Lost in Abstraction: Monotonicity in Multi-Threaded Programs (Extended Technical Report)

TL;DR

This paper investigates the challenges of maintaining monotonicity in abstracted multi-threaded programs, revealing that common abstractions can break monotonicity and lead to undecidability, but proposes modifications to restore it.

Contribution

It identifies the loss of monotonicity in predicate abstractions of multi-threaded programs and introduces methods to modify abstractions to preserve monotonicity and safety properties.

Findings

Predicate abstraction can break monotonicity in multi-threaded programs.

Safety checking becomes undecidable for certain non-monotone abstractions.

Modified abstractions can restore monotonicity without affecting safety properties.

Abstract

Monotonicity in concurrent systems stipulates that, in any global state, extant system actions remain executable when new processes are added to the state. This concept is not only natural and common in multi-threaded software, but also useful: if every thread's memory is finite, monotonicity often guarantees the decidability of safety property verification even when the number of running threads is unknown. In this paper, we show that the act of obtaining finite-data thread abstractions for model checking can be at odds with monotonicity: Predicate-abstracting certain widely used monotone software results in non-monotone multi-threaded Boolean programs - the monotonicity is lost in the abstraction. As a result, well-established sound and complete safety checking algorithms become inapplicable; in fact, safety checking turns out to be undecidable for the obtained class of unbounded-thread Boolean programs. We demonstrate how the abstract programs can be modified into monotone ones, without affecting safety properties of the non-monotone abstraction. This significantly improves earlier approaches of enforcing monotonicity via overapproximations.