CN111858361B - Atomic violation defect detection method based on prediction and parallel verification strategy - Google Patents
Atomic violation defect detection method based on prediction and parallel verification strategy Download PDFInfo
- Publication number
- CN111858361B CN111858361B CN202010719864.4A CN202010719864A CN111858361B CN 111858361 B CN111858361 B CN 111858361B CN 202010719864 A CN202010719864 A CN 202010719864A CN 111858361 B CN111858361 B CN 111858361B
- Authority
- CN
- China
- Prior art keywords
- candidate
- defect
- thread
- interlaces
- interleaving
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3604—Software analysis for verifying properties of programs
- G06F11/3612—Software analysis for verifying properties of programs by runtime analysis
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/30—Computing systems specially adapted for manufacturing
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Quality & Reliability (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention discloses an atomic violation defect detection method based on a prediction and parallel verification strategy, which comprises the following steps: candidate interleaving is used as replacement of defect interleaving in non-defect execution, and potential triggerable defects are represented; executing a target program, dynamically recording execution information of the program, identifying candidate interweaving from the recorded information and predicting potential defect interweaving; removing candidate interweaves which cannot be converted into defect interweaves due to a happen-before relation by a pruning technology, and combining the candidate interweaves which do not interfere with each other by a grouping technology; and converting the candidate interleaving into target defect interleaving through dynamic runtime control thread scheduling, and reporting the defect if the conversion is successful and the defect is triggered. The invention has the advantages of simple principle, high degree of automation, capability of improving the detection efficiency and the like.
Description
Technical Field
The invention mainly relates to the technical field of software security detection, in particular to an atomic violation defect detection method based on a prediction and parallel verification strategy.
Background
An atomic violation defect refers to: in a multithreaded program, when a code block in one thread that is executed in that order is inserted into execution by another concurrent thread, the atomicity of the code block may be destroyed, causing an atomicity violation. Since developers are accustomed to sequential thinking and often assume that the atomicity of a code block does not use appropriate synchronization measures, atomicity violations are widespread in multi-threaded programs. Among the numerous concurrent defects, the atomic violation defects are the most common and most important, and about 70% of known non-deadlock concurrent defects belong to the atomic violation defects.
As shown in fig. 1, is a simplified example of an atomic violation defect, originating from Mozilla ApplicationSuite. In this example, both threads operate on the same shared pointer gCurrentScript. In thread 1, gCurrentScript is first assigned a value by pointer aspt (line 1.3) and then used in the function OnloadComplete () (line 1.9). In thread 2, gCurrentScript is set to NULL after use (line 2.2). If the program executes statements according to 1.3- > 1.9- > 2.2 interleaving, no problem arises. However, due to uncertainty in thread scheduling, another possible interleaving is 1.3- > 2.2- > 1.9 (as indicated by the solid arrow), which can cause defects (null pointer references). The reason for this atomicity violation flaw is that the developer does not have a reasonable use of locks to protect the atomicity of lines 1.3 and 1.9. Thus, line 2.2 memory operations of thread 2 may be performed with thread scheduling interposed between lines 1.3 and 1.9 of thread 1, causing an atomic violation. Due to thread scheduling uncertainty, the same atomicity violation flaw may be triggered by different flaw interlaces. Assuming thread 2 again uses the pointer gCurrentScript (line 2.6) that was previously set to NULL and points it to a new variable, the original atomic violation defect can be triggered by a new interleave 1.3- > 2.6- > 1.9 (as shown by the dotted line). If the developer patches this defect according to the first order of execution only, the patch will only modify the lock in thread 1 to guarantee atomicity, since the statement in thread 2, line 2.2, is already protected by the same lock. However, because the developer ignores statement 2.6 without lock protection, the repaired program still has a flaw. To completely remedy this defect, the developer must grasp the second interleave and add lock protection to line 2.6. Thus, grasping the interleaving of different defects that trigger the same atomic violation defect is critical to thoroughly repair the atomic violation defect.
