Source Sets

Stateless model checking is a powerful method for program verification that, however, suffers from an exponential growth in the number of explored executions. A successful technique for reducing this number, while still maintaining complete coverage, is Dynamic Partial Order Reduction (DPOR), an algorithm originally introduced by Flanagan and Godefroid in 2005 and since then not only used as a point of reference but also extended by various researchers. In this article, we present a new DPOR algorithm, which is the first to be provably optimal in that it always explores the minimal number of executions. It is based on a novel class of sets, called source sets, that replace the role of persistent sets in previous algorithms. We begin by showing how to modify the original DPOR algorithm to work with source sets, resulting in an efficient and simple-to-implement algorithm, called source-DPOR. Subsequently, we enhance this algorithm with a novel mechanism, called wakeup trees, that allows the resulting algorithm, called optimal-DPOR, to achieve optimality. Both algorithms are then extended to computational models where processes may disable each other, for example, via locks. Finally, we discuss tradeoffs of the source- and optimal-DPOR algorithm and present programs that illustrate significant time and space performance differences between them. We have implemented both algorithms in a publicly available stateless model checking tool for Erlang programs, while the source-DPOR algorithm is at the core of a publicly available stateless model checking tool for C/pthread programs running on machines with relaxed memory models. Experiments show that source sets significantly increase the performance of stateless model checking compared to using the original DPOR algorithm and that wakeup trees incur only a small overhead in both time and space in practice.

[1]  Konstantinos Sagonas,et al.  On Using Erlang for Parallelization - Experience from Parallelizing Dialyzer , 2012, Trends in Functional Programming.

[2]  Grigore Rosu,et al.  Maximal Causal Models for Sequentially Consistent Systems , 2012, RV.

[3]  Wolfgang Reisig,et al.  Petri Nets: Applications and Relationships to Other Models of Concurrency , 1986, Lecture Notes in Computer Science.

[4]  Antti Valmari,et al.  Stubborn sets for reduced state space generation , 1991, Applications and Theory of Petri Nets.

[5]  Madan Musuvathi,et al.  Iterative context bounding for systematic testing of multithreaded programs , 2007, PLDI '07.

[6]  Thomas Ball,et al.  Finding and Reproducing Heisenbugs in Concurrent Programs , 2008, OSDI.

[7]  Darko Marinov,et al.  Evaluating Ordering Heuristics for Dynamic Partial-Order Reduction Techniques , 2010, FASE.

[8]  Doron A. Peled,et al.  Defining Conditional Independence Using Collapses , 1992, Theor. Comput. Sci..

[9]  Kenneth L. McMillan,et al.  A technique of state space search based on unfolding , 1995, Formal Methods Syst. Des..

[10]  Patrice Godefroid,et al.  Dynamic partial-order reduction for model checking software , 2005, POPL '05.

[11]  Arend Rensink,et al.  Dynamic Partial Order Reduction Using Probe Sets , 2008, CONCUR.

[12]  Keijo Heljanko,et al.  Improving Dynamic Partial Order Reductions for Concolic Testing , 2012, 2012 12th International Conference on Application of Concurrency to System Design.

[13]  Koushik Sen,et al.  A Race-Detection and Flipping Algorithm for Automated Testing of Multi-threaded Programs , 2006, Haifa Verification Conference.

[14]  Edmund M. Clarke,et al.  State space reduction using partial order techniques , 1999, International Journal on Software Tools for Technology Transfer.

[15]  Patrice Godefroid,et al.  Partial-Order Methods for the Verification of Concurrent Systems , 1996, Lecture Notes in Computer Science.

[16]  Gerard J. Holzmann,et al.  State-space caching revisited , 1992, Formal Methods Syst. Des..

[17]  Daniel Kroening,et al.  Unfolding-based Partial Order Reduction , 2015, CONCUR.

[18]  Axel Legay,et al.  TransDPOR: A Novel Dynamic Partial-Order Reduction Technique for Testing Actor Programs , 2012, FMOODS/FORTE.

[19]  Sarfraz Khurshid,et al.  Generalized Symbolic Execution for Model Checking and Testing , 2003, TACAS.

[20]  Joseph Sifakis,et al.  Specification and verification of concurrent systems in CESAR , 1982, Symposium on Programming.

[21]  Patrick Lam,et al.  SATCheck: SAT-directed stateless model checking for SC and TSO , 2015, OOPSLA.

[22]  Leslie Lamport,et al.  Time, clocks, and the ordering of events in a distributed system , 1978, CACM.

[23]  Alkis Gotovos,et al.  Systematic Testing for Detecting Concurrency Errors in Erlang Programs , 2013, 2013 IEEE Sixth International Conference on Software Testing, Verification and Validation.

[24]  Pierre Wolper,et al.  Using partial orders for the efficient verification of deadlock freedom and safety properties , 1991, Formal Methods Syst. Des..

[25]  Konstantinos Sagonas,et al.  Stateless model checking of the Linux kernel's hierarchical read-copy-update (tree RCU) , 2017, SPIN.

[26]  A. Prasad Sistla,et al.  Automatic verification of finite state concurrent system using temporal logic specifications: a practical approach , 1983, POPL '83.

[27]  Parosh Aziz Abdulla,et al.  Stateless Model Checking for TSO and PSO , 2015, TACAS.

[28]  Doron A. Peled,et al.  All from One, One for All: on Model Checking Using Representatives , 1993, CAV.

[29]  Friedemann Mattern,et al.  Virtual Time and Global States of Distributed Systems , 2002 .

[30]  Zvonimir Rakamaric,et al.  Delay-bounded scheduling , 2011, POPL '11.

[31]  Antti Valmari,et al.  Stubborn sets for reduced state generation , 1991 .

[32]  Koushik Sen,et al.  Automated Systematic Testing of Open Distributed Programs , 2006, FASE.

[33]  Anca Muscholl,et al.  Trace Theory , 2011, Encyclopedia of Parallel Computing.

[34]  Joe aRmstRonG,et al.  Erlang , 2010, Commun. ACM.

[35]  Patrice Godefroid,et al.  Software Model Checking: The VeriSoft Approach , 2005, Formal Methods Syst. Des..

[36]  Patrice Godefroid,et al.  Model checking for programming languages using VeriSoft , 1997, POPL '97.

[37]  Chao Wang,et al.  Monotonic Partial Order Reduction: An Optimal Symbolic Partial Order Reduction Technique , 2009, CAV.

[38]  Richard H. Carver,et al.  Reachability testing of concurrent programs , 2006, IEEE Transactions on Software Engineering.

[39]  Peter Norvig,et al.  Artificial Intelligence: A Modern Approach , 1995 .

[40]  Jeff Huang,et al.  Stateless model checking concurrent programs with maximal causality reduction , 2015, PLDI.

[41]  Keijo Heljanko,et al.  Using unfoldings in automated testing of multithreaded programs , 2012, 2012 Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering.

[42]  Patrice Godefroid,et al.  Refining Dependencies Improves Partial-Order Verification Methods (Extended Abstract) , 1993, CAV.