Precisely Deciding Control State Reachability in Concurrent Traces with Limited Observability

  • Chao Wang
  • Kevin Hoang
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8318)


We propose a new algorithm for precisely deciding a control state reachability (CSR) problem in runtime verification of concurrent programs, where the trace provides only limited observability of the execution. Under the assumption of limited observability, we know only the type of each event (read, write, lock, unlock, etc.) and the associated shared object, but not the concrete values of these objects or the control/data dependency among these events. Our method is the first sound and complete method for deciding such CSR in traces that involve more than two threads, while handling both standard synchronization primitives and ad hoc synchronizations implemented via shared memory accesses. It relies on a new polygraph based analysis, which is provably more accurate than existing methods based on lockset analysis, acquisition history, universal causality graph, and a recently proposed method based the causally-precedes relation. We have implemented the method in an offline data-race detection tool and demonstrated its effectiveness on multithreaded C/C++ applications.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bond, M.D., Coons, K.E., McKinley, K.S.: PACER: proportional detection of data races. In: Programming Language Design and Implementation, pp. 255–268 (2010)Google Scholar
  2. 2.
    Chen, F., Serbanuta, T., Rosu, G.: jPredictor: a predictive runtime analysis tool for java. In: International Conference on Software Engineering, pp. 221–230 (2008)Google Scholar
  3. 3.
    Farzan, A., Madhusudan, P.: Monitoring atomicity in concurrent programs. In: Gupta, A., Malik, S. (eds.) CAV 2008. LNCS, vol. 5123, pp. 52–65. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  4. 4.
    Farzan, A., Madhusudan, P., Sorrentino, F.: Meta-analysis for atomicity violations under nested locking. In: Bouajjani, A., Maler, O. (eds.) CAV 2009. LNCS, vol. 5643, pp. 248–262. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  5. 5.
    Farzan, A., Madhusudan, P., Razavi, N., Sorrentino, F.: Predicting null-pointer dereferences in concurrent programs. In: Foundations of Software Engineering, p. 47 (2012)Google Scholar
  6. 6.
    Flanagan, C., Freund, S.N.: FastTrack: efficient and precise dynamic race detection. Commun. ACM 53(11), 93–101 (2010)CrossRefGoogle Scholar
  7. 7.
    Flanagan, C., Freund, S.N., Yi, J.: Velodrome: a sound and complete dynamic atomicity checker for multithreaded programs. In: Programming Language Design and Implementation, pp. 293–303 (2008)Google Scholar
  8. 8.
    Kahlon, V.: Boundedness vs. unboundedness of lock chains: Characterizing decidability of pairwise cfl-reachability for threads communicating via locks. In: International Symposium on Logic in Computer Science, pp. 27–36 (2009)Google Scholar
  9. 9.
    Kahlon, V., Ivančić, F., Gupta, A.: Reasoning about threads communicating via locks. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 505–518. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  10. 10.
    Kahlon, V., Wang, C.: Universal Causality Graphs: A precise happens-before model for detecting bugs in concurrent programs. In: Touili, T., Cook, B., Jackson, P. (eds.) CAV 2010. LNCS, vol. 6174, pp. 434–449. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  11. 11.
    Kahlon, V., Wang, C.: Lock removal for concurrent trace programs. In: Madhusudan, P., Seshia, S.A. (eds.) CAV 2012. LNCS, vol. 7358, pp. 227–242. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  12. 12.
    Kundu, S., Ganai, M.K., Wang, C.: Contessa: Concurrency testing augmented with symbolic analysis. In: Touili, T., Cook, B., Jackson, P. (eds.) CAV 2010. LNCS, vol. 6174, pp. 127–131. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  13. 13.
    Lamport, L.: Time, clocks, and the ordering of events in a distributed system. Commun. ACM 21(7), 558–565 (1978)CrossRefMATHGoogle Scholar
  14. 14.
    Li, D., Srisa-an, W., Dwyer, M.B.: SOS: saving time in dynamic race detection with stationary analysis. In: ACM Conference on Object Oriented Programming, Systems, Languages, and Applications, pp. 35–50 (2011)Google Scholar
  15. 15.
    Lu, S., Tucek, J., Qin, F., Zhou, Y.: AVIO: detecting atomicity violations via access interleaving invariants. In: Architectural Support for Programming Languages and Operating Systems, pp. 37–48 (2006)Google Scholar
  16. 16.
    Papadimitriou, C.H.: The serializability of concurrent database updates. J. ACM 26(4), 631–653 (1979)CrossRefMATHMathSciNetGoogle Scholar
  17. 17.
    Said, M., Wang, C., Yang, Z., Sakallah, K.: Generating data race witnesses by an SMT-based analysis. In: Bobaru, M., Havelund, K., Holzmann, G.J., Joshi, R. (eds.) NFM 2011. LNCS, vol. 6617, pp. 313–327. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  18. 18.
    Savage, S., Burrows, M., Nelson, G., Sobalvarro, P., Anderson, T.: Eraser: A dynamic data race detector for multithreaded programs. ACM Trans. Comput. Syst. 15(4), 391–411 (1997)CrossRefGoogle Scholar
  19. 19.
    Sen, K., Rosu, G., Agha, G.: Runtime safety analysis of multithreaded programs. In: Foundations of Software Engineering, pp. 337–346 (2003)Google Scholar
  20. 20.
    Sen, K., Roşu, G., Agha, G.: Detecting errors in multithreaded programs by generalized predictive analysis of executions. In: Steffen, M., Zavattaro, G. (eds.) FMOODS 2005. LNCS, vol. 3535, pp. 211–226. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  21. 21.
    Sinha, A., Malik, S.: Using concurrency to check concurrency: Checking serializability in software transactional memory. In: Parallel and Distributed Processing Symposium (2010)Google Scholar
  22. 22.
    Sinha, A., Malik, S., Wang, C., Gupta, A.: Predictive analysis for detecting serializability violations through trace segmentation. In: Formal Methods and Models for Codesign, pp. 99–108 (2011)Google Scholar
  23. 23.
    Sinha, N., Wang, C.: On interference abstractions. In: ACM Symposium on Principles of Programming Languages, pp. 423–434 (2011)Google Scholar
  24. 24.
    Smaragdakis, Y., Evans, J., Sadowski, C., Yi, J., Flanagan, C.: Sound predictive race detection in polynomial time. In: ACM Symposium on Principles of Programming Languages, pp. 387–400 (2012)Google Scholar
  25. 25.
    Sorrentino, F., Farzan, A., Madhusudan, P.: PENELOPE: weaving threads to expose atomicity violations. In: Foundations of Software Engineering, pp. 37–46 (2010)Google Scholar
  26. 26.
    von Praun, C., Gross, T.R.: Object race detection. In: ACM Conference on Object Oriented Programming, Systems, Languages, and Applications, pp. 70–82 (2001)Google Scholar
  27. 27.
    Wang, C., Chaudhuri, S., Gupta, A., Yang, Y.: Symbolic pruning of concurrent program executions. In: Foundations of Software Engineering, pp. 23–32 (2009)Google Scholar
  28. 28.
    Wang, C., Ganai, M.: Predicting concurrency failures in the generalized execution traces of x86 executables. In: Khurshid, S., Sen, K. (eds.) RV 2011. LNCS, vol. 7186, pp. 4–18. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  29. 29.
    Wang, C., Limaye, R., Ganai, M., Gupta, A.: Trace-based symbolic analysis for atomicity violations. In: Esparza, J., Majumdar, R. (eds.) TACAS 2010. LNCS, vol. 6015, pp. 328–342. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  30. 30.
    Wang, C., Said, M., Gupta, A.: Coverage guided systematic concurrency testing. In: International Conference on Software Engineering, pp. 221–230 (2011)Google Scholar
  31. 31.
    Wang, L., Stoller, S.D.: Runtime analysis of atomicity for multithreaded programs. IEEE Trans. Software Eng. 32(2), 93–110 (2006)CrossRefGoogle Scholar
  32. 32.
    Yu, J., Narayanasamy, S.: A case for an interleaving constrained shared-memory multi-processor. In: International Symposium on Computer Architecture, pp. 325–336 (2009)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  • Chao Wang
    • 1
  • Kevin Hoang
    • 1
  1. 1.Department of ECEVirginia TechBlacksburgUSA

Personalised recommendations