Talks and presentations

Optimal Stateless Model Checking under The Release-Acquire Semantics

November 08, 2018

Talk, OOPSLA'18, Boston, USA

We present a framework for the efficient application of stateless model checking (SMC) to concurrent programs running under the Release-Acquire (RA) fragment of the C/C++11 memory model. Our approach is based on exploring the possible program orders, which define the order in which instructions of a thread are executed, and read-from relations, which specify how reads obtain their values from writes. This is in contrast to previous approaches, which also explore the possible coherence orders, i.e., orderings between conflicting writes. Since unexpected test results such as program crashes or assertion violations depend only on the read-from relation, we avoid a potentially significant source of redundancy. Our framework is based on a novel technique for determining whether a particular read-from relation is feasible under the RA semantics. We define an SMC algorithm which is provably optimal in the sense that it explores each program order and read-from relation exactly once. This optimality result is strictly stronger than previous analogous optimality results, which also take coherence order into account. We have implemented our framework in the tool Tracer. Experiments show that Tracer can be significantly faster than state-of-the-art tools that can handle the RA semantics.

Context-bounded Analysis for POWER

April 27, 2017

Talk, TACAS'17, Uppsala, Sweden

We propose an under-approximate reachability analysis algorithm for programs running under the POWER memory model, in the spirit of the work on context-bounded analysis intitiated by Qadeer et al. in 2005 for detecting bugs in concurrent programs (supposed to be running under the classical SC model). To that end, we first introduce a new notion of context-bounding that is suitable for reasoning about computations under POWER, which generalizes the one defined by Atig et al. in 2011 for the TSO memory model. Then, we provide a polynomial size reduction of the context-bounded state reachability problem under POWER to the same problem under SC: Given an input concurrent program P , our method produces a concurrent program P’ such that, for a fixed number of context switches, running P’ under SC yields the same set of reachable states as running P under POWER. The generated program P’ contains the same number of processes as P, and operates on the same data domain. By leveraging the standard model checker CBMC, we have implemented a prototype tool and applied it on a set of benchmarks, showing the feasibility of our approach.

The Benefits of Duality in Verifying Concurrent Programs under TSO

August 23, 2016

Talk, CONCUR'16, Quebec, Canada

We address the problem of verifying safety properties of concurrent programs running over the Total Store Order (TSO) memory model. Known decision procedures for this model are based on complex encodings of store buffers as lossy channels. These procedures assume that the number of processes is fixed. However, it is important in general to prove correctness of a system/algorithm in a parametric way with an arbitrarily large number of processes. In this paper, we introduce an alternative (yet equivalent) semantics to the classical one for the TSO semantics that is more amenable for efficient algorithmic verification and for extension to parametric verification. For that, we adopt a dual view where load buffers are used instead of store buffers. The flow of information is now from the memory to load buffers. We show that this new semantics allows (1) to simplify drastically the safety analysis under TSO, (2) to obtain a spectacular gain in efficiency and scalability compared to existing procedures, and (3) to extend easily the decision procedure to the parametric case, which allows to obtain a new decidability result, and more importantly, a verification algorithm that is more general and more efficient in practice than the one for bounded instances.

Precise and Sound Automatic Fence Insertion Procedure under PSO

May 14, 2015

Talk, NETYS'15, Agadir, Morocco

We give a sound and complete procedure for fence insertion for concurrent finite-state programs running under the PSO memory model. This model allows “write to read” and “write-to-write” relaxations corresponding to the addition of an unbounded store buffers between processors and the main memory. We introduce a novel machine model, called the Hierarchical Single-Buffer (HSB) semantics, and show that the reachability problem for a program under PSO can be reduced to the reachability problem under HSB. We present a simple and effective backward reachability analysis algorithm for the latter, and propose a counter-example guided fence insertion procedure. The procedure infers automatically a minimal set of fences that ensures correctness of the program. We have implemented a prototype and run it successfully on all standard benchmarks, together with several challenging examples.

The Best of Both Worlds: Trading Efficiency and Optimality in Fence Insertion for TSO

February 24, 2015

Talk, MM'15, Uppsala, Sweden

We present a method for automatic fence insertion in concurrent programs running under weak memory models that provides the best known trade-off between efficiency and optimality. On the one hand, the method can efficiently handle complex aspects of program behaviors such as unbounded buffers and large numbers of processes. On the other hand, it is able to find small sets of fences needed for ensuring correctness of the program. To this end, we propose a novel notion of correctness, called persistence, that compares the behavior of the program under the weak memory semantics with that under the classical interleaving (SC) semantics. We instantiate our framework for the Total Store Ordering (TSO) memory model, and give an algorithm that reduces the fence insertion problem under TSO to the reachability problem for programs running under SC. Furthermore, we provide an abstraction scheme that substantially increases scalability to large numbers of processes. Based on our method, we have implemented a tool and run it successfully on a wide range benchmarks.

Generating Qualified Summarization Answers using Fuzzy Concept Hierarchies

August 28, 2010

Talk, SoICT'10, Hanoi, Vietnam

In this paper, we introduce a partially automated method to generate qualified answers at multiple abstraction levels for database queries. We examine the issues involving data summarization by Attribute-Oriented Induction (AOI) on large databases using fuzzy concept hierarchies. Because a node may have many abstracts, the fuzzy hierarchies become more complex and vaguer than crisp ones. Therefore, we cannot use exactly the original AOI algorithm with crisp hierarchies, applied for fuzzy hierarchies, to get interesting answers. The main contribution of this paper is that we propose a new approach to refine fuzzy hierarchies and evaluate tuple-terminal conditions to reduce noisy tuples. The foundations of our approach are the generalization hierarchy and a new method to estimate tuple quality. We implemented the algorithm in our knowledge discovery system and the experimental results show that the approach is efficient and suitable for knowledge discovery in large databases.