Article

Context-Bounded model checking of concurrent software

Authors:

Jakob RehofAuthors Info & Claims

TACAS'05: Proceedings of the 11th international conference on Tools and Algorithms for the Construction and Analysis of Systems

Pages 93 - 107

https://doi.org/10.1007/978-3-540-31980-1_7

Published: 04 April 2005 Publication History

Abstract

The interaction among concurrently executing threads of a program results in insidious programming errors that are difficult to reproduce and fix. Unfortunately, the problem of verifying a concurrent boolean program is undecidable [24]. In this paper, we prove that the problem is decidable, even in the presence of unbounded parallelism, if the analysis is restricted to executions in which the number of context switches is bounded by an arbitrary constant. Restricting the analysis to executions with a bounded number of context switches is unsound. However, the analysis can still discover intricate bugs and is sound up to the bound since within each context, a thread is fully explored for unbounded stack depth. We present an analysis of a real concurrent system by the ZING model checker which demonstrates that the ability to model check with arbitrary but fixed context bound in the presence of unbounded parallelism is valuable in practice. Implementing context-bounded model checking in ZING is left for future work.

References

[1]

R. Alur and R. Grosu. Modular refinement of hierarchic reactive machines. In POPL 00: Principles of Programming Languages, pages 390-402. ACM, 2000.

[2]

T. Andrews, S. Qadeer, S. K. Rajamani, J. Rehof, and Y. Xie. Zing: Exploiting program structure for model checking concurrent software. In CONCUR 2004: Fifteenth International Conference on Concurrency Theory, London, U.K., September 2004, LNCS. Springer-Verlag, 2004. Invited paper.

[3]

J-M. Autebert, J. Berstel, and L. Boasson. Context-free languages and pushdown automata. In Handbook of Formal Languages, vol. 1 (Eds.: G. Rozenberg and A. Salomaa), pages 111 - 174. Springer-Verlag, 1997.

[4]

T. Ball and S. K. Rajamani. The SLAM project: Debugging system software via static analysis. In POPL 02: Principles of Programming Languages, pages 1-3. ACM, January 2002.

[5]

A. Bouajjani, J. Esparza, and T. Touili. A generic approach to the static analysis of concurrent programs with procedures. In POPL 03: Principles of Programming Languages, pages 62-73. ACM, 2003.

[6]

S. Chaki, E. M. Clarke, A. Groce, S. Jha, and H. Veith. Modular verification of software components in C. IEEE Transactions on Software Engineering, 30(6):388- 402, 2004.

[7]

E. M. Clarke, A. Biere, R. Raimi, and Y. Zhu. Bounded model checking using satisfiability solving. Formal Methods in System Design, 19(1):7-34, 2001.

[8]

E. M. Clarke and E. A. Emerson. Synthesis of synchronization skeletons for branching time temporal logic. In Logic of Programs, LNCS 131, pages 52-71. Springer-Verlag, 1981.

[9]

J. Corbett, M. Dwyer, John Hatcliff, Corina Pasareanu, Robby, S. Laubach, and H. Zheng. Bandera : Extracting finite-state models from Java source code. In ICSE 00: Software Engineering, 2000.

[10]

M. Das, S. Lerner, and M. Seigle. ESP: Path-sensitive program verification in polynomial time. In PLDI 02: Programming Language Design and Implementation, pages 57-69. ACM, 2002.

[11]

J. Esparza and A. Podelski. Efficient algorithms for pre* and post* on interprocedural parallel flow graphs. In POPL 00: Principles of Programming Languages, pages 1-11. ACM, 2000.

[12]

A. Finkel, B. Willems, and P. Wolper. A direct symbolic approach to model checking pushdown systems. Electronic Notes in Theoretical Computer Science, 9, 1997.

[13]

D. Giannakopoulou, C. S. Pasareanu, and H. Barringer. Assumption generation for software component verification. In ASE 02: Automated Software Engineering, pages 3-12, 2002.

[14]

P. Godefroid. Model checking for programming languages using verisoft. In POPL 97: Principles of Programming Languages, pages 174-186, 1997.

