testing atomicity
play

Testing atomicity Finding race conditions by random testing John - PowerPoint PPT Presentation

Sep 26, 2023 •282 likes •584 views

Testing atomicity Finding race conditions by random testing John Hughes "We know there is a lurking bug somewhere in the dets code. We have got 'bad object' and 'premature eof' every other month the last year. We have not been able to

  1. Testing atomicity Finding race conditions by random testing John Hughes

  2. "We know there is a lurking bug somewhere in the dets code. We have got 'bad object' and 'premature eof' every other month the last year. We have not been able to track the bug down since the dets files is repaired automatically next time it is opened.“ Tobbe Törnqvist, Klarna, 2007

  3. 700+ What is it? people in 6 years Application Invoicing services for web shops Distributed database: Mnesia transactions, distribution, replication Dets Tuple storage Race File system conditions?

  4. QuickCheck 1999 — invented by Koen Claessen and me (ICFP 2000), in Haskell 2006 — Quviq founded marketing Erlang version 2009 — Race condition testing method (ICFP) Real successes and further developments

  5. Imagine Testing This… dispenser:take_ticket() dispenser:reset()

  6. A Unit Test in Erlang test_dispenser() -> ok = reset(), Side-effects 1 = take_ticket(), require a 2 = take_ticket(), sequence of 3 = take_ticket(), calls to test ok = reset(), 1 = take_ticket(). Expected results

  7. State Machine Specifications API API API API Calls Calls Calls Calls postconditions Model Model Model Model state state state state

  8. Modelling the dispenser take take take reset 0 0 1 2 ok 1 2 3

  9. A Parallel Unit Test ok reset 1 1 1 take_ticket 3 2 1 take_ticket take_ticket 2 3 2 • Three possible correct outcomes!

  10. Another Parallel Test reset take_ticket take_ticket reset take_ticket take_ticket • 42 possible correct outcomes!

  11. Deciding a Parallel Test Atomic operations: an important special case take take  1  3 reset  ok take  2 0 0 1 2

  12. take_ticket() -> N = read(), Prefix: write(N+1), N+1. Parallel: 1. dispenser:take_ticket() --> 1 2. dispenser:take_ticket() --> 1 Result: no_possible_interleaving

  13. dets • Tuple store: {Key, Value1, Value2…} • Operations: – insert(Table,ListOfTuples) – delete(Table,Key) – insert_new(Table,ListOfTuples) – … • Model: – List of tuples (almost)

  14. QuickCheck Specification ... … ... … > 6,000 LOC <100 LOC

  15. Bug #1 insert_new(Name, Objects) -> Bool Prefix: Types: open_file(dets_table,[{type,bag}]) --> Name = name() dets_table Objects = object() | [object()] Parallel: Bool = bool() 1. insert(dets_table,[]) --> ok 2. insert_new(dets_table,[]) --> ok Result: no_possible_interleaving

  16. Bug #2 Prefix: open_file(dets_table,[{type,set}]) --> dets_table Parallel: 1. insert(dets_table,{0,0}) --> ok 2. insert_new(dets_table,{0,0}) -- > …time out … =ERROR REPORT==== 4-Oct-2010::17:08:21 === ** dets: Bug was found when accessing table dets_table

  17. Bug #3 Prefix: open_file(dets_table,[{type,set}]) --> dets_table Parallel: 1. open_file(dets_table,[{type,set}]) --> dets_table 2. insert(dets_table,{0,0}) --> ok get_contents(dets_table) --> [] ! Result: no_possible_interleaving

  18. Is the file corrupt?

  19. Bug #4 Prefix: open_file(dets_table,[{type,bag}]) --> dets_table close(dets_table) --> ok open_file(dets_table,[{type,bag}]) --> dets_table Parallel: 1. lookup(dets_table,0) --> [] 2. insert(dets_table,{0,0}) --> ok 3. insert(dets_table,{0,0}) --> ok Result: ok premature eof

  20. Bug #5 Prefix: open_file(dets_table,[{type,set}]) --> dets_table insert(dets_table,[{1,0}]) --> ok Parallel: 1. lookup(dets_table,0) --> [] delete(dets_table,1) --> ok 2. open_file(dets_table,[{type,set}]) --> dets_table Result: ok false bad object

  21. "We know there is a lurking bug somewhere in the dets code. We have got 'bad object' and 'premature eof' every other month the last year.” Tobbe Törnqvist, Klarna, 2007 Each bug fixed the day after reporting the failing case

  22. Testing a Worker Pool • Check out a worker • Check in a worker • Handle workers crashing • Handle clients crashing while holding a worker

  23. Problem : checking out a worker blocks if there isn’t one! • Loads and loads of bugs found • 80 unit tests passed throughout! • Parallel testing found no race conditions

  24. Blocking operations Test deadlocks? In practice, lock times out

  25. Should this test pass? But a blocked operation should not run before an unblocked one!

  26. Serializability with Blocking • Specify when an atomic operation should block • When exploring interleavings, never choose a blocked operation when there is an unblocked alternative • We rule out some interleavings, potentially making test fail that would otherwise have passed

  27. A race condition in Poolboy? Start the worker pool (1 worker) checkout checkout checkout checkin checkin

  28. Conclusion • Serializability is a – simple condition – that is surprisingly effective – at revealing bugs in real industrial code Not quite done …

  29. Provoking races • We’ve used: – Repeated execution on a multicore processor – Random scheduling – ” Procrastination ”… repeating a test, but reordering message deliveries to the same process – Model checking — all possible schedules

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Testing and Verifying Atomicity of Composed Concurrent Operations Ohad Shacham Tel Aviv

Testing and Verifying Atomicity of Composed Concurrent Operations Ohad Shacham Tel Aviv

Testing and Verifying Atomicity of Composed Concurrent Operations Ohad Shacham Tel Aviv University Nathan Bronson Stanford University Alex Aiken Stanford University Mooly Sagiv Tel Aviv University Martin Vechev ETH Eran Yahav Technion

458 views • 35 slides
Design and Implementation Issues for Atomicity Dan Grossman University of Washington Workshop

Design and Implementation Issues for Atomicity Dan Grossman University of Washington Workshop

Design and Implementation Issues for Atomicity Dan Grossman University of Washington Workshop on Declarative Programming Languages for Multicore Architectures 15 January 2006 Atomicity Overview Atomicity: what, why, and why relevant

605 views • 17 slides
ACID and BASE 1 ACID Atomicity: a transaction happens or it does not 2 ACID Atomicity: a

ACID and BASE 1 ACID Atomicity: a transaction happens or it does not 2 ACID Atomicity: a

ACID and BASE 1 ACID Atomicity: a transaction happens or it does not 2 ACID Atomicity: a transaction happens or it does not Consistency: a correct database is still correct afterwards i.e. money balanced, no dangling pointers 3 ACID

712 views • 29 slides
Atomicity Bailu Ding Oct 18, 2012 Bailu Ding Atomicity Oct 18, 2012 1 / 38 Outline 1

Atomicity Bailu Ding Oct 18, 2012 Bailu Ding Atomicity Oct 18, 2012 1 / 38 Outline 1

Atomicity Bailu Ding Oct 18, 2012 Bailu Ding Atomicity Oct 18, 2012 1 / 38 Outline 1 Introduction 2 State Machine 3 Sinfonia 4 Dangers of Replication Bailu Ding Atomicity Oct 18, 2012 2 / 38 Introduction Introduction Implementing

723 views • 43 slides
the complexity of predicting atomicity violations Azadeh Farzan Univ of Toronto P. Madhusudan

the complexity of predicting atomicity violations Azadeh Farzan Univ of Toronto P. Madhusudan

the complexity of predicting atomicity violations Azadeh Farzan Univ of Toronto P. Madhusudan Univ of Illinois at Urbana Champaign . Motivation: Interleaving explosion problem Testing is the main technique for correctness in the industry

407 views • 26 slides
Motivation Atomicity: Transactions may abort (Rollback). Logging and

Motivation Atomicity: Transactions may abort (Rollback). Logging and

Motivation Atomicity: Transactions may abort (Rollback). Logging and Durability: Recovery What if DBMS stops running? (Causes?) Chapter 18 Desired Behavior after crash! system restarts: If you are going to be in

648 views • 8 slides
Task Types for Pervasive Atomicity Aditya Kulkarni, Yu David Liu State University of New York at

Task Types for Pervasive Atomicity Aditya Kulkarni, Yu David Liu State University of New York at

Task Types for Pervasive Atomicity Aditya Kulkarni, Yu David Liu State University of New York at Binghamton &amp; Scott Smith Johns Hopkins University October 2010 @OOPSLA Task Types for Pervasive Atomicity Aditya Kulkarni, Yu David Liu State

1.37k views • 75 slides
Keep Off the Grass Locking the Right Path for Atomicity Dave Cunningham Khilan Gudka Susan

Keep Off the Grass Locking the Right Path for Atomicity Dave Cunningham Khilan Gudka Susan

Fundamentals Atomicity Keep Off the Grass Locking the Right Path for Atomicity Dave Cunningham Khilan Gudka Susan Eisenbach Imperial College London 07/03/2008 Dave Cunningham, Khilan Gudka, Susan Eisenbach Keep Off the Grass 1/34

709 views • 66 slides
Chapter 17 Distributed Coordination Event Ordering Mutual Exclusion Atomicity

Chapter 17 Distributed Coordination Event Ordering Mutual Exclusion Atomicity

Chapter 17 Distributed Coordination Event Ordering Mutual Exclusion Atomicity Concurrency Control Deadlock Handling Election Algorithms Reaching Agreement Operating System Concepts Silberschatz, Galvin and Gagne

276 views • 25 slides
Chapter 17 Distributed Coordination Event Ordering Mutual Exclusion Atomicity

Chapter 17 Distributed Coordination Event Ordering Mutual Exclusion Atomicity

Chapter 17 Distributed Coordination Event Ordering Mutual Exclusion Atomicity Concurrency Control Deadlock Handling Election Algorithms Reaching Agreement Operating System Concepts 17.1 Silberschatz, Galvin and Gagne

955 views • 49 slides
Why Is This Important? Needed for achieving atomicity and durability Need to abort

Why Is This Important? Needed for achieving atomicity and durability Need to abort

Why Is This Important? Needed for achieving atomicity and durability Need to abort transactions or restart them Crash Recovery Need to recover from crashes Crash recovery algorithms had major impact beyond Chapter 18 databases

245 views • 5 slides
On the Atomicity of Monoid Algebras of Finite Characteristic (joint work with Jim Coykendall)

On the Atomicity of Monoid Algebras of Finite Characteristic (joint work with Jim Coykendall)

On the Atomicity of Monoid Algebras of Finite Characteristic (joint work with Jim Coykendall) Felix Gotti UC Berkeley AMS Special Session: Factorization and Arithmetic Properties of Integral Domains and Monoids Honolulu HI March 24 Felix

868 views • 68 slides
History Drawbacks of using file systems (cont.) Atomicity of updates Failures may

History Drawbacks of using file systems (cont.) Atomicity of updates Failures may

History Drawbacks of using file systems (cont.) Atomicity of updates Failures may leave database in an inconsistent state with partial updates carried out Example: Transfer of funds from one account to another should either

421 views • 7 slides
Testing Terminology System testing Types of errors Function testing Structure

Testing Terminology System testing Types of errors Function testing Structure

Outline Testing Terminology System testing Types of errors Function testing Structure Testing Dealing with errors Performance testing Quality assurance vs Acceptance testing Testing Installation testing

396 views • 11 slides
Atomicity via Source-to-Source Translation Benjamin Hindman Dan Grossman University of

Atomicity via Source-to-Source Translation Benjamin Hindman Dan Grossman University of

Atomicity via Source-to-Source Translation Benjamin Hindman Dan Grossman University of Washington 22 October 2006 Atomic An easier-to-use and harder-to-implement primitive void deposit(int x){ void deposit(int x){ synchronized(this){

516 views • 33 slides
Chapter 1 Fundamentals of testing 1. Why is testing necessary? 2. What is testing? 3. Test

Chapter 1 Fundamentals of testing 1. Why is testing necessary? 2. What is testing? 3. Test

Chapter 1 Fundamentals of testing 1. Why is testing necessary? 2. What is testing? 3. Test principles 4. Fundamental test process 5. The psychology of testing 1. Why is testing necessary 1.1 Software system context 1.2 Causes of

567 views • 36 slides
THE TRUTH IN NEGOTIATIONS ACT* AN OVERVIEW *NOW CALLED THE TRUTHFUL COST OR PRICING DATA ACT EVEN

THE TRUTH IN NEGOTIATIONS ACT* AN OVERVIEW *NOW CALLED THE TRUTHFUL COST OR PRICING DATA ACT EVEN

THE TRUTH IN NEGOTIATIONS ACT* AN OVERVIEW *NOW CALLED THE TRUTHFUL COST OR PRICING DATA ACT EVEN THOUGH TINA IS MUCH EASIER TO REMEMBER THAN TCPDA PRIMARY PURPOSE To ensure that the Government is placed on equal footing with

672 views • 19 slides
Active Galactic Nuclei (AGNs): General Astronomy: Another Type of Galactic Fireworks Stars &amp;

Active Galactic Nuclei (AGNs): General Astronomy: Another Type of Galactic Fireworks Stars &amp;

ASTR 1120 REVIEW Active Galactic Nuclei (AGNs): General Astronomy: Another Type of Galactic Fireworks Stars &amp; Galaxies Galaxies with strange stuff going on in their NNOUNCEMENTS NNOUNCEMENTS centers Some galaxies at high

681 views • 11 slides
Realization formulae for bounded holomorphic functions on certain domains and an application to

Realization formulae for bounded holomorphic functions on certain domains and an application to

Realization formulae for bounded holomorphic functions on certain domains and an application to the Carath eodory extremal problem Nicholas Young Leeds and Newcastle Universities Joint work with Jim Agler, UCSD and Zina Lykova, Newcastle

656 views • 17 slides
RECASTING EXPERIMENTAL SEARCHES Michele Papucci LBNL &amp; BCTP Amherst, November 12th, 2015

RECASTING EXPERIMENTAL SEARCHES Michele Papucci LBNL &amp; BCTP Amherst, November 12th, 2015

RECASTING EXPERIMENTAL SEARCHES Michele Papucci LBNL &amp; BCTP Amherst, November 12th, 2015 BSM at the LHC 250-300 analyses SUSY+exotica, CMS+ATLAS, 7+8TeV during run I no significant deviation from the Standard Model, but

389 views • 27 slides
POLI 437: International Relations of Latin America TODAY How to read articles The problem of

POLI 437: International Relations of Latin America TODAY How to read articles The problem of

POLI 437: International Relations of Latin America TODAY How to read articles The problem of causality Reading big tables READING BETTER Amelia Hoover Greene on reading political science better Better = efficiently + good notes Good

631 views • 40 slides
1 &amp; 2 Samuel Series Lesson #086 March 21, 2017 Dean Bible Ministries

1 &amp; 2 Samuel Series Lesson #086 March 21, 2017 Dean Bible Ministries

1 &amp; 2 Samuel Series Lesson #086 March 21, 2017 Dean Bible Ministries www.deanbibleministries.org Dr. Robert L. Dean, Jr. D AVID E SCAPES ; D IVINE G UIDANCE 1 Samuel 23:129 1 Sam. 23:1, Then they told David, saying, Look, the

589 views • 33 slides
Detecting Attacks, Part 1 CS 161 - Computer Security Profs. Vern Paxson &amp; David Wagner TAs:

Detecting Attacks, Part 1 CS 161 - Computer Security Profs. Vern Paxson &amp; David Wagner TAs:

Detecting Attacks, Part 1 CS 161 - Computer Security Profs. Vern Paxson &amp; David Wagner TAs: John Bethencourt, Erika Chin, Matthew Finifter, Cynthia Sturton, Joel Weinberger http://inst.eecs.berkeley.edu/~cs161/ April 7, 2010 The Problem

580 views • 28 slides
Software Security Information Security Prof Hans Georg Schaathun University of Surrey/lesund

Software Security Information Security Prof Hans Georg Schaathun University of Surrey/lesund

Software Security Information Security Prof Hans Georg Schaathun University of Surrey/lesund University College Autumn 2011 Week 12 Prof Hans Georg Schaathun Software Security Autumn 2011 Week 12 1 / 1 The session Outline Prof

1.06k views • 93 slides

More recommend