Thread-Modular Model Checking
نویسندگان
چکیده
We present thread-modular model checking, a novel technique for verifying correctness properties of loosely-coupled multithreaded software systems. Thread-modular model checking verifies each thread separately using an automatically inferred environment assumption that abstracts the possible steps of other threads. Separate verification of each thread yields significant space and time savings. Suppose there are n threads, each with a local store of size L, where the threads communicate via a shared global store of size G. If each thread is finite-state (without a stack), the naive model checking algorithm requires O(G.L) space, whereas thread-modular model checking requires only O(n.G.(G + L)) space. If each thread has a stack, the general model checking problem is undecidable, but thread-modular model checking terminates in polyno-
منابع مشابه
Thread-Modular Abstraction Refinement
We present an algorithm called Tar (“Thread-modular Abstraction Refinement”) for model checking safety properties of concurrent software. The Tar algorithm uses thread-modular assume-guarantee reasoning to overcome the exponential complexity in the control state of multithreaded programs. Thread modularity means that Tar explores the state space of one thread at a time, making assumptions about...
متن کاملUsing Model Checking for Verification of Partitioning Properties in Integrated Modular Avionics
Time partitioning is a crucial property for integrated moduIar avionics architectures, particularly those in which applications of different criticalities run on the same processor. In a timepartitioned operating system, the scheduler is responsible for ensuring that the actions of one thread cannot affect other threads' guaranteed access to CPU execution time. However, the large number of vari...
متن کاملAssume-Guarantee Model Checking
We present assume-guarantee model checking, a novel technique for verifying correctness properties of loosely-coupled multithreaded software systems. Assume-guarantee model checking verifies each thread of a multithreaded system separately by constraining the actions of other threads with an automatically inferred environment assumption. Separate verification of each thread allows the enumerati...
متن کاملChecking Concise Specifications for Multithreaded Software
Ensuring the reliability of multithreaded software systems is difficult due to the potential for subtle interactions between threads. Unfortunately, checking tools for such systems do not scale to programs with a large number of threads and procedures. To improve this shortcoming, we present a verification technique that uses concise specifications to analyze large multithreaded programs modula...
متن کاملA Modular Checker for Multithreaded Programs
Designing multithreaded software systems is prone to errors due to the difficulty of reasoning about multiple interleaved threads of control operating on shared data. Static checking, with the potential to analyze the program’s behavior over all execution paths and for all thread interleavings, is a powerful debugging tool. We have built a scalable and expressive static checker called Calvin fo...
متن کامل