Parameterized Verification of Multithreaded Software Libraries

  • Thomas Ball
  • Sagar Chaki
  • Sriram K. Rajamani
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2031)


The growing popularity of multi-threading has led to a great number of software libraries that support access by multiple threads. We present Local/Global Finite State Machines (LGFSMs) as a model for a certain class of multithreaded libraries. We have developed a tool called Beacon that does parameterized model checking of LGFSMs. We demonstrate the expressiveness of LGFSMs as models, and the effectiveness of Beacon as a model checking tool by (1) modeling a multithreaded memory manager Rockall developed at Microsoft Research as an LGFSM, and (2) using Beacon to check a critical safety property of Rockall.


Model Check Global State Hash Table Safety Property Memory Manager 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. [ACJYK96]
    P. A. Abdulla, K. Cerans, B. Jonsson, and T. Yih-Kuen. General decidability theorems for infinite-state systems. LICS’ 96: 11th IEEE Symp. Logic in Computer Science, pages 313–321, July 1996.Google Scholar
  2. [AJ97]
    P. A. Abdulla and B. Jonsson. Ensuring completeness of symbolic verificatiom methods for infinite-state systems. Theoretical Computer Science, 1997.Google Scholar
  3. [BCR00]
    Thomas Ball, Sagar Chaki, and Sriram K. Rajamani. Parameterized verification of multithreaded software libraries. Technical Report MSRTR-2000-116, Microsoft Research, December 2000.Google Scholar
  4. [BR00a]
    T. Ball and S. K. Rajamani. Bebop: A symbolic model checker for boolean programs. SPIN 00: SPIN Workshop, Lecture Notes in Computer Science 1885, pages 113–130. Springer-Verlag, 2000.Google Scholar
  5. [BR00b]
    T. Ball and S. K. Rajamani. Boolean programs: A model and process for software analysis. Technical Report MSR-TR-2000-14, Microsoft Research, February 2000.Google Scholar
  6. [CDH+00]
    James Corbett, Matthew Dwyer, John Hatcliff, Corina Pasareanu, Robby, Shawn Laubach, and Hongjun Zheng. Bandera: Extracting finite-state models from Java source code. ICSE 2000: International Conference on Software Engineering, 2000.Google Scholar
  7. [Del00]
    G. Delzanno. Automatic Verification of Parameterized Cache Coherence Protocols. CAV 00: Computer Aided Verification, Lecture Notes in Computer Science 1855, pages 53–68. Springer-Verlag, 2000.CrossRefGoogle Scholar
  8. [EN94]
    J. Esparza and M. Nielsen. Decibility issues for petri nets-a survey. Journal of Informatik Processing and Cybernetics, 30(3):143–160, 1994.zbMATHGoogle Scholar
  9. [EN96]
    E. A. Emerson and K. S. Namjoshi. Automatic Verification of Parameterized Synchronous Systems. CAV 96: Computer Aided Verification, Lecture Notes in Computer Science 1102, pages 87–98. Springer-Verlag, 1996.Google Scholar
  10. [Fin90]
    A. Finkel. Reduction and covering of infinite reachability trees. Information and Computation, 89:144–179, 1990.zbMATHCrossRefMathSciNetGoogle Scholar
  11. [Fin93]
    A. Finkel. The minimal coverability graph for petri nets. Advances in Petri Nets, Lecture Notes in Computer Sceince, 674:210–243, 1993.Google Scholar
  12. [FS00]
    A. Finkel and Ph. Schnoebelen. Well-structured transition systems everywhere! Theoretical Computer Science, 2000. To appear.Google Scholar
  13. [GS92]
    S. M. German and A. P. Sistla. Reasoning about systems with many processes. JACM, 39(3), July 1992.Google Scholar
  14. [HP00]
    K. Havelund and T. Pressburger. Model checking Java programs using JavaPathFinder. STTT: International Journal on Software Tools for Technology Transfer, 2(4), April 2000.Google Scholar
  15. [KM69]
    R. M. Karp and R. E. Miller. Parallel program schemata. Journal of Computer and System Sciences, 3:147–195, 1969.zbMATHMathSciNetGoogle Scholar
  16. [Lip76]
    R. J. Lipton. The reachability problem requires exponential space. Technical report, Department of Computer Science, Yale University, 1976.Google Scholar
  17. [McM]
  18. [Pet62]
    C. Petri. Fundamentals of a theory of asynchronous information flow. Information Processing 62, Proceedings of the 1962 IFIP Congress, pages 386–390, 1962.Google Scholar
  19. [Rac78]
    C. Rackoff. The covering and boundedness problem for vector addition systems. Theoretical Computer Science, 6:223–231, 1978.zbMATHCrossRefMathSciNetGoogle Scholar
  20. [Ram99]
    G. Ramalingam. Context sensitive synchronization sensitive analysis is undecidable. Technical Report RC21493, IBM T.J.Watson Research, May 1999.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Thomas Ball
    • 1
  • Sagar Chaki
    • 2
  • Sriram K. Rajamani
    • 3
  1. 1.Microsoft ResearchUSA
  2. 2.Carnegie Melon UniversityUSA
  3. 3.Microsoft ResearchUSA

Personalised recommendations