research-article

Assertion guided symbolic execution of multithreaded programs

Authors:

Aarti GuptaAuthors Info & Claims

ESEC/FSE 2015: Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering

Pages 854 - 865

https://doi.org/10.1145/2786805.2786841

Published: 30 August 2015 Publication History

Abstract

Symbolic execution is a powerful technique for systematic testing of sequential and multithreaded programs. However, its application is limited by the high cost of covering all feasible intra-thread paths and inter-thread interleavings. We propose a new assertion guided pruning framework that identifies executions guaranteed not to lead to an error and removes them during symbolic execution. By summarizing the reasons why previously explored executions cannot reach an error and using the information to prune redundant executions in the future, we can soundly reduce the search space. We also use static concurrent program slicing and heuristic minimization of symbolic constraints to further reduce the computational overhead. We have implemented our method in the Cloud9 symbolic execution tool and evaluated it on a large set of multithreaded C/C++ programs. Our experiments show that the new method can reduce the overall computational cost significantly.

References

[1]

P. A. Abdulla, S. Aronis, M. F. Atig, B. Jonsson, C. Leonardsson, and K. F. Sagonas. Stateless model checking for TSO and PSO. In International Conference on Tools and Algorithms for Construction and Analysis of Systems, pages 353–367, 2015.

Digital Library

[2]

V. Adve, C. Lattner, M. Brukman, A. Shukla, and B. Gaeke. LLVM: A low-level virtual instruction set architecture. In ACM/IEEE international symposium on Microarchitecture, San Diego, California, Dec 2003.

Digital Library

[3]

L. O. Andersen. Program analysis and specialization for the c programming language. Technical report, University of Copenhagen, 1994.

[4]

T. Ball. A theory of predicate-complete test coverage and generation. In Formal Methods for Components and Objects, Third International Symposium, Leiden, The Netherlands, pages 1–22, 2004.

Digital Library

[5]

T. Bergan, D. Grossman, and L. Ceze. Symbolic execution of multithreaded programs from arbitrary program contexts. In ACM SIGPLAN Conference on Object Oriented Programming, Systems, Languages, and Applications, pages 491–506, 2014.

Digital Library

[6]

D. Beyer and P. Wendler. Algorithms for software model checking: Predicate abstraction vs. impact. In International Conference on Formal Methods in Computer-Aided Design, pages 106–113, 2012.

[7]

P. Boonstoppel, C. Cadar, and D. R. Engler. RWset: Attacking path explosion in constraint-based test generation. In International Conference on Tools and Algorithms for Construction and Analysis of Systems, pages 351–366, 2008.

Digital Library

[8]

C. Cadar, D. Dunbar, and D. R. Engler. KLEE: Unassisted and automatic generation of high-coverage tests for complex systems programs. In USENIX Symposium on Operating Systems Design and Implementation, pages 209–224, 2008.

Digital Library

[9]

D. Chu and J. Jaffar. A framework to synergize partial order reduction with state interpolation. In International Haifa Verification Conference, pages 171–187, 2014.

[10]

D.-H. Chu and J. Jaffar. A complete method for symmetry reduction in safety verification. In International Conference on Computer Aided Verification, pages 616–633, 2012.

Digital Library

[11]

L. Ciortea, C. Zamfir, S. Bucur, V. Chipounov, and G. Candea. Cloud9: a software testing service. Operating Systems Review, 43(4):5–10, 2009.

Digital Library

[12]

L. M. de Moura and N. Bjørner. Z3: An efficient SMT solver. In International Conference on Tools and Algorithms for Construction and Analysis of Systems, pages 337–340, 2008.

Digital Library

[13]

E. Dijkstra. A Discipline of Programming. Prentice Hall, NJ, 1976.

Digital Library

[14]

A. Farzan, A. Holzer, N. Razavi, and H. Veith. Con2colic testing. In ACM SIGSOFT Symposium on Foundations of Software Engineering, pages 37–47, 2013.

Digital Library

[15]

J. Ferrante, K. J. Ottenstein, and J. D. Warren. The program dependence graph and its use in optimization. ACM Trans. Program. Lang. Syst., 9(3):319–349, July 1987.

Digital Library

[16]

C. Flanagan and P. Godefroid. Dynamic partial-order reduction for model checking software. In ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages, pages 110–121, 2005.

Digital Library

[17]

P. Godefroid. Partial-Order Methods for the Verification of Concurrent Systems - An Approach to the State-Explosion Problem. Springer, 1996.

Digital Library

[18]

P. Godefroid. Compositional dynamic test generation. In ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages, pages 47–54, 2007.

Digital Library

[19]

P. Godefroid, N. Klarlund, and K. Sen. DART: directed automated random testing. In Programming Language Design and Implementation, pages 213–223, June 2005.

Digital Library

[20]

P. Godefroid, A. V. Nori, S. K. Rajamani, and S. Tetali. Compositional may-must program analysis: unleashing the power of alternation. In ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages, pages 43–56, 2010.

Digital Library

[21]

S. Graf and H. Saïdi. Construction of abstract state graphs with PVS. In International Conference on Computer Aided Verification, pages 72–83. Springer, 1997. LNCS 1254.

Digital Library

[22]

S. Horwitz, T. W. Reps, and D. Binkley. Interprocedural slicing using dependence graphs. In ACM SIGPLAN Conference on Programming Language Design and Implementation, pages 35–46, 1988.

Digital Library

[23]

J. Jaffar, V. Murali, and J. A. Navas. Boosting concolic testing via interpolation. In ACM SIGSOFT Symposium on Foundations of Software Engineering, pages 48–58, 2013.

Digital Library

[24]

V. Kahlon and C. Wang. Universal Causality Graphs: A precise happens-before model for detecting bugs in concurrent programs. In International Conference on Computer Aided Verification, pages 434–449, 2010.

Digital Library

[25]

V. Kahlon and C. Wang. Lock removal for concurrent trace programs. In International Conference on Computer Aided Verification, pages 227–242, 2012.

Digital Library

[26]

V. Kahlon, C. Wang, and A. Gupta. Monotonic partial order reduction: An optimal symbolic partial order reduction technique. In International Conference on Computer Aided Verification, pages 398–413, 2009.

Digital Library

[27]

K. Kennedy and J. R. Allen. Optimizing Compilers for Modern Architectures: A Dependence-based Approach. Morgan Kaufmann Publishers Inc., San Francisco, CA, USA, 2002.

Digital Library

[28]

S. Kundu, M. K. Ganai, and C. Wang. CONTESSA: Concurrency testing augmented with symbolic analysis. In International Conference on Computer Aided Verification, pages 127–131, 2010.

Digital Library

[29]

M. Kusano and C. Wang. Assertion guided abstraction: a cooperative optimization for dynamic partial order reduction. In IEEE/ACM International Conference On Automated Software Engineering, pages 175–186, 2014.

Digital Library

[30]

V. Kuznetsov, J. Kinder, S. Bucur, and G. Candea. Efficient state merging in symbolic execution. In ACM SIGPLAN Conference on Programming Language Design and Implementation, pages 193–204, 2012.

Digital Library

[31]

R. Majumdar and K. Sen. Hybrid concolic testing. In International Conference on Software Engineering, pages 416–426, 2007.

Digital Library

[32]

A. W. Mazurkiewicz. Trace theory. In Advances in Petri Nets, pages 279–324. Springer, 1986.

Digital Library

[33]

K. L. McMillan. Lazy abstraction with interpolants. In International Conference on Computer Aided Verification, pages 123–136. Springer, 2006. LNCS 4144.

Digital Library

[34]

K. L. McMillan. Lazy annotation for program testing and verification. In International Conference on Computer Aided Verification, pages 104–118, 2010.

Digital Library

[35]

Non-blocking data structures. URL: https://code.google.com/p/nbds/.

[36]

ned productions: nedmalloc URL: http://www.nedprod.com/programs/portable/nedmalloc/.

[37]

R. Pandita, T. Xie, N. Tillmann, and J. de Halleux. Guided test generation for coverage criteria. In IEEE International Conference on Software Maintenance, pages 1–10, 2010.

Digital Library

[38]

N. Razavi, F. Ivancic, V. Kahlon, and A. Gupta. Concurrent test generation using concolic multi-trace analysis. In Asian Symposium on Programming Languages and Systems, pages 239–255, 2012.

[39]

T. Reps, S. Horwitz, and M. Sagiv. Precise interprocedural dataflow analysis via graph reachability. In ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages, pages 49–61, New York, NY, USA, 1995. ACM.

Digital Library

[40]

M. Said, C. Wang, Z. Yang, and K. Sakallah. Generating data race witnesses by an SMT-based analysis. In NASA Formal Methods, pages 313–327, 2011.

Digital Library

[41]

K. Sen. Scalable Automated Methods for Dynamic Program Analysis. PhD thesis, UIUC, 2006.

Digital Library

[42]

K. Sen, D. Marinov, and G. Agha. CUTE: a concolic unit testing engine for C. In ACM SIGSOFT Symposium on Foundations of Software Engineering, pages 263–272, 2005.

Digital Library

[43]

A. Sinha, S. Malik, C. Wang, and A. Gupta. Predicting serializability violations: SMT-based search vs. DPOR-based search. In Haifa Verification Conference, pages 95–114, 2011.

Digital Library

[44]

A. Sinha, S. Malik, C. Wang, and A. Gupta. Predictive analysis for detecting serializability violations through trace segmentation. In ACM-IEEE International Conference on Formal Methods and Models for System Design, pages 99–108, 2011.

Digital Library

[45]

N. Sinha and C. Wang. Staged concurrent program analysis. In ACM SIGSOFT Symposium on Foundations of Software Engineering, pages 47–56, 2010.

Digital Library

[46]

N. Sinha and C. Wang. On interference abstractions. In ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages, pages 423–434, 2011.

Digital Library

[47]

SV-COMP. 2014 software verification competition. URL: http://sv-comp.sosy-lab.org/2014/, 2014.

[48]

N. Tillmann and J. de Halleux. PEX – white box test generation for .NET. In International Conference on Tests and Proofs, pages 134–153, 2008.

Digital Library

[49]

W. Visser, J. Geldenhuys, and M. B. Dwyer. Green: reducing, reusing and recycling constraints in program analysis. In ACM SIGSOFT Symposium on Foundations of Software Engineering, page 58, 2012.

Digital Library

[50]

W. Visser, C. S. Pasareanu, and R. Pelánek. Test input generation for java containers using state matching. In International Symposium on Software Testing and Analysis, pages 37–48, 2006.

Digital Library

[51]

B. Wachter, D. Kroening, and J. Ouaknine. Verifying multi-threaded software with Impact. In International Conference on Formal Methods in Computer-Aided Design, pages 210–217, 2013.

[52]

C. Wang, S. Chaudhuri, A. Gupta, and Y. Yang. Symbolic pruning of concurrent program executions. In ACM SIGSOFT Symposium on Foundations of Software Engineering, pages 23–32, 2009.

Digital Library

[53]

C. Wang and M. Ganai. Predicting concurrency failures in generalized traces of x86 executables. In International Conference on Runtime Verification, pages 4–18, Sept. 2011.

Digital Library

[54]

C. Wang, S. Kundu, M. Ganai, and A. Gupta. Symbolic predictive analysis for concurrent programs. In International Symposium on Formal Methods, pages 256–272, 2009.

Digital Library

[55]

C. Wang, R. Limaye, M. Ganai, and A. Gupta. Trace-based symbolic analysis for atomicity violations. In International Conference on Tools and Algorithms for Construction and Analysis of Systems, pages 328–342, 2010.

Digital Library

[56]

C. Wang, M. Said, and A. Gupta. Coverage guided systematic concurrency testing. In International Conference on Software Engineering, pages 221–230, 2011.

Digital Library

[57]

C. Wang, Y. Yang, A. Gupta, and G. Gopalakrishnan. Dynamic model checking with property driven pruning to detect race conditions. In International Symposium on Automated Technology for Verification and Analysis, pages 126–140, 2008.

Digital Library

[58]

C. Wang, Z. Yang, V. Kahlon, and A. Gupta. Peephole partial order reduction. In International Conference on Tools and Algorithms for Construction and Analysis of Systems, pages 382–396, 2008.

Digital Library

[59]

Y. Yang, X. Chen, G. Gopalakrishnan, and R. Kirby. Efficient stateful dynamic partial order reduction. In SPIN Workshop on Model Checking Software, pages 288–305, 2008.

Digital Library

[60]

Y. Yang, X. Chen, G. Gopalakrishnan, and C. Wang. Automatic discovery of transition symmetry in multithreaded programs using dynamic analysis. In International SPIN workshop on Model Checking Software, pages 279–295, 2009.

Digital Library

[61]

Q. Yi, Z. Yang, S. Guo, C. Wang, J. Liu, and C. Zhao. Postconditioned symbolic execution. In IEEE International Conference on Software Testing, Verification and Validation, pages 1–10, 2015.

[62]

N. Zhang, M. Kusano, and C. Wang. Dynamic partial order reduction for relaxed memory models. In ACM SIGPLAN Conference on Programming Language Design and Implementation, pages 250–259, 2015.

Digital Library

Cited By

Zheng PSu BLuo XChen TZhang NZheng ZChristakis MPradel M(2024)LENT-SSE: Leveraging Executed and Near Transactions for Speculative Symbolic Execution of Smart ContractsProceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3650212.3680303(566-577)Online publication date: 11-Sep-2024
https://dl.acm.org/doi/10.1145/3650212.3680303
Zhao JWu YFeng YDong JShi C(2024)Detect atomicity violations in concurrent programs through user assistance and identification of suspicious variable access patternsJournal of Software: Evolution and Process10.1002/smr.272537:1Online publication date: 3-Sep-2024
https://doi.org/10.1002/smr.2725
Wang YGao FWang LYu TZhao JLi X(2022)Automatic Detection, Validation, and Repair of Race Conditions in Interrupt-Driven Embedded SoftwareIEEE Transactions on Software Engineering10.1109/TSE.2020.298917148:1(346-363)Online publication date: 1-Jan-2022
https://doi.org/10.1109/TSE.2020.2989171
Show More Cited By

Index Terms

Assertion guided symbolic execution of multithreaded programs

Recommendations

Conc-iSE: incremental symbolic execution of concurrent software
ASE '16: Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering

Software updates often introduce new bugs to existing code bases. Prior regression testing tools focus mainly on test case selection and prioritization whereas symbolic execution tools only handle code changes in sequential software. In this paper, we ...
Symbolic pruning of concurrent program executions
ESEC/FSE '09: Proceedings of the 7th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering

We propose a new algorithm for verifying concurrent programs, which uses concrete executions to partition the program into a set of lean partitions called concurrent trace programs (CTPs), and symbolically verifies each CTP using a satisfiability ...
Symbolic execution of multithreaded programs from arbitrary program contexts
OOPSLA '14

We describe an algorithm to perform symbolic execution of a multithreaded program starting from an arbitrary program context. We argue that this can enable more efficient symbolic exploration of deep code paths in multithreaded programs by allowing the ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ESEC/FSE 2015: Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering

August 2015

1068 pages

ISBN:9781450336758

DOI:10.1145/2786805

General Chair:
Elisabetta Di Nitto
Politecnico di Milano, Italy
,
Program Chairs:
Mark Harman
University College London, UK
,
Patrick Heymans
University of Namur, Belgium

Copyright © 2015 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSOFT: ACM Special Interest Group on Software Engineering

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 August 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ESEC/FSE'15

Sponsor:

SIGSOFT

ESEC/FSE'15: Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering

August 30 - September 4, 2015

Bergamo, Italy

Acceptance Rates

Overall Acceptance Rate 112 of 543 submissions, 21%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

38
Total Citations
View Citations
531
Total Downloads

Downloads (Last 12 months)34
Downloads (Last 6 weeks)6

Reflects downloads up to 02 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Zheng PSu BLuo XChen TZhang NZheng ZChristakis MPradel M(2024)LENT-SSE: Leveraging Executed and Near Transactions for Speculative Symbolic Execution of Smart ContractsProceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3650212.3680303(566-577)Online publication date: 11-Sep-2024
https://dl.acm.org/doi/10.1145/3650212.3680303
Zhao JWu YFeng YDong JShi C(2024)Detect atomicity violations in concurrent programs through user assistance and identification of suspicious variable access patternsJournal of Software: Evolution and Process10.1002/smr.272537:1Online publication date: 3-Sep-2024
https://doi.org/10.1002/smr.2725
Wang YGao FWang LYu TZhao JLi X(2022)Automatic Detection, Validation, and Repair of Race Conditions in Interrupt-Driven Embedded SoftwareIEEE Transactions on Software Engineering10.1109/TSE.2020.298917148:1(346-363)Online publication date: 1-Jan-2022
https://doi.org/10.1109/TSE.2020.2989171
Bose PDas DChen YFeng YKruegel CVigna G(2022)SAILFISH: Vetting Smart Contract State-Inconsistency Bugs in Seconds2022 IEEE Symposium on Security and Privacy (SP)10.1109/SP46214.2022.9833721(161-178)Online publication date: May-2022
https://doi.org/10.1109/SP46214.2022.9833721
Yavuz T(2022)SIFT: A Tool for Property Directed Symbolic Execution of Multithreaded Software2022 IEEE Conference on Software Testing, Verification and Validation (ICST)10.1109/ICST53961.2022.00049(433-443)Online publication date: Apr-2022
https://doi.org/10.1109/ICST53961.2022.00049
Huang ZWhite M(2022)Semantic-Aware Vulnerability Detection2022 IEEE International Conference on Cyber Security and Resilience (CSR)10.1109/CSR54599.2022.9850330(68-75)Online publication date: 27-Jul-2022
https://doi.org/10.1109/CSR54599.2022.9850330
Cai YYao PZhang CFreund SYahav E(2021)Canary: practical static detection of inter-thread value-flow bugsProceedings of the 42nd ACM SIGPLAN International Conference on Programming Language Design and Implementation10.1145/3453483.3454099(1126-1140)Online publication date: 19-Jun-2021
https://dl.acm.org/doi/10.1145/3453483.3454099
Chen DJiang YXu CMa X(2021)On interleaving space exploration of multi-threaded programsFrontiers of Computer Science: Selected Publications from Chinese Universities10.1007/s11704-020-9501-615:4Online publication date: 1-Aug-2021
https://dl.acm.org/doi/10.1007/s11704-020-9501-6
Chen HGuo SXue YSui YZhang CLi YWang HLiu YCapkun SRoesner F(2020)MUZZProceedings of the 29th USENIX Conference on Security Symposium10.5555/3489212.3489343(2325-2342)Online publication date: 12-Aug-2020
https://dl.acm.org/doi/10.5555/3489212.3489343
Brown FStefan DEngler DCapkun SRoesner F(2020)SysProceedings of the 29th USENIX Conference on Security Symposium10.5555/3489212.3489224(199-216)Online publication date: 12-Aug-2020
https://dl.acm.org/doi/10.5555/3489212.3489224
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten