context-bounded analysis of concurrent queue systems
DESCRIPTION
Context-Bounded Analysis of Concurrent Queue Systems. Gennaro Parlato University of Illinois at Urbana-Champaign Università degli Studi di Salerno Salvatore La Torre (U. Salerno) P. Madhusudan (U. Illinois U-C). Queue Systems. Architecture A node is a process: Finite control - PowerPoint PPT PresentationTRANSCRIPT
1/25
Context-Bounded Analysis of Concurrent Queue Systems
Gennaro Parlato
University of Illinois at Urbana-ChampaignUniversità degli Studi di Salerno
Salvatore La Torre (U. Salerno) P. Madhusudan (U. Illinois U-C)
2/25
Queue Systems Architecture
A node is a process: Finite control Recursive (call-stack)
An edge is a FIFO channel Unbounded capacity
queue Finite message alphabet
Finite shared memory
shared memory
p1
p2
Self-loops not allowed!
3/25
Queue Systems
A configuration
C = ( LS1, ...,LSn, SM, St1, ..., Stn, Q1, ..., Qm )
LSi = local states SM = shared memory Sti = stack content of process pi Qi = content of queue i
An action for a process pi: internal (changes LSi / SM ) push or pop from its own stack send or receive a message from a queue
finite
unbounded
4/25
A natural model
Asynchronous or event-driven programs Multi-core systems
Libasync-smp (Zeldovich et al, USENIX’03) Single-processor systems (e.g. Java, web service
design) Callbacks NesC (Gay et al, PLDI’03)
Distributed systems communicating via FIFO message channels Distributed communication protocols
5/25
Model-Check Queue Systems Reachability problem for queue systems Given a set of global control states T,
is any state in T reachable?
Reachability is undecidable
Weakening the model to tackle undecidability Lossy channels (Abdulla-Jonsson, LICS’93) Model queues as bags (Sen-Viswanathan, CAV’06) (Jhala-Majumdar, POPL’07)
Our contribution: a new way to curb undecidability where queues are modeled accurately
6/25
Bounded context-switch reachability In a context
only one process evolves dequeue only from one queue it can enqueue on all outgoing queues Well-queuing (for recursive processes)
Dequeue only when stack is empty
Bounded context-switch reachability problem Given
kN a set of global control states T,
Is T reachable within k context-switches?
7/25
Context-Bounded analysis for concurrent systems Introduced by
Context-Bounded Model Checking of Concurrent Software (Qadeer-Rehof, TACAS’05)
Experimental results: Large state coverage with few contexts Iterative context bounding for systematic testing of
multithreaded programs (Musuvathi-Qadeer, PLDI’07) CHESS at MSR
Context-bounded analysis for otherwise intractable systems Reachability Analysis of Multithreaded Software with
Asynchronous Communication (Bouajjani-Esparza-Kiefer-Schwoon, FSTTCS’05) Context-Bounded Analysis of Multithreaded Programs with
Dynamic Linked Structures (Bouajjani-Fratani-Qadeer, CAV’07) A Robust Class of Context-Sensitive Languages
(La Torre-P.Madhusudan-Parlato, LICS’07)
8/25
Our Results Bounded Context-Switch Reachability is
decidable for non-recursive queuing processes for well-queuing recursive processes
Precise characterization of architectures that admit a decidable (unbounded) reachability problem with shared memory is undecidable for simple
architectures) no shared memory & well-queuing recursive: directed forest architectures no shared memory & non recursive: underlying undirected graph is a forest Decidability: reduction to BCS reachability problem
9/25
Outline of the talk
Overview
Solving Bounded Context-Switch Reachability
Unbounded context-switching reachability: Precise characterization of decidable architectures
Conclusions
10/25
Bounded-phase multi-stack pushdown automata[La Torre, P.Madhusudan, Parlato, LICS’07)]
finite control
A phase is a sub-run where only A unique stack can be popped all stacks can be pushed onto
Finite set of states Q An initial state qoQ Actions:
internal move push onto one stack pop from one stack
phase-switch phase-switch
RUN phase phase phase
Bounded-Phase Reachability Problem Given
• k N• a set of control states T,
is any state of T reachable with at most k phases?
Theorem Bounded-phase reachability is decidable.
Complexity:• time exponential in Q • double-exponential in k.
Multiply nested structures MSO on multiply nested
structures to MSO on trees Quite complex proof
11/25
Bounded context-switch reachability for Non-Recursive processes
Proof. Reduction to bounded-phase reachability for multi-stack systems. ….
Theorem The bounded context-switch reachability for non-recursive QS is decidable
Complexity:• 2-Exptime in the number of context-switches • Exptime in the size of the system
12/25
Proof (non-recursive case)
We define a MSPS that simulates the QS
Simulation of a context
Sending m to queue q push onto stq Receiving m from q pop from red stack
of a context-switch (p,q) (p’,q’)
Reverse stack q Reverse stack q’
13/25
Proof (recursive case)
Simulate incoming queue andcall-stack using a single stack!
(exploit well-queuing assumption)
14/25
Removing conditions gives undecidability
BCS reachability is undecidable for non well-queuing recursive processes
BCS reachability is undecidable if we allow to dequeuing from two queues in the same context
with only 2 context-switches
p3
q1
q2
p1
p2
15/25
Outline of the talk
Overview
Solving Bounded Context-Switch Reachability
Unbounded context-switching reachability: Precise characterization of decidable architectures
Conclusions
16/25
Decidable Architectures with shared memory is undecidable
p1 p2
With shared memory reachability is undecidable even for simple architectures:
(reduction from the membership problem for Turing machines )
Non-recursive: Two non-recursive processes One queue
Recursive Two recursive processes No queues
p1 p2
s1 s2
17/25
Decidable Architectures recursive processes & no shared memory
Theorem: An architecture admits decidable reachability for well-queuing QSs with no shared memory iff it is a directed forest
Complexity in 2-Exptime in the number of processes in Exptime in the size of the QS
18/25
Decidable Architectures recursive processes & no shared memory
Reachability is decidable on directed forests reduction to bounded context-switch reachability
Fix an order over the processes such that p > parent(p) p1, p2, p3, p4, p5 In the context i process pi evolves
p1
p2
p3 p4
p5
19/25
Undecidable Architectures recursive processes & no shared memory
Reachability is undecidable for all other architectures.
Reduction from the emptiness of the intersection of two CFLs
reduction from the membership problem for Turing machines (even for non-recursive)
p p’
q
p1 p2
q1
q2
p3
q1
q2p2
p1
Precise characterization • Recursive processes• No shared memory
directed forests
20/25
Decidable Architectures non-recursive processes & no shared memory
Theorem:An architecture admits decidable reachability for non-recursive QSs with no shared memory iff the undirected architecture graph is a forest
Complexity: Pspace-complete
21/25
Decidable Architectures non-recursive processes & no shared memory
Reachability is decidable when the undirected underlying graph is a forest
Algorithm1. Reverse edges2. Solvable using bounded context-
switch reachability3. Better solution
bounded size queue (1 message) leads to a Pspace procedure
Complexity: Pspace-complete
p1
p2
q
p2
p1q
22/25
Undecidable Architectures non-recursive processes & no shared memory
Reachability is undecidable when the undirected underlying graph there is a cycle
p1 p2
p1 p2
Precise characterization • Non-recursive processes• No shared memory
undirected architecture graph is a forest
23/25
Outline of the talk
Overview
Solving Bounded Context-Switch Reachability
Unbounded context-switching reachability: Precise characterization of decidable architectures
Conclusions
24/25
Conclusions Bounded Context-Switch Reachability decidable in 2-EXPTIME Unbounded context-switching reachability: Precise characterization of decidable architectures
Undecidable Undecidable
Decidable iff directed forest (in 2-EXPTIME)
Decidable iff undirected forest (Pspace-complete)
Shared Memory
Well-queuingRecursive processes Non-Recursive processes
No Shared Memory
25/25
A Future DirectionPractical algorithm for
- non recursive processes - no-shared memory - undirected forest architectures
We proposed a Pspace algorithm Each queue can be considered only of bounded size (one message)
This can be modeled as a finite state transition system Implementations using standard model checkers (like NuSMV)
Approximate schemes to solve bounded context switchingreachability for recursive queue systems- a la [Jhala-Majumdar,POPL07] for [Sen-Viswanathan:CAV06]