Abstract
One common technique for preventing data races in multi-threaded programs is to ensure that all accesses to shared locations are consistently protected by a lock. We present a tool called LOCKSMITH for detecting data races in C programs by looking for violations of this pattern. We call the relationship between locks and the locations they protect consistent correlation, and the core of our technique is a novel constraint-based analysis that infers consistent correlation context-sensitively, using the results to check that locations are properly guarded by locks. We present the core of our algorithm for a simple formal language λ> which we have proven sound, and discuss how we scale it up to an algorithm that aims to be sound for all of C. We develop several techniques to improve the precision and performance of the analysis, including a sharing analysis for inferring thread locality; existential quantification for modeling locks in data structures; and heuristics for modeling unsafe features of C such as type casts. When applied to several benchmarks, including multi-threaded servers and Linux device drivers, LOCKSMITH found several races while producing a modest number of false alarm.
- R. Agarwal, A. Sasturkar, L.Wang, and S. D. Stoller. Optimized runtime race detection and atomicity checking using partial discovered types. In ASE, 2005.]] Google Scholar
Digital Library
- R. Agarwal and S. D. Stoller. Type Inference for Parameterized Race-Free Java. In VMCAI, 2004.]]Google Scholar
Cross Ref
- A. Aiken, J. S. Foster, J. Kodumal, and T. Terauchi. Checking and Inferring Local Non-Aliasing. In PLDI, 2003.]] Google Scholar
Digital Library
- A. Alexandrescu, H. Boehm, K. Henney, B. Hutchings, D. Lea, and B. Pugh. Memory model for multithreaded C++: Issues, 2005. http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2005/n1777.pdf.]]Google Scholar
- C. Boyapati, R. Lee, and M. Rinard. Ownership Types for Safe Programming: Preventing Data Races and Deadlocks. In OOPSLA, 2002.]] Google Scholar
Digital Library
- C. Boyapati and M. Rinard. A Parameterized Type System for Race-Free Java Programs. In OOPSLA, 2001.]] Google Scholar
Digital Library
- J.-D. Choi, K. Lee, A. Loginov, R. O'Callahan, V. Sarkar, and M. Sridharan. Efficient and Precise Datarace Detection for Multithreaded Object-Oriented Programs. In PLDI, 2002.]] Google Scholar
Digital Library
- K. Crary, D. Walker, and G. Morrisett. Typed Memory Management in a Calculus of Capabilities. In POPL, 1999.]] Google Scholar
Digital Library
- M. Das, B. Liblit, M. Fähndrich, and J. Rehof. Estimating the Impact of Scalable Pointer Analysis on Optimization. In SAS, 2001.]] Google Scholar
Digital Library
- D. Engler and K. Ashcraft. RacerX: effective, static detection of race conditions and deadlocks. In SOSP, 2003.]] Google Scholar
Digital Library
- M. Fähndrich and R. DeLine. Adoption and Focus: Practical Linear Types for Imperative Programming. In PLDI, 2002.]] Google Scholar
Digital Library
- M. Fähndrich, J. Rehof, and M. Das. From Polymorphic Subtyping to CFL Reachability: Context-Sensitive Flow Analysis Using Instantiation Constraints. Technical Report MSR-TR-99-84, Microsoft Research, 1999.]]Google Scholar
- C. Flanagan and M. Abadi. Types for Safe Locking. In ESOP, 1999.]] Google Scholar
Digital Library
- C. Flanagan and S. N. Freund. Type-Based Race Detection for Java. In PLDI, 2000.]] Google Scholar
Digital Library
- C. Flanagan and S. N. Freund. Detecting race conditions in large programs. In PASTE, 2001.]] Google Scholar
Digital Library
- C. Flanagan and S. N. Freund. Atomizer: A Dynamic Atomicity Checker for Multithreaded Programs. In POPL, 2004.]] Google Scholar
Digital Library
- C. Flanagan and S. N. Freund. Type Inference Against Races. In SAS, 2004.]]Google Scholar
Cross Ref
- C. Flanagan, S. N. Freund, and M. Lifshin. Type Inference for Atomicity. In TLDI, 2005.]] Google Scholar
Digital Library
- C. Flanagan, K. R. M. Leino, M. Lillibridge, G. Nelson, J. B. Saxe, and R. Stata. Extended Static Checking for Java. In PLDI, 2002.]] Google Scholar
Digital Library
- C. Flanagan and S. Qadeer. A Type and Effect System for Atomicity. In PLDI, 2003.]] Google Scholar
Digital Library
- J. S. Foster, T. Terauchi, and A. Aiken. Flow-Sensitive Type Qualifiers. In PLDI, 2002.]] Google Scholar
Digital Library
- D. Grossman. Type-Safe Multithreading in Cyclone. In TLDI, 2003.]] Google Scholar
Digital Library
- D. Grossman, G. Morrisett, T. Jim, M. Hicks, Y.Wang, and J. Cheney. Region-based memory management in Cyclone. In PLDI, 2002.]] Google Scholar
Digital Library
- F. Henglein. Type Inference with Polymorphic Recursion. TOPLAS, 15(2), 1993.]] Google Scholar
Digital Library
- F. Henglein, H. Makholm, and H. Niss. A Direct Approach to Control-Flow Sensitive Region-Based Memory Management. In PPDP, 2001.]] Google Scholar
Digital Library
- T. A. Henzinger, R. Jhala, and R. Majumdar. Race checking by context inference. In PLDI, 2004.]] Google Scholar
Digital Library
- C. Hote. Run-Time Error Detection Through Semantic Analysis, 2004. http://www.polyspace.com/pdf/Semantics_Analysis.pdf.]]Google Scholar
- D. Hovemeyer and W. Pugh. Finding bugs is easy. In OOPSLA Companion, 2004.]] Google Scholar
Digital Library
- R. Johnson and D. Wagner. Finding User/Kernel Bugs With Type Inference. In USENIX Security, 2004.]] Google Scholar
Digital Library
- J. Kodumal and A. Aiken. Banshee: A scalable constraint-based analysis toolkit. In SAS. London, United Kingdom, 2005.]] Google Scholar
Digital Library
- N. Leveson and C. S. Turner. An investigation of the therac-25 accidents, July 1993.]] Google Scholar
Digital Library
- Y. Minamide, G. Morrisett, and R. Harper. Typed closure conversion. In POPL, 1996.]] Google Scholar
Digital Library
- C. Mossin. Flow Analysis of Typed Higher-Order Programs. PhD thesis, DIKU, Department of Computer Science, University of Copenhagen, 1996.]]Google Scholar
- M. Naik, A. Aiken, and J. Whaley. Effective Static Race Detection for Java. In PLDI, 2006. To appear.]] Google Scholar
Digital Library
- G. C. Necula, S. McPeak, S. P. Rahul, and W. Weimer. CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs. In ICCC, 2002.]] Google Scholar
Digital Library
- R. O'Callahan and J.-D. Choi. Hybrid dynamic data race detection. In PPoPP, 2003.]] Google Scholar
Digital Library
- K. Poulsen. Tracking the blackout bug. http://www.securityfocus.com/news/8412, 2004.]]Google Scholar
- P. Pratikakis, M. Hicks, and J. S. Foster. Existential Label Flow Inference via CFL Reachability. Technical Report CS-TR-4700, Department of Computer Science, UMD, 2005. Forthcoming.]]Google Scholar
- S. Qadeer and D. Wu. KISS: keep it simple and sequential. In PLDI, 2004.]] Google Scholar
Digital Library
- J. Rehof and M. Fähndrich. Type-Based Flow Analysis: From Polymorphic Subtyping to CFL-Reachability. In POPL, 2001.]] Google Scholar
Digital Library
- T. Reps, S. Horwitz, and M. Sagiv. Precise Interprocedural Dataflow Analysis via Graph Reachability. In POPL, 1995.]] Google Scholar
Digital Library
- J. C. Reynolds. Towards a Grainless Semantics for Shared Variable Concurrency. In POPL, 2004.]]Google Scholar
Digital Library
- J. Rose, N. Swamy, and M. Hicks. Dynamic inference of polymorphic lock types. Science of Computer Programming, 2005.]] Google Scholar
Digital Library
- S. Savage, M. Burrows, G. Nelson, P. Sobalvarro, and T. Anderson. Eraser: A Dynamic Data Race Detector for Multi-Threaded Programs. In SOSP, 1997.]] Google Scholar
Digital Library
- H. Seidl, V. Vene, and M. Müller-Olm. Global Invariants for Analyzing Multi-threaded Applications. In Proc. of Estonian Academy of Sciences: Phys., Math., volume 52, pages 413--436, 2003.]]Google Scholar
- F. Smith, D. Walker, and G. Morrisett. Alias Types. In ESOP, 2000.]] Google Scholar
Digital Library
- M. Tofte and L. Birkedal. A Region Inference Algorithm. TOPLAS, 20(4), 1998.]] Google Scholar
Digital Library
- R. von Behren, J. Condit, F. Zhou, G. C. Necula, and E. Brewer. Capriccio: Scalable threads for internet services. In SOSP, 2003.]] Google Scholar
Digital Library
- H. Xi and F. Pfenning. Dependent Types in Practical Programming. In POPL, 1999.]] Google Scholar
Digital Library
Index Terms
LOCKSMITH: context-sensitive correlation analysis for race detection
Recommendations
LOCKSMITH: Practical static race detection for C
Locksmith is a static analysis tool for automatically detecting data races in C programs. In this article, we describe each of Locksmith's component analyses precisely, and present systematic measurements that isolate interesting trade-offs between ...
LOCKSMITH: context-sensitive correlation analysis for race detection
PLDI '06: Proceedings of the 27th ACM SIGPLAN Conference on Programming Language Design and ImplementationOne common technique for preventing data races in multi-threaded programs is to ensure that all accesses to shared locations are consistently protected by a lock. We present a tool called LOCKSMITH for detecting data races in C programs by looking for ...
On-the-fly race detection in multi-threaded programs
PADTAD '08: Proceedings of the 6th workshop on Parallel and distributed systems: testing, analysis, and debuggingMulti-core chips enable parallel processing for general purpose applications. Unfortunately, parallel programs may contain synchronization defects. Such defects are difficult to detect due to nondeterministic interleavings of parallel threads. Current ...







Comments