Abstract
We present a new approach for stateless model checking (SMC) of multithreaded programs under Sequential Consistency (SC) semantics. To combat state-space explosion, SMC is often equipped with a partial-order reduction technique, which defines an equivalence on executions, and only needs to explore one execution in each equivalence class. Recently, it has been observed that the commonly used equivalence of Mazurkiewicz traces can be coarsened but still cover all program crashes and assertion violations. However, for this coarser equivalence, which preserves only the reads-from relation from writes to reads, there is no SMC algorithm which is (i) optimal in the sense that it explores precisely one execution in each reads-from equivalence class, and (ii) efficient in the sense that it spends polynomial effort per class. We present the first SMC algorithm for SC that is both optimal and efficient in practice , meaning that it spends polynomial time per equivalence class on all programs that we have tried. This is achieved by a novel test that checks whether a given reads-from relation can arise in some execution. We have implemented the algorithm by extending Nidhugg, an SMC tool for C/C++ programs, with a new mode called rfsc. Our experimental results show that Nidhugg/rfsc, although slower than the fastest SMC tools in programs where tools happen to examine the same number of executions, always scales similarly or better than them, and outperforms them by an exponential factor in programs where the reads-from equivalence is coarser than the standard one. We also present two non-trivial use cases where the new equivalence is particularly effective, as well as the significant performance advantage that Nidhugg/rfsc offers compared to state-of-the-art SMC and systematic concurrency testing tools.
Highlights
Ensuring correctness of concurrent programs is difficult
The consistency check consists of three phases
120490 29.91 1195 1.99 11995 227.46 on the circular-buffer benchmark that does contain assertions, Nidhugg/rfsc has performance almost identical to RCMC. (iii) No single tool is fastest overall: CDSChecker beats all other tools by more than six times on circular-buffer, while RCMC beats all other tools in all other benchmarks, in cases where it manages to explore the optimal number of executions, and on fib-bench where it explores about 3.5 times more executions. (iv) Tools that do not employ optimal algorithms explore a significant number of redundant executions and this can significantly hurt their performance; cf
Summary
Ensuring correctness of concurrent programs is difficult. Under sequential consistency (SC), the memory model to which we confine ourselves in this paper, one must consider all the different ways in which actions of threads can be interleaved. To exploit the potential efficiency gains offered by the rf equivalence fully, we should design a SMC algorithm that is both (i) optimal in the sense that it explores precisely one execution in each equivalence class, and (ii) efficient in the sense of spending only a small (at most polynomial in the size of the program) effort per equivalence class. Several recent SMC techniques [Aronis et al 2018; Chalupa et al 2018; Huang 2015; Norris and Demsky 2016] try to exploit the potential offered by equivalences that are coarser than Mazurkiewicz traces They are far from optimal in the above sense, since in general they explore a significant number of different executions that are rf equivalent. (5) A presentation of use cases in which the rf equivalence, and our new algorithm, provides a significant performance advantage over other SMC techniques
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
