Symbolic Model Checking of Concurrent Programs Using Partial Orders and On-the-Fly Transactions
The state explosion problem is one of the core bottlenecks in the model checking of concurrent software. We show how to ameliorate the problem by combining the ability of partial order techniques to reduce the state space of the concurrent program with the power of symbolic model checking to explore large state spaces. Our new verification methodology involves translating the given concurrent program into a circuit-based model which gives us the flexibility to then employ any model checking technique of choice – either SAT or BDD-based – for verifying a broad range of linear time properties, not just safety. The reduction in the explored state-space is obtained by statically augmenting the symbolic encoding of the program by additional constraints. These constraints restrict the scheduler to choose from a minimal conditional stubborn set of transitions at each state. Another key contribution of the paper, is a new method for detecting transactions on-the-fly which takes into account patterns of lock acquisition and yields better reductions than existing methods which rely on a lockset based analysis. Moreover unlike existing techniques, identifying on-the-fly transactions does not require the program to follow a lock discipline in accessing shared variables. We have applied our techniques to the Daisy test bench and shown the existence of several bugs.
KeywordsModel Check Global State Concurrent Program Context Switch Symbolic Model Check
Unable to display preview. Download preview PDF.
- [dai]Joint CAV/ISSTA Special Event on Specification, Verification, and Testing of Concurrent Software, http://research.microsoft.com/~qadeer/cav-issta.htm
- [FG05]Flanagan, C., Godefroid, P.: Dynamic partial-order reduction for model checking software. In: POPL 2005, pp. 110–121 (2005)Google Scholar
- [FQ03]Flanagan, C., Qadeer, S.: Transactions for software model checking. In: SoftMC 2003 (2003)Google Scholar
- [GLST05]Grumberg, O., Lerda, F., Strichman, O., Theobald, M.: Proof-guided underapproximation widening for multi process systems. In: POPL 2005, pp. 122–131 (2005)Google Scholar
- [God96]Godefroid, P.: Partial-order methods for the verification of concurrent systems: an approach to the state-explosion problem. LNCS, vol. 1032. Springer, Heidelberg (1996)Google Scholar
- [God97]Godefroid, P.: Model checking for programming languages using verisoft. In: POPL 1997, pp. 174–186 (1997)Google Scholar
- [ISGG05]Ivančić, F., Shlyakhter, I., Gupta, A., Ganai, M.: Model checking c programs using F-Soft. In: ICCD (2005)Google Scholar
- [LST03]Lerda, F., Sinha, N., Theobald, M.: Symbolic model checking of software. Electr. Notes Theor. Comput. Sci. 89(3) (2003)Google Scholar
- [McM93]McMillan, K.L.: Symbolic model checking: an approach to the state explosion problem. Kluwer Academic Publishers, Dordrecht (1993)Google Scholar