Refinement of structural heuristics for model checking of concurrent programs through data mining
Pages 170 - 188
Abstract
Detecting concurrency bugs in multi-threaded programs through model-checking is complicated by the combinatorial explosion in the number of ways that different threads can be interleaved to produce different combinations of behaviors. At the same time, concurrency bugs tend to be limited in their scope and scale due to the way in which concurrent programs are designed, and making visible the rules that govern the relationships between threads can help us to better identify which interleavings are worth investigating. In this work, patterns of read-write sequences are mined from a single execution of the target program to produce a quantitative, categorical model of thread behaviors. This model is exploited by a novel structural heuristic. Experiments with a proof-of-concept implementation, built using Java Pathfinder and WEKA, demonstrate that this heuristic locates bugs faster and more reliably than a conventional counterpart. HighlightsThe paper explores how model checking can be hybridized with trace analysis.Traces are mined to produce a categorical model of thread behavior.A heuristic for race detection is retrofitted to exploit the behavior model.With proper parameterization, the novel heuristic finds bugs 8 faster.A novel mutation-based benchmark generation process is introduced for validation.
References
[1]
Alba E, Troya JM. Genetic algorithms for protocol validation. In: Parallel problem solving from nature-PPSN IV. Springer; 1996. p. 869-79.
[2]
Andrews JH, Briand LC, Labiche Y. Is mutation an appropriate tool for testing experiments? In: Proceedings of the 27th international conference on software engineering. ACM; 2005. p. 402-11.
[3]
Bhadra J, Abadir MS, Wang LC, Ray S. A survey of hybrid techniques for functional verification. IEEE Des Test Comput 2007;(2):112-22.
[4]
Bowring JF, Harrold MJ, Rehg JM. Improving the classification of software behaviors using ensembles of control-flow and data-flow classifiers. Technical report GIT-CERCS-05-10. Georgia Institute of Technology; 2005.
[5]
Bowring JF, Rehg JM, Harrold MJ. Active learning for automatic classification of software behavior. In: ACM SIGSOFT software engineering notes, vol. 29. ACM; 2004. p. 195-205.
[6]
Bradbury JS, Cordy JR, Dingel J. Mutation operators for concurrent java (j2se 5.0). In: Second workshop on mutation analysis, 2006. IEEE; 2006. p. 11.
[7]
F. Chicano, E. Alba, Ant colony optimization with partial order reduction for discovering safety property violations in concurrent models, Inf Process Lett, 106 (2008) 221-231.
[8]
Cordy JR. Txl-a language for programming language tools and applications. In: Electronic notes in theoretical computer science, vol. 110; 2004. p. 3-31.
[9]
J.R. Cordy, The txl source transformation language, Sci Comput Program, 61 (2006) 190-210.
[10]
J.R. Cordy, T.R. Dean, A.J. Malton, K.A. Schneider, Source transformation in software engineering using the txl transformation system, Inf Softw Technol, 44 (2002) 827-837.
[11]
J.R. Cordy, C.D. Halpern-Hamu, E. Promislow, Txl, Comput Lang, 16 (1991) 97-107.
[12]
Delahaye M, Du Bousquet L. A comparison of mutation analysis tools for java. In: 2013 13th international conference on quality software (QSIC). IEEE; 2013. p. 187-95.
[13]
Delamaro M, Pezze M, Vincenzi AM, Maldonado JC. Mutant operators for testing concurrent java programs. In: Brazilian symposium on software engineering; 2001. p. 272-85.
[14]
Détienne F. Expert programming knowledge: a schema-based approach. arXiv preprint cs/0702003; 2007.
[15]
Dickinson W, Leon D, Podgurski A. Finding failures by cluster analysis of execution profiles. In: Proceedings of the 23rd international conference on software engineering. IEEE Computer Society; 2001. p. 339-48.
[16]
H. Do, S. Elbaum, G. Rothermel, Supporting controlled experimentation with testing techniques, Empir Softw Eng, 10 (2005) 405-435.
[17]
Do H, Rothermel G. A controlled experiment assessing test case prioritization techniques via mutation faults. In: Proceedings of the 21st IEEE international conference on software maintenance, 2005. ICSM'05. IEEE; 2005. p. 411-20.
[18]
El-Ramly M, Stroulia E, Sorenson P. Recovering software requirements from system-user interaction traces. In: Proceedings of the 14th international conference on software engineering and knowledge engineering. ACM; 2002. p. 447-54.
[19]
Engler D, Musuvathi M. Static analysis versus software model checking for bug finding. In: Verification, model checking, and abstract interpretation. Springer; 2004. p. 191-210.
[20]
Eytani Y, Ur S. Compiling a benchmark of documented multi-threaded bugs. In: Proceedings of 18th international parallel and distributed processing symposium, 2004. IEEE; 2004. p. 266.
[21]
Farchi E, Nir Y, Ur S. Concurrent bug patterns and how to test them. In: Proceedings of international parallel and distributed processing symposium, 2003. IEEE; 2003. p. 7.
[22]
Flanagan C, Godefroid P. Dynamic partial-order reduction for model checking software. In: ACM sigplan notices, vol. 40. ACM; 2005. p. 110-21.
[23]
Fu Q, Lou JG, Wang Y, Li J. Execution anomaly detection in distributed systems through unstructured log analysis. In: Ninth IEEE international conference on data mining, 2009. ICDM'09. IEEE; 2009. p. 149-58.
[24]
Godefroid P, Khurshid S. Exploring very large state spaces using genetic algorithms. In: Tools and algorithms for the construction and analysis of systems. Springer; 2002. p. 266-80.
[25]
Godefroid P, Nagappan N. Concurrency at microsoft: an exploratory survey. In: CAV workshop on exploiting concurrency efficiently and correctly; 2008.
[26]
Groce A, Visser W. Model checking java programs using structural heuristics. In: ACM SIGSOFT software engineering notes, vol. 27. ACM; 2002. p. 12-21.
[27]
A. Groce, W. Visser, Heuristics for model checking java programs, Int J Softw Tools Technol Transf, 6 (2004) 260-276.
[28]
M. Hall, E. Frank, G. Holmes, B. Pfahringer, P. Reutemann, I.H. Witten, The weka data mining software, ACM SIGKDD Explor Newslett, 11 (2009) 10-18.
[29]
Herlihy M, Shavit N. The art of multiprocessor programming, Revised Reprint. Elsevier; 2012.
[30]
Y. Jia, M. Harman, An analysis and survey of the development of mutation testing, IEEE Trans Softw Eng, 37 (2011) 649-678.
[31]
Jiang L, Su Z. Context-aware statistical debugging: from bug predictors to faulty control flow paths. In: Proceedings of the twenty-second IEEE/ACM international conference on automated software engineering. ACM; 2007. p. 184-93.
[32]
Kaufman L, Rousseeuw PJ. Finding groups in data: an introduction to cluster analysis, vol. 344. John Wiley & Sons; 2009.
[33]
A. Kuhn, S. Ducasse, T. Girba, Semantic clustering, Inf Softw Technol, 49 (2007) 230-243.
[34]
S. Lloyd, Least squares quantization in pcm, IEEE Trans Inf Theory, 28 (1982) 129-137.
[35]
Lu S, Park S, Seo E, Zhou Y. Learning from mistakes: a comprehensive study on real world concurrency bug characteristics. In: Proceedings of the 13th international conference on architectural support for programming languages and operating systems. ASPLOS XIII. New York, NY, USA: ACM; 2008. p. 329-39.
[36]
J. Magee, J. Kramer, State models and java programs, Wiley, 1999.
[37]
Mancoridis S, Mitchell BS, Rorres C, Chen Y, Gansner ER. Using automatic clustering to produce high-level system organizations of source code. In: International conference on program comprehension. IEEE Computer Society; 1998. p. 45.
[38]
C.S. P's¿reanu, M.B. Dwyer, W. Visser, Finding feasible abstract counter-examples, Int J Softw Tools Technol Transf, 5 (2003) 34-48.
[39]
Pelánek R, Rosecky` V, Moravec P. Complementarity of error detection techniques. In: Electronic notes in theoretical computer science, vol. 220, no. 2; 2008. p. 51-65.
[40]
D. Quinlan, Rose, Parallel Process Lett, 10 (2000) 215-226.
[41]
W.M. Rand, Objective criteria for the evaluation of clustering methods, J Am Stat Assoc, 66 (1971) 846-850.
[42]
Rungta N, Mercer EG. A context-sensitive structural heuristic for guided search model checking. In: Proceedings of the 20th IEEE/ACM international conference on automated software engineering. ACM; 2005. p. 410-3.
[43]
Rungta N, Mercer EG. Hardness for explicit state software model checking benchmarks. In: Fifth IEEE international conference on Software engineering and formal methods, 2007. SEFM 2007. IEEE; 2007. p. 247-56.
[44]
Safyallah H, Sartipi K. Dynamic analysis of software systems using execution pattern mining. In: 14th IEEE international conference on program comprehension, 2006. ICPC 2006. IEEE; 2006. p. 84-88.
[45]
Schordan M, Quinlan D. A source-to-source architecture for user-defined optimizations. In: JMLC'03: joint modular languages conference. Lecture notes in computer science, vol. 2789. Springer-Verlag; August 2003. p. 214-23.
[46]
K. Seppi, M. Jones, P. Lamborn, Guided model checking with a Bayesian meta-heuristic, Fundam Inf, 70 (2006) 111-126.
[47]
A.P. Sistla, Employing symmetry reductions in model checking, Comput Lang Syst Struct, 30 (2004) 99-137.
[48]
Staunton J, Clark JA. Finding short counterexamples in promela models using estimation of distribution algorithms. In: Proceedings of the 13th annual conference on genetic and evolutionary computation. ACM; 2011. p. 1923-30.
[49]
Visser W, P's¿reanu CS, Khurshid S. Test input generation with java pathfinder. In: ACM SIGSOFT software engineering notes, vol. 29, no. 4; 2004. p. 97-107.
[50]
Welles O, Kodar O. F for fake; 1974.
[51]
Wolpert DH, Macready WG. No free lunch theorems for search. Technical report. Technical report SFI-TR-95-02-010. Santa Fe Institute; 1995.
[52]
Wu LL, Kaiser GE. Constructing subtle concurrency bugs using synchronization-centric second-order mutation operators; 2011.
- Refinement of structural heuristics for model checking of concurrent programs through data mining
Recommendations
Model checking transactional memories
PLDI '08: Proceedings of the 29th ACM SIGPLAN Conference on Programming Language Design and ImplementationModel checking software transactional memories (STMs) is difficult because of the unbounded number, length, and delay of concurrent transactions and the unbounded size of the memory. We show that, under certain conditions, the verification problem can ...
Model checking transactional memories
Model checking transactional memories (TMs) is difficult because of the unbounded number, length, and delay of concurrent transactions, as well as the unbounded size of the memory. We show that, under certain conditions satisfied by most TMs we know of, ...
Model checking unbounded concurrent lists
We present a model checking-based method for verifying list-based concurrent set data structures. Concurrent data structures are notorious for being hard to get right and thus, their verification has received significant attention from the verification ...
Comments
Information & Contributors
Information
Published In
Copyright © Elsevier Ltd.
Publisher
Elsevier Science Publishers B. V.
Netherlands
Publication History
Published: 01 January 2017
Author Tags
Qualifiers
- Research-article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 28 Dec 2024