Path-Sensitive Race Detection with Partial Order Reduced Symbolic Execution

This paper presents a combination of symbolic execution and partial order reduction to achieve path-sensitive race detection. The presented approach limits the complexity of symbolic execution of multi-threaded code by applying it with a fixed scheduling algorithm only. Alternative thread interleavings are generated from fixed-scheduling ones with ample set partial order reduction on an abstraction level of thread interactions. Races are detected on the abstraction level. The proposed algorithm is implemented as plug-in extension of Eclipse CDT and evaluated by running it on the race condition test cases from the Juliet suite.

[1]  Robert A. Martin Being Explicit About Security Weaknesses , 2007 .

[2]  Michael Burrows,et al.  Eraser: a dynamic data race detector for multithreaded programs , 1997, TOCS.

[3]  Zhiqiang Ma,et al.  A theory of data race detection , 2006, PADTAD '06.

[4]  Chao Wang,et al.  Monotonic Partial Order Reduction: An Optimal Symbolic Partial Order Reduction Technique , 2009, CAV.

[5]  Stephen N. Freund,et al.  FastTrack: efficient and precise dynamic race detection , 2009, PLDI '09.

[6]  Jakob Rehof,et al.  Context-Bounded Model Checking of Concurrent Software , 2005, TACAS.

[7]  Clark W. Barrett,et al.  The SMT-LIB Standard Version 2.0 , 2010 .

[8]  Ralph Johnson,et al.  design patterns elements of reusable object oriented software , 2019 .

[9]  Edmund M. Clarke,et al.  State space reduction using partial order techniques , 1999, International Journal on Software Tools for Technology Transfer.

[10]  Andreas Ibing,et al.  Parallel SMT-Constrained Symbolic Execution for Eclipse CDT/Codan , 2013, ICTSS.

[11]  Sarfraz Khurshid,et al.  Symbolic execution for software testing in practice: preliminary assessment , 2011, 2011 33rd International Conference on Software Engineering (ICSE).

[12]  Lucas C. Cordeiro,et al.  SMT-based bounded model checking for multi-threaded software in embedded systems , 2010, 2010 ACM/IEEE 32nd International Conference on Software Engineering.

[13]  Orna Grumberg,et al.  Bounded Model Checking of Concurrent Programs , 2005, CAV.

[14]  James C. King,et al.  Symbolic execution and program testing , 1976, CACM.

[15]  Martín Abadi,et al.  Types for safe locking: Static race detection for Java , 2006, TOPL.

[16]  Hüsnü Yenigün,et al.  Testing Software and Systems , 2015, Lecture Notes in Computer Science.

[17]  Leslie Lamport,et al.  Time, clocks, and the ordering of events in a distributed system , 1978, CACM.

[18]  Rajeev Alur,et al.  A Temporal Logic of Nested Calls and Returns , 2004, TACAS.

[19]  Corina S. Pasareanu,et al.  A survey of new trends in symbolic execution for software testing and analysis , 2009, International Journal on Software Tools for Technology Transfer.

[20]  Shan Lu,et al.  A study of interleaving coverage criteria , 2007, ESEC-FSE companion '07.

[21]  Sorin Lerner,et al.  RELAY: static race detection on millions of lines of code , 2007, ESEC-FSE '07.

[22]  Alexander Aiken,et al.  Effective static race detection for Java , 2006, PLDI '06.

[23]  Nikolaj Bjørner,et al.  Satisfiability modulo theories , 2011, Commun. ACM.

[24]  Doron A. Peled Combining Partial Order Reductions with On-the-fly Model-Checking , 1994, CAV.