dynamic partial order reduction for model checking
play

Dynamic Partial-Order Reduction for Model Checking Software Cormac - PowerPoint PPT Presentation

Oct 27, 2022 •280 likes •462 views

Dynamic Partial-Order Reduction for Model Checking Software Cormac Flanagan Patrice Godefroid UC Santa Cruz Bell Labs Presented by: Ulrich Mller Model Checking Given a multithreaded program Wed like to check for deadlocks and

  1. Dynamic Partial-Order Reduction for Model Checking Software Cormac Flanagan Patrice Godefroid UC Santa Cruz Bell Labs Presented by: Ulrich Müller

  2. Model Checking • Given a multithreaded program • We‘d like to check for deadlocks and safety property violations – Proove it! – Ideally in a push-button fashion – Directly using source code (implementation vs abstraction) • Idea: – Exhaustive state space exploration – Here: • Threads are subdivided into transitions • → All transition interleavings over all threads

  3. Naïve Algorithm • Let‘s do a depth-first search in the state space • Pros: – Covers the whole state space, hence we have certainty of our software correctness • Cons: – Requires a finite state-space – Requires an acyclic state-space – Can be immensely time-intensive due to the state-explosion problem

  4. State-Explosion Problem This is how the global state space looks: Given n = 3 independent threads: (r 0 , s 0 , t 0 ) r 1 s 1 t 1 (r 0 , s 0 , t 1 ) r 0 s 0 t 0 (r 0 , s 1 , t 1 ) ! n Possible Interleavings: (r 1 , s 1 , t 1 ) (Distinct paths in state graph) ⎛ ⎞ n n ∑ ⎜ ⎟ = n 2 ⎜ ⎟ Number of states: ⎝ ⎠ i = 0 i

  5. Partial-Order Reduction • The idea: – Use independence between transitions to reduce the state space Two transitions are independent if both of the following hold: t 1 t 2 •They neither disable nor enable each other and •They commute t 2 t 1

  6. Partial-Order Reduction • Since independent transitions commute, we can swap two adjacent ones in a given trace • Leads to an equivalence class of traces • We only need to check one of those traces per equivalence class! Also called Model Checking using Representatives

  7. Partial-Order Reduction Watch out: • Why the name? These are transitions! – Natural representation of transitions in a concurrent system isn‘t a trace (linear order) ... ... but a partial order Linear order By using linear orders, we‘re unnessecarily adding information to the relation! Partial order

  8. Partial-Order Reduction • In practice model checker only has a local view of the state graph • In a given state, it has to evaluate the minimal subset of enabled transitions to follow that still guarantees soundness

  9. Persistent Transitions • An enabled transition b in the state s is a persistent transition, if it is independent with every transition r i s reachable from s without executing b r 1 b • If a transition b is persistent, it is r 2 sound to only explore b independent r i • Persistent sets: generalization to many threads Based on Flanagan‘s presentation of the paper

  10. Static POR • Use static source code analysis to determine the persistent set of a state as soon as it is reached • Problem – Static analysis is approximate and doesn‘t catch all independency – For example, whether two pointers refer to the same location is determined conservatively • This is where dynamic partial order reduction shines

  11. Dynamic POR • Using runtime information, resolving aliasing suddenly becomes easy • Approach: – Execute an arbitrary trace to completion – During this execution, take note of possible conflicts and mark them for later backtracking – Persistent set is built on-the-fly

  12. R S DPOR Algorithm s 1 x = 1 y = 1 r 1 x,y,g 0,0,0 s 2 r 2 g += 2 g *= 2 y=1 x=1 {S} 1,0,0 0,1,0 x=1 y=1 g*=2 g+=2 {S,R} {S} 1,0,2 1,1,0 0,1,0 y=1 g*=2 g+=2 x=1 Summ Summary: ary: 1,1,2 1,1,0 •Analyzed 3 of the 6 possible traces g+=2 •Ideal POR would analyze 2 g*=2 •Persistent sets constructed dynamically! 1,1,4 1,1,2

  13. Summary • Pros – No approximate/expensive/complicated static analysis – Supports pointer-rich data structures – Supports dynamic creation of threads/objects • Cons – Finite state space – Acyclic state space • Can be extended to be stateful, but is memory expensive • Open questions – Liveness properties and LTL?

  14. Questions?

  15. Implementations Inspect: A Framework for Dynamic Verification of Multithreaded C Programs Sadly, very sparsely documented. http://www.cs.utah.edu/~yuyang/inspect/ Cute: A Concolic Unit Testing Engine for C and Java Uses a simplified version of DPOR to guide symbolic model checking. http://osl.cs.uiuc.edu/~ksen/cute/

  16. DPOR Algorithm From a lecture of Theo Ruys on the subject

  17. Indexer Benchmark 10000000 1000000 100000 Number of transitions 10000 1000 100 10 1 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 Number of threads Dynamic POR, stateless, sleep sets Dynamic POR, stateless, no sleep sets Static POR, stateless, sleep sets Static POR, stateless, no sleep sets Static POR, stateful, sleep sets Static POR, stateful, no sleep sets From Flanagan‘s presentation of the paper

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Multi-Core Partial-Order Reduction for LTL Model Checking Alfons Laarman alfons@laarman.com

Multi-Core Partial-Order Reduction for LTL Model Checking Alfons Laarman alfons@laarman.com

MC-MC POR LTL MC-POR Conclusions Multi-Core Partial-Order Reduction for LTL Model Checking Alfons Laarman alfons@laarman.com joint work with Anton Wijs (Eindhoven University of Technology) Formal Methods in Systems Engineering Vienna

749 views • 45 slides
Combining Partial Order Reduction with Bounded Model Checking CPA 2009 Jos e Vander Meulen

Combining Partial Order Reduction with Bounded Model Checking CPA 2009 Jos e Vander Meulen

Combining Partial Order Reduction with Bounded Model Checking CPA 2009 Jos e Vander Meulen and Charles Pecheur UC Louvain p. 1 A Concurrent System Set of asynchronous and interacting processes Producer 1 Consumer 1 Producer 2

510 views • 22 slides
Towards efficient model checking for variants of ATL under different semantics Wojciech Penczek

Towards efficient model checking for variants of ATL under different semantics Wojciech Penczek

Specification of Strategic Abilities in ATL* Model checking Multi-Valued ATL* Partial order reductions for sATL* Simpler strategies for Timed ATL Conclusions Towards efficient model checking for variants of ATL under different semantics

1.1k views • 88 slides
Race Analysis for SystemC using Model Checking Nicolas Blanc, Daniel Kroening Outline

Race Analysis for SystemC using Model Checking Nicolas Blanc, Daniel Kroening Outline

Race Analysis for SystemC using Model Checking Nicolas Blanc, Daniel Kroening Outline Motivation Partial-Order Reduction Scoot Experimental Results D. Kroening: Race Analysis for SystemCusing Model Checking 2 Introduction Oxford is a

1.22k views • 88 slides
Context Sensitive Dynamic Partial Order Reduction Miguel Gmez-Zamalloa, joint work with Elvira

Context Sensitive Dynamic Partial Order Reduction Miguel Gmez-Zamalloa, joint work with Elvira

Context Sensitive Dynamic Partial Order Reduction Miguel Gmez-Zamalloa, joint work with Elvira Albert, Puri Arenas, Mara Garca de la Banda, Miguel Isabel, Albert Rubio and Peter Stuckey Introduction Verification and testing on concurrent

1.72k views • 139 slides
Higher-Order Model Checking III: Reducing Model Checking to Type Inference IV: Applications:

Higher-Order Model Checking III: Reducing Model Checking to Type Inference IV: Applications:

Higher-Order Model Checking III: Reducing Model Checking to Type Inference IV: Applications: Verifying Higher-order Functional Programs Luke Ong University of Oxford http://www.cs.ox.ac.uk/people/luke.ong/personal/ http://mjolnir.cs.ox.ac.uk

856 views • 26 slides
Higher-Order Model Checking and Program Verification Naoki Kobayashi University of Tokyo

Higher-Order Model Checking and Program Verification Naoki Kobayashi University of Tokyo

Higher-Order Model Checking and Program Verification Naoki Kobayashi University of Tokyo Whats This Talk About? Introduction to higher-order model checking (model checking of higher- order recursion schemes) and its applications to

641 views • 40 slides
Parametrized Partial Differential Equations Heat Transfer Back-of-the-Envelope Calculations:

Parametrized Partial Differential Equations Heat Transfer Back-of-the-Envelope Calculations:

Parametrized Partial Differential Equations Heat Transfer Back-of-the-Envelope Calculations: Model Simplification, Model Order Reduction Anthony T Patera, MIT Mathematics of Reduced Order Models ICERM Providence, RI, USA February 19, 2020

1.35k views • 131 slides
Reducing CTL-Live Model Checking to First-Order Logic Validity Checking Amirhossein Vakili and

Reducing CTL-Live Model Checking to First-Order Logic Validity Checking Amirhossein Vakili and

Reducing CTL-Live Model Checking to First-Order Logic Validity Checking Amirhossein Vakili and Nancy A. Day Cheriton School of Computer Science 24 October 2014 Vakili and Day (U. of Waterloo) CTL-Live Model Checking in FOL 24 October 2014 1

535 views • 28 slides
Dichotomies and Duality in First-order Model Checking Problems Barnaby Martin Department of

Dichotomies and Duality in First-order Model Checking Problems Barnaby Martin Department of

The Model Checking Problem Logics of Classes I and II Logics of Class III Conclusion and Further Work Dichotomies and Duality in First-order Model Checking Problems Barnaby Martin Department of Computer Science University of Durham Journ

557 views • 38 slides
On Combining State Space Reductions with Global Fairness Assumptions Shaojie Zhang 1 Jun Sun 2 Jun

On Combining State Space Reductions with Global Fairness Assumptions Shaojie Zhang 1 Jun Sun 2 Jun

Background & Motivation Model Checking with Global Fairness Symmetry Reduction & Global Fairness Partial Order Reduction & Global Fairness Summary On Combining State Space Reductions with Global Fairness Assumptions Shaojie Zhang 1

402 views • 25 slides
Propositional Approximations for Bounded Model Checking of Partial Circuit Designs Ralf Wimmer

Propositional Approximations for Bounded Model Checking of Partial Circuit Designs Ralf Wimmer

Propositional Approximations for Bounded Model Checking of Partial Circuit Designs Ralf Wimmer (joint work with Bernd Becker, Marc Herbstritt, Natalia Kalinnik, Matthew Lewis, Juri Lichtner, Tobias Nopper) Albert-Ludwigs-University Freiburg im

281 views • 27 slides
Statistical Statistical Statistical Model Statistical Model Model Checking Model Checking

Statistical Statistical Statistical Model Statistical Model Model Checking Model Checking

Statistical Statistical Statistical Model Statistical Model Model Checking Model Checking Checking Checking for Timed Automata Timed Automata Coll C l C ll b llabora orators: t ors: Peter Bulychev, Alexandre David Axel Legay, Marius

725 views • 59 slides
Model Order Reduction of Model Order Reduction of Parameterized Interconnect Networks

Model Order Reduction of Model Order Reduction of Parameterized Interconnect Networks

Model Order Reduction of Model Order Reduction of Parameterized Interconnect Networks Parameterized Interconnect Networks via a Two- -Directional Directional Arnoldi Arnoldi Process Process via a Two Yung-Ta Li joint work with Zhaojun

509 views • 33 slides
Heuristics for Checking Liveness Properties with Partial Order Reductions A. Duret-Lutz, F.

Heuristics for Checking Liveness Properties with Partial Order Reductions A. Duret-Lutz, F.

