Advertisement

Abstract Interpretation with Unfoldings

  • Marcelo Sousa
  • César Rodríguez
  • Vijay D’Silva
  • Daniel Kroening
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10427)

Abstract

We present and evaluate a technique for computing path-sensitive interference conditions during abstract interpretation of concurrent programs. In lieu of fixed point computation, we use prime event structures to compactly represent causal dependence and interference between sequences of transformers. Our main contribution is an unfolding algorithm that uses a new notion of independence to avoid redundant transformer application, thread-local fixed points to reduce the size of the unfolding, and a novel cutoff criterion based on subsumption to guarantee termination of the analysis. Our experiments show that the abstract unfolding produces an order of magnitude fewer false alarms than a mature abstract interpreter, while being several orders of magnitude faster than solver-based tools that have the same precision.

Notes

Acknowledgments

The authors would like to thank Antoine Miné for the invaluable help with AstreeA and the anonymous reviewers for their helpful feedback.

References

  1. 1.
    Abdulla, P., Aronis, S., Jonsson, B., Sagonas, K.: Optimal dynamic partial order reduction. In: Principles of Programming Languages (POPL), pp. 373–384. ACM (2014)Google Scholar
  2. 2.
    Alglave, J., Kroening, D., Tautschnig, M.: Partial orders for efficient bounded model checking of concurrent software. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 141–157. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-39799-8_9 CrossRefGoogle Scholar
  3. 3.
    Carre, J.-L., Hymans, C.: From single-thread to multithreaded: an efficient static analysis algorithm. arXiv:0910.5833[cs], October 2009
  4. 4.
    Cousot, P., Cousot, R., Logozzo, F.: A parametric segmentation functor for fully automatic and scalable array content analysis. In: Principles of Programming Languages (POPL), pp. 105–118. ACM (2011)Google Scholar
  5. 5.
    Esparza, J., Römer, S., Vogler, W.: An improvement of McMillan’s unfolding algorithm. Formal Methods Syst. Des. 20, 285–310 (2002)CrossRefzbMATHGoogle Scholar
  6. 6.
    Farzan, A., Holzer, A., Razavi, N., Veith, H.: Con2Colic testing. In: Foundations of Software Engineering (FSE), pp. 37–47. ACM (2013)Google Scholar
  7. 7.
    Farzan, A., Kincaid, Z.: Verification of parameterized concurrent programs by modular reasoning about data and control. In: Principles of Programming Languages (POPL), pp. 297–308. ACM (2012)Google Scholar
  8. 8.
    Farzan, A., Madhusudan, P.: Causal dataflow analysis for concurrent programs. In: Grumberg, O., Huth, M. (eds.) TACAS 2007. LNCS, vol. 4424, pp. 102–116. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-71209-1_10 CrossRefGoogle Scholar
  9. 9.
    Flanagan, C., Qadeer, S.: Thread-modular model checking. In: Ball, T., Rajamani, S.K. (eds.) SPIN 2003. LNCS, vol. 2648, pp. 213–224. Springer, Heidelberg (2003). doi: 10.1007/3-540-44829-2_14 CrossRefGoogle Scholar
  10. 10.
    Godefroid, P. (ed.): Partial-Order Methods for the Verification of Concurrent Systems. LNCS, vol. 1032. Springer, Heidelberg (1996). doi: 10.1007/3-540-60761-7 zbMATHGoogle Scholar
  11. 11.
    Günther, H., Laarman, A., Sokolova, A., Weissenbacher, G.: Dynamic reductions for model checking concurrent software. In: Bouajjani, A., Monniaux, D. (eds.) VMCAI 2017. LNCS, vol. 10145, pp. 246–265. Springer, Cham (2017). doi: 10.1007/978-3-319-52234-0_14 CrossRefGoogle Scholar
  12. 12.
    Hoenicke, J., Majumdar, R., Podelski, A.: Thread modularity at many levels: a pearl in compositional verification. In: Proceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming Languages, POPL 2017, pp. 473–485. ACM, New York (2017)Google Scholar
  13. 13.
    Jeannet, B.: Relational interprocedural verification of concurrent programs. Softw. Syst. Model. 12(2), 285–306 (2012)CrossRefGoogle Scholar
  14. 14.
    Kähkänen, K., Saarikivi, O., Heljanko, K.: Unfolding based automated testing of multithreaded programs. Autom. Softw. Eng. 22, 1–41 (2014)Google Scholar
  15. 15.
    Kusano, M., Wang, C.: Flow-sensitive composition of thread-modular abstract interpretation. In: Foundations of Software Engineering (FSE), pp. 799–809. ACM (2016)Google Scholar
  16. 16.
    Malkis, A., Podelski, A., Rybalchenko, A.: Precise thread-modular verification. In: Nielson, H.R., Filé, G. (eds.) SAS 2007. LNCS, vol. 4634, pp. 218–232. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-74061-2_14 CrossRefGoogle Scholar
  17. 17.
    McMillan, K.L.: Using unfoldings to avoid the state explosion problem in the verification of asynchronous circuits. In: Bochmann, G., Probst, D.K. (eds.) CAV 1992. LNCS, vol. 663, pp. 164–177. Springer, Heidelberg (1993). doi: 10.1007/3-540-56496-9_14 CrossRefGoogle Scholar
  18. 18.
    Miné, A.: Static analysis of run-time errors in embedded real-time parallel C programs. Log. Methods Comput. Sci. 8(1) (2012)Google Scholar
  19. 19.
    Miné, A.: Relational thread-modular static value analysis by abstract interpretation. In: McMillan, K.L., Rival, X. (eds.) VMCAI 2014. LNCS, vol. 8318, pp. 39–58. Springer, Heidelberg (2014). doi: 10.1007/978-3-642-54013-4_3 CrossRefGoogle Scholar
  20. 20.
    Monat, R., Miné, A.: Precise thread-modular abstract interpretation of concurrent programs using relational interference abstractions. In: Bouajjani, A., Monniaux, D. (eds.) VMCAI 2017. LNCS, vol. 10145, pp. 386–404. Springer, Cham (2017). doi: 10.1007/978-3-319-52234-0_21 CrossRefGoogle Scholar
  21. 21.
    Nielsen, M., Plotkin, G., Winskel, G.: Petri nets, event structures and domains, part I. Theoret. Comput. Sci. 13(1), 85–108 (1981)MathSciNetCrossRefzbMATHGoogle Scholar
  22. 22.
    Peled, D.: All from one, one for all: on model checking using representatives. In: Courcoubetis, C. (ed.) CAV 1993. LNCS, vol. 697, pp. 409–423. Springer, Heidelberg (1993). doi: 10.1007/3-540-56922-7_34 CrossRefGoogle Scholar
  23. 23.
    Rodréguez, C., Sousa, M., Sharma, S., Kroening, D.: Unfolding-based partial order reduction. In: Concurrency Theory (CONCUR). LIPIcs, vol. 42, pp. 456–469. Schloss Dagstuhl - Leibniz-Zentrum fuer Informatik (2015)Google Scholar
  24. 24.
    Sousa, M., Rodréguez, C., D’Silva, V., Kroening, D.: Abstract interpretation with unfoldings. CoRR abs/1705.00595 (2017)Google Scholar
  25. 25.
    Wachter, B., Kroening, D., Ouaknine, J.: Verifying multi-threaded software with impact. In: Formal Methods in Computer-Aided Design (FMCAD), pp. 210–217 (2013)Google Scholar
  26. 26.
    Yakobowski, B., Bonichon, R.: Frama-C’s Mthread plug-in. Report, Software Reliability Laboratory (2012)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Marcelo Sousa
    • 1
  • César Rodríguez
    • 2
    • 3
  • Vijay D’Silva
    • 4
  • Daniel Kroening
    • 1
    • 3
  1. 1.University of OxfordOxfordUK
  2. 2.Université Paris 13, Sorbonne Paris Cité, LIPN, CNRSParisFrance
  3. 3.Diffblue Ltd.OxfordUK
  4. 4.Google Inc.San FranciscoUSA

Personalised recommendations