Abstract
Writing low-level concurrent code is well known to be challenging and error prone. The widespread deployment of multi-core hardware and the shift towards using low-level concurrent data structures has moved the problem into the mainstream. Finding bugs in such code may require finding a specific bug-revealing thread interleaving out of a huge space of parallel executions. Model-checking is a powerful technique for exhaustively testing code. However, scaling model checking presents a significant challenge. In this paper we present a new and more scalable technique for model checking concurrent code, based on concrete execution. Our technique observes concrete behaviors, builds a model of these behaviors, encodes the model in SAT, and leverages SAT solver technology to find executions that reveal new behaviors. It then runs the new execution, incorporates the newly observed behavior, and repeats the process until it has explored all reachable behaviors. We have implemented a prototype of our approach in the SATCheck tool. Our tool supports both the Total Store Ordering (TSO) and Sequentially Consistent (SC) memory models. We evaulate SATCheck by testing several concurrent data structure implementations and comparing its performance to the original DPOR stateless model checking algorithm implemented in CDSChecker, the source DPOR algorithm implemented in Nidhugg, and CheckFence. Our experiments show that SATCheck scales better than previous approaches while at the same time operating on concrete executions.
Supplemental Material
Available for Download
This archive contains part of the code implementing the OOPSLA 2015 paper "SATCheck: SAT-Directed Stateless Model Checking for SC and TSO". It is formatted as a Vagrant project, which reconstitutes a virtual machine using the included code plus supporting operating system images from the Internet. We have included only the back-end code, which we believe to be relatively stable. The back-end, however, expects instrumented code, which would typically be generated by the front-end (not included here). The complete artifact, including both the front-end and the back-end, can be downloaded from the project website, http://plrg.eecs.uci.edu/satcheck/
- P. Abdulla, S. Aronis, B. Jonsson, and K. Sagonas. Optimal dynamic partial order reduction. In Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, 2014. Google Scholar
Digital Library
- P. A. Abdulla, S. Aronis, M. F. Atig, B. Jonsson, C. Leonardsson, and K. Sagonas. Stateless model checking for TSO and PSO. In Proceedings of the 21st International Conference on Tools and Algorithms for the Construction and Analysis of Systems, 2015.Google Scholar
Digital Library
- M. Batty, M. Dodds, and A. Gotsman. Library abstraction for C/C++ concurrency. In Proceedings of the 40th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, 2013. Google Scholar
Digital Library
- E. D. Berger, T. Yang, T. Liu, and G. Novark. Grace: Safe multithreaded programming for c/c++. In Proceedings of the 24th ACM SIGPLAN Conference on Object Oriented Programming Systems Languages and Applications, 2009. Google Scholar
Digital Library
- J. C. Blanchette, T. Weber, M. Batty, S. Owens, and S. Sarkar. Nitpicking C++ concurrency. In Proceedings of the 13th International ACM SIGPLAN Symposium on Principles and Practices of Declarative Programming, 2011. Google Scholar
Digital Library
- H.-J. Boehm. N3786: Prohibiting “out of thin air” results in C++14. http://www.open-std.org/jtc1/sc22/wg21/ docs/papers/2013/n3786.htm, September 2013.Google Scholar
- H.-J. Boehm and B. Demsky. Outlawing ghosts: Avoiding outof-thin-air results. In Proceedings of the Workshop on Memory Systems Performance and Correctness, 2014. Google Scholar
Digital Library
- H.-J. Boehm et al. N3710: Specifying the absence of “out of thin air” results (LWG2265). http://www.open-std.org/ jtc1/sc22/wg21/docs/papers/2013/n3710.html, August 2013.Google Scholar
- S. Burckhardt, R. Alur, and M. M. K. Martin. Checkfence: Checking consistency of concurrent data types on relaxed memory models. In Proceedings of the 2007 ACM SIGPLAN Conference on Programming Language Design and Implementation, 2007. Google Scholar
Digital Library
- C. Ding, X. Shen, K. Kelsey, C. Tice, R. Huang, and C. Zhang. Software behavior oriented parallelization. In Proceedings of the 28th ACM SIGPLAN Conference on Programming Language Design and Implementation, 2007. Google Scholar
Digital Library
- T. Elmas, S. Qadeer, and S. Tasiran. Goldilocks: A race and transaction-aware Java runtime. In Proceedings of the 2007 ACM SIGPLAN Conference on Programming Language Design and Implementation, 2007. Google Scholar
Digital Library
- T. Elmas, J. Burnim, G. Necula, and K. Sen. CONCURRIT: A domain specific language for reproducing concurrency bugs. In Proceedings of the 34th ACM SIGPLAN Conference on Programming Language Design and Implementation, 2013. Google Scholar
Digital Library
- D. Engler and K. Ashcraft. RacerX: Effective, static detection of race conditions and deadlocks. In Proceedings of the Nineteenth ACM Symposium on Operating Systems Principles, 2003. Google Scholar
Digital Library
- C. Flanagan and S. N. Freund. FastTrack: Efficient and precise dynamic race detection. In Proceedings of the 2009 ACM SIGPLAN Conference on Programming Language Design and Implementation, 2009. Google Scholar
Digital Library
- C. Flanagan and P. Godefroid. Addendum to dynamic partial-order reduction for model checking software. http://users.soe.ucsc.edu/~cormac/papers/ popl05-addendum.pdf.Google Scholar
