Abstract
We present a criterion for checking local and global deadlock freedom of finite state systems expressed in BIP: a component-based framework for constructing complex distributed systems. Our criterion is evaluated by model-checking a set of subsystems of the overall large system. If satisfied in small subsystems, it implies deadlock-freedom of the overall system. If not satisfied, then we re-evaluate over larger subsystems, which improves the accuracy of the check. When the subsystem being checked becomes the entire system, our criterion becomes complete for deadlock-freedom. Hence our criterion only fails to decide deadlock freedom because of computational limitations: state-space explosion sets in when the subsystems become too large. Our method thus combines the possibility of fast response together with theoretical completeness. Other criteria for deadlock freedom, in contrast, are incomplete in principle, and so may fail to decide deadlock freedom even if unlimited computational resources are available. Also, our criterion certifies freedom from local deadlock, in which a subsystem is deadlocked while the rest of the system executes. Other criteria only certify freedom from global deadlock. We present experimental results for dining philosophers and for a multi-token-based resource allocation system, which subsumes several data arbiters and schedulers, including Milner’s token-based scheduler.
- Parosh Aziz Abdulla, Frédéric Haziza, and Lukás Holík. 2013. All for the price of few. In Proceedings of the International Conference on Verification, Model Checking, and Abstract Interpretation (VMCAI’13). Springer-Verlag, 476--495. Google ScholarDigital Library
- Alessandro Aldini and Marco Bernardo. 2003. A general approach to deadlock freedom verification for software architectures. FME 2805 (2003), 658--677.Google Scholar
- Pedro Antonino, Thomas Gibson-Robinson, and A. W. Roscoe. 2016. Efficient deadlock-freedom checking using local analysis and SAT solving. In Proceedings of the 12th International Conference on Integrated Formal Methods (IFM’16). Springer-Verlag, 345--360. Google ScholarDigital Library
- Paul C. Attie. 2016. Finite-state concurrent programs can be expressed in pairwise normal form. Theor. Comp. Sci. 619 (2016), 1--31. Google ScholarDigital Library
- Paul C. Attie. 2016. Synthesis of large dynamic concurrent programs from dynamic specifications. Formal Methods in System Design 48, 1--2 (2016), 1--54. Google ScholarDigital Library
- Paul C. Attie, Saddek Bensalem, Marius Bozga, Mohamad Jaber, Joseph Sifakis, and Fadi A. Zaraket. 2013. An abstract framework for deadlock prevention in BIP. In Proceedings of the Formal Techniques for Distributed Systems - Joint IFIP WG 6.1 International Conference, FMOODS/FORTE 2013, held as part of the 8th International Federated Conference on Distributed Computing Techniques (DisCoTec’13). Springer-Verlag, 161--177.Google Scholar
- Paul C. Attie and Hana Chockler. 2005. Efficiently verifiable conditions for deadlock freedom of large concurrent programs. In VMCAI (Lecture Notes in Computer Science), Radhia Cousot (Ed.), Vol. 3385. Springer, 465--481. Google ScholarDigital Library
- Paul C. Attie and E. Allen Emerson. 1998. Synthesis of concurrent systems with many similar processes. TOPLAS 20, 1 (Jan. 1998), 51--115. Google ScholarDigital Library
- Paul C. Attie, Nissim Francez, and Orna Grumberg. 1993. Fairness and hyperfairness in multiparty interactions. Distrib. Comput. 6 (1993), 245--254. Google ScholarDigital Library
- Jason Baumgartner and Andreas Kuehlmann. 2004. Enhanced diameter bounding via structural transformation. In Design, Automation and Test in Europe Conference and Exposition (DATE’04). IEEE, 36--41. Google ScholarDigital Library
- Jason Baumgartner, Andreas Kuehlmann, and Jacob A. Abraham. 2002. Property checking via structural analysis. In Computer Aided Verification (CAV’02). Springer-Verlag, 151--165. Google ScholarDigital Library
- Jason Baumgartner and Hari Mony. 2005. Maximal input reduction of sequential netlists via synergistic reparameterization and localization strategies. In Correct Hardware Design and Verification Methods, CHARME. Springer-Verlag, 222--237. Google ScholarDigital Library
- Saddek Bensalem, Andreas Griesmayer, Axel Legay, Thanh-Hung Nguyen, Joseph Sifakis, and Rongjie Yan. 2011. D-finder 2: Towards efficient correctness of incremental design. In NASA Formal Methods. Springer-Verlag, Pasadena, CA, 453--458. Google ScholarDigital Library
- Simon Bliudze and Joseph Sifakis. 2008. The algebra of connectors—structuring interaction in BIP. IEEE Trans. Comput. 57, 10 (2008), 1315--1330. Google ScholarDigital Library
- Borzoo Bonakdarpour, Marius Bozga, Mohamad Jaber, Jean Quilbeuf, and Joseph Sifakis. 2010. From high-level component-based models to distributed implementations. In EMSOFT. ACM, 209--218. Google ScholarDigital Library
- Marius Bozga, Mohamad Jaber, Nikolaos Maris, and Joseph Sifakis. 2012. Modeling dynamic architectures using Dy-BIP. In Software Composition. Springer-Verlag, 1--16. Google ScholarDigital Library
- Stephen Brookes and Andrew William Roscoe. 1991. Deadlock analysis in networks of communicating processes. Distrib. Comput. 4, 4 (1991), 209--230.Google ScholarDigital Library
- Edmund M. Clarke, Robert P. Kurshan, and Helmut Veith. 2010. The localization reduction and counterexample-guided abstraction refinement. In Time for Verification, Essays in Memory of Amir Pnueli. Springer-Verlag, New York, NY, 61--71. Google ScholarDigital Library
- Ariel Cohen and Kedar S. Namjoshi. 2009. Local proofs for global safety properties. Form. Methods Syst. Des. 34, 2 (May 2009), 104--125. Google ScholarDigital Library
- Brian Davey and Hilary Priestly. 2002. Introduction to Lattices and Order. Cambridge University Press, Cambridge, UK.Google Scholar
- Gregor Gössler and Joseph Sifakis. 2003. Component-based construction of deadlock-free systems. In FSTTCS. Springer,420--433.Google Scholar
- Robert P. Kurshan. 1994. Computer-Aided Verification of Coordinating Processes: The Automata-theoretic Approach. Princeton University Press, Princeton, NJ. Google ScholarDigital Library
- Moritz Martens and Mila Majster-Cederbaum. 2012. Deadlock-freedom in component systems with architectural constraints. FMSD 41, 2 (2012), 129--177. Google ScholarDigital Library
- Jeremy Malcolm Randolph Martin. 1996. The Design and Construction of Deadlock-Free Concurrent Systems. Ph.D. Dissertation. The University of Buckingham, Buckingham MK18 1EG, United Kingdom.Google Scholar
- Robin Milner. 1989. Communication and Concurrency. Prentice Hall, New Jersey. Google ScholarDigital Library
- Christos H. Papadimitriou. 1994. Computational Complexity. Addison-Wesley, Boston, MA.Google Scholar
- David Park. 1969. Fixpoint induction and proofs of program properties. Mach. Intell. 5 (1969), 59--78.Google Scholar
- Amir Pnueli, Sitvanit Ruah, and Lenore D. Zuck. 2001. Automatic deductive verification with invisible invariants. In Tools and Algorithms for the Construction and Analysis of Systems, TACAS. Springer-Verlag, Genova, Italy, 82--97. Google ScholarDigital Library
- Andrew William Roscoe and Naiem Dathi. 1987. The pursuit of deadlock freedom. Inf. Comput. 75, 3 (1987), 289--327. Google ScholarDigital Library
- Robert Tarjan. 1972. Depth-first search and linear graph algorithms. SIAM J. Comput. 1, 2 (1972), 146--160.Google ScholarDigital Library
- Rob J. van Glabbeek, Bas Luttik, and Nikola Trcka. 2009. Computation tree logic with deadlock detection. Log. Methods Comp. Sci. 5, 4 (Oct. 2009), 1--24.Google Scholar
Index Terms
- Global and Local Deadlock Freedom in BIP
Recommendations
Certifying deadlock-freedom for BIP models
SCOPES '09: Proceedings of th 12th International Workshop on Software and Compilers for Embedded SystemsThe BIP framework provides a methodology supported by a tool chain for developing software for embedded systems. The design of a BIP system follows the decomposition in behavior, interaction and priority. The first step comprises the division of desired ...
Static lock capabilities for deadlock freedom
TLDI '12: Proceedings of the 8th ACM SIGPLAN workshop on Types in language design and implementationWe present a technique --- lock capabilities --- for statically verifying that multithreaded programs with locks will not deadlock. Most previous work on deadlock prevention requires a strict total order on all locks held simultaneously by a thread, but ...
Freedom from Deadlock of Safe Locking Policies
The usual method for preserving the consistency of a database when accessed (read and updated) concurrently by several transactions, is by locking the transactions according to some locking policy; a locking policy that guarantees the preservation of ...
Comments