skip to main content
article

LOCKSMITH: context-sensitive correlation analysis for race detection

Published:11 June 2006Publication History
Skip Abstract Section

Abstract

One common technique for preventing data races in multi-threaded programs is to ensure that all accesses to shared locations are consistently protected by a lock. We present a tool called LOCKSMITH for detecting data races in C programs by looking for violations of this pattern. We call the relationship between locks and the locations they protect consistent correlation, and the core of our technique is a novel constraint-based analysis that infers consistent correlation context-sensitively, using the results to check that locations are properly guarded by locks. We present the core of our algorithm for a simple formal language λ> which we have proven sound, and discuss how we scale it up to an algorithm that aims to be sound for all of C. We develop several techniques to improve the precision and performance of the analysis, including a sharing analysis for inferring thread locality; existential quantification for modeling locks in data structures; and heuristics for modeling unsafe features of C such as type casts. When applied to several benchmarks, including multi-threaded servers and Linux device drivers, LOCKSMITH found several races while producing a modest number of false alarm.

References

  1. R. Agarwal, A. Sasturkar, L.Wang, and S. D. Stoller. Optimized runtime race detection and atomicity checking using partial discovered types. In ASE, 2005.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. R. Agarwal and S. D. Stoller. Type Inference for Parameterized Race-Free Java. In VMCAI, 2004.]]Google ScholarGoogle ScholarCross RefCross Ref
  3. A. Aiken, J. S. Foster, J. Kodumal, and T. Terauchi. Checking and Inferring Local Non-Aliasing. In PLDI, 2003.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. A. Alexandrescu, H. Boehm, K. Henney, B. Hutchings, D. Lea, and B. Pugh. Memory model for multithreaded C++: Issues, 2005. http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2005/n1777.pdf.]]Google ScholarGoogle Scholar
  5. C. Boyapati, R. Lee, and M. Rinard. Ownership Types for Safe Programming: Preventing Data Races and Deadlocks. In OOPSLA, 2002.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. C. Boyapati and M. Rinard. A Parameterized Type System for Race-Free Java Programs. In OOPSLA, 2001.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. J.-D. Choi, K. Lee, A. Loginov, R. O'Callahan, V. Sarkar, and M. Sridharan. Efficient and Precise Datarace Detection for Multithreaded Object-Oriented Programs. In PLDI, 2002.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. K. Crary, D. Walker, and G. Morrisett. Typed Memory Management in a Calculus of Capabilities. In POPL, 1999.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. M. Das, B. Liblit, M. Fähndrich, and J. Rehof. Estimating the Impact of Scalable Pointer Analysis on Optimization. In SAS, 2001.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. D. Engler and K. Ashcraft. RacerX: effective, static detection of race conditions and deadlocks. In SOSP, 2003.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. M. Fähndrich and R. DeLine. Adoption and Focus: Practical Linear Types for Imperative Programming. In PLDI, 2002.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. M. Fähndrich, J. Rehof, and M. Das. From Polymorphic Subtyping to CFL Reachability: Context-Sensitive Flow Analysis Using Instantiation Constraints. Technical Report MSR-TR-99-84, Microsoft Research, 1999.]]Google ScholarGoogle Scholar
  13. C. Flanagan and M. Abadi. Types for Safe Locking. In ESOP, 1999.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. C. Flanagan and S. N. Freund. Type-Based Race Detection for Java. In PLDI, 2000.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. C. Flanagan and S. N. Freund. Detecting race conditions in large programs. In PASTE, 2001.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. C. Flanagan and S. N. Freund. Atomizer: A Dynamic Atomicity Checker for Multithreaded Programs. In POPL, 2004.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. C. Flanagan and S. N. Freund. Type Inference Against Races. In SAS, 2004.]]Google ScholarGoogle ScholarCross RefCross Ref
  18. C. Flanagan, S. N. Freund, and M. Lifshin. Type Inference for Atomicity. In TLDI, 2005.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. C. Flanagan, K. R. M. Leino, M. Lillibridge, G. Nelson, J. B. Saxe, and R. Stata. Extended Static Checking for Java. In PLDI, 2002.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. C. Flanagan and S. Qadeer. A Type and Effect System for Atomicity. In PLDI, 2003.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. J. S. Foster, T. Terauchi, and A. Aiken. Flow-Sensitive Type Qualifiers. In PLDI, 2002.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. D. Grossman. Type-Safe Multithreading in Cyclone. In TLDI, 2003.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. D. Grossman, G. Morrisett, T. Jim, M. Hicks, Y.Wang, and J. Cheney. Region-based memory management in Cyclone. In PLDI, 2002.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. F. Henglein. Type Inference with Polymorphic Recursion. TOPLAS, 15(2), 1993.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. F. Henglein, H. Makholm, and H. Niss. A Direct Approach to Control-Flow Sensitive Region-Based Memory Management. In PPDP, 2001.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. T. A. Henzinger, R. Jhala, and R. Majumdar. Race checking by context inference. In PLDI, 2004.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. C. Hote. Run-Time Error Detection Through Semantic Analysis, 2004. http://www.polyspace.com/pdf/Semantics_Analysis.pdf.]]Google ScholarGoogle Scholar
  28. D. Hovemeyer and W. Pugh. Finding bugs is easy. In OOPSLA Companion, 2004.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. R. Johnson and D. Wagner. Finding User/Kernel Bugs With Type Inference. In USENIX Security, 2004.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. J. Kodumal and A. Aiken. Banshee: A scalable constraint-based analysis toolkit. In SAS. London, United Kingdom, 2005.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. N. Leveson and C. S. Turner. An investigation of the therac-25 accidents, July 1993.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Y. Minamide, G. Morrisett, and R. Harper. Typed closure conversion. In POPL, 1996.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. C. Mossin. Flow Analysis of Typed Higher-Order Programs. PhD thesis, DIKU, Department of Computer Science, University of Copenhagen, 1996.]]Google ScholarGoogle Scholar
  34. M. Naik, A. Aiken, and J. Whaley. Effective Static Race Detection for Java. In PLDI, 2006. To appear.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. G. C. Necula, S. McPeak, S. P. Rahul, and W. Weimer. CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs. In ICCC, 2002.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. R. O'Callahan and J.-D. Choi. Hybrid dynamic data race detection. In PPoPP, 2003.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. K. Poulsen. Tracking the blackout bug. http://www.securityfocus.com/news/8412, 2004.]]Google ScholarGoogle Scholar
  38. P. Pratikakis, M. Hicks, and J. S. Foster. Existential Label Flow Inference via CFL Reachability. Technical Report CS-TR-4700, Department of Computer Science, UMD, 2005. Forthcoming.]]Google ScholarGoogle Scholar
  39. S. Qadeer and D. Wu. KISS: keep it simple and sequential. In PLDI, 2004.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. J. Rehof and M. Fähndrich. Type-Based Flow Analysis: From Polymorphic Subtyping to CFL-Reachability. In POPL, 2001.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. T. Reps, S. Horwitz, and M. Sagiv. Precise Interprocedural Dataflow Analysis via Graph Reachability. In POPL, 1995.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. J. C. Reynolds. Towards a Grainless Semantics for Shared Variable Concurrency. In POPL, 2004.]]Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. J. Rose, N. Swamy, and M. Hicks. Dynamic inference of polymorphic lock types. Science of Computer Programming, 2005.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. S. Savage, M. Burrows, G. Nelson, P. Sobalvarro, and T. Anderson. Eraser: A Dynamic Data Race Detector for Multi-Threaded Programs. In SOSP, 1997.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. H. Seidl, V. Vene, and M. Müller-Olm. Global Invariants for Analyzing Multi-threaded Applications. In Proc. of Estonian Academy of Sciences: Phys., Math., volume 52, pages 413--436, 2003.]]Google ScholarGoogle Scholar
  46. F. Smith, D. Walker, and G. Morrisett. Alias Types. In ESOP, 2000.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  47. M. Tofte and L. Birkedal. A Region Inference Algorithm. TOPLAS, 20(4), 1998.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  48. R. von Behren, J. Condit, F. Zhou, G. C. Necula, and E. Brewer. Capriccio: Scalable threads for internet services. In SOSP, 2003.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  49. H. Xi and F. Pfenning. Dependent Types in Practical Programming. In POPL, 1999.]] Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. LOCKSMITH: context-sensitive correlation analysis for race detection

            Recommendations

            Comments

            Login options

            Check if you have access through your login credentials or your institution to get full access on this article.

            Sign in

            Full Access

            PDF Format

            View or Download as a PDF file.

            PDF

            eReader

            View online with eReader.

            eReader
            About Cookies On This Site

            We use cookies to ensure that we give you the best experience on our website.

            Learn more

            Got it!