research-article

Public Access

Stateless model checking with data-race preemption points

Authors:

Garth GibsonAuthors Info & Claims

OOPSLA 2016: Proceedings of the 2016 ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and Applications

Pages 477 - 493

https://doi.org/10.1145/2983990.2984036

Published: 19 October 2016 Publication History

Abstract

Stateless model checking is a powerful technique for testing concurrent programs, but suffers from exponential state space explosion when the test input parameters are too large. Several reduction techniques can mitigate this explosion, but even after pruning equivalent interleavings, the state space size is often intractable. Most prior tools are limited to preempting only on synchronization APIs, which reduces the space further, but can miss unsynchronized thread communication bugs. Data race detection, another concurrency testing approach, focuses on suspicious memory access pairs during a single test execution. It avoids concerns of state space size, but may report races that do not lead to observable failures, which jeopardizes a user’s willingness to use the analysis.

We present Quicksand, a new stateless model checking framework which manages the exploration of many state spaces using different preemption points. It uses state space estimation to prioritize jobs most likely to complete in a fixed CPU budget, and it incorporates data-race analysis to add new preemption points on the fly. Preempting threads during a data race’s instructions can automatically classify the race as buggy or benign, and uncovers new bugs not reachable by prior model checkers. It also enables full verification of all possible schedules when every data race is verified as benign within the CPU budget. In our evaluation, Quicksand found 1.25x as many bugs and verified 4.3x as many tests compared to prior model checking approaches.

References

[1]

P. Abdulla, S. Aronis, B. Jonsson, and K. Sagonas. Optimal dynamic partial order reduction. In Principles of Programming Languages, POPL ’14, pages 373–384. ACM, 2014.

Digital Library

[2]

S. V. Adve and H.-J. Boehm. Memory models: A case for rethinking parallel languages and hardware. Commun. ACM, 53(8):90–101, Aug. 2010.

Digital Library

[3]

S. V. Adve and K. Gharachorloo. Shared memory consistency models: A tutorial. Computer, 29(12):66–76, Dec. 1996.

Digital Library

[4]

T. Ball, S. Burckhardt, K. E. Coons, M. Musuvathi, and S. Qadeer. Preemption sealing for efficient concurrency testing. In Tools and Algorithms for the Construction and Analysis of Systems, TACAS’10, pages 420–434. Springer-Verlag, 2010.

Digital Library

[5]

A. Bessey, K. Block, B. Chelf, A. Chou, B. Fulton, S. Hallem, C. Henri-Gros, A. Kamsky, S. McPeak, and D. Engler. A few billion lines of code later: Using static analysis to find bugs in the real world. Commun. ACM, 53(2):66–75, Feb. 2010.

Digital Library

[6]

P. Bielik, V. Raychev, and M. Vechev. Scalable race detection for Android applications. In Object-Oriented Programming, Systems, Languages, and Applications, OOPSLA 2015, pages 332–348. ACM, 2015.

Digital Library

[7]

B. Blum. Landslide: Systematic dynamic race detection in kernel space. Master’s thesis, Carnegie Mellon University, Pittsburgh, PA, USA, May 2012.

[8]

B. Blum. Soundness proofs for iterative deepening. Technical Report CMU-PDL-16-103, Carnegie Mellon University, September 2016.

[9]

H.-J. Boehm. How to miscompile programs with ”benign” data races. In Hot Topics in Parallelism, HotPar’11, pages 3–3. USENIX Association, 2011.

Digital Library

[10]

H.-J. Boehm. Position paper: Nondeterminism is unavoidable, but data races are pure evil. In Relaxing Synchronization for Multicore and Manycore Scalability, RACES ’12, pages 9–14. ACM, 2012.

Digital Library

[11]

H.-J. Boehm and S. V. Adve. Foundations of the C++ concurrency memory model. In Programming Language Design and Implementation, PLDI ’08, pages 68–78. ACM, 2008.

Digital Library

[12]

S. Burckhardt, P. Kothari, M. Musuvathi, and S. Nagarakatte. A randomized scheduler with probabilistic guarantees of finding bugs. In Architectural Support for Programming Languages and Operating Systems, ASPLOS XV, pages 167–178. ACM, 2010.

Digital Library

[13]

K. E. Coons, S. Burckhardt, and M. Musuvathi. Gambit: Effective unit testing for concurrency libraries. In Principles and Practice of Parallel Programming, PPoPP ’10, pages 15– 24. ACM, 2010.

Digital Library

[14]

K. E. Coons, M. Musuvathi, and K. S. McKinley. Bounded partial-order reduction. In Object Oriented Programming Systems Languages &#38; Applications, OOPSLA ’13, pages 833–848. ACM, 2013.

Digital Library

[15]

H. Cui, J. Simsa, Y.-H. Lin, H. Li, B. Blum, X. Xu, J. Yang, G. A. Gibson, and R. E. Bryant. Parrot: A practical runtime for deterministic, stable, and reliable threads. In Symposium on Operating Systems Principles, SOSP ’13, pages 388–405. ACM, 2013.

Digital Library

[16]

B. Demsky and P. Lam. SATCheck: SAT-directed stateless model checking for SC and TSO. In Object-Oriented Programming, Systems, Languages, and Applications, OOPSLA 2015, pages 20–36. ACM, 2015.

Digital Library

[17]

D. Eckhardt. Pebbles kernel specification. http://www.cs. cmu.edu/~410-s16/p2/kspec.pdf, 2016.

[18]

D. Eckhardt. Project 2: User level thread library. http: //www.cs.cmu.edu/~410-s16/p2/thr_lib.pdf, 2016.

[19]

L. Effinger-Dean, B. Lucia, L. Ceze, D. Grossman, and H.-J. Boehm. Ifrit: Interference-free regions for dynamic datarace detection. In Object Oriented Programming Systems Languages and Applications, OOPSLA ’12, pages 467–484. ACM, 2012.

Digital Library

[20]

D. Engler and K. Ashcraft. RacerX: Effective, static detection of race conditions and deadlocks. In Symposium on Operating Systems Principles, SOSP ’03, pages 237–252. ACM, 2003.

Digital Library

[21]

J. Erickson, M. Musuvathi, S. Burckhardt, and K. Olynyk. Effective data-race detection for the kernel. In Operating Systems Design and Implementation, OSDI’10, pages 1–16. USENIX Association, 2010.

Digital Library

[22]

C. Flanagan and S. N. Freund. Fasttrack: Efficient and precise dynamic race detection. In Programming Language Design and Implementation, PLDI ’09, pages 121–133. ACM, 2009.

Digital Library

[23]

C. Flanagan and P. Godefroid. Dynamic partial-order reduction for model checking software. In Principles of Programming Languages, POPL ’05, pages 110–121. ACM, 2005.

Digital Library

[24]

P. Fonseca, R. Rodrigues, and B. B. Brandenburg. SKI: Exposing kernel concurrency bugs through systematic schedule exploration. In Operating Systems Design and Implementation, OSDI’14, pages 415–431. USENIX Association, 2014.

Digital Library

[25]

P. Godefroid. VeriSoft: A tool for the automatic analysis of concurrent reactive software. In Computer Aided Verification, CAV ’97, pages 476–479. Springer-Verlag, 1997.

Digital Library

[26]

H. Guo, M. Wu, L. Zhou, G. Hu, J. Yang, and L. Zhang. Practical software model checking via dynamic interface reduction. In Symposium on Operating Systems Principles, SOSP ’11, pages 265–278. ACM, 2011.

Digital Library

[27]

G. J. Holzmann. The model checker SPIN. IEEE Transactions on Software Engineering, 23(5):279–295, May 1997.

Digital Library

[28]

C.-H. Hsiao, J. Yu, S. Narayanasamy, Z. Kong, C. L. Pereira, G. A. Pokam, P. M. Chen, and J. Flinn. Race detection for event-driven mobile applications. In Programming Language Design and Implementation, PLDI ’14, pages 326–336. ACM, 2014.

Digital Library

[29]

J. Huang. Stateless model checking concurrent programs with maximal causality reduction. In Programming Language Design and Implementation, PLDI 2015, pages 165–174. ACM, 2015.

Digital Library

[30]

C. S. Jensen, A. Møller, V. Raychev, D. Dimitrov, and M. Vechev. Stateless model checking of event-driven applications. In Object-Oriented Programming, Systems, Languages, and Applications, OOPSLA 2015, pages 57–73. ACM, 2015.

Digital Library

[31]

B. Kasikci, C. Zamfir, and G. Candea. Data races vs. data race bugs: Telling the difference with Portend. In Architectural Support for Programming Languages and Operating Systems, ASPLOS XVII, pages 185–198. ACM, 2012.

Digital Library

[32]

C. Killian, J. W. Anderson, R. Jhala, and A. Vahdat. Life, death, and the critical transition: finding liveness bugs in systems code. In Networked Systems Design & Implementation, NSDI’07, pages 18–18. USENIX Association, 2007.

Digital Library

[33]

R. E. Korf. Iterative-deepening-A: An optimal admissible tree search. In International Joint Conference on Artificial Intelligence, IJCAI’85, pages 1034–1036. Morgan Kaufmann Publishers Inc., 1985.

Digital Library

[34]

L. Lamport. Time, clocks, and the ordering of events in a distributed system. Commun. ACM, 21(7):558–565, July 1978.

Digital Library

[35]

T. Leesatapornwongsa, M. Hao, P. Joshi, J. F. Lukman, and H. S. Gunawi. SAMC: Semantic-aware model checking for fast discovery of deep bugs in cloud systems. In Operating Systems Design and Implementation, OSDI’14, pages 399– 414. USENIX Association, 2014.

Digital Library

[36]

P. S. Magnusson, M. Christensson, J. Eskilson, D. Forsgren, G. H˚allberg, J. Högberg, F. Larsson, A. Moestedt, and B. Werner. Simics: A full system simulation platform. Computer, 35(2):50–58, Feb. 2002.

Digital Library

[37]

P. Maiya, A. Kanade, and R. Majumdar. Race detection for Android applications. In Programming Language Design and Implementation, PLDI ’14, pages 316–325. ACM, 2014.

Digital Library

[38]

A. Mazurkiewicz. Trace theory. In Advances in Petri Nets 1986, Part II on Petri Nets: Applications and Relationships to Other Models of Concurrency, pages 279–324. Springer-Verlag New York, Inc., 1987.

[39]

P. McKenney and J. Walpole. What is RCU, fundamentally? https://lwn.net/Articles/262464/, 2007.

[40]

M. Musuvathi and S. Qadeer. Iterative context bounding for systematic testing of multithreaded programs. In Programming Language Design and Implementation, PLDI ’07, pages 446–455. ACM, 2007.

Digital Library

[41]

M. Musuvathi, S. Qadeer, T. Ball, G. Basler, P. A. Nainar, and I. Neamtiu. Finding and reproducing heisenbugs in concurrent programs. In Operating Systems Design and Implementation, OSDI’08, pages 267–280. USENIX Association, 2008.

Digital Library

[42]

S. Narayanasamy, Z. Wang, J. Tigani, A. Edwards, and B. Calder. Automatically classifying benign and harmful data races using replay analysis. In Programming Language Design and Implementation, PLDI ’07, pages 22–31. ACM, 2007.

Digital Library

[43]

N. Nethercote and J. Seward. Valgrind: a framework for heavyweight dynamic binary instrumentation. In Programming Language Design and Implementation, PLDI ’07, pages 89–100. ACM, 2007.

Digital Library

[44]

R. O’Callahan and J.-D. Choi. Hybrid dynamic data race detection. In Principles and Practice of Parallel Programming, PPoPP ’03, pages 167–178. ACM, 2003.

Digital Library

[45]

B. Pfaff, A. Romano, and G. Back. The Pintos instructional operating system kernel. In Computer Science Education, SIGCSE ’09, pages 453–457. ACM, 2009.

Digital Library

[46]

E. Pozniansky and A. Schuster. Efficient on-the-fly data race detection in multithreaded C++ programs. In Principles and Practice of Parallel Programming, PPoPP ’03, pages 179– 190. ACM, 2003.

Digital Library

[47]

S. Savage, M. Burrows, G. Nelson, P. Sobalvarro, and T. Anderson. Eraser: A dynamic data race detector for multithreaded programs. ACM Trans. Comput. Syst., 15(4):391– 411, Nov. 1997.

Digital Library

[48]

K. Sen. Race directed random testing of concurrent programs. In Programming Language Design and Implementation, PLDI ’08, pages 11–21. ACM, 2008.

Digital Library

[49]

K. Serebryany and T. Iskhodzhanov. ThreadSanitizer: Data race detection in practice. In Workshop on Binary Instrumentation and Applications, WBIA ’09, pages 62–71. ACM, 2009.

Digital Library

[50]

J. Simsa. Systematic and Scalable Testing of Concurrent Programs. PhD thesis, Carnegie Mellon University, Pittsburgh, PA, USA, 2013.

Digital Library

[51]

J. Simsa, R. Bryant, and G. Gibson. dBug: Systematic evaluation of distributed systems. In Systems Software Verification, SSV’10, pages 3–3. USENIX Association, 2010.

Digital Library

[52]

J. Simsa, R. Bryant, G. Gibson, and J. Hickey. Efficient Exploratory Testing of Concurrent Systems. Technical Report CMU-PDL-11-113, Carnegie Mellon University, November 2011.

[53]

J. Simsa, R. Bryant, and G. Gibson. Runtime estimation and resource allocation for concurrency testing. Technical Report CMU-PDL-12-113, Carnegie Mellon University, December 2012.

[54]

J. Simsa, R. Bryant, G. Gibson, and J. Hickey. Concurrent systematic testing at scale. Technical Report CMU-PDL-12-101, Carnegie Mellon University, May 2012.

[55]

Y. Smaragdakis, J. Evans, C. Sadowski, J. Yi, and C. Flanagan. Sound predictive race detection in polynomial time. In Principles of Programming Languages, POPL ’12, pages 387–400. ACM, 2012.

Digital Library

[56]

P. Thomson, A. F. Donaldson, and A. Betts. Concurrency testing using schedule bounding: An empirical study. In Principles and Practice of Parallel Programming, PPoPP ’14, pages 15–28. ACM, 2014.

Digital Library

[57]

J. Yang, T. Chen, M. Wu, Z. Xu, X. Liu, H. Lin, M. Yang, F. Long, L. Zhang, and L. Zhou. MODIST: transparent model checking of unmodified distributed systems. In Networked Systems Design and Implementation, NSDI’09, pages 213– 228. USENIX Association, 2009.

Digital Library

[58]

Y. Yang, X. Chen, G. Gopalakrishnan, and R. M. Kirby. Efficient stateful dynamic partial order reduction. In Workshop on Model Checking Software, SPIN ’08, pages 288–305. Springer-Verlag, 2008.

Digital Library

[59]

N. Zhang, M. Kusano, and C. Wang. Dynamic partial order reduction for relaxed memory models. In Programming Language Design and Implementation, PLDI 2015, pages 250– 259. ACM, 2015.

