Advertisement

Abstract

The interaction among concurrently executing threads of a program results in insidious programming errors that are difficult to reproduce and fix. Unfortunately, the problem of verifying a concurrent boolean program is undecidable [24]. In this paper, we prove that the problem is decidable, even in the presence of unbounded parallelism, if the analysis is restricted to executions in which the number of context switches is bounded by an arbitrary constant. Restricting the analysis to executions with a bounded number of context switches is unsound. However, the analysis can still discover intricate bugs and is sound up to the bound since within each context, a thread is fully explored for unbounded stack depth. We present an analysis of a real concurrent system by the ZING model checker which demonstrates that the ability to model check with arbitrary but fixed context bound in the presence of unbounded parallelism is valuable in practice. Implementing context-bounded model checking in ZING is left for future work.

Keywords

Model Check Global State Transition Relation Program Language Concurrent Program 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Alur, R., Grosu, R.: Modular refinement of hierarchic reactive machines. In: POPL 2000: Principles of Programming Languages, pp. 390–402. ACM, New York (2000)Google Scholar
  2. 2.
    Andrews, T., Qadeer, S., Rajamani, S.K., Rehof, J., Xie, Y.: Zing: Exploiting program structure for model checking concurrent software. In: Gardner, P., Yoshida, N. (eds.) CONCUR 2004. LNCS, vol. 3170, pp. 1–15. Springer, Heidelberg (2004) (Invited paper)Google Scholar
  3. 3.
    Autebert, J.-M., Berstel, J., Boasson, L.: Context-free languages and pushdown automata. In: Rozenberg, G., Salomaa, A. (eds.) Handbook of Formal Languages, vol. 1, pp. 111–174. Springer, Heidelberg (1997)Google Scholar
  4. 4.
    Ball, T., Rajamani, S.K.: The SLAM project: Debugging system software via static analysis. In: POPL 2002: Principles of Programming Languages, pp. 1–3. ACM, New York (2002)Google Scholar
  5. 5.
    Bouajjani, A., Esparza, J., Touili, T.: A generic approach to the static analysis of concurrent programs with procedures. In: POPL 2003: Principles of Programming Languages, pp. 62–73. ACM, New York (2003)Google Scholar
  6. 6.
    Chaki, S., Clarke, E.M., Groce, A., Jha, S., Veith, H.: Modular verification of software components in C. IEEE Transactions on Software Engineering 30(6), 388–402 (2004)CrossRefGoogle Scholar
  7. 7.
    Clarke, E.M., Biere, A., Raimi, R., Zhu, Y.: Bounded model checking using satisfiability solving. Formal Methods in System Design 19(1), 7–34 (2001)zbMATHCrossRefGoogle Scholar
  8. 8.
    Clarke, E.M., Emerson, E.A.: Synthesis of synchronization skeletons for branching time temporal logic. In: Logic of Programs. LNCS, vol. 131, pp. 52–71. Springer, Heidelberg (1981)CrossRefGoogle Scholar
  9. 9.
    Corbett, J., Dwyer, M., Hatcliff, J., Pasareanu, C., Robby, Laubach, S., Zheng, H.: Bandera: Extracting finite-state models from Java source code. In: ICSE 2000: Software Engineering (2000)Google Scholar
  10. 10.
    Das, M., Lerner, S., Seigle, M.: ESP: Path-sensitive program verification in polynomial time. In: PLDI 2002: Programming Language Design and Implementation, pp. 57–69. ACM, New York (2002)CrossRefGoogle Scholar
  11. 11.
    Esparza, J., Podelski, A.: Efficient algorithms for pre* and post* on interprocedural parallel flow graphs. In: POPL 2000: Principles of Programming Languages, pp. 1–11. ACM, New York (2000)Google Scholar
  12. 12.
    Finkel, A., Willems, B., Wolper, P.: A direct symbolic approach to model checking pushdown systems. Electronic Notes in Theoretical Computer Science 9 (1997)Google Scholar
  13. 13.
    Giannakopoulou, D., Pasareanu, C.S., Barringer, H.: Assumption generation for software component verification. In: ASE 2002: Automated Software Engineering, pp. 3–12 (2002)Google Scholar
  14. 14.
    Godefroid, P.: Model checking for programming languages using verisoft. In: POPL 1997: Principles of Programming Languages, pp. 174–186 (1997)Google Scholar
  15. 15.
    Henzinger, T.A., Jhala, R., Majumdar, R.: Race checking by context inference. In: PLDI 2004: Programming Language Design and Implementation, pp. 1–13 (2004)Google Scholar
  16. 16.
    Henzinger, T.A., Jhala, R., Majumdar, R., Qadeer, S.: Thread-modular abstraction refinement. In: Hunt Jr., W.A., Somenzi, F. (eds.) CAV 2003. LNCS, vol. 2725, pp. 262–274. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  17. 17.
    Holzmann, G.: The model checker SPIN. IEEE Transactions on Software Engineering 23(5), 279–295 (1997)CrossRefMathSciNetGoogle Scholar
  18. 18.
    Musuvathi, M., Park, D., Chou, A., Engler, D., Dill, D.L.: CMC: A pragmatic approach to model checking real code. In: OSDI 2002: Operating Systems Design and Implementation (2002)Google Scholar
  19. 19.
    Pong, F., Dubois, M.: Verification techniques for cache coherence protocols. ACM Computing Surveys 29(1), 82–126 (1997)CrossRefGoogle Scholar
  20. 20.
    Qadeer, S., Rajamani, S.K., Rehof, J.: Summarizing procedures in concurrent programs. In: POPL 2004: ACM Principles of Programming Languages, pp. 245–255. ACM, New York (2004)Google Scholar
  21. 21.
    Qadeer, S., Rehof, J.: Context-bounded model checking of concurrent software. Technical Report MSR-TR-2004-70, Microsoft Research (2004)Google Scholar
  22. 22.
    Qadeer, S., Wu, D.: KISS: Keep it simple and seqeuential. In: PLDI 2004: Programming Language Design and Implementation, pp. 14–24. ACM, New York (2004)CrossRefGoogle Scholar
  23. 23.
    Queille, J., Sifakis, J.: Specification and verification of concurrent systems in CESAR. In: Dezani-Ciancaglini, M., Montanari, U. (eds.) Fifth International Symposium on Programming. LNCS, vol. 137, pp. 337–351. Springer, Heidelberg (1981)Google Scholar
  24. 24.
    Ramalingam, G.: Context sensitive synchronization sensitive analysis is undecidable. ACM Trans. on Programming Languages and Systems 22, 416–430 (2000)CrossRefGoogle Scholar
  25. 25.
    Reps, T., Horwitz, S., Sagiv, M.: Precise interprocedural dataflow analysis via graph reachability. In: POPL 1995: Principles of Programming Languages, pp. 49–61. ACM, New York (1995)Google Scholar
  26. 26.
    Robby, M.D., Hatcliff, J.: Bogor: An extensible and highly-modular model checking framework. In: FSE 2003: Foundations of Software Engineering, pp. 267–276. ACM, New York (2003)Google Scholar
  27. 27.
    Schwoon, S.: Model-Checking Pushdown Systems. PhD thesis, Lehrstuhl für Informatik VII der Technischen Universität München (2000)Google Scholar
  28. 28.
    Sharir, M., Pnueli, A.: Two approaches to interprocedural data flow analysis. In: Program Flow Analysis: Theory and Applications, pp. 189–233. Prentice-Hall, Englewood Cliffs (1981)Google Scholar
  29. 29.
    Visser, W., Havelund, K., Brat, G., Park, S.: Model checking programs. In: ASE 2000: Automated Software Engineering, pp. 3–12 (2000)Google Scholar
  30. 30.
    Yahav, E.: Verifying safety properties of concurrent Java programs using 3-valued logic. In: POPL 2001: Principles of Programming Languages, pp. 27–40 (2001)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Shaz Qadeer
    • 1
  • Jakob Rehof
    • 1
  1. 1.Microsoft Research 

Personalised recommendations