Optimal stateless model checking under the release-acquire semantics

We present a framework for the efficient application of stateless model checking (SMC) to concurrent programs running under the Release-Acquire (RA) fragment of the C/C++11 memory model. Our approach is based on exploring the possible program orders, which define the order in which instructions of a thread are executed, and read-from relations, which specify how reads obtain their values from writes. This is in contrast to previous approaches, which also explore the possible coherence orders, i.e., orderings between conflicting writes. Since unexpected test results such as program crashes or assertion violations depend only on the read-from relation, we avoid a potentially significant source of redundancy. Our framework is based on a novel technique for determining whether a particular read-from relation is feasible under the RA semantics. We define an SMC algorithm which is provably optimal in the sense that it explores each program order and read-from relation exactly once. This optimality result is strictly stronger than previous analogous optimality results, which also take coherence order into account. We have implemented our framework in the tool Tracer. Experiments show that Tracer can be significantly faster than state-of-the-art tools that can handle the RA semantics.

[1]  Patrice Godefroid,et al.  Model checking for programming languages using VeriSoft , 1997, POPL '97.

[2]  Daniel Kroening,et al.  Software Verification for Weak Memory via Program Transformation , 2012, ESOP.

[3]  Daniel Kroening,et al.  Partial Orders for Efficient Bounded Model Checking of Concurrent Software , 2013, CAV.

[4]  Edmund M. Clarke,et al.  State space reduction using partial order techniques , 1999, International Journal on Software Tools for Technology Transfer.

[5]  Dennis Shasha,et al.  Efficient and correct execution of parallel programs that share memory , 1988, TOPL.

[6]  Ori Lahav,et al.  Strong Logic for Weak Memory: Reasoning About Release-Acquire Consistency in Iris , 2017, ECOOP.

[7]  Parosh Aziz Abdulla,et al.  The Benefits of Duality in Verifying Concurrent Programs under TSO , 2017, CONCUR.

[8]  Antoni W. Mazurkiewicz,et al.  Trace Theory , 1986, Advances in Petri Nets.

[9]  Pedro Ramalhete,et al.  Tidex: a mutual exclusion lock , 2016, PPOPP.

[10]  Michael L. Scott,et al.  Algorithms for scalable synchronization on shared-memory multiprocessors , 1991, TOCS.

[11]  Koushik Sen,et al.  Testing concurrent programs on relaxed memory models , 2011, ISSTA '11.

[12]  Krishnendu Chatterjee,et al.  Data-centric dynamic partial order reduction , 2016, Proc. ACM Program. Lang..

[13]  Jeff Huang,et al.  Maximal causality reduction for TSO and PSO , 2016, OOPSLA.

[14]  Konstantinos Sagonas,et al.  Stateless model checking of the Linux kernel's hierarchical read-copy-update (tree RCU) , 2017, SPIN.

[15]  Patrice Godefroid,et al.  Software Model Checking: The VeriSoft Approach , 2005, Formal Methods Syst. Des..

[16]  Daniel Kroening,et al.  Unfolding-based Partial Order Reduction , 2015, CONCUR.

[17]  Ori Lahav,et al.  Effective stateless model checking for C/C++ concurrency , 2017, Proc. ACM Program. Lang..

[18]  Robert S. Hanmer,et al.  Model checking without a model: an analysis of the heart-beat monitor of a telephone switch using VeriSoft , 1998, ISSTA '98.

[19]  Abraham Silberschatz,et al.  Operating System Concepts , 1983 .

[20]  Emina Torlak,et al.  MemSAT: checking axiomatic specifications of memory models , 2010, PLDI '10.

[21]  Parosh Aziz Abdulla,et al.  Stateless Model Checking for POWER , 2016, CAV.

[22]  Parosh Aziz Abdulla,et al.  Stateless Model Checking for TSO and PSO , 2015, TACAS.

[23]  Doron A. Peled,et al.  All from One, One for All: on Model Checking Using Representatives , 1993, CAV.

[24]  Jade Alglave,et al.  Herding cats: modelling, simulation, testing, and data-mining for weak memory , 2014, PLDI 2014.

[25]  Patrice Godefroid,et al.  Partial-Order Methods for the Verification of Concurrent Systems , 1996, Lecture Notes in Computer Science.

[26]  Parosh Aziz Abdulla,et al.  Context-Bounded Analysis for POWER , 2017, TACAS.

[27]  Sebastian Burckhardt,et al.  Effective Program Verification for Relaxed Memory Models , 2008, CAV.

[28]  Parosh Aziz Abdulla,et al.  Optimal dynamic partial order reduction , 2014, POPL.

[29]  Patrick Lam,et al.  SATCheck: SAT-directed stateless model checking for SC and TSO , 2015, OOPSLA.

[30]  Alkis Gotovos,et al.  Systematic Testing for Detecting Concurrency Errors in Erlang Programs , 2013, 2013 IEEE Sixth International Conference on Software Testing, Verification and Validation.

[31]  Jade Alglave,et al.  Understanding POWER multiprocessors , 2011, PLDI '11.

[32]  Thomas Ball,et al.  Finding and Reproducing Heisenbugs in Concurrent Programs , 2008, OSDI.

[33]  Patrice Godefroid,et al.  Dynamic partial-order reduction for model checking software , 2005, POPL '05.

[34]  Keijo Heljanko,et al.  Improving Dynamic Partial Order Reductions for Concolic Testing , 2012, 2012 12th International Conference on Application of Concurrency to System Design.

[35]  Xin-She Yang,et al.  Introduction to Algorithms , 2021, Nature-Inspired Optimization Algorithms.

[36]  Koushik Sen,et al.  A Race-Detection and Flipping Algorithm for Automated Testing of Multi-threaded Programs , 2006, Haifa Verification Conference.

[37]  Peter Thiemann Programming Languages and Systems , 2016 .

[38]  Sebastian Burckhardt,et al.  On the verification problem for weak memory models , 2010, POPL '10.

[39]  Parosh Aziz Abdulla,et al.  The Best of Both Worlds: Trading Efficiency and Optimality in Fence Insertion for TSO , 2015, ESOP.

[40]  Jeff Huang,et al.  Stateless model checking concurrent programs with maximal causality reduction , 2015, PLDI.

[41]  Brian Demsky,et al.  A Practical Approach for Model Checking C/C++11 Code , 2016, TOPL.

[42]  Feng Liu,et al.  Dynamic synthesis for relaxed memory models , 2012, PLDI.

[43]  Chao Wang,et al.  Dynamic partial order reduction for relaxed memory models , 2015, PLDI.

[44]  Antti Valmari,et al.  Stubborn sets for reduced state space generation , 1991, Applications and Theory of Petri Nets.

[45]  Eran Yahav,et al.  Partial-coherence abstractions for relaxed memory models , 2011, PLDI '11.

[46]  Ori Lahav,et al.  Taming release-acquire consistency , 2016, POPL.

[47]  Stephen N. Freund,et al.  Adversarial memory for detecting destructive races , 2010, PLDI '10.

[48]  Dirk Beyer,et al.  Competition on Software Verification - (SV-COMP) , 2012, TACAS.

[49]  Sebastian Burckhardt,et al.  CheckFence: checking consistency of concurrent data types on relaxed memory models , 2007, PLDI '07.

[50]  Erik Hagersten,et al.  Queue locks on cache coherent multiprocessors , 1994, Proceedings of 8th International Parallel Processing Symposium.