Model checking unbounded concurrent lists
We present a model checking-based method for verifying list-based concurrent set data structures. Concurrent data structures are notorious for being hard to get right and thus, their verification has received significant attention from the verification community. These data structures are unbounded...
Gespeichert in:
| Veröffentlicht in: | International journal on software tools for technology transfer 2016-08, Vol.18 (4), p.375-391 |
|---|---|
| Hauptverfasser: | , , |
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | 391 |
|---|---|
| container_issue | 4 |
| container_start_page | 375 |
| container_title | International journal on software tools for technology transfer |
| container_volume | 18 |
| creator | Sethi, Divjyot Talupur, Muralidhar Malik, Sharad |
| description | We present a model checking-based method for verifying list-based concurrent set data structures. Concurrent data structures are notorious for being hard to get right and thus, their verification has received significant attention from the verification community. These data structures are unbounded in two dimensions: the list size is unbounded and an unbounded number of threads access them. Thus, their model checking requires abstraction to a model bounded in both the dimensions. We first show how the unbounded number of threads can be model checked by reduction to a finite model, while assuming a bounded number of list nodes. In particular, we leverage the CMP (CoMPositional) method which abstracts the unbounded threads by keeping one thread as is (concrete) and abstracting all the other threads to a single environment thread. Next, the method proceeds as a series of iterations where in each iteration the abstraction is model checked and, if a spurious counterexample is observed, refined. This is accomplished by the user by inspecting the returned counterexamples. If the user determines the returned counterexample to be spurious, she adds constraints to the abstraction in the form of lemmas to refine it. Upon addition, these lemmas are also verified for correctness as part of the CMP method. Thus, since these lemmas are verified as well, we show how some of the lemmas required for refinement of this abstract model can be mined automatically using an assertion mining tool, Daikon. Next, we show how the CMP method approach can be extended to the list dimension as well, to fully verify the data structures in both the dimensions. While it is possible to show correctness of these data structures for an unbounded number of threads by keeping one concrete thread and abstracting others, this is not directly possible in the list dimension as the nodes pointed to by the threads change during list traversal. Our method addresses this challenge by constructing an abstraction for which the concrete nodes, i.e., the nodes pointed to by the threads, can change as the thread pointers move with program execution. Further, our method also allows for refinement of this abstraction to prove properties of interest. We show the soundness of our method and establish its utility by model checking challenging concurrent list-based data structure examples. |
| doi_str_mv | 10.1007/s10009-015-0369-y |
| format | Article |
| fullrecord | <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_miscellaneous_1904204008</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>4111021231</sourcerecordid><originalsourceid>FETCH-LOGICAL-c349t-ebc28105480e5306508e37f57d79208c75c32a9bf7de37c3158d334f526b28c13</originalsourceid><addsrcrecordid>eNp1kE1LxDAQhoMouK7-AG8FL3qITr6a5CiLX7DiRc-hTdO1azdZk_aw_94sFRHBy8wwPO8wPAidE7gmAPIm5QoaAxEYWKnx7gDNCGcMU6nk4c8s9TE6SWkNQGQp9QxdPYfG9YV9d_aj86ti9HUYfeOawgZvxxidH4q-S0M6RUdt1Sd39t3n6O3-7nXxiJcvD0-L2yW2jOsBu9pSRUBwBU4wKAUox2QrZCM1BWWlsIxWum5lk_eWEaEaxngraFlTZQmbo8vp7jaGz9GlwWy6ZF3fV96FMRmigVPgACqjF3_QdRijz98ZooByorSimSITZWNIKbrWbGO3qeLOEDB7eWaSZ7I8s5dndjlDp0zKrF-5-Ovyv6EvtG9vrw</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>1802418982</pqid></control><display><type>article</type><title>Model checking unbounded concurrent lists</title><source>Springer Nature - Complete Springer Journals</source><creator>Sethi, Divjyot ; Talupur, Muralidhar ; Malik, Sharad</creator><creatorcontrib>Sethi, Divjyot ; Talupur, Muralidhar ; Malik, Sharad</creatorcontrib><description>We present a model checking-based method for verifying list-based concurrent set data structures. Concurrent data structures are notorious for being hard to get right and thus, their verification has received significant attention from the verification community. These data structures are unbounded in two dimensions: the list size is unbounded and an unbounded number of threads access them. Thus, their model checking requires abstraction to a model bounded in both the dimensions. We first show how the unbounded number of threads can be model checked by reduction to a finite model, while assuming a bounded number of list nodes. In particular, we leverage the CMP (CoMPositional) method which abstracts the unbounded threads by keeping one thread as is (concrete) and abstracting all the other threads to a single environment thread. Next, the method proceeds as a series of iterations where in each iteration the abstraction is model checked and, if a spurious counterexample is observed, refined. This is accomplished by the user by inspecting the returned counterexamples. If the user determines the returned counterexample to be spurious, she adds constraints to the abstraction in the form of lemmas to refine it. Upon addition, these lemmas are also verified for correctness as part of the CMP method. Thus, since these lemmas are verified as well, we show how some of the lemmas required for refinement of this abstract model can be mined automatically using an assertion mining tool, Daikon. Next, we show how the CMP method approach can be extended to the list dimension as well, to fully verify the data structures in both the dimensions. While it is possible to show correctness of these data structures for an unbounded number of threads by keeping one concrete thread and abstracting others, this is not directly possible in the list dimension as the nodes pointed to by the threads change during list traversal. Our method addresses this challenge by constructing an abstraction for which the concrete nodes, i.e., the nodes pointed to by the threads, can change as the thread pointers move with program execution. Further, our method also allows for refinement of this abstraction to prove properties of interest. We show the soundness of our method and establish its utility by model checking challenging concurrent list-based data structure examples.</description><identifier>ISSN: 1433-2779</identifier><identifier>EISSN: 1433-2787</identifier><identifier>DOI: 10.1007/s10009-015-0369-y</identifier><language>eng</language><publisher>Berlin/Heidelberg: Springer Berlin Heidelberg</publisher><subject>Communities ; Computer programs ; Computer Science ; Computers ; Concretes ; Data integrity ; Data structures ; Iterative methods ; Lists ; Mathematical analysis ; Program verification (computers) ; Software ; Software Engineering ; Software Engineering/Programming and Operating Systems ; Spin 2013 ; Theory of Computation</subject><ispartof>International journal on software tools for technology transfer, 2016-08, Vol.18 (4), p.375-391</ispartof><rights>Springer-Verlag Berlin Heidelberg 2015</rights><rights>Springer-Verlag Berlin Heidelberg 2016</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c349t-ebc28105480e5306508e37f57d79208c75c32a9bf7de37c3158d334f526b28c13</citedby><cites>FETCH-LOGICAL-c349t-ebc28105480e5306508e37f57d79208c75c32a9bf7de37c3158d334f526b28c13</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktopdf>$$Uhttps://link.springer.com/content/pdf/10.1007/s10009-015-0369-y$$EPDF$$P50$$Gspringer$$H</linktopdf><linktohtml>$$Uhttps://link.springer.com/10.1007/s10009-015-0369-y$$EHTML$$P50$$Gspringer$$H</linktohtml><link.rule.ids>314,777,781,27905,27906,41469,42538,51300</link.rule.ids></links><search><creatorcontrib>Sethi, Divjyot</creatorcontrib><creatorcontrib>Talupur, Muralidhar</creatorcontrib><creatorcontrib>Malik, Sharad</creatorcontrib><title>Model checking unbounded concurrent lists</title><title>International journal on software tools for technology transfer</title><addtitle>Int J Softw Tools Technol Transfer</addtitle><description>We present a model checking-based method for verifying list-based concurrent set data structures. Concurrent data structures are notorious for being hard to get right and thus, their verification has received significant attention from the verification community. These data structures are unbounded in two dimensions: the list size is unbounded and an unbounded number of threads access them. Thus, their model checking requires abstraction to a model bounded in both the dimensions. We first show how the unbounded number of threads can be model checked by reduction to a finite model, while assuming a bounded number of list nodes. In particular, we leverage the CMP (CoMPositional) method which abstracts the unbounded threads by keeping one thread as is (concrete) and abstracting all the other threads to a single environment thread. Next, the method proceeds as a series of iterations where in each iteration the abstraction is model checked and, if a spurious counterexample is observed, refined. This is accomplished by the user by inspecting the returned counterexamples. If the user determines the returned counterexample to be spurious, she adds constraints to the abstraction in the form of lemmas to refine it. Upon addition, these lemmas are also verified for correctness as part of the CMP method. Thus, since these lemmas are verified as well, we show how some of the lemmas required for refinement of this abstract model can be mined automatically using an assertion mining tool, Daikon. Next, we show how the CMP method approach can be extended to the list dimension as well, to fully verify the data structures in both the dimensions. While it is possible to show correctness of these data structures for an unbounded number of threads by keeping one concrete thread and abstracting others, this is not directly possible in the list dimension as the nodes pointed to by the threads change during list traversal. Our method addresses this challenge by constructing an abstraction for which the concrete nodes, i.e., the nodes pointed to by the threads, can change as the thread pointers move with program execution. Further, our method also allows for refinement of this abstraction to prove properties of interest. We show the soundness of our method and establish its utility by model checking challenging concurrent list-based data structure examples.</description><subject>Communities</subject><subject>Computer programs</subject><subject>Computer Science</subject><subject>Computers</subject><subject>Concretes</subject><subject>Data integrity</subject><subject>Data structures</subject><subject>Iterative methods</subject><subject>Lists</subject><subject>Mathematical analysis</subject><subject>Program verification (computers)</subject><subject>Software</subject><subject>Software Engineering</subject><subject>Software Engineering/Programming and Operating Systems</subject><subject>Spin 2013</subject><subject>Theory of Computation</subject><issn>1433-2779</issn><issn>1433-2787</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2016</creationdate><recordtype>article</recordtype><sourceid>8G5</sourceid><sourceid>ABUWG</sourceid><sourceid>AFKRA</sourceid><sourceid>AZQEC</sourceid><sourceid>BENPR</sourceid><sourceid>CCPQU</sourceid><sourceid>DWQXO</sourceid><sourceid>GNUQQ</sourceid><sourceid>GUQSH</sourceid><sourceid>M2O</sourceid><recordid>eNp1kE1LxDAQhoMouK7-AG8FL3qITr6a5CiLX7DiRc-hTdO1azdZk_aw_94sFRHBy8wwPO8wPAidE7gmAPIm5QoaAxEYWKnx7gDNCGcMU6nk4c8s9TE6SWkNQGQp9QxdPYfG9YV9d_aj86ti9HUYfeOawgZvxxidH4q-S0M6RUdt1Sd39t3n6O3-7nXxiJcvD0-L2yW2jOsBu9pSRUBwBU4wKAUox2QrZCM1BWWlsIxWum5lk_eWEaEaxngraFlTZQmbo8vp7jaGz9GlwWy6ZF3fV96FMRmigVPgACqjF3_QdRijz98ZooByorSimSITZWNIKbrWbGO3qeLOEDB7eWaSZ7I8s5dndjlDp0zKrF-5-Ovyv6EvtG9vrw</recordid><startdate>20160801</startdate><enddate>20160801</enddate><creator>Sethi, Divjyot</creator><creator>Talupur, Muralidhar</creator><creator>Malik, Sharad</creator><general>Springer Berlin Heidelberg</general><general>Springer Nature B.V</general><scope>AAYXX</scope><scope>CITATION</scope><scope>3V.</scope><scope>7SC</scope><scope>7XB</scope><scope>8AL</scope><scope>8AO</scope><scope>8FD</scope><scope>8FE</scope><scope>8FG</scope><scope>8FK</scope><scope>8G5</scope><scope>ABJCF</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>ARAPS</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>GNUQQ</scope><scope>GUQSH</scope><scope>HCIFZ</scope><scope>JQ2</scope><scope>K7-</scope><scope>L6V</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>M0N</scope><scope>M2O</scope><scope>M7S</scope><scope>MBDVC</scope><scope>P5Z</scope><scope>P62</scope><scope>PADUT</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><scope>PTHSS</scope><scope>Q9U</scope></search><sort><creationdate>20160801</creationdate><title>Model checking unbounded concurrent lists</title><author>Sethi, Divjyot ; Talupur, Muralidhar ; Malik, Sharad</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c349t-ebc28105480e5306508e37f57d79208c75c32a9bf7de37c3158d334f526b28c13</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2016</creationdate><topic>Communities</topic><topic>Computer programs</topic><topic>Computer Science</topic><topic>Computers</topic><topic>Concretes</topic><topic>Data integrity</topic><topic>Data structures</topic><topic>Iterative methods</topic><topic>Lists</topic><topic>Mathematical analysis</topic><topic>Program verification (computers)</topic><topic>Software</topic><topic>Software Engineering</topic><topic>Software Engineering/Programming and Operating Systems</topic><topic>Spin 2013</topic><topic>Theory of Computation</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Sethi, Divjyot</creatorcontrib><creatorcontrib>Talupur, Muralidhar</creatorcontrib><creatorcontrib>Malik, Sharad</creatorcontrib><collection>CrossRef</collection><collection>ProQuest Central (Corporate)</collection><collection>Computer and Information Systems Abstracts</collection><collection>ProQuest Central (purchase pre-March 2016)</collection><collection>Computing Database (Alumni Edition)</collection><collection>ProQuest Pharma Collection</collection><collection>Technology Research Database</collection><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>ProQuest Central (Alumni) (purchase pre-March 2016)</collection><collection>Research Library (Alumni Edition)</collection><collection>Materials Science & Engineering Collection</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>Advanced Technologies & Aerospace Collection</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>ProQuest Central Student</collection><collection>Research Library Prep</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Computer Science Collection</collection><collection>Computer Science Database</collection><collection>ProQuest Engineering Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>Computing Database</collection><collection>Research Library</collection><collection>Engineering Database</collection><collection>Research Library (Corporate)</collection><collection>Advanced Technologies & Aerospace Database</collection><collection>ProQuest Advanced Technologies & Aerospace Collection</collection><collection>Research Library China</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><collection>Engineering Collection</collection><collection>ProQuest Central Basic</collection><jtitle>International journal on software tools for technology transfer</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Sethi, Divjyot</au><au>Talupur, Muralidhar</au><au>Malik, Sharad</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Model checking unbounded concurrent lists</atitle><jtitle>International journal on software tools for technology transfer</jtitle><stitle>Int J Softw Tools Technol Transfer</stitle><date>2016-08-01</date><risdate>2016</risdate><volume>18</volume><issue>4</issue><spage>375</spage><epage>391</epage><pages>375-391</pages><issn>1433-2779</issn><eissn>1433-2787</eissn><abstract>We present a model checking-based method for verifying list-based concurrent set data structures. Concurrent data structures are notorious for being hard to get right and thus, their verification has received significant attention from the verification community. These data structures are unbounded in two dimensions: the list size is unbounded and an unbounded number of threads access them. Thus, their model checking requires abstraction to a model bounded in both the dimensions. We first show how the unbounded number of threads can be model checked by reduction to a finite model, while assuming a bounded number of list nodes. In particular, we leverage the CMP (CoMPositional) method which abstracts the unbounded threads by keeping one thread as is (concrete) and abstracting all the other threads to a single environment thread. Next, the method proceeds as a series of iterations where in each iteration the abstraction is model checked and, if a spurious counterexample is observed, refined. This is accomplished by the user by inspecting the returned counterexamples. If the user determines the returned counterexample to be spurious, she adds constraints to the abstraction in the form of lemmas to refine it. Upon addition, these lemmas are also verified for correctness as part of the CMP method. Thus, since these lemmas are verified as well, we show how some of the lemmas required for refinement of this abstract model can be mined automatically using an assertion mining tool, Daikon. Next, we show how the CMP method approach can be extended to the list dimension as well, to fully verify the data structures in both the dimensions. While it is possible to show correctness of these data structures for an unbounded number of threads by keeping one concrete thread and abstracting others, this is not directly possible in the list dimension as the nodes pointed to by the threads change during list traversal. Our method addresses this challenge by constructing an abstraction for which the concrete nodes, i.e., the nodes pointed to by the threads, can change as the thread pointers move with program execution. Further, our method also allows for refinement of this abstraction to prove properties of interest. We show the soundness of our method and establish its utility by model checking challenging concurrent list-based data structure examples.</abstract><cop>Berlin/Heidelberg</cop><pub>Springer Berlin Heidelberg</pub><doi>10.1007/s10009-015-0369-y</doi><tpages>17</tpages></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 1433-2779 |
| ispartof | International journal on software tools for technology transfer, 2016-08, Vol.18 (4), p.375-391 |
| issn | 1433-2779 1433-2787 |
| language | eng |
| recordid | cdi_proquest_miscellaneous_1904204008 |
| source | Springer Nature - Complete Springer Journals |
| subjects | Communities Computer programs Computer Science Computers Concretes Data integrity Data structures Iterative methods Lists Mathematical analysis Program verification (computers) Software Software Engineering Software Engineering/Programming and Operating Systems Spin 2013 Theory of Computation |
| title | Model checking unbounded concurrent lists |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-21T07%3A02%3A19IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Model%20checking%20unbounded%20concurrent%20lists&rft.jtitle=International%20journal%20on%20software%20tools%20for%20technology%20transfer&rft.au=Sethi,%20Divjyot&rft.date=2016-08-01&rft.volume=18&rft.issue=4&rft.spage=375&rft.epage=391&rft.pages=375-391&rft.issn=1433-2779&rft.eissn=1433-2787&rft_id=info:doi/10.1007/s10009-015-0369-y&rft_dat=%3Cproquest_cross%3E4111021231%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=1802418982&rft_id=info:pmid/&rfr_iscdi=true |