7,843 research outputs found
McMini: A Programmable DPOR-based Model Checker for Multithreaded Programs
Model checking has become a key tool for gaining confidence in correctness of
multi-threaded programs. Unit tests and functional tests do not suffice because
of race conditions that are not discovered by those tests. McMini is an
extensible model checker based on DPOR (Dynamic Partial Order Reduction). A
mechanism was invented to declare to McMini new, primitive thread operations,
typically in 100~lines or less of C~code. The mechanism was extended to also
allow the end user to declare alternative thread wakeup policies, including
spurious wakeups from condition variables. One declares: (I) under what
conditions an operation is enabled; (ii) which thread operations are
independent of each other; and (iii) when two operations can be considered as
co-enabled. An optional wakeup policy is implemented by defining when a wait
operation (on a semaphore, condition variable, etc.) is enabled. A new enqueue
thread operation is described, allowing a user to declare alternative wakeup
policies. McMini was first confirmed to operate correctly and efficiently as a
traditional, but extensible model checker for mutex, semaphore, condition
variable, and reader-writer. McMini's extensibility was then tested on novel
primitive operations, representing other useful paradigms for multithreaded
operations. An example is readers-and-two-writers. The speed of model checking
was found to be five times faster and more, as compared to traditional
implementations on top of condition variables. Alternative wakeup policies
(e.g., FIFO, LIFO, arbitrary, etc.) were then tested using an enqueue
operation. Finally, spurious wakeups were tested with a program that exposes a
bug only in the presence of a spurious wakeup.Comment: 24 pages, 1 figur
Permission-Based Separation Logic for Multithreaded Java Programs
This paper presents a program logic for reasoning about multithreaded
Java-like programs with dynamic thread creation, thread joining and reentrant
object monitors. The logic is based on concurrent separation logic. It is the
first detailed adaptation of concurrent separation logic to a multithreaded
Java-like language. The program logic associates a unique static access
permission with each heap location, ensuring exclusive write accesses and
ruling out data races. Concurrent reads are supported through fractional
permissions. Permissions can be transferred between threads upon thread
starting, thread joining, initial monitor entrancies and final monitor exits.
In order to distinguish between initial monitor entrancies and monitor
reentrancies, auxiliary variables keep track of multisets of currently held
monitors. Data abstraction and behavioral subtyping are facilitated through
abstract predicates, which are also used to represent monitor invariants,
preconditions for thread starting and postconditions for thread joining.
Value-parametrized types allow to conveniently capture common strong global
invariants, like static object ownership relations. The program logic is
presented for a model language with Java-like classes and interfaces, the
soundness of the program logic is proven, and a number of illustrative examples
are presented
Master of Science
thesisConcurrent programs are extremely important for efficiently programming future HPC systems. Large scientific programs may employ multiple processes or threads to run on HPC systems for days. Reliability is an essential requirement of existing concurrent programs. Therefore, verification of concurrent programs becomes increasingly important. Today we have two significant challenges in developing concurrent program verification tools: The first is scalability. Since new types of concurrent programs keep being created, verification tools need to scale to handle all these new types of programs. The second is providing formal coverage guarantee. Dynamic verification tools always face a huge schedule space. Both these capabilities must exist for testing programs that follow multiple concurrency models. Most current dynamic verification tools can only explore either thread level or process level schedules. Consequently, they fail to verify hybrid programs. Exploring mixed process and thread level schedules is not an ideal solution because the state space will grow exponentially in both levels. It is hard to systematically traverse these mixed schedules. Therefore, our approach is to determinize all concurrent APIs except one API whose schedules will then be explored. To improve search efficiency, we proposed a random-walk based heuristic algorithm. We observed many concurrent programs and concluded some common structures of them. Based on the existence of these structures, we can make dynamic verification tools focusing on specific regions and bypassing regions of less interest. We propose a random sampling of executions in the regions of less interest
- …