Skip to content

CSeq/Overview

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

54 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

A Family of Sequentialization-Based C Verification Tools

Sequentialization is a technique for the analysis of concurrent programs that exploits verification techniques or tools that were originally designed for sequential programs. Sequentialization can be implemented as a code-to-code translation from the concurrent program into a corresponding non-deterministic sequential program that simulates all executions of the original program. The sequential program contains both the mapping of the threads in the form of functions, and an encoding of the scheduler, were the non-determinism allows to handle different concurrent schedules collectively. This approach has three main advantages:

  • a code-to-code translation is typically much easier to implement than a full-fledged analysis tool;
  • it allows designers to focus only on the concurrency aspects of programs, delegating all sequential reasoning to an existing target analysis tool;
  • sequentializations can be designed to target multiple backends for sequential program analysis.

CSeq is a framework that facilitates the development of code-to-code translations for concurrent C programs with POSIX threads based on sequentialization. The following are verification tools that have been developed under the CSeq framework.

LaDR

LaDR (github) is a symbolic static data race detection tool that modifies Lazy-CSeq's code-to-code translation to inject additional code that monitors all accesses to shared memory locations.

Publications:

Downloads:

VeriSmart

VeriSmart is a novel parallel bug-finding framework for concurrent C programs built on top of Lazy-CSeq. It uses a parametrizable code-to-code translation to generate a set of simpler program instances, each capturing a reduced set of the original program's interleavings. These instances are then checked independently in parallel. With a small number of cores it found bugs in the hardest known concurrency benchmarks in a matter of minutes, whereas other dynamic and static tools fail to do so in hours.

Publications:

Downloads:

LazyABS

Lazy-CSeq

Lazy-CSeq is a code-to-code transformation tool that translates a multi-threaded C program into a nondeterministic sequential C program that preserves reachability for all round-robin schedules with a given bound on the number of rounds. It re-uses existing high-performance BMC tools as backends for the sequential verification problem. The translation is carefully designed to introduce very small memory overheads and very few sources of nondeterminism, so that it produces tight SAT/SMT formulae, and is thus very effective in practice. The tool has a script that bundles the translation and the verification.

Publications:

Downloads:

Awards:

Supported backends:

MU-CSeq

MU-CSeq is a code-to-code translation tool for the verification of multi-threaded C programs with POSIX threads. It is based on sequentializing the programs according to a guessed sequence of write operations in the shared memory (memory unwinding, MU). The original algorithm (implemented in MU-CSeq 0.1) stores the values of all shared variables for each write (read-explicit fine-grained MU), which requires multiple copies of the shared variables. Our new algorithms (in MU-CSeq 0.3) store only the writes (read-implicit MU) or only a subset of the writes (coarse-grained MU), which reduces the memory footprint of the unwinding and so allows larger unwinding bounds.

Publications:

Downloads:

Awards:

Supported backends:

UL-CSeq

UL-CSeq is a code-to-code translation tool for the verification of multi-threaded C programs with dynamic thread creation. This tool implements a variation of the lazy sequentialization algorithm implemented in Lazy-CSeq. The main novelty is that UL-CSeq supports an unbounded number of context switches and allow unbounded loops, while the number of allowed threads still remains bounded.

Publications:

Downloads:

Supported backends:

LR-CSeq

LR-CSeq (originally simply called CSeq) is a code-to-code translation tool which implements a novel sequentialization for C programs using POSIX threads, which extends the Lal/Reps sequentialization schema to support dynamic thread creation.

Publications:

Downloads:

Awards:

Supported backends:

Other Publications

  • A Pragmatic Verification Approach for Concurrent Programs. T. Nguyen Lam. PhD Thesis, University of Southampton, 2017. (PDF)
  • Separating computation from communication:: a design approach for concurrent bug finding. E. Tomasco. PhD Thesis, University of Southampton, 2017. (PDF)
  • Bounded Model Checking of Multi-threaded Programs via Sequentialization. O. Inverso. PhD Thesis, University of Southampton, 2015. (PDF)

People

CSeq is developed by:

Funding

This work was partially supported by INDAM-GNCS 2019-2025 and 2021 Visiting Professor grants, by EPSRC grants EP/M008991/1 and EP/P022413/1, by the University of Southampton Scholarship Schemes, by the AWS 2021 Amazon Research Awards, by the MUR projects "Future Artificial Intelligence Research" (FAIR) and "Innovation, digitalization and sustainability for the diffused economy in Central Italy", Spoke 1 MEGHALITIC, VITALITY Ecosystem, by the PRIN projects DREAM (20228FT78M) and PNRR DeLICE (F53D23009130001), by MUR-PNRR VITALITY (ECS00000041), by the MUR projects SOP (Securing sOftware Platforms, CUP: H73C22000890001) as part of the SERICS project (n. PE00000014 - CUP: B43C22000750006), by FARB 2020-2022 grants from Università degli Studi di Salerno, and by the ERASMUS+ International Credit Mobility Project 2024-1-IT02-KA171-HED-000224869.

About

CSeq project overview

Resources

Stars

Watchers

Forks

Contributors