skip to main content
research-article
Open Access
Artifacts Available
Artifacts Evaluated & Functional

Optimal stateless model checking for reads-from equivalence under sequential consistency

Published:10 October 2019Publication History
Skip Abstract Section

Abstract

We present a new approach for stateless model checking (SMC) of multithreaded programs under Sequential Consistency (SC) semantics. To combat state-space explosion, SMC is often equipped with a partial-order reduction technique, which defines an equivalence on executions, and only needs to explore one execution in each equivalence class. Recently, it has been observed that the commonly used equivalence of Mazurkiewicz traces can be coarsened but still cover all program crashes and assertion violations. However, for this coarser equivalence, which preserves only the reads-from relation from writes to reads, there is no SMC algorithm which is (i) optimal in the sense that it explores precisely one execution in each reads-from equivalence class, and (ii) efficient in the sense that it spends polynomial effort per class. We present the first SMC algorithm for SC that is both optimal and efficient in practice, meaning that it spends polynomial time per equivalence class on all programs that we have tried. This is achieved by a novel test that checks whether a given reads-from relation can arise in some execution. We have implemented the algorithm by extending Nidhugg, an SMC tool for C/C++ programs, with a new mode called rfsc. Our experimental results show that Nidhugg/rfsc, although slower than the fastest SMC tools in programs where tools happen to examine the same number of executions, always scales similarly or better than them, and outperforms them by an exponential factor in programs where the reads-from equivalence is coarser than the standard one. We also present two non-trivial use cases where the new equivalence is particularly effective, as well as the significant performance advantage that Nidhugg/rfsc offers compared to state-of-the-art SMC and systematic concurrency testing tools.

References

  1. Parosh Abdulla, Stavros Aronis, Bengt Jonsson, and Konstantinos Sagonas. 2014. Optimal Dynamic Partial Order Reduction. In Symposium on Principles of Programming Languages (POPL 2014). ACM, New York, NY, USA, 373–384. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Parosh Aziz Abdulla, Stavros Aronis, Mohamed Faouzi Atig, Bengt Jonsson, Carl Leonardsson, and Konstantinos Sagonas. 2015. Stateless Model Checking for TSO and PSO. In Tools and Algorithms for the Construction and Analysis of Systems (LNCS) , Vol. 9035. Springer, Berlin, Heidelberg, 353–367. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Parosh Aziz Abdulla, Stavros Aronis, Bengt Jonsson, and Konstantinos Sagonas. 2017. Source Sets: A Foundation for Optimal Dynamic Partial Order Reduction. J. ACM 64, 4, Article 25 (Sept. 2017), 49 pages. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Parosh Aziz Abdulla, Mohamed Faouzi Atig, Bengt Jonsson, Magnus Lång, Tuan Phong Ngo, and Konstantinos Sagonas. 2019. Optimal Stateless Model Checking for Reads-From Equivalence under Sequential Consistency. Google ScholarGoogle ScholarCross RefCross Ref
  5. Parosh Aziz Abdulla, Mohamed Faouzi Atig, Bengt Jonsson, and Tuan Phong Ngo. 2018. Optimal stateless model checking under the release-acquire semantics. Proc. ACM on Program. Lang. 2, OOPSLA (2018), 135:1–135:29. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Elvira Albert, Puri Arenas, María García de la Banda, Miguel Gómez-Zamalloa, and Peter J. Stuckey. 2017. Context-Sensitive Dynamic Partial Order Reduction. In Computer Aided Verification (LNCS), Vol. 10426. Springer, Berlin Heidelberg, 526–543. Google ScholarGoogle ScholarCross RefCross Ref
  7. Stavros Aronis, Bengt Jonsson, Magnus Lång, and Konstantinos Sagonas. 2018. Optimal Dynamic Partial Order Reduction with Observers. In Tools and Algorithms for the Construction and Analysis of Systems - 24th International Conference (LNCS) , Vol. 10806. Springer, Cham, 229–248. Google ScholarGoogle ScholarCross RefCross Ref
  8. Ranadeep Biswas and Constantin Enea. 2019. On the Complexity of Checking Transactional Consistency. Proc. ACM on Program. Lang. 3, OOPSLA (2019).Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Sebastian Burckhardt, Pravesh Kothari, Madanlal Musuvathi, and Santosh Nagarakatte. 2010. A Randomized Scheduler with Probabilistic Guarantees of Finding Bugs. In Proceedings of the Fifteenth Edition of ASPLOS on Architectural Support for Programming Languages and Operating Systems (ASPLOS XV) . ACM, New York, NY, USA, 167–178. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Marek Chalupa, Krishnendu Chatterjee, Andreas Pavlogiannis, Nishant Sinha, and Kapil Vaidya. 2018. Data-centric Dynamic Partial Order Reduction. Proc. ACM on Program. Lang. 2, POPL (2018), 31:1–31:30. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Maria Christakis, Alkis Gotovos, and Konstantinos Sagonas. 2013. Systematic Testing for Detecting Concurrency Errors in Erlang Programs. In Sixth IEEE International Conference on Software Testing, Verification and Validation (ICST 2013). IEEE, Los Alamitos, CA, USA, 154–163. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Edmund M. Clarke, Orna Grumberg, Marius Minea, and Doron A. Peled. 1999. State Space Reduction Using Partial Order Techniques. Software Tools for Technology Transfer 2, 3 (1999), 279–287. Google ScholarGoogle ScholarCross RefCross Ref
  13. Javier Esparza and Keijo Heljanko. 2008. Unfoldings - A Partial-Order Approach to Model Checking. Springer. Google ScholarGoogle ScholarCross RefCross Ref
  14. Cormac Flanagan and Patrice Godefroid. 2005. Dynamic partial-order reduction for model checking software. In Principles of Programming Languages, (POPL) . ACM, New York, NY, USA, 110–121. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Phillip B. Gibbons and Ephraim Korach. 1997. Testing Shared Memories. SIAM J. Comput. 26, 4 (1997), 1208–1244. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Patrice Godefroid. 1996. Partial-Order Methods for the Verification of Concurrent Systems: An Approach to the State-Explosion Problem . Ph.D. Dissertation. University of Liège. Google ScholarGoogle ScholarCross RefCross Ref
  17. Patrice Godefroid. 1997. Model Checking for Programming Languages using VeriSoft. In Principles of Programming Languages, (POPL) . ACM Press, New York, NY, USA, 174–186. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Patrice Godefroid. 2005. Software Model Checking: The VeriSoft Approach. Formal Methods in System Design 26, 2 (March 2005), 77–101. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Patrice Godefroid, Robert Hammer, and Lalita Jagadeesan. 1998. Model Checking Without a Model: An Analysis of the Heart-Beat Monitor of a Telephone Switch using VeriSoft. In Proceedings of the ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA) . ACM, New York, NY, USA, 124–133. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Matthew Hennessy and Robin Milner. 1980. On Observing Nondeterminism and Concurrency. In Automata, Languages and Programming. ICALP 1980 (LNCS) , Vol. 85. Springer, Berlin, Heidelberg, 299–309. Google ScholarGoogle ScholarCross RefCross Ref
  21. Jeff Huang. 2015. Stateless Model Checking Concurrent Programs with Maximal Causality Reduction. In Proceedings of the 36th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI 2015) . ACM, New York, NY, USA, 165–174. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Michalis Kokologiannakis, Ori Lahav, Konstantinos Sagonas, and Viktor Vafeiadis. 2018. Effective Stateless Model Checking for C/C++ Concurrency. Proc. ACM on Program. Lang. 2, POPL (2018), 17:1–17:32. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Michalis Kokologiannakis and Konstantinos Sagonas. 2017. Stateless Model Checking of the Linux Kernel’s Hierarchical Read-Copy-Update (Tree RCU). In Proceedings of International SPIN Symposium on Model Checking of Software (SPIN 2017) . ACM, New York, NY, USA, 172–181. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Leslie Lamport. 1979. How to make a multiprocessor computer that correctly executes multiprocess programs. IEEE Trans. Comp. 28, 9 (Sept. 1979), 690–691. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Antoni Mazurkiewicz. 1987. Trace Theory. In Petri Nets: Applications and Relationships to Other Models of Concurrency (LNCS), W. Brauer, W. Reisig, and G. Rozenberg (Eds.), Vol. 255. Springer, Berlin Heidelberg, 279–324. Google ScholarGoogle ScholarCross RefCross Ref
  26. Madanlal Musuvathi, Shaz Qadeer, Thomas Ball, Gérald Basler, Piramanayagam Arumuga Nainar, and Iulian Neamtiu. 2008. Finding and Reproducing Heisenbugs in Concurrent Programs. In Proceedings of the 8th USENIX Symposium on Operating Systems Design and Implementation (OSDI ’08) . USENIX Association, Berkeley, CA, USA, 267–280. http: //dl.acm.org/citation.cfm?id=1855741.1855760Google ScholarGoogle Scholar
  27. Brian Norris and Brian Demsky. 2016. A Practical Approach for Model Checking C/C++11 Code. ACM Trans. Program. Lang. Syst. 38, 3, Article 10 (May 2016), 51 pages. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Doron A. Peled. 1993. All from one, one for all, on model-checking using representatives. In Computer Aided Verification (LNCS) , Vol. 697. Springer-Verlag, London, UK, 409–423. Google ScholarGoogle ScholarCross RefCross Ref
  29. Martin Rinard. 2013. Parallel Synchronization-Free Approximate Data Structure Construction. In Presented as part of the 5th USENIX Workshop on Hot Topics in Parallelism . USENIX Association. https://www.usenix.org/conference/hotpar13/ workshop-program/presentation/RinardGoogle ScholarGoogle Scholar
  30. César Rodríguez, Marcelo Sousa, Subodh Sharma, and Daniel Kroening. 2015. Unfolding-based Partial Order Reduction. In 26th International Conference on Concurrency Theory, CONCUR 2015 (LIPIcs) , Vol. 42. Schloss Dagstuhl - Leibniz-Zentrum fuer Informatik, 456–469. Google ScholarGoogle ScholarCross RefCross Ref
  31. Koushik Sen and Gul Agha. 2007. A Race-Detection and Flipping Algorithm for Automated Testing of Multi-threaded Programs. In Hardware and Software, Verification and Testing (LNCS), Vol. 4383. Springer, Berlin Heidelberg, 166–182. Google ScholarGoogle ScholarCross RefCross Ref
  32. Koushik Sen, Grigore Rosu, and Gul Agha. 2005. Detecting Errors in Multithreaded Programs by Generalized Predictive Analysis of Executions. In Formal Methods for Open Object-Based Distributed Systems (LNCS), Vol. 3535. Springer, Berlin Heidelberg, 211–226. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Traian-Florin Serbanuta, Feng Chen, and Grigore Rosu. 2013. Maximal Causal Models for Sequentially Consistent Systems. In Runtime Verification (RV) (LNCS), Shaz Qadeer and Serdar Tasiran (Eds.), Vol. 7687. Springer, Berlin Heidelberg, 136–150. Google ScholarGoogle ScholarCross RefCross Ref
  34. Arnab Sinha, Sharad Malik, Chao Wang, and Aarti Gupta. 2011. Predictive analysis for detecting serializability violations through Trace Segmentation. In Ninth ACM/IEEE International Conference on Formal Methods and Models for Codesign (MEMOCODE) . IEEE, 99–108. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. SV-COMP. 2019. Competition on Software Verification. https://sv-comp.sosy-lab.org/2019 . [Online; accessed 2019-03-24].Google ScholarGoogle Scholar
  36. Paul Thomson, Alastair F. Donaldson, and Adam Betts. 2016. Concurrency Testing Using Controlled Schedulers: An Empirical Study. ACM Trans. Parallel Comput. 2, 4, Article 23 (2016), 37 pages. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. Antti Valmari. 1991. Stubborn Sets for Reduced State Space Generation. In Advances in Petri Nets 1990 (LNCS), Grzegorz Rozenberg (Ed.), Vol. 483. Springer-Verlag, London, UK, 491–515. Google ScholarGoogle ScholarCross RefCross Ref
  38. Liqiang Wang and Scott D. Stoller. 2006. Accurate and efficient runtime detection of atomicity errors in concurrent programs. In ACM SIGPLAN Symposium on Principles and Practice of Parallel Programming (PPoPP). ACM, New York, NY, USA, 137–146. Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. Xinhao Yuan, Junfeng Yang, and Ronghui Gu. 2018. Partial Order Aware Concurrency Sampling. In Computer Aided Verification (LNCS) , Vol. 10982. Springer International Publishing, Cham, 317–335. Google ScholarGoogle ScholarCross RefCross Ref
  40. Naling Zhang, Markus Kusano, and Chao Wang. 2015. Dynamic partial order reduction for relaxed memory models. In Programming Language Design and Implementation (PLDI) . ACM, New York, NY, USA, 250–259. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Optimal stateless model checking for reads-from equivalence under sequential consistency

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!