Reachability testing for concurrent programs

Slides:

Advertisements

Similar presentations

A Survey of Runtime Verification Jonathan Amir 2004.

Advertisements

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

Partial Order Reduction: Main Idea

1 Chao Wang, Yu Yang*, Aarti Gupta, and Ganesh Gopalakrishnan* NEC Laboratories America, Princeton, NJ * University of Utah, Salt Lake City, UT Dynamic.

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

D u k e S y s t e m s Time, clocks, and consistency and the JMM Jeff Chase Duke University.

Chapter 6: Process Synchronization

ESP: A Language for Programmable Devices Sanjeev Kumar, Yitzhak Mandelbaum, Xiang Yu, Kai Li Princeton University.

/ PSWLAB Efficient Decentralized Monitoring of Safety in Distributed System K Sen, A Vardhan, G Agha, G Rosu 20 th July 2007 Presented by.

Iterative Context Bounding for Systematic Testing of Multithreaded Programs Madan Musuvathi Shaz Qadeer Microsoft Research.

1 Concurrency Specification. 2 Outline 4 Issues in concurrent systems 4 Programming language support for concurrency 4 Concurrency analysis - A specification.

Atomicity in Multi-Threaded Programs Prachi Tiwari University of California, Santa Cruz CMPS 203 Programming Languages, Fall 2004.

Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.

1 Carnegie Mellon UniversitySPINFlavio Lerda SPIN An explicit state model checker.

ECE Synthesis & Verification1 ECE 667 Spring 2011 Synthesis and Verification of Digital Systems Verification Introduction.

1 Organization of Programming Languages-Cheng (Fall 2004) Concurrency u A PROCESS or THREAD:is a potentially-active execution context. Classic von Neumann.

0 Deterministic Replay for Real- time Software Systems Alice Lee Safety, Reliability & Quality Assurance Office JSC, NASA Yann-Hang.

Deterministic Replay of Java Multithreaded Applications Jong-Deok Choi and Harini Srinivasan slides made by Qing Zhang.

Cheng/Dillon-Software Engineering: Formal Methods Model Checking.

CSE 486/586 CSE 486/586 Distributed Systems PA Best Practices Steve Ko Computer Sciences and Engineering University at Buffalo.

Timing and Race Condition Verification of Real-time Systems Yann–Hang Lee, Gerald Gannod, and Karam Chatha Dept. of Computer Science and Eng. Arizona State.

© 2012 IBM Corporation Rational Insight | Back to Basis Series Chao Zhang Unit Testing.

Multi-Threaded Application CSNB534 Asma Shakil. Overview Software applications employ a strategy called multithreaded programming to split tasks into.

 2004 Deitel & Associates, Inc. All rights reserved. 1 Chapter 4 – Thread Concepts Outline 4.1 Introduction 4.2Definition of Thread 4.3Motivation for.

Survey on Trace Analyzer (2) Hong, Shin /34Survey on Trace Analyzer (2) KAIST.

Specifying and Verifying Event-based Fairness Enhanced Systems 1 ICFEM 2008 Specifying and Verifying Event-based Fairness Enhanced Systems Jun SUN, Yang.

Model Checking Java Programs using Structural Heuristics

1 CSEP590 – Model Checking and Automated Verification Lecture outline for August 6, 2003.

Normalization Transparencies 1. ©Pearson Education 2009 Objectives How the technique of normalization is used in database design. How tables that contain.

Efficient Techniques for Software Testing Jeff Lei April 13, 2007.

CS265: Dynamic Partial Order Reduction Koushik Sen UC Berkeley.

Polytechnic University of Tirana Faculty of Information Technology Computer Engineering Department A MULTITHREADED SEARCH ENGINE AND TESTING OF MULTITHREADED.

Thread basics. A computer process Every time a program is executed a process is created It is managed via a data structure that keeps all things memory.

Source Level Debugging of Parallel Programs Roland Wismüller LRR-TUM, TU München Germany.

Today’s Agenda  HW 3 Due, HW 4 Out  Quick Review  Finish Race Analysis  Reachability Testing Advanced Topics in Software Engineering 1.

Software Systems Verification and Validation Laboratory Assignment 4 Model checking Assignment date: Lab 4 Delivery date: Lab 4, 5.

/ PSWLAB Thread Modular Model Checking by Cormac Flanagan and Shaz Qadeer (published in Spin’03) Hong,Shin Thread Modular Model.

Today’s Agenda  Quiz 4  Temporal Logic Formal Methods in Software Engineering1.

Agenda  Quick Review  Finish Introduction  Java Threads.

Reachability Testing of Concurrent Programs1 Reachability Testing of Concurrent Programs Richard Carver, GMU Yu Lei, UTA.

1 Threads in Java Jingdi Wang. 2 Introduction A thread is a single sequence of execution within a program Multithreading involves multiple threads of.

Symbolic Model Checking of Software Nishant Sinha with Edmund Clarke, Flavio Lerda, Michael Theobald Carnegie Mellon University.

CS5270 Lecture 41 Timed Automata I CS 5270 Lecture 4.

1 Active Random Testing of Parallel Programs Koushik Sen University of California, Berkeley.

Sung-Dong Kim, Dept. of Computer Engineering, Hansung University Java - Introduction.

Chapter 4 – Thread Concepts

Applications Active Web Documents Active Web Documents.

