Runtime Model Checking of Multithreaded C / C + + Programs

We present inspect, a tool for model checking safety properties of multithreaded C/C++ programs where threads interact through shared variables and synchronization primitives. The given program is mechanically transformed into an instrumented version that yields control to a centralized scheduler around each such interaction. The scheduler first enables an arbitrary execution. It then explores alternative interleavings of the program. It avoids redundancy exploration through dynamic partial order reduction(DPOR) [1]. Our initial experience shows that inspect is effective in testing and debugging multithreaded C/C++ programs. We are not aware of DPOR having been implemented in such a setting. With inspect, we have been able to find many bugs in real applications.

[1]  Florence Maraninchi,et al.  Automatic Generation of Schedulings for Improving the Test Coverage of Systems-on-a-Chip , 2006, 2006 Formal Methods in Computer Aided Design.

[2]  Serdar Tasiran,et al.  Goldilocks: Efficiently Computing the Happens-Before Relation Using Locksets , 2006, FATES/RV.

[3]  Jeffrey S. Foster,et al.  LOCKSMITH: context-sensitive correlation analysis for race detection , 2006, PLDI '06.

[4]  Richard H. Carver,et al.  Reachability testing of concurrent programs , 2006, IEEE Transactions on Software Engineering.

[5]  Gul Agha,et al.  Concolic Testing of Multithreaded Programs and Its Application to Testing Security Protocols , 2006 .

[6]  Patrice Godefroid,et al.  Dynamic partial-order reduction for model checking software , 2005, POPL '05.

[7]  Jakob Rehof,et al.  Zing: A Model Checker for Concurrent Software , 2004, CAV.

[8]  Thomas A. Henzinger,et al.  Race checking by context inference , 2004, PLDI '04.

[9]  Alex Groce,et al.  Modular verification of software components in C , 2003, 25th International Conference on Software Engineering, 2003. Proceedings..

[10]  Dawson R. Engler,et al.  RacerX: effective, static detection of race conditions and deadlocks , 2003, SOSP '03.

[11]  Nicholas Nethercote,et al.  Valgrind: A Program Supervision Framework , 2003, RV@CAV.

[12]  Gerard J. Holzmann,et al.  The SPIN Model Checker , 2003 .

[13]  Gerard J. Holzmann,et al.  The SPIN Model Checker - primer and reference manual , 2003 .

[14]  Matthew B. Dwyer,et al.  Bogor: an extensible and highly-modular software model checking framework , 2003, ESEC/FSE-11.

[15]  Eitan Farchi,et al.  Framework for testing multi‐threaded Java programs , 2003, Concurr. Comput. Pract. Exp..

[16]  Dawson R. Engler,et al.  Proceedings of the 5th Symposium on Operating Systems Design and Implementation Cmc: a Pragmatic Approach to Model Checking Real Code , 2022 .

[17]  Greg Nelson,et al.  Extended static checking for Java , 2002, PLDI '02.

[18]  Jong-Deok Choi,et al.  Efficient and precise datarace detection for multithreaded object-oriented programs , 2002, PLDI '02.

[19]  Martin C. Rinard,et al.  Pointer and escape analysis for multithreaded programs , 2001, PPoPP '01.

[20]  Klaus Havelund,et al.  Model checking programs , 2000, Proceedings ASE 2000. Fifteenth IEEE International Conference on Automated Software Engineering.

[21]  Stephan Merz,et al.  Model Checking , 2000 .

[22]  Michael Burrows,et al.  Eraser: a dynamic data race detector for multi-threaded programs , 1997, TOCS.

[23]  Patrice Godefroid,et al.  Model checking for programming languages using VeriSoft , 1997, POPL '97.

[24]  Patrice Godefroid,et al.  Partial-Order Methods for the Verification of Concurrent Systems , 1996, Lecture Notes in Computer Science.

[25]  David R. Butenhof Programming with POSIX threads , 1993 .