Abstract

This work strives to make formal verification of POSIX multithreaded programs easily accessible to general programmers. Sthread operates directly on multithreaded C/C++ programs, without the need for an intermediate formal model. Sthread is in-vivo in that it provides a drop-in replacement for the pthread library, and operates directly on the compiled target executable and application libraries. There is no compiler-generated intermediate representation. The system calls in the application remain unaltered. Optionally, the programmer can add a small amount of additional native C code to include assertions based on the user's algorithm, declarations of shared memory regions, and progress/liveness conditions. The work has two important motivations: (i) It can be used to verify correctness of a concurrent algorithm being implemented with multithreading; and (ii) it can also be used pedagogically to provide immediate feedback to students learning either to employ POSIX threads system calls or to implement multithreaded algorithms. This work represents the first example of in-vivo model checking operating directly on the standard multithreaded executable and its libraries, without the aid of a compiler-generated intermediate representation. Sthread leverages the open-source SimGrid libraries, and will eventually be integrated into SimGrid. Sthread employs a non-preemptive model in which thread context switches occur only at multithreaded system calls (e.g., mutex, semaphore) or before accesses to shared memory regions. The emphasis is on finding "algorithmic bugs" (bugs in an original algorithm, implemented as POSIX threads and shared memory regions. This work is in contrast to Context-Bounded Analysis (CBA), which assumes a preemptive model for threads, and emphasizes implementation bugs such as buffer overruns and write-after-free for memory allocation. In particular, the Sthread in-vivo approach has strong future potential for pedagogy, by providing immediate feedback to students who are first learning the correct use of Pthreads system calls in implementation of concurrent algorithms based on multithreading.

Highlights

  • Sthread is an in-vivo, explicit-state model checker used to find race conditions, deadlock, assertion failures, and other bugs associated with multithreaded programs

  • The user’s C/C++ code is compiled as usual by the user’s preferred compiler, but Sthread replaces the Linux pthread library with an Sthread/SimGrid library and the user’s C/C++ code is re-compiled with an sthread include file instead of the traditional pthread include file

  • SimGrid operates by providing a communication library that replaces the native communication library. in the case of distributed programming, SimGrid provides a replacement for the native inter-process communication (IPC) library

Read more

Summary

Introduction

Sthread is an in-vivo, explicit-state model checker used to find race conditions, deadlock, assertion failures, and other bugs associated with multithreaded programs. Sthread executes directly on C/C++ code that implements concurrent algorithms using the POSIX multithreaded system calls (mutex, semaphore, etc.) and shared memory regions. By limiting thread context switches to POSIX system calls, Sthread is better able to limit the exponential explosion of states and explore more deeply into the execution of a program This is suitable for checking the algorithm used by an implementation, both in production code and for checking student-generated code for pedagogical purposes. Sthread allows the programmer to add simple C/C++ code (e.g., sched_yield) to annotate the algorithmic use of shared memory, or the addition of C/C++ variables to verify application-specific liveness properties The power of this approach is in keeping the Sthread implementation small and efficient, in contrast to ambitious approaches employing more costly models of thread preemption and general application-independent liveness properties.

A First Example
Design and Implementation
Related Work
Conclusion and Future Work
Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call