ABSTRACT
Multithreaded programs are notoriously prone to race conditions, a problem exacerbated by the widespread adoption of multi-core processors with complex memory models and cache coherence protocols. Much prior work has focused on static and dynamic analyses for race detection, but these algorithms typically are unable to distinguish destructive races that cause erroneous behavior from benign races that do not. Performing this classification manually is difficult, time consuming, and error prone.
This paper presents a new dynamic analysis technique that uses adversarial memory to classify race conditions as destructive or benign on systems with relaxed memory models. Unlike a typical language implementation, which may only infrequently exhibit non-sequentially consistent behavior, our adversarial memory implementation exploits the full freedom of the memory model to return older, unexpected, or stale values for memory reads whenever possible, in an attempt to crash the target program (that is, to force the program to behave erroneously). A crashing execution provides concrete evidence of a destructive bug, and this bug can be strongly correlated with a specific race condition in the target program.
Experimental results with our Jumble prototype for Java demonstrate that adversarial memory is highly effective at identifying destructive race conditions, and in distinguishing them from race conditions that are real but benign. Adversarial memory can also reveal destructive races that would not be detected by traditional testing (even after thousands of runs) or by model checkers that assume sequential consistency.
- M. Abadi, C. Flanagan, and S. N. Freund. Types for safe locking: Static race detection for Java. TOPLAS, 28(2):207--255, 2006. Google Scholar
Digital Library
- S. V. Adve and K. Gharachorloo. Shared memory consistency models: A tutorial. IEEE Computer, 29(12):66--76, 1996. Google Scholar
Digital Library
- S. V. Adve, M. D. Hill, B. P. Miller, and R. H. B. Netzer. Detecting data races on weak memory systems. In ISCA, pages 234--243, 1991. Google Scholar
Digital Library
- R. Agarwal and S. D. Stoller. Type inference for parameterized race-free Java. In VMCAI, pages 149--160, 2004.Google Scholar
Cross Ref
- A. Aiken and D. Gay. Barrier inference. In POPL, pages 243--354, 1998. Google Scholar
Digital Library
- M. D. Bond, K. E. Coons, and K. S. McKinley. Pacer: Proportional detection of data races. In PLDI, 2010. Google Scholar
Digital Library
- G. Boudol and G. Petri. Relaxed memory models: an operational approach. In POPL, pages 392--403, 2009. Google Scholar
Digital Library
- C. Boyapati and M. Rinard. A parameterized type system for race-free Java programs. In OOPSLA, pages 56--69, 2001. Google Scholar
Digital Library
- J. Burnim, K. Sen, and C. Stergiou. Sound and complete monitoring of sequential consistency in relaxed memory models. Technical Report UCB/EECS-2010-31, EECS Department, University of California, Berkeley, 2010.Google Scholar
- J. Burnim, K. Sen, and C. Stergiou. Testing concurrent programs on relaxed memory models. Technical Report UCB/EECS-2010-32, EECS Department, University of California, Berkeley, 2010.Google Scholar
- A. T. Chamillard, L. A. Clarke, and G. S. Avrunin. An empirical comparison of static concurrency analysis techniques. Technical Report 96-084, Department of Computer Science, University of Massachusetts at Amherst, 1996.Google Scholar
Digital Library
- J.-D. Choi, K. Lee, A. Loginov, R. O'Callahan, V. Sarkar, and M. Sridhara. Efficient and precise datarace detection for multithreaded object-oriented programs. In PLDI, pages 258--269, 2002. Google Scholar
Digital Library
- J.-D. Choi, B. P. Miller, and R. H. B. Netzer. Techniques for debugging parallel programs with flowback analysis. TOPLAS, 13(4):491--530, 1991. Google Scholar
Digital Library
- M. Christiaens and K. D. Bosschere. TRaDe: Data Race Detection for Java. In International Conference on Computational Science, pages 761--770, 2001. Google Scholar
Digital Library
- T. Elmas, S. Qadeer, and S. Tasiran. Goldilocks: A race and transaction-aware Java runtime. In PLDI, pages 245--255, 2007. Google Scholar
Digital Library
- D. R. Engler and K. Ashcraft. RacerX: Effective, static detection of race conditions and deadlocks. In SOSP, pages 237--252, 2003. Google Scholar
Digital Library
- C. Flanagan and S. N. Freund. FastTrack: Efficient and precise dynamic race detection. In PLDI, pages 121--133, 2009. Google Scholar
Digital Library
- C. Flanagan and S. N. Freund. The RoadRunner dynamic analysis framework for concurrent programs. In ACM Workshop on Program Analysis for Software Tools and Engineering, 2010. Google Scholar
Digital Library
- K. Gharachorloo. Memory Consistency Models for Shared-Memory Multiprocessors. PhD thesis, Stanford University, 1995. Google Scholar
Digital Library
- D. Grossman. Type-safe multithreading in Cyclone. In TLDI, pages 13--25, 2003.Google Scholar
Digital Library
- Java Grande Forum. Java Grande benchmark suite. Available at http://www.javagrande.org/, 2008.Google Scholar
- L. Lamport. How to make a multiprocessor computer that correctly executes multiprocess programs. IEEE Trans. Comput., 28(9):690--691, 1979. Google Scholar
Digital Library
- R. J. Lipton. Reduction: A method of proving properties of parallel programs. Communications of the ACM, 18(12):717--721, 1975. Google Scholar
Digital Library
- S. Lu, S. Park, C. Hu, X. Ma, W. Jiang, Z. Li, R. A. Popa, and Y. Zhou. Muvi: automatically inferring multi-variable access correlations and detecting related semantic and concurrency bugs. In SOSP, pages 103--116, 2007. Google Scholar
Digital Library
- J. Manson, W. Pugh, and S. V. Adve. The Java memory model. In POPL, pages 378--391, 2005. Google Scholar
Digital Library
- F. Mattern. Virtual time and global states of distributed systems. In Workshop on Parallel and Distributed Algorithms, 1988.Google Scholar
- M. Musuvathi, S. Qadeer, T. Ball, G. Basler, P. A. Nainar, and I. Neamtiu. Finding and reproducing heisenbugs in concurrent programs. In OSDI, 2008. Google Scholar
Digital Library
- M. Naik, A. Aiken, and J. Whaley. Effective static race detection for Java. In PLDI, pages 308--319, 2006. Google Scholar
Digital Library
- S. Narayanasamy, Z. Wang, J. Tigani, A. Edwards, and B. Calder. Automatically classifying benign and harmful data races using replay analysis. In PLDI, pages 22--31, 2007. Google Scholar
Digital Library
- H. Nishiyama. Detecting data races using dynamic escape analysis based on read barrier. In Virtual Machine Research and Technology Symposium, pages 127--138, 2004. Google Scholar
Digital Library
- S. Owens, S. Sarkar, and P. Sewell. A better x86 memory model: x86-TSO. In TPHOLs, pages 391--407, 2009. Google Scholar
Digital Library
- E. Pozniansky and A. Schuster. Efficient on-the-fly data race detection in multihreaded C++ programs. In PPOPP, pages 179--190, 2003. Google Scholar
Digital Library
- E. Pozniansky and A. Schuster. MultiRace: Efficient on-the-fly data race detection in multithreaded C++ programs. Concurrency and Computation: Practice and Experience, 19(3):327--340, 2007. Google Scholar
Digital Library
- M. Ronsse and K. D. Bosschere. RecPlay: A fully integrated practical record/replay system. TCS, 17(2):133--152, 1999. Google Scholar
Digital Library
- S. Savage, M. Burrows, G. Nelson, P. Sobalvarro, and T. E. Anderson. Eraser: A dynamic data race detector for multi-threaded programs. TOCS, 15(4):391--411, 1997. Google Scholar
Digital Library
- K. Sen. Race directed random testing of concurrent programs. In PLDI, pages 11--21, 2008. Google Scholar
Digital Library
- Standard Performance Evaluation Corporation. SPEC benchmarks. http://www.spec.org/, 2003.Google Scholar
- N. Sterling. Warlock: A static data race analysis tool. In USENIX Winter Technical Conference, pages 97--106, 1993.Google Scholar
- M. Vaziri, F. Tip, and J. Dolby. Associating synchronization constraints with data in an object-oriented language. In POPL, pages 334--345, 2006. Google Scholar
Digital Library
- W. Visser and P. C. Mehlitz. Model checking programs with Java PathFinder. In SPIN, page 27, 2005. Google Scholar
Digital Library
- C. von Praun and T. Gross. Object race detection. In OOPSLA, pages 70--82, 2001. Google Scholar
Digital Library
- C. von Praun and T. Gross. Static conflict analysis for multi-threaded object-oriented programs. In PLDI, pages 115--128, 2003. Google Scholar
Digital Library
- J. W. Voung, R. Jhala, and S. Lerner. Relay: Static race detection on millions of lines of code. In FSE, pages 205--214, 2007. Google Scholar
Digital Library
- E. Yahav. Verifying safety properties of concurrent Java programs using 3-valued logic. In POPL, pages 27--40, 2001. Google Scholar
Digital Library
- Y. Yu, T. Rodeheffer, and W. Chen. RaceTrack: Efficient detection of data race conditions via adaptive tracking. In SOSP, pages 221--234, 2005. Google Scholar
Digital Library
Index Terms
Adversarial memory for detecting destructive races
Recommendations
FastTrack: efficient and precise dynamic race detection
PLDI '09\begin{abstract}
Multithreaded programs are notoriously prone to race conditions. Prior work on dynamic race detectors includes fast but imprecise race detectors that report false alarms, as well as slow but precise race detectors that never report ...
Adversarial memory for detecting destructive races
PLDI '10Multithreaded programs are notoriously prone to race conditions, a problem exacerbated by the widespread adoption of multi-core processors with complex memory models and cache coherence protocols. Much prior work has focused on static and dynamic ...
Detecting concurrency memory corruption vulnerabilities
ESEC/FSE 2019: Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software EngineeringMemory corruption vulnerabilities can occur in multithreaded executions, known as concurrency vulnerabilities in this paper. Due to non-deterministic multithreaded executions, they are extremely difficult to detect. Recently, researchers tried to apply ...







Comments