skip to main content
research-article

Symbolic execution of multithreaded programs from arbitrary program contexts

Published:15 October 2014Publication History
Skip Abstract Section

Abstract

We describe an algorithm to perform symbolic execution of a multithreaded program starting from an arbitrary program context. We argue that this can enable more efficient symbolic exploration of deep code paths in multithreaded programs by allowing the symbolic engine to jump directly to program contexts of interest.

The key challenge is modeling the initial context with reasonable precision - an overly approximate model leads to exploration of many infeasible paths during symbolic execution, while a very precise model would be so expensive to compute that computing it would defeat the purpose of jumping directly to the initial context in the first place. We propose a context-specific dataflow analysis that approximates the initial context cheaply, but precisely enough to avoid some common causes of infeasible-path explosion. This model is necessarily approximate - it may leave portions of the memory state unconstrained, leaving our symbolic execution unable to answer simple questions such as "which thread holds lock A?". For such cases, we describe a novel algorithm for evaluating symbolic synchronization during symbolic execution. Our symbolic execution semantics are sound and complete up to the limits of the underlying SMT solver. We describe initial experiments on an implementation in Cloud 9.

References

  1. T. Bergan. Avoiding State-Space Explosion in Multithreaded Programs with Input-Covering Schedules and Symbolic Execution. PhD thesis, Computer Science Dept., University of Washington, Seattle, WA, March 2014.Google ScholarGoogle Scholar
  2. T. Bergan, L. Ceze, and D. Grossman. Input-Covering Schedules for Multithreaded Programs. In OOPSLA, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. T. Bergan, D. Grossman, and L. Ceze. Symbolic Execution of Multithreaded Programs from Arbitrary Program Contexts. Technical Report UW-CSE-13-08-01, Univ. of Washington.Google ScholarGoogle Scholar
  4. C. Bienia, S. Kumar, J. P. Singh, and K. Li. The PARSEC Benchmark Suite: Characterization and Architectural Implications. In PACT, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. H.-J. Boehm. Simple Garbage-Collector-Safety. In PLDI, 1996. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. H.-J. Boehm and S. Adve. Foundations of the C++ Concurrency Memory Model. In PLDI, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. S. Böhme and M. Moskal. Heaps and Data Structures: A Challenge for Automated Provers. In Proceedings of the 23rd International Conference on Automated Deduction, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. P. Boonstoppel, C. Cadar, and D. Engler. RWset: Attacking Path Explosion in Constraint-Based Test Generation. In TACAS, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. S. Bucur, V. Ureche, C. Zamfir, and G. Candea. Parallel Symbolic Execution for Automated Real-World Software Testing. In EuroSys, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. C. Cadar, D. Dunbar, and D. Engler. KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs. In OSDI, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. S. Chatterjee, S. K. Lahiri, S. Qadeer, and Z. Rakamaric. A Reachability Predicate for Analyzing Low-Level Software. In TACAS, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. A. Cheung, A. Solar-Lezama, and S. Madden. Partial Replay of Long-Running Applications. In FSE, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. V. Chipounov, V. Kuznetsov, and G. Candea. S2E: A Platform for In Vivo Multi-Path Analysis of Software Systems. In ASPLOS, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. K. E. Coons, M. Musuvathi, and K. S. McKinley. Bounded Partial-Order Reduction. In OOPSLA, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. I. Dillig, T. Dillig, A. Aiken, and M. Sagiv. Precise and Compact Modular Procedure Summaries for Heap Manipulating Programs. In PLDI, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. L. Effinger-Dean, H.-J. Boehm, P. Joisha, and D. Chakrabarti. Extended Sequential Reasoning for Data-Race-Free Programs. In Workshop on Memory Systems Performance and Correctness, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. B. Elkarablieh, P. Godefroid, and M. Y. Levin. Precise Pointer Reasoning for Dynamic Test Generation. In ISSTA, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. C. Flanagan and P. Godefroid. Dynamic Partial-Order Reduction for Model Checking Software. In POPL, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. V. Ganesh and D. L. Dill. A Decision Procedure for Bit-vectors and Arrays. In CAV, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. P. Godefroid. Compositional Dynamic Test Generation. In POPL, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. P. Godefroid. Micro Execution. In ICSE, 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. P. Godefroid, N. Klarlund, and K. Sen. DART: Directed Automated Random Testing. In PLDI, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. P. Godefroid, M. Y. Levin, and D. Molnar. Automated Whitebox Fuzz Testing. In Network and Distributed System Security Symposium, 2008.Google ScholarGoogle Scholar
  24. P. Godefroid and D. Luchaup. Automatic Partial Loop Summarization in Dynamic Test Generation. In ISSTA, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. T. Hansen, P. Schachte, and H. Sondergaard. State Joining and Splitting for the Symbolic Execution of Binaries. In Intl. Conf. on Runtime Verification (RV), 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. ISO. C Language Standard, ISO/IEC 9899:2011. 2011.Google ScholarGoogle Scholar
  27. S. Khurshid, C. S. Păsăreanu, and W. Visser. Generalized Symbolic Execution for Model Checking and Testing. In TACAS, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. V. Kuznetsov, J. Kinder, S. Bucur, and G. Candea. Efficient State Merging in Symbolic Execution. In PLDI, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. C. Lattner. Macroscopic Data Structure Analysis and Optimization. PhD thesis, Computer Science Dept., University of Illinois at Urbana-Champaign, Urbana, IL, May 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. C. Lattner and V. Adve. LLVM: A Compilation Framework for Lifelong Program Analysis and Transformation. In CGO, 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. Y. Li, Z. Su, L. Wang, and X. Li. Steering Symbolic Execution to Less Traveled Paths. In OOPSLA, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. K.-K. Ma, K. Y. Phang, J. S. Foster, and M. Hicks. Analysis of Multithreaded Programs. In Static Analysis Symposium (SAS), 2011.Google ScholarGoogle Scholar
  33. L. D. Moura and N. Bjørner. Z3: An Efficient SMT Solver. In TACAS, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. M. Musuvathi and S. Qadeer. Iterative Context Bounding for Systematic Testing of Multithreaded Programs. In PLDI, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. C. S. Pasareanu, N. Rungta, and W. Visser. Symbolic Execution with Mixed Concrete-Symbolic Solving. In ISSTA, 2011.Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. S. Qadeer, S. K. Rajamani, and J. Rehof. Summarizing Procedures in Concurrent Programs. In POPL, 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. M. Rinard. Analysis of Multithreaded Programs. In Static Analysis Symposium (SAS), 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. K. Sen, D. Marinov, and G. Agha. CUTE: a Concolic Unit Testing Engine for C. In FSE, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. N. Tillmann and J. de Halleux. Pex - White Box Test Generation for .NET. In Tests and Proofs (TAP), 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. J. Voung, R. Jhala, and S. Lerner. RELAY: Static Race Detection on Millions of Lines of Code. In FSE, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. S. C. Woo, M. Ohara, E. Torrie, J. P. Singh, and A. Gupta. The SPLASH-2 Programs: Characterization and Methodological Considerations. In ISCA, 1995. Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. C. Zamfir, B. Kasikci, J. Kinder, E. Bugnion, and G. Candea. Automated Debugging for Arbitrarily Long Executions. In HotOS, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. Y. Zhang and E. Duesterwald. Barrier Matching for Programs With Textually Unaligned Barriers. In PPoPP, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Symbolic execution of multithreaded programs from arbitrary program contexts

          Recommendations

          Comments

          Login options

          Check if you have access through your login credentials or your institution to get full access on this article.

          Sign in

          Full Access

          • Published in

            cover image ACM SIGPLAN Notices
            ACM SIGPLAN Notices  Volume 49, Issue 10
            OOPSLA '14
            October 2014
            907 pages
            ISSN:0362-1340
            EISSN:1558-1160
            DOI:10.1145/2714064
            • Editor:
            • Andy Gill
            Issue’s Table of Contents
            • cover image ACM Conferences
              OOPSLA '14: Proceedings of the 2014 ACM International Conference on Object Oriented Programming Systems Languages & Applications
              October 2014
              946 pages
              ISBN:9781450325851
              DOI:10.1145/2660193

            Copyright © 2014 ACM

            Publisher

            Association for Computing Machinery

            New York, NY, United States

            Publication History

            • Published: 15 October 2014

            Check for updates

            Qualifiers

            • research-article

          PDF Format

          View or Download as a PDF file.

          PDF

          eReader

          View online with eReader.

          eReader
          About Cookies On This Site

          We use cookies to ensure that we give you the best experience on our website.

          Learn more

          Got it!