Coverage Guided Systematic Concurrency Testing
Main idea:This paper has proposed a coverage-guided systematic concurrency testing algorithm, where ordering constraints learned from the good test runs are used to guide the selection of high-risk interleavings for future test execution. We propose HaPSets to capture these ordering constraints and use them as a metric to cover important concurrency scenarios. This selective search strategy, in comparison to exhaustively testing all possible interleavings, can significantly increase the coverage of important concurrency scenarios with a reasonable cost, while maintaining the capability of detecting subtle bugs manifested only by rare interleavings.
1.The State Space
We use S to denote the set of program states. A transition S e→S advances the program from one state to a successor state by executing an event e.We use s e→s′ to denote that event e is enabled in s, and state s′ is the next state.
2.Predecessor Sets
Definition 1 (PSet). Given a set {ρ1, . . . , ρn} of interleavings and a memory-accessing statement st ∈ Stmt.The predecessor set, denoted PSet[st], is a set {st1, . . . , stk} of statements such that, for all i : 1 ≤ i ≤ k, an event produced by statement st is immediately dependent upon an
event produced by statement sti in some interleaving ρj ,where 1 ≤ j ≤ n.
3.ORDERING CONSTRAINTS
Definition 2 (HaPSet). Given a set {ρ1, . . . , ρn} of interleavings and a shared memory-accessing or synchronization statement st ∈ Stmt. The History-aware Predecessor Set, or HaPSet[st], is a set {st1, . . . , stk} of statements such that, for all i : 1 ≤ i ≤ k, an event e produced by st is immediately dependent upon an event ei produced by sti in some interleaving ρj , where 1 ≤ j ≤ n.
Example:
1) Atomicity Violation
Consider Figure 1 again, where the block containing e2, e3 is meant to be executed atomically–it first confirms that pointer p is not null and then stores 10 to the pointed memory location. Therefore, whether e2 and e3 are two consecutive reads of an interleaving is key to deciding whether the interleaving is buggy.HaPSets can capture this atomicity constraint.
The HaPSets leaned from all the good runs are as follows,
HaPSet[e1] = {e2}, HaPSet[e2] = {e1, e4},
HaPSet[e3] = { }, HaPSet[e4] = {e3}.
One such interleaving is ρ′ = e1e2e4e3, which violates the atomicity and leads to the dereference of a null pointer. Note that ρ′ corresponds to HaPSet[e3] = {e4} and HaPSet[e4] = {e2}.
2) Busy Waiting
When using HaPSets as guidance, we can avoid the aforementioned excessive backtracking because none of these interleavings can offer a concurrency scenario that has not been covered by the HaPSets.
