Abstract
Concurrent programs are in widespread use for harnessing the computing power of multi-core hardware. However, it is very challenging to develop correct concurrent programs. In practice, concurrency-related bugs such as data races, deadlocks, and atomicity violations are very common. In this chapter, we describe efforts based on model-checking for automatic verification and debugging of concurrent programs. The emphasis is on core ideas for reasoning about synchronizations and communication between threads and processes, while considering all possible behaviors due to their interactions.
We start by considering model-checking based on interacting pushdown system (PDS) models. In these models, each component (thread or process) is modeled as a pushdown automaton, where the stack is used to model recursion. Model checking based on pushdown automata has a close correspondence with dataflow analysis of programs, and this has been successfully used for verification of sequential programs. However, applying these methods to a system of interacting pushdown automata is not straightforward. Even the basic problem of reachability is undecidable in the general case. We describe some techniques that have been proposed to get around this barrier, by restricting the patterns of synchronization and communication among components.
Although PDSs provide a natural model for concurrent programs, it is difficult to apply PDS-based model-checking techniques directly to concurrent programs in practice. In addition to the formidable decidability barrier, this is also due to the huge gap between low-level PDS models and the feature-rich high-level programming languages in which concurrent programs are written. Fortunately, the successes of model-checking on finite state systems and sequential programs have provided a wealth of useful abstractions and techniques to bridge this gap. In the last part of the chapter, we will describe verification techniques for concurrent programs that are inspired by these models. They often abstract the effects of synchronization and focus on handling the complexity of reasoning about all possible behaviors. However, they can, and should, exploit insights and results of PDS-based model-checking.
This is a preview of subscription content, log in via an institution.
Preview
Unable to display preview. Download preview PDF.
References
Alglave, J., Maranget, L., Sarkar, S., Sewell, P.: Fences in weak memory models (extended version). Form. Methods Syst. Des. 40(2), 170–205 (2012)
Atig, M.F., Bouajjani, A., Touili, T.: On the reachability analysis of acyclic networks of pushdown systems. In: van Breugel, F., Chechik, M. (eds.) CONCUR. LNCS, vol. 5201, pp. 356–371 (2008)
Atig, M.F., Touili, T.: Verifying parallel programs with dynamic communication structures. In: Maneth, S. (ed.) CIAA. LNCS, vol. 5642, pp. 145–154. Springer, Heidelberg (2009)
Bonnet, R., Chadha, R., Madhusudan, P., Viswanathan, M.: Reachability under contextual locking. Log. Methods Comput. Sci. 9(3), 1–17 (2013)
Bouajjani, A., Emmi, M.: Bounded phase analysis of message-passing programs. Int. J. Softw. Tools Technol. Transf. 16(2), 127–146 (2014)
Bouajjani, A., Esparza, J., Maler, O.: Reachability analysis of pushdown automata: application to model-checking. In: Marzurkiewicz, A., Winkowski, J. (eds.) CONCUR. LNCS, vol. 1243, pp. 135–150. Springer, Heidelberg (1997)
Bouajjani, A., Esparza, J., Schwoon, S., Strejcek, J.: Reachability analysis of multithreaded software with asynchronous communication. In: Ramanujan, R., Sen, S. (eds.) FSTTCS. LNCS, vol. 3821, pp. 348–359. Springer, Heidelberg (2005)
Bouajjani, A., Esparza, J., Touili, T.: A generic approach to the static analysis of concurrent programs with procedures. In: POPL, pp. 62–73. ACM, New York (2003)
Bouajjani, A., Esparza, J., Touili, T.: A generic approach to the static analysis of concurrent programs with procedures. Int. J. Found. Comput. Sci. 14(4), 551–582 (2003)
Burckhardt, S., Alur, R., Martin, M.M.K.: Bounded model checking of concurrent data types on relaxed memory models: a case study. In: Ball, T., Jones, R.B. (eds.) CAV. LNCS, vol. 4144, pp. 489–502. Springer, Heidelberg (2006)
Burckhardt, S., Alur, R., Martin, M.M.K.: Checkfence: checking consistency of concurrent data types on relaxed memory models. In: PLDI, pp. 12–21. ACM, New York (2007)
Burckhardt, S., Musuvathi, M.: Effective program verification for relaxed memory models. In: Gupta, A., Malik, S. (eds.) CAV. LNCS, vol. 5123, pp. 107–120. Springer, Heidelberg (2008)
Calcagno, C., Distefano, D., O’Hearn, P.W., Yang, H.: Compositional shape analysis by means of bi-abduction. J. ACM 58(6), 26 (2011)
Cerný, P., Henzinger, T.A., Radhakrishna, A., Ryzhyk, L., Tarrach, T.: Efficient synthesis for concurrency by semantics-preserving transformations. In: Sharygina, N., Veith, H. (eds.) CAV. LNCS, vol. 8044, pp. 951–967. Springer, Heidelberg (2013)
Chadha, R., Madhusudan, P., Viswanathan, M.: Reachability under contextual locking. In: Flanagan, C., König, B. (eds.) TACAS. LNCS, vol. 7214, pp. 437–450. Springer, Heidelberg (2012)
Chaki, S., Clarke, E.M., Kidd, N., Reps, T.W., Touili, T.: Verifying concurrent message-passing C programs with recursive calls. In: Hermanns, H., Palsberg, J. (eds.) TACAS. LNCS, vol. 3920, pp. 334–349. Springer, Heidelberg (2006)
Chen, F., Rosu, G.: Parametric and sliced causality. In: Damm, W., Hermanns, H. (eds.) CAV. LNCS, vol. 4590, pp. 240–253. Springer, Heidelberg (2007)
Cherem, S., Chilimbi, T.M., Gulwani, S.: Inferring locks for atomic sections. In: PLDI, pp. 304–315. ACM, New York (2008)
Clarke, E.M., Emerson, E.A.: Design and synthesis of synchronization skeletons using branching-time temporal logic. In: Kozen, D. (ed.) Logics of Programs. LNCS, vol. 131, pp. 52–71. Springer, Heidelberg (1981)
Cohen, A., Namjoshi, K.S.: Local proofs for global safety properties. Form. Methods Syst. Des. 34(2), 104–125 (2009)
Elmas, T., Qadeer, S., Tasiran, S.: A calculus of atomic actions. In: POPL, pp. 2–15. ACM, New York (2009)
Emmi, M., Fischer, J.S., Jhala, R., Majumdar, R.: Lock allocation. In: POPL, pp. 291–296. ACM, New York (2007)
Esparza, J., Schwoon, S.: A BDD-based model checker for recursive programs. In: Berry, G., Common, N., Finkel, A. (eds.) CAV. LNCS, vol. 2102, pp. 324–336. Springer, Heidelberg (2001)
Farzan, A., Kincaid, Z.: Compositional bitvector analysis for concurrent programs with nested locks. In: Cousot, R., Martel, M. (eds.) SAS. LNCS, vol. 6337, pp. 253–270. Springer, Heidelberg (2010)
Farzan, A., Madhusudan, P., Sorrentino, F.: Meta-analysis for atomicity violations under nested locking. In: Bonajjani, A., Maler, O. (eds.) CAV. LNCS, vol. 5643, pp. 248–262. Springer, Heidelberg (2009)
Flanagan, C., Godefroid, P.: Dynamic partial-order reduction for model checking software. In: POPL, pp. 110–121. ACM, New York (2005)
Ganai, M.K., Gupta, A.: Efficient modeling of concurrent systems in BMC. In: Havelund, K., Majumdar, R., Palsberg, J. (eds.) SPIN. LNCS, vol. 5156, pp. 114–133. Springer, Heidelberg (2008)
Ganai, M.K., Kundu, S.: Reduction of verification conditions for concurrent system using mutually atomic transactions. In: Păsăreanu, C. (ed.) SPIN. LNCS, vol. 5578, pp. 68–87. Springer, Heidelberg (2009)
Godefroid, P.: Partial-Order Methods for the Verification of Concurrent Systems—An Approach to the State-Explosion Problem. LNCS, vol. 1032. Springer, Heidelberg (1996)
Godefroid, P.: Model checking for programming languages using Verisoft. In: POPL, pp. 174–186. ACM, New York (1997)
Gotsman, A., Berdine, J., Cook, B., Sagiv, M.: Thread-modular shape analysis. In: PLDI, pp. 266–277. ACM, New York (2007)
Gueta, G., Flanagan, C., Yahav, E., Sagiv, M.: Cartesian partial-order reduction. In: Bošnački, D., Edelkamp, S. (eds.) SPIN Workshop on Model Checking Software. LNCS, vol. 4595, pp. 95–112. Springer, Heidelberg (2007)
Gupta, A., Popeea, C., Rybalchenko, A.: Predicate abstraction and refinement for verifying multi-threaded programs. In: POPL, pp. 331–344. ACM, New York (2011)
Henzinger, T.A., Jhala, R., Majumdar, R.: Race checking by context inference. In: PLDI, pp. 1–13. ACM, New York (2004)
Henzinger, T.A., Jhala, R., Majumdar, R.: Permissive interfaces. In: ESEC/SIGSOFT FSE, pp. 31–40. ACM, New York (2005)
Henzinger, T.A., Jhala, R., Majumdar, R., Qadeer, S.: Thread-modular abstraction refinement. In: Hunt, W.A. Jr., Somenzi, F. (eds.) CAV. LNCS, vol. 2725, pp. 262–274. Springer, Heidelberg (2003)
Holzmann, G.J.: Software model checking with SPIN. Adv. Comput. 65, 78–109 (2005)
Kahlon, V.: Boundedness vs. unboundedness of lock chains: characterizing decidability of pairwise CFL-reachability for threads communicating via locks. In: LICS, pp. 27–36. IEEE, Piscataway (2009)
Kahlon, V.: Reasoning about threads with bounded lock chains. In: Katoen, J., König, B. (eds.) CONCUR. LNCS, vol. 6901, pp. 450–465. Springer, Heidelberg (2011)
Kahlon, V., Gupta, A.: An automata-theoretic approach for model checking threads for LTL properties. In: LICS, pp. 101–110. IEEE, Piscataway (2006)
Kahlon, V., Gupta, A.: On the analysis of interacting pushdown systems. In: POPL, pp. 303–314. ACM, New York (2007)
Kahlon, V., Ivančić, F., Gupta, A.: Reasoning about threads communicating via locks. In: Etessami, K., Rajamani, S.K. (eds.) CAV. LNCS, vol. 3576, pp. 505–518. Springer, Heidelberg (2005)
Kahlon, V., Sankaranarayanan, S., Gupta, A.: Semantic reduction of thread interleavings in concurrent programs. In: Kowalewski, S., Philippou, A. (eds.) TACAS. LNCS, vol. 5505, pp. 124–138. Springer, Heidelberg (2009)
Kahlon, V., Wang, C.: Universal causality graphs: a precise happens-before model for detecting bugs in concurrent programs. In: Touili, T., Cook, B., Jackson, P. (eds.) CAV. LNCS, vol. 6174, pp. 434–449. Springer, Heidelberg (2010)
Kahlon, V., Wang, C., Gupta, A.: Monotonic partial order reduction: an optimal symbolic partial order reduction technique. In: Bouajjani, A., Maler, O. (eds.) CAV. LNCS, vol. 5643, pp. 398–413. Springer, Heidelberg (2009)
Kidd, N., Lammich, P., Touili, T., Reps, T.W.: A decision procedure for detecting atomicity violations for communicating processes with locks. Int. J. Softw. Tools Technol. Transf. 13(1), 37–60 (2011)
Kuperstein, M., Vechev, M.T., Yahav, E.: Automatic inference of memory fences. SIGACT News 43(2), 108–123 (2012)
Lahiri, S.K., Qadeer, S., Rakamaric, Z.: Static and precise detection of concurrency errors in systems code using SMT solvers. In: Bouajjani, A., Maler, O. (eds.) CAV. LNCS, vol. 5643, pp. 509–524. Springer, Heidelberg (2009)
Lal, A., Balakrishnan, G., Reps, T.: Extended weighted pushdown systems. In: Ekessami, K., Rajamani, S.K. (eds.) CAV. LNCS, vol. 3576, pp. 434–448. Springer, Heidelberg (2005)
Lal, A., Reps, T.W.: Reducing concurrent analysis under a context bound to sequential analysis. In: Gupta, A., Malik, S. (eds.) CAV. LNCS, vol. 5123, pp. 37–51. Springer, Heidelberg (2008)
Lammich, P., Müller-Olm, M., Wenner, A.: Predecessor sets of dynamic pushdown networks with tree-regular constraints. In: Bouajjani, A., Maler, O. (eds.) CAV. LNCS, vol. 5643, pp. 525–539. Springer, Heidelberg (2009)
Lamport, L.: Time, clocks, and the ordering of events in a distributed system. Commun. ACM 21(7), 558–565 (1978)
Mazurkiewicz, A.W.: Trace theory. In: Brauer, W., Reisig, W., Rozenberg, G. (eds.) Advances in Petri Nets. LNCS, vol. 255, pp. 279–324. Springer, Heidelberg (1986)
Miné, A.: Static analysis of run-time errors in embedded critical parallel C programs. In: Barté, G. (ed.) ESOP. LNCS, vol. 6602. Springer, Heidelberg (2011)
Musuvathi, M., Qadeer, S., Ball, T., Basler, G., Nainar, P.A., Neamtiu, I.: Finding and reproducing Heisenbugs in concurrent programs. In: OSDI, pp. 267–280. USENIX Association, Berkeley (2008)
O’Hearn, P.W.: Resources, concurrency and local reasoning. In: Gardner, P., Yoshida, N. (eds.) CONCUR. LNCS, vol. 3170, pp. 49–67. Springer, Heidelberg (2004)
Peled, D.: All from one, one for all: on model checking using representatives. In: Courcoubetis, C. (ed.) CAV. LNCS, vol. 697, pp. 409–423. Springer, Heidelberg (1993)
Qadeer, S., Rehof, J.: Context-bounded model checking of concurrent software. In: Halbwachs, N., Zuck, L. (eds.) TACAS. LNCS, vol. 3440, pp. 93–107. Springer, Heidelberg (2005)
Rabinovitz, I., Grumberg, O.: Bounded model checking of concurrent programs. In: Etessami, K., Rajamani, S.K. (eds.) CAV. LNCS, vol. 3576, pp. 82–97. Springer, Heidelberg (2005)
Ramalingam, G.: Context-sensitive synchronization-sensitive analysis is undecidable. In: TOPLAS, pp. 416–430. ACM, New York (2000)
Reps, T., Schwoon, S., Jha, S.: Weighted pushdown systems and their application to interprocedural dataflow analysis. In: Cousot, R. (ed.) SAS. LNCS, vol. 2694, pp. 189–213. Springer, Heidelberg (2003)
Sen, K., Rosu, G., Agha, G.: Runtime safety analysis of multithreaded programs. In: ESEC/SIGSOFT FSE, pp. 337–346. ACM, New York (2003)
Singh, R., Giannakopoulou, D., Pasareanu, C.S.: Learning component interfaces with may and must abstractions. In: Touili, T., Cook, B., Jackson, P. (eds.) CAV. LNCS, vol. 6174, pp. 527–542. Springer, Heidelberg (2010)
