typestate-guided exploration of interleavings using smt robert frohardt and jonathan turner (with...
Post on 19-Dec-2015
217 views
TRANSCRIPT
Typestate-guided Exploration of Interleavings Using SMT
Robert Frohardt and Jonathan Turner
(with help from Devin Coughlin, Bor-Yuh Evan Chang, and Sriram Sankaranarayanan)
Motivation
Concurrent programs are difficult to test Many possible thread interleavings
Thread 1 Thread 2
Motivation
Concurrent programs are difficult to test Many possible thread interleavings
Instead, use SMT solver to explore interleavings automatically
Thread 1 Thread 2
Example
*x = 42
Thread Spawn b
Monitor Enter o
x = Null
Monitor Exit o
Thread Join b
Monitor Enter o
print *x
Monitor Exit o
Thread a
Thread b
a1: Thread Spawn b
a2: Monitor Enter o
a3: x = Null
a5: Thread Join b
b0: Monitor Enter o
b1: print *x
b2: Monitor Exit oa
4: Monitor Exit o
a0: *x = 42
Possible Race Condition
Example
a1: Thread Spawn b
a2: Monitor Enter o
a3: x = Null
a5: Thread Join b
b0: Monitor Enter o
b1: print *x
b2: Monitor Exit oa
4: Monitor Exit o
a0: *x = 42 Encoding
Synchronization
a1: Thread Spawn b
a2: Monitor Enter o
a3: x = Null
a5: Thread Join b
b0: Monitor Enter o
b1: print *x
b2: Monitor Exit oa
4: Monitor Exit o
a0: *x = 42 Encoding
Synchronization
Future Work
Complement dynamic analysis with static analysis of control flow
Encode the typestate model for the SMT solver Prune long error witnesses Determine feasibility of interleaving in original
program
Conclusion
Difficult to discover bad interleavings with traditional testing
But, we can explore interleavings using a trace, a typestate model, and an SMT solver
Limitations to the current approach, but we hope to address these in future iterations