-
Notifications
You must be signed in to change notification settings - Fork 21
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Testing] Concurrency: Race detection / Model Checking / Formal Verification #18
Comments
Some more tools: Loom https://github.com/tokio-rs/loom The paper it is based on: CDSChecker Checking COncurrent Data Structure written in C/C++ atomics DataRaceBench, a benchmark of race detection tools https://github.com/LLNL/dataracebench Microsoft overview: https://docs.microsoft.com/en-us/archive/msdn-magazine/2008/june/tools-and-techniques-to-identify-concurrency-issues 5 data race detection tools (for Java?): https://www.cs.uic.edu/~jalowibd/uploads/06561640_DataRace.pdf 5 others with algorithms details (java as well): https://onlinelibrary.wiley.com/doi/full/10.4218/etrij.17.0115.1027 Rex algorithm for race detction: https://drops.dagstuhl.de/opus/volltexte/2017/7272/pdf/LIPIcs-ECOOP-2017-15.pdf Something somewhat related but for users not for the runtime: Race detection of Futures: https://arxiv.org/pdf/1901.00622.pdf |
Another one-based on LLVM IR: Whoop: https://pdeligia.github.io/lib/papers/whoop_ase15.pdf |
Recent: |
PhD Thesis by the author of landslide Practical Concurrency testing Practical systematic concurrency testing for concurrent and distributed software |
…oduce the spurious livelock/deadlock and multithreaded corruption we have in CI
|
|
While Weave is currently doing a very good job at restricting shared writable state to channels, and specifically
trySend
andtryRecv
routines, we need tooling and tests to detect races and concurrent heisenbugs.Unfortunately it is apparently a NP-hard problem. The issue is that to ease debugging we need to reliable trigger the bug to ensure it is fixed. However threads interleaving is non-deterministic and we can't ask people to use our own deterministic fork of Windows, Linux or Mac.
Also allocating and free-ing memory willy-nilly from lots of threads might also overwhelm the allocator in use or maybe trigger bugs (if we use Nim allocator), so it's probably better to never free memory for testing to avoid allocator bugs/slowness (b8ac8d6)
There are a couple approaches that can be taken with varying order of impracticality.
Sanitizers
This category only requires recompiling with extra flags, sometimes just
--debugger:native
.While they can detect the presence of bugs, I don't think they can prove the absence of one.
valgrind --tool:helgrind build/mybinary
http://valgrind.org/docs/manual/hg-manual.html
POSIX-only, with debugger:native it will mention the Nim lines that are potentially racy.
It slows down the code a lot.
Also there is some noise on memset, memcpy (not sure if it also happens if you never free memory)
LLVM ThreadSanitizer
Compile with clang with
-fsanitize=thread
Libraries
Libraries can exhaustively tests all kind of thread interleaving provided a test scenario, say MPSC queue with 2 producers and 1 consumers. We however have to assume that being bug free for 2 producers mean being bug-free for N (which has been proved for some MPSC queue implementations).
Important: Library used should ideally support C++11 memory model and/or ensure correctness on weak memory model architecture (i.e. everything not x86 like ARM? PowerPC, MIPS)
Relacy Race Detector
We can switch Nim atomics to Relacy atomics via templates and recompile.
Chess
Microsoft, Windows-only
Landslide
https://github.com/bblum/landslide
https://www.pdl.cmu.edu/Landslide/index.shtml
See extensive PhD Thesis at the bottom
Do-it-yourself
The blog post for MultithreadedTC a verifier for the JVM explains in-depth how it is architected: via an internal metronome clock that sync all threads and then at synchronization points test all combinations of thread interleaving.
http://www.cs.umd.edu/projects/PL/multithreadedtc/overview.html
Model Checking and Formal verification
This is heavyweight and requires either using a foreign language or a lot of annotation and constraints in the source code, in exchange it provides mathematical guarantees of correctness:
VCC
Annotate C code and it will be passed to Z3
Iris
TLA+
Spin
Resources
PhD Thesis, Ben Blum
Practical Concurrency Testing
or: How I Learned to Stop Worrying and Love the Exponential Explosion
http://reports-archive.adm.cs.cmu.edu/anon/2018/CMU-CS-18-128.pdf
The text was updated successfully, but these errors were encountered: