Data Race Detection for Interrupt-Driven Programs via Bounded Model Checking

In Cyber-Physical Systems with interrupt mechanism, interrupts may cause unexpected interleaving executions and even wrong execution results. A kind of frequently occurred errors are caused by data race. We present an approach under the framework of bounded model checking (BMC) to detect data race for interrupt driven programs. The key idea is to automatically serialize a concurrent interrupt driven program as a non-deterministic sequential program, whose possible execution set includes all the possible executions of the interrupt driven program. Moreover, our approach checks data race in the sequential program and collects all the path condition of the data race location. On this basis, we leverage bounded model checking to convert all the path conditions into SMT formulae. Furthermore, our analysis uses a decision procedure to determine whether the formula is satisfiable, from which the analysis eliminates false alarms which can't occur in real concurrent executions. A prototype based on CBMC is implemented and preliminary experimental results are encouraging.

[1]  Armin Biere,et al.  Bounded Model Checking Using Satisfiability Solving , 2001, Formal Methods Syst. Des..

[2]  Thomas A. Henzinger,et al.  Race checking by context inference , 2004, PLDI '04.

[3]  Jakob Rehof,et al.  Context-Bounded Model Checking of Concurrent Software , 2005, TACAS.

[4]  Ofer Strichman,et al.  Bounded model checking , 2003, Adv. Comput..

[5]  Mark N. Wegman,et al.  Efficiently computing static single assignment form and the control dependence graph , 1991, TOPL.

[6]  Daniel Kroening,et al.  A Tool for Checking ANSI-C Programs , 2004, TACAS.

[7]  Helmut Seidl,et al.  Static analysis of interrupt-driven programs synchronized via the priority ceiling protocol , 2011, POPL '11.

[8]  Anna Philippou,et al.  Tools and Algorithms for the Construction and Analysis of Systems , 2018, Lecture Notes in Computer Science.

[9]  Hanspeter Mössenböck,et al.  Single-pass generation of static single-assignment form for structured languages , 1994, TOPL.

[10]  Michael Hicks,et al.  LOCKSMITH: Practical static race detection for C , 2011, TOPL.

[11]  James C. King,et al.  Symbolic execution and program testing , 1976, CACM.

[12]  Alessandro Armando,et al.  Bounded Model Checking of Software Using SMT Solvers Instead of SAT Solvers , 2006, SPIN.

[13]  Jingling Xue,et al.  Acculock: Accurate and efficient detection of data races , 2011, CGO 2011.

[14]  Armin Biere,et al.  High‐level data races , 2003, Softw. Test. Verification Reliab..

[15]  Michael Burrows,et al.  Eraser: a dynamic data race detector for multithreaded programs , 1997, TOCS.

[16]  Bin Gu,et al.  Static Data Race Detection for Interrupt-Driven Embedded Software , 2011, 2011 Fifth International Conference on Secure Software Integration and Reliability Improvement - Companion.

[17]  Varmo Vene,et al.  Goblint : Path-Sensitive Data Race Analysis ? , 2009 .

[18]  Klaus Havelund,et al.  Model checking JAVA programs using JAVA PathFinder , 2000, International Journal on Software Tools for Technology Transfer.