Post on 22-Feb-2016
description
Efficient Model Checking of Data Races withAutomatically-extracted Distance-based Fitness Functions
João Paulo, Elton Alves, Marcelo Damorim, Fernando Castor
“The biggest sea change in software development since the OO revolution is knocking at the door, and its name is Concurrency”.
Herb Sutter
Concurrent Programming
• Is too hard!– Error prone
• It’s difficult to debug and find errors• Most programmers thinks that know how to
do it, but they don’t • NonDeterminism, Deadlocks, Data Races…
Race Conditionpublic class Ref { int i; void inc() { int t = i + 1; i = t; } public static void main(String args[]){ final Ref ref = new Ref(); new Thread(new Runnable(){ public void run(){ ref.inc(); } }).start(); new Thread(new Runnable(){ public void run(){ref.inc(); } }).start(); assert ref.i == 2; }}
A race condition occurs if
• two threads access a shared variable at the same time without synchronization
• at least one of those accesses is a write
public class Ref {int i;void inc() { synchronized (this) { int t = i + 1; i = t; }}public static void main(String args[]) {
final Ref ref = new Ref();new Thread(new Runnable() {public void run() { ref.inc();}}).start();new Thread(new Runnable() {public void run() { ref.inc();}}).start(); assert ref.i == 2; }}
• Field Guarded by Lock
• Lock acquired before the thread enter in block
• Ensure race freedom
Guarantees the mutual exclusion
So, we need (an easy) way to discover these kind error
And there’s some tools to help us…
Program Model Checking
• It performs model checking directly into the code
• Rigorous method that exhaustively explores all possible SUT behaviors
• Is it a test?
Model Checking
Fonte: http://babelfish.arc.nasa.gov/trac/jpf/wiki/intro/testing_vs_model_checking
Java PathFinder(JPF)
• An explicit state software model checker – Focus is on finding bugs in Java programs– Developed by NASA since 1999– Turned Open Source in 2005
• State Explosion problem
State Explosion
# thread #Atomic Section
Scheduling
2 2 6
2 8 12.870
2 16 601.080.390
How JPF Works
• Backtracking• State Matching• Partial Order Reduction• Listener
How do we Detect Potencial Races?
• Using a customized JPF listener• For each PUTFIELD or GETFIELD– Get Object Reference• Get the accessed Field
– Get Current Thread» Get Current Instruction
• Get the set of Acquireds Locks
How do we Detect Potencial Races?[2]
• So, we have a report like this:
Account-Listener-Result.txt
How do we Detect Potencial Races?[3]
• which can be simplified for this
Account-compacted.txt
How good is our solution?
• Running Subject account , input 6• JPF go through 27.670 states• The solution converges in just 67 states• = 0,002 < 1 % of search State
Account-6-output.txt
But we have some false positives…
And we don´t want them.
Our Research Idea
• Guide Model Checking• Attempt to Avoid State explosion• Uses heuristics to classifies a given a state– Interesting State has value 0– Boring State has value Integer.Max
• Uses distance based fitness function
Our work-in-progress
• Find a heuristic function to guide the Model Checking
• Evaluate the function• This is harder than we thought
Our work-in-progress[2]CallTrace cg; /* computed on-the-fly */AccessPair[] goals; /* computed on-the-fly */MethodInfo driver; /* test driver */
int eval(State jpfState) { ThreadInfo[] tis = jpfState.threadInfos(); TraceInfo ti = cg.getTrace(); for(int i=0; i<tis.length; i++) {
MethodInfo ma = tis[j].getCurrentMethod(); foreach p:Pair in goals { int d = dist(ti, p.mx) * dist(ti, p.my); if (d < min) min = d; } } return min;}
int dist(TraceInfo tSource, MethodInfo mDest) { int result = shortestPath(cg, tSource, mDest); if (result == -1) { // mDest not reachable from mSource return shortestPathFromDriver(cg, driver, mSource, mDest); }}
If we are not so good to do it…
• The research goal could moves to compare the ‘potencial data race’ finded with other approaches
Thanks