Abstract Interpretation with Unfoldings

Sousa, Marcelo; D’Silva, Vijay; Kroening, Daniel

doi:10.1007/978-3-319-63390-9_11

Cited by 13 publications

(17 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The major differences between QPOR and the DPORs of [1] are that: 1) QPOR is based on prime event structures [17], a partial-order semantics that has been recently applied to programs [19,21], instead of a sequential view to thread interleaving, and 2) it computes k-partial alternatives with an O(n k ) algorithm while optimal DPOR corresponds to computing ∞-partial alternatives with an O(2 n ) algorithm. For the program shown in Fig.…”

Section: Introductionmentioning

confidence: 99%

Quasi-Optimal Partial Order Reduction

Nguyen

Sousa

Coti

et al. 2018

Computer Aided Verification

Self Cite

View full text Add to dashboard Cite

A dynamic partial order reduction (DPOR) algorithm is optimal when it always explores at most one representative per Mazurkiewicz trace. Existing literature suggests that the reduction obtained by the non-optimal, state-of-the-art Source-DPOR (SDPOR) algorithm is comparable to optimal DPOR. We show the first program 4 with O(n) Mazurkiewicz traces where SDPOR explores O(2 n ) redundant schedules. We furthermore identify the cause of this blow-up as an NP-hard problem. Our main contribution is a new approach, called Quasi-Optimal POR, that can arbitrarily approximate an optimal exploration using a provided constant k. We present an implementation of our method in a new tool called Dpu using specialised data structures. Experiments with Dpu, including Debian packages, show that optimality is achieved with low values of k, outperforming state-of-the-art tools.if a ∈ enabl (s) and s a − → s , then a ∈ enabl (s) iff a ∈ enabl (s ); and if a, a ∈ enabl (s), then there is a state s such that s a.a −−→ s and s a .a −−→ s .

show abstract

Section: Introductionmentioning

confidence: 99%

Quasi-Optimal Partial Order Reduction

Nguyen

Sousa

Coti

et al. 2018

Computer Aided Verification

Self Cite

View full text Add to dashboard Cite

show abstract

“…A recent study (POET [30]) combines unfolding semantics with abstract interpretation. The solution they have proposed is elegant and close to our proposal, but with several fundamental differences: (D1) POET defines the unfolding under a variant of the independence relation used in the partial order reduction theory [5].…”

Section: Related Workmentioning

confidence: 99%

Thread-modular Analysis of Release-Acquire Concurrency

Sharma¹,

Sharma²

2021

Preprint

View full text Add to dashboard Cite

We present a thread-modular abstract interpretation (TMAI) technique to verify programs under the release-acquire (RA) memory model for safety property violations. The main contributions of our work are: we capture the execution order of program statements as an abstract domain, and propose a sound upper approximation over this domain to efficiently reason over RA concurrency. The proposed domain is general in its application and captures the ordering relations as a first-class feature in the abstract interpretation theory. In particular, the domain represents a set of sequences of modifications of a global variable in concurrent programs as a partially ordered set. Under the upper approximation, older sequenced-before stores of a global variable are forgotten and only the latest stores per variable are preserved. We establish the soundness of our proposed abstractions and implement them in a prototype abstract interpreter called PRIORI. The evaluations of PRIORI on existing and challenging RA benchmarks demonstrate that the proposed technique is not only competitive in refutation, but also in verification. PRIORI shows significantly fast analysis runtimes with higher precision compared to recent state-of-the-art tools for RA concurrency.

show abstract

“…The main contributions w.r.t. those are: (1) we use symbolic execution instead of concurrency testing [ 35 , 41 ] or abstract interpretation [ 46 ]; (2) we support condition variables, providing algorithms to compute conflicting extensions for them; and (3) here we use hash-based fingerprints to compute cutoff events, thus handling much more complex partial orders than the approach described in [ 46 ].…”

Section: Related Workmentioning

confidence: 99%

“…Thread-modular abstract interpretation [18,30,33] and unfolding-based abstract interpretation [46] aim at proving safety rather than finding bugs. They use over-approximations to explore all behaviors, while we focus on testing and never produce false alarms.…”

Section: Related Workmentioning

confidence: 99%

Symbolic Partial-Order Execution for Testing Multi-Threaded Programs

Schemmel

Büning

Laprell

et al. 2020

Computer Aided Verification

Self Cite

View full text Add to dashboard Cite

We describe a technique for systematic testing of multi-threaded programs. We combine Quasi-Optimal Partial-Order Reduction, a state-of-the-art technique that tackles path explosion due to interleaving non-determinism, with symbolic execution to handle data non-determinism. Our technique iteratively and exhaustively finds all executions of the program. It represents program executions using partial orders and finds the next execution using an underlying unfolding semantics. We avoid the exploration of redundant program traces using cutoff events. We implemented our technique as an extension of KLEE and evaluated it on a set of large multi-threaded C programs. Our experiments found several previously undiscovered bugs and undefined behaviors in memcached and GNU sort, showing that the new method is capable of finding bugs in industrial-size benchmarks.

show abstract

Abstract Interpretation with Unfoldings

Cited by 13 publications

References 28 publications

Quasi-Optimal Partial Order Reduction

Quasi-Optimal Partial Order Reduction

Thread-modular Analysis of Release-Acquire Concurrency

Symbolic Partial-Order Execution for Testing Multi-Threaded Programs

Contact Info

Product

Resources

About