YANG Ming-yuan,LUO Gui-ming

DOI: https://doi.org/10.3969/j.issn.1000-3428.2008.13.027

2008-01-01

Abstract:(Abstract)JPF is a Java program model checker developed by NASA. The module that generates the state space in JPF is rewritten to make the program waiting for model checking run under supervision. The Data-Race algorithm is applied to record warnings which guide JPF to check deadlock related threads. This design avoids the state space explosion and realizes model checking of large-scale programs with only some threads in deadlocks. A heuristic method is also proposed to optimize the efficiency of simulation running by giving different weights to live threads according to search depths. (Key words)JPF tool; concurrent programs; running information; Data-Race algorithm; heuristic search

Manna Wu,Bo Zhou,Wei Shi

DOI: https://doi.org/10.1145/1643823.1643911

2009-01-01

Abstract:In this paper, we describe a new test framework for concurrent programs. Testing on concurrent programs remains difficult due to the non-deterministic nature of concurrent programs. Approaches are proposed to surmount this difficulty. However, few of them are really effective. A new self-adaptive test framework is proposed to alleviate this problem, since it is impossible to solve it completely. This framework which is based on the study of concurrent test points tests each concurrent program like a circuit, while concurrent test points like components of the circuit. The original reason of concurrent bugs stems from the resource sharing among multiple processes or threads. Therefore, a controller is introduced in the framework to increasingly intensify resource competition via test data controlling, aiming to trigger concurrent bugs' emerging sooner once they exist.

Pu Yi,Anjiang Wei,Wing Lam,Tao Xie,Darko Marinov

DOI: https://doi.org/10.1145/3468744.3468756

2021-01-01

ACM SIGSOFT Software Engineering Notes

Abstract:Tests that modify (i.e., "pollute") the state shared among tests in a test suite are called \polluter tests". Finding these tests is im- portant because they could result in di erent test outcomes based on the order of the tests in the test suite. Prior work has proposed the PolDet technique for nding polluter tests in runs of JUnit tests on a regular Java Virtual Machine (JVM). Given that Java PathFinder (JPF) provides desirable infrastructure support, such as systematically exploring thread schedules, it is a worthwhile attempt to re-implement techniques such as PolDet in JPF. We present a new implementation of PolDet for nding polluter tests in runs of JUnit tests in JPF. We customize the existing state comparison in JPF to support the so-called \common-root iso- morphism" required by PolDet. We find that our implementation is simple, requiring only -200 lines of code, demonstrating that JPF is a sophisticated infrastructure for rapid exploration of re-search ideas on software testing. We evaluate our implementation on 187 test classes from 13 Java projects and nd 26 polluter tests. Our results show that the runtime overhead of PolDet@JPF com- pared to base JPF is relatively low, on average 1.43x. However, our experiments also show some potential challenges with JPF.

Yannic Noller,Hoang Lam Nguyen,Minxing Tang,Timo Kehrer,Lars Grunske

DOI: https://doi.org/10.1145/3364452.33644558

2019-12-02

ACM SIGSOFT Software Engineering Notes

Abstract:Regression testing ensures the correctness of the software during its evolution, with special attention on the absence of unintended side-e ects that might be introduced by changes. However, the manual creation of regression test cases, which expose divergent behavior, needs a lot of e ort. A solution is the idea of shadow symbolic execution, which takes a uni ed version of the old and the new programs and performs symbolic execution guided by concrete values to explore the changed behavior. In this work, we adapt the idea of shadow symbolic execution (SSE) and combine complete/standard symbolic execution with the idea of four-way forking to expose diverging behavior. There- fore, our approach attempts to comprehensively test the new be- haviors introduced by a change. We implemented our approach in the tool ShadowJPF+, which performs complete shadow sym- bolic execution on Java bytecode. It is an extension of the tool ShadowJPF, which is based on Symbolic PathFinder. We applied our tool on 79 examples, for which it was able to reveal more di- verging behaviors than common shadow symbolic execution. Ad- ditionally, the approach has been applied on a real-world patch for the Joda-Time library, for which it successfully generated test cases that expose a regression error.

Jiancheng Du,Daoxu Chen,Li Xie

DOI: https://doi.org/10.1007/bf02916749

1999-01-01

Abstract:JAPS is an automatic parallelizing system based on JAVA running on NOW. It implements the automatic process from dependence analysis to parallel execution. The current version of JAPS can exploit functional parallelism and the detection of data parallelism will be incorporated in the new version, which is underway. The framework and key techniques of JAPS are presented. Specific topics discussed are task partitioning, summary information collection, data dependence analysis, pre-scheduling and dynamic scheduling, etc.

Yingquan Zhao,Zan Wang,Shuang Liu,Jun Sun,Junjie Chen,Xiang Chen

DOI: https://doi.org/10.1109/tse.2022.3144480

IF: 7.4

2022-01-01

IEEE Transactions on Software Engineering

Abstract:Testing multi-threaded programs is challenging due to the enormous space of thread interleavings. Recently, a code coverage criterion for multi-threaded programs called MAP-coverage has been proposed and shown to be effective for testing concurrent programs. Existing approaches for achieving high MAP-coverage are based on random testing with simple heuristics, which is ineffective in systematically triggering rare thread interleavings. In this study, we propose a novel approach called pattern constraint reduction (PCR), which employs optimized constraint solving to generate thread interleavings for high MAP-coverage. The idea is to iteratively encode and solve path conditions to generate thread interleavings which are guaranteed to improve MAP-coverage. Furthermore, we effectively apply interpolation techniques to reduce the efforts of constraint solving by avoiding solving infeasible constraints. The experiment results on 20 benchmark programs show that our approach complements existing random testing based approaches when there are rare failure-inducing interleaving in the whole search space. Specifically, PCR finds concurrency bugs faster in 18 out of 20 programs, with an average speedup of 4.2x and a maximum speedup of 11.4x.

engineering, electrical & electronic,computer science, software engineering

Congming Chen,Wei Huo,Lung Li,Xiaobing Feng,Kai Xing

DOI: https://doi.org/10.1109/pdcat.2012.59

2012-01-01

Abstract:May-Happen-in-Parallel (MHP) analysis is a very important and fundamental mechanism to facilitate concurrent program analysis, optimization and even concurrency bug detection. However, the inefficiency in its design and implementation keeps MHP analysis away from being practical and effective. In this paper, we investigate the state-of-art of iterative data flow based (IDFB) MHP analysis and propose a new design and corresponding systematic implementation. Specifically, we address the most severe efficiency problems in node process order of the work-list in the original approach, and resolve them in our design and implementation by using the concept of parallel level to avoid redundant node visits. Our intensive experimental study shows that the proposed design and implementation have a relative speed up of 29.02× compared with the original implementation, moreover, it achieves a relative speed up of 10.00× comparing to the state-of-art of non-IDFB approach which is claimed to be more efficient than the original IDFB approach. Our design and implementation are capable of achieving an order of magnitude efficiency improvement comparing to both IDFB and non-IDFB approaches.

Zhenqiang Chen,Bin Xu,Huimin Yu

DOI: https://doi.org/10.1145/507599.507601

2001-01-01

Abstract:Information about which pairs of statements in a program can be executed concurrently is important for improving the accuracy of dataflow analysis, optimizing programs, and detecting errors. This paper presents a new method named Concurrent Control Flow Graph for representing concurrent Ada 95 programs in a simple and precise way. Based on this method, we develop an Adapted MHP algorithm that can statically detect all pairs of statements that may be executed concurrently. This algorithm checks not only whether a rendezvous can be triggered, but also whether it can be finished. Although this algorithm generates a conservative superset of the perfect pairs of statements, it is more precise than many existing methods.

Vaibhav Sharma,Soha Hussein,Michael W. Whalen,Stephen McCamant,Willem Visser

DOI: https://doi.org/10.1007/978-3-030-45237-7_27

2020-01-01

Abstract:Abstract Path-merging is a known technique for accelerating symbolic execution. One technique, named “veritesting” by Avgerinos et al. uses summaries of bounded control-flow regions and has been shown to accelerate symbolic execution of binary code. But, when applied to symbolic execution of Java code, veritesting needs to be extended to summarize dynamically dispatched methods and exceptional control-flow. Such an extension of veritesting has been implemented in Java Ranger by implementing as an extension of Symbolic PathFinder, a symbolic executor for Java bytecode. In this paper, we briefly describe the architecture of Java Ranger and describe its setup for SV-COMP 2020.

Ziyi Lin,Darko Marinov,Hao Zhong,Yuting Chen,Jianjun Zhao

DOI: https://doi.org/10.1109/ase.2015.87

2015-01-01

Abstract:Researchers have proposed various approaches to detect concurrency bugs and improve multi-threaded programs, but performing evaluations of these approaches still remains a substantial challenge. We survey the existing evaluations and find out that they often use code or bugs not representative of real world. To improve representativeness, we have prepared JaConTeBe, a benchmark suite of 47 confirmed concurrency bugs from 8 popular open-source projects, supplemented with test cases for reproducing buggy behaviors. Running three approaches on JaConTeBe shows that our benchmark suite confirms some limitations of the three approaches. We submitted JaConTeBe to the SIR repository (a software-artifact repository for rigorous controlled experiments), and it was included as a part of SIR.

Junrui Zhou,Hong An,Yunyun Wang,Junshi Chen

DOI: https://doi.org/10.1007/978-3-319-27140-8_36

2015-01-01

Abstract:Applying model checking to detect concurrency errors in larger-scale multithreaded programs is limited by state explosion problem stemming from nondeterminism. We propose a novel approach established on the insight into the relationship between thread interference and nondeterminism to break the limitation. The approach works for particular parallel region that can be divided into disjoint groups among which there is no thread interference. We demonstrate that the set of reachable states of the parallel region is the Cartesian product of reachable states of each disjoint group. Local states of disjoint groups explored in previous runs can be reused to avoid redundant state transitions such that the time consumed by successive runs is decreased. The empirical results indicate that the efficiency of model checking can be improved by orders of magnitude through local state reusing.

Lingyu Zhang,Huiyan Wang,Chuyang Chen,Chang Xu,Ping Yu

DOI: https://doi.org/10.1016/j.jss.2023.111852

IF: 3.5

2023-09-20

Journal of Systems and Software

Abstract:Smart applications can adapt their behaviors based on their understanding to environments (a.k.a. contexts). This capability can, however, incur unexpected misbehavior or even crash, when application contexts are inaccurate or conflicting with each other due to environmental noises. In the recent decade, various constraint checking techniques have been proposed to help validate contexts against consistency constraints, in order to guard context consistency in time. However, with growing environmental dynamics and context volume, it is getting increasingly challenging to ensure context consistency. In this article, we propose a novel approach, INFuse , to fuse together two lines of techniques, namely, incremental checking and concurrent checking, for sound and efficient constraint checking. Realizing such check fusion has to address the challenges rising from the gap between the micro analysis for reusable elements in incremental checking and the macro collection of parallel tasks in concurrent checking. INFuse solves them by automatically deciding maximal concurrent boundaries in a sequence of context changes, and soundly fusing incremental and concurrent checking together for context consistency, with theoretical guarantees. Our experimental evaluation with real-world context data shows that INFuse could improve constraint checking efficiency by 3.0x–120.3x, as compared with existing state-of-the-art techniques, with better checking quality.

computer science, theory & methods, software engineering

Chinmay Narayan,Subodh Sharma,Shibashis Guha,S.Arun-Kumar

DOI: https://doi.org/10.48550/arXiv.1506.07635

2016-04-28

Abstract:Nondeterminism in scheduling is the cardinal reason for difficulty in proving correctness of concurrent programs. A powerful proof strategy was recently proposed [6] to show the correctness of such programs. The approach captured data-flow dependencies among the instructions of an interleaved and error-free execution of threads. These data-flow dependencies were represented by an inductive data-flow graph (iDFG), which, in a nutshell, denotes a set of executions of the concurrent program that gave rise to the discovered data-flow dependencies. The iDFGs were further transformed in to alternative finite automatons (AFAs) in order to utilize efficient automata-theoretic tools to solve the problem. In this paper, we give a novel and efficient algorithm to directly construct AFAs that capture the data-flow dependencies in a concurrent program execution. We implemented the algorithm in a tool called ProofTraPar to prove the correctness of finite state cyclic programs under the sequentially consistent memory model. Our results are encouranging and compare favorably to existing state-of-the-art tools.

Programming Languages,Software Engineering

Chang Xu,YePang Liu,S. C. Cheung,Chun Cao,Jian Lv

DOI: https://doi.org/10.1007/s11432-013-4907-5

2013-01-01

Science China Information Sciences

Abstract:Internetware applications are emerging and being widely used.They can adapt their behavior based on environmental contexts and deliver smart services.These contexts can be subject to various noises,which cause them to be inaccurate,incomplete,or even to conflict with each other.This is known as context inconsistency problem.Context inconsistency can trigger unexpected behavior to applications,and therefore should be prevented.One promising approach is to check contexts against consistency constraints so as to detect the occurrences of context inconsistency at runtime.Existing techniques have attempted different ways to improve the checking efficiency or effectiveness with different trade-offs in space overhead or communication cost.However,none of them has exploited multi-core computing capability to systematically improve the checking efficiency.In this paper,we propose a novel concurrent checking technique Con-C to efficiently detect inconsistencies in huge volumes of dynamic contexts.Con-C derives checking subtasks for each consistency constraint based on its structure and semantics.It achieves this in a fully automated way,and at the same time can guarantee its derived checking subtasks to be persistently balanced.We evaluated Con-C by controlled experiments through a large-scale real-world application.It reported promising results that Con-C improved the checking efficiency by extra 57.0%,in addition to what had been gained by incremental checking.

Zu-Ming Jiang,Jia-Ju Bai,Kangjie Lu,Shi-Min Hu

DOI: https://doi.org/10.14722/ndss.2022.24296

2022-01-01

Abstract:Fuzzing is popular for bug detection and vulnerability discovery nowadays.To adopt fuzzing for concurrency problems like data races, several recent concurrency fuzzing approaches consider concurrency information of program execution, and explore thread interleavings by affecting thread scheduling at runtime.However, these approaches are still limited in data-race detection.On the one hand, they fail to consider the execution contexts of thread interleavings, which can miss real data races in specific runtime contexts.On the other hand, they perform random thread-interleaving exploration, which frequently repeats already covered thread interleavings and misses many infrequent thread interleavings.In this paper, we develop a novel concurrency fuzzing framework named CONZZER, to effectively explore thread interleavings and detect hard-to-find data races.The core of CONZZER is a context-sensitive and directional concurrency fuzzing approach for thread-interleaving exploration, with two new techniques.First, to ensure context sensitivity, we propose a new concurrencycoverage metric, concurrent call pair, to describe thread interleavings with runtime calling contexts.Second, to directionally explore thread interleavings, we propose an adjacency-directed mutation to generate new possible thread interleavings with already covered thread interleavings and then use a breakpointcontrol method to attempt to actually cover them at runtime.With these two techniques, this concurrency fuzzing approach can effectively cover infrequent thread interleavings with concrete context information, to help discover hard-to-find data races.We have evaluated CONZZER on 8 user-level applications and 4 kernel-level filesystems, and found 95 real data races.We identify 75 of these data races to be harmful and send them to related developers, and 44 have been confirmed.We also compare CONZZER to existing fuzzing tools, and CONZZER continuously explores more thread interleavings and finds many real data races missed by these tools.

Yanyan Jiang,Chang Xu,Xiaoxing Ma

DOI: https://doi.org/10.1145/2541534.2541591

2013-01-01

Abstract:ABSTRACTConcurrency programs are hard to test or debug due to their non-deterministic nature. Existing dynamic program analysis approaches tried to address this by carefully examine a recorded execution trace. However, developing such analysis tools is complicated, requiring to take care of many tedious implementation details, and comparing and evaluating different analysis approaches are also subject to various biases, due to lack of a common base platform. This motivates us to design DPAC, an infrastructure that support in building dynamic program analysis tools for concurrency Java programs. DPAC takes events and their various processing mechanisms as its underlying model to facilitate monitoring and manipulation of program executions as required by dynamic program analysis. Various analysis tools can be implemented by customizing their required event types and processing mechanisms. We show two concrete case studies how our DPAC helps building existing dynamic program analysis approaches, as well as tuning subtle implementation details for supporting customized function implementation and code transformation.

Hanru Jiang,Hongjin Liang,Siyang Xiao,Junpeng Zha,Xinyu Feng

DOI: https://doi.org/10.1145/3314221.3314595

2019-01-01

Abstract:Certified separate compilation is important for establishing end-to-end guarantees for certified systems consisting of multiple program modules. There has been much work building certified compilers for sequential programs. In this paper, we propose a language-independent framework consisting of the key semantics components and lemmas that bridge the verification gap between the compilers for sequential programs and those for (race-free) concurrent programs, so that the existing verification work for the former can be reused. One of the key contributions of the framework is a novel footprint-preserving compositional simulation as the compilation correctness criterion. The framework also provides a new mechanism to support confined benign races which are usually found in efficient implementations of synchronization primitives. With our framework, we develop CASCompCert, which extends CompCert for certified separate compilation of race-free concurrent Clight programs. It also allows linking of concurrent Clight modules with x86-TSO implementations of synchronization primitives containing benign races. All our work has been implemented in the Coq proof assistant.

KP Jevitha,Bharat Jayaraman,M Sethumadhavan

2024-06-18

Abstract:Finite-state models are ubiquitous in the study of concurrent systems, especially controllers and servers that operate in a repetitive cycle. In this paper, we show how to extract finite state models from a run of a multi-threaded Java program and carry out runtime verification of correctness properties. These properties include data-oriented and control-oriented properties; the former express correctness conditions over the data fields of objects, while the latter are concerned with the correct flow of control among the modules of larger software. As the extracted models can become very large for long runs, the focus of this paper is on constructing reduced models with user-defined abstraction functions that map a larger domain space to a smaller one. The abstraction functions should be chosen so that the resulting model is property preserving, i.e., proving a property on the abstract model carries over to the concrete model. The main contribution of this paper is in showing how runtime verification can be made efficient through online property checking on property-preserving abstract models. The property specification language resembles a propositional linear temporal logic augmented with simple datatypes and operators. Classic concurrency examples and larger case studies (Multi-rotor Drone Controller, OAuth Protocol) are presented in order to demonstrate the usefulness of our proposed techniques, which are incorporated in an Eclipse plug-in for runtime visualization and verification of Java programs.

Software Engineering

Zq Chen,Bw Xu

DOI: https://doi.org/10.1145/375431.375420

2001-01-01

ACM SIGPLAN Notices

Abstract:Program slicing is an important approach to testing, understanding and maintaining programs. The paper presents a slicing algorithm for concurrent Java programs. Because the execution process of concurrent programs is unpredictable, there are many problems to be solved when slicing. To slice concurrent Java programs, we present concurrent control flow graphs and concurrent program dependence graph to represent concurrent Java programs. Based on these models. we design an efficient static slicing algorithm for concurrent Java programs. The algorithm may get more precise slices than previous approaches we know.

Yang Wang,Kenneth B. Kent

DOI: https://doi.org/10.1109/PDP.2017.69

2017-01-01

Abstract:As multicore architectures dominate mainstream computing platforms, migrating legacy applications into their parallel representation becomes a viable approach to reaping the benefits of multicore computing. In this paper we present a dataflow analysis tool that assists programmers to exploit the coarse-grained pipeline parallelism in stream-like Java applications on multicores. With this tool, programmers can partition a source Java program into a set of regions, which as pipeline stages, are connected via data channels to execute on multicores. To this end, we propose a simple yet effective framework that leverages JVMTI (JVM Tool Interface) and Java agent techniques to track the data communication patterns among different regions, whereby a stream graph of the program is constructed. The graph is further used by the framework and programmers to re-factor the Java application into a pipelined program so that the potential of the multicores can be fully utilized. This procedure can be repeated in several rounds to progressively improve the performance. By applying this tool to several selected benchmarks, we demonstrate the effectiveness of the approach in terms of the performance improvements of some stream-like Java applications.