Error Propagation Analysis for Multi-Threaded Programs Habib - - PowerPoint PPT Presentation

error propagation analysis for multi threaded programs
SMART_READER_LITE
LIVE PREVIEW

Error Propagation Analysis for Multi-Threaded Programs Habib - - PowerPoint PPT Presentation

Aug 05, 2023 111 likes •291 views

Error Propagation Analysis for Multi-Threaded Programs Habib Saissi, Stefan Winter, Oliver Schwahn, Karthik Pattabiraman , Neeraj Suri Fault Injection Evaluate the robustness of software 2 Motivation: Error Propagation Analysis (EPA) Compare

slide-1
SLIDE 1

Error Propagation Analysis for Multi-Threaded Programs

Habib Saissi, Stefan Winter, Oliver Schwahn, Karthik Pattabiraman, Neeraj Suri

slide-2
SLIDE 2

Fault Injection

Evaluate the robustness of software

2

slide-3
SLIDE 3

Motivation: Error Propagation Analysis (EPA)

Compare FI run with golden run (fault free run) Any deviation indicates error propagation Trace Comparison Golden run Faulty run Deviation?

Error Propagation Analysis

slide-4
SLIDE 4

What about Multi-threaded programs ?

Differences due to inherent non-determinism Differences due to the injected fault ?

Is the difference due to the non-determinism of multi-threading OR error propagation ?

slide-5
SLIDE 5

Example: Single-Threaded EPA

5

Program Fault-free Run Fault Injection A[0] = 2; A[1] = 19; A[0]++; A[1]++; return A[0] + A[1]; A[0] = 2; A[1] = 19; A[0] = 3; A[1] = 20; return 23; A[0] = 2; A[1] = 91; A[0] = 3; A[1] = 92; return 94;

6/30/2019

Injection Propagation Propagation

slide-6
SLIDE 6

Program Thread 1 (Fault Free) Thread 2 (Fault Free) A[0] = 2; A[1] = 19; A[0]++; A[1]++; return A[0] + A[1]; A[0] = 2; A[0] = 3; A[1] = 19; A[1] = 20;

Example: Multi-threaded EPA

6

Program Thread 1 (Fault Free) Thread 2 (Fault Free) Thread 1 (Fault Injection) Thread 2 (Fault Injection) A[0] = 2; A[1] = 19; A[0]++; A[1]++; return A[0] + A[1]; A[0] = 2; A[0] = 3; A[1] = 19; A[1] = 20; A[0] = 2; A[0] = 3; A[1] = 91; A[1] = 92;

6/30/2019

Injection Propagation Deviation Deviation

slide-7
SLIDE 7

Our Work: TraceSanitizer

First sound technique to disambiguate error propagation in multi-threaded programs from non-determinism (without needing any programmer annotations)

7 6/30/2019

slide-8
SLIDE 8

Intuition: Pseudo-deterministic condition

  • An execution trace is pseudo-deterministic:
  • No dependent instructions that can occur in reversed order
  • Pseudo-deterministic condition guarantees soundness
  • Example: Map Reduce

8

slide-9
SLIDE 9

TraceSanitizer: WorkFlow

Reversibility Check Trace Sanitizing Trace Sanitizing Trace Comparison

Deviation Abort Golden run Faulty run

slide-10
SLIDE 10

Reversibility Check

10

Order constraints Reversibility constraints

6/30/2019

slide-11
SLIDE 11

Original Trace Sanitized Trace 0 call-pthread_create 0 → 7ffcfe3282e8 0 400ae0 0 0 call-pthread_create 0 → 7ffcfe3282e0 0 4012c0 0 1 call-inc 0 1 alloca 7f0ccbc55d58 8 1 alloca 7f0ccbc55d50 8 1 store 0 7f0ccbc55d50 2 call-inc 0 2 alloca 7f0ccb454d58 8

Example: TraceSanitizer Operation

11

Original Trace Sanitized Trace 0 call-pthread_create 0 → 7ffcfe3282e8 0 400ae0 0 0 call-pthread_create 0 → 7ffcfe3282e0 0 4012c0 0 1 call-inc 0 1 alloca 7f0ccbc55d58 8 1 alloca 7f0ccbc55d50 8 1 store 0 7f0ccbc55d50 2 call-inc 0 2 alloca 7f0ccb454d58 8 T_0 call-pthread_create-u 0 → o4 0 400ae0 0 Original Trace Sanitized Trace 0 call-pthread_create 0 → 7ffcfe3282e8 0 400ae0 0 0 call-pthread_create 0 → 7ffcfe3282e0 0 4012c0 0 1 call-inc 0 1 alloca 7f0ccbc55d58 8 1 alloca 7f0ccbc55d50 8 1 store 0 7f0ccbc55d50 2 call-inc 0 2 alloca 7f0ccb454d58 8 T_0 call-pthread_create-u 0 → o4 0 400ae0 0 T_0 call-pthread_create-u 0 → o5 0 4012c0 0 Original Trace Sanitized Trace 0 call-pthread_create 0 → 7ffcfe3282e8 0 400ae0 0 0 call-pthread_create 0 → 7ffcfe3282e0 0 4012c0 0 1 call-inc 0 1 alloca 7f0ccbc55d58 8 1 alloca 7f0ccbc55d50 8 1 store 0 7f0ccbc55d50 2 call-inc 0 2 alloca 7f0ccb454d58 8 T_0 call-pthread_create-u 0 → o4 0 400ae0 0 T_0 call-pthread_create-u 0 → o5 0 4012c0 0 T_0_0 call-inc 0 Original Trace Sanitized Trace 0 call-pthread_create 0 → 7ffcfe3282e8 0 400ae0 0 0 call-pthread_create 0 → 7ffcfe3282e0 0 4012c0 0 1 call-inc 0 1 alloca 7f0ccbc55d58 8 1 alloca 7f0ccbc55d50 8 1 store 0 7f0ccbc55d50 2 call-inc 0 2 alloca 7f0ccb454d58 8 T_0 call-pthread_create-u 0 → o4 0 400ae0 0 T_0 call-pthread_create-u 0 → o5 0 4012c0 0 T_0_0 call-inc 0 T_0_0 alloca o6 1 8 T_0_0 alloca o7 1 8 T_0_0 store 0 o7 T_0_1 call-inc 0 T_0_1 alloca o8 1 8

slide-12
SLIDE 12

Evaluation

  • Implemented as a pass in the LLVM compiler
  • C/C++ programs from the PARSEC and Phoenix benchmarks
  • Reversibility check with the Z3 SMT solver
  • Injected 5 different types of software faults (5000 injections each)

12

slide-13
SLIDE 13

False positives and Time Taken

13

Program # Threads False Positives Reversibility Check Time quicksort 72 30 min pca 17 150 min kmeans 65 82 min blackscholes 3 1 min swaptions 4 145 min

slide-14
SLIDE 14

Fault Model

Residual software bugs that are hard to detect through regression or unit tests Faults Considered:

  • Bit Flip
  • File I/O Buffer Overflow
  • Buffer Overflow Malloc
  • Function Call Corruption
  • Invalid Pointer

14

slide-15
SLIDE 15

Fault Injection Results

slide-16
SLIDE 16

Summary

Non-Determinism in multi-threaded programs is bad for EPA TraceSanitizer (TS): First Sound technique to perform EPA for a class of Multi-threaded programs (pseudo-deterministic)

  • Condition encoded as reversibility check - SMT solvers
  • Completely automated; no program annotations needed

Evaluation shows TS has 0% false-positives, incurs reasonable

  • verheads and provides high fault coverage

https://github.com/DEEDS-TUD/TraceSanitizer