Checking Concise Specifications for Multithreaded Software

due to the potential for subtle interactions between threads. We present a new modular verification technique to check concise specifications of large multithreaded programs. Our analysis scales to systems with large numbers of procedures and threads. We achieve thread-modular analysis by annotating each shared variable by an access predicate that summarizes the condition under which a thread may access that variable. We achieve procedure-modular analysis by annotating each procedure with a specification related to its implementation by an abstraction relation combining the notions of simulation and reduction. We have implemented our analysis in Calvin-R, a static checker for multithreaded Java programs.

[1]  Stephen N. Freund,et al.  Atomizer: a dynamic atomicity checker for multithreaded programs , 2004, 18th International Parallel and Distributed Processing Symposium, 2004. Proceedings..

[2]  Matthew B. Dwyer,et al.  Verifying Atomicity Specifications for Concurrent Object-Oriented Software Using Model-Checking , 2004, VMCAI.

[3]  Cormac Flanagan,et al.  Avoiding exponential explosion: generating compact verification conditions , 2001, POPL '01.

[4]  Charles Gregory Nelson,et al.  Techniques for program verification , 1979 .

[5]  James C. Corbett,et al.  Bandera: extracting finite-state models from Java source code , 2000, ICSE.

[6]  Patrice Godefroid,et al.  Model checking for programming languages using VeriSoft , 1997, POPL '97.

[7]  Stephen N. Freund,et al.  Type-based race detection for Java , 2000, PLDI '00.

[8]  Edsger W. Dijkstra,et al.  A Discipline of Programming , 1976 .

[9]  Cormac Flanagan,et al.  A type and effect system for atomicity , 2003, PLDI.

[10]  Scott D. Stoller,et al.  Optimistic Synchronization-Based State-Space Reduction , 2003, TACAS.

[11]  Chandramohan A. Thekkath,et al.  Frangipani: a scalable distributed file system , 1997, SOSP.

[12]  Jong-Deok Choi,et al.  Efficient and precise datarace detection for multithreaded object-oriented programs , 2002, PLDI '02.

[13]  Eran Yahav,et al.  Verifying safety properties of concurrent Java programs using 3-valued logic , 2001, POPL '01.

[14]  Michael Burrows,et al.  Eraser: a dynamic data race detector for multithreaded programs , 1997, TOCS.

[15]  David Gay,et al.  Barrier inference , 1998, POPL '98.

[16]  Andreas Rausch,et al.  Journal of Object Technology , 2002 .

[17]  C. A. R. Hoare,et al.  Monitors: an operating system structuring concept , 1974, CACM.

[18]  Sanjit A. Seshia,et al.  A Modular Checker for Multithreaded Programs , 2002, CAV.

[19]  Ken Arnold,et al.  The Java Programming Language , 1996 .

[20]  Matthew B. Dwyer,et al.  Exploiting Object Escape and Locking Information in Partial-Order Reductions for Concurrent Object-Oriented Programs , 2004, Formal Methods Syst. Des..

[21]  Martin C. Rinard,et al.  A parameterized type system for race-free Java programs , 2001, OOPSLA '01.

[22]  Richard J. Lipton,et al.  Reduction: a method of proving properties of parallel programs , 1975, CACM.

[23]  Leslie Lamport,et al.  Reduction in TLA , 1998, CONCUR.

[24]  Charles E. Leiserson,et al.  Detecting data races in Cilk programs that use locks , 1998, SPAA '98.

[25]  Leslie Lamport,et al.  Pretending Atomicity , 1989 .

[26]  Michael Burrows,et al.  Eraser: a dynamic data race detector for multi-threaded programs , 1997, TOCS.

[27]  Cormac Flanagan,et al.  Transactions for Software Model Checking , 2003, SoftMC@CAV.

[28]  Stephen N. Freund,et al.  Thread-Modular Verification for Shared-Memory Programs , 2002, ESOP.

[29]  Per Capita,et al.  About the authors , 1995, Machine Vision and Applications.

[30]  Thomas W. Doeppner,et al.  Parallel program correctness through refinement , 1977, POPL.

[31]  Jayadev Misra,et al.  A discipline of multiprogramming: programming theory for distributed applications , 2001 .

[32]  Matthew B. Dwyer,et al.  Checking Strong Specifications Using an Extensible Software Model Checking Framework , 2004, TACAS.

[33]  Greg Nelson,et al.  Extended static checking for Java , 2002, PLDI '02.

[34]  Nicholas Sterling,et al.  WARLOCK - A Static Data Race Analysis Tool , 1993, USENIX Winter.

[35]  Scott D. Stoller,et al.  Model-checking multi-threaded distributed Java programs , 2000, International Journal on Software Tools for Technology Transfer.

[36]  Derek L. Bruening Systematic testing of multithreaded Java programs , 1999 .

[37]  Pierre Wolper,et al.  A Partial Approach to Model Checking , 1994, Inf. Comput..

[38]  Cormac Flanagan,et al.  Types for atomicity , 2003, TLDI '03.

[39]  Doron A. Peled,et al.  Combining partial order reductions with on-the-fly model-checking , 1994, Formal Methods Syst. Des..

[40]  Ralph-Johan Back A Method for Refining Atomicity in Parallel Algorithms , 1989, PARLE.

[41]  Martin C. Rinard,et al.  Analysis of Multithreaded Programs , 2001, SAS.

[42]  Cliff B. Jones,et al.  Specification and Design of (Parallel) Programs , 1983, IFIP Congress.

[43]  Thomas R. Gross,et al.  Object race detection , 2001, OOPSLA '01.

[44]  Jakob Rehof,et al.  Summarizing procedures in concurrent programs , 2004, POPL.