Semantic Reduction of Thread Interleavings in Concurrent Programs

We propose a static analysis framework for concurrent programs based on reduction of thread interleavings using sound invariants on the top of partial order techniques. Starting from a product graph that represents transactions, we iteratively refine the graph to remove statically unreachable nodes in the product graph using the results of these analyses. We use abstract interpretation to automatically derive program invariants, based on abstract domains of increasing precision. We demonstrate the benefits of this framework in an application to find data race bugs in concurrent programs, where our static analyses serve to reduce the number of false warnings captured by an initial lockset analysis. This framework also facilitates use of model checking on the remaining warnings to generate concrete error traces, where we leverage the preceding static analyses to generate small program slices and the derived invariants to improve scalability. We describe our experimental results on a suite of Linux device drivers.

[1]  Rajeev Alur,et al.  A Temporal Logic of Nested Calls and Returns , 2004, TACAS.

[2]  Tayssir Touili,et al.  Interprocedural Analysis of Concurrent Programs Under a Context Bound , 2008, TACAS.

[3]  Patrice Godefroid,et al.  Partial-Order Methods for the Verification of Concurrent Systems , 1996, Lecture Notes in Computer Science.

[4]  Edmund M. Clarke,et al.  Design and Synthesis of Synchronization Skeletons Using Branching-Time Temporal Logic , 1981, Logic of Programs.

[5]  Marsha Chechik,et al.  CONCUR 2008 - Concurrency Theory, 19th International Conference, CONCUR 2008, Toronto, Canada, August 19-22, 2008. Proceedings , 2008, CONCUR.

[6]  Sriram Sankaranarayanan,et al.  Fast and Accurate Static Data-Race Detection for Concurrent Programs , 2007, CAV.

[7]  Tayssir Touili,et al.  On the Reachability Analysis of Acyclic Networks of Pushdown Systems , 2008, CONCUR.

[8]  Dawson R. Engler,et al.  RacerX: effective, static detection of race conditions and deadlocks , 2003, SOSP '03.

[9]  Thomas W. Reps,et al.  Reducing Concurrent Analysis Under a Context Bound to Sequential Analysis , 2008, CAV.

[10]  Klaus Havelund,et al.  Model checking programs , 2000, Proceedings ASE 2000. Fifteenth IEEE International Conference on Automated Software Engineering.

[11]  Zijiang Yang,et al.  F-Soft: Software Verification Platform , 2005, CAV.

[12]  Alexander Aiken,et al.  Effective static race detection for Java , 2006, PLDI '06.

[13]  Vineet Kahlon,et al.  Symbolic Model Checking of Concurrent Programs Using Partial Orders and On-the-Fly Transactions , 2006, CAV.

[14]  Pierre Deransart,et al.  Programming Languages Implementation and Logic Programming , 1989, Lecture Notes in Computer Science.

[15]  Jan Wen Voung,et al.  Dataflow analysis for concurrent programs using datarace detection , 2008, PLDI '08.

[16]  Jakob Rehof,et al.  Context-Bounded Model Checking of Concurrent Software , 2005, TACAS.

[17]  Jeffrey S. Foster,et al.  LOCKSMITH: context-sensitive correlation analysis for race detection , 2006, PLDI '06.

[18]  Ahmed Bouajjani,et al.  Context-Bounded Analysis of Multithreaded Programs with Dynamic Linked Structures , 2007, CAV.

[19]  Jong-Deok Choi,et al.  Efficient and precise datarace detection for multithreaded object-oriented programs , 2002, PLDI '02.

[20]  Harald Ganzinger,et al.  Programs as Data Objects , 1986, Lecture Notes in Computer Science.

[21]  Antoine Miné,et al.  A New Numerical Abstract Domain Based on Difference-Bound Matrices , 2001, PADO.

[22]  Patrick Cousot,et al.  Static determination of dynamic properties of programs , 1976 .

[23]  Nicolas Halbwachs,et al.  Automatic discovery of linear restraints among variables of a program , 1978, POPL.

[24]  Madan Musuvathi,et al.  Fair stateless model checking , 2008, PLDI '08.

[25]  Nicholas Sterling,et al.  WARLOCK - A Static Data Race Analysis Tool , 1993, USENIX Winter.

[26]  Alexander Aiken,et al.  Conditional must not aliasing for static race detection , 2007, POPL '07.

[27]  Matthew B. Dwyer,et al.  Bandera: extracting finite-state models from Java source code , 2000, Proceedings of the 2000 International Conference on Software Engineering. ICSE 2000 the New Millennium.

[28]  Azadeh Farzan,et al.  Causal Dataflow Analysis for Concurrent Programs , 2007, TACAS.

[29]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[30]  Vineet Kahlon Bootstrapping: a technique for scalable flow and context-sensitive pointer alias analysis , 2008, PLDI '08.

[31]  Patrick Cousot,et al.  Comparing the Galois Connection and Widening/Narrowing Approaches to Abstract Interpretation , 1992, PLILP.