- C. Flanagan and P. Godefroid. Dynamic partial-order reduction for model checking software. In Proceedings of the Symposium on Principles of Programming Languages, January 2005. Google Scholar
Digital Library
- P. Godefroid. Partial-order methods for the verification of concurrent systems: An approach to the state-explosion problem. Lecture Notes in Computer Science, 1996. Google Scholar
Digital Library
- P. Godefroid. Model checking for programming languages using VeriSoft. In Proceedings of the Symposium on Principles of Programming Languages, 1997. Google Scholar
Digital Library
- G. J. Holzmann. The SPIN Model Checker: Primer and Reference Manual. Addison-Wesley Professional, 1st edition, 2003. Google Scholar
Digital Library
- J. Huang. Stateless model checking concurrent programs with maximal causality reduction. In Proceedings of the 36th ACM SIGPLAN Conference on Programming Language Design and Implementation, 2015. Google Scholar
Digital Library
- B. Lucia, L. Ceze, K. Strauss, S. Qadeer, and H. Boehm. Conflict exceptions: Simplifying concurrent language semantics with precise hardware exceptions for data-races. In Proceedings of the 37th Annual International Symposium on Computer Architecture, 2010. Google Scholar
Digital Library
- M. M. Michael and M. L. Scott. Simple, fast, and practical non-blocking and blocking concurrent queue algorithms. In Proceedings of the Fifteenth Annual ACM Symposium on Principles of Distributed Computing, 1996. Google Scholar
Digital Library
- M. Musuvathi, S. Qadeer, P. A. Nainar, T. Ball, G. Basler, and I. Neamtiu. Finding and reproducing Heisenbugs in concurrent programs. In Proceedings of the 8th Symposium on Operating Systems Design and Implementation, 2008. Google Scholar
Digital Library
- B. Norris and B. Demsky. CDSChecker: Checking concurrent data structures written with C/C++ atomics. In Proceeding of the 28th ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications, October 2013. Google Scholar
Digital Library
- M. Olszewski, J. Ansel, and S. Amarasinghe. Kendo: Efficient deterministic multithreading in software. In Proceedings of the 14th International Conference on Architectural Support for Programming Languages and Operating Systems, 2009. Google Scholar
Digital Library
- S. Savage, M. Burrows, G. Nelson, P. Sobalvarro, and T. Anderson. Eraser: A dynamic data race detector for multithreaded programs. ACM Transactions on Computing Systems, 15:391– 411, Nov. 1997. Google Scholar
Digital Library
- K. Sen, D. Marinov, and G. Agha. CUTE: A concolic unit testing engine for C. In Proceedings of the 10th European Software Engineering Conference Held Jointly with 13th ACM SIGSOFT International Symposium on Foundations of Software Engineering, 2005. Google Scholar
Digital Library
- E. Torlak, M. Vaziri, and J. Dolby. MemSAT: Checking axiomatic specifications of memory models. In Proceedings of the 2010 ACM SIGPLAN Conference on Programming Language Design and Implementation, 2010. Google Scholar
Digital Library
- V. Vafeiadis and C. Narayan. Relaxed separation logic: A program logic for C11 concurrency. In Proceedings of the 2013 ACM SIGPLAN International Conference on Object Oriented Programming Systems Languages and Applications, 2013. Google Scholar
Digital Library
- C. Wang, Y. Yang, A. Gupta, and G. Gopalakrishnan. Dynamic model checking with property driven pruning to detect race conditions. ATVA LNCS, (126–140), 2008. Google Scholar
Digital Library
- A. Williams. Dekker’s algorithm implementation. http:// www.justsoftwaresolutions.co.uk/threading/. Dec. 2012.Google Scholar
- J. Yang, H. Cui, J. Wu, Y. Tang, and G. Hu. Making parallel programs reliable with stable multithreading. Communications of the ACM, 57(3), 2014. Google Scholar
Digital Library
- Y. Yang, X. Chen, G. Gopalakrishnan, and R. M. Kirby. Efficient stateful dynamic partial order reduction. In Proceedings of the 15th International SPIN Workshop on Model Checking Software, 2008. Google Scholar
Digital Library
- Y. Yang, X. Chen, G. Gopalakrishnan, and C. Wang. Automatic discovery of transition symmetry in multithreaded programs using dynamic analysis. In Proceedings of the 16th International SPIN Workshop on Model Checking Software, pages 279–295, 2009. Google Scholar
Digital Library
- N. Zhang, M. Kusano, and C. Wang. Dynamic partial order reduction for relaxed memory models. In Proceedings of the 36th ACM SIGPLAN Conference on Programming Language Design and Implementation, 2015. Google Scholar
Digital Library
Index Terms
SATCheck: SAT-directed stateless model checking for SC and TSO
Recommendations
SATCheck: SAT-directed stateless model checking for SC and TSO
OOPSLA 2015: Proceedings of the 2015 ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and ApplicationsWriting low-level concurrent code is well known to be challenging and error prone. The widespread deployment of multi-core hardware and the shift towards using low-level concurrent data structures has moved the problem into the mainstream. Finding bugs ...
Fair stateless model checking
PLDI '08Stateless model checking is a useful state-space exploration technique for systematically testing complex real-world software. Existing stateless model checkers are limited to the verification of safety properties on terminating programs. However, ...
LTL Model Checking of Parallel Programs with Under-Approximated TSO Memory Model
ACSD '13: Proceedings of the 2013 13th International Conference on Application of Concurrency to System DesignModel checking of parallel programs under relaxed memory models has been so far limited to the verification of safety properties. Tools have been developed to automatically synthesise correct placement of synchronisation primitives to reinstate the ...






Comments