Bounded Phase Analysis of Message-Passing Programs

Bouajjani, Ahmed; Emmi, Michael

doi:10.1007/978-3-642-28756-5_31

Cited by 30 publications

(24 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Several under-approximate bounding techniques have been explored to find bugs, even when the machines have shared memory, including depth-bounding [13], bounded context-switching reachability [22,36,37], bounded-phase reachability [7], preemption-bounding [31], delay-bounding [10], bounded-asynchrony [11], etc. These techniques systematically explore a bounded space of reachable states of the concurrent system and are used in practice for finding bugs.…”

Section: Related Workmentioning

confidence: 99%

Natural proofs for asynchronous programs using almost-synchronous reductions

Desai

Garg

Madhusudan

2014

Proceedings of the 2014 ACM International Conference on Object Oriented Programming Systems Languages &Amp; Applications

View full text Add to dashboard Cite

We consider the problem of provably verifying that an asynchronous message-passing system satisfies its local assertions. We present a novel reduction scheme for asynchronous event-driven programs that finds almost-synchronous invariants-invariants consisting of global states where message buffers are close to empty. The reduction finds almostsynchronous invariants and simultaneously argues that they cover all local states. We show that asynchronous programs often have almost-synchronous invariants and that we can exploit this to build natural proofs that they are correct. We implement our reduction strategy, which is sound and complete, and show that it is more effective in proving programs correct as well as more efficient in finding bugs in several programs, compared to current search strategies which almost always diverge. The high point of our experiments is that our technique can prove the Windows Phone USB Driver written in P [9] correct for the responsiveness property, which was hitherto not provable using state-of-the-art model-checkers.

show abstract

Section: Related Workmentioning

confidence: 99%

Natural proofs for asynchronous programs using almost-synchronous reductions

Desai

Garg

Madhusudan

2014

Proceedings of the 2014 ACM International Conference on Object Oriented Programming Systems Languages &Amp; Applications

View full text Add to dashboard Cite

show abstract

“…Based on the notion of bounded context-switch [18], Lal and Reps [13] a reduction from detecting safety violations in multithreaded programs (with a finite number of statically-known threads) to detecting safety violations in sequential programs; shortly after La Torre et al [12] extended this result to handle an arbitrary number of parametric threads, which was further extended by Emmi et al [8] to handle dynamic thread creation-including the case of task-buffer based "asynchronous programs" [19]. More recently Bouajjani and Emmi [3] proposed a reduction from safety violations in distributed asynchronous programs with ordered message queues. Thus far, only the recent (yet orthogonal-see above) work of Atig et al [1] considers liveness properties such as nontermination.…”

Section: Related Workmentioning

confidence: 99%

Finding Non-terminating Executions in Distributed Asynchronous Programs

Emmi

Lal

2012

Static Analysis

Self Cite

View full text Add to dashboard Cite

Abstract. Programming distributed and reactive asynchronous systems is complex due to the lack of synchronization between concurrently executing tasks, and arbitrary delay of message-based communication.As even simple programming mistakes have the capability to introduce divergent behavior, a key liveness property is eventual quiescence: for any finite number of external stimuli (e.g., client-generated events), only a finite number of internal messages are ever created. In this work we propose a practical three-step reduction-based approach for detecting divergent executions in asynchronous programs. As a first step, we give a code-to-code translation reducing divergence of an asynchronous program P to completed state-reachability-i.e., reachability to a given state with no pending asynchronous tasks-of a polynomiallysized asynchronous program P . In the second step, we give a code-to-code translation under-approximating completed state-reachability of P by state-reachability of a polynomially-sized recursive sequential program P (K), for the given analysis parameter K ∈ N. Following Emmi et al.[8]'s delay-bounding approach, P (K) encodes a subset of P 's, and thus of P 's, behaviors by limiting scheduling nondeterminism. As K is increased, more possibly divergent behaviors of P are considered, and in the limit as K approaches infinity, our reduction is complete for programs with finite data domains. As the final step we give the resulting state-reachability query to an off-the-shelf SMT-based sequential program verification tool. We demonstrate the feasibility of our approach by implementing a prototype analysis tool called Alive, which detects divergent executions in several hand-coded variations of textbook distributed algorithms. As far as we are aware, our easy-to-implement prototype is the first tool which automatically detects divergence for distributed and reactive asynchronous programs. IntroductionThe ever-increasing popularity of online commercial and social networks, along with proliferating mobile computing devices, promises to make distributed software an even more pervasive component of technological infrastructure. In a * Supported by a Fondation Sciences Mathématiques de Paris post-doctoral fellowship.

show abstract

“…For various other (undecidable) models of concurrent systems, decidability is achieved by introducing a context (or "phase") bound, limiting the part of the model simulating synchronization or communication of concurrent processes [6,15,16,18,19]. We adopt the general approach, but introduce new natural definitions of contexts that are suitable for our setting.…”

Section: Introductionmentioning

confidence: 99%

Parameterized Verification of Communicating Automata under Context Bounds

Bollig

Gastin

Schubert

2014

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. We study the verification problem for parameterized communicating automata (PCA), in which processes synchronize via message passing. A given PCA can be run on any topology of bounded degree (such as pipelines, rings, or ranked trees), and communication may take place between any two processes that are adjacent in the topology. Parameterized verification asks if there is a topology from a given topology class that allows for an accepting run of the given PCA. In general, this problem is undecidable even for synchronous communication and simple pipeline topologies. We therefore consider context-bounded verification, which restricts the behavior of each single process. For several variants of context bounds, we show that parameterized verification over pipelines, rings, and ranked trees is decidable. More precisely, it is PSPACE-complete for pipelines and rings, and EXPTIME-complete for ranked trees. Our approach is automata-theoretic. We build a finite (tree, respectively) automaton that identifies those topologies that allow for an accepting run of the given PCA. The verification problem then reduces to checking nonemptiness of that automaton.

show abstract

Bounded Phase Analysis of Message-Passing Programs

Cited by 30 publications

References 22 publications

Natural proofs for asynchronous programs using almost-synchronous reductions

Natural proofs for asynchronous programs using almost-synchronous reductions

Finding Non-terminating Executions in Distributed Asynchronous Programs

Parameterized Verification of Communicating Automata under Context Bounds

Contact Info

Product

Resources

About