Optimistic Synchronization-Based State-Space Reduction

DOI: 10.1007/3-540-36577-X_36

ABSTRACT Reductions that aggregate fine-grained transitions into coarser transitions can significantly reduce the cost of automated
verification, by reducing the size of the state space. We propose a reduction that can exploit common synchronization disciplines,
such as the use of mutual exclusion for accesses to shared data structures. Exploiting them using traditional reduction theorems
requires checking that the discipline is followed in the original (i.e., unreduced) system. That check can be prohibitively expensive. This paper presents a reduction that instead requires checking
whether the discipline is followed in the reduced system. This check may be much cheaper, because the reachable state space
is smaller.

  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: SystemC is becoming a de-facto standard for the development of embedded systems. Verification of SystemC designs is critical since it can prevent error propagation down to the hardware. SystemC allows for very efficient simulations before synthesizing the RTL description, but formal verification is still at a preliminary stage. Recent works translate SystemC into the input language of finite-state model checkers, but they abstract away relevant semantic aspects, and show limited scalability. In this paper, we approach formal verification of SystemC by reduction to software model checking. We explore two directions. First, we rely on a translation from SystemC to a sequential C program, that contains both the mapping of the SystemC threads in form of C functions, and the coding of relevant semantic aspects (e.g. of the SystemC kernel). In terms of verification, this enables the “off-the-shelf” use of model checking techniques for sequential software, such as lazy abstraction. Second, we propose an approach that exploits the intrinsic structure of SystemC. In particular, each SystemC thread is translated into a separate sequential program and explored with lazy abstraction, while the overall verification is orchestrated by the direct execution of the SystemC scheduler. The technique can be seen as generalizing lazy abstraction to the case of multi-threaded software with exclusive threads and cooperative scheduling. The above approaches have been implemented in a new software model checker. An experimental evaluation carried out on several case studies taken from the SystemC distribution and from the literature demonstrate the potential of the approach.
    Formal Methods in Computer-Aided Design (FMCAD), 2010; 11/2010
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: We present a new symbolic method based on partial order reduction to reduce verification problem size and state space of a multi -threaded concurrent system with shared variables and locks. We combine our method with a pre- vious token-based approach that generates verification con ditions directly with- out a scheduler. For a bounded unrolling of threads, the previous approach adds concurrency constraints between all pairs of global accesses. We introduce the notion of Mutually Atomic Transactions (MAT), i.e., two transactions are mutu- ally atomic when there exists exactly one conflicting shared -access pair between them. We propose to reduce the verification conditions by add ing concurrency constraints only between MATs. Such an approach removes all redundant inter- leavings, thereby, achieves state reduction as well. We guarantee that our MAT- based reduction is both adequate (preserves all the necessary interleavings) and optimal (no redundant interleaving), for a bounded depth analysis. Our experi- mental results show the efficacy of our approach in reducing t he state space and the verification problem sizes by orders of magnitude, and th ereby, improving the overall performance, compared with the state-of-the-art approaches.
    Model Checking Software, 16th International SPIN Workshop, Grenoble, France, June 26-28, 2009. Proceedings; 01/2009
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Serializability is a commonly used correctness condition in concurrent programming. When a concurrent module is serializable, certain other properties of the module can be verified by considering only its sequential executions. In many cases, concurrent modules guarantee serializability by using standard locking protocols, such as tree locking or two-phase locking. Unfortunately, according to the existing literature, verifying that a concurrent module adheres to these protocols requires considering concurrent interleavings. In this paper, we show that adherence to a large class of locking protocols (including tree locking and two-phase locking) can be verified by considering only sequential executions. The main consequence of our results is that in many cases, the (manual or automatic) verification of serializability can itself be done using sequential reasoning .
    ACM SIGPLAN Notices 01/2010; 45(1):31-42. · 0.71 Impact Factor

Full-text (2 Sources)

Available from
May 28, 2014