research-article

EnforceMOP: a runtime property enforcement system for multithreaded programs

Authors:

Grigore RoşuAuthors Info & Claims

ISSTA 2013: Proceedings of the 2013 International Symposium on Software Testing and Analysis

Pages 156 - 166

https://doi.org/10.1145/2483760.2483766

Published: 15 July 2013 Publication History

Abstract

Multithreaded programs are hard to develop and test. In order for programs to avoid unexpected concurrent behaviors at runtime, for example data-races, synchronization mechanisms are typically used to enforce a safe subset of thread interleavings. Also, to test multithreaded programs, devel- opers need to enforce the precise thread schedules that they want to test. These tasks are nontrivial and error prone.

This paper presents EnforceMOP, a framework for specifying and enforcing complex properties in multithreaded Java programs. A property is enforced at runtime by blocking the threads whose next actions would violate it. This way the remaining threads, whose execution is safe, can make global progress until the system eventually reaches a global state in which the blocked threads can be safely unblocked and allowed to execute. Users of EnforceMOP can specify the properties to be enforced using the expressive MOP multi-formalism notation, and can provide code to be executed at deadlock (when no thread is safe to continue). EnforceMOP was used in two different kinds of applications. First, to enforce general properties in multithreaded programs, as a formal, semantic alternative to the existing rigid and sometimes expensive syntactic synchronization mechanisms. Second, to enforce testing desirable schedules in unit testing of multithreaded programs, as an alternative to the existing limited and often adhoc techniques. Results show that EnforceMOP is able to effectively express and enforce complex properties and schedules in both scenarios.

References

[1]

C. Allan, P. Avgustinov, A. S. Christensen, L. J. Hendren, S. Kuzins, O. Lhoták, O. de Moor, D. Sereni, G. Sittampalam, and J. Tibble. Adding trace matching with free variables to AspectJ. In OOPSLA, 2005.

Digital Library

[2]

Apache Software Foundation. Apache Commons Collections. http://commons.apache.org/ collections/.

[3]

Apache Software Foundation. Apache Commons Pool. http://commons.apache.org/pool/.

[4]

Apache Software Foundation. Apache Hadoop. http://hadoop.apache.org/.

[5]

Apache Software Foundation. Apache Lucene. http:// lucene.apache.org/.

[6]

Apache Software Foundation. Apache MINA. http:// mina.apache.org/.

[7]

Apache Software Foundation. LOG4J-50213. https:// issues.apache.org/bugzilla/show_bug.cgi? id=50213.

[8]

Apache Software Foundation. TOMCAT-25841. https://issues.apache.org/bugzilla/show_bug. cgi?id=25841.

[9]

H. Barringer, B. Finkbeiner, Y. Gurevich, and H. Sipma, editors. RV 05, volume 144 of ENTCS, 2005.

[10]

R. Behrends and R. E. K. Stirewalt. The universe model: an approach for improving the modularity and reliability of concurrent programs. In FSE, 2000.

Digital Library

[11]

A. Betin-Can and T. Bultan. Verifiable concurrent programming using concurrency controllers. In ASE, 2004.

Digital Library

[12]

E. Bodden and K. Havelund. Racer: Effective race detection using AspectJ. In ISSTA, 2008.

Digital Library

[13]

J. Burnim, T. Elmas, G. Necula, and K. Sen. CONCURRIT: Testing concurrent programs with programmable state-space exploration. In HotPar, 2012.

Digital Library

[14]

R. H. Campbell and A. N. Habermann. The specification of process synchronization by path expressions. In OS, 1974.

Digital Library

[15]

F. Chen and G. Ro¸su. Java-MOP: A monitoring oriented programming environment for Java. In TACAS, 2005.

Digital Library

[16]

F. Chen and G. Rosu. Mop: an eﬃcient and generic runtime verification framework. In OOPSLA, 2007.

Digital Library

[17]

Codehaus. Sysunit. http://docs.codehaus.org/ display/SYSUNIT/Home.

[18]

K. Coons, S. Burckhardt, and M. Musuvathi. Gambit: Effective unit testing for concurrency libraries. In PPoPP, 2010.

Digital Library

[19]

M. d’Amorim and K. Havelund. Event-based runtime verification of Java programs. ACM SIGSOFT SEN, 30:1–7, 2005.

Digital Library

[20]

X. Deng, M. B. Dwyer, J. Hatcliff, and M. Mizuno. Invariant-based specification, synthesis, and verification of synchronization in concurrent programs. In ICSE, 2002.

Digital Library

[21]

J. Dolby, C. Hammer, D. Marino, F. Tip, M. Vaziri, and J. Vitek. A data-centric approach to synchronization. ACM TOPLAS, 34:4:1–4:48, 2012.

Digital Library

[22]

O. Edelstein, E. Farchi, E. Goldin, Y. Nir, G. Ratsaby, and S. Ur. Framework for Testing Multi-Threaded Java Programs. CCPE, 2003.

[23]

C. Flanagan and S. N. Freund. FastTrack: eﬃcient and precise dynamic race detection. In PLDI, 2009.

Digital Library

[24]

C. Flanagan, S. N. Freund, and J. Yi. Velodrome: a sound and complete dynamic atomicity checker for multithreaded programs. In PLDI, 2008.

Digital Library

[25]

S. Goldsmith, R. O’Callahan, and A. Aiken. Relational queries over program traces. In OOPSLA, 2005.

Digital Library

[26]

K. Havelund and T. Pressburger. Model checking Java programs using Java PathFinder. Journal on STTT, 2:366–381, 2000.

[27]

K. Havelund and G. Ro¸su, editors. RV 01, RV 02, RV 04, volume 55, 70, 113 of ENTCS, 2001, 2002, 2004.

[28]

K. Havelund and G. Rosu. An overview of the runtime verification tool Java PathExplorer. FMSD, 2004.

Digital Library

[29]

IBM. ECLIPSE-369251. https://bugs.eclipse.org/ bugs/show_bug.cgi?id=369251.

[30]

V. Jagannath, M. Gligoric, D. Jin, Q. Luo, G. Rosu, and D. Marinov. Improved multithreaded unit testing. In FSE, 2011.

Digital Library

[31]

Java Community Process. JSR 166: Concurrency utilities. http://g.oswego.edu/dl/ concurrency-interest/.

[32]

JBoss Community. JBoss Cache. http://www.jboss. org/jbosscache.

[33]

G. Kiczales, E. Hilsdale, J. Hugunin, M. Kersten, J. Palm, and W. G. Griswold. An overview of AspectJ. In ECOOP, 2001.

Digital Library

[34]

M. Kim, S. Kannan, I. Lee, O. Sokolsky, and M. Viswanathan. Java-MaC: a run-time assurance tool for Java programs. ENTCS, 55:218–235, 2001.

[35]

B. Long, D. Hoffman, and P. Strooper. Tool Support for Testing Concurrent Java Components. IEEE TSE, 29:555–566, 2003.

Digital Library

[36]

M. C. Martin, V. B. Livshits, and M. S. Lam. Finding application errors and security flaws using PQL: a program query language. In OOPSLA, 2005.

Digital Library

[37]

M. Musuvathi and S. Qadeer. Iterative context bounding for systematic testing of multithreaded programs. In PLDI, 2007.

Digital Library

[38]

Object Refinery. JFREECHART-1051. http:// sourceforge.net/p/jfreechart/bugs/1051/.

[39]

Object Refinery. JFREECHART-187. http:// sourceforge.net/p/jfreechart/bugs/187/.

[40]

Oracle. JavaDoc ArrayList. http://docs.oracle. com/javase/6/docs/api/java/util/ArrayList.html.

[41]

S. Park, S. Lu, and Y. Zhou. CTrigger: Exposing atomicity violation bugs from their hiding places. In ASPLOS, 2009.

Digital Library

[42]

S. Park, R. W. Vuduc, and M. J. Harrold. Falcon: fault localization in concurrent programs. In ICSE, 2010.

Digital Library

[43]

W. Pugh and N. Ayewah. Unit testing concurrent software. In ASE, 2007.

Digital Library

[44]

O. Sokolsky and M. Viswanathan, editors. RV 03, volume 89 of ENTCS, 2003.

[45]

M. Vaziri, F. Tip, and J. Dolby. Associating synchronization constraints with data in an object-oriented language. In POPL, 2006.

Digital Library

Cited By

Soueidi CFalcone Y(2023)Sound Concurrent Traces for Online MonitoringModel Checking Software10.1007/978-3-031-32157-3_4(59-80)Online publication date: 2-May-2023
https://doi.org/10.1007/978-3-031-32157-3_4
Soueidi CEl-Hokayem AFalcone Y(2023)Opportunistic Monitoring of Multithreaded ProgramsFundamental Approaches to Software Engineering10.1007/978-3-031-30826-0_10(173-194)Online publication date: 22-Apr-2023
https://dl.acm.org/doi/10.1007/978-3-031-30826-0_10
Francalanza A(2022)A theory of monitorsInformation and Computation10.1016/j.ic.2021.104704281:COnline publication date: 3-Jan-2022
https://dl.acm.org/doi/10.1016/j.ic.2021.104704
Show More Cited By

Index Terms

EnforceMOP: a runtime property enforcement system for multithreaded programs
1. Software and its engineering
  1. Software creation and management
    1. Software verification and validation
      1. Software defect analysis
        Software testing and debugging

Recommendations

Dynamically checking ownership policies in concurrent c/c++ programs
POPL '10

Concurrent programming errors arise when threads share data incorrectly. Programmers often avoid these errors by using synchronization to enforce a simple ownership policy: data is either owned exclusively by a thread that can read or write the data, ...
Testing multithreaded programs via thread speed control
ESEC/FSE 2018: Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering

A multithreaded program's interleaving space is discrete and astronomically large, making effectively sampling thread schedules for manifesting concurrency bugs a challenging task. Observing that concurrency bugs can be manifested by adjusting thread ...
Dynamically checking ownership policies in concurrent c/c++ programs
POPL '10: Proceedings of the 37th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages

Concurrent programming errors arise when threads share data incorrectly. Programmers often avoid these errors by using synchronization to enforce a simple ownership policy: data is either owned exclusively by a thread that can read or write the data, ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

ISSTA 2013: Proceedings of the 2013 International Symposium on Software Testing and Analysis

July 2013

381 pages

ISBN:9781450321594

DOI:10.1145/2483760

General Chair:
Mauro Pezzè,
Program Chair:
Mark Harman

Copyright © 2013 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSOFT: ACM Special Interest Group on Software Engineering

In-Cooperation

SIGPLAN: ACM Special Interest Group on Programming Languages

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 15 July 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ISSTA '13

Sponsor:

SIGSOFT

ISSTA '13: Iitsnternational Symposium on Software Testing and Analysis

July 15 - 20, 2013

Lugano, Switzerland

Acceptance Rates

Overall Acceptance Rate 58 of 213 submissions, 27%

Upcoming Conference

ISSTA '25

Sponsor:
sigsoft

34th ACM SIGSOFT International Symposium on Software Testing and Analysis

June 25 - 28, 2025

Trondheim , Norway

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

21
Total Citations
View Citations
224
Total Downloads

Downloads (Last 12 months)4
Downloads (Last 6 weeks)0

Reflects downloads up to 27 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Soueidi CFalcone Y(2023)Sound Concurrent Traces for Online MonitoringModel Checking Software10.1007/978-3-031-32157-3_4(59-80)Online publication date: 2-May-2023
https://doi.org/10.1007/978-3-031-32157-3_4
Soueidi CEl-Hokayem AFalcone Y(2023)Opportunistic Monitoring of Multithreaded ProgramsFundamental Approaches to Software Engineering10.1007/978-3-031-30826-0_10(173-194)Online publication date: 22-Apr-2023
https://dl.acm.org/doi/10.1007/978-3-031-30826-0_10
Francalanza A(2022)A theory of monitorsInformation and Computation10.1016/j.ic.2021.104704281:COnline publication date: 3-Jan-2022
https://dl.acm.org/doi/10.1016/j.ic.2021.104704
Coenen NFinkbeiner BHahn CHofmann JSchillo Y(2021)Runtime Enforcement of HyperpropertiesAutomated Technology for Verification and Analysis10.1007/978-3-030-88885-5_19(283-299)Online publication date: 12-Oct-2021
https://doi.org/10.1007/978-3-030-88885-5_19
Wang XWang YLi LYang YBu DMusariri M(2020)Procedure and Loop Level Speculative Parallelism Analysis in HPECAlgorithms and Architectures for Parallel Processing10.1007/978-3-030-60245-1_4(47-60)Online publication date: 29-Sep-2020
https://doi.org/10.1007/978-3-030-60245-1_4
Francalanza AXuereb J(2020)On Implementing Symbolic ControllabilityCoordination Models and Languages10.1007/978-3-030-50029-0_22(350-369)Online publication date: 10-Jun-2020
https://doi.org/10.1007/978-3-030-50029-0_22
Wu MWang JDeshmukh JWang C(2019)Shield Synthesis for Real: Enforcing Safety in Cyber-Physical Systems2019 Formal Methods in Computer Aided Design (FMCAD)10.23919/FMCAD.2019.8894264(129-137)Online publication date: Oct-2019
https://doi.org/10.23919/FMCAD.2019.8894264
Sánchez CSchneider GAhrendt WBartocci EBianculli DColombo CFalcone YFrancalanza AKrstić SLourenço JNickovic DPace GRufino JSignoles JTraytel DWeiss A(2019)A survey of challenges for runtime verification from advanced application domains (beyond software)Formal Methods in System Design10.1007/s10703-019-00337-w54:3(279-335)Online publication date: 11-Nov-2019
https://doi.org/10.1007/s10703-019-00337-w
Falcone YPinisetty S(2019)On the Runtime Enforcement of Timed PropertiesRuntime Verification10.1007/978-3-030-32079-9_4(48-69)Online publication date: 1-Oct-2019
https://doi.org/10.1007/978-3-030-32079-9_4
Francalanza APérez JSánchez C(2018)Runtime Verification for Decentralised and Distributed SystemsLectures on Runtime Verification10.1007/978-3-319-75632-5_6(176-210)Online publication date: 11-Feb-2018
https://doi.org/10.1007/978-3-319-75632-5_6
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten