Reduction for compositional verification of multi-threaded programs

Automated verification of multi-threaded programs requires keeping track of a very large number of possible interactions between the program threads. Different reasoning methods have been proposed that alleviate the explicit enumeration of all thread interleavings, e.g., Lipton's theory of reduction or Owicki-Gries method for compositional reasoning, however their synergistic interplay has not yet been fully explored. In this paper we explore the applicability of the theory of reduction for pruning of equivalent interleavings for the automated verification of multi-threaded programs with infinite-state spaces. We propose proof rules for safety and termination of multi-threaded programs that integrate into an Owicki-Gries based compositional verifier. The verification conditions of our method are Horn clauses, thus facilitating automation by using off-the-shelf Horn clause solvers. We present preliminary experimental results that show the advantages of our approach when compared to state-of-the-art verifiers of C programs.

[1]  Jakob Rehof,et al.  Summarizing procedures in concurrent programs , 2004, POPL.

[2]  Andrey Rybalchenko,et al.  Compositional Termination Proofs for Multi-threaded Programs , 2012, TACAS.

[3]  Richard J. Lipton,et al.  Reduction: a method of proving properties of parallel programs , 1975, CACM.

[4]  Ashutosh Gupta,et al.  Predicate abstraction and refinement for verifying multi-threaded programs , 2011, POPL '11.

[5]  Stephen N. Freund,et al.  Atomizer: A dynamic atomicity checker for multithreaded programs , 2008, Sci. Comput. Program..

[6]  Ashutosh Gupta,et al.  Threader: A Constraint-Based Verifier for Multi-threaded Programs , 2011, CAV.

[7]  Andreas Johannes Wilhelm,et al.  Efficient Verification of Multi-Threaded Programs , 2014 .

[8]  Cormac Flanagan,et al.  Transactions for Software Model Checking , 2003, SoftMC@CAV.

[9]  Flavio Lerda,et al.  Symbolic Model Checking of Software , 2003, SoftMC@CAV.

[10]  Cormac Flanagan,et al.  Types for atomicity , 2003, TLDI '03.

[11]  Cormac Flanagan,et al.  A type and effect system for atomicity , 2003, PLDI.

[12]  Serdar Tasiran,et al.  A calculus of atomic actions , 2009, POPL '09.

[13]  Kenneth L. McMillan,et al.  Lazy Abstraction with Interpolants , 2006, CAV.

[14]  Patrice Godefroid,et al.  Dynamic partial-order reduction for model checking software , 2005, POPL '05.

[15]  Kedar S. Namjoshi,et al.  Local Proofs for Global Safety Properties , 2007, CAV.

[16]  Cliff B. Jones,et al.  Tentative steps toward a development method for interfering programs , 1983, TOPL.

[17]  Susan Owicki,et al.  An axiomatic proof technique for parallel programs I , 1976, Acta Informatica.

[18]  Robert K. Brayton,et al.  Partial-Order Reduction in Symbolic State-Space Exploration , 2001, Formal Methods Syst. Des..

[19]  Joël Ouaknine,et al.  Verifying multi-threaded software with impact , 2013, 2013 Formal Methods in Computer-Aided Design.

[20]  Dirk Beyer,et al.  Second Competition on Software Verification - (Summary of SV-COMP 2013) , 2013, TACAS.

[21]  Andrey Rybalchenko,et al.  Synthesizing software verifiers from proof rules , 2012, PLDI.

[22]  Thomas W. Reps,et al.  Precise interprocedural dataflow analysis via graph reachability , 1995, POPL '95.

[23]  Patrice Godefroid,et al.  Partial-Order Methods for the Verification of Concurrent Systems , 1996, Lecture Notes in Computer Science.

[24]  Jakob Rehof,et al.  Zing: A Model Checker for Concurrent Software , 2004, CAV.

[25]  Edmund M. Clarke,et al.  Counterexample-guided abstraction refinement , 2003, 10th International Symposium on Temporal Representation and Reasoning, 2003 and Fourth International Conference on Temporal Logic. Proceedings..