Heuristics for Checking Liveness Properties with Partial Order Reductions A. Duret-Lutz, F. Kordon, D. Poitrenaud, E. Renault Tuesday, October 18th E. Renault ATVA16 Tuesday, October 18th 1 / 17 State Space Explosion Two concurrent

941 views • 52 slides
Hoare Logic and Model Checking Model Checking Lecture 11: Model checking for Computation Tree

Hoare Logic and Model Checking Model Checking Lecture 11: Model checking for Computation Tree

Hoare Logic and Model Checking Model Checking Lecture 11: Model checking for Computation Tree Logic Dominic Mulligan Based on previous slides by Alan Mycroft and Mike Gordon Programming, Logic, and Semantics Group University of Cambridge

402 views • 25 slides
Ohios Health Home Model for Beneficiaries with Serious and Persistent Mental Illness: A

Ohios Health Home Model for Beneficiaries with Serious and Persistent Mental Illness: A

Exploring Medicaid Health Homes: Ohios Health Home Model for Beneficiaries with Serious and Persistent Mental Illness: A Regional Roll-Out November 5, 2012; 3:00 4:00PM (ET) For audio, dial: 1-800-273-7043; Passcode: 596413 A video

350 views • 9 slides
MillWheel: Fault Tolerant Stream Processing at Internet Scale Presented by Rui Zhang October

MillWheel: Fault Tolerant Stream Processing at Internet Scale Presented by Rui Zhang October

MillWheel: Fault Tolerant Stream Processing at Internet Scale Presented by Rui Zhang October 28, 2013 What is MillWheel? Stream processing framework Simple programming models User specified directed computation graph Fault

670 views • 27 slides
Towers of function fields over finite fields and their sequences of zeta functions Alexey Zaytsev

Towers of function fields over finite fields and their sequences of zeta functions Alexey Zaytsev

Towers of function fields over finite fields and their sequences of zeta functions Alexey Zaytsev I. Kant Baltic Federal University Kalinigrad Russia November 12, 2013 joint work with Alexey Zykin Alexey Zaytsev Towers of function fields

649 views • 37 slides
Graph Clustering Graph Clustering What is clustering? What is clustering? Finding patterns

Graph Clustering Graph Clustering What is clustering? What is clustering? Finding patterns

Graph Clustering Graph Clustering What is clustering? What is clustering? Finding patterns in data, or grouping similar groups of data-points together into clusters . Clustering algorithms for numeric data: Lloyds K-means, EM

688 views • 19 slides
Persistent currents in two dimension: New regimes induced by the interplay between electronic

Persistent currents in two dimension: New regimes induced by the interplay between electronic

Persistent currents in two dimension: New regimes induced by the interplay between electronic correlations and disorder Zoltn dm Nmeth Jean-Louis Pichard CEA - Saclay, Service de Physique de l'Etat Condens Outline: Overview of

583 views • 30 slides
Safety First: A Two-Stage Algorithm for LTL Games Saqib Sohail Fabio Somenzi Department of

Safety First: A Two-Stage Algorithm for LTL Games Saqib Sohail Fabio Somenzi Department of

Introduction Games Two Stage Synthesis Results Conclusions Safety First: A Two-Stage Algorithm for LTL Games Saqib Sohail Fabio Somenzi Department of Electrical and Computer Engineering University of Colorado at Boulder FMCAD 2009 Safety

1.28k views • 123 slides
Disclosures Nothing to disclose ABSTRACT PROFFERED TALK: Large ( 2 cm) Breast Cancers in

Disclosures Nothing to disclose ABSTRACT PROFFERED TALK: Large ( 2 cm) Breast Cancers in

6/9/2017 Disclosures Nothing to disclose ABSTRACT PROFFERED TALK: Large ( 2 cm) Breast Cancers in Women Attending Regular Screening: Risk Factors and Implications for Prognosis FREDRIK STRAND, MD, MSc, PhD Cand. Karolinska Stockholm,

287 views • 5 slides
Approximation and Non-parametric Estimation of ResNet-type Convolutional Neural Networks Kenta

Approximation and Non-parametric Estimation of ResNet-type Convolutional Neural Networks Kenta

Poster: 13 th June, Pacific Ballroom #77 Paper Link Approximation and Non-parametric Estimation of ResNet-type Convolutional Neural Networks Kenta Oono 1,2 Taiji Suzuki 1,3 {kenta_oono, taiji}@mist.i.u-tokyo.ac.jp 1. The University of Tokyo

1.26k views • 23 slides

More recommend