Context-bounded verification of liveness properties for multithreaded shared-memory programs

Baumann, Pascal; Majumdar, Rupak; Thinniyam, Ramanathan S.; Zetzsche, Georg

doi:10.1145/3434325

Cited by 9 publications

(7 citation statements)

References 49 publications

(29 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The thread-pooled, contextbounded fair termination problem asks if there is a fair non-terminating run. Baumann et al [2021] study the problem in the case of explicitly specified states (no Boolean variables) without thread pooling and reduce it to VASS reachability. Here, the reduction can be performed in elementary time.…”

Section: Discussionmentioning

confidence: 99%

“…There are, by now, many decidability results for context bounded verification in multi-threaded settings [Atig et al 2009;Baumann et al 2021;La Torre et al 2009, 2010Lal and Reps 2009;Meyer et al 2018;Musuvathi and Qadeer 2007;Qadeer and Rehof 2005]. The work of Atig et al [2009] is closest to ours in the programming model: they consider safety verification for a multithreaded shared memory model with dynamic thread spawns, the same as us.…”

Section: Introductionmentioning

confidence: 98%

See 1 more Smart Citation

Context-bounded verification of thread pools

Baumann

Majumdar

Thinniyam

et al. 2022

Proc. ACM Program. Lang.

Self Cite

View full text Add to dashboard Cite

Thread pooling is a common programming idiom in which a fixed set of worker threads are maintained to execute tasks concurrently. The workers repeatedly pick tasks and execute them to completion. Each task is sequential, with possibly recursive code, and tasks communicate over shared memory. Executing a task can lead to more new tasks being spawned. We consider the safety verification problem for thread-pooled programs. We parameterize the problem with two parameters: the size of the thread pool as well as the number of context switches for each task. The size of the thread pool determines the number of workers running concurrently. The number of context switches determines how many times a worker can be swapped out while executing a single task---like many verification problems for multithreaded recursive programs, the context bounding is important for decidability. We show that the safety verification problem for thread-pooled, context-bounded, Boolean programs is EXPSPACE-complete, even if the size of the thread pool and the context bound are given in binary. Our main result, the EXPSPACE upper bound, is derived using a sequence of new succinct encoding techniques of independent language-theoretic interest. In particular, we show a polynomial-time construction of downward closures of languages accepted by succinct pushdown automata as doubly succinct nondeterministic finite automata. While there are explicit doubly exponential lower bounds on the size of nondeterministic finite automata accepting the downward closure, our result shows these automata can be compressed. We show that thread pooling significantly reduces computational power: in contrast, if only the context bound is provided in binary, but there is no thread pooling, the safety verification problem becomes 3EXPSPACE-complete. Given the high complexity lower bounds of related problems involving binary parameters, the relatively low complexity of safety verification with thread-pooling comes as a surprise.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 98%

Context-bounded verification of thread pools

Baumann

Majumdar

Thinniyam

et al. 2022

Proc. ACM Program. Lang.

Self Cite

View full text Add to dashboard Cite

show abstract

Section: Introductionmentioning

confidence: 98%

Context-Bounded Verification of Thread Pools

Baumann¹,

Majumdar²,

Thinniyam³

et al. 2021

Preprint

Self Cite

View full text Add to dashboard Cite

Thread pooling is a common programming idiom in which a fixed set of worker threads are maintained to execute tasks concurrently. The workers repeatedly pick tasks and execute them to completion. Each task is sequential, with possibly recursive code, and tasks communicate over shared memory. Executing a task can lead to more new tasks being spawned. We consider the safety verification problem for thread-pooled programs. We parameterize the problem with two parameters: the size of the thread pool as well as the number of context switches for each task. The size of the thread pool determines the number of workers running concurrently. The number of context switches determines how many times a worker can be swapped out while executing a single task-like many verification problems for multithreaded recursive programs, the context bounding is important for decidability.We show that the safety verification problem for thread-pooled, context-bounded, Boolean programs is EXPSPACE-complete, even if the size of the thread pool and the context bound are given in binary. Our main result, the EXPSPACE upper bound, is derived using a sequence of new succinct encoding techniques of independent language-theoretic interest. In particular, we show a polynomial-time construction of downward closures of languages accepted by succinct pushdown automata as doubly succinct nondeterministic finite automata. While there are explicit doubly exponential lower bounds on the size of nondeterministic finite automata accepting the downward closure, our result shows these automata can be compressed. We show that thread pooling significantly reduces computational power: in contrast, if only the context bound is provided in binary, but there is no thread pooling, the safety verification problem becomes 3EXPSPACE-complete. Given the high complexity lower bounds of related problems involving binary parameters, the relatively low complexity of safety verification with thread-pooling comes as a surprise.CCS Concepts: • Theory of computation → Concurrency; • Software and its engineering → Software verification.

show abstract

“…A stateless model checker (SMC) explores the behavior of the concurrent program by manipulating traces instead of states, where each (concurrent) trace is an interleaving of event sequences of the corresponding threads [6]. To further improve performance, various techniques try to reduce the number of explored traces, such as context bounded techniques [7][8][9][10] As many interleavings induce the same program behavior, SMC partitions the interleaving space into equivalence classes and attempts to sample a few representative traces from each class. The most popular approach in this domain is partialorder reduction techniques [6,11,12], which deems interleavings as equivalent based on the way that conflicting memory accesses are ordered, also known as the Mazurkiewicz equivalence [13].…”

Section: Introductionmentioning

confidence: 99%

Stateless Model Checking Under a Reads-Value-From Equivalence

Agarwal

Chatterjee

Pathak

et al. 2021

Computer Aided Verification

View full text Add to dashboard Cite

Stateless model checking (SMC) is one of the standard approaches to the verification of concurrent programs. As scheduling non-determinism creates exponentially large spaces of thread interleavings, SMC attempts to partition this space into equivalence classes and explore only a few representatives from each class. The efficiency of this approach depends on two factors: (a) the coarseness of the partitioning, and (b) the time to generate representatives in each class. For this reason, the search for coarse partitionings that are efficiently explorable is an active research challenge.In this work we present $${\text {RVF-SMC}}$$ RVF-SMC , a new SMC algorithm that uses a novel reads-value-from (RVF) partitioning. Intuitively, two interleavings are deemed equivalent if they agree on the value obtained in each read event, and read events induce consistent causal orderings between them. The RVF partitioning is provably coarser than recent approaches based on Mazurkiewicz and “reads-from” partitionings. Our experimental evaluation reveals that RVF is quite often a very effective equivalence, as the underlying partitioning is exponentially coarser than other approaches. Moreover, $${\text {RVF-SMC}}$$ RVF-SMC generates representatives very efficiently, as the reduction in the partitioning is often met with significant speed-ups in the model checking task.

show abstract

Context-bounded verification of liveness properties for multithreaded shared-memory programs

Cited by 9 publications

References 49 publications

Context-bounded verification of thread pools

Context-bounded verification of thread pools

Context-Bounded Verification of Thread Pools

Stateless Model Checking Under a Reads-Value-From Equivalence

Contact Info

Product

Resources

About