research-article

Symbolic execution of multithreaded programs from arbitrary program contexts

Authors:

Luis CezeAuthors Info & Claims

ACM SIGPLAN Notices, Volume 49, Issue 10

Pages 491 - 506

https://doi.org/10.1145/2714064.2660200

Published: 15 October 2014 Publication History

Abstract

We describe an algorithm to perform symbolic execution of a multithreaded program starting from an arbitrary program context. We argue that this can enable more efficient symbolic exploration of deep code paths in multithreaded programs by allowing the symbolic engine to jump directly to program contexts of interest.

The key challenge is modeling the initial context with reasonable precision - an overly approximate model leads to exploration of many infeasible paths during symbolic execution, while a very precise model would be so expensive to compute that computing it would defeat the purpose of jumping directly to the initial context in the first place. We propose a context-specific dataflow analysis that approximates the initial context cheaply, but precisely enough to avoid some common causes of infeasible-path explosion. This model is necessarily approximate - it may leave portions of the memory state unconstrained, leaving our symbolic execution unable to answer simple questions such as "which thread holds lock A?". For such cases, we describe a novel algorithm for evaluating symbolic synchronization during symbolic execution. Our symbolic execution semantics are sound and complete up to the limits of the underlying SMT solver. We describe initial experiments on an implementation in Cloud 9.

References

[1]

T. Bergan. Avoiding State-Space Explosion in Multithreaded Programs with Input-Covering Schedules and Symbolic Execution. PhD thesis, Computer Science Dept., University of Washington, Seattle, WA, March 2014.

[2]

T. Bergan, L. Ceze, and D. Grossman. Input-Covering Schedules for Multithreaded Programs. In OOPSLA, 2013.

Digital Library

[3]

T. Bergan, D. Grossman, and L. Ceze. Symbolic Execution of Multithreaded Programs from Arbitrary Program Contexts. Technical Report UW-CSE-13-08-01, Univ. of Washington.

[4]

C. Bienia, S. Kumar, J. P. Singh, and K. Li. The PARSEC Benchmark Suite: Characterization and Architectural Implications. In PACT, 2008.

Digital Library

[5]

H.-J. Boehm. Simple Garbage-Collector-Safety. In PLDI, 1996.

Digital Library

[6]

H.-J. Boehm and S. Adve. Foundations of the C++ Concurrency Memory Model. In PLDI, 2008.

Digital Library

[7]

S. Böhme and M. Moskal. Heaps and Data Structures: A Challenge for Automated Provers. In Proceedings of the 23rd International Conference on Automated Deduction, 2011.

Digital Library

[8]

P. Boonstoppel, C. Cadar, and D. Engler. RWset: Attacking Path Explosion in Constraint-Based Test Generation. In TACAS, 2008.

Digital Library

[9]

S. Bucur, V. Ureche, C. Zamfir, and G. Candea. Parallel Symbolic Execution for Automated Real-World Software Testing. In EuroSys, 2011.

Digital Library

[10]

C. Cadar, D. Dunbar, and D. Engler. KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs. In OSDI, 2008.

Digital Library

[11]

S. Chatterjee, S. K. Lahiri, S. Qadeer, and Z. Rakamaric. A Reachability Predicate for Analyzing Low-Level Software. In TACAS, 2007.

Digital Library

[12]

A. Cheung, A. Solar-Lezama, and S. Madden. Partial Replay of Long-Running Applications. In FSE, 2011.

Digital Library

[13]

V. Chipounov, V. Kuznetsov, and G. Candea. S2E: A Platform for In Vivo Multi-Path Analysis of Software Systems. In ASPLOS, 2011.

Digital Library

[14]

K. E. Coons, M. Musuvathi, and K. S. McKinley. Bounded Partial-Order Reduction. In OOPSLA, 2013.

Digital Library

[15]

I. Dillig, T. Dillig, A. Aiken, and M. Sagiv. Precise and Compact Modular Procedure Summaries for Heap Manipulating Programs. In PLDI, 2011.

Digital Library

[16]

L. Effinger-Dean, H.-J. Boehm, P. Joisha, and D. Chakrabarti. Extended Sequential Reasoning for Data-Race-Free Programs. In Workshop on Memory Systems Performance and Correctness, 2011.

Digital Library

[17]

B. Elkarablieh, P. Godefroid, and M. Y. Levin. Precise Pointer Reasoning for Dynamic Test Generation. In ISSTA, 2009.

Digital Library

[18]

C. Flanagan and P. Godefroid. Dynamic Partial-Order Reduction for Model Checking Software. In POPL, 2005.

Digital Library

[19]

V. Ganesh and D. L. Dill. A Decision Procedure for Bit-vectors and Arrays. In CAV, 2007.

Digital Library

[20]

P. Godefroid. Compositional Dynamic Test Generation. In POPL, 2007.

Digital Library

[21]

P. Godefroid. Micro Execution. In ICSE, 2014.

Digital Library

[22]

P. Godefroid, N. Klarlund, and K. Sen. DART: Directed Automated Random Testing. In PLDI, 2005.

Digital Library

[23]

P. Godefroid, M. Y. Levin, and D. Molnar. Automated Whitebox Fuzz Testing. In Network and Distributed System Security Symposium, 2008.

[24]

P. Godefroid and D. Luchaup. Automatic Partial Loop Summarization in Dynamic Test Generation. In ISSTA, 2011.

Digital Library

[25]

T. Hansen, P. Schachte, and H. Sondergaard. State Joining and Splitting for the Symbolic Execution of Binaries. In Intl. Conf. on Runtime Verification (RV), 2009.

Digital Library

[26]

ISO. C Language Standard, ISO/IEC 9899:2011. 2011.

[27]

S. Khurshid, C. S. Păsăreanu, and W. Visser. Generalized Symbolic Execution for Model Checking and Testing. In TACAS, 2003.

Digital Library

[28]

V. Kuznetsov, J. Kinder, S. Bucur, and G. Candea. Efficient State Merging in Symbolic Execution. In PLDI, 2012.

Digital Library

[29]

C. Lattner. Macroscopic Data Structure Analysis and Optimization. PhD thesis, Computer Science Dept., University of Illinois at Urbana-Champaign, Urbana, IL, May 2005.

Digital Library

[30]

C. Lattner and V. Adve. LLVM: A Compilation Framework for Lifelong Program Analysis and Transformation. In CGO, 2004.

Digital Library

[31]

Y. Li, Z. Su, L. Wang, and X. Li. Steering Symbolic Execution to Less Traveled Paths. In OOPSLA, 2013.

Digital Library

[32]

K.-K. Ma, K. Y. Phang, J. S. Foster, and M. Hicks. Analysis of Multithreaded Programs. In Static Analysis Symposium (SAS), 2011.

[33]

L. D. Moura and N. Bjørner. Z3: An Efficient SMT Solver. In TACAS, 2008.

Digital Library

[34]

M. Musuvathi and S. Qadeer. Iterative Context Bounding for Systematic Testing of Multithreaded Programs. In PLDI, 2007.

Digital Library

[35]

C. S. Pasareanu, N. Rungta, and W. Visser. Symbolic Execution with Mixed Concrete-Symbolic Solving. In ISSTA, 2011.

Digital Library

[36]

S. Qadeer, S. K. Rajamani, and J. Rehof. Summarizing Procedures in Concurrent Programs. In POPL, 2004.

Digital Library

[37]

M. Rinard. Analysis of Multithreaded Programs. In Static Analysis Symposium (SAS), 2001.

Digital Library

[38]

K. Sen, D. Marinov, and G. Agha. CUTE: a Concolic Unit Testing Engine for C. In FSE, 2005.

Digital Library

[39]

N. Tillmann and J. de Halleux. Pex - White Box Test Generation for .NET. In Tests and Proofs (TAP), 2008.

Digital Library

[40]

J. Voung, R. Jhala, and S. Lerner. RELAY: Static Race Detection on Millions of Lines of Code. In FSE, 2007.

Digital Library

[41]

S. C. Woo, M. Ohara, E. Torrie, J. P. Singh, and A. Gupta. The SPLASH-2 Programs: Characterization and Methodological Considerations. In ISCA, 1995.

Digital Library

[42]

C. Zamfir, B. Kasikci, J. Kinder, E. Bugnion, and G. Candea. Automated Debugging for Arbitrarily Long Executions. In HotOS, 2013.

Digital Library

[43]

Y. Zhang and E. Duesterwald. Barrier Matching for Programs With Textually Unaligned Barriers. In PPoPP, 2007.

Digital Library

Cited By

Sun XGupta RBond MLee JPayer H(2024)SSRD: Shapes and Summaries for Race Detection in Concurrent Data StructuresProceedings of the 2024 ACM SIGPLAN International Symposium on Memory Management10.1145/3652024.3665505(68-81)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3652024.3665505
Hu YShen ZDolan-Gavitt B(2022)Characterizing and Improving Bug-Finders with Synthetic Bugs2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)10.1109/SANER53432.2022.00115(971-982)Online publication date: Mar-2022
https://doi.org/10.1109/SANER53432.2022.00115
Chen DJiang YXu CMa X(2021)On interleaving space exploration of multi-threaded programsFrontiers of Computer Science10.1007/s11704-020-9501-615:4Online publication date: 11-Feb-2021
https://doi.org/10.1007/s11704-020-9501-6
Show More Cited By

Index Terms

Symbolic execution of multithreaded programs from arbitrary program contexts

Recommendations

Assertion guided symbolic execution of multithreaded programs
ESEC/FSE 2015: Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering

Symbolic execution is a powerful technique for systematic testing of sequential and multithreaded programs. However, its application is limited by the high cost of covering all feasible intra-thread paths and inter-thread interleavings. We propose a ...
Symbolic execution of multithreaded programs from arbitrary program contexts
OOPSLA '14: Proceedings of the 2014 ACM International Conference on Object Oriented Programming Systems Languages & Applications

We describe an algorithm to perform symbolic execution of a multithreaded program starting from an arbitrary program context. We argue that this can enable more efficient symbolic exploration of deep code paths in multithreaded programs by allowing the ...
Veritesting Challenges in Symbolic Execution of Java

Scaling symbolic execution to industrial-sized programs is an important open research problem. Veritesting is a promising technique that improves scalability by combining the advantages of static symbolic execution with those of dynamic symbolic ...

Comments

Information & Contributors

Information

Published In

cover image ACM SIGPLAN Notices

ACM SIGPLAN Notices Volume 49, Issue 10

OOPSLA '14

October 2014

907 pages

ISSN:0362-1340

EISSN:1558-1160

DOI:10.1145/2714064

Editor:
Andy Gill
University of Kansas, Lawrence, KS

Issue’s Table of Contents

OOPSLA '14: Proceedings of the 2014 ACM International Conference on Object Oriented Programming Systems Languages & Applications
October 2014
946 pages
ISBN:9781450325851
DOI:10.1145/2660193
General Chair:
Andrew Black
Portland State University, USA
,
Program Chair:
Todd Millstein
University of California, Los Angeles, USA

Copyright © 2014 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 15 October 2014

Published in SIGPLAN Volume 49, Issue 10

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

26
Total Citations
View Citations
465
Total Downloads

Downloads (Last 12 months)11
Downloads (Last 6 weeks)0

Reflects downloads up to 20 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Sun XGupta RBond MLee JPayer H(2024)SSRD: Shapes and Summaries for Race Detection in Concurrent Data StructuresProceedings of the 2024 ACM SIGPLAN International Symposium on Memory Management10.1145/3652024.3665505(68-81)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3652024.3665505
Hu YShen ZDolan-Gavitt B(2022)Characterizing and Improving Bug-Finders with Synthetic Bugs2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)10.1109/SANER53432.2022.00115(971-982)Online publication date: Mar-2022
https://doi.org/10.1109/SANER53432.2022.00115
Chen DJiang YXu CMa X(2021)On interleaving space exploration of multi-threaded programsFrontiers of Computer Science10.1007/s11704-020-9501-615:4Online publication date: 11-Feb-2021
https://doi.org/10.1007/s11704-020-9501-6
Guo SChen YYu JWu MZuo ZLi PCheng YWang H(2020)Exposing cache timing side-channel leaks through out-of-order symbolic executionProceedings of the ACM on Programming Languages10.1145/34282154:OOPSLA(1-32)Online publication date: 13-Nov-2020
https://doi.org/10.1145/3428215
Zhou YZhang LLi H(2019)SYMACProceedings of the 2nd International Conference on Computer Science and Software Engineering10.1145/3339363.3339379(126-131)Online publication date: 24-May-2019
https://dl.acm.org/doi/10.1145/3339363.3339379
Meng FSu XQu Z(2017)Interactive WCET Prediction with Warning for Timeout RiskInternational Journal of Pattern Recognition and Artificial Intelligence10.1142/S021800141750012431:05(1750012)Online publication date: May-2017
https://doi.org/10.1142/S0218001417500124
Han HKyea JJin YKang JPak BYun I(2023)QueryX: Symbolic Query on Decompiled Code for Finding Bugs in COTS Binaries2023 IEEE Symposium on Security and Privacy (SP)10.1109/SP46215.2023.10179314(3279-3295)Online publication date: May-2023
https://doi.org/10.1109/SP46215.2023.10179314
Cai YYao PZhang CFreund SYahav E(2021)Canary: practical static detection of inter-thread value-flow bugsProceedings of the 42nd ACM SIGPLAN International Conference on Programming Language Design and Implementation10.1145/3453483.3454099(1126-1140)Online publication date: 19-Jun-2021
https://dl.acm.org/doi/10.1145/3453483.3454099
Kang QXing JQiu YChen ASherwood TBerger EKozyrakis C(2021)Probabilistic profiling of stateful data planes for adversarial testingProceedings of the 26th ACM International Conference on Architectural Support for Programming Languages and Operating Systems10.1145/3445814.3446764(286-301)Online publication date: 19-Apr-2021
https://dl.acm.org/doi/10.1145/3445814.3446764
Brown FStefan DEngler DCapkun SRoesner F(2020)SysProceedings of the 29th USENIX Conference on Security Symposium10.5555/3489212.3489224(199-216)Online publication date: 12-Aug-2020
https://dl.acm.org/doi/10.5555/3489212.3489224
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents