Symbolic Model Checking of Concurrent Programs Using Partial Orders and On-the-Fly Transactions

The state explosion problem is one of the core bottlenecks in the model checking of concurrent software. We show how to ameliorate the problem by combining the ability of partial order techniques to reduce the state space of the concurrent program with the power of symbolic model checking to explore large state spaces. Our new verification methodology involves translating the given concurrent program into a circuit-based model which gives us the flexibility to then employ any model checking technique of choice – either SAT or BDD-based – for verifying a broad range of linear time properties, not just safety. The reduction in the explored state-space is obtained by statically augmenting the symbolic encoding of the program by additional constraints. These constraints restrict the scheduler to choose from a minimal conditional stubborn set of transitions at each state. Another key contribution of the paper, is a new method for detecting transactions on-the-fly which takes into account patterns of lock acquisition and yields better reductions than existing methods which rely on a lockset based analysis. Moreover unlike existing techniques, identifying on-the-fly transactions does not require the program to follow a lock discipline in accessing shared variables. We have applied our techniques to the Daisy test bench and shown the existence of several bugs.

[1]  Kenneth L. McMillan,et al.  Symbolic model checking , 1992 .

[2]  Cormac Flanagan,et al.  Automatic Software Model Checking Using CLP , 2003, ESOP.

[3]  Sriram K. Rajamani,et al.  Sound Transaction-Based Reduction Without Cycle Detection , 2005, SPIN.

[4]  Daniel Kroening,et al.  Symbolic Model Checking for Asynchronous Boolean Programs , 2005, SPIN.

[5]  Yichen Xie,et al.  Zing: Exploiting Program Structure for Model Checking Concurrent Software , 2004, CONCUR.

[6]  Flavio Lerda,et al.  Symbolic Model Checking of Software , 2003, SoftMC@CAV.

[7]  Robert K. Brayton,et al.  Partial-Order Reduction in Symbolic State-Space Exploration , 2001, Formal Methods Syst. Des..

[8]  Patrice Godefroid,et al.  Partial-Order Methods for the Verification of Concurrent Systems , 1996, Lecture Notes in Computer Science.

[9]  Scott D. Stoller,et al.  Optimistic Synchronization-Based State-Space Reduction , 2003, TACAS.

[10]  Cormac Flanagan,et al.  Transactions for Software Model Checking , 2003, SoftMC@CAV.

[11]  Doron A. Peled,et al.  Static Partial Order Reduction , 1998, TACAS.

[12]  Patrice Godefroid,et al.  Dynamic partial-order reduction for model checking software , 2005, POPL '05.

[13]  Scott D. Stoller,et al.  Model-checking multi-threaded distributed Java programs , 2000, International Journal on Software Tools for Technology Transfer.

[14]  Ofer Strichman,et al.  Proof-guided underapproximation-widening for multi-process systems , 2005, POPL '05.

[15]  Kenneth L. McMillan,et al.  Symbolic model checking: an approach to the state explosion problem , 1992 .

[16]  Keijo Heljanko,et al.  Combining symbolic and partial order methods for model checking 1-safe Petri nets , 2002 .

[17]  Chao Wang,et al.  Model checking C programs using F-Soft , 2005, 2005 International Conference on Computer Design.

[18]  Orna Grumberg,et al.  Bounded Model Checking of Concurrent Programs , 2005, CAV.

[19]  Robert K. Brayton,et al.  Partial-Order Reduction in Symbolic State Space Exploration , 1997, CAV.

[20]  Armin Biere,et al.  Symbolic Model Checking without BDDs , 1999, TACAS.

[21]  Patrice Godefroid,et al.  Model checking for programming languages using VeriSoft , 1997, POPL '97.