Concolic Unbounded-Thread Reachability via Loop Summaries
نویسندگان
چکیده
We present a method for accelerating explicit-state backward search algorithms for systems of arbitrarily many finite-state threads. Our method statically analyzes the program executed by the threads for the existence of simple loops. We show how such loops can be collapsed without approximation into Presburger arithmetic constraints that symbolically summarize the effect of executing the backward search algorithm along the loop in the multi-threaded program. As a result, the subsequent explicit-state search does not need to explore the summarized part of the state space. The combination of concrete and symbolic exploration gives our algorithm a concolic flavor. We demonstrate the power of this method for proving and refuting safety properties of unbounded-thread programs.
منابع مشابه
Concolic Unbounded-Thread Reachability via Loop Summaries (Extended Technical Report)
We present a method for accelerating explicit-state backward search algorithms for systems of arbitrarily many finite-state threads. Our method statically analyzes the program executed by the threads for the existence of simple loops. We show how such loops can be collapsed without approximation into Presburger arithmetic constraints that symbolically summarize the effect of executing the backw...
متن کاملUnbounded-Thread Reachability via Symbolic Execution and Loop Acceleration (Technical Report)
We present an approach to parameterized reachability for communicating finite-state threads that formulates the analysis as a satisfiability problem. In addition to the unbounded number of threads, the main challenge for SAT/SMT-based reachability methods is the existence of unbounded loops in the program executed by a thread. We show in this paper how simple loops can be accelerated without ap...
متن کاملDynamic Cutoff Detection in Parameterized Concurrent Programs
We consider the class of finite-state programs executed by an unbounded number of replicated threads communicating via shared variables. The thread-state reachability problem for this class is essential in software verification using predicate abstraction. While this problem is decidable via Petri net coverability analysis, techniques solely based on coverability suffer from the problem’s expon...
متن کاملOn-the-fly Parameterized Boolean Program Exploration
Reachability analysis for replicated Boolean programs run by an unbounded number of threads is decidable in principle via a reduction of the Boolean program families to well-structured transition systems (WSTS). The obtained transition systems would, however, in general be intractably large, due to local state explosion. Basler et al. give an on-the-fly algorithm that solves this problem for Bo...
متن کاملVerification of Boolean programs with unbounded thread creation
Most symbolic software model checkers use abstraction techniques to reduce the verification of infinite-state programs to that of decidable classes. Boolean programs [T. Ball, S.K. Rajamani, Bebop: A symbolic model checker for Boolean programs, in: SPIN 00, in: Lecture Notes in Computer Science, vol. 1885, Springer, 2000, pp. 113–130] are the most popular representation for these abstractions. ...
متن کامل