Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Verification under TSO with an infinite Data Domain

Parosh Aziz Abdulla, Mohamed Faouzi Atig, Florian Furbach, Shashwat Garg

TL;DR

This paper studies safety verification for concurrent programs under Total Store Ordering (TSO) when data domains are infinite. It shows that control-state reachability is undecidable in general via a reduction from Lossy Channel Systems with Data (DLCS), motivating the use of context-bounded analysis as a tractable under-approximation. The authors develop a two-step abstraction, AB$(\mathsf{Prog},k)$ to handle unbounded buffers and a domain abstraction using relational information to collapse the infinite data domain, establishing that CB($k$)-Reach[$\mathtt{D}$, $\mathsf{Rl}_{\leq n}$] is PSPACE-complete. This work delineates the boundary between undecidability and practical decidability for verifying weak-memory concurrent programs with unbounded data, and outlines future directions for broader under-approximations and more expressive relations.

Abstract

We examine verification of concurrent programs under the total store ordering (TSO) semantics used by the x86 architecture. In our model, threads manipulate variables over infinite domains and they can check whether variables are related for a range of relations. We show that, in general, the control state reachability problem is undecidable. This result is derived through a reduction from the state reachability problem of lossy channel systems with data (which is known to be undecidable). In the light of this undecidability, we turn our attention to a more tractable variant of the reachability problem. Specifically, we study context bounded runs, which provide an under-approximation of the program behavior by limiting the possible interactions between processes. A run consists of a number of contexts, with each context representing a sequence of steps where a only single designated thread is active. We prove that the control state reachability problem under bounded context switching is PSPACE complete.

Verification under TSO with an infinite Data Domain

TL;DR

This paper studies safety verification for concurrent programs under Total Store Ordering (TSO) when data domains are infinite. It shows that control-state reachability is undecidable in general via a reduction from Lossy Channel Systems with Data (DLCS), motivating the use of context-bounded analysis as a tractable under-approximation. The authors develop a two-step abstraction, AB to handle unbounded buffers and a domain abstraction using relational information to collapse the infinite data domain, establishing that CB()-Reach[, ] is PSPACE-complete. This work delineates the boundary between undecidability and practical decidability for verifying weak-memory concurrent programs with unbounded data, and outlines future directions for broader under-approximations and more expressive relations.

Abstract

We examine verification of concurrent programs under the total store ordering (TSO) semantics used by the x86 architecture. In our model, threads manipulate variables over infinite domains and they can check whether variables are related for a range of relations. We show that, in general, the control state reachability problem is undecidable. This result is derived through a reduction from the state reachability problem of lossy channel systems with data (which is known to be undecidable). In the light of this undecidability, we turn our attention to a more tractable variant of the reachability problem. Specifically, we study context bounded runs, which provide an under-approximation of the program behavior by limiting the possible interactions between processes. A run consists of a number of contexts, with each context representing a sequence of steps where a only single designated thread is active. We prove that the control state reachability problem under bounded context switching is PSPACE complete.
Paper Structure (14 sections, 10 theorems, 1 equation, 5 figures, 1 algorithm)

This paper contains 14 sections, 10 theorems, 1 equation, 5 figures, 1 algorithm.

Table of Contents

  1. Introduction
  2. Related Work
  3. Total Store Order (TSO)
  4. Lamport's Bakery Algorithm
  5. State Reachability for TSO with (Dis)-Equality Relation
  6. Context Bounded Analysis
  7. Lower-bound
  8. PSPACE Upper-bound
  9. Domain Abstraction
  10. Conclusion
  11. Proof of \ref{['thm:undec']}
  12. Definition and Correctness of $\mathsf{Prog}(\mathcal{A}_1\ldots \mathcal{A}_n)$
  13. Proof of \ref{['lem:scbab']}
  14. Proof of \ref{['thm:relAB']}

Key Result

theorem thmcountertheorem

Reach$[ \mathtt{D},\mathsf{Rl} ]$ is undecidable for $\{=,\neq \} \subseteq \mathsf{Rl}$.

Figures (5)

  • Figure 1: The transition relation of TSO. We assume that $\mathsf{St}(t)=q$.
  • Figure 2: The transition relation of DLCS
  • Figure 3: $\mathsf{Prog}(\mathcal{L})$ with threads $t$ (pink states) and $t_{\mathsf{ch}}$ (yellow states).
  • Figure 4: The transition relation $\Delta_{\mathtt{AB}}$ of $\mathtt{AB}(\mathsf{Prog},k )$. Let $\delta=\langle q_a, op, q_b \rangle\in \Delta_{t}$ and $q_\mathtt{AB}=(\mathsf{St},act,j,c,u)$ with $\mathsf{St}(t)=q_a$ and $act(j)=t$.
  • Figure 5: The transition relation of $\mathsf{Rl}_{<}{-}\mathtt{AB}(\mathsf{Prog},k )$. Sets $\mathsf{Rl}$ and $\mathsf{Rl}'$ satisfy (i) equality is an equivalence relation; (ii) disequality holds iff equality does not hold; (iii) $"<"$ is a total order on variables that are not equal.

Theorems & Definitions (14)

  • theorem thmcountertheorem
  • theorem thmcountertheorem: 10.1145/2933575.2934535
  • lemma thmcounterlemma
  • theorem thmcountertheorem
  • lemma thmcounterlemma
  • lemma thmcounterlemma
  • proof
  • lemma thmcounterlemma
  • theorem thmcountertheorem
  • proof
  • ...and 4 more