research-article

Open access

Optimal stateless model checking for reads-from equivalence under sequential consistency

Authors:

Parosh Aziz Abdulla,

Mohamed Faouzi Atig,

Tuan Phong Ngo,

Konstantinos SagonasAuthors Info & Claims

Proceedings of the ACM on Programming Languages, Volume 3, Issue OOPSLA

Article No.: 150, Pages 1 - 29

https://doi.org/10.1145/3360576

Published: 10 October 2019 Publication History

Abstract

We present a new approach for stateless model checking (SMC) of multithreaded programs under Sequential Consistency (SC) semantics. To combat state-space explosion, SMC is often equipped with a partial-order reduction technique, which defines an equivalence on executions, and only needs to explore one execution in each equivalence class. Recently, it has been observed that the commonly used equivalence of Mazurkiewicz traces can be coarsened but still cover all program crashes and assertion violations. However, for this coarser equivalence, which preserves only the reads-from relation from writes to reads, there is no SMC algorithm which is (i) optimal in the sense that it explores precisely one execution in each reads-from equivalence class, and (ii) efficient in the sense that it spends polynomial effort per class. We present the first SMC algorithm for SC that is both optimal and efficient in practice, meaning that it spends polynomial time per equivalence class on all programs that we have tried. This is achieved by a novel test that checks whether a given reads-from relation can arise in some execution. We have implemented the algorithm by extending Nidhugg, an SMC tool for C/C++ programs, with a new mode called rfsc. Our experimental results show that Nidhugg/rfsc, although slower than the fastest SMC tools in programs where tools happen to examine the same number of executions, always scales similarly or better than them, and outperforms them by an exponential factor in programs where the reads-from equivalence is coarser than the standard one. We also present two non-trivial use cases where the new equivalence is particularly effective, as well as the significant performance advantage that Nidhugg/rfsc offers compared to state-of-the-art SMC and systematic concurrency testing tools.

References

[1]

Parosh Abdulla, Stavros Aronis, Bengt Jonsson, and Konstantinos Sagonas. 2014. Optimal Dynamic Partial Order Reduction. In Symposium on Principles of Programming Languages (POPL 2014). ACM, New York, NY, USA, 373–384.

Digital Library

[2]

Parosh Aziz Abdulla, Stavros Aronis, Mohamed Faouzi Atig, Bengt Jonsson, Carl Leonardsson, and Konstantinos Sagonas. 2015. Stateless Model Checking for TSO and PSO. In Tools and Algorithms for the Construction and Analysis of Systems (LNCS), Vol. 9035. Springer, Berlin, Heidelberg, 353–367.

Digital Library

[3]

Parosh Aziz Abdulla, Stavros Aronis, Bengt Jonsson, and Konstantinos Sagonas. 2017. Source Sets: A Foundation for Optimal Dynamic Partial Order Reduction. J. ACM 64, 4, Article 25 (Sept. 2017), 49 pages.

Digital Library

[4]

Parosh Aziz Abdulla, Mohamed Faouzi Atig, Bengt Jonsson, Magnus Lång, Tuan Phong Ngo, and Konstantinos Sagonas. 2019. Optimal Stateless Model Checking for Reads-From Equivalence under Sequential Consistency.

[5]

Parosh Aziz Abdulla, Mohamed Faouzi Atig, Bengt Jonsson, and Tuan Phong Ngo. 2018. Optimal stateless model checking under the release-acquire semantics. Proc. ACM on Program. Lang. 2, OOPSLA (2018), 135:1–135:29.

Digital Library

[6]

Elvira Albert, Puri Arenas, María García de la Banda, Miguel Gómez-Zamalloa, and Peter J. Stuckey. 2017. Context-Sensitive Dynamic Partial Order Reduction. In Computer Aided Verification (LNCS), Vol. 10426. Springer, Berlin Heidelberg, 526–543.

[7]

Stavros Aronis, Bengt Jonsson, Magnus Lång, and Konstantinos Sagonas. 2018. Optimal Dynamic Partial Order Reduction with Observers. In Tools and Algorithms for the Construction and Analysis of Systems - 24th International Conference (LNCS), Vol. 10806. Springer, Cham, 229–248.

[8]

Ranadeep Biswas and Constantin Enea. 2019. On the Complexity of Checking Transactional Consistency. Proc. ACM on Program. Lang. 3, OOPSLA (2019).

Digital Library

[9]

Sebastian Burckhardt, Pravesh Kothari, Madanlal Musuvathi, and Santosh Nagarakatte. 2010. A Randomized Scheduler with Probabilistic Guarantees of Finding Bugs. In Proceedings of the Fifteenth Edition of ASPLOS on Architectural Support for Programming Languages and Operating Systems (ASPLOS XV) . ACM, New York, NY, USA, 167–178.

Digital Library

[10]

Marek Chalupa, Krishnendu Chatterjee, Andreas Pavlogiannis, Nishant Sinha, and Kapil Vaidya. 2018. Data-centric Dynamic Partial Order Reduction. Proc. ACM on Program. Lang. 2, POPL (2018), 31:1–31:30.

Digital Library

[11]

Maria Christakis, Alkis Gotovos, and Konstantinos Sagonas. 2013. Systematic Testing for Detecting Concurrency Errors in Erlang Programs. In Sixth IEEE International Conference on Software Testing, Verification and Validation (ICST 2013). IEEE, Los Alamitos, CA, USA, 154–163.

Digital Library

[12]

Edmund M. Clarke, Orna Grumberg, Marius Minea, and Doron A. Peled. 1999. State Space Reduction Using Partial Order Techniques. Software Tools for Technology Transfer 2, 3 (1999), 279–287.

[13]

Javier Esparza and Keijo Heljanko. 2008. Unfoldings - A Partial-Order Approach to Model Checking. Springer.

[14]

Cormac Flanagan and Patrice Godefroid. 2005. Dynamic partial-order reduction for model checking software. In Principles of Programming Languages, (POPL) . ACM, New York, NY, USA, 110–121.

Digital Library

[15]

Phillip B. Gibbons and Ephraim Korach. 1997. Testing Shared Memories. SIAM J. Comput. 26, 4 (1997), 1208–1244.

Digital Library

[16]

Patrice Godefroid. 1996. Partial-Order Methods for the Verification of Concurrent Systems: An Approach to the State-Explosion Problem . Ph.D. Dissertation. University of Liège.

[17]

Patrice Godefroid. 1997. Model Checking for Programming Languages using VeriSoft. In Principles of Programming Languages, (POPL) . ACM Press, New York, NY, USA, 174–186.

Digital Library

[18]

Patrice Godefroid. 2005. Software Model Checking: The VeriSoft Approach. Formal Methods in System Design 26, 2 (March 2005), 77–101.

Digital Library

[19]

Patrice Godefroid, Robert Hammer, and Lalita Jagadeesan. 1998. Model Checking Without a Model: An Analysis of the Heart-Beat Monitor of a Telephone Switch using VeriSoft. In Proceedings of the ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA) . ACM, New York, NY, USA, 124–133.

Digital Library

[20]

Matthew Hennessy and Robin Milner. 1980. On Observing Nondeterminism and Concurrency. In Automata, Languages and Programming. ICALP 1980 (LNCS), Vol. 85. Springer, Berlin, Heidelberg, 299–309.

[21]

Jeff Huang. 2015. Stateless Model Checking Concurrent Programs with Maximal Causality Reduction. In Proceedings of the 36th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI 2015) . ACM, New York, NY, USA, 165–174.

Digital Library

[22]

Michalis Kokologiannakis, Ori Lahav, Konstantinos Sagonas, and Viktor Vafeiadis. 2018. Effective Stateless Model Checking for C/C++ Concurrency. Proc. ACM on Program. Lang. 2, POPL (2018), 17:1–17:32.

Digital Library

[23]

Michalis Kokologiannakis and Konstantinos Sagonas. 2017. Stateless Model Checking of the Linux Kernel’s Hierarchical Read-Copy-Update (Tree RCU). In Proceedings of International SPIN Symposium on Model Checking of Software (SPIN 2017) . ACM, New York, NY, USA, 172–181.

Digital Library

[24]

Leslie Lamport. 1979. How to make a multiprocessor computer that correctly executes multiprocess programs. IEEE Trans. Comp. 28, 9 (Sept. 1979), 690–691.

Digital Library

[25]

Antoni Mazurkiewicz. 1987. Trace Theory. In Petri Nets: Applications and Relationships to Other Models of Concurrency (LNCS), W. Brauer, W. Reisig, and G. Rozenberg (Eds.), Vol. 255. Springer, Berlin Heidelberg, 279–324.

[26]

Madanlal Musuvathi, Shaz Qadeer, Thomas Ball, Gérald Basler, Piramanayagam Arumuga Nainar, and Iulian Neamtiu. 2008. Finding and Reproducing Heisenbugs in Concurrent Programs. In Proceedings of the 8th USENIX Symposium on Operating Systems Design and Implementation (OSDI ’08) . USENIX Association, Berkeley, CA, USA, 267–280. http: //dl.acm.org/citation.cfm?id=1855741.1855760

[27]

Brian Norris and Brian Demsky. 2016. A Practical Approach for Model Checking C/C++11 Code. ACM Trans. Program. Lang. Syst. 38, 3, Article 10 (May 2016), 51 pages.

Digital Library

[28]

Doron A. Peled. 1993. All from one, one for all, on model-checking using representatives. In Computer Aided Verification (LNCS), Vol. 697. Springer-Verlag, London, UK, 409–423.

[29]

Martin Rinard. 2013. Parallel Synchronization-Free Approximate Data Structure Construction. In Presented as part of the 5th USENIX Workshop on Hot Topics in Parallelism . USENIX Association. https://www.usenix.org/conference/hotpar13/ workshop-program/presentation/Rinard

[30]

César Rodríguez, Marcelo Sousa, Subodh Sharma, and Daniel Kroening. 2015. Unfolding-based Partial Order Reduction. In 26th International Conference on Concurrency Theory, CONCUR 2015 (LIPIcs), Vol. 42. Schloss Dagstuhl - Leibniz-Zentrum fuer Informatik, 456–469.

[31]

Koushik Sen and Gul Agha. 2007. A Race-Detection and Flipping Algorithm for Automated Testing of Multi-threaded Programs. In Hardware and Software, Verification and Testing (LNCS), Vol. 4383. Springer, Berlin Heidelberg, 166–182.

[32]

Koushik Sen, Grigore Rosu, and Gul Agha. 2005. Detecting Errors in Multithreaded Programs by Generalized Predictive Analysis of Executions. In Formal Methods for Open Object-Based Distributed Systems (LNCS), Vol. 3535. Springer, Berlin Heidelberg, 211–226.

Digital Library

[33]

Traian-Florin Serbanuta, Feng Chen, and Grigore Rosu. 2013. Maximal Causal Models for Sequentially Consistent Systems. In Runtime Verification (RV) (LNCS), Shaz Qadeer and Serdar Tasiran (Eds.), Vol. 7687. Springer, Berlin Heidelberg, 136–150.

[34]

Arnab Sinha, Sharad Malik, Chao Wang, and Aarti Gupta. 2011. Predictive analysis for detecting serializability violations through Trace Segmentation. In Ninth ACM/IEEE International Conference on Formal Methods and Models for Codesign (MEMOCODE) . IEEE, 99–108.

Digital Library

[35]

SV-COMP. 2019. Competition on Software Verification. https://sv-comp.sosy-lab.org/2019 . [Online; accessed 2019-03-24].

[36]

Paul Thomson, Alastair F. Donaldson, and Adam Betts. 2016. Concurrency Testing Using Controlled Schedulers: An Empirical Study. ACM Trans. Parallel Comput. 2, 4, Article 23 (2016), 37 pages.

Digital Library

[37]

Antti Valmari. 1991. Stubborn Sets for Reduced State Space Generation. In Advances in Petri Nets 1990 (LNCS), Grzegorz Rozenberg (Ed.), Vol. 483. Springer-Verlag, London, UK, 491–515.

[38]

Liqiang Wang and Scott D. Stoller. 2006. Accurate and efficient runtime detection of atomicity errors in concurrent programs. In ACM SIGPLAN Symposium on Principles and Practice of Parallel Programming (PPoPP). ACM, New York, NY, USA, 137–146.

Digital Library

[39]

Xinhao Yuan, Junfeng Yang, and Ronghui Gu. 2018. Partial Order Aware Concurrency Sampling. In Computer Aided Verification (LNCS), Vol. 10982. Springer International Publishing, Cham, 317–335.

[40]

Naling Zhang, Markus Kusano, and Chao Wang. 2015. Dynamic partial order reduction for relaxed memory models. In Programming Language Design and Implementation (PLDI) . ACM, New York, NY, USA, 250–259.

Digital Library

Cited By

Kokologiannakis MMarmanis IVafeiadis V(2024)SPORE: Combining Symmetry and Partial Order ReductionProceedings of the ACM on Programming Languages10.1145/36564498:PLDI(1781-1803)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3656449
Chakraborty SKrishna SMathur UPavlogiannis A(2024)How Hard Is Weak-Memory Testing?Proceedings of the ACM on Programming Languages10.1145/36329088:POPL(1978-2009)Online publication date: 5-Jan-2024
https://dl.acm.org/doi/10.1145/3632908
Farzan AMathur U(2024)Coarser Equivalences for Causal ConcurrencyProceedings of the ACM on Programming Languages10.1145/36328738:POPL(911-941)Online publication date: 5-Jan-2024
https://dl.acm.org/doi/10.1145/3632873
Show More Cited By

Index Terms

Optimal stateless model checking for reads-from equivalence under sequential consistency
1. Software and its engineering
  1. Software creation and management
    1. Software verification and validation
2. Theory of computation
  1. Logic
    1. Verification by model checking

Recommendations

Truly stateless, optimal dynamic partial order reduction

Dynamic partial order reduction (DPOR) verifies concurrent programs by exploring all their interleavings up to some equivalence relation, such as the Mazurkiewicz trace equivalence. Doing so involves a complex trade-off between space and time. Existing ...
The reads-from equivalence for the TSO and PSO memory models

The verification of concurrent programs remains an open challenge due to the non-determinism in inter-process communication. One recurring algorithmic problem in this challenge is the consistency verification of concurrent executions. In particular, ...
Fair stateless model checking
PLDI '08

Stateless model checking is a useful state-space exploration technique for systematically testing complex real-world software. Existing stateless model checkers are limited to the verification of safety properties on terminating programs. However, ...

Comments

Information & Contributors

Information

Published In

cover image Proceedings of the ACM on Programming Languages

Proceedings of the ACM on Programming Languages Volume 3, Issue OOPSLA

October 2019

2077 pages

EISSN:2475-1421

DOI:10.1145/3366395

Issue’s Table of Contents

Copyright © 2019 Owner/Author.

This work is licensed under a Creative Commons Attribution International 4.0 License.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 10 October 2019

Published in PACMPL Volume 3, Issue OOPSLA

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Badges

Author Tags

Qualifiers

Research-article

Funding Sources

Vetenskapsrådet
Stiftelsen för Strategisk Forskning

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

33
Total Citations
View Citations
1,081
Total Downloads

Downloads (Last 12 months)187
Downloads (Last 6 weeks)27

Reflects downloads up to 27 Jul 2024

Other Metrics

View Author Metrics

Citations

Cited By

Kokologiannakis MMarmanis IVafeiadis V(2024)SPORE: Combining Symmetry and Partial Order ReductionProceedings of the ACM on Programming Languages10.1145/36564498:PLDI(1781-1803)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3656449
Chakraborty SKrishna SMathur UPavlogiannis A(2024)How Hard Is Weak-Memory Testing?Proceedings of the ACM on Programming Languages10.1145/36329088:POPL(1978-2009)Online publication date: 5-Jan-2024
https://dl.acm.org/doi/10.1145/3632908
Farzan AMathur U(2024)Coarser Equivalences for Causal ConcurrencyProceedings of the ACM on Programming Languages10.1145/36328738:POPL(911-941)Online publication date: 5-Jan-2024
https://dl.acm.org/doi/10.1145/3632873
Tunç HDeshmukh ACirisci BEnea CPavlogiannis ATsafrir DMusuvathi MGupta RAbu-Ghazaleh N(2024)CSSTs: A Dynamic Data Structure for Partial Orders in Concurrent Execution AnalysisProceedings of the 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 310.1145/3620666.3651358(223-238)Online publication date: 27-Apr-2024
https://dl.acm.org/doi/10.1145/3620666.3651358
Abdulla PAtig MDas SJonsson BSagonas K(2024)Parsimonious Optimal Dynamic Partial Order ReductionComputer Aided Verification10.1007/978-3-031-65630-9_2(19-43)Online publication date: 25-Jul-2024
https://doi.org/10.1007/978-3-031-65630-9_2
Tunç HAbdulla PChakraborty SKrishna SMathur UPavlogiannis A(2023)Optimal Reads-From Consistency Checking for C11-Style Memory ModelsProceedings of the ACM on Programming Languages10.1145/35912517:PLDI(761-785)Online publication date: 6-Jun-2023
https://dl.acm.org/doi/10.1145/3591251
Bouajjani AEnea CRomán-Calvo E(2023)Dynamic Partial Order Reduction for Checking Correctness against Transaction Isolation LevelsProceedings of the ACM on Programming Languages10.1145/35912437:PLDI(565-590)Online publication date: 6-Jun-2023
https://dl.acm.org/doi/10.1145/3591243
Fan HSun ZHe F(2023)Satisfiability Modulo Ordering Consistency Theory for SC, TSO, and PSO Memory ModelsACM Transactions on Programming Languages and Systems10.1145/357983545:1(1-37)Online publication date: 3-Mar-2023
https://dl.acm.org/doi/10.1145/3579835
Albert Ede la Banda MGómez-Zamalloa MIsabel MStuckey P(2023)Optimal dynamic partial order reduction with context-sensitive independence and observersJournal of Systems and Software10.1016/j.jss.2023.111730202:COnline publication date: 1-Aug-2023
https://dl.acm.org/doi/10.1016/j.jss.2023.111730
Abdulla PAtig MBønneland FDas SJonsson BLång MSagonas K(2023)Tailoring Stateless Model Checking for Event-Driven Multi-threaded ProgramsAutomated Technology for Verification and Analysis10.1007/978-3-031-45332-8_9(176-198)Online publication date: 19-Oct-2023
https://doi.org/10.1007/978-3-031-45332-8_9
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Media

Figures

Other

Tables

View Issue’s Table of Contents