In the prior art, the treatment is generally performed in several ways:
the first method is a stress test, i.e., exposing defect interleaving by repeatedly performing the test procedure with high intensity. But such methods suffer from low detection efficiency due to low interlace coverage. Multiple executions of the program under test in the stress test tend to cover the same interlaces, while those defect interlaces that are not prone to occurrence are only occasionally exposed and thus are inefficient.
The second approach is a systematic test, i.e. to increase the interlace coverage by traversing as many of all possible interlaces as possible. Such as random test techniques, model verification techniques, etc. But such methods require searching a huge interleaving space and thus have limited scalability. In addition, most of the interlaces that can be covered in the system test are non-defective interlaces, and therefore, the efficiency of exposing defective interlaces remains low.
The third method is active testing, where the tester forms a specific interlace by actively controlling thread scheduling in dynamic execution, thereby increasing the probability of exposing defects. However, these methods are limited to detecting only the defects that can be triggered in the current execution, but not other unexposed potential defects, and interleaving of defects corresponding to the same defects, and thus the detection efficiency is still limited.
Disclosure of Invention
The technical problem to be solved by the invention is as follows: aiming at the technical problems existing in the prior art, the invention provides the atomic violation defect detection method based on the prediction and parallel verification strategy, which has the advantages of simple principle, high automation degree and capability of improving the detection efficiency.
In order to solve the technical problems, the invention adopts the following technical scheme:
an atomic violation defect detection method based on a prediction and parallel verification strategy, comprising:
candidate interleaving is used as replacement of defect interleaving in non-defect execution, and potential triggerable defects are represented;
executing a target program, dynamically recording execution information of the program, identifying candidate interweaving from the recorded information and predicting potential defect interweaving;
removing candidate interweaves which cannot be converted into defect interweaves due to a happen-before relation by a pruning technology, and combining the candidate interweaves which do not interfere with each other by a grouping technology;
and converting the candidate interleaving into target defect interleaving through dynamic runtime control thread scheduling, and reporting the defect if the conversion is successful and the defect is triggered.
As a further improvement of the process of the invention: inserting piles to the tested program and dynamically recording execution information into a file, wherein the execution information comprises access log file_mem_access.log, unlocking log file_lock.log and synchronization measure log file_sync.log; if a defect is triggered during recording, the defect is immediately reported and the defect interleave is recorded.
As a further improvement of the process of the invention: a storage structure of four layers of access operation is adopted; in the first layer, the memory access operation is divided according to addresses, and each key value address of the first layer is mapped to a second layer structure; in the second layer structure, the memory access operation is further divided according to threads, and each key value tid is mapped to a third layer structure; the second layer structure also comprises a thread count variable thread_num; the third layer structure comprises two parts: the first part trace_list points to a fourth layer structure, the second part optag is used for indicating the access list characteristic, and when the optag is 0,1 and 2, the optag represents all read operations, all write operations and all write operations in the list trace_list.
As a further improvement of the process of the invention: candidate interlaces are identified from the recorded execution information by a predictor and defective interlaces are predicted.
As a further improvement of the process of the invention: if candidate interleaving is found from the recorded access records, indicating that corresponding defect interleaving may exist in another execution and triggering an atomic violation defect; recording the candidate interweaving, and verifying in the control execution of the next stage; when candidate interweaving is identified, if the thread_num in the second layer structure aiming at a certain address is less than 2 or the total visit number is less than 3 from traversing the address in the first layer structure, discarding the search of the address; otherwise, continuing to check the third layer structure, if the optag of the two trace_list in the third layer is 0 or 1, the memory access from the thread pair does not form defect interleaving, and skipping the combination; otherwise, the matching search is carried out in the access operation list of the fourth layer structure.
As a further improvement of the process of the invention: removing candidate interlaces that cannot be converted into corresponding defective interlaces due to the existence of the happen-before relationship using a trimmer; if the pruner finds that the candidate interlace to be tested involves a happen-before relationship, then this candidate interlace cannot be converted to the corresponding defective interlace by the control thread scheduling and will be removed from the queue.
As a further improvement of the process of the invention: grouping the pruned candidate interlaces by using a grouping device, putting the candidate interlaces which do not interfere with each other into a group, and verifying the candidate interlaces of the whole group by one-time control execution; the precondition for grouping is to ensure that all candidate interlaces in the same group do not interfere with each other.
As a further improvement of the process of the invention: each group is ordered, the group with less candidate interleaving number is arranged in the front, and the group with more candidate interleaving number is arranged in the rear; each group is searched in order when inserting candidate interlaces, so that the candidate interlaces are inserted into groups with the smallest number of the existing candidate interlaces, and the number of the candidate interlaces in each group is relatively average.
As a further improvement of the process of the invention: using a thread controller to actively control thread scheduling, and converting the recorded candidate interleaving into corresponding defect interleaving, so as to verify predicted potential atomicity violation defects; if the conversion is successful and the defect is triggered, the predicted defect is confirmed; the principle is that the memory access operation of the remote thread is moved to the local thread to be executed between two times of memory access; the specific method is that delay is added before a specific access memory so as to block the current thread, and after the thread is switched, the target thread can be executed.
As a further improvement of the process of the invention: there are two cases of candidate interlaces that need to be verified:
for the pre-candidate interleaving type, inserting delay before the memory S3 of the remote thread, so that the memory S1 of the local thread waits for the memory S1 of the local thread to be executed first; after the execution of the S1 is finished, executing the S3, and finally executing another access memory S2 of the local thread;
for the post candidate interweaving type, firstly, the memory S1 of the local thread is executed, then a delay is inserted before the memory S2, so that the memory S3 of the remote thread is waited to be executed first, and after the execution of the S3 is finished, the S2 is executed.
Compared with the prior art, the invention has the advantages that:
1. the invention discloses an atomic violation defect detection method based on a prediction and parallel verification strategy, which belongs to a detection method for interweaving all defects corresponding to the same atomic violation defect.
2. The atomic violation defect detection method based on the prediction and parallel verification strategy can greatly improve the detection efficiency, predicts and verifies potential defect interweaving of the atomic violation defects, avoids blindness of pressure test and repeatability of systematic test, and further improves the detection efficiency through optimization technologies such as pruning, grouping, parallel and the like.
3. The atomic violation defect detection method based on the prediction and parallel verification strategy has high automation degree, realizes an automatic detection system, and can automatically complete the processes of pile-inserting compiling, information recording, prediction analysis, pruning optimization, parallel verification and the like by only providing a target program.
4. According to the atomic violation defect detection method based on the prediction and parallel verification strategy, disclosed by the technical scheme of the invention, the potential defects which are not exposed in actual execution can be predicted, all possible defect interweaving of the same atomic violation defect can be covered, and thus one atomic violation defect can be completely detected and verified.
Drawings
FIG. 1 is a schematic diagram of an example of an atomic violation defect.
FIG. 2 is a schematic flow chart of the method of the present invention in a specific application example.
FIG. 3 is a schematic diagram of structured storage of the method of the present invention in a specific application example.
FIG. 4 is a schematic diagram of the non-convertible interleaving situation caused by the happen-before relationship in the program in the specific application example of the method of the present invention.
Fig. 5 is a schematic diagram of a candidate interleaved packet without interference in a specific application example of the method of the present invention.
FIG. 6 is a schematic diagram of the method of the present invention in a specific application example by inserting a delay control thread schedule before memory access.
FIG. 7 is a schematic diagram of the method of the present invention in a specific application by inserting a delay control thread schedule before a critical section.
FIG. 8 is a list of candidate interlace enumerations in a specific application example of the invention; wherein footnotes 1 and 2 respectively represent two local memory access operations which are sequentially executed, and i represents memory access operations of a remote concurrent thread.
Fig. 9 is an algorithm for identifying candidate interlaces in a specific application example of the present invention.
Detailed Description
The invention will be described in further detail with reference to the drawings and the specific examples.
In order to more fully describe the technical solution of the present invention, some definitions of the present invention are as follows:
the Happen-before relationship refers to: locks and other synchronization measures (e.g., fences, signals, etc.) in a multithreaded program define that certain operations must be performed in a fixed order, independent of thread scheduling, a fixed order of execution relationship known as the happen-before relationship.
Thread interleaving refers to: in the process of multithreaded program execution, because of thread scheduling, different threads alternate in the process of execution, and thus the actual execution sequence of codes in different threads is uncertain. Interleaving (interleaving) is used to represent a specific interleaving and execution order of a set of threads, to represent the actual execution order of code and the actual execution state of a program.
Defect interleaving refers to: when a multithreaded program executes under a specific set of interlaces, a defect (particularly a concurrent defect due to thread scheduling participation) is triggered, then the interlace is referred to as a defective interlace. The detection method of the atomic violation defects is more, and the core purpose is to expose defect interweaving capable of triggering the defects.
As shown in fig. 2, the method for detecting atomic violation defects based on prediction and parallel verification strategies of the present invention comprises:
first, the concept of candidate interleaving is proposed for defect interleaving, and candidate interleaving is used as substitution of defect interleaving in non-defect execution to represent potential triggerable defects.
Then, executing a target program, dynamically recording the execution information (including access record and synchronous operation) of the program, identifying candidate interleaving from the recorded information through an algorithm and predicting potential defect interleaving; removing candidate interweaves which cannot be converted into defect interweaves due to a happen-before relation by a pruning technology, combining candidate interweaves which do not interfere with each other by a grouping technology, carrying out multi-group parallel verification, reducing verification times, and optimizing verification efficiency;
finally, the candidate interleaving is converted into target defect interleaving through dynamic runtime control thread scheduling, and if the conversion is successful and the defect is triggered, the defect is reported.
In a specific application example, the detailed steps of the invention include:
step S1: monitoring execution.
Inserting piles to the tested program and dynamically recording execution information (access read-write operation and POSIX thread operation) into a file, wherein the execution information comprises access log file_mem_access.log, lock unlocking log file_lock.log and synchronization measure log file_sync.log. If a defect is triggered in the recording process, reporting the defect immediately and recording the defect interweaving, so that the subsequent reproduction is convenient.
In order to increase the speed of subsequent searches for recorded execution information, the recorded information is stored in a structured manner.
When program execution information is loaded from the log file by the predictor, the locking and unlocking operations are first matched into critical sections and then stored in the list cs_list in chronological order. The synchronization measures are also stored in chronological order in the list sync_list. Unlike lock operations and sync operations, which typically have only a few, at most a few hundred records, access operations typically have thousands of records. If a simple list is used for storage, the efficiency of matching candidate interlaces will be very low. Therefore, the scheme realizes a storage structure of four-layer memory access operation based on the Python dictionary structure.
As shown in fig. 3, in the first layer, the access operations are divided by address, and each key address of this layer is mapped to a second layer structure (which contains all access operations to this address). In the second layer structure, the memory operations are further divided by threads, and each key tid is mapped to a third layer structure (which contains memory operations to this address and from the same thread). In addition, the second layer structure also includes a thread count variable (i.e., thread_num). The third layer structure comprises two parts: the first part (i.e., trace_list) points to a fourth layer structure (which contains a chronological list of access operations), and the second part (i.e., optag) is used to indicate the access list characteristics, and represents all read operations, all write operations, and both in the list trace_list when the optag has a value of 0,1, and 2, respectively.
Step S2: and (5) predicting.
The predictor identifies candidate interlaces from the recorded execution information and predicts defective interlaces.
There are a total of 8 candidate interlaces that need to be filtered (as shown in fig. 8). If a candidate interlace is found from the recorded memory record, it is indicated that there may be a corresponding defective interlace in another execution and an atomic violation defect is triggered. The candidate interlace is recorded and verified in the next stage of control execution.
When candidate interleaving is identified, if the thread_num in the second layer structure for an address is less than 2 or the total number of accesses is less than 3 from traversing the address in the first layer structure, searching for the address is abandoned. Otherwise, continuing to check the third layer structure, if the optag of the two trace_list in the third layer is 0 or 1, the memory access from the thread pair will not form defect interleaving, and the combination is skipped. Otherwise, the matching search is carried out in the access operation list of the fourth layer structure. The specific recognition algorithm is shown in fig. 9.
The invention uses Tadr to represent the access operation set accessing the same address addr. If the number of threads in this set is less than 2 or the total number of accesses is less than 3 (lines 3-6 of the algorithm), it will not form an atomic violation and the algorithm skips this set of addresses. Otherwise, the invention uses Ttid to represent the access operation subset from the same thread tid in Tadr. Then, two different subsets (Ttidi, ttidj) are selected in turn, and if the memory operations in both subsets are either read or write, they do not form a non-serializeable interleave and thus no atomic violations are generated, and the algorithm skips both subsets (algorithm lines 8-11). Otherwise, it is continued to check if the memory pairs (am, an) in the subset Ttidi and the memory bl in Ttidi can form a non-serializeable interleave (lines 12 to 17 of the algorithm). If so, it is judged whether the interlace is a candidate interlace or a defective interlace, and recording is performed (algorithm lines 18 to 21). The algorithm improves recognition efficiency by early finding and discarding cases that cannot constitute an atomic violation to avoid invalid searches.
Step S3: pruning.
That is, a trimmer is used to remove candidate interlaces that cannot be converted to corresponding defective interlaces due to the existence of the happen-before relationship.
Therefore, invalid testing on non-defect interweaving is avoided, and the overall testing efficiency is improved. By monitoring execution, the present invention further logs the creation, ending, locking, unlocking, and other synchronization mechanism calls of threads into log files based on the pthread interface. If the pruner finds that the candidate interlace to be tested involves a happen-before relationship, then this candidate interlace cannot be converted to the corresponding defective interlace by the control thread scheduling and will be removed from the queue.
As shown in FIG. 4, the usual happen-before relationship among 4 concurrent programs is listed.
In the sub-graphs (a) and (b), the relative order of statement S1 in the parent thread and statement S2 in the child thread is defined by the creation (create) and end (join) of the thread. Statement S1 in sub-graph (a) must execute prior to statement S2, while statement S2 in sub-graph (b) must execute prior to statement S1. As shown in sub-graph (c), the relative order of S1 and S2 is also defined by the Barrier and wait/notify equivalent primitives. Therefore, statement S1 must be executed prior to statement S2. Furthermore, the use of locks also affects the order of event execution. As shown in sub-graph (d), S1 and S2 are located in the same critical region of locks such that the same lock protected statement S3 from another thread cannot be inserted between S1 and S2 for execution. Therefore, statement S3 must be executed either before statement S1 or after statement S2.
Step S4: and (5) packet parallel verification.
Namely: grouping the pruned candidate interlaces by using a grouping device, putting the candidate interlaces which do not interfere with each other into one group, and verifying the candidate interlaces of the whole group by one control execution. By reducing the number of control executions, the test efficiency is improved as a whole.
The premise of grouping is to ensure that all candidate interlaces in the same group (either pre-candidate interlace, post-candidate interlace, or both) do not interfere with each other.
As shown in fig. 5, assume that a (a 1, a2, ai) and B (B1, B2, bi) are two candidate interlaces that need to be put into the same packet, and there are four permutation cases. The present invention uses the following strategy to determine if they interfere with each other. First check if the access operation a1, a2, or ai in a is equal to one in B, if so, the two candidate interlaces interfere with each other and cannot be put into the same packet. Otherwise, judging whether all accesses in A are executed before all accesses in B or after all accesses in B, if so, the A and the B do not interfere with each other, and the same group can be put in.
To interleave all the candidate packets, first, a set g= { gi|i=1, 2, … } is established to describe all the packets. Then, the candidate interleaving queues are traversed, and for each candidate interleaving ci, whether it does not interfere with all candidate interleaving in a certain group g is judged, and if such a group g can be found, ci is inserted into it. Otherwise, a new packet G ' is created and ci is added to G ', then G ' is added to set G. The candidate interlaces in each packet are ordered by time stamp to facilitate their verification in order in the control execution.
In addition, the number of candidate interlaces in each packet is balanced. The invention further orders each packet, and arranges the packet with less candidate interleaving number in front and the packet with more candidate interleaving number in back. And searching each group according to the sequence when inserting the candidate interleaving, thereby ensuring that the candidate interleaving is inserted into the group with the smallest number of the existing candidate interleaving, ensuring that the number of the candidate interleaving in each group is relatively average, and achieving the load balance of control execution.
Step S5: control is performed.
That is, the thread controller is used to actively control the thread scheduling to convert the recorded candidate interlaces into corresponding defect interlaces, thereby verifying the predicted potential atomic violation defects.
If the transition is successful and the defect is triggered, the predicted defect is confirmed. The principle is to move the memory operation of the remote thread to be performed between two accesses of the local thread. The specific method is that delay is added before a specific access memory so as to block the current thread, and after the thread is switched, the target thread can be executed.
As shown in fig. 6, there are two cases for candidate interlaces that need to be verified:
for the pre-candidate interleave type, a delay is required to be inserted before the memory S3 of the remote thread, so that the memory S1 of the local thread waits to be executed first. And when the S1 is executed, executing the S3, and finally executing another access memory S2 of the local thread.
For the post candidate interweaving type, firstly, the memory S1 of the local thread is executed, then a delay is inserted before the memory S2, so that the memory S3 of the remote thread is waited to be executed first, and after the execution of the S3 is finished, the S2 is executed. Based on the above strategy, either the pre-candidate interlace or the post-candidate interlace can be converted into the corresponding defective interlace.
In most cases, memory access operations in a multi-threaded program are protected by locks, forming a critical area. When local and remote access operations are protected by the same lock, a deadlock may result if the order of accesses is controlled by inserting a delay immediately before the access. This is because when the local access is delayed and waits for the remote access to execute, execution of the remote access may also be blocked by waiting for the local thread to release the lock. Thus, for such access situations involving lock protection, when controlling thread scheduling, the critical area where each access exists is first identified by the recorded synchronization information.
As shown in fig. 7, when the delay is needed to be inserted, the delay is inserted before the locking operation (not before the access operation) of the critical area, so that the access sequence can be changed and deadlock can not be caused by moving the whole critical area to control thread scheduling. In addition, when the verification of a plurality of different candidate interlaces involves moving the same key area, the plurality of candidate interlaces to be tested can be verified at the same time through one-time movement of the key area, so that the test efficiency is further improved.
The invention can be operated according to the following procedures in the specific application process:
s1, preparing the environment.
S1.1 uses Ubuntu 16.04 i386 operating system.
S1.2, installing an Intel Pin 3.7 pile inserting tool.
S1.3 turns off the address randomization mechanism (ASLR).
S2, compiling pile insertion: and compiling and inserting the target program through a Pin tool.
S3, monitoring and executing: and running the compiled target program and recording program running information.
S4, analysis and prediction: and analyzing the running information of the target program and predicting the potential atomic violation defects.
S5, parallel optimization: pruning the candidate interweaves and performing grouping optimization.
S6, control execution: dynamic intervention system thread scheduling verifies the predicted atomic violation flaws.
The above is only a preferred embodiment of the present invention, and the protection scope of the present invention is not limited to the above examples, and all technical solutions belonging to the concept of the present invention belong to the protection scope of the present invention. It should be noted that modifications and adaptations to the invention without departing from the principles thereof are intended to be within the scope of the invention as set forth in the following claims.
Claims (9)
1. An atomic violation defect detection method based on prediction and parallel verification strategies is characterized by comprising the following steps:
candidate interleaving is used as replacement of defect interleaving in non-defect execution, and potential triggerable defects are represented;
executing a target program, dynamically recording execution information of the program, identifying candidate interweaving from the recorded information and predicting potential defect interweaving;
removing candidate interweaves which cannot be converted into defect interweaves due to a happen-before relation by a pruning technology, and combining the candidate interweaves which do not interfere with each other by a grouping technology;
converting the candidate interleaving into target defect interleaving by controlling thread scheduling in a dynamic running mode, and reporting the defect if the conversion is successful and the defect is triggered;
a storage structure of four layers of access operation is adopted; in the first layer, the memory access operation is divided according to addresses, and each key value address of the first layer is mapped to a second layer structure; in the second layer structure, the memory access operation is further divided according to threads, and each key value tid is mapped to a third layer structure; the second layer structure also comprises a thread count variable thread_num; the third layer structure comprises two parts: the first part trace_list points to a fourth layer structure, the second part optag is used for indicating the access list characteristic, and when the optag is 0,1 and 2, the optag represents all read operations, all write operations and all write operations in the list trace_list.
2. The method for detecting atomic violations and defects based on a prediction and parallel verification strategy according to claim 1, wherein the instrumentation is performed on the tested program and execution information is dynamically recorded into a file, and the method comprises the steps of accessing log file_mem_access.log, locking and unlocking the log file_lock.log and synchronizing the measure log file_sync.log; if a defect is triggered during recording, the defect is immediately reported and the defect interleave is recorded.
3. The method for atomic offending defect detection based on a prediction and parallel verification strategy according to any of claims 1-2, characterized by identifying candidate interlaces from recorded execution information by a predictor and predicting defect interlaces.
4. A method of atomic violation defect detection based on a predictive and parallel verification strategy according to claim 3, characterized in that if a candidate interlace is found from a logged memory record, it is indicated that there may be a corresponding defect interlace in another execution and an atomic violation defect is triggered; recording the candidate interweaving, and verifying in the control execution of the next stage; when candidate interweaving is identified, if the thread_num in the second layer structure aiming at a certain address is less than 2 or the total visit number is less than 3 from traversing the address in the first layer structure, discarding the search of the address; otherwise, continuing to check the third layer structure, if the optag of the two trace_list in the third layer is 0 or 1, the memory access from the thread pair does not form defect interleaving, and skipping the combination; otherwise, the matching search is carried out in the access operation list of the fourth layer structure.
5. The method for atomic violation defect detection based on a predictive and parallel verification strategy according to any of the claims 1-2, characterized in that a trimmer is used to remove candidate interlaces that cannot be converted into corresponding defect interlaces due to the existence of a happen-before relationship; if the pruner finds that the candidate interlace to be tested involves a happen-before relationship, then this candidate interlace cannot be converted to the corresponding defective interlace by the control thread scheduling and will be removed from the queue.
6. The method for detecting atomic violations and defects based on a prediction and parallel verification strategy according to claim 5, wherein the pruned candidate interlaces are grouped by a grouping unit, the candidate interlaces that do not interfere with each other are put into one group and the candidate interlaces of the whole group are verified by one control execution; the precondition for grouping is to ensure that all candidate interlaces in the same group do not interfere with each other.
7. The method for detecting atomic violations and defects based on a prediction and parallel validation strategy according to claim 6, wherein each packet is ordered, the packet with the smaller number of candidate interlaces is ordered before, and the packet with the larger number of candidate interlaces is ordered after; each packet is searched in order when inserting candidate interlaces, ensuring that it is inserted into the group with the least number of existing candidate interlaces.
8. The method for detecting atomic violations and defects based on a prediction and parallel verification strategy according to any of claims 1-2, wherein a thread controller is used to actively control thread scheduling to convert recorded candidate interlaces into corresponding defect interlaces, thereby verifying predicted potential atomic violations and defects; if the conversion is successful and the defect is triggered, the predicted defect is confirmed; the principle is that the memory access operation of the remote thread is moved to the local thread to be executed between two times of memory access; the specific method is that delay is added before a specific access memory so as to block the current thread, and after the thread is switched, the target thread can be executed.
9. The method for detecting atomic violations and defects based on predictive and parallel verification policies according to claim 8, wherein candidate interlaces that need verification have two cases in total:
for the pre-candidate interleaving type, inserting delay before the memory S3 of the remote thread, so that the memory S1 of the local thread waits for the memory S1 of the local thread to be executed first; after the execution of the S1 is finished, executing the S3, and finally executing another access memory S2 of the local thread;
for the post candidate interweaving type, firstly, the memory S1 of the local thread is executed, then a delay is inserted before the memory S2, so that the memory S3 of the remote thread is waited to be executed first, and after the execution of the S3 is finished, the S2 is executed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010719864.4A CN111858361B (en) | 2020-07-23 | 2020-07-23 | Atomic violation defect detection method based on prediction and parallel verification strategy |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010719864.4A CN111858361B (en) | 2020-07-23 | 2020-07-23 | Atomic violation defect detection method based on prediction and parallel verification strategy |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111858361A CN111858361A (en) | 2020-10-30 |
| CN111858361B true CN111858361B (en) | 2023-07-21 |
Family
ID=72950690
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010719864.4A Active CN111858361B (en) | 2020-07-23 | 2020-07-23 | Atomic violation defect detection method based on prediction and parallel verification strategy |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111858361B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115906760B (en) * | 2023-02-24 | 2023-07-28 | 北京芯愿景软件技术股份有限公司 | Layout design verification result display method and device |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104077144A (en) * | 2014-07-07 | 2014-10-01 | 西安交通大学 | Data race detection and evidence generation method based on multithreaded program constraint building |
| CN109522097A (en) * | 2018-10-11 | 2019-03-26 | 天津大学 | A kind of concurrent defect inspection method based on self-adapting random test |
| CN110689539A (en) * | 2019-11-12 | 2020-01-14 | 南京大学 | Workpiece surface defect detection method based on deep learning |
-
2020
- 2020-07-23 CN CN202010719864.4A patent/CN111858361B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104077144A (en) * | 2014-07-07 | 2014-10-01 | 西安交通大学 | Data race detection and evidence generation method based on multithreaded program constraint building |
| CN109522097A (en) * | 2018-10-11 | 2019-03-26 | 天津大学 | A kind of concurrent defect inspection method based on self-adapting random test |
| CN110689539A (en) * | 2019-11-12 | 2020-01-14 | 南京大学 | Workpiece surface defect detection method based on deep learning |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111858361A (en) | 2020-10-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Park et al. | CTrigger: exposing atomicity violation bugs from their hiding places | |
| Sen | Effective random testing of concurrent programs | |
| Yilmaz et al. | Reducing masking effects in combinatorialinteraction testing: A feedback drivenadaptive approach | |
| CN109522097B (en) | Concurrent defect detection method based on self-adaptive random test | |
| Lu et al. | Finding atomicity-violation bugs through unserializable interleaving testing | |
| CN110059014B (en) | Concurrent program data competition instruction level positioning method | |
| CN102063328B (en) | System for detecting interrupt-driven type program data competition | |
| CN109635568B (en) | Concurrent vulnerability detection method based on combination of static analysis and fuzzy test | |
| CN114428733A (en) | Kernel data competition detection method based on static program analysis and fuzzy test | |
| CN109522207B (en) | Atom set serialization violation detection method based on constraint solving | |
| CN111858361B (en) | Atomic violation defect detection method based on prediction and parallel verification strategy | |
| Iqbal et al. | Combining search-based and adaptive random testing strategies for environment model-based testing of real-time embedded systems | |
| CN116305162A (en) | Concurrent program vulnerability detection method based on fuzzy test and static analysis | |
| CN106844215B (en) | Atom violation detection method based on constraint solving | |
| Fiedor et al. | Advances in noise‐based testing of concurrent software | |
| CN112364600B (en) | Processor micro-architecture design verification method | |
| Long et al. | Checking linearizability with fine-grained traces | |
| Wang et al. | AVPredictor: Comprehensive prediction and detection of atomicity violations | |
| CN112765036A (en) | Dynamic detection method and system for concurrent program data competition | |
| CN116881919B (en) | Vulnerability discovery method and device, electronic equipment and storage medium | |
| Zhou et al. | Improving failure detection by automatically generating test cases near the boundaries | |
| KR101671372B1 (en) | Apparatus and method for race detection in parallel programs based on multi-cores | |
| Liao et al. | Scalable data race detection for lock-intensive programs with pending period representation | |
| Darvish et al. | Guidiva: Automated discovery and validation of state-based gui invariants | |
| Berglund et al. | Method summaries for JPF |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |