Thread-modular static analysis for relaxed memory models

Kusano, Markus; Wang, Chao

doi:10.1145/3106237.3106243

Cited by 18 publications

(14 citation statements)

References 79 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Abstract interpretation [14] is a static analysis framework that considers all paths and inputs to obtain a sound overapproximation of the state at every program location [31,32,52]. For efficiency reasons, the state is kept abstract and often represented by a set of constraints in a certain abstract domain.…”

Section: Abstract Interpretationmentioning

confidence: 99%

Abstract interpretation under speculative execution

Wang

2019

Proceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation

Self Cite

View full text Add to dashboard Cite

Analyzing the behavior of a program running on a processor that supports speculative execution is crucial for applications such as execution time estimation and side channel detection. Unfortunately, existing static analysis techniques based on abstract interpretation do not model speculative execution since they focus on functional properties of a program while speculative execution does not change the functionality. To fill the gap, we propose a method to make abstract interpretation sound under speculative execution. There are two contributions. First, we introduce the notion of virtual control flow to augment instructions that may be speculatively executed and thus affect subsequent instructions. Second, to make the analysis efficient, we propose optimizations to handle merges and loops and to safely bound the speculative execution depth. We have implemented and evaluated the proposed method in a static cache analysis for execution time estimation and side channel detection. Our experiments show that the new method, while guaranteed to be sound under speculative execution, outperforms state-of-the-art abstract interpretation techniques that may be unsound.CCS Concepts • Software and its engineering → Formal software verification; Compilers; • Security and privacy → Cryptanalysis and other attacks. SpeculativeAbstract Interpretation Architectural Parameters (cache config., speculation depth) Control Flow Analysis

show abstract

Section: Abstract Interpretationmentioning

confidence: 99%

Abstract interpretation under speculative execution

Wang

2019

Proceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation

Self Cite

View full text Add to dashboard Cite

show abstract

“…Leveraging our Method in Production. For realistic production-ready analyses, one should likely couple this analysis with a less precise, more scalable one, such as a non-relational or flow-insensitive one [11,14]. The precise one should be used on the small difficult parts of the programs, typically when synchronisation happens and precision is needed to model the interaction between threads.…”

Section: Improvements On Scalingmentioning

confidence: 99%

“…Kusano et al [11] propose a thread-modular analysis for relaxed memory models, including TSO and PSO. They rely on quickly generating imprecise interference sets and leverage a Datalog solver to remove interferences combinations that can be proved impossible.…”

Section: Related Workmentioning

confidence: 99%

Relational Thread-Modular Abstract Interpretation Under Relaxed Memory Models

Suzanne

Miné

2018

Programming Languages and Systems

View full text Add to dashboard Cite

We address the verification problem of numeric properties in many-threaded concurrent programs under weakly consistent memory models, especially TSO. We build on previous work that proposed an abstract interpretation method to analyse these programs with relational domains. This method was not sufficient to analyse more than two threads in a decent time. Our contribution here is to rely on a relyguarantee framework with automatic inference of thread interferences to design an analysis with a thread-modular approach and describe relational abstractions of both thread states and interferences. We show how to adapt the usual computing procedure of interferences to the additional issues raised by weakly consistent memories. We demonstrate the precision and the performance of our method on a few examples, operating a prototype analyser that verifies safety properties like mutual exclusion. We discuss how weak memory models affect the scalability results compared to a sequentially consistent environment.

show abstract

“…In this work, we assume sequential consistency but Datalog is capable of handling weaker memory models [31] as well.…”

Section: Rules For Intra-thread Dependencymentioning

confidence: 99%

“…Our method relies on the Datalog-based declarative program analysis framework, which previously has been applied to both sequential and concurrent programs as well as web applications [10, 15, 17, 19-22, 25, 34, 36, 40, 44, 47, 53]. In the context of static analysis of concurrent programs, for example, Kusano and Wang [30,31] used Datalog in a thread-modular abstract interpretation to check the feasibility of inter-thread data-flow edges on sequentially consistent and weaker memory models. Sung et al [45] used a similar technique for modeling preemption scheduling of interrupts and thus improving the accuracy of static analysis for interrupt-driven programs.…”

Section: Related Workmentioning

confidence: 99%

Datalog-based scalable semantic diffing of concurrent programs

Sung

Lahiri

Enea

et al. 2018

Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering

Self Cite

View full text Add to dashboard Cite

When an evolving program is modified to address issues related to thread synchronization, there is a need to confirm the change is correct, i.e., it does not introduce unexpected behavior. However, manually comparing two programs to identify the semantic difference is labor intensive and error prone, whereas techniques based on model checking are computationally expensive. To fill the gap, we develop a fast and approximate static analysis for computing synchronization differences of two programs. The method is fast because, instead of relying on heavy-weight model checking techniques, it leverages a polynomial-time Datalog-based program analysis framework to compute differentiating data-flow edges, i.e., edges allowed by one program but not the other. Although approximation is used our method is sufficiently accurate due to careful design of the Datalog inference rules and iterative increase of the required data-flow edges for representing a difference. We have implemented our method and evaluated it on a large number of multithreaded C programs to confirm its ability to produce, often within seconds, the same differences obtained by human; in contrast, prior techniques based on model checking take minutes or even hours and thus can be 10x to 1000x slower. CCS CONCEPTS• Software and its engineering → Software verification and validation;

show abstract

Thread-modular static analysis for relaxed memory models

Cited by 18 publications

References 79 publications

Abstract interpretation under speculative execution

Abstract interpretation under speculative execution

Relational Thread-Modular Abstract Interpretation Under Relaxed Memory Models

Datalog-based scalable semantic diffing of concurrent programs

Contact Info

Product

Resources

About