Abstract
Static assertion checking of open programs requires setting up a precise harness to capture the environment assumptions. For instance, a library may require a file handle to be properly initialized before it is passed into it. A harness is used to set up or specify the appropriate preconditions before invoking methods from the program. In the absence of a precise harness, even the most precise automated static checkers are bound to report numerous false alarms. This often limits the adoption of static assertion checking in the hands of a user.
In this work, we explore the possibility of automatically filtering away (or prioritizing) warnings that result from imprecision in the harness. We limit our attention to the scenario when one is interested in finding bugs due to concurrency. We define a warning to be an interleaved bug when it manifests on an input for which no sequential interleaving produces a warning. As we argue in the paper, limiting a static analysis to only consider interleaved bugs greatly reduces false positives during static concurrency analysis in the presence of an imprecise harness.
We formalize interleaved bugs as a differential analysis between the original program and its sequential version and provide various techniques for finding them. Our implementation CBugs demonstrates that the scheme of finding interleaved bugs can alleviate the need to construct precise harnesses while checking real-life concurrent programs.
Supplemental Material
- R. Alur, P. Cerný, P. Madhusudan, and W. Nam. Synthesis of interface specifications for java classes. In Principles of Programming Languages (POPL '05), pages 98--109, 2005. Google Scholar
Digital Library
- M. Barnett and K. R. M. Leino. Weakest-precondition of unstructured programs. In Program Analysis For Software Tools and Engineering (PASTE '05), pages 82--87, 2005. Google Scholar
Digital Library
- E. Börger, E. Gradel, and Y. Gurevich. The Classical Decision Problem. Springer-Verlag, 1997.Google Scholar
Cross Ref
- S. Burckhardt, C. Dern, M. Musuvathi, and R. Tan. Line-up: a complete and automatic linearizability checker. In Programming Language Design and Implementation (PLDI '10), pages 330--340, 2010. Google Scholar
Digital Library
- J. Burnim, T. Elmas, G. C. Necula, and K. Sen. Ndseq: runtime checking for nondeterministic sequential specifications of parallel correctness. In Programming Language Design and Implementation (PLDI '11), pages 401--414, 2011. Google Scholar
Digital Library
- L. Cordeiro and B. Fischer. Verifying multi-threaded software using smt-based context-bounded model checking. In International Conference on Software Engineering (ICSE '11), pages 331--340, 2011. Google Scholar
Digital Library
- D. Detlefs, G. Nelson, and J. B. Saxe. Simplify: a theorem prover for program checking. J. ACM, 52(3):365--473, 2005. Google Scholar
Digital Library
- E. W. Dijkstra. Guarded commands, nondeterminacy and formal derivation of programs. Communications of the ACM, 18:453--457, 1975. Google Scholar
Digital Library
- I. Dillig, T. Dillig, and A. Aiken. Static error detection using semantic inconsistency inference. In Programming Language Design and Implementation (PLDI '07), pages 435--445, 2007. Google Scholar
Digital Library
- M. Emmi, S. Qadeer, and Z. Rakamaric. Delay-bounded scheduling. In Principles of Programming Languages, pages 411--422, 2011. Google Scholar
Digital Library
- D. R. Engler, D. Y. Chen, and A. Chou. Bugs as inconsistent behavior: A general approach to inferring errors in systems code. In Symposium on Operating Systems Principles (SOSP '01), pages 57--72, 2001. Google Scholar
Digital Library
- M. Herlihy and J. M. Wing. Linearizability: A correctness condition for concurrent objects. ACM Trans. Program. Lang. Syst., 12(3):463--492, 1990. Google Scholar
Digital Library
- R. Jhala and R. Majumdar. Interprocedural analysis of asynchronous programs. In Principles of Programming Languages, pages 339--350, 2007. Google Scholar
Digital Library
- T. Kremenek and D. R. Engler. Z-ranking: Using statistical analysis to counter the impact of static analysis approximations. In Static Analysis Symposium (SAS '03), LNCS 2694, pages 295--315, 2003. Google Scholar
Digital Library
- S. Lahiri, S. Qadeer, and Z. Rakamaric. Static and precise detection of concurrency errors in systems code using SMT solvers. In Computer Aided Verification, 2009. Google Scholar
Digital Library
- K. R. M. Leino, T. D. Millstein, and J. B. Saxe. Generating error traces from verification-condition counterexamples. Sci. Comput. Program., 55(1--3):209--226, 2005. Google Scholar
Digital Library
- Poirot: The Concurrency Sleuth. http://research.microsoft.com/en-us/projects/poirot/.Google Scholar
- K. Sen and M. Viswanathan. Model checking multithreaded programs with asynchronous atomic methods. In Computer Aided Verification, pages 300--314, 2006. Google Scholar
Digital Library
- S. F. Siegel, A. Mironova, G. S. Avrunin, and L. A. Clarke. Using model checking with symbolic execution to verify parallel numerical programs. In International Symposium on Software Testing and Analysis (ISSTA '06), pages 157--168, 2006. Google Scholar
Digital Library
- O. Tkachuk, M. B. Dwyer, and C. S. Pasareanu. Automated environment generation for software model checking. In Automated Software Engineering (ASE '03), pages 116--129, 2003.Google Scholar
Digital Library
- J. W. Voung, R. Jhala, and S. Lerner. Relay: static race detection on millions of lines of code. In Symposium on Foundations of Software Engineering (ESEC/SIGSOFT FSE '07), pages 205--214, 2007. Google Scholar
Digital Library
- Microsoft windows driver kit (WDK). http://www.microsoft.com/whdc/devtools/ddk/default.mspx.Google Scholar
Index Terms
Underspecified harnesses and interleaved bugs
Recommendations
Underspecified harnesses and interleaved bugs
POPL '12: Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languagesStatic assertion checking of open programs requires setting up a precise harness to capture the environment assumptions. For instance, a library may require a file handle to be properly initialized before it is passed into it. A harness is used to set ...
Sound Non-Statistical Clustering of Static Analysis Alarms
We present a sound method for clustering alarms from static analyzers. Our method clusters alarms by discovering sound dependencies between them such that if the dominant alarms of a cluster turns out to be false, all the other alarms in the same ...
Modular verification of concurrent assembly code with dynamic thread creation and termination
ICFP '05: Proceedings of the tenth ACM SIGPLAN international conference on Functional programmingProof-carrying code (PCC) is a general framework that can, in principle, verify safety properties of arbitrary machine-language programs. Existing PCC systems and typed assembly languages, however, can only handle sequential programs. This severely ...







Comments