Predicate abstraction and refinement for verifying multi-threaded programs

Automated verification of multi-threaded programs requires explicit identification of the interplay between interacting threads, so-called environment transitions, to enable scalable, compositional reasoning. Once the environment transitions are identified, we can prove program properties by considering each program thread in isolation, as the environment transitions keep track of the interleaving with other threads. Finding adequate environment transitions that are sufficiently precise to yield conclusive results and yet do not overwhelm the verifier with unnecessary details about the interleaving with other threads is a major challenge. In this paper we propose a method for safety verification of multi-threaded programs that applies (transition) predicate abstraction-based discovery of environment transitions, exposing a minimal amount of information about the thread interleaving. The crux of our method is an abstraction refinement procedure that uses recursion-free Horn clauses to declaratively state abstraction refinement queries. Then, the queries are resolved by a corresponding constraint solving algorithm. We present preliminary experimental results for mutual exclusion protocols and multi-threaded device drivers.

[1]  Boleslaw K. Szymanski A simple solution to Lamport's concurrent programming problem with linear wait , 1988, ICS '88.

[2]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[3]  Gadi Taubenfeld,et al.  Automatic Discovery of Mutual Exclusion Algorithms , 2003, DISC.

[4]  Andreas Podelski,et al.  Transition predicate abstraction and fair termination , 2005, POPL '05.

[5]  Yuanyuan Zhou,et al.  Learning from mistakes: a comprehensive study on real world concurrency bug characteristics , 2008, ASPLOS.

[6]  Amir Pnueli,et al.  Liveness with (0, 1, infty)-Counter Abstraction , 2002, CAV.

[7]  Patrice Godefroid,et al.  Partial-Order Methods for the Verification of Concurrent Systems , 1996, Lecture Notes in Computer Science.

[8]  Daniel Kroening,et al.  Boom: Taking Boolean Program Model Checking One Step Further , 2010, TACAS.

[9]  Andreas Podelski,et al.  ARMC: The Logical Choice for Software Model Checking with Abstraction Refinement , 2007, PADL.

[10]  Andreas Podelski,et al.  Thread-Modular Verification Is Cartesian Abstract Interpretation , 2006, ICTAC.

[11]  Leslie Lamport,et al.  A fast mutual exclusion algorithm , 1987, TOCS.

[12]  George C. Necula,et al.  CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs , 2002, CC.

[13]  Thomas A. Henzinger,et al.  Race checking by context inference , 2004, PLDI '04.

[14]  Zohar Manna,et al.  Temporal verification of reactive systems - safety , 1995 .

[15]  Stephen N. Freund,et al.  Thread-Modular Verification for Shared-Memory Programs , 2002, ESOP.

[16]  Susan Owicki,et al.  An axiomatic proof technique for parallel programs I , 1976, Acta Informatica.

[17]  Dinghao Wu,et al.  KISS: keep it simple and sequential , 2004, PLDI '04.

[18]  Thomas Ball,et al.  Finding and Reproducing Heisenbugs in Concurrent Programs , 2008, OSDI.

[19]  Leslie Lamport,et al.  A new solution of Dijkstra's concurrent programming problem , 1974, Commun. ACM.

[20]  Kedar S. Namjoshi,et al.  Local Proofs for Global Safety Properties , 2007, CAV.

[21]  Thomas A. Henzinger,et al.  Lazy abstraction , 2002, POPL '02.

[22]  Daniel Kroening,et al.  Symbolic Counter Abstraction for Concurrent Software , 2009, CAV.

[23]  Cormac Flanagan,et al.  Thread-Modular Model Checking , 2003, SPIN.

[24]  Edmund M. Clarke,et al.  Counterexample-guided abstraction refinement , 2003, 10th International Symposium on Temporal Representation and Reasoning, 2003 and Fourth International Conference on Temporal Logic. Proceedings..

[25]  Chao Wang,et al.  Peephole Partial Order Reduction , 2008, TACAS.

[26]  Greg Kroah-Hartman,et al.  Linux Device Drivers, 3rd Edition , 2005 .

[27]  Hassen Saïdi,et al.  Construction of Abstract State Graphs with PVS , 1997, CAV.

[28]  Cliff B. Jones,et al.  Specification and Design of (Parallel) Programs , 1983, IFIP Congress.

[29]  Greg Kroah-Hartman,et al.  Linux Device Drivers , 1998 .

[30]  Patrice Godefroid,et al.  Dynamic partial-order reduction for model checking software , 2005, POPL '05.

[31]  Cliff B. Jones,et al.  Tentative steps toward a development method for interfering programs , 1983, TOPL.

[32]  Ashutosh Gupta,et al.  Non-monotonic Refinement of Control Abstraction for Concurrent Programs , 2010, ATVA.