Predicting Null-Pointer Dereferences in Concurrent Programs. Parthasarathy Madhusudan Niloofar Razavi Francesco Sorrentino

Similar documents
c 2014 by Francesco Sorrentino. All rights reserved.

EFFECTIVE HEURISTIC-BASED TEST GENERATION TECHNIQUES FOR CONCURRENT SOFTWARE. Niloofar Razavi

DoubleChecker: Efficient Sound and Precise Atomicity Checking

DISTRIBUTED COMPUTER SYSTEMS

IT 540 Operating Systems ECE519 Advanced Operating Systems

Predicting Atomicity Violations in Concurrent Programs via Planning

Replication. Consistency models. Replica placement Distribution protocols

Maximal Causality Reduction for TSO and PSO. Shiyou Huang Jeff Huang Parasol Lab, Texas A&M University

Workload Optimization on Hybrid Architectures

Symbolic Execution. Wei Le April

ArgoSMTExpression: an SMT-LIB 2.0 compliant expression library

ECE 587 Hardware/Software Co-Design Lecture 07 Concurrency in Practice Shared Memory I

RiSE: Relaxed Systems Engineering? Christoph Kirsch University of Salzburg

Threads and Too Much Milk! CS439: Principles of Computer Systems January 31, 2018

The Operating System. Chapter 6

(b) External fragmentation can happen in a virtual memory paging system.

آنستیتیوت تکنالوجی معلوماتی و مخابراتی ICTI

殷亚凤. Consistency and Replication. Distributed Systems [7]

Readings and References. Virtual Memory. Virtual Memory. Virtual Memory VPN. Reading. CSE Computer Systems December 5, 2001.

Threads and Too Much Milk! CS439: Principles of Computer Systems February 6, 2019

ENCM 501 Winter 2019 Assignment 9

The Java Memory Model

Lecture 21: Transactional Memory. Topics: consistency model recap, introduction to transactional memory

CRI: Symbolic Debugger for MCAPI Applications

* What are the different states for a task in an OS?

Chapter 5 Concurrency: Mutual Exclusion and Synchronization

Appendix to The Health of Software Engineering Research

Duet: Static Analysis for Unbounded Parallelism

ECE 7650 Scalable and Secure Internet Services and Architecture ---- A Systems Perspective. Part I: Operating system overview: Processes and threads

Questions answered in this lecture: CS 537 Lecture 19 Threads and Cooperation. What s in a process? Organizing a Process

Parallel Discrete Event Simulation

Synchronization I. Jo, Heeseung

Learning from Bad Examples. CSCI 5828: Foundations of Software Engineering Lecture 25 11/18/2014

Concurrent Programming

Chapter 4: Threads. Operating System Concepts. Silberschatz, Galvin and Gagne

o Reality The CPU switches between each process rapidly (multiprogramming) Only one program is active at a given time

CS162 Operating Systems and Systems Programming Lecture 11 Page Allocation and Replacement"

Concurrency control (1)

Garbage Collection Algorithms. Ganesh Bikshandi

The Problem with Threads

CSE 307: Principles of Programming Languages

CS 326: Operating Systems. Process Execution. Lecture 5

Concurrent Programming

Going With the (Data) Flow

CS370 Operating Systems Midterm Review

SMD149 - Operating Systems

Dealing with Issues for Interprocess Communication

Preview. The Thread Model Motivation of Threads Benefits of Threads Implementation of Thread

Consistency and Replication 1/65

Coherence and Consistency

Concurrency. Lecture 14: Concurrency & exceptions. Why concurrent subprograms? Processes and threads. Design Issues for Concurrency.

Memory management, part 2: outline. Operating Systems, 2017, Danny Hendler and Amnon Meisels

Advanced Threads & Monitor-Style Programming 1/24

Lecture: Consistency Models, TM. Topics: consistency models, TM intro (Section 5.6)

Motivation of Threads. Preview. Motivation of Threads. Motivation of Threads. Motivation of Threads. Motivation of Threads 9/12/2018.

Threads. Raju Pandey Department of Computer Sciences University of California, Davis Spring 2011

THE PROCESS ABSTRACTION. CS124 Operating Systems Winter , Lecture 7

Lecture 12: Hardware/Software Trade-Offs. Topics: COMA, Software Virtual Memory

Deterministic Shared Memory Multiprocessing

Part V. Process Management. Sadeghi, Cubaleska RUB Course Operating System Security Memory Management and Protection

Memory Management - Demand Paging and Multi-level Page Tables

Grassroots ASPLOS. can we still rethink the hardware/software interface in processors? Raphael kena Poss University of Amsterdam, the Netherlands

stack Two-dimensional logical addresses Fixed Allocation Binary Page Table

Lecture Notes on Memory Layout

From Symbolic Execution to Concolic Testing. Daniel Paqué

Problems with Concurrency

the complexity of predicting atomicity violations

Native POSIX Thread Library (NPTL) CSE 506 Don Porter

Memory management, part 2: outline

Workshop 1: Specification for SystemC-AADL interoperability

CS162 Operating Systems and Systems Programming Lecture 14. Caching (Finished), Demand Paging

Well, you need to capture the notions of atomicity, non-determinism, fairness etc. These concepts are not built into languages like JAVA, C++ etc!

DATA STRUCTURE AND ALGORITHM USING PYTHON

Major Requirements of an OS

Program Analysis and Code Verification

NDSeq: Runtime Checking for Nondeterministic Sequential Specs of Parallel Correctness

The Java Memory Model

Software Architecture

Concurrent Programming

USING PAPYRUS IN A DESIGN SPACE EXPLORATION TOOLCHAIN CURRENT DEVELOPMENTS AT FLANDERS MAKE

Vulcan: Hardware Support for Detecting Sequential Consistency Violations Dynamically

Introducing Shared-Memory Concurrency

A unified machine-checked model for multithreaded Java

Scalable Concurrent Hash Tables via Relativistic Programming

OCL Support in MOF Repositories

ESBMC 1.22 (Competition Contribution) Jeremy Morse, Mikhail Ramalho, Lucas Cordeiro, Denis Nicole, Bernd Fischer

Slides by Y. Nir-Buchbinder, adapted by O. Agmon Ben-Yehuda 1/30

Processes and Threads Implementation

Fiji VM Safety Critical Java

Tracing Data Flows to Find Concurrency Errors

CROWDMARK. Examination Midterm. Spring 2017 CS 350. Closed Book. Page 1 of 30. University of Waterloo CS350 Midterm Examination.

Interoperation of tasks

More Lambda Calculus and Intro to Type Systems

CMSC 330: Organization of Programming Languages

Black-box and Gray-box Strategies for Virtual Machine Migration

Design Patterns for Real-Time Computer Music Systems

Concurrency, Mutual Exclusion and Synchronization C H A P T E R 5

Go GC: Prioritizing Low Latency and Simplicity

Chapter 5 Concurrency: Mutual Exclusion. and. Synchronization. Operating Systems: Internals. and. Design Principles

An introduction to weak memory consistency and the out-of-thin-air problem

Transcription:

Predicting Null-Pointer Dereferences in Concurrent Programs After work by: Azadeh Farzan Parthasarathy Madhusudan Niloofar Razavi Francesco Sorrentino

Overview The problem The idea The solution The evaluation

The problem Virtual memory segments can be assigned at will by the operating system. However, in many (in the case of C, arguably most) cases, the value that s assigned to a pointer is not meant to be used as an offset to a memory location usually it s assigned there by mistake. To prevent invalid values being pulled from there, the OS prevents mapping the first (few) page(s) of the virtual memory space to physical memory address space. The MMU, via hardware traps, causes the OS to signal a software failure in case of an errorneous dereference. Most common consequence is having the process killed by the OS with a SIGSEGV signal (in case of POSIX systems).

But Java? No direct memory manipulation involved (viva la máquina virtual)......but the null value still has its uses: Default reference-type pointer or pointer initialization in general; for example, we might want to keep said pointer in a clearly invalid state if it s yet to be assigned a valid object; Signalling lack of further (valid) use for the object; To speed up the GC taking care of the object by removing references (although it s non-deterministic and in general considered bad practice).

But Java? The problem is most prominent in the case of multi-threaded applications. A very simple example: a FIFO queue without an appropriate locking mechanism. A different example from the paper:

The idea Can t quite avoid using null values in many cases; While Java offers a mechanism for graceful handling of null pointer dereferences (the NullPointerExceptions), performing manual checks is tedious and error-prone. What about the techniques for testing concurrent applications we already know? A lot of them revolve around rescheduling operations done by different threads and simulating such runs in order to discover troublesome operation interleavings.

The idea What about the techniques for testing concurrent applications we already know? A lot of them revolve around rescheduling operations done by different threads and simulating such runs in order to discover troublesome operation interleavings. The goal would be to find such thread interleavings for which a write of null to a variable would be immediately (with regards to operations done on that variable) followed by a read, causing a null to be dereferenced. Just permutating through possible interleavings won t do - we still need to account for scalability and reliability of the solution.

The solution Authors proposed the following framework for solving the problem of simulating runs causing a null pointer dereference:

The solution The main entity the process revolves around is a null-wr pair. It s a pair α = (e, f), where e denotes an operation of assigning a null value to a reference and f denotes a read operation on that reference. The goal is to extract those pairs from a reference run and search for interleavings that will cause a NullPointerException to be raised.

The solution First, using static analysis, all null-wr pairs are detected; Then, for each of them, a lock validity test is performed to check if the pair is feasible in regards to locking semantics. All pairs that are left are then transferred to the segment generator.

The solution Every pair is analyzed in relation to the reference run in order to shorten the run to a segment including only relevant operations, i.e. those pertaining to the variable under test and to any locks that could potentially be used when the variable is used. The resulting segments are then passed to the SMT solver, while their prefixes left after prunning are passed to the run generator which will concatenate predicted feasible interleavings to it and pass it to the virtual machine for testing.

The solution The segments are then analyzed in order to prepare a set of logical constraints in accordance to the maximal causal model, capturing sequential consistency, lock-, data- and thread creation validity. Such set of constraints is then passed to the Z3 SMT logical solver, which either passes the solution it found as series of event timestamps to the run generator or reports that no solution has been found; in such a case, data-validity constraints are iteratively relaxed until a solution is found.

The solution Predicted runs pertaining to the maximal causal model are then concatenated to the prefix taken from the segment generator and passed to the virtual machine s scheduler for testing. The framework also included a data-race detection unit which was not described in detail in the paper.

The evaluation

The evaluation

The evaluation The prediction and scheduling time is fairly reasonable, considering the use of a sophisticated logic solver. The results of benchmarks turned out to be very good: about 40 exceptions with null-pointer dereferences and 60 data races, which is the most successful attempt at finding errors on these benchmarks in the literature. All errors were also found to be deterministically reproducible using the scheduler.

Thank you for your attention. Any questions?

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback