Advertisement

Effect Summaries for Thread-Modular Analysis

Sound Analysis Despite an Unsound Heuristic
  • Lukáš Holík
  • Roland Meyer
  • Tomáš Vojnar
  • Sebastian Wolff
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10422)

Abstract

We propose a novel guess-and-check principle to increase the efficiency of thread-modular verification of lock-free data structures. We build on a heuristic that guesses candidates for stateless effect summaries of programs by searching the code for instances of a copy-and-check programming idiom common in lock-free data structures. These candidate summaries are used to compute the interference among threads in linear time. Since a candidate summary need not be a sound effect summary, we show how to fully automatically check whether the precision of candidate summaries is sufficient. We can thus perform sound verification despite relying on an unsound heuristic. We have implemented our approach and found it up to two orders of magnitude faster than existing ones.

References

  1. 1.
    Abadi, M., Lamport, L.: The existence of refinement mappings. In: LICS. pp. 165–175. IEEE, Las Vegas (1988)Google Scholar
  2. 2.
    Abdulla, P.A., Haziza, F., Holík, L., Jonsson, B., Rezine, A.: An integrated specification and verification technique for highly concurrent data structures. In: Piterman, N., Smolka, S.A. (eds.) TACAS 2013. LNCS, vol. 7795, pp. 324–338. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-36742-7_23 CrossRefGoogle Scholar
  3. 3.
    Abdulla, P.A., Jonsson, B., Trinh, C.Q.: Automated verification of linearization policies. In: Rival, X. (ed.) SAS 2016. LNCS, vol. 9837, pp. 61–83. Springer, Heidelberg (2016). doi: 10.1007/978-3-662-53413-7_4 CrossRefGoogle Scholar
  4. 4.
    Berdine, J., Lev-Ami, T., Manevich, R., Ramalingam, G., Sagiv, M.: Thread quantification for concurrent shape analysis. In: Gupta, A., Malik, S. (eds.) CAV 2008. LNCS, vol. 5123, pp. 399–413. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-70545-1_37 CrossRefGoogle Scholar
  5. 5.
    Beyer, D., Henzinger, T.A., Keremoglu, M.E., Wendler, P.: Conditional model checking: a technique to pass information between verifiers. In: SIGSOFT FSE. p. 57. ACM, New York (2012)Google Scholar
  6. 6.
    Christakis, M., Wüstholz, V.: Bounded abstract interpretation. In: Rival, X. (ed.) SAS 2016. LNCS, vol. 9837, pp. 105–125. Springer, Heidelberg (2016). doi: 10.1007/978-3-662-53413-7_6 CrossRefGoogle Scholar
  7. 7.
    Cook, B., Haase, C., Ouaknine, J., Parkinson, M., Worrell, J.: Tractable reasoning in a fragment of separation logic. In: Katoen, J.-P., König, B. (eds.) CONCUR 2011. LNCS, vol. 6901, pp. 235–249. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-23217-6_16 CrossRefGoogle Scholar
  8. 8.
    Doherty, S., Groves, L., Luchangco, V., Moir, M.: Formal verification of a practical lock-free queue algorithm. In: FORTE. LNCS, vol. 3235, pp. 97–114. Springer, New York (2004)Google Scholar
  9. 9.
    Elmas, T., Qadeer, S., Sezgin, A., Subasi, O., Tasiran, S.: Simplifying linearizability proofs with reduction and abstraction. In: Esparza, J., Majumdar, R. (eds.) TACAS 2010. LNCS, vol. 6015, pp. 296–311. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-12002-2_25 CrossRefGoogle Scholar
  10. 10.
    Elmas, T., Qadeer, S., Tasiran, S.: A calculus of atomic actions. In: POPL. pp. 2–15. ACM, New York (2009)Google Scholar
  11. 11.
    Flanagan, C., Qadeer, S.: Thread-modular model checking. In: Ball, T., Rajamani, S.K. (eds.) SPIN 2003. LNCS, vol. 2648, pp. 213–224. Springer, Heidelberg (2003). doi: 10.1007/3-540-44829-2_14 CrossRefGoogle Scholar
  12. 12.
    Gotsman, A., Berdine, J., Cook, B., Sagiv, M.: Thread-modular shape analysis. In: PLDI. pp. 266–277. ACM, New York (2007)Google Scholar
  13. 13.
    Gotsman, A., Rinetzky, N., Yang, H.: Verifying concurrent memory reclamation algorithms with grace. In: Felleisen, M., Gardner, P. (eds.) ESOP 2013. LNCS, vol. 7792, pp. 249–269. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-37036-6_15 CrossRefGoogle Scholar
  14. 14.
    Haziza, F., Holík, L., Meyer, R., Wolff, S.: Pointer race freedom. In: Jobstmann, B., Leino, K.R.M. (eds.) VMCAI 2016. LNCS, vol. 9583, pp. 393–412. Springer, Heidelberg (2016). doi: 10.1007/978-3-662-49122-5_19 CrossRefGoogle Scholar
  15. 15.
    Herlihy, M., Wing, J.M.: Linearizability: A correctness condition for concurrent objects. ACM TOPLAS 12(3), 463–492 (1990)CrossRefGoogle Scholar
  16. 16.
    Holík, L., Meyer, R., Vojnar, T., Wolff, S.: Effect summaries for thread-modular analysis. CoRR abs/1705.03701 (2017). http://arxiv.org/abs/1705.03701
  17. 17.
    Jagannathan, S., Petri, G., Vitek, J., Pichardie, D., Laporte, V.: Atomicity refinement for verified compilation. In: PLDI, p. 27. ACM, New York (2014)Google Scholar
  18. 18.
    Jones, C.B.: Specification and design of (parallel) programs. In: IFIP, pp. 321–332 (1983)Google Scholar
  19. 19.
    Jones, C.B.: Tentative steps toward a development method for interfering programs. ACM TOPLAS 5(4), 596–619 (1983)CrossRefzbMATHGoogle Scholar
  20. 20.
    Jonsson, B.: Using refinement calculus techniques to prove linearizability. Formal Asp. Comput. 24(4–6), 537–554 (2012)MathSciNetCrossRefzbMATHGoogle Scholar
  21. 21.
    Leroy, X.: A formally verified compiler back-end. JAR 43(4), 363–446 (2009)Google Scholar
  22. 22.
    Malkis, A., Podelski, A., Rybalchenko, A.: Thread-modular verification is cartesian abstract interpretation. In: Barkaoui, K., Cavalcanti, A., Cerone, A. (eds.) ICTAC 2006. LNCS, vol. 4281, pp. 183–197. Springer, Heidelberg (2006). doi: 10.1007/11921240_13 CrossRefGoogle Scholar
  23. 23.
    Michael, M.M., Scott, M.L.: Nonblocking algorithms and preemption-safe locking on multiprogrammed shared memory multiprocessors. JPDC 51(1), 1–26 (1998)zbMATHGoogle Scholar
  24. 24.
    Miné, A.: Static analysis of run-time errors in embedded critical parallel C programs. In: Barthe, G. (ed.) ESOP 2011. LNCS, vol. 6602, pp. 398–418. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-19718-5_21 CrossRefGoogle Scholar
  25. 25.
    Miné, A.: Relational thread-modular static value analysis by abstract interpretation. In: McMillan, K.L., Rival, X. (eds.) VMCAI 2014. LNCS, vol. 8318, pp. 39–58. Springer, Heidelberg (2014). doi: 10.1007/978-3-642-54013-4_3 CrossRefGoogle Scholar
  26. 26.
    Monat, R., Miné, A.: Precise thread-modular abstract interpretation of concurrent programs using relational interference abstractions. In: Bouajjani, A., Monniaux, D. (eds.) VMCAI 2017. LNCS, vol. 10145, pp. 386–404. Springer, Cham (2017). doi: 10.1007/978-3-319-52234-0_21 CrossRefGoogle Scholar
  27. 27.
    Popeea, C., Rybalchenko, A., Wilhelm, A.: Reduction for compositional verification of multi-threaded programs. In: FMCAD, pp. 187–194. IEEE, New York (2014)Google Scholar
  28. 28.
    Rocha Pinto, P., Dinsdale-Young, T., Gardner, P.: TaDA: a logic for time and data abstraction. In: Jones, R. (ed.) ECOOP 2014. LNCS, vol. 8586, pp. 207–231. Springer, Heidelberg (2014). doi: 10.1007/978-3-662-44202-9_9 Google Scholar
  29. 29.
    Schellhorn, G., Derrick, J., Wehrheim, H.: A sound and complete proof technique for linearizability of concurrent data structures. ACM TOCL 15(4), 31:1–31:37 (2014)Google Scholar
  30. 30.
    Segalov, M., Lev-Ami, T., Manevich, R., Ganesan, R., Sagiv, M.: Abstract transformers for thread correlation analysis. In: Hu, Z. (ed.) APLAS 2009. LNCS, vol. 5904, pp. 30–46. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-10672-9_5 CrossRefGoogle Scholar
  31. 31.
    Treiber, R.: Systems programming: coping with parallelism. Technical report RJ 5118, IBM (1986)Google Scholar
  32. 32.
    Vafeiadis, V.: Shape-value abstraction for verifying linearizability. In: Jones, N.D., Müller-Olm, M. (eds.) VMCAI 2009. LNCS, vol. 5403, pp. 335–348. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-93900-9_27 CrossRefGoogle Scholar
  33. 33.
    Vafeiadis, V.: Automatically proving linearizability. In: Touili, T., Cook, B., Jackson, P. (eds.) CAV 2010. LNCS, vol. 6174, pp. 450–464. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-14295-6_40 CrossRefGoogle Scholar
  34. 34.
    Vafeiadis, V.: RGSep action inference. In: Barthe, G., Hermenegildo, M. (eds.) VMCAI 2010. LNCS, vol. 5944, pp. 345–361. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-11319-2_25 CrossRefGoogle Scholar
  35. 35.
    Vafeiadis, V., Parkinson, M.: A marriage of rely/guarantee and separation logic. In: Caires, L., Vasconcelos, V.T. (eds.) CONCUR 2007. LNCS, vol. 4703, pp. 256–271. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-74407-8_18 CrossRefGoogle Scholar
  36. 36.
    Zhang, S.J., Liu, Y.: Model checking a lazy concurrent list-based set algorithm. In: SSIRI, pp. 43–52. IEEE, New York (2010)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Lukáš Holík
    • 1
  • Roland Meyer
    • 2
  • Tomáš Vojnar
    • 1
  • Sebastian Wolff
    • 2
    • 3
  1. 1.FIT BUTIT4Innovations Centre of ExcellenceBrnoCzech Republic
  2. 2.TU BraunschweigBraunschweigGermany
  3. 3.Fraunhofer ITWMKaiserslauternGermany

Personalised recommendations