skip to main content
research-article
Public Access

Stateless model checking with data-race preemption points

Published:19 October 2016Publication History
Skip Abstract Section

Abstract

Stateless model checking is a powerful technique for testing concurrent programs, but suffers from exponential state space explosion when the test input parameters are too large. Several reduction techniques can mitigate this explosion, but even after pruning equivalent interleavings, the state space size is often intractable. Most prior tools are limited to preempting only on synchronization APIs, which reduces the space further, but can miss unsynchronized thread communication bugs. Data race detection, another concurrency testing approach, focuses on suspicious memory access pairs during a single test execution. It avoids concerns of state space size, but may report races that do not lead to observable failures, which jeopardizes a user’s willingness to use the analysis.

We present Quicksand, a new stateless model checking framework which manages the exploration of many state spaces using different preemption points. It uses state space estimation to prioritize jobs most likely to complete in a fixed CPU budget, and it incorporates data-race analysis to add new preemption points on the fly. Preempting threads during a data race’s instructions can automatically classify the race as buggy or benign, and uncovers new bugs not reachable by prior model checkers. It also enables full verification of all possible schedules when every data race is verified as benign within the CPU budget. In our evaluation, Quicksand found 1.25x as many bugs and verified 4.3x as many tests compared to prior model checking approaches.

References

  1. P. Abdulla, S. Aronis, B. Jonsson, and K. Sagonas. Optimal dynamic partial order reduction. In Principles of Programming Languages, POPL ’14, pages 373–384. ACM, 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. S. V. Adve and H.-J. Boehm. Memory models: A case for rethinking parallel languages and hardware. Commun. ACM, 53(8):90–101, Aug. 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. S. V. Adve and K. Gharachorloo. Shared memory consistency models: A tutorial. Computer, 29(12):66–76, Dec. 1996. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. T. Ball, S. Burckhardt, K. E. Coons, M. Musuvathi, and S. Qadeer. Preemption sealing for efficient concurrency testing. In Tools and Algorithms for the Construction and Analysis of Systems, TACAS’10, pages 420–434. Springer-Verlag, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. A. Bessey, K. Block, B. Chelf, A. Chou, B. Fulton, S. Hallem, C. Henri-Gros, A. Kamsky, S. McPeak, and D. Engler. A few billion lines of code later: Using static analysis to find bugs in the real world. Commun. ACM, 53(2):66–75, Feb. 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. P. Bielik, V. Raychev, and M. Vechev. Scalable race detection for Android applications. In Object-Oriented Programming, Systems, Languages, and Applications, OOPSLA 2015, pages 332–348. ACM, 2015. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. B. Blum. Landslide: Systematic dynamic race detection in kernel space. Master’s thesis, Carnegie Mellon University, Pittsburgh, PA, USA, May 2012.Google ScholarGoogle Scholar
  8. B. Blum. Soundness proofs for iterative deepening. Technical Report CMU-PDL-16-103, Carnegie Mellon University, September 2016.Google ScholarGoogle Scholar
  9. H.-J. Boehm. How to miscompile programs with ”benign” data races. In Hot Topics in Parallelism, HotPar’11, pages 3–3. USENIX Association, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. H.-J. Boehm. Position paper: Nondeterminism is unavoidable, but data races are pure evil. In Relaxing Synchronization for Multicore and Manycore Scalability, RACES ’12, pages 9–14. ACM, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. H.-J. Boehm and S. V. Adve. Foundations of the C++ concurrency memory model. In Programming Language Design and Implementation, PLDI ’08, pages 68–78. ACM, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. S. Burckhardt, P. Kothari, M. Musuvathi, and S. Nagarakatte. A randomized scheduler with probabilistic guarantees of finding bugs. In Architectural Support for Programming Languages and Operating Systems, ASPLOS XV, pages 167–178. ACM, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. K. E. Coons, S. Burckhardt, and M. Musuvathi. Gambit: Effective unit testing for concurrency libraries. In Principles and Practice of Parallel Programming, PPoPP ’10, pages 15– 24. ACM, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. K. E. Coons, M. Musuvathi, and K. S. McKinley. Bounded partial-order reduction. In Object Oriented Programming Systems Languages & Applications, OOPSLA ’13, pages 833–848. ACM, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. H. Cui, J. Simsa, Y.-H. Lin, H. Li, B. Blum, X. Xu, J. Yang, G. A. Gibson, and R. E. Bryant. Parrot: A practical runtime for deterministic, stable, and reliable threads. In Symposium on Operating Systems Principles, SOSP ’13, pages 388–405. ACM, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. B. Demsky and P. Lam. SATCheck: SAT-directed stateless model checking for SC and TSO. In Object-Oriented Programming, Systems, Languages, and Applications, OOPSLA 2015, pages 20–36. ACM, 2015. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. D. Eckhardt. Pebbles kernel specification. http://www.cs. cmu.edu/~410-s16/p2/kspec.pdf, 2016.Google ScholarGoogle Scholar
  18. D. Eckhardt. Project 2: User level thread library. http: //www.cs.cmu.edu/~410-s16/p2/thr_lib.pdf, 2016.Google ScholarGoogle Scholar
  19. L. Effinger-Dean, B. Lucia, L. Ceze, D. Grossman, and H.-J. Boehm. Ifrit: Interference-free regions for dynamic datarace detection. In Object Oriented Programming Systems Languages and Applications, OOPSLA ’12, pages 467–484. ACM, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. D. Engler and K. Ashcraft. RacerX: Effective, static detection of race conditions and deadlocks. In Symposium on Operating Systems Principles, SOSP ’03, pages 237–252. ACM, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. J. Erickson, M. Musuvathi, S. Burckhardt, and K. Olynyk. Effective data-race detection for the kernel. In Operating Systems Design and Implementation, OSDI’10, pages 1–16. USENIX Association, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. C. Flanagan and S. N. Freund. Fasttrack: Efficient and precise dynamic race detection. In Programming Language Design and Implementation, PLDI ’09, pages 121–133. ACM, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. C. Flanagan and P. Godefroid. Dynamic partial-order reduction for model checking software. In Principles of Programming Languages, POPL ’05, pages 110–121. ACM, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. P. Fonseca, R. Rodrigues, and B. B. Brandenburg. SKI: Exposing kernel concurrency bugs through systematic schedule exploration. In Operating Systems Design and Implementation, OSDI’14, pages 415–431. USENIX Association, 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. P. Godefroid. VeriSoft: A tool for the automatic analysis of concurrent reactive software. In Computer Aided Verification, CAV ’97, pages 476–479. Springer-Verlag, 1997. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. H. Guo, M. Wu, L. Zhou, G. Hu, J. Yang, and L. Zhang. Practical software model checking via dynamic interface reduction. In Symposium on Operating Systems Principles, SOSP ’11, pages 265–278. ACM, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. G. J. Holzmann. The model checker SPIN. IEEE Transactions on Software Engineering, 23(5):279–295, May 1997. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. C.-H. Hsiao, J. Yu, S. Narayanasamy, Z. Kong, C. L. Pereira, G. A. Pokam, P. M. Chen, and J. Flinn. Race detection for event-driven mobile applications. In Programming Language Design and Implementation, PLDI ’14, pages 326–336. ACM, 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. J. Huang. Stateless model checking concurrent programs with maximal causality reduction. In Programming Language Design and Implementation, PLDI 2015, pages 165–174. ACM, 2015. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. C. S. Jensen, A. Møller, V. Raychev, D. Dimitrov, and M. Vechev. Stateless model checking of event-driven applications. In Object-Oriented Programming, Systems, Languages, and Applications, OOPSLA 2015, pages 57–73. ACM, 2015. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. B. Kasikci, C. Zamfir, and G. Candea. Data races vs. data race bugs: Telling the difference with Portend. In Architectural Support for Programming Languages and Operating Systems, ASPLOS XVII, pages 185–198. ACM, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. C. Killian, J. W. Anderson, R. Jhala, and A. Vahdat. Life, death, and the critical transition: finding liveness bugs in systems code. In Networked Systems Design & Implementation, NSDI’07, pages 18–18. USENIX Association, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. R. E. Korf. Iterative-deepening-A: An optimal admissible tree search. In International Joint Conference on Artificial Intelligence, IJCAI’85, pages 1034–1036. Morgan Kaufmann Publishers Inc., 1985. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. L. Lamport. Time, clocks, and the ordering of events in a distributed system. Commun. ACM, 21(7):558–565, July 1978. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. T. Leesatapornwongsa, M. Hao, P. Joshi, J. F. Lukman, and H. S. Gunawi. SAMC: Semantic-aware model checking for fast discovery of deep bugs in cloud systems. In Operating Systems Design and Implementation, OSDI’14, pages 399– 414. USENIX Association, 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. P. S. Magnusson, M. Christensson, J. Eskilson, D. Forsgren, G. H˚allberg, J. Högberg, F. Larsson, A. Moestedt, and B. Werner. Simics: A full system simulation platform. Computer, 35(2):50–58, Feb. 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. P. Maiya, A. Kanade, and R. Majumdar. Race detection for Android applications. In Programming Language Design and Implementation, PLDI ’14, pages 316–325. ACM, 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. A. Mazurkiewicz. Trace theory. In Advances in Petri Nets 1986, Part II on Petri Nets: Applications and Relationships to Other Models of Concurrency, pages 279–324. Springer-Verlag New York, Inc., 1987.Google ScholarGoogle Scholar
  39. P. McKenney and J. Walpole. What is RCU, fundamentally? https://lwn.net/Articles/262464/, 2007.Google ScholarGoogle Scholar
  40. M. Musuvathi and S. Qadeer. Iterative context bounding for systematic testing of multithreaded programs. In Programming Language Design and Implementation, PLDI ’07, pages 446–455. ACM, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. M. Musuvathi, S. Qadeer, T. Ball, G. Basler, P. A. Nainar, and I. Neamtiu. Finding and reproducing heisenbugs in concurrent programs. In Operating Systems Design and Implementation, OSDI’08, pages 267–280. USENIX Association, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. S. Narayanasamy, Z. Wang, J. Tigani, A. Edwards, and B. Calder. Automatically classifying benign and harmful data races using replay analysis. In Programming Language Design and Implementation, PLDI ’07, pages 22–31. ACM, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. N. Nethercote and J. Seward. Valgrind: a framework for heavyweight dynamic binary instrumentation. In Programming Language Design and Implementation, PLDI ’07, pages 89–100. ACM, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. R. O’Callahan and J.-D. Choi. Hybrid dynamic data race detection. In Principles and Practice of Parallel Programming, PPoPP ’03, pages 167–178. ACM, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. B. Pfaff, A. Romano, and G. Back. The Pintos instructional operating system kernel. In Computer Science Education, SIGCSE ’09, pages 453–457. ACM, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. E. Pozniansky and A. Schuster. Efficient on-the-fly data race detection in multithreaded C++ programs. In Principles and Practice of Parallel Programming, PPoPP ’03, pages 179– 190. ACM, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  47. S. Savage, M. Burrows, G. Nelson, P. Sobalvarro, and T. Anderson. Eraser: A dynamic data race detector for multithreaded programs. ACM Trans. Comput. Syst., 15(4):391– 411, Nov. 1997. Google ScholarGoogle ScholarDigital LibraryDigital Library
  48. K. Sen. Race directed random testing of concurrent programs. In Programming Language Design and Implementation, PLDI ’08, pages 11–21. ACM, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  49. K. Serebryany and T. Iskhodzhanov. ThreadSanitizer: Data race detection in practice. In Workshop on Binary Instrumentation and Applications, WBIA ’09, pages 62–71. ACM, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  50. J. Simsa. Systematic and Scalable Testing of Concurrent Programs. PhD thesis, Carnegie Mellon University, Pittsburgh, PA, USA, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  51. J. Simsa, R. Bryant, and G. Gibson. dBug: Systematic evaluation of distributed systems. In Systems Software Verification, SSV’10, pages 3–3. USENIX Association, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  52. J. Simsa, R. Bryant, G. Gibson, and J. Hickey. Efficient Exploratory Testing of Concurrent Systems. Technical Report CMU-PDL-11-113, Carnegie Mellon University, November 2011.Google ScholarGoogle Scholar
  53. J. Simsa, R. Bryant, and G. Gibson. Runtime estimation and resource allocation for concurrency testing. Technical Report CMU-PDL-12-113, Carnegie Mellon University, December 2012.Google ScholarGoogle Scholar
  54. J. Simsa, R. Bryant, G. Gibson, and J. Hickey. Concurrent systematic testing at scale. Technical Report CMU-PDL-12-101, Carnegie Mellon University, May 2012.Google ScholarGoogle Scholar
  55. Y. Smaragdakis, J. Evans, C. Sadowski, J. Yi, and C. Flanagan. Sound predictive race detection in polynomial time. In Principles of Programming Languages, POPL ’12, pages 387–400. ACM, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  56. P. Thomson, A. F. Donaldson, and A. Betts. Concurrency testing using schedule bounding: An empirical study. In Principles and Practice of Parallel Programming, PPoPP ’14, pages 15–28. ACM, 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  57. J. Yang, T. Chen, M. Wu, Z. Xu, X. Liu, H. Lin, M. Yang, F. Long, L. Zhang, and L. Zhou. MODIST: transparent model checking of unmodified distributed systems. In Networked Systems Design and Implementation, NSDI’09, pages 213– 228. USENIX Association, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  58. Y. Yang, X. Chen, G. Gopalakrishnan, and R. M. Kirby. Efficient stateful dynamic partial order reduction. In Workshop on Model Checking Software, SPIN ’08, pages 288–305. Springer-Verlag, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  59. N. Zhang, M. Kusano, and C. Wang. Dynamic partial order reduction for relaxed memory models. In Programming Language Design and Implementation, PLDI 2015, pages 250– 259. ACM, 2015. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Stateless model checking with data-race preemption points

            Recommendations

            Comments

            Login options

            Check if you have access through your login credentials or your institution to get full access on this article.

            Sign in

            Full Access

            • Published in

              cover image ACM SIGPLAN Notices
              ACM SIGPLAN Notices  Volume 51, Issue 10
              OOPSLA '16
              October 2016
              915 pages
              ISSN:0362-1340
              EISSN:1558-1160
              DOI:10.1145/3022671
              Issue’s Table of Contents
              • cover image ACM Conferences
                OOPSLA 2016: Proceedings of the 2016 ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and Applications
                October 2016
                915 pages
                ISBN:9781450344449
                DOI:10.1145/2983990

              Copyright © 2016 ACM

              Publisher

              Association for Computing Machinery

              New York, NY, United States

              Publication History

              • Published: 19 October 2016

              Check for updates

              Qualifiers

              • research-article

            PDF Format

            View or Download as a PDF file.

            PDF

            eReader

            View online with eReader.

            eReader
            About Cookies On This Site

            We use cookies to ensure that we give you the best experience on our website.

            Learn more

            Got it!