Abstract
Reductions that aggregate fine-grained transitions into coarser transitions can significantly reduce the cost of automated verification, by reducing the size of the state space. We propose a reduction that can exploit common synchronization disciplines, such as the use of mutual exclusion for accesses to shared data structures. Exploiting them using traditional reduction theorems requires checking that the discipline is followed in the original (i.e., unreduced) system. That check can be prohibitively expensive. This paper presents a reduction that instead requires checking whether the discipline is followed in the reduced system. This check may be much cheaper, because the reachable state space is smaller.
Similar content being viewed by others
Notes
The axioms are equivalent to Kozen's axioms for Kleene algebra [14], plus the three axioms for omega terms.
Magic is the program that has no possible executions (and so satisfies every possible specification). Of course, it cannot be implemented.
Note that \( u_i \) and \( v_i \) can be sums of nondeterministic actions that correspond to individual transitions of process i.
References
G. Brat, K. Havelund, S. Park, and W. Visser, “Model checking programs,” in IEEE Int'l. Conference on Automated Software Engineering (ASE), 2000, pp. 3–12.
E.M. Clarke, Jr., O. Grumberg, and D.A. Peled, Model Checking, MIT Press, 1999.
E. Cohen and L. Lamport, “Reduction in TLA,” in Proc. 9th Int'l. Conference on Concurrency Theory (CONCUR), vol. 1466 of Lecture Notes in Computer Science, Springer-Verlag, 1998, pp. 317–331.
E. Cohen, “Separation and reduction,” in Proc. 5th Int'l. Conference on Mathematics of Program Construction, vol. 1837 of Lecture Notes in Computer Science, Springer-Verlag, 2000.
C. Flanagan and S. Freund, “Detecting race conditions in large programs,” in Workshop on Program Analysis for Software Tools and Engineering (PASTE), ACM Press, 2001, pp. 90–96.
C. Flanagan, S.N. Freund, and S. Qadeer, “Thread-modular verification for shared-memory programs,” in Proc. European Symposium on Programming (ESOP), 2002, pp. 262–277.
C. Flanagan, S. Qadeer, and S. Seshia, “A modular checker for multithreaded programs,” in Proc. 14th Int'l. Conference on Computer-Aided Verification (CAV), vol. 2404 of Lecture Notes in Computer Science, Springer-Verlag, 2002, pp. 180–194.
C. Flanagan and S. Qadeer, “Transactions for software model checking,” in Proc. 2nd Workshop on Software Model Checking, vol. 89(3) of Electronic Notes in Theoretical Computer Science. Elsevier, 2003.
P. Godefroid, Partial-Order Methods for the Verification of Concurrent Systems, vol. 1032 of Lecture Notes in Computer Science. Springer-Verlag, 1996.
P. Godefroid, “Model checking for programming languages using VeriSoft,” in Proc. 24th ACM Symposium on Principles of Programming Languages (POPL), ACM Press, 1997, pp. 174–186.
K. Havelund and T. Pressburger, “Model checking Java programs using Java PathFinder,” Int. J. on Softw. Tools for Technol. Trans., Vol. 2, No. 4, 2000.
G.J. Holzmann, “The Spin model checker,” IEEE Trans. Softw. Engi., Vol. 23, No. 5, pp. 279–295, 1997.
G.J. Holzmann and D. Peled, “An improvement in formal verification,” in Proc. 7th Int'l. Conference on Formal Description Techniques (FORTE ′94), Chapman & Hall, 1995, pp. 197–211.
D. Kozen, “A completeness theorem for Kleene algebras and the algebra of regular events,” Inform. Comput., Vol. 110, No. 2, pp. 366–390, 1994.
R.J. Lipton, “Reduction: A method of proving properties of parallel programs,” Communications of the ACM, Vol. 18, No. 12, pp. 717–721, 1975.
S. Savage, M. Burrows, G. Nelson, P. Sobalvarro, and T.E. Anderson, “Eraser: A dynamic data race detector for multi-threaded programs,” ACM Trans. on Comp. Syst., Vol. 15, No. 4, pp. 391–411, 1997.
S.D. Stoller and E. Cohen, “Optimistic synchronization-based state-space reduction,” in Proceedings of the 9th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS), vol. 2619 of Lecture Notes in Computer Science, Springer-Verlag, 2003, pp. 489–504.
S.D. Stoller, “Model-checking multi-threaded distributed Java programs,” Int. J. on Softw. Tools for Technol. Trans., Vol. 4, No. 1, pp. 71–91, 2002.
A. Valmari, “Stubborn set methods for process algebras,” in D. Peled, V.R. Pratt, and G.J. Holzmann (Eds.), Proc. Workshop on Partial Order Methods in Verification, vol. 29 of DIMACS Series, American Mathematical Society, 1997, pp. 213–231.
C. von Praun and T.R. Gross, “Object race detection,” in Proc. 16th ACM Conference on Object-Oriented Programming, Systems, Languages and Applications (OOPSLA), vol. 36(11) of SIGPLAN Notices, ACM Press, 2001, pp. 70–82.
J. Whaley and M.C. Rinard, “Compositional pointer and escape analysis for Java programs,” in Proc. ACM Conf. on Object-Oriented Programming, Systems, Languages and Applications (OOPSLA), ACM Press, 1999, pp. 187–206.
Acknowledgments
We thank Shaz Qadeer for telling us about exclusive access predicates, Liqiang Wang for doing the experiments with JPF, and Patrice Godefroid for insightful comments about partial-order methods.
Author information
Authors and Affiliations
Corresponding author
Additional information
This work was supported in part by NSF under Grants CCR-9876058, CCR-0205376, and CNS-0509230 and ONR under Grants N00014-01-1-0109 and N00014-02-1-0363.
Rights and permissions
About this article
Cite this article
Stoller, S.D., Cohen, E. Optimistic synchronization-based state-space reduction. Form Method Syst Des 28, 263–289 (2006). https://doi.org/10.1007/s10703-006-0003-4
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10703-006-0003-4