Parameterized Verification of Multithreaded Software Libraries

  • Thomas Ball
  • Sagar Chaki
  • Sriram K. Rajamani
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2031)

Abstract

The growing popularity of multi-threading has led to a great number of software libraries that support access by multiple threads. We present Local/Global Finite State Machines (LGFSMs) as a model for a certain class of multithreaded libraries. We have developed a tool called Beacon that does parameterized model checking of LGFSMs. We demonstrate the expressiveness of LGFSMs as models, and the effectiveness of Beacon as a model checking tool by (1) modeling a multithreaded memory manager Rockall developed at Microsoft Research as an LGFSM, and (2) using Beacon to check a critical safety property of Rockall.

References

  1. [ACJYK96]
    P. A. Abdulla, K. Cerans, B. Jonsson, and T. Yih-Kuen. General decidability theorems for infinite-state systems. LICS’ 96: 11th IEEE Symp. Logic in Computer Science, pages 313–321, July 1996.Google Scholar
  2. [AJ97]
    P. A. Abdulla and B. Jonsson. Ensuring completeness of symbolic verificatiom methods for infinite-state systems. Theoretical Computer Science, 1997.Google Scholar
  3. [BCR00]
    Thomas Ball, Sagar Chaki, and Sriram K. Rajamani. Parameterized verification of multithreaded software libraries. Technical Report MSRTR-2000-116, Microsoft Research, December 2000.Google Scholar
  4. [BR00a]
    T. Ball and S. K. Rajamani. Bebop: A symbolic model checker for boolean programs. SPIN 00: SPIN Workshop, Lecture Notes in Computer Science 1885, pages 113–130. Springer-Verlag, 2000.Google Scholar
  5. [BR00b]
    T. Ball and S. K. Rajamani. Boolean programs: A model and process for software analysis. Technical Report MSR-TR-2000-14, Microsoft Research, February 2000.Google Scholar
  6. [CDH+00]
    James Corbett, Matthew Dwyer, John Hatcliff, Corina Pasareanu, Robby, Shawn Laubach, and Hongjun Zheng. Bandera: Extracting finite-state models from Java source code. ICSE 2000: International Conference on Software Engineering, 2000.Google Scholar
  7. [Del00]
    G. Delzanno. Automatic Verification of Parameterized Cache Coherence Protocols. CAV 00: Computer Aided Verification, Lecture Notes in Computer Science 1855, pages 53–68. Springer-Verlag, 2000.CrossRefGoogle Scholar
  8. [EN94]
    J. Esparza and M. Nielsen. Decibility issues for petri nets-a survey. Journal of Informatik Processing and Cybernetics, 30(3):143–160, 1994.MATHGoogle Scholar
  9. [EN96]
    E. A. Emerson and K. S. Namjoshi. Automatic Verification of Parameterized Synchronous Systems. CAV 96: Computer Aided Verification, Lecture Notes in Computer Science 1102, pages 87–98. Springer-Verlag, 1996.Google Scholar
  10. [Fin90]
    A. Finkel. Reduction and covering of infinite reachability trees. Information and Computation, 89:144–179, 1990.MATHCrossRefMathSciNetGoogle Scholar
  11. [Fin93]
    A. Finkel. The minimal coverability graph for petri nets. Advances in Petri Nets, Lecture Notes in Computer Sceince, 674:210–243, 1993.Google Scholar
  12. [FS00]
    A. Finkel and Ph. Schnoebelen. Well-structured transition systems everywhere! Theoretical Computer Science, 2000. To appear.Google Scholar
  13. [GS92]
    S. M. German and A. P. Sistla. Reasoning about systems with many processes. JACM, 39(3), July 1992.Google Scholar
  14. [HP00]
    K. Havelund and T. Pressburger. Model checking Java programs using JavaPathFinder. STTT: International Journal on Software Tools for Technology Transfer, 2(4), April 2000.Google Scholar
  15. [KM69]
    R. M. Karp and R. E. Miller. Parallel program schemata. Journal of Computer and System Sciences, 3:147–195, 1969.MATHMathSciNetGoogle Scholar
  16. [Lip76]
    R. J. Lipton. The reachability problem requires exponential space. Technical report, Department of Computer Science, Yale University, 1976.Google Scholar
  17. [McM]
  18. [Pet62]
    C. Petri. Fundamentals of a theory of asynchronous information flow. Information Processing 62, Proceedings of the 1962 IFIP Congress, pages 386–390, 1962.Google Scholar
  19. [Rac78]
    C. Rackoff. The covering and boundedness problem for vector addition systems. Theoretical Computer Science, 6:223–231, 1978.MATHCrossRefMathSciNetGoogle Scholar
  20. [Ram99]
    G. Ramalingam. Context sensitive synchronization sensitive analysis is undecidable. Technical Report RC21493, IBM T.J.Watson Research, May 1999.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Thomas Ball
    • 1
  • Sagar Chaki
    • 2
  • Sriram K. Rajamani
    • 3
  1. 1.Microsoft ResearchUSA
  2. 2.Carnegie Melon UniversityUSA
  3. 3.Microsoft ResearchUSA

Personalised recommendations