Language-Theoretic Abstraction Refinement

We give a language-theoretic counterexample-guided abstraction refinement (CEGAR) algorithm for the safety verification of recursive multi-threaded programs. First, we reduce safety verification to the (undecidable) language emptiness problem for the intersection of context-free languages. Initially, our CEGAR procedure overapproximates the intersection by a context-free language. If the overapproximation is empty, we declare the system safe. Otherwise, we compute a bounded language from the overapproximation and check emptiness for the intersection of the context free languages and the bounded language (which is decidable). If the intersection is non-empty, we report a bug. If empty, we refine the overapproximation by removing the bounded language and try again. The key idea of the CEGAR loop is the language-theoretic view: different strategies to get regular overapproximations and bounded approximations of the intersection give different implementations. We give concrete algorithms to approximate context-free languages using regular languages and to generate bounded languages representing a family of counterexamples. We have implemented our algorithms and provide an experimental comparison on various choices for the regular overapproximation and the bounded underapproximation.

[1]  Michel Latteux,et al.  Une propriete de la famille GRE , 1979, FCT.

[2]  Rajeev Alur,et al.  A Temporal Logic of Nested Calls and Returns , 2004, TACAS.

[3]  Pierre Ganty,et al.  Complexity of pattern-based verification for multithreaded programs , 2011, POPL '11.

[4]  Helmut Veith,et al.  Proving Ptolemy Right: The Environment Abstraction Framework for Model Checking Concurrent Systems , 2008, TACAS.

[5]  Tayssir Touili,et al.  Verifying Multithreaded Recursive Programs with Integer Variables , 2009, INFINITY.

[6]  Thomas W. Reps,et al.  Reducing Concurrent Analysis Under a Context Bound to Sequential Analysis , 2008, CAV.

[7]  Mark-Jan Nederhof,et al.  Regular Approximation of Context-Free Grammars through Transformation , 2001 .

[8]  Jeffrey D. Ullman,et al.  Introduction to Automata Theory, Languages and Computation , 1979 .

[9]  Sriram K. Rajamani,et al.  The SLAM project: debugging system software via static analysis , 2002, POPL '02.

[10]  Tayssir Touili,et al.  A Generic Approach to the Static Analysis of Concurrent Programs with Procedures , 2003, Int. J. Found. Comput. Sci..

[11]  Sagar Chaki,et al.  Verifying Concurrent Message-Passing C Programs with Recursive Calls , 2006, TACAS.

[12]  Ibrahim Cahit,et al.  On the Graceful Numbering of Spanning Trees , 1975, Inf. Process. Lett..

[13]  Jan van Leeuwen,et al.  Effective constructions in well-partially- ordered free monoids , 1978, Discret. Math..

[14]  Vineet Kahlon Boundedness vs. Unboundedness of Lock Chains: Characterizing Decidability of Pairwise CFL-Reachability for Threads Communicating via Locks , 2009, 2009 24th Annual IEEE Symposium on Logic In Computer Science.

[15]  Tayssir Touili,et al.  Spade: Verification of Multithreaded Dynamic and Recursive Programs , 2007, CAV.

[16]  Vineet Kahlon,et al.  On the analysis of interacting pushdown systems , 2007, POPL '07.

[17]  Claes Wikström,et al.  Concurrent programming in ERLANG (2nd ed.) , 1996 .

[18]  Grzegorz Rozenberg,et al.  Developments in Language Theory II , 2002 .

[19]  Omer E ˘ gecio ˘ glu Strongly Regular Grammars and Regular Approximation of Context-Free Languages , 2009 .

[20]  Thomas A. Henzinger,et al.  Thread-Modular Abstraction Refinement , 2003, CAV.

[21]  Dinghao Wu,et al.  KISS: keep it simple and sequential , 2004, PLDI '04.

[22]  Thomas A. Henzinger,et al.  Race checking by context inference , 2004, PLDI '04.

[23]  G. Ramalingam,et al.  Context-sensitive synchronization-sensitive analysis is undecidable , 2000, TOPL.

[24]  Javier Esparza,et al.  Symbolic Context-Bounded Analysis of Multithreaded Java Programs , 2008, SPIN.

[25]  S. Ginsburg,et al.  BOUNDED ALGOL-LIKE LANGUAGES^) , 1964 .

[26]  Andreas Podelski,et al.  ACSAR: Software Model Checking with Transfinite Refinement , 2007, SPIN.

[27]  Jakob Rehof,et al.  Context-Bounded Model Checking of Concurrent Software , 2005, TACAS.

[28]  Ashutosh Gupta,et al.  Predicate abstraction and refinement for verifying multi-threaded programs , 2011, POPL '11.

[29]  S. Ginsburg,et al.  Bounded -like languages , 1964 .

[30]  Helmut Veith,et al.  Counterexample-guided abstraction refinement for symbolic model checking , 2003, JACM.

[31]  守屋 悦朗,et al.  J.E.Hopcroft, J.D. Ullman 著, "Introduction to Automata Theory, Languages, and Computation", Addison-Wesley, A5変形版, X+418, \6,670, 1979 , 1980 .

[32]  Thomas A. Henzinger,et al.  Lazy abstraction , 2002, POPL '02.

[33]  Gary L. Peterson,et al.  Myths About the Mutual Exclusion Problem , 1981, Inf. Process. Lett..

[34]  Rupak Majumdar,et al.  Bounded underapproximations , 2008, Formal Methods Syst. Des..