Chapter

Generating Data Race Witnesses by an SMT-Based Analysis

DOI: 10.1007/978-3-642-20398-5_23
Source: DBLP

ABSTRACT Data race is one of the most dangerous errors in multithreaded programming, and despite intensive studies, it remains a notorious
cause of failures in concurrent systems. Detecting data races is already a hard problem, and yet it is even harder for a programmer
to decide whether or how a reported data race can appear in the actual program execution. In this paper we propose an algorithm for generating debugging
aid information called witnesses, which are concrete thread schedules that can deterministically trigger the data races. More specifically, given a concrete
execution trace, e.g. non-erroneous one which may have triggered a warning in Eraser-style data race detectors, we use a symbolic
analysis based on SMT solvers to search for a data race witness among alternative interleavings of events of that trace. Our
symbolic analysis precisely encodes the sequential consistency semantics using a scalable predictive model to ensure that
the reported witness is always feasible.

KeywordsData Race–Debug–SMT–Concurrent Programs

Full-text

Available from: Zijiang Yang, Jan 15, 2015
1 Follower
 · 
99 Views
  • [Show abstract] [Hide abstract]
    ABSTRACT: This book constitutes the thoroughly refereed post-conference proceedings of the 7th International Haifa Verification Conference, HVC 2011, held in Haifa, Israel in December 2011. The 15 revised full papers presented together with 3 tool papers and 4 posters were carefully reviewed and selected from 43 submissions. The papers are organized in topical sections on synthesis, formal verification, software quality, testing and coverage, experience and tools, and posters- student event.
    Lecture Notes in Computer Science, Vol. 7261 02/2015; Springer Verlag., ISBN: 978-3-642-34188-5
  • [Show abstract] [Hide abstract]
    ABSTRACT: We propose null-pointer dereferences as a target for finding bugs in concurrent programs using testing. A null-pointer dereference prediction engine observes an execution of a concurrent program under test and predicts alternate interleavings that are likely to cause null-pointer dereferences. Though accurate scalable prediction is intractable, we provide a carefully chosen novel set of techniques to achieve reasonably accurate and scalable prediction. We use an abstraction to the shared-communication level, take advantage of a static lock-set based pruning, and finally, employ precise and relaxed constraint solving techniques that use an SMT solver to predict schedules. We realize our techniques in a tool, ExceptioNULL, and evaluate it over 13 benchmark programs and find scores of null-pointer dereferences by using only a single test run as the prediction seed for each benchmark.
    Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering; 11/2012
  • [Show abstract] [Hide abstract]
    ABSTRACT: In our recent work, we addressed the problem of detecting serializability violations in a concurrent program using predictive analysis, where we used a graph-based method to derive a predictive model from a given test execution. The exploration of the predictive model to check alternate interleavings of events in the execution was performed explicitly, based on stateless model checking using dynamic partial order reduction (DPOR). Although this was effective on some benchmarks, the explicit enumeration was too expensive on other examples. This motivated us to examine alternatives based on symbolic exploration using SMT solvers. In this paper, we propose an SMT-based encoding for detecting serializability violations in our predictive model. SMT-based encodings for detecting simpler atomicity violations (with two threads and a single variable) have been used before, but to our knowledge, our work is the first to use them for serializability violations with any number of threads and variables. We also describe details of our DPOR-based explicit search and pruning, and present an experimental evaluation comparing the two search techniques. This provides some insight into the characteristics of the instances when one of these is superior to the other. These characteristics can then be used to predict the preferred technique for a given instance.
    Proceedings of the 7th international Haifa Verification conference on Hardware and Software: verification and testing; 12/2011