Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS265: Dynamic Partial Order Reduction Koushik Sen UC Berkeley.

Published byJack Scott Modified over 9 years ago

Similar presentations

Presentation on theme: "CS265: Dynamic Partial Order Reduction Koushik Sen UC Berkeley."— Presentation transcript:

1 CS265: Dynamic Partial Order Reduction Koushik Sen UC Berkeley

2 Solution All paths in the tree are not important for statement reachability  Many paths are equivalent to each other  Prune equivalent paths => Partial Order Reduction Generate inputs along with Partial Order Reduction

3 Equivalent Paths t1: x = 3 t2: y = 2 Initially x = 0 and y = 0 x=3 y=2 One partial order x=3 y=2 Same partial order Different linear order => Different Path => Equivalent Path x=0, y=0

4 Independent transitions B and R are independent transitions if 1. they commute: B ∘ R = R ∘ B 2. neither enables nor disables the other B R R B s Example: x = 3 and y = 2 are independent

5 Existing Approaches Static Partial Order Reduction  Valmari 91, Peled 93, Godefroid 96, SPIN model checkerby Holzmann, Verisoft  Limitation Results in a large dependent relation Pointers -> Whether two pointers point to the same location is determined conservatively (May point-to) Results in over-approximation of the dependency relation Limited POR

6 Example: static partial-order reduction Global Vars lock m int i1,i2 int x=0 int n=100 char[] a Thread 2 lock(m) i2 := x++ unlock(m) for( ;i2<n; i2+=2) a[i2] := ‘r’ Thread 1 lock(m) i1 := x++ unlock(m) for( ;i1<n; i1+=2) a[i1] := ‘b’ Static analysis gives  i1, i2 are thread-local  x is protected by m  but a[i1] and a[i2] may alias Static POR gives O(n 2 ) explored states and transitions  but only two possible terminating states may-alias (according to static analysis) never alias (in practice)

7 Dynamic partial-order reduction Static POR relies on static analysis  to yield approximate information about run-time behavior  pointers => coarse information => limited POR => path explosion Dynamic POR  while model checker executes the program, it sees exactly which threads access which locations  use to simultaneously reduce the path space while model-checking

8 Focus on Race-Detection and Flipping Algorithm Race-Detection and Flipping Algorithm is a simplified form of DPOR

9 Event (t,l,a)  If thread t executes the statement labeled l and the access type is a  a 2 {w,r,l,u, ? } An execution path  is a sequence of events

10 Sequential Relation e = (t,l,a) and e’ = (t’,l’,a’) e C e’  e = e', or  t=t’ and e appears before e' in , or  t  t’, t created the thread t’, and e appears before e'' in , where e'' is the fork event on t creating the thread t’, or  there exists an event e'' in  such that e C e'' and e'' C e'. 2: fork(8) e 2 t1t1 t0t0 3: y=2 e 3 4: lock(m) e 4 1: x=1 e 1 5: x=3 e 5 6: unlock(m) e 6 8: lock(m) e 9 9: x=4 e 10 10: unlock(m) e 11 11: y=5 e 12 7: halt e 7 12: halt e 13 e8e8

11 Causal Relation (Happens-Before Relation) e = (t,l,a) and e’ = (t’,l’,a’) e ¹ e’  e C e’, or  e appears before e' in  and both access a shared memory location m and one of the accesses is update (write, lock acquire, release), or  there exists an event e'' in  such that e ¹ e'' and e'' ¹ e'. ¹ is a partial order relation 2: fork(8) e 2 t1t1 t0t0 3: y=2 e 3 4: lock(m) e 4 1: x=1 e 1 5: x=3 e 5 6: unlock(m) e 6 8: lock(m) e 9 9: x=4 e 10 10: unlock(m) e 11 11: y=5 e 12 7: halt e 7 12: halt e 13 e8e8

12 Equivalent Paths Definition: Two execution paths are equivalent if they are linearizations of the same partial order Proposition: Exploration of one linear order of each partial order is sufficient for statement reachability

13 Race Relation Not so strict definition (see paper for the strict definition) e = (t,l,a) and e’ = (t’,l’,a’) e l e’  e ¹ e’  Not (e C e’ or e’ C e)  There exists no e 1 such that e ¹ e 1 and e 1 ¹ e’ Where e 1 is not equal to e or e’ x := 1 y := 2 y := 3 x := 4 Partial Order 1.Events in race relation can be permuted by changing schedule 2.What happens if we have locks? (see paper)

14 DPOR (Race-detection and flipping) Example Thread t 1 : 1: x := 1 2: y := 2 Thread t 2 : 1: y := 3 2: x := 4

15 DPOR (Race-detection and flipping) Example Thread t 1 : 1: x := 1 2: y := 2 Thread t 2 : 1: y := 3 2: x := 4 x := 1 y := 2 y := 3 x := 4 Execution 1

16 DPOR (Race-detection and flipping) Example Thread t 1 : 1: x := 1 2: y := 2 Thread t 2 : 1: y := 3 2: x := 4 x := 1 y := 2 y := 3 x := 4 Postponed { } Execution 1 x := 1 y := 2 y := 3 x := 4 Partial Order

17 DPOR (Race-detection and flipping) Example Thread t 1 : 1: x := 1 2: y := 2 Thread t 2 : 1: y := 3 2: x := 4 x := 1 y := 2 y := 3 x := 4 Postponed { t 1 } { } Race Execution 1 x := 1 y := 2 y := 3 x := 4 Partial Order

18 DPOR (Race-detection and flipping) Example Thread t 1 : 1: x := 1 2: y := 2 Thread t 2 : 1: y := 3 2: x := 4 x := 1 y := 2 y := 3 x := 4 Postponed { t 1 } { } Race Execution 1 Backtrack Here { } x := 1 y := 2 y := 3 x := 4 Partial Order

19 DPOR (Race-detection and flipping) Example Thread t 1 : 1: x := 1 2: y := 2 Thread t 2 : 1: y := 3 2: x := 4 x := 1 y := 2 y := 3 x := 4 Postponed { t 1 } { } Race Execution 1 Backtrack Here x := 1 y := 2 y := 3 x := 4 Partial Order

20 DPOR (Race-detection and flipping) Example Thread t 1 : 1: x := 1 2: y := 2 Thread t 2 : 1: y := 3 2: x := 4 x := 1 y := 2 y := 3 x := 4 Postponed { t 1 } { } Execution 2 x := 1 y := 2 y := 3 x := 4 Partial Order

21 DPOR (Race-detection and flipping) Example Thread t 1 : 1: x := 1 2: y := 2 Thread t 2 : 1: y := 3 2: x := 4 x := 1 y := 2 y := 3 x := 4 Postponed { t 1,t 2 } { t 1 } { } Execution 2 Race x := 1 y := 2 y := 3 x := 4 Partial Order

22 DPOR (Race-detection and flipping) Example Thread t 1 : 1: x := 1 2: y := 2 Thread t 2 : 1: y := 3 2: x := 4 x := 1 y := 2 y := 3 x := 4 Postponed { t 1,t 2 } { t 1 } { } Execution 2 Race Cannot Backtrack Here x := 1 y := 2 y := 3 x := 4 Partial Order

23 DPOR (Race-detection and flipping) Example Thread t 1 : 1: x := 1 2: y := 2 Thread t 2 : 1: y := 3 2: x := 4 x := 1 y := 2 y := 3 x := 4 Postponed { t 1,t 2 } { t 1 } { } Execution 2 Race Backtrack Here x := 1 y := 2 y := 3 x := 4 Partial Order

24 DPOR (Race-detection and flipping) Example Thread t 1 : 1: x := 1 2: y := 2 Thread t 2 : 1: y := 3 2: x := 4 x := 1 y := 2 y := 3 x := 4 Postponed { t 1 } Execution 2 Race Backtrack Here x := 1 y := 2 y := 3 x := 4 Partial Order

25 DPOR (Race-detection and flipping) Example Thread t 1 : 1: x := 1 2: y := 2 Thread t 2 : 1: y := 3 2: x := 4 x := 1 y := 2 y := 3 x := 4 Postponed { t 1 } { } Execution 3 x := 1 y := 2 y := 3 x := 4 Partial Order

26 DPOR (Race-detection and flipping) Example Thread t 1 : 1: x := 1 2: y := 2 Thread t 2 : 1: y := 3 2: x := 4 x := 1 y := 2 y := 3 x := 4 Postponed { t 1 } { t 2 } { } Execution 3 Race x := 1 y := 2 y := 3 x := 4 Partial Order

27 DPOR (Race-detection and flipping) Example Thread t 1 : 1: x := 1 2: y := 2 Thread t 2 : 1: y := 3 2: x := 4 x := 1 y := 2 y := 3 x := 4 Postponed { t 1 } { t 2 } { } Execution 3 Race Backtrack Here x := 1 y := 2 y := 3 x := 4 Partial Order

28 DPOR (Race-detection and flipping) Example Thread t 1 : 1: x := 1 2: y := 2 Thread t 2 : 1: y := 3 2: x := 4 x := 1 y := 2 y := 3 x := 4 Postponed { t 1 } { t 2 } Execution 3 Race Backtrack Here x := 1 y := 2 y := 3 x := 4 Partial Order

29 DPOR (Race-detection and flipping) Example Thread t 1 : 1: x := 1 2: y := 2 Thread t 2 : 1: y := 3 2: x := 4 x := 1 y := 2 y := 3 x := 4 Postponed { t 1 } { t 2 } { } Execution 4 x := 1 y := 2 y := 3 x := 4 Partial Order

30 DPOR (Race-detection and flipping) Example Thread t 1 : 1: x := 1 2: y := 2 Thread t 2 : 1: y := 3 2: x := 4 x := 1 y := 2 y := 3 x := 4 Postponed { t 1,t 2 } { } Execution 4 Race Cannot Backtrack Here Done! x := 1 y := 2 y := 3 x := 4 Partial Order

31 DPOR (POPL 05) Example Thread t 1 : 1: x := 1 2: y := 2 Thread t 2 : 1: y := 3 2: x := 4 x := 1 y := 2 y := 3 x := 4 Postponed { t 1 } { } Race Execution 1 { } x := 1 y := 2 y := 3 x := 4 Partial Order Persistent { t 2 } { }

32 DPOR (POPL 05) Example Thread t 1 : 1: x := 1 2: y := 2 Thread t 2 : 1: y := 3 2: x := 4 x := 1 y := 2 y := 3 x := 4 Postponed { t 1,t 2 } { t 1 } { } Execution 2 x := 1 y := 2 y := 3 x := 4 Partial Order Persistent { t 1,t 2 } { t 2 } { }

33 DPOR (POPL 05) Example Thread t 1 : 1: x := 1 2: y := 2 Thread t 2 : 1: y := 3 2: x := 4 x := 1 y := 2 y := 3 x := 4 Postponed { t 1 } { t 2 } { } Execution 3 x := 1 y := 2 y := 3 x := 4 Partial Order Persistent { t 2 } { t 1 } { }

34 DPOR (POPL 05) Example Thread t 1 : 1: x := 1 2: y := 2 Thread t 2 : 1: y := 3 2: x := 4 x := 1 y := 2 y := 3 x := 4 Execution 4 x := 1 y := 2 y := 3 x := 4 Partial Order Postponed { t 1,t 2 } { } Persistent { t 1,t 2 } { }

35 DPOR Problem Thread t 1 : 1: x := 1 2: x := 2 Thread t 2 : 1: y := 1 2: x := 3 DPOR (both approaches) explores all 6 execution paths => No reduction Example in the POPL 05 paper has error Think about it Need Sleep Set to obtain reduction

36 Sleep Set Example

37 DPOR (Race-detection and flipping) Example Thread t 1 : 1: x := 1 2: y := 2 Thread t 2 : 1: y := 3 2: x := 4

38 DPOR (Race-detection and flipping) Example Thread t 1 : 1: x := 1 2: y := 2 Thread t 2 : 1: y := 3 2: x := 4 x := 1 y := 2 y := 3 x := 4 Execution 1

39 DPOR (Race-detection and flipping) Example Thread t 1 : 1: x := 1 2: y := 2 Thread t 2 : 1: y := 3 2: x := 4 x := 1 y := 2 y := 3 x := 4 Postponed { } Execution 1 x := 1 y := 2 y := 3 x := 4 Partial Order Delayed { }

