A Practical Approach for Model Checking C/C++11 Code

Writing low-level concurrent software has traditionally required intimate knowledge of the entire toolchain and often has involved coding in assembly. New language standards have extended C and C++ with support for low-level atomic operations and a weak memory model, enabling developers to write portable and efficient multithreaded code. In this article, we present CDSChecker, a tool for exhaustively exploring the behaviors of concurrent code under the C/C++ memory model. We have used CDSChecker to exhaustively unit test concurrent data structure implementations and have discovered errors in a published implementation of a work-stealing queue and a single producer, single consumer queue.

[1]  Susmit Sarkar,et al.  Nitpicking c++ concurrency , 2011, PPDP.

[2]  Yu Yang,et al.  Automatic Discovery of Transition Symmetry in Multithreaded Programs Using Dynamic Analysis , 2009, SPIN.

[3]  Thuan Quang Huynh,et al.  A Memory Model Sensitive Checker for C# , 2006, FM.

[4]  Hans-Juergen Boehm,et al.  Outlawing ghosts: avoiding out-of-thin-air results , 2014, MSPC@PLDI.

[5]  Viktor Vafeiadis,et al.  Common Compiler Optimisations are Invalid in the C11 Memory Model and what we can do about it , 2015, POPL.

[6]  Stephen N. Freund,et al.  Adversarial memory for detecting destructive races , 2010, PLDI '10.

[7]  Eran Yahav,et al.  Partial-coherence abstractions for relaxed memory models , 2011, PLDI '11.

[8]  Gerard J. Holzmann,et al.  The SPIN Model Checker - primer and reference manual , 2003 .

[9]  Patrice Godefroid,et al.  Model checking for programming languages using VeriSoft , 1997, POPL '97.

[10]  Nir Shavit Data structures in the multicore age , 2011, CACM.

[11]  Brian Demsky,et al.  CDSchecker: checking concurrent data structures written with C/C++ atomics , 2013, OOPSLA.

[12]  Satish Narayanasamy,et al.  A case for an SC-preserving compiler , 2011, PLDI '11.

[13]  Alexey Gotsman,et al.  Library abstraction for C/C++ concurrency , 2013, POPL.

[14]  Michael L. Scott,et al.  Synchronization without contention , 1991, ASPLOS IV.

[15]  Brandon Lucia,et al.  Conflict exceptions: simplifying concurrent language semantics with precise hardware exceptions for data-races , 2010, ISCA.

[16]  Yu Yang,et al.  Efficient Stateful Dynamic Partial Order Reduction , 2008, SPIN.

[17]  Hans-Juergen Boehm,et al.  Foundations of the C++ concurrency memory model , 2008, PLDI '08.

[18]  Bengt Jonsson State-space exploration for concurrent algorithms under weak memory orderings: (preliminary version) , 2009, CARN.

[19]  Serdar Tasiran,et al.  Goldilocks: a race and transaction-aware java runtime , 2007, PLDI '07.

[20]  Albert Cohen,et al.  Correct and efficient work-stealing for weak memory models , 2013, PPoPP '13.

[21]  Peter Sewell,et al.  Mathematizing C++ concurrency , 2011, POPL '11.

[22]  Patrice Godefroid,et al.  Dynamic partial-order reduction for model checking software , 2005, POPL '05.

[23]  Michael Burrows,et al.  Eraser: a dynamic data race detector for multithreaded programs , 1997, TOCS.

[24]  Maged M. Michael,et al.  Simple, fast, and practical non-blocking and blocking concurrent queue algorithms , 1996, PODC '96.

[25]  Sartaj Sahni,et al.  Handbook of Data Structures and Applications , 2004 .

[26]  Sebastian Burckhardt,et al.  Line-up: a complete and automatic linearizability checker , 2010, PLDI '10.

[27]  Leslie Lamport,et al.  Time, clocks, and the ordering of events in a distributed system , 1978, CACM.

[28]  Patrice Godefroid,et al.  Partial-Order Methods for the Verification of Concurrent Systems , 1996, Lecture Notes in Computer Science.

[29]  Dawson R. Engler,et al.  RacerX: effective, static detection of race conditions and deadlocks , 2003, SOSP '03.

[30]  Hans-Juergen Boehm Can seqlocks get along with programming language memory models? , 2012, MSPC '12.

[31]  Eran Yahav,et al.  Automatic inference of memory fences , 2010, Formal Methods in Computer Aided Design.

[32]  Stephen N. Freund,et al.  FastTrack: efficient and precise dynamic race detection , 2009, PLDI '09.

[33]  Deepak D'Souza,et al.  Java memory model aware software validation , 2008, PASTE '08.

[34]  Yu Yang,et al.  Dynamic Model Checking with Property Driven Pruning to Detect Race Conditions , 2008, ATVA.

[35]  David L. Dill,et al.  An Executable Specification and Verifier for Relaxed Memory Order , 1999, IEEE Trans. Computers.

[36]  Viktor Vafeiadis,et al.  Relaxed separation logic: a program logic for C11 concurrency , 2013, OOPSLA.

[37]  Thomas Ball,et al.  Finding and Reproducing Heisenbugs in Concurrent Programs , 2008, OSDI.