259 research outputs found
Thread-Modular Static Analysis for Relaxed Memory Models
We propose a memory-model-aware static program analysis method for accurately
analyzing the behavior of concurrent software running on processors with weak
consistency models such as x86-TSO, SPARC-PSO, and SPARC-RMO. At the center of
our method is a unified framework for deciding the feasibility of inter-thread
interferences to avoid propagating spurious data flows during static analysis
and thus boost the performance of the static analyzer. We formulate the
checking of interference feasibility as a set of Datalog rules which are both
efficiently solvable and general enough to capture a range of hardware-level
memory models. Compared to existing techniques, our method can significantly
reduce the number of bogus alarms as well as unsound proofs. We implemented the
method and evaluated it on a large set of multithreaded C programs. Our
experiments showthe method significantly outperforms state-of-the-art
techniques in terms of accuracy with only moderate run-time overhead.Comment: revised version of the ESEC/FSE 2017 pape
Modular Verification of Interrupt-Driven Software
Interrupts have been widely used in safety-critical computer systems to
handle outside stimuli and interact with the hardware, but reasoning about
interrupt-driven software remains a difficult task. Although a number of static
verification techniques have been proposed for interrupt-driven software, they
often rely on constructing a monolithic verification model. Furthermore, they
do not precisely capture the complete execution semantics of interrupts such as
nested invocations of interrupt handlers. To overcome these limitations, we
propose an abstract interpretation framework for static verification of
interrupt-driven software that first analyzes each interrupt handler in
isolation as if it were a sequential program, and then propagates the result to
other interrupt handlers. This iterative process continues until results from
all interrupt handlers reach a fixed point. Since our method never constructs
the global model, it avoids the up-front blowup in model construction that
hampers existing, non-modular, verification techniques. We have evaluated our
method on 35 interrupt-driven applications with a total of 22,541 lines of
code. Our results show the method is able to quickly and more accurately
analyze the behavior of interrupts.Comment: preprint of the ASE 2017 pape
Testing Non-termination in Multi-threaded programs
We study the problem of detecting non - termination in multi - threaded programs due to unwanted race conditions. We claim that the cause of non-termination can be attributed to the presence of at least two loops in two different threads, where the valuations of the loop controlling parameters are inter-dependent, i.e., value of one parameter in one thread depends on the execution sequence in the other thread and vice versa. In this thesis, we propose a testing based technique to analyze finite execution sequences and infer the likelihood of non-termination scenarios. Our technique is a light weight, flexible testing based approach that can be paired with any testing technique. We claim that testing based methods are likely to be scalable to large programs as opposed to static analysis methods. We present an outline of our implementation and prove the feasibility of our approach by presenting case studies on tailored sample programs. We discuss the applicability of our approach to real world larger programs through experimental results. We conclude by discussing the limitations of our approach and future avenues of research along this line of work
Automatic Detection, Validation and Repair of Race Conditions in Interrupt-Driven Embedded Software
Interrupt-driven programs are widely deployed in safety-critical embedded
systems to perform hardware and resource dependent data operation tasks. The
frequent use of interrupts in these systems can cause race conditions to occur
due to interactions between application tasks and interrupt handlers (or two
interrupt handlers). Numerous program analysis and testing techniques have been
proposed to detect races in multithreaded programs. Little work, however, has
addressed race condition problems related to hardware interrupts. In this
paper, we present SDRacer, an automated framework that can detect, validate and
repair race conditions in interrupt-driven embedded software. It uses a
combination of static analysis and symbolic execution to generate input data
for exercising the potential races. It then employs virtual platforms to
dynamically validate these races by forcing the interrupts to occur at the
potential racing points. Finally, it provides repair candidates to eliminate
the detected races. We evaluate SDRacer on nine real-world embedded programs
written in C language. The results show that SDRacer can precisely detect and
successfully fix race conditions.Comment: This is a draft version of the published paper. Ke Wang provides
suggestions for improving the paper and README of the GitHub rep
Verifying multi-threaded software using SMT-based context-bounded model checking
We describe and evaluate three approaches to model check multi-threaded software with shared variables and locks using bounded model checking based on Satisfiability Modulo Theories (SMT) and our modelling of the synchronization primitives of the Pthread library. In the lazy approach, we generate all possible interleavings and call the SMT solver on each of them individually, until we either find a bug, or have systematically explored all interleavings. In the schedule recording approach, we encode all possible interleavings into one single formula and then exploit the high speed of the SMT solvers. In the underapproximation and widening approach, we reduce the state space by abstracting the number of interleavings from the proofs of unsatisfiability generated by the SMT solvers. In all three approaches, we bound the number of context switches allowed among threads in order to reduce the number of interleavings explored. We implemented these approaches in ESBMC, our SMT-based bounded model checker for ANSI-C programs. Our experiments show that ESBMC can analyze larger problems and substantially reduce the verification time compared to state-of-the-art techniques that use iterative context-bounding algorithms or counter-example guided abstraction refinement
Program Model Checking: A Practitioner's Guide
Program model checking is a verification technology that uses state-space exploration to evaluate large numbers of potential program executions. Program model checking provides improved coverage over testing by systematically evaluating all possible test inputs and all possible interleavings of threads in a multithreaded system. Model-checking algorithms use several classes of optimizations to reduce the time and memory requirements for analysis, as well as heuristics for meaningful analysis of partial areas of the state space Our goal in this guidebook is to assemble, distill, and demonstrate emerging best practices for applying program model checking. We offer it as a starting point and introduction for those who want to apply model checking to software verification and validation. The guidebook will not discuss any specific tool in great detail, but we provide references for specific tools
- …