skip to main content
10.1145/1065010.1065015acmconferencesArticle/Chapter ViewAbstractPublication PagespldiConference Proceedingsconference-collections
Article

VYRD: verifYing concurrent programs by runtime refinement-violation detection

Published: 12 June 2005 Publication History

Abstract

We present a runtime technique for checking that a concurrently-accessed data structure implementation, such as a file system or the storage management module of a database, conforms to an executable specification that contains an atomic method per data structure operation. The specification can be provided separately or a non-concurrent, "atomized" interpretation of the implementation can serve as the specification. The technique consists of two phases. In the first phase, the implementation is instrumented in order to record information into a log during execution. In the second, a separate verification thread uses the logged information to drive an instance of the specification and to check whether the logged execution conforms to it. We paid special attention to the general applicability and scalability of the techniques and to minimizing their concurrency and performance impact. The result is a lightweight verification method that provides a significant improvement over testing for concurrent programs.We formalize conformance to a specification using the notion of refinement: Each trace of the implementation must be equivalent to some trace of the specification. Among the novel features of our work are two variations on the definition of refinement appropriate for runtime checking: I/O and "view" refinement. These definitions were motivated by our experience with two industrial-scale concurrent data structure implementations: the Boxwood project, a B-link tree data structure built on a novel storage infrastructure [10] and the Scan file system [9]. I/O and view refinement checking were implemented as a verification tool named VRYD (VerifYing concurrent programs by Runtime Refinement-violation Detection). VYRD was applied to the verification of Boxwood, Java class libraries, and, previously, to the Scan filesystem. It was able to detect previously unnoticed subtle concurrency bugs in Boxwood and the Scan file system, and the known bugs in the Java class libraries and manually constructed examples. Experimental results indicate that our techniques have modest computational cost.

References

[1]
M. Abadi and L. Lamport. The existence of refinement mappings. In Proc. 3rd Annual Symposium on Logic in Computer Science, pp. 165--175. IEEE Computer Society Press, 1988.
[2]
F. Chen and G. Rosu. Towards monitoring-oriented programming: A paradigm combining specification and implementation. In Electronic Notes in Theoretical Computer Science, Vol. 89. Elsevier, 2003.
[3]
M. L. Crane and J. Dingel. Runtime conformance checking of objects using Alloy. In Electronic Notes in Theoretical Computer Science, Vol. 89. Elsevier, 2003.
[4]
C. Flanagan. Verifying Commit-Atomicity Using Model-Checking. In SPIN '04: The SPIN Workshop on Model Checking of Software. Springer-Verlag, 2004.
[5]
C. Flanagan, S. Freund, and S. Qadeer. Exploiting purity for atomicity. In Proceedings of the International Symposium on Software Testing and Analysis (ISSTA 2004). ACM Press, 2004.
[6]
C. Flanagan and S. N. Freund. Atomizer: A dynamic atomicity checker for multithreaded programs. In Proc. 31st ACM Symposium on Principles of Programming Languages, pp. 256--267, 2004.
[7]
C. Flanagan and S. Qadeer. A type and effect system for atomicity. In Proc. ACM SIGPLAN 2003 Conf. on Programming language design and implementation, pages 338--349. ACM Press, 2003.
[8]
M. P. Herlihy and J. M. Wing. Linearizability: A correctness condition for concurrent objects. ACM Trans. on Programming Languages and Systems, 12(3):463--492, 1990.
[9]
M. Ji and E. Felten. Scan-based scheduling and layout in a reliable write-optimized file system. Technical Report TR-661-02, Princeton University, Department of Computer Science, 2002.
[10]
J. MacCormick, N. Murphy, M. Najork, C. A. Thekkath, and L. Zhou. Boxwood: Abstractions as the foundation for storage infrastructure. In Proceedings of the 6th Symposium on Operating Systems Design and Implementation (OSDI 2004), San Francisco, CA, USA, December 2004, pages 105--120. http://research.microsoft.com/research/sv/Boxwood
[11]
S. Park and D. L. Dill. Verification of cache coherence protocols by aggregation of distributed transactions. Theory of Computing Systems, 31(4):355--376, 1998.
[12]
Y. Sagiv. Concurrent operations on b-trees with overtaking. Journal of Computer and System Sciences, 3(2), Oct. 1986.
[13]
S. Tasiran, A. Bogdanov, and M. Ji. Detecting concurrency errors in file systems by runtime refinement checking. Technical Report HPL-2004-177, HP Laboratories, 2004.
[14]
S. Tasiran and S. Qadeer. Runtime refinement verification of concurrent data structures. In Proc. Runtime Verification '04 (ETAPS '04). Electronic Notes in Theoretical Computer Science. Elsevier, 2004.
[15]
S. Tasiran, Y. Yu, and B. Batson. Using a formal specification and a model checker to monitor and guide simulation. In Proceedings of the 40th Design Automation Conference, pages 356--361. ACM, 2003.
[16]
L. Wang and S. D. Stoller. Run-time analysis for atomicity. In Electronic Notes in Theoretical Computer Science, Vol.89. Elsevier, 2003.

Cited By

View all
  • (2024)Towards Efficient Runtime Verified Linearizable AlgorithmsRuntime Verification10.1007/978-3-031-74234-7_17(262-281)Online publication date: 14-Oct-2024
  • (2023)Asynchronous Wait-Free Runtime Verification and Enforcement of LinearizabilityProceedings of the 2023 ACM Symposium on Principles of Distributed Computing10.1145/3583668.3594563(90-101)Online publication date: 19-Jun-2023
  • (2018)An analysis of network-partitioning failures in cloud systemsProceedings of the 13th USENIX conference on Operating Systems Design and Implementation10.5555/3291168.3291173(51-68)Online publication date: 8-Oct-2018
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
PLDI '05: Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
June 2005
338 pages
ISBN:1595930566
DOI:10.1145/1065010
  • cover image ACM SIGPLAN Notices
    ACM SIGPLAN Notices  Volume 40, Issue 6
    Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
    June 2005
    325 pages
    ISSN:0362-1340
    EISSN:1558-1160
    DOI:10.1145/1064978
    Issue’s Table of Contents
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 12 June 2005

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. concurrent data structures
  2. refinement
  3. runtime verification

Qualifiers

  • Article

Conference

PLDI05
Sponsor:

Acceptance Rates

Overall Acceptance Rate 406 of 2,067 submissions, 20%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)6
  • Downloads (Last 6 weeks)0
Reflects downloads up to 17 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2024)Towards Efficient Runtime Verified Linearizable AlgorithmsRuntime Verification10.1007/978-3-031-74234-7_17(262-281)Online publication date: 14-Oct-2024
  • (2023)Asynchronous Wait-Free Runtime Verification and Enforcement of LinearizabilityProceedings of the 2023 ACM Symposium on Principles of Distributed Computing10.1145/3583668.3594563(90-101)Online publication date: 19-Jun-2023
  • (2018)An analysis of network-partitioning failures in cloud systemsProceedings of the 13th USENIX conference on Operating Systems Design and Implementation10.5555/3291168.3291173(51-68)Online publication date: 8-Oct-2018
  • (2017)Checking Concurrent Data Structures Under the C/C++11 Memory ModelACM SIGPLAN Notices10.1145/3155284.301874952:8(45-59)Online publication date: 26-Jan-2017
  • (2017)Checking Concurrent Data Structures Under the C/C++11 Memory ModelProceedings of the 22nd ACM SIGPLAN Symposium on Principles and Practice of Parallel Programming10.1145/3018743.3018749(45-59)Online publication date: 26-Jan-2017
  • (2015)Automated and Modular Refinement Reasoning for Concurrent ProgramsComputer Aided Verification10.1007/978-3-319-21668-3_26(449-465)Online publication date: 14-Jul-2015
  • (2014)Checking Linearizability of Encapsulated Extended OperationsProceedings of the 23rd European Symposium on Programming Languages and Systems - Volume 841010.1007/978-3-642-54833-8_17(311-330)Online publication date: 5-Apr-2014
  • (2012)Runtime verification of concurrency-specific correctness criteriaInternational Journal on Software Tools for Technology Transfer (STTT)10.5555/3115971.311616614:3(291-305)Online publication date: 1-Jun-2012
  • (2012)Fully automatic and precise detection of thread safety violationsACM SIGPLAN Notices10.1145/2345156.225412647:6(521-530)Online publication date: 11-Jun-2012
  • (2012)Fully automatic and precise detection of thread safety violationsProceedings of the 33rd ACM SIGPLAN Conference on Programming Language Design and Implementation10.1145/2254064.2254126(521-530)Online publication date: 11-Jun-2012
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media