SDN Network Updates Minimum updates within a single switch

Healing Data Races On-The-Fly

Processes and Threads Processes and their scheduling

Chapter 4 – Thread Concepts

Hierarchical Architecture

runtime verification Brief Overview Grigore Rosu

Definitions Concurrent program – Program that executes multiple instructions at the same time. Process – An executing program (the running JVM for Java.

Concurrency Specification

Threads and Memory Models Hal Perkins Autumn 2011

Lecture 15: Concurring Concurrently CS201j: Engineering Software

Concurring Concurrently

Over-Approximating Boolean Programs with Unbounded Thread Creation

Threads and Memory Models Hal Perkins Autumn 2009

Background and Motivation

An explicit state model checker

A Refinement Calculus for Promela

Basics of Distributed Systems

Tools for the development of parallel applications

Runtime Safety Analysis of Multithreaded Programs

Electrical and Computer Engineering

Software Engineering and Architecture

Mitigating the Effects of Flaky Tests on Mutation Testing

Presentation transcript:

Reachability testing for concurrent programs Yu Lei and Richard Carver Presented by Thuan Huynh

Overview Introduction Some existing tools Reachability testing Concepts Algorithm Implementation Optimizations Results Conclusion

Concurrent programs Multiple non-independent executions Multithreaded programs Distributed programs Very difficult to test Non deterministic interleavings/irreproducible Difficult to breakdown because problems come from interactions Thread1 Thread2 Thread3 t.send(1) t.send(2) x = t.recv() y = t.recv() print x - y

Approaches to testing Deterministic testing Non-deterministic testing Run all possible interleavings (how?) Select a subset of interleavings and force execution to follow Non-deterministic testing Run repeatedly for some time Easy but inefficient, problems may appear at only extreme conditions at customers’ computers Prefix-based testing Run test deterministically at the beginning Follow by nondeterminstic runs

Model checking/SPIN Use a modeling language PROMELA Explore all possible states of a program Support full LTL logic Suffer state explosion problem Partial order reduction to relieve the problem Use for very critical portion of software Verify network protocols

Java PathFinder Formal verification tool developed by NASA Ames Research center A more easier to use SPIN Explore ALL possible execution paths of a java program without recompling Also visit all possible states of the program Check every state for violations of assertions/ /properties/exceptions/deadlocks/livelock Has a lot of heuristics and optimization to work with big programs. VeriSoft for C/C++

Concutest-junit A concurrency-aware version of junit developed at Rice University Improvements: Catch errors in auxiliary threads Have new invariants to check threading related problems Can insert delays at critical places Can record and playback specific interleavings

ConTest A tool to test concurrent java programs developed by IBM Haifa Research Lab Works without recompiling/new test Instruments existing bytecode Inserts heuristic sleep() and yield() instructions to expose problems Run multiple times

Reachability testing (prefix-based testing) Concepts Algorithm Implementations Optimizations Results

SYN-sequence We only care about the order of operations whose interleavings has effect on execution Sending/receiving data with another thread Semaphore/Monitors General execution model: send/receive SYN-sequence: sequence of synchronization events Aim: execute all possible SYN-sequences

Happen-before relation Gives us the order of events, usually partial. We can extract these relations by watching an execution The unordered events are subjected to testing Why vector clock but not single global clock? a b ? x c d ? e f

Partial order reduction s1 s3 b1 a a b … a b1 a b bn … s2 bn a s4

Algorithm (RichTest) Run and collect a SYN-sequence s* S  {s*} Repeat Get a sequence s  S Runs each variant of s to collect sequences s1, s2, … sm S  {s1, s2,…, sm} Until S = empty

Example Thread 1 Thread 2 Thread 3 Thread 4 P2.send(a) x=p2.recv(); u=p3.recv() p2.send(b) y=p2.recv(); v=p3.recv() p3.send(d); p3.send(c); s2 s1 r1 r2 s3 r3 s4 r4

More concepts Race condition: A receive() operation may match with different send()’s Race_set(r): all send events that can possibly be matched with the receive operation r

Race table Contains one column for each receive event r that has a nonempty race_set(r). The numbers in each row represent -1: remove r 0: no change 1..|race_set(r)|: match r to the ith send in race_set(r)

Example r1 r3 1 race_set(r1) = {s1,s2} race_set(r3) = {s3,s4} Thread 1 Thread 2 Thread 3 Thread 4 P2.send(a) x=p2.recv(); u=p3.recv() p2.send(b) y=p2.recv(); v=p3.recv() p3.send(d); p3.send(c); r1 r3 1 s2 s1 r1 race_set(r1) = {s1,s2} race_set(r3) = {s3,s4} r2 s3 r3 s4 r4

Implementation Library of synchronization objects: semaphores, monitors, send, receive Control/record the execution using the library No modification to thread scheduler Portable to other operating systems and languages

Optimization Aim: Do not visit a SYN-sequence twice Keeping a list of visited SYN-sequence is expensive Trick: only include variants that obeys a specific set of rules. Proven that We can still visit all SYN-sequences Can start from any SYN-sequence Computationally inexpensive to check

Results

Results

Conclusion The new method for reachability testing Guarantees the execution of every SYN-seqence exactly once Does not require keeping a list of all visited SYN-sequences Outperforms existing partial order reduction based techniques Is platform independent