Digital Library

Cited By

Luo PZou DJin HDu YZheng LShen J(2018)DigHRThe Journal of Supercomputing10.1007/s11227-018-2307-874:6(2684-2704)Online publication date: 1-Jun-2018
https://dl.acm.org/doi/10.1007/s11227-018-2307-8
Cai SGallina BNyström DSeceleanu C(2018)Effective Test Suite Design for Detecting Concurrency Control Faults in Distributed Transaction SystemsLeveraging Applications of Formal Methods, Verification and Validation. Distributed Systems10.1007/978-3-030-03424-5_24(355-374)Online publication date: 31-Oct-2018
https://doi.org/10.1007/978-3-030-03424-5_24
Jain RPurandare RSharma S(2022)BiRD: Race Detection in Software Binaries under Relaxed Memory ModelsACM Transactions on Software Engineering and Methodology10.1145/349853831:4(1-29)Online publication date: 31-Jan-2022
https://dl.acm.org/doi/10.1145/3498538

Index Terms

Stateless model checking with data-race preemption points

Recommendations

Stateless model checking with data-race preemption points
OOPSLA '16

Stateless model checking is a powerful technique for testing concurrent programs, but suffers from exponential state space explosion when the test input parameters are too large. Several reduction techniques can mitigate this explosion, but even after ...
Fair stateless model checking
PLDI '08

Stateless model checking is a useful state-space exploration technique for systematically testing complex real-world software. Existing stateless model checkers are limited to the verification of safety properties on terminating programs. However, ...
Fair stateless model checking
PLDI '08: Proceedings of the 29th ACM SIGPLAN Conference on Programming Language Design and Implementation

Stateless model checking is a useful state-space exploration technique for systematically testing complex real-world software. Existing stateless model checkers are limited to the verification of safety properties on terminating programs. However, ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

OOPSLA 2016: Proceedings of the 2016 ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and Applications

October 2016

915 pages

ISBN:9781450344449

DOI:10.1145/2983990

General Chair:
Eelco Visser
Delft University of Technology, Netherlands
,
Program Chair:
Yannis Smaragdakis
University of Athens, Greece

ACM SIGPLAN Notices Volume 51, Issue 10
OOPSLA '16
October 2016
915 pages
ISSN:0362-1340
EISSN:1558-1160
DOI:10.1145/3022671
Editor:
Matthew Fluet
Issue’s Table of Contents

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGPLAN: ACM Special Interest Group on Programming Languages

In-Cooperation

SIGAda: ACM Special Interest Group on Ada Programming Language

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 19 October 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

U.S. Army Research Office

Conference

SPLASH '16

Sponsor:

SIGPLAN

SPLASH '16: Conference on Systems, Programming, Languages, and Applications: Software for Humanity

November 2 - 4, 2016

Amsterdam, Netherlands

Acceptance Rates

Overall Acceptance Rate 268 of 1,244 submissions, 22%

Upcoming Conference

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
336
Total Downloads

Downloads (Last 12 months)77
Downloads (Last 6 weeks)16

Reflects downloads up to 20 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Luo PZou DJin HDu YZheng LShen J(2018)DigHRThe Journal of Supercomputing10.1007/s11227-018-2307-874:6(2684-2704)Online publication date: 1-Jun-2018
https://dl.acm.org/doi/10.1007/s11227-018-2307-8
Cai SGallina BNyström DSeceleanu C(2018)Effective Test Suite Design for Detecting Concurrency Control Faults in Distributed Transaction SystemsLeveraging Applications of Formal Methods, Verification and Validation. Distributed Systems10.1007/978-3-030-03424-5_24(355-374)Online publication date: 31-Oct-2018
https://doi.org/10.1007/978-3-030-03424-5_24
Jain RPurandare RSharma S(2022)BiRD: Race Detection in Software Binaries under Relaxed Memory ModelsACM Transactions on Software Engineering and Methodology10.1145/349853831:4(1-29)Online publication date: 31-Jan-2022
https://dl.acm.org/doi/10.1145/3498538

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents