Natural proofs for asynchronous programs using almost-synchronous reductions

We consider the problem of provably verifying that an asynchronous message-passing system satisfies its local assertions. We present a novel reduction scheme for asynchronous event-driven programs that finds almost-synchronous invariants - invariants consisting of global states where message buffers are close to empty. The reduction finds almost-synchronous invariants and simultaneously argues that they cover all local states. We show that asynchronous programs often have almost-synchronous invariants and that we can exploit this to build natural proofs that they are correct. We implement our reduction strategy, which is sound and complete, and show that it is more effective in proving programs correct as well as more efficient in finding bugs in several programs, compared to current search strategies which almost always diverge. The high point of our experiments is that our technique can prove the Windows Phone USB Driver written in P [9]correct for the responsiveness property, which was hitherto not provable using state-of-the-art model-checkers.

[1]  P. Madhusudan,et al.  Beyond Message Sequence Graphs , 2001, FSTTCS.

[2]  Salvatore La Torre,et al.  A Robust Class of Context-Sensitive Languages , 2007, 22nd Annual IEEE Symposium on Logic in Computer Science (LICS 2007).

[3]  Stephen F. Siegel Efficient Verification of Halting Properties for MPI Programs with Wildcard Receives , 2005, VMCAI.

[4]  Axel Legay,et al.  TransDPOR: A Novel Dynamic Partial-Order Reduction Technique for Testing Actor Programs , 2012, FMOODS/FORTE.

[5]  Adam Betts,et al.  Concurrency testing using schedule bounding: an empirical study , 2014, PPoPP '14.

[6]  Ahmed Bouajjani,et al.  Bounded phase analysis of message-passing programs , 2012, International Journal on Software Tools for Technology Transfer.

[7]  Madan Musuvathi,et al.  Iterative context bounding for systematic testing of multithreaded programs , 2007, PLDI '07.

[8]  Samik Basu,et al.  Synchronizability for Verification of Asynchronously Communicating Systems , 2012, VMCAI.

[9]  Parosh Aziz Abdulla,et al.  Optimal dynamic partial order reduction , 2014, POPL.

[10]  George S. Avrunin,et al.  Modeling wildcard-free MPI programs for verification , 2005, PPOPP.

[11]  Xiaokang Qiu,et al.  Natural proofs for data structure manipulation in C using separation logic , 2014, PLDI.

[12]  Antti Valmari,et al.  Stubborn sets for reduced state space generation , 1991, Applications and Theory of Petri Nets.

[13]  Patrice Godefroid,et al.  Refining Dependencies Improves Partial-Order Verification Methods (Extended Abstract) , 1993, CAV.

[14]  Patrice Godefroid,et al.  Partial-Order Methods for the Verification of Concurrent Systems , 1996, Lecture Notes in Computer Science.

[15]  Xiaokang Qiu,et al.  Natural proofs for structure, data, and separation , 2013, PLDI.

[16]  Patrice Godefroid,et al.  Dynamic partial-order reduction for model checking software , 2005, POPL '05.

[17]  Thomas A. Henzinger,et al.  Bounded Asynchrony: Concurrency for Modeling Cell-Cell Interactions , 2008, FMSB.

[18]  Rajeev Alur,et al.  Model Checking of Message Sequence Charts , 1999, CONCUR.

[19]  Zvonimir Rakamaric,et al.  Delay-bounded scheduling , 2011, POPL '11.

[20]  Mohamed G. Gouda,et al.  On deadlock detection in systems of communicating finite state machines , 1987 .

[21]  Darko Marinov,et al.  A Framework for State-Space Exploration of Java-Based Actor Programs , 2009, 2009 IEEE/ACM International Conference on Automated Software Engineering.

[22]  Pierre Wolper,et al.  Using partial orders for the efficient verification of deadlock freedom and safety properties , 1991, Formal Methods Syst. Des..

[23]  Darko Marinov,et al.  Evaluating Ordering Heuristics for Dynamic Partial-Order Reduction Techniques , 2010, FASE.

[24]  Cliff B. Jones,et al.  Tentative steps toward a development method for interfering programs , 1983, TOPL.

[25]  Abhishek Udupa,et al.  Depth Bounded Explicit-State Model Checking , 2011, SPIN.

[26]  Patrice Godefroid,et al.  Model checking for programming languages using VeriSoft , 1997, POPL '97.

[27]  Damien Zufferey,et al.  P: safe asynchronous event-driven programming , 2013, PLDI.

[28]  Jakob Rehof,et al.  Zing: A Model Checker for Concurrent Software , 2004, CAV.

[29]  Xiaokang Qiu,et al.  Recursive proofs for inductive tree data-structures , 2012, POPL '12.

[30]  Gennaro Parlato,et al.  The tree width of auxiliary storage , 2011, POPL '11.

[31]  S. Purushothaman Iyer,et al.  Analysis of a class of communicating finite state machines , 1992, Acta Informatica.

[32]  Antti Valmari,et al.  Stubborn sets for reduced state generation , 1991 .

[33]  Parosh Aziz Abdulla,et al.  Verifying Programs with Unreliable Channels , 1996, Inf. Comput..

[34]  Ganesh Gopalakrishnan,et al.  Semantics driven dynamic partial-order reduction of MPI-based parallel programs , 2007, PADTAD '07.

[35]  Salvatore La Torre,et al.  Context-Bounded Analysis of Concurrent Queue Systems , 2008, TACAS.

[36]  Samik Basu,et al.  Choreography conformance via synchronizability , 2011, WWW.

[37]  Mahesh Viswanathan,et al.  Model Checking Multithreaded Programs with Asynchronous Atomic Methods , 2006, CAV.

[38]  S. Purushothaman Iyer,et al.  Data flow analysis of communicating finite state machines , 1991, TOPL.

[39]  P. Madhusudan,et al.  Reasoning about Sequential and Branching Behaviours of Message Sequence Graphs , 2001, ICALP.

[40]  Jakob Rehof,et al.  Context-Bounded Model Checking of Concurrent Software , 2005, TACAS.

[41]  Rupak Majumdar,et al.  Interprocedural analysis of asynchronous programs , 2007, POPL '07.

[42]  Pierre Wolper,et al.  Using partial orders for the efficient verification of deadlock freedom and safety properties , 1991, Formal Methods Syst. Des..

[43]  Anca Muscholl,et al.  Trace Theory , 2011, Encyclopedia of Parallel Computing.

[44]  Daniel Brand,et al.  On Communicating Finite-State Machines , 1983, JACM.

[45]  James R. Larus,et al.  Singularity: rethinking the software stack , 2007, OPSR.

[46]  Dinghao Wu,et al.  KISS: keep it simple and sequential , 2004, PLDI '04.