A Modular Checker for Multithreaded Programs

Designing multithreaded software systems is prone to errors due to the difficulty of reasoning about multiple interleaved threads of control operating on shared data. Static checking, with the potential to analyze the program's behavior over all execution paths and for all thread interleavings, is a powerful debugging tool. We have built a scalable and expressive static checker called Calvin for multithreaded programs. To handle realistic programs, Calvin performs modular checking of each procedure called by a thread using specifications of other procedures and other threads. The checker leverages off existing sequential program verification techniques based on automatic theorem proving. To evaluate the checker, we have applied it to several real-world programs. Our experience indicates that Calvin has a moderate annotation overhead and can catch defects in multithreaded programs, including synchronization errors and violation of data invariants.

[1]  Sagar Chaki,et al.  Parameterized Verification of Multithreaded Software Libraries , 2001, TACAS.

[2]  David Gay,et al.  Barrier inference , 1998, POPL '98.

[3]  Nicholas Sterling,et al.  WARLOCK - A Static Data Race Analysis Tool , 1993, USENIX Winter.

[4]  Matthew B. Dwyer,et al.  Tool-supported program abstraction for finite-state verification , 2001, Proceedings of the 23rd International Conference on Software Engineering. ICSE 2001.

[5]  Leslie Lamport,et al.  Specifying Concurrent Program Modules , 1983, TOPL.

[6]  Charles Gregory Nelson,et al.  Techniques for program verification , 1979 .

[7]  K. Rustan M. Leino,et al.  Checking Java Programs via Guarded Commands , 1999, ECOOP Workshops.

[8]  Mark Lillibridge,et al.  Extended static checking for Java , 2002, PLDI '02.

[9]  Stephen N. Freund,et al.  Type-based race detection for Java , 2000, PLDI '00.

[10]  Reinhard Wilhelm,et al.  Parametric shape analysis via 3-valued logic , 1999, POPL '99.

[11]  Cormac Flanagan,et al.  Avoiding exponential explosion: generating compact verification conditions , 2001, POPL '01.

[12]  V. Stavridou,et al.  Abstraction and specification in program development , 1988 .

[13]  Eran Yahav,et al.  Verifying safety properties of concurrent Java programs using 3-valued logic , 2001, POPL '01.

[14]  James J. Horning,et al.  Synchronization Primitives for a Multiprocessor: A Formal Speci cation , 1987 .

[15]  Cliff B. Jones,et al.  Tentative steps toward a development method for interfering programs , 1983, TOPL.

[16]  Marc Najork,et al.  Mercator: A scalable, extensible Web crawler , 1999, World Wide Web.

[17]  Ken Arnold,et al.  The Java Programming Language , 1996 .

[18]  Stephen N. Freund,et al.  Thread-Modular Verification for Shared-Memory Programs , 2002, ESOP.

[19]  Martín Abadi,et al.  Conjoining specifications , 1995, TOPL.

[20]  Martin C. Rinard,et al.  A parameterized type system for race-free Java programs , 2001, OOPSLA '01.