Abstract
We present a new approach for stateless model checking (SMC) of multithreaded programs under Sequential Consistency (SC) semantics. To combat state-space explosion, SMC is often equipped with a partial-order reduction technique, which defines an equivalence on executions, and only needs to explore one execution in each equivalence class. Recently, it has been observed that the commonly used equivalence of Mazurkiewicz traces can be coarsened but still cover all program crashes and assertion violations. However, for this coarser equivalence, which preserves only the reads-from relation from writes to reads, there is no SMC algorithm which is (i) optimal in the sense that it explores precisely one execution in each reads-from equivalence class, and (ii) efficient in the sense that it spends polynomial effort per class. We present the first SMC algorithm for SC that is both optimal and efficient in practice, meaning that it spends polynomial time per equivalence class on all programs that we have tried. This is achieved by a novel test that checks whether a given reads-from relation can arise in some execution. We have implemented the algorithm by extending Nidhugg, an SMC tool for C/C++ programs, with a new mode called rfsc. Our experimental results show that Nidhugg/rfsc, although slower than the fastest SMC tools in programs where tools happen to examine the same number of executions, always scales similarly or better than them, and outperforms them by an exponential factor in programs where the reads-from equivalence is coarser than the standard one. We also present two non-trivial use cases where the new equivalence is particularly effective, as well as the significant performance advantage that Nidhugg/rfsc offers compared to state-of-the-art SMC and systematic concurrency testing tools.
- Parosh Abdulla, Stavros Aronis, Bengt Jonsson, and Konstantinos Sagonas. 2014. Optimal Dynamic Partial Order Reduction. In Symposium on Principles of Programming Languages (POPL 2014). ACM, New York, NY, USA, 373–384. Google Scholar
Digital Library
- Parosh Aziz Abdulla, Stavros Aronis, Mohamed Faouzi Atig, Bengt Jonsson, Carl Leonardsson, and Konstantinos Sagonas. 2015. Stateless Model Checking for TSO and PSO. In Tools and Algorithms for the Construction and Analysis of Systems (LNCS) , Vol. 9035. Springer, Berlin, Heidelberg, 353–367. Google Scholar
Digital Library
- Parosh Aziz Abdulla, Stavros Aronis, Bengt Jonsson, and Konstantinos Sagonas. 2017. Source Sets: A Foundation for Optimal Dynamic Partial Order Reduction. J. ACM 64, 4, Article 25 (Sept. 2017), 49 pages. Google Scholar
Digital Library
- Parosh Aziz Abdulla, Mohamed Faouzi Atig, Bengt Jonsson, Magnus Lång, Tuan Phong Ngo, and Konstantinos Sagonas. 2019. Optimal Stateless Model Checking for Reads-From Equivalence under Sequential Consistency. Google Scholar
Cross Ref
- Parosh Aziz Abdulla, Mohamed Faouzi Atig, Bengt Jonsson, and Tuan Phong Ngo. 2018. Optimal stateless model checking under the release-acquire semantics. Proc. ACM on Program. Lang. 2, OOPSLA (2018), 135:1–135:29. Google Scholar
Digital Library
- Elvira Albert, Puri Arenas, María García de la Banda, Miguel Gómez-Zamalloa, and Peter J. Stuckey. 2017. Context-Sensitive Dynamic Partial Order Reduction. In Computer Aided Verification (LNCS), Vol. 10426. Springer, Berlin Heidelberg, 526–543. Google Scholar
Cross Ref
- Stavros Aronis, Bengt Jonsson, Magnus Lång, and Konstantinos Sagonas. 2018. Optimal Dynamic Partial Order Reduction with Observers. In Tools and Algorithms for the Construction and Analysis of Systems - 24th International Conference (LNCS) , Vol. 10806. Springer, Cham, 229–248. Google Scholar
Cross Ref
- Ranadeep Biswas and Constantin Enea. 2019. On the Complexity of Checking Transactional Consistency. Proc. ACM on Program. Lang. 3, OOPSLA (2019).Google Scholar
Digital Library
- Sebastian Burckhardt, Pravesh Kothari, Madanlal Musuvathi, and Santosh Nagarakatte. 2010. A Randomized Scheduler with Probabilistic Guarantees of Finding Bugs. In Proceedings of the Fifteenth Edition of ASPLOS on Architectural Support for Programming Languages and Operating Systems (ASPLOS XV) . ACM, New York, NY, USA, 167–178. Google Scholar
Digital Library
- Marek Chalupa, Krishnendu Chatterjee, Andreas Pavlogiannis, Nishant Sinha, and Kapil Vaidya. 2018. Data-centric Dynamic Partial Order Reduction. Proc. ACM on Program. Lang. 2, POPL (2018), 31:1–31:30. Google Scholar
Digital Library
- Maria Christakis, Alkis Gotovos, and Konstantinos Sagonas. 2013. Systematic Testing for Detecting Concurrency Errors in Erlang Programs. In Sixth IEEE International Conference on Software Testing, Verification and Validation (ICST 2013). IEEE, Los Alamitos, CA, USA, 154–163. Google Scholar
Digital Library
- Edmund M. Clarke, Orna Grumberg, Marius Minea, and Doron A. Peled. 1999. State Space Reduction Using Partial Order Techniques. Software Tools for Technology Transfer 2, 3 (1999), 279–287. Google Scholar
Cross Ref
- Javier Esparza and Keijo Heljanko. 2008. Unfoldings - A Partial-Order Approach to Model Checking. Springer. Google Scholar
Cross Ref
- Cormac Flanagan and Patrice Godefroid. 2005. Dynamic partial-order reduction for model checking software. In Principles of Programming Languages, (POPL) . ACM, New York, NY, USA, 110–121. Google Scholar
Digital Library
- Phillip B. Gibbons and Ephraim Korach. 1997. Testing Shared Memories. SIAM J. Comput. 26, 4 (1997), 1208–1244. Google Scholar
Digital Library
- Patrice Godefroid. 1996. Partial-Order Methods for the Verification of Concurrent Systems: An Approach to the State-Explosion Problem . Ph.D. Dissertation. University of Liège. Google Scholar
Cross Ref
- Patrice Godefroid. 1997. Model Checking for Programming Languages using VeriSoft. In Principles of Programming Languages, (POPL) . ACM Press, New York, NY, USA, 174–186. Google Scholar
Digital Library
- Patrice Godefroid. 2005. Software Model Checking: The VeriSoft Approach. Formal Methods in System Design 26, 2 (March 2005), 77–101. Google Scholar
Digital Library
- Patrice Godefroid, Robert Hammer, and Lalita Jagadeesan. 1998. Model Checking Without a Model: An Analysis of the Heart-Beat Monitor of a Telephone Switch using VeriSoft. In Proceedings of the ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA) . ACM, New York, NY, USA, 124–133. Google Scholar
Digital Library
- Matthew Hennessy and Robin Milner. 1980. On Observing Nondeterminism and Concurrency. In Automata, Languages and Programming. ICALP 1980 (LNCS) , Vol. 85. Springer, Berlin, Heidelberg, 299–309. Google Scholar
Cross Ref
- Jeff Huang. 2015. Stateless Model Checking Concurrent Programs with Maximal Causality Reduction. In Proceedings of the 36th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI 2015) . ACM, New York, NY, USA, 165–174. Google Scholar
Digital Library
- Michalis Kokologiannakis, Ori Lahav, Konstantinos Sagonas, and Viktor Vafeiadis. 2018. Effective Stateless Model Checking for C/C++ Concurrency. Proc. ACM on Program. Lang. 2, POPL (2018), 17:1–17:32. Google Scholar
Digital Library
- Michalis Kokologiannakis and Konstantinos Sagonas. 2017. Stateless Model Checking of the Linux Kernel’s Hierarchical Read-Copy-Update (Tree RCU). In Proceedings of International SPIN Symposium on Model Checking of Software (SPIN 2017) . ACM, New York, NY, USA, 172–181. Google Scholar
Digital Library
- Leslie Lamport. 1979. How to make a multiprocessor computer that correctly executes multiprocess programs. IEEE Trans. Comp. 28, 9 (Sept. 1979), 690–691. Google Scholar
Digital Library
- Antoni Mazurkiewicz. 1987. Trace Theory. In Petri Nets: Applications and Relationships to Other Models of Concurrency (LNCS), W. Brauer, W. Reisig, and G. Rozenberg (Eds.), Vol. 255. Springer, Berlin Heidelberg, 279–324. Google Scholar
Cross Ref
- Madanlal Musuvathi, Shaz Qadeer, Thomas Ball, Gérald Basler, Piramanayagam Arumuga Nainar, and Iulian Neamtiu. 2008. Finding and Reproducing Heisenbugs in Concurrent Programs. In Proceedings of the 8th USENIX Symposium on Operating Systems Design and Implementation (OSDI ’08) . USENIX Association, Berkeley, CA, USA, 267–280. http: //dl.acm.org/citation.cfm?id=1855741.1855760Google Scholar
- Brian Norris and Brian Demsky. 2016. A Practical Approach for Model Checking C/C++11 Code. ACM Trans. Program. Lang. Syst. 38, 3, Article 10 (May 2016), 51 pages. Google Scholar
Digital Library
- Doron A. Peled. 1993. All from one, one for all, on model-checking using representatives. In Computer Aided Verification (LNCS) , Vol. 697. Springer-Verlag, London, UK, 409–423. Google Scholar
Cross Ref
- Martin Rinard. 2013. Parallel Synchronization-Free Approximate Data Structure Construction. In Presented as part of the 5th USENIX Workshop on Hot Topics in Parallelism . USENIX Association. https://www.usenix.org/conference/hotpar13/ workshop-program/presentation/RinardGoogle Scholar
- César Rodríguez, Marcelo Sousa, Subodh Sharma, and Daniel Kroening. 2015. Unfolding-based Partial Order Reduction. In 26th International Conference on Concurrency Theory, CONCUR 2015 (LIPIcs) , Vol. 42. Schloss Dagstuhl - Leibniz-Zentrum fuer Informatik, 456–469. Google Scholar
Cross Ref
- Koushik Sen and Gul Agha. 2007. A Race-Detection and Flipping Algorithm for Automated Testing of Multi-threaded Programs. In Hardware and Software, Verification and Testing (LNCS), Vol. 4383. Springer, Berlin Heidelberg, 166–182. Google Scholar
Cross Ref
- Koushik Sen, Grigore Rosu, and Gul Agha. 2005. Detecting Errors in Multithreaded Programs by Generalized Predictive Analysis of Executions. In Formal Methods for Open Object-Based Distributed Systems (LNCS), Vol. 3535. Springer, Berlin Heidelberg, 211–226. Google Scholar
Digital Library
- Traian-Florin Serbanuta, Feng Chen, and Grigore Rosu. 2013. Maximal Causal Models for Sequentially Consistent Systems. In Runtime Verification (RV) (LNCS), Shaz Qadeer and Serdar Tasiran (Eds.), Vol. 7687. Springer, Berlin Heidelberg, 136–150. Google Scholar
Cross Ref
- Arnab Sinha, Sharad Malik, Chao Wang, and Aarti Gupta. 2011. Predictive analysis for detecting serializability violations through Trace Segmentation. In Ninth ACM/IEEE International Conference on Formal Methods and Models for Codesign (MEMOCODE) . IEEE, 99–108. Google Scholar
Digital Library
- SV-COMP. 2019. Competition on Software Verification. https://sv-comp.sosy-lab.org/2019 . [Online; accessed 2019-03-24].Google Scholar
- Paul Thomson, Alastair F. Donaldson, and Adam Betts. 2016. Concurrency Testing Using Controlled Schedulers: An Empirical Study. ACM Trans. Parallel Comput. 2, 4, Article 23 (2016), 37 pages. Google Scholar
Digital Library
- Antti Valmari. 1991. Stubborn Sets for Reduced State Space Generation. In Advances in Petri Nets 1990 (LNCS), Grzegorz Rozenberg (Ed.), Vol. 483. Springer-Verlag, London, UK, 491–515. Google Scholar
Cross Ref
- Liqiang Wang and Scott D. Stoller. 2006. Accurate and efficient runtime detection of atomicity errors in concurrent programs. In ACM SIGPLAN Symposium on Principles and Practice of Parallel Programming (PPoPP). ACM, New York, NY, USA, 137–146. Google Scholar
Digital Library
- Xinhao Yuan, Junfeng Yang, and Ronghui Gu. 2018. Partial Order Aware Concurrency Sampling. In Computer Aided Verification (LNCS) , Vol. 10982. Springer International Publishing, Cham, 317–335. Google Scholar
Cross Ref
- Naling Zhang, Markus Kusano, and Chao Wang. 2015. Dynamic partial order reduction for relaxed memory models. In Programming Language Design and Implementation (PLDI) . ACM, New York, NY, USA, 250–259. Google Scholar
Digital Library
Index Terms
Optimal stateless model checking for reads-from equivalence under sequential consistency
Recommendations
Stateless Model Checking Under a Reads-Value-From Equivalence
Computer Aided VerificationAbstractStateless model checking (SMC) is one of the standard approaches to the verification of concurrent programs. As scheduling non-determinism creates exponentially large spaces of thread interleavings, SMC attempts to partition this space into ...
Fair stateless model checking
PLDI '08Stateless model checking is a useful state-space exploration technique for systematically testing complex real-world software. Existing stateless model checkers are limited to the verification of safety properties on terminating programs. However, ...
A Bounded Model Checking Method for Concurrent Systems in xUML4MC
AIPR '22: Proceedings of the 2022 5th International Conference on Artificial Intelligence and Pattern RecognitionIn response to the problem that software testing cannot satisfy the verification of multi-threaded programs, a visual modeling language (Extending UML for Model Checking, xUML4MC) oriented concurrent program verification method is proposed. The ...






Comments