[15]

T. A. Henzinger, R. Jhala, and R. Majumdar. Race checking by context inference. In PLDI 04: Programming Language Design and Implementation, pages 1-13, 2004.

[16]

T. A. Henzinger, R. Jhala, R. Majumdar, and S. Qadeer. Thread-modular abstraction refinement. In CAV 03: Computer-Aided Verification, pages 262-274, 2003.

[17]

G. Holzmann. The model checker SPIN. IEEE Transactions on Software Engineering, 23(5):279-295, May 1997.

[18]

M. Musuvathi, D. Park, A. Chou, D. Engler, and D. L. Dill. CMC: A pragmatic approach to model checking real code. In OSDI 02: Operating Systems Design and Implementation, 2002.

[19]

F. Pong and M. Dubois. Verification techniques for cache coherence protocols. ACM Computing Surveys, 29(1):82-126, 1997.

[20]

S. Qadeer, S. K. Rajamani, and J. Rehof. Summarizing procedures in concurrent programs. In POPL 04: ACM Principles of Programming Languages, pages 245- 255. ACM, 2004.

[21]

S. Qadeer and J. Rehof. Context-bounded model checking of concurrent software. Technical Report MSR-TR-2004-70, Microsoft Research, 2004.

[22]

S. Qadeer and D. Wu. KISS: Keep it simple and seqeuential. In PLDI 04: Programming Language Design and Implementation, pages 14-24. ACM, 2004.

[23]

J. Queille and J. Sifakis. Specification and verification of concurrent systems in CESAR. In M. Dezani-Ciancaglini and U. Montanari, editors, Fifth International Symposium on Programming, Lecture Notes in Computer Science 137, pages 337- 351. Springer-Verlag, 1981.

[24]

G. Ramalingam. Context sensitive synchronization sensitive analysis is undecidable. ACM Trans. on Programming Languages and Systems, 22:416-430, 2000.

[25]

T. Reps, S. Horwitz, and M. Sagiv. Precise interprocedural dataflow analysis via graph reachability. In POPL 95: Principles of Programming Languages, pages 49-61. ACM, 1995.

[26]

Robby, M. Dwyer, and J. Hatcliff. Bogor: An extensible and highly-modular model checking framework. In FSE 03: Foundations of Software Engineering, pages 267- 276. ACM, 2003.

[27]

S. Schwoon. Model-Checking Pushdown Systems. PhD thesis, Lehrstuhl für Informatik VII der Technischen Universität München, 2000.

[28]

M. Sharir and A. Pnueli. Two approaches to interprocedural data flow analysis. In Program Flow Analysis: Theory and Applications, pages 189-233. Prentice-Hall, 1981.

[29]

W. Visser, K. Havelund, G. Brat, and S. Park. Model checking programs. In ASE 00: Automated Software Engineering, pages 3-12, 2000.

[30]

E. Yahav. Verifying safety properties of concurrent Java programs using 3-valued logic. In POPL 01: Principles of Programming Languages, pages 27-40, 2001.

Cited By

Conrado GKjelstrøm Avan de Pol JPavlogiannis A(2025)Program Analysis via Multiple Context Free Language ReachabilityProceedings of the ACM on Programming Languages10.1145/37048549:POPL(509-538)Online publication date: 9-Jan-2025
https://dl.acm.org/doi/10.1145/3704854
Abdulla PAtig MBouajjani AKumar KSaivasan P(2024)Verification under Intel-x86 with PersistencyProceedings of the ACM on Programming Languages10.1145/36564258:PLDI(1189-1212)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3656425
Bergsträßer PGanardi MLin AZetzsche G(2024)Ramsey Quantifiers in Linear ArithmeticsProceedings of the ACM on Programming Languages10.1145/36328438:POPL(1-32)Online publication date: 5-Jan-2024
https://dl.acm.org/doi/10.1145/3632843
Show More Cited By

Context-Bounded model checking of concurrent software
1. Software and its engineering
2. Theory of computation
  1. Semantics and reasoning
    1. Program reasoning

Recommendations

Verifying multi-threaded software using smt-based context-bounded model checking
ICSE '11: Proceedings of the 33rd International Conference on Software Engineering

We describe and evaluate three approaches to model check multi-threaded software with shared variables and locks using bounded model checking based on Satisfiability Modulo Theories (SMT) and our modelling of the synchronization primitives of the ...
Concurrent Bounded Model Checking

We introduce a methodology, based on symbolic execution, for Concurrent Bounded Model Checking. In our approach, we translate a program into a formula in a disjunctive form. This design enables concurrent verification, with a main thread running ...
Model checking unbounded concurrent lists

We present a model checking-based method for verifying list-based concurrent set data structures. Concurrent data structures are notorious for being hard to get right and thus, their verification has received significant attention from the verification ...

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

TACAS'05: Proceedings of the 11th international conference on Tools and Algorithms for the Construction and Analysis of Systems

April 2005

585 pages

ISBN:3540253335

Editors:
Nicolas Halbwachs
CNRS - VERIMAG, 2, av. de Vignate, Gières, France
,
Lenore D. Zuck
University of Illinois at Chicago, 2, av. de Vignate, Gières

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 04 April 2005

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

161
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 31 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Conrado GKjelstrøm Avan de Pol JPavlogiannis A(2025)Program Analysis via Multiple Context Free Language ReachabilityProceedings of the ACM on Programming Languages10.1145/37048549:POPL(509-538)Online publication date: 9-Jan-2025
https://dl.acm.org/doi/10.1145/3704854
Abdulla PAtig MBouajjani AKumar KSaivasan P(2024)Verification under Intel-x86 with PersistencyProceedings of the ACM on Programming Languages10.1145/36564258:PLDI(1189-1212)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3656425
Bergsträßer PGanardi MLin AZetzsche G(2024)Ramsey Quantifiers in Linear ArithmeticsProceedings of the ACM on Programming Languages10.1145/36328438:POPL(1-32)Online publication date: 5-Jan-2024
https://dl.acm.org/doi/10.1145/3632843
Wolff DShi ZDuck GMathur URoychoudhury ATsafrir DMusuvathi MGupta RAbu-Ghazaleh N(2024)Greybox Fuzzing for Concurrency TestingProceedings of the 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 210.1145/3620665.3640389(482-498)Online publication date: 27-Apr-2024
https://dl.acm.org/doi/10.1145/3620665.3640389
Faella MGarbi GLa Torre SParlato G(2024)CHC-Based Verification of Programs Through Graph DecompositionsSN Computer Science10.1007/s42979-024-03371-65:8Online publication date: 18-Nov-2024
https://dl.acm.org/doi/10.1007/s42979-024-03371-6
Sales EInverso OTuosto E(2024)Accurate Static Data Race Detection for CFormal Methods10.1007/978-3-031-71162-6_23(443-462)Online publication date: 9-Sep-2024
https://dl.acm.org/doi/10.1007/978-3-031-71162-6_23
Messahel WTouili T(2024)Reachability Analysis of Concurrent Self-modifying CodeEngineering of Complex Computer Systems10.1007/978-3-031-66456-4_14(257-271)Online publication date: 18-Jun-2024
https://dl.acm.org/doi/10.1007/978-3-031-66456-4_14
Gao MChakraborty SOzkan BAamodt TJerger NSwift M(2023)Probabilistic Concurrency Testing for Weak Memory ProgramsProceedings of the 28th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 210.1145/3575693.3575729(603-616)Online publication date: 27-Jan-2023
https://dl.acm.org/doi/10.1145/3575693.3575729
Baumann PGanardi MMajumdar RThinniyam RZetzsche G(2023)Context-Bounded Verification of Context-Free SpecificationsProceedings of the ACM on Programming Languages10.1145/35712667:POPL(2141-2170)Online publication date: 11-Jan-2023
https://dl.acm.org/doi/10.1145/3571266
Ferrando ADelzanno G(2023)HyperMonitor: A Python Prototype for Hyper Predictive Runtime VerificationReachability Problems10.1007/978-3-031-45286-4_13(171-182)Online publication date: 11-Oct-2023
https://dl.acm.org/doi/10.1007/978-3-031-45286-4_13
Show More Cited By

View Options

View options

Figures

Tables

Media

View Table of Conten