendations