Context Sensitive Dynamic Partial Order Reduction Miguel - - PowerPoint PPT Presentation

Miguel Gómez-Zamalloa, joint work with Elvira Albert, Puri Arenas, María García de la Banda, Miguel Isabel, Albert Rubio and Peter Stuckey

Context Sensitive Dynamic Partial Order Reduction

Introduction

• Verification and testing on concurrent programs —> State explosion

problem due to non-deterministic interleavings

• There are 30 possible traces -> p.q.q.r.r, p.q.r.q.r, p.q.r.r.q, p.r.q.q.r, p.r.q.r.q …

Introduction

• Verification and testing on concurrent programs —> State explosion

problem due to non-deterministic interleavings

• Example:

p q r x = 5; (p1) i = 0; j = 0; y = x; (q2) z = x; (r2)

(x = 0)

• There are 30 possible traces -> p.q.q.r.r, p.q.r.q.r, p.q.r.r.q, p.r.q.q.r, p.r.q.r.q …
• Only p1, q2 and r2 interact: p1<q2<r2 (p.q.q.r.r, p.q.r.q.r, p.r.q.q.r, q.p.q.r.r …), p1<r2<q2,

q2<p1<r2, q2<r2<p1, r2<p1<q2, r2<q2<p1 (6 classes of traces, or partial orders)

Introduction

• Verification and testing on concurrent programs —> State explosion

problem due to non-deterministic interleavings

• Example:

p q r x = 5; (p1) i = 0; j = 0; y = x; (q2) z = x; (r2)

(x = 0)

• There are 30 possible traces -> p.q.q.r.r, p.q.r.q.r, p.q.r.r.q, p.r.q.q.r, p.r.q.r.q …
• Only p1, q2 and r2 interact: p1<q2<r2 (p.q.q.r.r, p.q.r.q.r, p.r.q.q.r, q.p.q.r.r …), p1<r2<q2,

q2<p1<r2, q2<r2<p1, r2<p1<q2, r2<q2<p1 (6 classes of traces, or partial orders)

• Some still equivalent: p1<q2<r2, p1<r2<q2, q2<p1<r2, q2<r2<p1, r2<q2<p1, r2<p1<q2

Introduction

• Verification and testing on concurrent programs —> State explosion

problem due to non-deterministic interleavings

• Example:

p q r x = 5; (p1) i = 0; j = 0; y = x; (q2) z = x; (r2)

= =

(x = 0)

• There are 30 possible traces -> p.q.q.r.r, p.q.r.q.r, p.q.r.r.q, p.r.q.q.r, p.r.q.r.q …
• Only p1, q2 and r2 interact: p1<q2<r2 (p.q.q.r.r, p.q.r.q.r, p.r.q.q.r, q.p.q.r.r …), p1<r2<q2,

q2<p1<r2, q2<r2<p1, r2<p1<q2, r2<q2<p1 (6 classes of traces, or partial orders)

• Some still equivalent: p1<q2<r2, p1<r2<q2, q2<p1<r2, q2<r2<p1, r2<q2<p1, r2<p1<q2

Introduction

• Verification and testing on concurrent programs —> State explosion

problem due to non-deterministic interleavings

• Example:

p q r x = 5; (p1) i = 0; j = 0; y = x; (q2) z = x; (r2)

= =

Partial Order Reduction (POR) identifies equivalent executions

(x = 0)

3

• Execution E, events p,q and states s: E = p.q, s(E) is the state after E
• Two events p, q are independent if
• For all E, s(E.p.q) = s(E.q.p), and, they do not enable each other

Partial Order Reduction: Basic Concepts

3

• Execution E, events p,q and states s: E = p.q, s(E) is the state after E
• Two events p, q are independent if
• For all E, s(E.p.q) = s(E.q.p), and, they do not enable each other
• Example:
• y = x;(q2) and z = x;(r2) are independent
• i = 0;(q1) and y = x;(q2) are dependent (first enables second)
• y = x;(q2) and x = 5;(p1) are dependent (lead to different state)

Partial Order Reduction: Basic Concepts

p q r x = 5;(p1) i = 0;(q1) j = 0;(r1) y = x;(q2) z = x;(r2)

3

• Execution E, events p,q and states s: E = p.q, s(E) is the state after E
• Two events p, q are independent if
• For all E, s(E.p.q) = s(E.q.p), and, they do not enable each other
• Example:
• y = x;(q2) and z = x;(r2) are independent
• i = 0;(q1) and y = x;(q2) are dependent (first enables second)
• y = x;(q2) and x = 5;(p1) are dependent (lead to different state)
• An event p happens-before q in sequence E (written p —> q, or p < q) if

E = … p …. q … , and, p,q are dependent

Partial Order Reduction: Basic Concepts

p q r x = 5;(p1) i = 0;(q1) j = 0;(r1) y = x;(q2) z = x;(r2)

3

• Execution E, events p,q and states s: E = p.q, s(E) is the state after E
• Two events p, q are independent if
• For all E, s(E.p.q) = s(E.q.p), and, they do not enable each other
• Example:
• y = x;(q2) and z = x;(r2) are independent
• i = 0;(q1) and y = x;(q2) are dependent (first enables second)
• y = x;(q2) and x = 5;(p1) are dependent (lead to different state)
• An event p happens-before q in sequence E (written p —> q, or p < q) if

E = … p …. q … , and, p,q are dependent

Partial Order Reduction: Basic Concepts

p q r x = 5;(p1) i = 0;(q1) j = 0;(r1) y = x;(q2) z = x;(r2)

Executions with the same happens-before relation are equivalent Goal of POR: Explore (only) one trace per equivalence class

Dynamic Partial Order Reduction (DPOR)

• In the 90's several static POR methods were developed essentially

based on persistent sets and sleep sets —> 2014 CAV Award

4

Dynamic Partial Order Reduction (DPOR)

• In the 90's several static POR methods were developed essentially

based on persistent sets and sleep sets —> 2014 CAV Award

• DPOR was originally proposed by Flanagan & Godefroid in POPL'05

as an improvement to previous Static POR methods

• Persistent sets and sleep sets are computed dynamically on the fly
• It can be used in conjunction with static POR methods

4

Dynamic Partial Order Reduction (DPOR)

• In the 90's several static POR methods were developed essentially

based on persistent sets and sleep sets —> 2014 CAV Award

• DPOR was originally proposed by Flanagan & Godefroid in POPL'05

as an improvement to previous Static POR methods

• Persistent sets and sleep sets are computed dynamically on the fly
• It can be used in conjunction with static POR methods
• Since then several improvements/variants/adaptations have appeared

4

Dynamic Partial Order Reduction (DPOR)

• In the 90's several static POR methods were developed essentially

based on persistent sets and sleep sets —> 2014 CAV Award

• DPOR was originally proposed by Flanagan & Godefroid in POPL'05

as an improvement to previous Static POR methods

• Persistent sets and sleep sets are computed dynamically on the fly
• It can be used in conjunction with static POR methods
• Since then several improvements/variants/adaptations have appeared
• Optimal DPOR [POPL’14, Abdulla et. al.]
• It explores exactly one trace per equivalence class (without even initiating

any redundant execution)

4

DPOR in Action

5

backtrack set sleep set e e’ happens before relation

p q r x = 5; (p1) i = 0; j = 0; y = x; (q2) z = x; (r2)

• Depth-first, stateless traversal starting with an arbitrary

trace

• Backtracking points added to backtrack set when

finding reversible races

• Sleep set: Events that must not be explored

(x = 0)

final state stopped exploration e and e’ in race

DPOR in Action

5

p backtrack set sleep set e e’ happens before relation

p q r x = 5; (p1) i = 0; j = 0; y = x; (q2) z = x; (r2)

• Depth-first, stateless traversal starting with an arbitrary

trace

• Backtracking points added to backtrack set when

finding reversible races

• Sleep set: Events that must not be explored

(x = 0)

final state stopped exploration e and e’ in race

Dependency over-approximation: p and q are dependent if they access a common variable and at least one writes to it

DPOR in Action

5

p q backtrack set sleep set e e’ happens before relation

p q r x = 5; (p1) i = 0; j = 0; y = x; (q2) z = x; (r2)

• Depth-first, stateless traversal starting with an arbitrary

trace

• Backtracking points added to backtrack set when

finding reversible races

• Sleep set: Events that must not be explored

(x = 0)

final state stopped exploration e and e’ in race

Dependency over-approximation: p and q are dependent if they access a common variable and at least one writes to it

DPOR in Action

5

p q q backtrack set sleep set e e’ happens before relation

p q r x = 5; (p1) i = 0; j = 0; y = x; (q2) z = x; (r2)

• Depth-first, stateless traversal starting with an arbitrary

trace

• Backtracking points added to backtrack set when

finding reversible races

• Sleep set: Events that must not be explored

(x = 0)

final state stopped exploration e and e’ in race

Dependency over-approximation: p and q are dependent if they access a common variable and at least one writes to it

DPOR in Action

5

p q q backtrack set sleep set e e’ happens before relation

p q r x = 5; (p1) i = 0; j = 0; y = x; (q2) z = x; (r2)

• Depth-first, stateless traversal starting with an arbitrary

trace

• Backtracking points added to backtrack set when

finding reversible races

• Sleep set: Events that must not be explored

(x = 0)

final state stopped exploration e and e’ in race

Dependency over-approximation: p and q are dependent if they access a common variable and at least one writes to it

DPOR in Action

5

p q q q backtrack set sleep set e e’ happens before relation

p q r x = 5; (p1) i = 0; j = 0; y = x; (q2) z = x; (r2)

• Depth-first, stateless traversal starting with an arbitrary

trace

• Backtracking points added to backtrack set when

finding reversible races

• Sleep set: Events that must not be explored

(x = 0)

final state stopped exploration e and e’ in race

DPOR in Action

5

p q q r q backtrack set sleep set e e’ happens before relation

p q r x = 5; (p1) i = 0; j = 0; y = x; (q2) z = x; (r2)

• Depth-first, stateless traversal starting with an arbitrary

trace

• Backtracking points added to backtrack set when

finding reversible races

• Sleep set: Events that must not be explored

(x = 0)

final state stopped exploration e and e’ in race

DPOR in Action

5

p q q r r q backtrack set sleep set e e’ happens before relation

p q r x = 5; (p1) i = 0; j = 0; y = x; (q2) z = x; (r2)

• Depth-first, stateless traversal starting with an arbitrary

trace

• Backtracking points added to backtrack set when

finding reversible races

• Sleep set: Events that must not be explored

(x = 0)

final state stopped exploration e and e’ in race

DPOR in Action

5

p q q r r q backtrack set sleep set e e’ happens before relation

p q r x = 5; (p1) i = 0; j = 0; y = x; (q2) z = x; (r2)

• Depth-first, stateless traversal starting with an arbitrary

trace

• Backtracking points added to backtrack set when

finding reversible races

• Sleep set: Events that must not be explored

(x = 0)

final state stopped exploration e and e’ in race

DPOR in Action

5

p q q r r q r backtrack set sleep set e e’ happens before relation

p q r x = 5; (p1) i = 0; j = 0; y = x; (q2) z = x; (r2)

• Depth-first, stateless traversal starting with an arbitrary

trace

• Backtracking points added to backtrack set when

finding reversible races

• Sleep set: Events that must not be explored

(x = 0)

final state stopped exploration e and e’ in race

DPOR in Action

5

p q q r r q r

p1<q2,p1<r2

backtrack set sleep set e e’ happens before relation

y=z=5

p q r x = 5; (p1) i = 0; j = 0; y = x; (q2) z = x; (r2)

• Depth-first, stateless traversal starting with an arbitrary

trace

• Backtracking points added to backtrack set when

finding reversible races

• Sleep set: Events that must not be explored

(x = 0)

final state stopped exploration e and e’ in race

DPOR in Action

5

p q q r r q q {p} r

p1<q2,p1<r2

backtrack set sleep set e e’ happens before relation

y=z=5

p q r x = 5; (p1) i = 0; j = 0; y = x; (q2) z = x; (r2)

• Depth-first, stateless traversal starting with an arbitrary

trace

• Backtracking points added to backtrack set when

finding reversible races

• Sleep set: Events that must not be explored

(x = 0)

final state stopped exploration e and e’ in race

DPOR in Action

5

p q q r r q q q {p} r

p1<q2,p1<r2

backtrack set sleep set e e’ happens before relation

y=z=5

p q r x = 5; (p1) i = 0; j = 0; y = x; (q2) z = x; (r2)

• Depth-first, stateless traversal starting with an arbitrary

trace

• Backtracking points added to backtrack set when

finding reversible races

• Sleep set: Events that must not be explored

(x = 0)

final state stopped exploration e and e’ in race

DPOR in Action

5

p q q r r q q q p {p} r

p1<q2,p1<r2

backtrack set sleep set e e’ happens before relation

y=z=5

p q r x = 5; (p1) i = 0; j = 0; y = x; (q2) z = x; (r2)

• Depth-first, stateless traversal starting with an arbitrary

trace

• Backtracking points added to backtrack set when

finding reversible races

• Sleep set: Events that must not be explored

(x = 0)

final state stopped exploration e and e’ in race

DPOR in Action

5

p q q r r q q q p {p} r

p1<q2,p1<r2

backtrack set sleep set e e’ happens before relation

y=z=5

p q r x = 5; (p1) i = 0; j = 0; y = x; (q2) z = x; (r2)

• Depth-first, stateless traversal starting with an arbitrary

trace

• Backtracking points added to backtrack set when

finding reversible races

• Sleep set: Events that must not be explored

(x = 0)

final state stopped exploration e and e’ in race

DPOR in Action

5

p q q r r q q q p r {p} r

p1<q2,p1<r2

backtrack set sleep set e e’ happens before relation

y=z=5

p q r x = 5; (p1) i = 0; j = 0; y = x; (q2) z = x; (r2)

• Depth-first, stateless traversal starting with an arbitrary

trace

• Backtracking points added to backtrack set when

finding reversible races

• Sleep set: Events that must not be explored

(x = 0)

final state stopped exploration e and e’ in race

DPOR in Action

5

p q q r r q q q p r r {p} r

p1<q2,p1<r2

backtrack set sleep set e e’ happens before relation

y=z=5

p q r x = 5; (p1) i = 0; j = 0; y = x; (q2) z = x; (r2)

• Depth-first, stateless traversal starting with an arbitrary

trace

• Backtracking points added to backtrack set when

finding reversible races

• Sleep set: Events that must not be explored

(x = 0)

final state stopped exploration e and e’ in race

DPOR in Action

5

p q q r r q q q p r r {p} r

p1<q2,p1<r2

backtrack set sleep set e e’ happens before relation

y=z=5

p q r x = 5; (p1) i = 0; j = 0; y = x; (q2) z = x; (r2)

• Depth-first, stateless traversal starting with an arbitrary

trace

• Backtracking points added to backtrack set when

finding reversible races

• Sleep set: Events that must not be explored

(x = 0)

final state stopped exploration e and e’ in race

DPOR in Action

5

p q q r r q q q p r r {p} r r

p1<q2,p1<r2

backtrack set sleep set e e’ happens before relation

y=z=5

p q r x = 5; (p1) i = 0; j = 0; y = x; (q2) z = x; (r2)

• Depth-first, stateless traversal starting with an arbitrary

trace

• Backtracking points added to backtrack set when

finding reversible races

• Sleep set: Events that must not be explored

(x = 0)

final state stopped exploration e and e’ in race

DPOR in Action

5

p q q r r q q q p r r {p} r r

p1<q2,p1<r2 q2<p1,p1<r2

backtrack set sleep set e e’ happens before relation

y=z=5 y=0, z=5

p q r x = 5; (p1) i = 0; j = 0; y = x; (q2) z = x; (r2)

• Depth-first, stateless traversal starting with an arbitrary

trace

• Backtracking points added to backtrack set when

finding reversible races

• Sleep set: Events that must not be explored

(x = 0)

final state stopped exploration e and e’ in race

DPOR in Action

5

p q q r r q q q p r r {p} r r {p} r

p1<q2,p1<r2 q2<p1,p1<r2

backtrack set sleep set e e’ happens before relation

y=z=5 y=0, z=5

p q r x = 5; (p1) i = 0; j = 0; y = x; (q2) z = x; (r2)

• Depth-first, stateless traversal starting with an arbitrary

trace

• Backtracking points added to backtrack set when

finding reversible races

• Sleep set: Events that must not be explored

(x = 0)

final state stopped exploration e and e’ in race

DPOR in Action

5

p q q r r q q q p r r {p} r r r {p} r

p1<q2,p1<r2 q2<p1,p1<r2

backtrack set sleep set e e’ happens before relation

y=z=5 y=0, z=5

p q r x = 5; (p1) i = 0; j = 0; y = x; (q2) z = x; (r2)

• Depth-first, stateless traversal starting with an arbitrary

trace

• Backtracking points added to backtrack set when

finding reversible races

• Sleep set: Events that must not be explored

(x = 0)

final state stopped exploration e and e’ in race

DPOR in Action

5

p q q r r q q q p r r {p} r r p r {p} r

p1<q2,p1<r2 q2<p1,p1<r2

backtrack set sleep set e e’ happens before relation

y=z=5 y=0, z=5

p q r x = 5; (p1) i = 0; j = 0; y = x; (q2) z = x; (r2)

• Depth-first, stateless traversal starting with an arbitrary

trace

• Backtracking points added to backtrack set when

finding reversible races

• Sleep set: Events that must not be explored

(x = 0)

final state stopped exploration e and e’ in race

DPOR in Action

5

p q q r r q q q p r r {p} r r p r {p} r

p1<q2,p1<r2 q2<p1,p1<r2

backtrack set sleep set e e’ happens before relation

y=z=5 y=0, z=5

p q r x = 5; (p1) i = 0; j = 0; y = x; (q2) z = x; (r2)

• Depth-first, stateless traversal starting with an arbitrary

trace

• Backtracking points added to backtrack set when

finding reversible races

• Sleep set: Events that must not be explored

(x = 0)

final state stopped exploration e and e’ in race

DPOR in Action

5

p q q r r q q q p r r {p} r r p r {p} r

p1<q2,p1<r2 q2<p1,p1<r2 q2<p1,r2<p1

backtrack set sleep set e e’ happens before relation

y=z=5 y=0, z=5 y=z=0

p q r x = 5; (p1) i = 0; j = 0; y = x; (q2) z = x; (r2)

• Depth-first, stateless traversal starting with an arbitrary

trace

• Backtracking points added to backtrack set when

finding reversible races

• Sleep set: Events that must not be explored

(x = 0)

r final state stopped exploration e and e’ in race

DPOR in Action

5

p q q r r q q q p r r {p} r r p r {p} r

p1<q2,p1<r2 q2<p1,p1<r2 q2<p1,r2<p1

backtrack set sleep set e e’ happens before relation

y=z=5 y=0, z=5 y=z=0

{p,q} r

p q r x = 5; (p1) i = 0; j = 0; y = x; (q2) z = x; (r2)

• Depth-first, stateless traversal starting with an arbitrary

trace

• Backtracking points added to backtrack set when

finding reversible races

• Sleep set: Events that must not be explored

(x = 0)

r final state stopped exploration e and e’ in race

DPOR in Action

5

p q q r r q q q p r r {p} r r p r {p} r

p1<q2,p1<r2 q2<p1,p1<r2 q2<p1,r2<p1

backtrack set sleep set e e’ happens before relation

y=z=5 y=0, z=5 y=z=0

r {p,q} r

p q r x = 5; (p1) i = 0; j = 0; y = x; (q2) z = x; (r2)

• Depth-first, stateless traversal starting with an arbitrary

trace

• Backtracking points added to backtrack set when

finding reversible races

• Sleep set: Events that must not be explored

(x = 0)

r {q} final state stopped exploration e and e’ in race

DPOR in Action

5

p q q r r q q q p r r {p} r r p r {p} r

p1<q2,p1<r2 q2<p1,p1<r2 q2<p1,r2<p1

backtrack set sleep set e e’ happens before relation

y=z=5 y=0, z=5 y=z=0

r2<p1,p1<q2

r p {p,q} r q

y=5, z=0

p q r x = 5; (p1) i = 0; j = 0; y = x; (q2) z = x; (r2)

• Depth-first, stateless traversal starting with an arbitrary

trace

• Backtracking points added to backtrack set when

finding reversible races

• Sleep set: Events that must not be explored

(x = 0)

r {q} final state stopped exploration e and e’ in race

DPOR in Action

5

p q q r r q q q p r r {p} r r p r {p} r {p,q}

p1<q2,p1<r2 q2<p1,p1<r2 q2<p1,r2<p1

r backtrack set sleep set e e’ happens before relation

y=z=5 y=0, z=5 y=z=0

r2<p1,p1<q2

r p {p,q} r q

y=5, z=0

p q r x = 5; (p1) i = 0; j = 0; y = x; (q2) z = x; (r2)

• Depth-first, stateless traversal starting with an arbitrary

trace

• Backtracking points added to backtrack set when

finding reversible races

• Sleep set: Events that must not be explored

(x = 0)

r {q} final state stopped exploration e and e’ in race

DPOR in Action

5

p q q r r q q q p r r {p} r r p r {p} r r {p,q} {q}

p1<q2,p1<r2 q2<p1,p1<r2 q2<p1,r2<p1

r backtrack set sleep set e e’ happens before relation

y=z=5 y=0, z=5 y=z=0

r2<p1,p1<q2

r p {p,q} r q

y=5, z=0

p q r x = 5; (p1) i = 0; j = 0; y = x; (q2) z = x; (r2)

• Depth-first, stateless traversal starting with an arbitrary

trace

• Backtracking points added to backtrack set when

finding reversible races

• Sleep set: Events that must not be explored

(x = 0)

r {q} final state stopped exploration e and e’ in race

DPOR in Action

5

p q q r r q q q p r r {p} r r p r {p} r r p {p,q} {q}

p1<q2,p1<r2 q2<p1,p1<r2 q2<p1,r2<p1

r backtrack set sleep set e e’ happens before relation

y=z=5 y=0, z=5 y=z=0

r2<p1,p1<q2

r p {p,q} r q

y=5, z=0

p q r x = 5; (p1) i = 0; j = 0; y = x; (q2) z = x; (r2)

• Depth-first, stateless traversal starting with an arbitrary

trace

• Backtracking points added to backtrack set when

finding reversible races

• Sleep set: Events that must not be explored

(x = 0)

r {q} final state stopped exploration e and e’ in race

DPOR in Action

5

p q q r r q q q p r r {p} r r p r {p} r r p {p,q} {q}

p1<q2,p1<r2 q2<p1,p1<r2 q2<p1,r2<p1

r backtrack set sleep set e e’ happens before relation

y=z=5 y=0, z=5 y=z=0

r2<p1,p1<q2

r p {p,q} r q

y=5, z=0

p q r x = 5; (p1) i = 0; j = 0; y = x; (q2) z = x; (r2)

• Depth-first, stateless traversal starting with an arbitrary

trace

• Backtracking points added to backtrack set when

finding reversible races

• Sleep set: Events that must not be explored

(x = 0)

r {q} final state stopped exploration e and e’ in race

DPOR in Action

5

p q q r r q q q p r r {p} r r p r {p} r r p {p,q} {q}

p1<q2,p1<r2 q2<p1,p1<r2 q2<p1,r2<p1

r backtrack set sleep set e e’ happens before relation {q}

y=z=5 y=0, z=5 y=z=0

r2<p1,p1<q2

r p {p,q} r q

y=5, z=0

p q r x = 5; (p1) i = 0; j = 0; y = x; (q2) z = x; (r2)

• Depth-first, stateless traversal starting with an arbitrary

trace

• Backtracking points added to backtrack set when

finding reversible races

• Sleep set: Events that must not be explored
• Some explored sequences eventually cut by sleep sets

(x = 0)

r {q} final state stopped exploration e and e’ in race

Optimal* DPOR in Action (* without wake-up trees)

6

backtrack set sleep set

p q r x = 5; (p1) i = 0; j = 0; y = x; (q2) z = x; (r2)

x = 0

e e’ happens before relation Final state e and e’ in race

Optimal* DPOR in Action (* without wake-up trees)

6

backtrack set sleep set

p q r x = 5; (p1) i = 0; j = 0; y = x; (q2) z = x; (r2)

p q q r q

x = 0

e e’ happens before relation Final state e and e’ in race

Optimal* DPOR in Action (* without wake-up trees)

6

backtrack set sleep set

p q r x = 5; (p1) i = 0; j = 0; y = x; (q2) z = x; (r2)

p q q r r q

x = 0

e e’ happens before relation Final state e and e’ in race

Optimal* DPOR in Action (* without wake-up trees)

6

backtrack set sleep set

p q r x = 5; (p1) i = 0; j = 0; y = x; (q2) z = x; (r2)

p q q r r q

x = 0

e e’ happens before relation Final state e and e’ in race

Optimal* DPOR in Action (* without wake-up trees)

6

backtrack set sleep set

p q r x = 5; (p1) i = 0; j = 0; y = x; (q2) z = x; (r2)

• No need to backtrack with r in the initial state!
• It prevents sleep set blocked explorations
• E.g., with 8 readers it explores 256 traces vs. 3281!

p q q r r q

x = 0

r e e’ happens before relation Final state e and e’ in race

Optimal* DPOR in Action (* without wake-up trees)

6

backtrack set sleep set

p q r x = 5; (p1) i = 0; j = 0; y = x; (q2) z = x; (r2)

• No need to backtrack with r in the initial state!
• It prevents sleep set blocked explorations
• E.g., with 8 readers it explores 256 traces vs. 3281!

p q q r r q

p1<q2,p1<r2

y=z=5

x = 0

r e e’ happens before relation Final state e and e’ in race

Optimal* DPOR in Action (* without wake-up trees)

6

backtrack set sleep set

p q r x = 5; (p1) i = 0; j = 0; y = x; (q2) z = x; (r2)

• No need to backtrack with r in the initial state!
• It prevents sleep set blocked explorations
• E.g., with 8 readers it explores 256 traces vs. 3281!

p q q r r q

p1<q2,p1<r2

y=z=5

x = 0

r q q p r r {p} r r p r {p} r p {p,q} {q}

q2<p1,p1<r2 q2<p1,r2<p1

r {q}

y=0, z=5 y=z=0

r2<p1,p1<q2

r p {p} r q

y=5, z=0

r e e’ happens before relation Final state e and e’ in race

• DPOR requires over-approximating dependencies (e.g same var. and at least one writes)
• Using the traditional dependence approx., all p,q,r are dependent to each other
• Hence all six orders must be explored

There is Room for Improvement: Dep. over-approx.

7

p q r p r q q p r q r p r p q r q p

p q r x = 5; x = 5; y = x;

Consider another example:

(x = 0)

• DPOR requires over-approximating dependencies (e.g same var. and at least one writes)
• Using the traditional dependence approx., all p,q,r are dependent to each other
• Hence all six orders must be explored
• But p and q are indeed independent

There is Room for Improvement: Dep. over-approx.

7

p q r p r q q p r q r p r p q r q p

p q r x = 5; x = 5; y = x;

= =

Consider another example:

(x = 0)

• DPOR requires over-approximating dependencies (e.g same var. and at least one writes)
• Using the traditional dependence approx., all p,q,r are dependent to each other
• Hence all six orders must be explored
• But p and q are indeed independent

There is Room for Improvement: Dep. over-approx.

7

p q r p r q q p r q r p r p q r q p

p q r x = 5; x = 5; y = x;

• With an exact dep. approximation it needs to explore 4, but ...

= =

Consider another example:

(x = 0)

• DPOR requires over-approximating dependencies (e.g same var. and at least one writes)
• Using the traditional dependence approx., all p,q,r are dependent to each other
• Hence all six orders must be explored
• But p and q are indeed independent

There is Room for Improvement: Dep. over-approx.

7

p q r p r q q p r q r p r p q r q p

p q r x = 5; x = 5; y = x; p q r x++; x--; y = x;

• It could be more tricky:
• With an exact dep. approximation it needs to explore 4, but ...

= =

Consider another example:

(x = 0)

• DPOR requires over-approximating dependencies (e.g same var. and at least one writes)
• Using the traditional dependence approx., all p,q,r are dependent to each other
• Hence all six orders must be explored
• But p and q are indeed independent

There is Room for Improvement: Dep. over-approx.

7

p q r p r q q p r q r p r p q r q p

p q r x = 5; x = 5; y = x; p q r x++; x--; y = x;

• It could be more tricky:
• And much more with bigger

atomic sections

• With an exact dep. approximation it needs to explore 4, but ...

= =

Consider another example:

(x = 0)

• Observe that there are only two outcomes: y = 0 or y = 5
• q and r (and also p and r) are independent in the context x = 5
• Only two orders need to be explored

There is Room for Improvement: Sensitivity to Context

8

p q r p r q q p r q r p r p q r q p

p q r x = 5; x = 5; y = x;

(x = 0)

• Observe that there are only two outcomes: y = 0 or y = 5
• q and r (and also p and r) are independent in the context x = 5
• Only two orders need to be explored

There is Room for Improvement: Sensitivity to Context

8

p q r p r q q p r q r p r p q r q p

p q r x = 5; x = 5; y = x;

= =

(x = 0)

• Observe that there are only two outcomes: y = 0 or y = 5
• q and r (and also p and r) are independent in the context x = 5
• Only two orders need to be explored

There is Room for Improvement: Sensitivity to Context

8

p q r p r q q p r q r p r p q r q p

p q r x = 5; x = 5; y = x;

(p < r or q < r) leads to y = 5 (r < p and r < q) leads to y = 0

= =

(x = 0)

Context Sensitive DPOR 1.0 [CAV’17]

• Refinement over Optimal* DPOR (* without wake-up trees)
• It computes exact (in)dependencies overcoming the loss of precision of

(in)dependency over-approximations

• It takes advantage of context-sensitive dependencies
• It adds a new check in the race detection phase
• If it succeeds it adds a sequence to the corresponding sleep-set
• Sleep-sets can now include sequences and are propagated accordingly
• The exploration can only get reduced

9

Context Sensitive DPOR 1.0 in Action

10

p q r x = 5; x = 5; y = x;

backtrack set sleep set r p r p happens before relation p in sleep set p added to backtrack set r p p already in backtrack new sleep entries Reduced explorations Final state

Context Sensitive DPOR 1.0 in Action

10

p q r x = 5; x = 5; y = x;

p backtrack set sleep set r p r p happens before relation p in sleep set p added to backtrack set r p p already in backtrack new sleep entries Reduced explorations Final state

Context Sensitive DPOR 1.0 in Action

10

p q r x = 5; x = 5; y = x;

p q backtrack set sleep set r p r p happens before relation p in sleep set p added to backtrack set r p p already in backtrack new sleep entries Reduced explorations Final state

Context Sensitive DPOR 1.0 in Action

10

p q r x = 5; x = 5; y = x;

p q backtrack set sleep set r p r p happens before relation p in sleep set p added to backtrack set r p p already in backtrack new sleep entries Reduced explorations Final state

Context Sensitive DPOR 1.0 in Action

10

p q r x = 5; x = 5; y = x;

p q q backtrack set sleep set r p r p happens before relation p in sleep set p added to backtrack set r p p already in backtrack new sleep entries Reduced explorations Final state

Context Sensitive DPOR 1.0 in Action

10

p q r x = 5; x = 5; y = x;

p q q backtrack set sleep set r p r p happens before relation p in sleep set p added to backtrack set r p p already in backtrack new sleep entries p.q = q.p Reduced explorations Final state

Context Sensitive DPOR 1.0 in Action

10

p q r x = 5; x = 5; y = x;

p q {q.p} q backtrack set sleep set r p r p happens before relation p in sleep set p added to backtrack set r p p already in backtrack new sleep entries p.q = q.p Reduced explorations Final state

Context Sensitive DPOR 1.0 in Action

10

p q r x = 5; x = 5; y = x;

p q {q.p} q backtrack set sleep set r p r p happens before relation p in sleep set p added to backtrack set r p p already in backtrack new sleep entries Reduced explorations Final state

Context Sensitive DPOR 1.0 in Action

10

p q r x = 5; x = 5; y = x;

p q r {q.p} q backtrack set sleep set r p r p happens before relation p in sleep set p added to backtrack set r p p already in backtrack new sleep entries Reduced explorations Final state

Context Sensitive DPOR 1.0 in Action

10

p q r x = 5; x = 5; y = x;

p q r {q.p} q backtrack set sleep set r p r p happens before relation p in sleep set p added to backtrack set r p p already in backtrack new sleep entries Reduced explorations Final state

Context Sensitive DPOR 1.0 in Action

10

p q r x = 5; x = 5; y = x;

p q r {q.p} r q backtrack set sleep set r p r p happens before relation p in sleep set p added to backtrack set r p p already in backtrack new sleep entries Reduced explorations Final state

Context Sensitive DPOR 1.0 in Action

10

p q r x = 5; x = 5; y = x;

p q r p.q.r = p.r.q {q.p} r q backtrack set sleep set r p r p happens before relation p in sleep set p added to backtrack set r p p already in backtrack new sleep entries Reduced explorations Final state

Context Sensitive DPOR 1.0 in Action

10

p q r x = 5; x = 5; y = x;

p q r p.q.r = p.r.q {r.q} {q.p} r q backtrack set sleep set r p r p happens before relation p in sleep set p added to backtrack set r p p already in backtrack new sleep entries Reduced explorations Final state

Context Sensitive DPOR 1.0 in Action

10

p q r x = 5; x = 5; y = x;

p q r {r.q} {q.p} r q backtrack set sleep set r p r p happens before relation p in sleep set p added to backtrack set r p p already in backtrack new sleep entries Reduced explorations Final state

Context Sensitive DPOR 1.0 in Action

10

p q r x = 5; x = 5; y = x;

p q r {r.q} {q.p} r q backtrack set sleep set r p r p happens before relation p in sleep set p added to backtrack set r p p already in backtrack p.q.r y=5 new sleep entries Reduced explorations Final state

Context Sensitive DPOR 1.0 in Action

10

p q r x = 5; x = 5; y = x;

p q r {r.q} {q.p} r q r {q} backtrack set sleep set r p r p happens before relation p in sleep set p added to backtrack set r p p already in backtrack p.q.r y=5 new sleep entries Reduced explorations Final state

Context Sensitive DPOR 1.0 in Action

10

p q r x = 5; x = 5; y = x;

p q r {r.q} {q.p} r q r {q} backtrack set sleep set r p r p happens before relation p in sleep set p added to backtrack set r p p already in backtrack p.q.r y=5 new sleep entries Reduced explorations Final state

Context Sensitive DPOR 1.0 in Action

10

p q r x = 5; x = 5; y = x;

p q r {r.q} {q.p} r q r {q} r backtrack set sleep set r p r p happens before relation p in sleep set p added to backtrack set r p p already in backtrack p.q.r y=5 new sleep entries Reduced explorations Final state

Context Sensitive DPOR 1.0 in Action

10

p q r x = 5; x = 5; y = x;

p q r {r.q} {q.p} r q r {q} r p.r ≠ r.p backtrack set sleep set r p r p happens before relation p in sleep set p added to backtrack set r p p already in backtrack p.q.r y=5 new sleep entries Reduced explorations Final state

Context Sensitive DPOR 1.0 in Action

10

p q r x = 5; x = 5; y = x;

p q r {r.q} {q.p} r q r {q} r backtrack set sleep set r p r p happens before relation p in sleep set p added to backtrack set r p p already in backtrack p.q.r y=5 new sleep entries Reduced explorations Final state

Context Sensitive DPOR 1.0 in Action

10

p q r x = 5; x = 5; y = x;

p q r {r.q} {q.p} r q r {q} r q backtrack set sleep set r p r p happens before relation p in sleep set p added to backtrack set r p p already in backtrack p.q.r y=5 new sleep entries Reduced explorations Final state

Context Sensitive DPOR 1.0 in Action

10

p q r x = 5; x = 5; y = x;

p q r {r.q} {q.p} r q r {q} r q {p} backtrack set sleep set r p r p happens before relation p in sleep set p added to backtrack set r p p already in backtrack p.q.r y=5 new sleep entries Reduced explorations Final state

Context Sensitive DPOR 1.0 in Action

10

p q r x = 5; x = 5; y = x;

p q r {r.q} {q.p} r q r {q} r q {p} r backtrack set sleep set r p r p happens before relation p in sleep set p added to backtrack set r p p already in backtrack p.q.r y=5 new sleep entries Reduced explorations Final state

Context Sensitive DPOR 1.0 in Action

10

p q r x = 5; x = 5; y = x;

p q r {r.q} {q.p} r q r {q} r q {p} r backtrack set sleep set r p r p happens before relation p in sleep set p added to backtrack set r p p already in backtrack p.q.r y=5 new sleep entries Reduced explorations Final state

Context Sensitive DPOR 1.0 in Action

10

p q r x = 5; x = 5; y = x;

p q r {r.q} {q.p} r q r {q} r q {p} r q.r ≠ r.q backtrack set sleep set r p r p happens before relation p in sleep set p added to backtrack set r p p already in backtrack p.q.r y=5 new sleep entries Reduced explorations Final state

Context Sensitive DPOR 1.0 in Action

10

p q r x = 5; x = 5; y = x;

p q r {r.q} {q.p} r q r {q} r q {p} r p backtrack set sleep set r p r p happens before relation p in sleep set p added to backtrack set r p p already in backtrack p.q.r y=5 new sleep entries Reduced explorations Final state

Context Sensitive DPOR 1.0 in Action

10

p q r x = 5; x = 5; y = x;

p q r {r.q} {q.p} r q r {q} r q {p} r p backtrack set sleep set r p r p happens before relation p in sleep set p added to backtrack set r p p already in backtrack p.q.r y=5 q.r.p y=5 new sleep entries Reduced explorations Final state

Context Sensitive DPOR 1.0 in Action

10

p q r x = 5; x = 5; y = x;

p q r {r.q} {q.p} r q r {q} r q {p} r p backtrack set sleep set r p r p happens before relation p in sleep set p added to backtrack set r p p already in backtrack p.q.r y=5 q.r.p y=5 new sleep entries Reduced explorations Final state

Context Sensitive DPOR 1.0 in Action

10

p q r x = 5; x = 5; y = x;

p q r {r.q} {q.p} r q r {q} r q {p} r p backtrack set sleep set r p r p happens before relation p in sleep set p added to backtrack set r p p already in backtrack r p.q.r y=5 q.r.p y=5 new sleep entries Reduced explorations Final state

Context Sensitive DPOR 1.0 in Action

10

p q r x = 5; x = 5; y = x;

p q r {r.q} {q.p} r q r {q} r q {p} r p backtrack set sleep set r p r p happens before relation p in sleep set p added to backtrack set r p p already in backtrack r p p.q.r y=5 q.r.p y=5 new sleep entries Reduced explorations Final state

Context Sensitive DPOR 1.0 in Action

10

p q r x = 5; x = 5; y = x;

p q r {r.q} {q.p} r q r {q} r q {p} r p backtrack set sleep set r p r p happens before relation p in sleep set p added to backtrack set r p p already in backtrack r p p.q.r y=5 q.r.p y=5 new sleep entries Reduced explorations Final state

Context Sensitive DPOR 1.0 in Action

10

p q r x = 5; x = 5; y = x;

p q r {r.q} {q.p} r q r {q} r q {p} r p backtrack set sleep set r p r p happens before relation p in sleep set p added to backtrack set r p p already in backtrack r p q p.q.r y=5 q.r.p y=5 new sleep entries Reduced explorations Final state

Context Sensitive DPOR 1.0 in Action

10

p q r x = 5; x = 5; y = x;

p q r {r.q} {q.p} r q r {q} r q {p} r p backtrack set sleep set r p r p happens before relation p in sleep set p added to backtrack set r p p already in backtrack r p q p.q.r y=5 q.r.p y=5 new sleep entries Reduced explorations Final state

Context Sensitive DPOR 1.0 in Action

10

p q r x = 5; x = 5; y = x;

p q r {r.q} {q.p} r q r {q} r q {p} r p backtrack set sleep set r p r p happens before relation p in sleep set p added to backtrack set r p p already in backtrack r p q q p.q.r y=5 q.r.p y=5 new sleep entries Reduced explorations Final state

Context Sensitive DPOR 1.0 in Action

10

p q r x = 5; x = 5; y = x;

p q r {r.q} {q.p} r q r {q} r q {p} r p backtrack set sleep set r p r p happens before relation p in sleep set p added to backtrack set r p p already in backtrack r p q r.p.q = r.q.p q {q.p} p.q.r y=5 q.r.p y=5 new sleep entries Reduced explorations Final state

Context Sensitive DPOR 1.0 in Action

10

p q r x = 5; x = 5; y = x;

p q r {r.q} {q.p} r q r {q} r q {p} r p backtrack set sleep set r p r p happens before relation p in sleep set p added to backtrack set r p p already in backtrack r p q q {q.p} p.q.r y=5 q.r.p y=5 r.p.q y=0 new sleep entries Reduced explorations Final state

Context Sensitive DPOR 1.0 in Action

10

p q r x = 5; x = 5; y = x;

p q r {r.q} {q.p} r q r {q} r q {p} r p backtrack set sleep set r p r p happens before relation p in sleep set p added to backtrack set r p p already in backtrack r p q q {q.p} q p.q.r y=5 q.r.p y=5 r.p.q y=0 new sleep entries Reduced explorations Final state

Context Sensitive DPOR 1.0 in Action

10

p q r x = 5; x = 5; y = x;

p q r {r.q} {q.p} r q r {q} r q {p} r p backtrack set sleep set r p r p happens before relation p in sleep set p added to backtrack set r p p already in backtrack r p q q {q.p} q {p} p.q.r y=5 q.r.p y=5 r.p.q y=0 new sleep entries Reduced explorations Final state

Context Sensitive DPOR 1.0 in Action

10

p q r x = 5; x = 5; y = x;

p q r {r.q} {q.p} r q r {q} r q {p} r p backtrack set sleep set r p r p happens before relation p in sleep set p added to backtrack set r p p already in backtrack r p q q {q.p} q {p} p.q.r y=5 q.r.p y=5 r.p.q y=0

• All possible different behaviours explored, but 1 extra
• 3 extra nodes explored before blocked by sleep-set

new sleep entries Reduced explorations Final state

Context Sensitive DPOR 1.0

• Sound, simple and effective way to exploit the notion of context-

sensitive independency in the DPOR algorithm

• It can produce exponential reductions w.r.t Optimal DPOR
• The exploration can only get reduced with little overhead

✦ Optimization to avoid re-computations (memory vs. time overhead)

• But, there is still room for improvement …

11

Context Sensitive DPOR 2.0 [Constrained DPOR, CAV’18]

• Further refinement over Optimal* DPOR
• Exploit context-sensitive dependencies now also for reducing backtrack sets
• This requires an extra condition to independency called uniformity
• Parametric w.r.t independence constraints
• Independence constraints (conditions under which two events commute)
• Automatically synthesized in a static SMT-based pre-analysis (or user-provided)
• Examples:
• The exploration can only get reduced w.r.t version 1.0
• It prevents starting redundant explorations that v1.0 had to explore partially

12

p r x = 5; y = x;

Ipr = {x=5}

p q

[if (z>=0) z=x;] [z++; x++;]

Ipq = {z>=0 or z=x or z<=-2}

Context Sensitive DPOR 2.0 in Action

13

p q r x = 5; x = 5; y = x;

r p r p happens before relation p in sleep set p added to backtrack set r p p already in backtrack r p not a race anymore backtrack set sleep set new sleep entries Reduced exploration Final state Reduced w.r.t version 1.0

Ipq = {true} Ipr = {x=5} Iqr = {x=5}

Independence constraints

Context Sensitive DPOR 2.0 in Action

13

p q r x = 5; x = 5; y = x;

p r p r p happens before relation p in sleep set p added to backtrack set r p p already in backtrack r p not a race anymore backtrack set sleep set new sleep entries Reduced exploration Final state Reduced w.r.t version 1.0

Ipq = {true} Ipr = {x=5} Iqr = {x=5}

Independence constraints

Context Sensitive DPOR 2.0 in Action

13

p q r x = 5; x = 5; y = x;

p q r p r p happens before relation p in sleep set p added to backtrack set r p p already in backtrack r p not a race anymore backtrack set sleep set new sleep entries Reduced exploration Final state Reduced w.r.t version 1.0

Ipq = {true} Ipr = {x=5} Iqr = {x=5}

Independence constraints

Context Sensitive DPOR 2.0 in Action

13

p q r x = 5; x = 5; y = x;

p q r p r p happens before relation p in sleep set p added to backtrack set r p p already in backtrack Ipq r p not a race anymore backtrack set sleep set new sleep entries Reduced exploration Final state Reduced w.r.t version 1.0

Ipq = {true} Ipr = {x=5} Iqr = {x=5}

Independence constraints

Context Sensitive DPOR 2.0 in Action

13

p q r x = 5; x = 5; y = x;

p q r r p r p happens before relation p in sleep set p added to backtrack set r p p already in backtrack r p not a race anymore backtrack set sleep set new sleep entries Reduced exploration Final state Reduced w.r.t version 1.0

Ipq = {true} Ipr = {x=5} Iqr = {x=5}

Independence constraints

Context Sensitive DPOR 2.0 in Action

13

p q r x = 5; x = 5; y = x;

p q r r p r p happens before relation p in sleep set p added to backtrack set r p p already in backtrack r p not a race anymore backtrack set sleep set new sleep entries Reduced exploration Final state Reduced w.r.t version 1.0

Ipq = {true} Ipr = {x=5} Iqr = {x=5}

Independence constraints Iqr

Context Sensitive DPOR 2.0 in Action

13

p q r x = 5; x = 5; y = x;

p q r r p r p happens before relation p in sleep set p added to backtrack set r p p already in backtrack r p not a race anymore backtrack set sleep set new sleep entries Reduced exploration Final state Reduced w.r.t version 1.0

Ipq = {true} Ipr = {x=5} Iqr = {x=5}

Independence constraints Ipr

Context Sensitive DPOR 2.0 in Action

13

p q r x = 5; x = 5; y = x;

p q r r r p r p happens before relation p in sleep set p added to backtrack set r p p already in backtrack r p not a race anymore backtrack set sleep set new sleep entries Reduced exploration Final state Reduced w.r.t version 1.0

Ipq = {true} Ipr = {x=5} Iqr = {x=5}

Independence constraints Ipr

Context Sensitive DPOR 2.0 in Action

13

p q r x = 5; x = 5; y = x;

p q r r r p r p happens before relation p in sleep set p added to backtrack set r p p already in backtrack p.q.r y=5 r p not a race anymore backtrack set sleep set new sleep entries Reduced exploration Final state Reduced w.r.t version 1.0

Ipq = {true} Ipr = {x=5} Iqr = {x=5}

Independence constraints Ipr

Context Sensitive DPOR 2.0 in Action

13

p q r x = 5; x = 5; y = x;

p q r r r p r p r p happens before relation p in sleep set p added to backtrack set r p p already in backtrack p.q.r y=5 r p not a race anymore backtrack set sleep set new sleep entries Reduced exploration Final state Reduced w.r.t version 1.0

Ipq = {true} Ipr = {x=5} Iqr = {x=5}

Independence constraints Ipr

Context Sensitive DPOR 2.0 in Action

13

p q r x = 5; x = 5; y = x;

p q r r r p r p r p happens before relation p in sleep set p added to backtrack set r p p already in backtrack p.q.r y=5 r p not a race anymore backtrack set sleep set new sleep entries Reduced exploration Final state Reduced w.r.t version 1.0

Ipq = {true} Ipr = {x=5} Iqr = {x=5}

Independence constraints Ipr

Context Sensitive DPOR 2.0 in Action

13

p q r x = 5; x = 5; y = x;

p q r r r p q r p r p happens before relation p in sleep set p added to backtrack set r p p already in backtrack p.q.r y=5 r p not a race anymore backtrack set sleep set new sleep entries Reduced exploration Final state Reduced w.r.t version 1.0

Ipq = {true} Ipr = {x=5} Iqr = {x=5}

Independence constraints Ipr

Context Sensitive DPOR 2.0 in Action

13

p q r x = 5; x = 5; y = x;

p q r r r p q r p r p happens before relation p in sleep set p added to backtrack set r p p already in backtrack p.q.r y=5 r p not a race anymore backtrack set sleep set new sleep entries Reduced exploration Final state Ipq Reduced w.r.t version 1.0

Ipq = {true} Ipr = {x=5} Iqr = {x=5}

Independence constraints Ipr

Context Sensitive DPOR 2.0 in Action

13

p q r x = 5; x = 5; y = x;

p q r r r p q r p r p happens before relation p in sleep set p added to backtrack set r p p already in backtrack p.q.r y=5 r.p.q y=0 r p not a race anymore backtrack set sleep set new sleep entries Reduced exploration Final state Reduced w.r.t version 1.0

Ipq = {true} Ipr = {x=5} Iqr = {x=5}

Independence constraints Ipr

Context Sensitive DPOR 2.0 in Action

13

p q r x = 5; x = 5; y = x;

p q r r r p q r p r p happens before relation p in sleep set p added to backtrack set r p p already in backtrack p.q.r y=5 r.p.q y=0 Iqr r p not a race anymore backtrack set sleep set new sleep entries Reduced exploration Final state Reduced w.r.t version 1.0

Ipq = {true} Ipr = {x=5} Iqr = {x=5}

Independence constraints Ipr

Context Sensitive DPOR 2.0 in Action

13

p q r x = 5; x = 5; y = x;

p q r r q r p q r p r p happens before relation p in sleep set p added to backtrack set r p p already in backtrack p.q.r y=5 r.p.q y=0 r p not a race anymore backtrack set sleep set new sleep entries Reduced exploration Final state Reduced w.r.t version 1.0

Ipq = {true} Ipr = {x=5} Iqr = {x=5}

Independence constraints Ipr

Context Sensitive DPOR 2.0 in Action

13

p q r x = 5; x = 5; y = x;

p q r r q r p q r p r p happens before relation p in sleep set p added to backtrack set r p p already in backtrack q p.q.r y=5 r.p.q y=0 r p not a race anymore backtrack set sleep set new sleep entries Reduced exploration Final state Reduced w.r.t version 1.0

Ipq = {true} Ipr = {x=5} Iqr = {x=5}

Independence constraints Ipr

Context Sensitive DPOR 2.0 in Action

13

p q r x = 5; x = 5; y = x;

p q r r q r p q r p r p happens before relation p in sleep set p added to backtrack set r p p already in backtrack q p.q.r y=5 r.p.q y=0 r p not a race anymore {p} backtrack set sleep set new sleep entries Reduced exploration Final state Reduced w.r.t version 1.0

Ipq = {true} Ipr = {x=5} Iqr = {x=5}

Independence constraints Ipr Ipq

Context Sensitive DPOR 2.0 in Action

13

p q r x = 5; x = 5; y = x;

p q r r q r p q r p r p happens before relation p in sleep set p added to backtrack set r p p already in backtrack q r p.q.r y=5 r.p.q y=0 r p not a race anymore {p} backtrack set sleep set new sleep entries Reduced exploration Final state Reduced w.r.t version 1.0

Ipq = {true} Ipr = {x=5} Iqr = {x=5}

Independence constraints Ipr

Context Sensitive DPOR 2.0 in Action

13

p q r x = 5; x = 5; y = x;

p q r r q r p q r p r p happens before relation p in sleep set p added to backtrack set r p p already in backtrack q r p.q.r y=5 r.p.q y=0 r p not a race anymore {p} {p} backtrack set sleep set new sleep entries Reduced exploration Final state Ipr Reduced w.r.t version 1.0

Ipq = {true} Ipr = {x=5} Iqr = {x=5}

Independence constraints Ipr

Context Sensitive DPOR 2.0 in Action

13

p q r x = 5; x = 5; y = x;

p q r r q r p q r p r p happens before relation p in sleep set p added to backtrack set r p p already in backtrack q r p.q.r y=5 r.p.q y=0

• Reduction: 3 nodes w.r.t version 1.0 (7 w.r.t Optimal DPOR)
• Still 2 extra nodes w.r.t an optimal exploration

r p not a race anymore {p} {p} backtrack set sleep set new sleep entries Reduced exploration Final state Reduced w.r.t version 1.0

Ipq = {true} Ipr = {x=5} Iqr = {x=5}

Independence constraints Ipr

Motivating (Killing) Example: Distributed MergeSort

14

[8,3,1,15,22,2,78,8]

Motivating (Killing) Example: Distributed MergeSort

14

[8,3,1,15,22,2,78,8] [8,3,1,15] [22,2,78,8]

Motivating (Killing) Example: Distributed MergeSort

14

[8,3,1,15,22,2,78,8] [8,3,1,15] [22,2,78,8] [8,3] [1,15] [22,2] [78,8]

Motivating (Killing) Example: Distributed MergeSort

14

[8,3,1,15,22,2,78,8] [8,3,1,15] [22,2,78,8] [8,3] [8] [3] [1,15] [1] [15] [22,2] [78,8] [22] [2] [78] [8]

Motivating (Killing) Example: Distributed MergeSort

14

[8,3,1,15,22,2,78,8] [8,3,1,15] [22,2,78,8] [8,3] [8] [3] m [1,15] [1] [15] [22,2] [78,8] [22] [2] [78] [8]

Motivating (Killing) Example: Distributed MergeSort

14

[8,3,1,15,22,2,78,8] [8,3,1,15] [22,2,78,8] [8,3] [8] [3] m [3,8] [1,15] [1] [15] [22,2] [78,8] [22] [2] [78] [8]

Motivating (Killing) Example: Distributed MergeSort

14

[8,3,1,15,22,2,78,8] [8,3,1,15] [22,2,78,8] [8,3] [8] [3] m [3,8] [1,15] [1] [15] [22,2] [78,8] [22] [2] [78] [8]

• Two possible interleavings for each merge -> 2⁷ possible orderings but they all lead to the

same result!

Motivating (Killing) Example: Distributed MergeSort

14

[8,3,1,15,22,2,78,8] [8,3,1,15] [22,2,78,8] [8,3] [8] [3] m [3,8] [1,3,8,15] m [1,15] [1] [15] [1,15] m [2,8,22,78] [22,2] [78,8] [22] [2] [78] [8] [2,22] [8,78] m m m m [1,2,3,8,8,15,22,78]

• Two possible interleavings for each merge -> 2⁷ possible orderings but they all lead to the

same result!

Motivating (Killing) Example: Distributed MergeSort

14

[8,3,1,15,22,2,78,8] [8,3,1,15] [22,2,78,8] [8,3] [8] [3] m [3,8] [1,3,8,15] m [1,15] [1] [15] [1,15] m [2,8,22,78] [22,2] [78,8] [22] [2] [78] [8] [2,22] [8,78] m m m m [1,2,3,8,8,15,22,78]

• Two possible interleavings for each merge -> 2⁷ possible orderings but they all lead to the

same result!

• Proving merge is commutative is very complex (only true if arguments are sorted!)

Motivating (Killing) Example: Distributed MergeSort

14

[8,3,1,15,22,2,78,8] [8,3,1,15] [22,2,78,8] [8,3] [8] [3] m [3,8] [1,3,8,15] m [1,15] [1] [15] [1,15] m [2,8,22,78] [22,2] [78,8] [22] [2] [78] [8] [2,22] [8,78] m m m m [1,2,3,8,8,15,22,78]

Optimal DPOR* Context sens. DPOR

• Red. gain

N

Execs Time States Execs Time States Time

8 128 259 2409 1 18 143 14x

Motivating (Killing) Example: Distributed MergeSort

14

[8,3,1,15,22,2,78,8] [8,3,1,15] [22,2,78,8] [8,3] [8] [3] m [3,8] [1,3,8,15] m [1,15] [1] [15] [1,15] m [2,8,22,78] [22,2] [78,8] [22] [2] [78] [8] [2,22] [8,78] m m m m [1,2,3,8,8,15,22,78]

Optimal DPOR* Context sens. DPOR

• Red. gain

N

Execs Time States Execs Time States Time

8 128 259 2409 1 18 143 14x 12 912 1.2s 200ms 9564 1 37 232 32x

Motivating (Killing) Example: Distributed MergeSort

14

[8,3,1,15,22,2,78,8] [8,3,1,15] [22,2,78,8] [8,3] [8] [3] m [3,8] [1,3,8,15] m [1,15] [1] [15] [1,15] m [2,8,22,78] [22,2] [78,8] [22] [2] [78] [8] [2,22] [8,78] m m m m [1,2,3,8,8,15,22,78]

Optimal DPOR* Context sens. DPOR

• Red. gain

N

Execs Time States Execs Time States Time

8 128 259 2409 1 18 143 14x 12 912 1.2s 200ms 9564 1 37 232 32x 15 15872 37s 154456 1 51 257 718x

Conclusions

• Each of the presented extensions potentially produce exponential

reductions with little overhead

• Other recent advances in DPOR technology:
• Quasi-optimal DPOR [Nguyen et. al., CAV’18]
• Data-centric DPOR [Chalupa et. al., POPL’18] and DPOR with observers

[Jonsson et. al., TACAS’18 and OOPSLA’19]

• Context-sensitive DPOR with observers [ISSTA’19]
• Current work in our team:
• Optimality of DPOR with context-sensitive dependency
• Re-implementation of our approach for LLVM programs (over Nidhugg)

15

Thanks for your Attention. Questions?

Thanks for your attention! Questions?

16