Automated Analysis of Data-Dependent Programs with Dynamic Memory

Abdulla, Parosh Aziz; Atto, Muhsin; Cederberg, Jonathan; Ji, Ran

doi:10.1007/978-3-642-04761-9_16

Cited by 7 publications

(7 citation statements)

References 23 publications

(19 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Our approach is to the best of our knowledge the first sound and complete automated analysis that captures concurrent set implementations. As for the model of the heap, closest to ours is the model of [1], but the work in [1] is on abstraction of sequential heap accessing programs. There is an emerging literature on automata and logics over data words [14,3] and algorithmic analysis of programs accessing data words [2].…”

Section: Introductionmentioning

confidence: 99%

Model Checking of Linearizability of Concurrent List Implementations

Černý

Radhakrishna

Zufferey

et al. 2010

Computer Aided Verification

View full text Add to dashboard Cite

Abstract. Concurrent data structures with fine-grained synchronization are notoriously difficult to implement correctly. The difficulty of reasoning about these implementations does not stem from the number of variables or the program size, but rather from the large number of possible interleavings. These implementations are therefore prime candidates for model checking. We introduce an algorithm for verifying linearizability of singly-linked heap-based concurrent data structures. We consider a model consisting of an unbounded heap where each node consists an element from an unbounded data domain, with a restricted set of operations for testing and updating pointers and data elements. Our main result is that linearizability is decidable for programs that invoke a fixed number of methods, possibly in parallel. This decidable fragment covers many of the common implementation techniques -fine-grained locking, lazy synchronization, and lock-free synchronization. We also show how the technique can be used to verify optimistic implementations with the help of programmer annotations. We developed a verification tool CoLT and evaluated it on a representative sample of Java implementations of the concurrent set data structure. The tool verified linearizability of a number of implementations, found a known error in a lock-free implementation and proved that the corrected version is linearizable.

show abstract

Section: Introductionmentioning

confidence: 99%

Model Checking of Linearizability of Concurrent List Implementations

Černý

Radhakrishna

Zufferey

et al. 2010

Computer Aided Verification

View full text Add to dashboard Cite

show abstract

“…Monotonic abstraction is a well-known technique introduced by P. A. Abdulla and collaborators in a series of papers (like for instance [1,3,8,9]); the technique was originally applied in the context of verification of distributed systems, but successively extended also elsewhere (see e.g. [6,7]). The approach has been reformulated in [16,17] within the declarative context of array-based systems [34] in order to apply it to the verification of reliable broadcast algorithms [39] in a fault-tolerant environment.…”

Section: Introductionmentioning

confidence: 99%

Monotonic Abstraction Techniques: from Parametric to Software Model Checking

Alberti

Ghilardi

Sharygina

2014

Electron. Proc. Theor. Comput. Sci.

View full text Add to dashboard Cite

Monotonic abstraction is a technique introduced in model checking parameterized distributed systems in order to cope with transitions containing global conditions within guards. The technique has been re-interpreted in a declarative setting in previous papers of ours and applied to the verification of fault tolerant systems under the so-called 'stopping failures' model. The declarative reinterpretation consists in logical techniques (quantifier relativizations and, especially, quantifier instantiations) making sense in a broader context. In fact, we recently showed that such techniques can over-approximate array accelerations, so that they can be employed as a meaningful (and practically effective) component of CEGAR loops in software model checking too. 1 c 1 to c 2 . More precisely, the abstraction kills (deletes) all the processes inside the configuration which violate the universal condition. Since the abstract transition relation is an over-approximation of the original one, proving a safety property in the abstract system implies that the property also holds in the original system." Array-Based SystemsArray-based systems were first introduced in [34]: the underlying idea is that of specifying systems of various nature using array theories like those studied in [24,25] and implemented in common SMTsolvers. Array theories are multi-sorted and very flexible; typically one has three sorts: for indexes, elements and arrays. To specify a distributed system, one can use the index sort to model processes and

show abstract

“…As discussed below, various approaches to automated verification of dynamic pointer-linked data structures are currently studied in the literature. One of these approaches is based on using monotonic abstraction and backward reachability [4,2]. This approach has been shown to be very successful in handling systems with complex graph-structured configurations when verifying parameterized systems [3].…”

Section: Introductionmentioning

confidence: 99%

“…Several different approaches have been proposed for automated verification of programs with dynamic linked data structures. The most-known approaches include works based on monadic second-order logic on graph types [10], 3-valued predicate logic with transitive closure [14], separation logic [12,11,15,6], other kinds of logics [16,9], finite tree automata [5,7], forest automata [8], graph grammars [13], upward-closed sets [4,2], as well as other formalisms.…”

Section: Introductionmentioning

confidence: 99%

“…This extension has required a new notion of signatures, a new pre-order on them, as well as new operations manipulating them. Not counting [4,2], the other existing works are based on other formalisms than the one used here, and they use a forward reachability computation whereas the present paper uses a backward reachability computation. Apart from that, when comparing the approach followed in this work with the other existing approaches, one of the most attractive features of our method is its simplicity.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Monotonic Abstraction for Programs with Multiply-Linked Structures

Abdulla

Cederberg

Vojnar

2011

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. We investigate the use of monotonic abstraction and backward reachability analysis as means of performing shape analysis on programs with multiply pointed structures. By encoding the heap as a vertex-and edge-labeled graph, we can model the low level behaviour exhibited by programs written in the C programming language. Using the notion of signatures, which are predicates that define sets of heaps, we can check properties such as absence of null pointer dereference and shape invariants. We report on the results from running a prototype based on the method on several programs such as insertion into and merging of doubly-linked lists.

show abstract

Automated Analysis of Data-Dependent Programs with Dynamic Memory

Cited by 7 publications

References 23 publications

Model Checking of Linearizability of Concurrent List Implementations

Model Checking of Linearizability of Concurrent List Implementations

Monotonic Abstraction Techniques: from Parametric to Software Model Checking

Monotonic Abstraction for Programs with Multiply-Linked Structures

Contact Info

Product

Resources

About