From Traces to Proofs: Proving Concurrent Programs Safe

Abstract: Nondeterminism in scheduling is the cardinal reason for difficulty in proving correctness of concurrent programs. A powerful proof strategy was recently proposed [6] to show the correctness of such programs. The approach captured dataflow dependencies among the instructions of an interleaved and error-free execution of threads. These data-flow dependencies were represented by an inductive data-flow graph (iDFG), which, in a nutshell, denotes a set of executions of the concurrent program that gave rise to the d… Show more

“…As a consequence of Theorem 1 one can use an explicit state model checker for state reachability analysis of finite data domain programs. However, in this paper we are interested in adapting a recently proposed trace partitioning based verification method [16,25] for relaxed memory models. This method has been shown very effective for verification under the SC memory model.…”

“…Towards this we first define TSO k , TSO semantics with buffer size k, and then characterize a bound k 0 such that if a program is safe in TSO k0 then it is safe for any buffer bound greater than k 0 . We adapt a recently proposed trace partitioning based approach [16,25] for the TSO memory model. These methods work for the SC memory model as follows: the set of all SC executions of a program P are partitioned in a set of equivalence classes such that it is sufficient to prove the correctness of only one execution per equivalence class.…”

“…As this trace partitioning approach works with symbolic executions, we first define an equivalent TSO semantics to generate a set of symbolic TSO traces. Subsequently we invoke a trace partitioning tool ProofTraPar [25] for proving the correctness of these traces. Note that the set of behaviors of a program P under TSO k is a subset of the behaviors of P under TSO k ′ for any k ′ > k. The trace partitioning approach allows us to reuse the proof of correctness of P with buffer bound k in the proof of correctness of P with any buffer bound greater than k. In a nutshell, the main contributions of this work are:…”

“…-We characterize a buffer bound in case of finite state programs such that if the program is correct under TSO up to that bound then it is correct for unbounded buffers as well. -We adapt the recently proposed trace partition based proof strategy of SC verification [16,25] for TSO by defining an equivalent TSO semantics to generate a set of symbolic TSO traces. -We implement our approach in a tool, ProofTraPar [25], and compare its performance against memorax [2], a sound and complete verifier for safety properties under TSO.…”

“…-We adapt the recently proposed trace partition based proof strategy of SC verification [16,25] for TSO by defining an equivalent TSO semantics to generate a set of symbolic TSO traces. -We implement our approach in a tool, ProofTraPar [25], and compare its performance against memorax [2], a sound and complete verifier for safety properties under TSO. We perform competitively in terms of time as well as space.…”

Efficient Verification of Concurrent Programs Over TSO Memory Model

“…As a consequence of Theorem 1 one can use an explicit state model checker for state reachability analysis of finite data domain programs. However, in this paper we are interested in adapting a recently proposed trace partitioning based verification method [16,25] for relaxed memory models. This method has been shown very effective for verification under the SC memory model.…”

“…Towards this we first define TSO k , TSO semantics with buffer size k, and then characterize a bound k 0 such that if a program is safe in TSO k0 then it is safe for any buffer bound greater than k 0 . We adapt a recently proposed trace partitioning based approach [16,25] for the TSO memory model. These methods work for the SC memory model as follows: the set of all SC executions of a program P are partitioned in a set of equivalence classes such that it is sufficient to prove the correctness of only one execution per equivalence class.…”

“…As this trace partitioning approach works with symbolic executions, we first define an equivalent TSO semantics to generate a set of symbolic TSO traces. Subsequently we invoke a trace partitioning tool ProofTraPar [25] for proving the correctness of these traces. Note that the set of behaviors of a program P under TSO k is a subset of the behaviors of P under TSO k ′ for any k ′ > k. The trace partitioning approach allows us to reuse the proof of correctness of P with buffer bound k in the proof of correctness of P with any buffer bound greater than k. In a nutshell, the main contributions of this work are:…”

“…-We characterize a buffer bound in case of finite state programs such that if the program is correct under TSO up to that bound then it is correct for unbounded buffers as well. -We adapt the recently proposed trace partition based proof strategy of SC verification [16,25] for TSO by defining an equivalent TSO semantics to generate a set of symbolic TSO traces. -We implement our approach in a tool, ProofTraPar [25], and compare its performance against memorax [2], a sound and complete verifier for safety properties under TSO.…”

“…-We adapt the recently proposed trace partition based proof strategy of SC verification [16,25] for TSO by defining an equivalent TSO semantics to generate a set of symbolic TSO traces. -We implement our approach in a tool, ProofTraPar [25], and compare its performance against memorax [2], a sound and complete verifier for safety properties under TSO. We perform competitively in terms of time as well as space.…”

Efficient Verification of Concurrent Programs Over TSO Memory Model