Sinha, A., Malik, S., Gupta, A.: Efficient predictive analysis for detecting nondeterminism in multi-threaded programs. In: FMCAD, pp. 6–15. IEEE, Piscataway (2012)
Sinha, N., Wang, C.: Staged concurrent program analysis. In: SIGSOFT FSE, pp. 47–56. ACM, New York (2010)
Sinha, N., Wang, C.: On interference abstractions. In: POPL, pp. 423–434. ACM, New York (2011)
Solar-Lezama, A., Jones, C.G., Bodík, R.: Sketching concurrent data structures. In: PLDI, pp. 136–148. ACM, New York (2008)
Stoller, S.D.: Model-checking multi-threaded distributed Java programs. Int. J. Softw. Tools Technol. Transf. 4(1), 71–91 (2002)
Touili, T., Atig, M.F.: Verifying parallel programs with dynamic communication structures. Theor. Comput. Sci. 411(38–39), 3460–3468 (2010)
Vafeiadis, V.: Automatically proving linearizability. In: Touili, T., Cook, B., Jackson, P. (eds.) CAV. LNCS, vol. 6174, pp. 450–464. Springer, Heidelberg (2010)
Valmari, A.: Stubborn sets for reduced state space generation. In: Rozenberg, G. (ed.) Advances in Petri Nets. LNCS, vol. 483, pp. 491–515. Springer, Heidelberg (1989)
Visser, W., Havelund, K., Brat, G.P., Park, S., Lerda, F.: Model checking programs. Autom. Softw. Eng. 10(2), 203–232 (2003)
Vo, A., Vakkalanka, S.S., Delisi, M., Gopalakrishnan, G., Kirby, R.M., Thakur, R.: Formal verification of practical MPI programs. In: PPOPP, pp. 261–270. ACM, New York (2009)
Walukiewicz, I.: Model checking CTL properties of pushdown systems. In: Kapoor, S., Prasad, S. (eds.) FSTTCS. LNCS, vol. 1974, pp. 127–138. Springer, Heidelberg (2000)
Wang, C., Kundu, S., Ganai, M.K., Gupta, A.: Symbolic predictive analysis for concurrent programs. In: Cavalcanti, A., Dams, D. (eds.) FM. LNCS, vol. 5850, pp. 256–272. Springer, Heidelberg (2009)
Wang, C., Limaye, R., Ganai, M.K., Gupta, A.: Trace-based symbolic analysis for atomicity violations. In: Esparza, J., Majumdar, R. (eds.) TACAS. LNCS, vol. 6015, pp. 328–342. Springer, Heidelberg (2010)
Wang, C., Said, M., Gupta, A.: Coverage guided systematic concurrency testing. In: ICSE, pp. 221–230. ACM, New York (2011)
Wang, C., Yang, Z., Kahlon, V., Gupta, A.: Peephole partial order reduction. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS. LNCS, vol. 4963, pp. 382–396. Springer, Heidelberg (2008)
Wies, T., Zufferey, D., Henzinger, T.A.: Forward analysis of depth-bounded processes. In: Ong, L. (ed.) FOSSACS. LNCS, vol. 6014, pp. 94–108. Springer, Heidelberg (2010)
Yang, Y., Gopalakrishnan, G., Lindstrom, G.: Memory-model-sensitive data race analysis. In: Davies, J., Schutte, W., Barnett, M. (eds.) ICFEM. LNCS, vol. 3308, pp. 30–45 (2004)
Yi, J., Sadowski, C., Flanagan, C.: SideTrack: generalizing dynamic atomicity analysis. In: PADTAD, pp. 8:1–8:10. ACM, New York (2009)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this chapter
Cite this chapter
Gupta, A., Kahlon, V., Qadeer, S., Touili, T. (2018). Model Checking Concurrent Programs. In: Clarke, E., Henzinger, T., Veith, H., Bloem, R. (eds) Handbook of Model Checking. Springer, Cham. https://doi.org/10.1007/978-3-319-10575-8_18
Download citation
DOI: https://doi.org/10.1007/978-3-319-10575-8_18
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-10574-1
Online ISBN: 978-3-319-10575-8
eBook Packages: Computer ScienceComputer Science (R0)