40 DPOR (Race-detection and flipping) Example Thread t 1 : 1: x := 1 2: y := 2 Thread t 2 : 1: y := 3 2: x := 4 x := 1 y := 2 y := 3 x := 4 Postponed { t 1 } { } Race Execution 1 x := 1 y := 2 y := 3 x := 4 Partial Order Delayed { }

41 DPOR (Race-detection and flipping) Example Thread t 1 : 1: x := 1 2: y := 2 Thread t 2 : 1: y := 3 2: x := 4 x := 1 y := 2 y := 3 x := 4 Postponed { t 1 } { } Race Execution 1 { } x := 1 y := 2 y := 3 x := 4 Partial Order Delayed { } Backtrack Here

42 DPOR (Race-detection and flipping) Example Thread t 1 : 1: x := 1 2: y := 2 Thread t 2 : 1: y := 3 2: x := 4 x := 1 y := 2 y := 3 x := 4 Postponed { t 1 } { } Race Execution 1 x := 1 y := 2 y := 3 x := 4 Partial Order Delayed { } Backtrack Here

43 DPOR (Race-detection and flipping) Example Thread t 1 : 1: x := 1 2: y := 2 Thread t 2 : 1: y := 3 2: x := 4 x := 1 y := 2 y := 3 x := 4 Postponed { t 1 } { } Execution 2 x := 1 y := 2 y := 3 x := 4 Partial Order Delayed { } { t 1 } { }

44 DPOR (Race-detection and flipping) Example Thread t 1 : 1: x := 1 2: y := 2 Thread t 2 : 1: y := 3 2: x := 4 x := 1 y := 2 y := 3 x := 4 Postponed { t 1 } { } Execution 2 Race x := 1 y := 2 y := 3 x := 4 Partial Order Delayed { } { t 1 } { } X

45 DPOR (Race-detection and flipping) Example Thread t 1 : 1: x := 1 2: y := 2 Thread t 2 : 1: y := 3 2: x := 4 x := 1 y := 2 y := 3 x := 4 Postponed { t 1 } { } Execution 2 Race x := 1 y := 2 y := 3 x := 4 Partial Order { } { t 1 } { } Nothing to Backtrack Here Delayed X

46 DPOR (Race-detection and flipping) Example Thread t 1 : 1: x := 1 2: y := 2 Thread t 2 : 1: y := 3 2: x := 4 x := 1 y := 2 y := 3 x := 4 Postponed { t 1 } { } Execution 2 Race x := 1 y := 2 y := 3 x := 4 Partial Order { } { t 1 } { } Backtrack Here X

47 DPOR (Race-detection and flipping) Example Thread t 1 : 1: x := 1 2: y := 2 Thread t 2 : 1: y := 3 2: x := 4 x := 1 y := 2 y := 3 x := 4 Postponed { t 1 } Execution 2 Race x := 1 y := 2 y := 3 x := 4 Partial Order Delayed { } { t 1 } { } Backtrack Here X

48 DPOR (Race-detection and flipping) Example Thread t 1 : 1: x := 1 2: y := 2 Thread t 2 : 1: y := 3 2: x := 4 x := 1 y := 2 y := 3 x := 4 Postponed { t 1 } { } Execution 3 x := 1 y := 2 y := 3 x := 4 Partial Order Delayed { t 1 } { } { t 1 }

49 DPOR (Race-detection and flipping) Example Thread t 1 : 1: x := 1 2: y := 2 Thread t 2 : 1: y := 3 2: x := 4 x := 1 y := 2 y := 3 x := 4 Postponed { t 1 } { } Execution 3 Race x := 1 y := 2 y := 3 x := 4 Partial Order X Delayed { t 1 } { } { t 1 }

50 jCUTE Key Observation: Concolic execution is ideal for testing concurrent programs with complex data inputs  Use symbolic execution to generate new inputs  Use concrete execution to perform partial order reduction ?

51 jCUTE Key Observation: Concolic execution is ideal for testing concurrent programs with complex data inputs  Use symbolic execution to generate new inputs  Use concrete execution to perform partial order reduction Explore “Interesting” thread schedules or total orders  Where to perform context switches?  How to perform context switches? ?

52 jCUTE Key Observation: Concolic execution is ideal for testing concurrent programs with complex data inputs  Use symbolic execution to generate new inputs  Use concrete execution to perform partial order reduction Explore “Interesting” thread schedules or total orders  Where to perform context switches?  Detect data race and lock race  How to perform context switches?  Hijack the scheduler using semaphores  Insert semaphores through instrumentation ?

53 jCUTE Example z = input(); Thread t 1 : 1: x := 3 Thread t 2 : 1: x := 2 2: if (2*z + 1 == x) 3:ERROR;

54 jCUTE Example z = input(); Thread t 1 : 1: x := 3 Thread t 2 : 1: x := 2 2: if (2*z + 1 == x) 3:ERROR; Concrete State x  0, z  17x  0, z  z 0 Symbolic State Path Constraint + Postponed Set { }

55 jCUTE Example z = input(); Thread t 1 : 1: x := 3 Thread t 2 : 1: x := 2 2: if (2*z + 1 == x) 3:ERROR; x :=3 Concrete State x  0, z  17x  0, z  z 0 Symbolic State Path Constraint + Postponed Set x  3, z  17x  3, z  z 0 { }{ } { }

56 jCUTE Example z = input(); Thread t 1 : 1: x := 3 Thread t 2 : 1: x := 2 2: if (2*z + 1 == x) 3:ERROR; x :=3 x :=2 Concrete State x  0, z  17x  0, z  z 0 Symbolic State Path Constraint + Postponed Set x  3, z  17x  3, z  z 0 x  2, z  17x  2, z  z 0 { t 1 } { }

57 jCUTE Example z = input(); Thread t 1 : 1: x := 3 Thread t 2 : 1: x := 2 2: if (2*z + 1 == x) 3:ERROR; x :=3 x :=2 2*z+1 ==x Concrete State x  0, z  17x  0, z  z 0 Symbolic State Path Constraint + Postponed Set x  3, z  17x  3, z  z 0 x  2, z  17x  2, z  z 0 x  2, z  17x  2, z  z 0 { t 1 } { } 2*z 0 +1!=2

58 jCUTE Example z = input(); Thread t 1 : 1: x := 3 Thread t 2 : 1: x := 2 2: if (2*z + 1 == x) 3:ERROR; x :=3 x :=2 2*z+1 ==x Concrete State x  0, z  17x  0, z  z 0 Symbolic State Path Constraint + Postponed Set x  3, z  17x  3, z  z 0 x  2, z  17x  2, z  z 0 x  2, z  17x  2, z  z 0 { t 1 } { } 2*z 0 +1!=2 Backtrack Here Solve: 2*z 0 +1=2 No Solution

59 jCUTE Example z = input(); Thread t 1 : 1: x := 3 Thread t 2 : 1: x := 2 2: if (2*z + 1 == x) 3:ERROR; x :=3 x :=2 2*z+1 ==x Concrete State x  0, z  17x  0, z  z 0 Symbolic State Path Constraint + Postponed Set x  3, z  17x  3, z  z 0 x  2, z  17x  2, z  z 0 x  2, z  17x  2, z  z 0 { t 1 } Backtrack Here

60 jCUTE Example z = input(); Thread t 1 : 1: x := 3 Thread t 2 : 1: x := 2 2: if (2*z + 1 == x) 3:ERROR; Concrete State x  0, z  17x  0, z  z 0 Symbolic State Path Constraint + Postponed Set { t 1 }

61 jCUTE Example z = input(); Thread t 1 : 1: x := 3 Thread t 2 : 1: x := 2 2: if (2*z + 1 == x) 3:ERROR; x :=2 Concrete State x  0, z  17x  0, z  z 0 Symbolic State Path Constraint + Postponed Set x  2, z  17x  2, z  z 0 { t 1 } { }

62 jCUTE Example z = input(); Thread t 1 : 1: x := 3 Thread t 2 : 1: x := 2 2: if (2*z + 1 == x) 3:ERROR; x :=2 2*z+1 ==x Concrete State x  0, z  17x  0, z  z 0 Symbolic State Path Constraint + Postponed Set x  2, z  17x  2, z  z 0 x  2, z  17x  2, z  z 0 { t 1 } { } 2*z 0 +1!=2

63 jCUTE Example z = input(); Thread t 1 : 1: x := 3 Thread t 2 : 1: x := 2 2: if (2*z + 1 == x) 3:ERROR; x :=3 x :=2 2*z+1 ==x Concrete State x  0, z  17x  0, z  z 0 Symbolic State Path Constraint + Postponed Set x  2, z  17x  2, z  z 0 x  2, z  17x  2, z  z 0 x  3, z  17x  3, z  z 0 { t 1 } { t 2 } { } 2*z 0 +1!=2

64 jCUTE Example z = input(); Thread t 1 : 1: x := 3 Thread t 2 : 1: x := 2 2: if (2*z + 1 == x) 3:ERROR; x :=3 x :=2 2*z+1 ==x Concrete State x  0, z  17x  0, z  z 0 Symbolic State Path Constraint + Postponed Set x  2, z  17x  2, z  z 0 x  2, z  17x  2, z  z 0 x  3, z  17x  3, z  z 0 { t 1 } { t 2 } { } 2*z 0 +1!=2 Backtrack Here Solve: 2*z 0 +1=2 No Solution

65 jCUTE Example z = input(); Thread t 1 : 1: x := 3 Thread t 2 : 1: x := 2 2: if (2*z + 1 == x) 3:ERROR; x :=3 x :=2 2*z+1 ==x Concrete State x  0, z  17x  0, z  z 0 Symbolic State Path Constraint + Postponed Set x  2, z  17x  2, z  z 0 x  2, z  17x  2, z  z 0 x  3, z  17x  3, z  z 0 { t 1 } { t 2 } Backtrack Here

66 jCUTE Example z = input(); Thread t 1 : 1: x := 3 Thread t 2 : 1: x := 2 2: if (2*z + 1 == x) 3:ERROR; Concrete State x  0, z  17x  0, z  z 0 Symbolic State Path Constraint + Postponed Set { t 1 } { t 2 }

67 jCUTE Example z = input(); Thread t 1 : 1: x := 3 Thread t 2 : 1: x := 2 2: if (2*z + 1 == x) 3:ERROR; x :=2 Concrete State x  0, z  17x  0, z  z 0 Symbolic State Path Constraint + Postponed Set x  2, z  17x  2, z  z 0 { t 1 } { t 2 }

68 jCUTE Example z = input(); Thread t 1 : 1: x := 3 Thread t 2 : 1: x := 2 2: if (2*z + 1 == x) 3:ERROR; x :=3 x :=2 Concrete State x  0, z  17x  0, z  z 0 Symbolic State Path Constraint + Postponed Set x  2, z  17x  2, z  z 0 x  3, z  17x  3, z  z 0 { t 1,t 2 } { t 2 } { }

69 jCUTE Example z = input(); Thread t 1 : 1: x := 3 Thread t 2 : 1: x := 2 2: if (2*z + 1 == x) 3:ERROR; x :=3 x :=2 2*z+1 ==x Concrete State x  0, z  17x  0, z  z 0 Symbolic State Path Constraint + Postponed Set x  2, z  17x  2, z  z 0 x  3, z  17x  3, z  z 0 x  3, z  17x  3, z  z 0 { } 2*z 0 +1!=3 { t 1,t 2 }

70 jCUTE Example z = input(); Thread t 1 : 1: x := 3 Thread t 2 : 1: x := 2 2: if (2*z + 1 == x) 3:ERROR; x :=3 x :=2 2*z+1 ==x Concrete State x  0, z  17x  0, z  z 0 Symbolic State Path Constraint + Postponed Set x  2, z  17x  2, z  z 0 x  3, z  17x  3, z  z 0 x  3, z  17x  3, z  z 0 { } 2*z 0 +1!=3 Backtrack Here Solve: 2*z 0 +1=3 Solution: z = 1 { t 1,t 2 }

71 jCUTE Example z = input(); Thread t 1 : 1: x := 3 Thread t 2 : 1: x := 2 2: if (2*z + 1 == x) 3:ERROR; Concrete State x  0, z  1x  0, z  z 0 Symbolic State Path Constraint + Postponed Set { } { t 1,t 2 }

72 jCUTE Example z = input(); Thread t 1 : 1: x := 3 Thread t 2 : 1: x := 2 2: if (2*z + 1 == x) 3:ERROR; x :=3 x :=2 2*z+1 ==x Concrete State x  0, z  1x  0, z  z 0 Symbolic State Path Constraint + Postponed Set x  2, z  1x  2, z  z 0 x  3, z  1x  3, z  z 0 x  3, z  1x  3, z  z 0 { } 2*z 0 +1=3 { t 1,t 2 } ERROR { }

73 jCUTE Example z = input(); Thread t 1 : 1: x := 3 Thread t 2 : 1: x := 2 2: if (2*z + 1 == x) 3:ERROR; x :=3 x :=2 2*z+1 ==x Concrete State x  0, z  1x  0, z  z 0 Symbolic State Path Constraint + Postponed Set x  2, z  1x  2, z  z 0 x  3, z  1x  3, z  z 0 x  3, z  1x  3, z  z 0 { } 2*z 0 +1=3 { t 1,t 2 } ERROR { } Nothing to Backtrack

74 Race Detection Dynamic Vector Clock Algorithm [FSE’03,TACAS’04] Vector clock V : Threads ! Nat V i be vector clock for each thread t i. V x a and V x w vector clocks for each shared variable x. Algorithm: 1. if e i k is a shared memory access, then V i [i] à V i [i] + 1 2. if e i k is a read of a variable x then V i à max{V i,V x w } V x a à max{V x a,V i } 3. if e i k is a write of a variable x then V x w à V x a à V i à max{V x a,V i } Lemma: For any two events e ¹ e’ iff V e · V e’

75 Race Flipping: Hijack Thread Scheduler Ensure that only one thread is executing Create a tester thread (t sched ) Associate a semaphore sem(t) with each thread t Before any shared memory access by t  release control to the tester thread V(sem(t sched )); P(sem(t)); Tester thread schedules a thread t V(sem(t)); P(sem(t sched ));

76 jCUTE jCUTE can test multi-threaded Java programs URL: http://osl.cs.uiuc.edu/~ksen/cute/ Next generation testing tools  Combines Testing and Model-Checking jCUTE supports generation of JUnit test cases The tools also support replay of a buggy execution

77 Sun Microsystem’s JDK 1.4 Library java.util package provides thread-safe data-structure classes  LinkedList, ArrayList, HashSet, TeeMap, etc. Widely used Found previously undocumented concurrency related problems  Data race, Infinite Loop, Uncaught Exceptions, and Deadlocks List l1 = Collections.synchronizedList(new LinkedList()); List l2 = Collections.synchronizedList(new LinkedList()); l1.add(null); l2.add(null); // Create two threads // let thread 1 run l1.clear(); // let thread 2 run l2.containsAll(l1) ;

78 Name Runtime in seconds # of Paths # of Threads % Branch Coverage # of Functions Tested # of Bugs Found data races+ deadlocks+ infinite loops+ exceptions Vector551920000576.38161+9+0+2 ArrayList681120000575.00163+9+0+3 LinkedList440111523582.05153+3+1+1 LinkedHash Set 730320000567.39203+9+0+2 TreeSet733320000554.93264+9+0+2 HashSet744920000569.562019+9+0+2 Sun Microsystem’s JDK 1.4 Library

79 Honeywell’s DEOS real-time scheduling kernel Operating system developed for use in small business aircraft  jCUTE found the subtle time-partitioning error in < 1 minute Java Pathfinder from NASA Ames ran out of memory on the original program  Had to test manually created abstraction  Took 11 minutes to discover the same error in the abstraction

Download ppt "CS265: Dynamic Partial Order Reduction Koushik Sen UC Berkeley."

Similar presentations

POPL'05: Dynamic Partial-Order ReductionCormac Flanagan1 Dynamic Partial-Order Reduction for Model Checking Software Cormac Flanagan UC Santa Cruz Patrice.

POPL'05: Dynamic Partial-Order ReductionCormac Flanagan1 Dynamic Partial-Order Reduction for Model Checking Software Cormac Flanagan UC Santa Cruz Patrice.
Cristian Cadar, Peter Boonstoppel, Dawson Engler RWset: Attacking Path Explosion in Constraint-Based Test Generation TACAS 2008, Budapest, Hungary ETAPS.

Cristian Cadar, Peter Boonstoppel, Dawson Engler RWset: Attacking Path Explosion in Constraint-Based Test Generation TACAS 2008, Budapest, Hungary ETAPS.
Distributed Snapshots: Determining Global States of Distributed Systems - K. Mani Chandy and Leslie Lamport.

Distributed Snapshots: Determining Global States of Distributed Systems - K. Mani Chandy and Leslie Lamport.
Openflow App Testing Chao SHI, Stephen Duraski. Motivation Network is still a complex stuff ! o Distributed mechanism o Complex protocol o Large state.

Openflow App Testing Chao SHI, Stephen Duraski. Motivation Network is still a complex stuff ! o Distributed mechanism o Complex protocol o Large state.
Symbolic Execution with Mixed Concrete-Symbolic Solving

Symbolic Execution with Mixed Concrete-Symbolic Solving
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
Partial Order Reduction: Main Idea

Partial Order Reduction: Main Idea
Model Checking Concurrent Software Shaz Qadeer Microsoft Research.

Model Checking Concurrent Software Shaz Qadeer Microsoft Research.
The complexity of predicting atomicity violations Azadeh Farzan Univ of Toronto P. Madhusudan Univ of Illinois at Urbana Champaign.

The complexity of predicting atomicity violations Azadeh Farzan Univ of Toronto P. Madhusudan Univ of Illinois at Urbana Champaign.
Effective Static Deadlock Detection

Effective Static Deadlock Detection
1 Chao Wang, Yu Yang*, Aarti Gupta, and Ganesh Gopalakrishnan* NEC Laboratories America, Princeton, NJ * University of Utah, Salt Lake City, UT Dynamic.

1 Chao Wang, Yu Yang*, Aarti Gupta, and Ganesh Gopalakrishnan* NEC Laboratories America, Princeton, NJ * University of Utah, Salt Lake City, UT Dynamic.
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
A Randomized Dynamic Program Analysis for Detecting Real Deadlocks Koushik Sen CS 265.

A Randomized Dynamic Program Analysis for Detecting Real Deadlocks Koushik Sen CS 265.
1 Symbolic Execution for Model Checking and Testing Corina Păsăreanu (Kestrel) Joint work with Sarfraz Khurshid (MIT) and Willem Visser (RIACS)

1 Symbolic Execution for Model Checking and Testing Corina Păsăreanu (Kestrel) Joint work with Sarfraz Khurshid (MIT) and Willem Visser (RIACS)
D u k e S y s t e m s Time, clocks, and consistency and the JMM Jeff Chase Duke University.

D u k e S y s t e m s Time, clocks, and consistency and the JMM Jeff Chase Duke University.
1 Partial Order Reduction. 2 Basic idea P1P1 P2P2 P3P3 a1a1 a2a2 a3a3 a1a1 a1a1 a2a2 a2a2 a2a2 a2a2 a3a3 a3a3 a3a3 a3a3 a1a1 a1a1 3 independent processes.

1 Partial Order Reduction. 2 Basic idea P1P1 P2P2 P3P3 a1a1 a2a2 a3a3 a1a1 a1a1 a2a2 a2a2 a2a2 a2a2 a3a3 a3a3 a3a3 a3a3 a1a1 a1a1 3 independent processes.
Background for “KISS: Keep It Simple and Sequential” cs264 Ras Bodik spring 2005.

Background for “KISS: Keep It Simple and Sequential” cs264 Ras Bodik spring 2005.
Iterative Context Bounding for Systematic Testing of Multithreaded Programs Madan Musuvathi Shaz Qadeer Microsoft Research.

Iterative Context Bounding for Systematic Testing of Multithreaded Programs Madan Musuvathi Shaz Qadeer Microsoft Research.
Hybrid Concolic Testing Rupak Majumdar Koushik Sen UC Los Angeles UC Berkeley.

Hybrid Concolic Testing Rupak Majumdar Koushik Sen UC Los Angeles UC Berkeley.
Dynamic Symbolic Execution CS 8803 FPL Oct 31, 2012 (Slides adapted from Koushik Sen) 1.

Dynamic Symbolic Execution CS 8803 FPL Oct 31, 2012 (Slides adapted from Koushik Sen) 1.

Similar presentations

Ads by Google