Optimistic Synchronization-Based State-Space Reduction

DOI: 10.1007/3-540-36577-X_36


Reductions that aggregate fine-grained transitions into coarser transitions can significantly reduce the cost of automated
verification, by reducing the size of the state space. We propose a reduction that can exploit common synchronization disciplines,
such as the use of mutual exclusion for accesses to shared data structures. Exploiting them using traditional reduction theorems
requires checking that the discipline is followed in the original (i.e., unreduced) system. That check can be prohibitively expensive. This paper presents a reduction that instead requires checking
whether the discipline is followed in the reduced system. This check may be much cheaper, because the reachable state space
is smaller.

Download full-text


Available from: Ernie Cohen, Oct 03, 2015
11 Reads
  • Source
    • "These predicates are used to perform partial-order reduction on the state space, in the meanwhile inferring the assumptions on the predicates. The work in [26] is interesting in that their approach only requires checking if the reduced software obeys the synchronization discipline. Unless the exclusive access predicates are expressive enough, these techniques do not work well when the synchronization discipline, e.g. the locksets protecting a variable, changes over time along the execution. "
    [Show abstract] [Hide abstract]
    ABSTRACT: In this paper, we present a new algorithm for detecting data-races in an execution of a concurrent program. Our algorithm is sound and precise, that is, it reports a race in an execution iff there are two accesses to a shared variable along the execution that are not ordered by the happens-before relation. Previous algorithms for computing the happens-before relation are based on clock vectors. On the other hand, our algorithm is based solely on the concept of locksets and is able to capture all mutual-exclusion synchronization idioms uniformly with one mechanism. Our lockset algorithm could be very useful for improving the precision of flow-sensitive static analyses, particularly those for detecting data-races and atomicity violations in concurrent programs. We present one such analysis, a model checking algorithm that uses our lockset algorithm both to check for races exhaustively and perform partial-order reduction when races are absent. Our characterization of the happens-before relation in terms of locksets rather than clock vectors is crucial for the fixpoint computation inherent in model checking and other flow-sensitive analyses. We have implemented our algorithm and used it to prove the absence of data-races and assertion failures on a number of examples containing a variety of synchronization idioms.
  • Source
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Concurrency is used pervasively in the development of large systems programs. However, concurrent programming is difficult because of the possibility of unexpected interference among concurrently executing tasks. Such interference often results in "Heisenbugs" that appear rarely and are extremely difficult to reproduce and debug. Stress testing, in which the system is run under heavy load for a long time, is the method commonly employed to flush out such concurrency bugs. This form of testing provides inadequate coverage and has unpredictable results. This paper proposes an alternative called concurrency scenario testing which relies on systematic and exhaustive testing We have implemented a tool called CHESS for performing concurrency scenario testing of systems programs. CHESS uses model checking techniques to systematically generate all interleaving of a given scenario. CHESS scales to large concurrent programs and has found numerous previously unknown bugs in systems that had been stress tested for many months prior to being tested by CHESS. For each bug, CHESS is able to consistently reproduce an erroneous execution manifesting the bug, thereby making it significantly easier to debug the problem. CHESS has been integrated into the test frameworks of many code bases inside Microsoft and is being used by testers on a daily basis.
Show more