Inspect : A Runtime Model Checker for Multithreaded C Programs

We present Inspect, a runtime model checker for revealing concurrency bugs in multithreaded C programs. Inspect instruments a given program at all global interaction points, and with the help of a new scheduler, examines all relevant thread interleavings under dynamic partial order reduction (DPOR). While the ideas behind Inspect are well known, there hasn’t been a previously reported effort in which these ideas are applied to multithreaded C programs. We report on our engineering efforts to endow Inspect with (i) automatic source program instrumentation, (ii) practical DPOR implementation, and (iii) optimizations such as using locksets to compute more precise co-enabled relation. Our initial experience shows that such a tool can, indeed, be very effective for obtaining a handle on the notorious complexity of thread programming.

[1]  Ken Kennedy,et al.  Fast interprocedual alias analysis , 1989, POPL '89.

[2]  Patrice Godefroid,et al.  Partial-Order Methods for the Verification of Concurrent Systems , 1996, Lecture Notes in Computer Science.

[3]  Michael Burrows,et al.  Eraser: a dynamic data race detector for multi-threaded programs , 1997, TOCS.

[4]  Patrice Godefroid,et al.  Model checking for programming languages using VeriSoft , 1997, POPL '97.

[5]  Klaus Havelund,et al.  Model checking programs , 2000, Proceedings ASE 2000. Fifteenth IEEE International Conference on Automated Software Engineering.

[6]  Stephan Merz,et al.  Model Checking , 2000 .

[7]  Martin C. Rinard,et al.  Pointer and escape analysis for multithreaded programs , 2001, PPoPP '01.

[8]  J. Saxe,et al.  Extended static checking for Java , 2002, PLDI '02.

[9]  Dawson R. Engler,et al.  Proceedings of the 5th Symposium on Operating Systems Design and Implementation Cmc: a Pragmatic Approach to Model Checking Real Code , 2022 .

[10]  Eitan Farchi,et al.  Framework for testing multi‐threaded Java programs , 2003, Concurr. Comput. Pract. Exp..

[11]  Dawson R. Engler,et al.  RacerX: effective, static detection of race conditions and deadlocks , 2003, SOSP '03.

[12]  Nicholas Nethercote,et al.  Valgrind: A Program Supervision Framework , 2003, RV@CAV.

[13]  Matthew B. Dwyer,et al.  Bogor: an extensible and highly-modular software model checking framework , 2003, ESEC/FSE-11.

[14]  Alex Groce,et al.  Modular verification of software components in C , 2003, 25th International Conference on Software Engineering, 2003. Proceedings..

[15]  Thomas A. Henzinger,et al.  Race checking by context inference , 2004, PLDI '04.

[16]  Shin Nakajima,et al.  The SPIN Model Checker : Primer and Reference Manual , 2004 .

[17]  Jakob Rehof,et al.  Zing: A Model Checker for Concurrent Software , 2004, CAV.

[18]  Daniel Kroening,et al.  SATABS: SAT-Based Predicate Abstraction for ANSI-C , 2005, TACAS.

[19]  Patrice Godefroid,et al.  Dynamic partial-order reduction for model checking software , 2005, POPL '05.

[20]  Mahesh Viswanathan,et al.  Model Checking Multithreaded Programs with Asynchronous Atomic Methods , 2006, CAV.

[21]  Florence Maraninchi,et al.  Automatic Generation of Schedulings for Improving the Test Coverage of Systems-on-a-Chip , 2006, 2006 Formal Methods in Computer Aided Design.

[22]  Serdar Tasiran,et al.  Goldilocks: Efficiently Computing the Happens-Before Relation Using Locksets , 2006, FATES/RV.

[23]  Edward A. Lee The problem with threads , 2006, Computer.

[24]  Richard H. Carver,et al.  Reachability testing of concurrent programs , 2006, IEEE Transactions on Software Engineering.

[25]  Jeffrey S. Foster,et al.  LOCKSMITH: context-sensitive correlation analysis for race detection , 2006, PLDI '06.