Precisely Deciding Control State Reachability in Concurrent Traces with Limited Observability

We propose a new algorithm for precisely deciding a control state reachability (CSR) problem in runtime verification of concurrent programs, where the trace provides only limited observability of the execution. Under the assumption of limited observability, we know only the type of each event (read, write, lock, unlock, etc.) and the associated shared object, but not the concrete values of these objects or the control/data dependency among these events. Our method is the first sound and complete method for deciding such CSR in traces that involve more than two threads, while handling both standard synchronization primitives and ad hoc synchronizations implemented via shared memory accesses. It relies on a new polygraph based analysis, which is provably more accurate than existing methods based on lockset analysis, acquisition history, universal causality graph, and a recently proposed method based the causally-precedes relation. We have implemented the method in an offline data-race detection tool and demonstrated its effectiveness on multithreaded C/C++ applications.