skip to main content
research-article
Free Access

LOCKSMITH: Practical static race detection for C

Published:25 January 2011Publication History
Skip Abstract Section

Abstract

Locksmith is a static analysis tool for automatically detecting data races in C programs. In this article, we describe each of Locksmith's component analyses precisely, and present systematic measurements that isolate interesting trade-offs between precision and efficiency in each analysis. Using a benchmark suite comprising stand-alone applications and Linux device drivers totaling more than 200,000 lines of code, we found that a simple no-worklist strategy yielded the most efficient interprocedural dataflow analysis; that our sharing analysis was able to determine that most locations are thread-local, and therefore need not be protected by locks; that modeling C structs and void pointers precisely is key to both precision and efficiency; and that context sensitivity yields a much more precise analysis, though with decreased scalability. Put together, our results illuminate some of the key engineering challenges in building Locksmith and data race detection analyses in particular, and constraint-based program analyses in general.

References

  1. Agarwal, R., Sasturkar, A., Wang, L., and Stoller, S. D. 2005. Optimized run-time race detection and atomicity checking using partial discovered types. In Proceedings of the 20th IEEE/ACM International Conference on Automated Software Engineering ASE'05. ACM Press, New York, NY, 233--242. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Agarwal, R. and Stoller, S. D. 2004. Type inference for parameterized race-free java. In Proceedings of the 5th International Conference on Verification, Model Checking and Abstract Interpretation. Lecture Notes in Computer Science, vol. 2937. Springer-Verlag, 149--160.Google ScholarGoogle Scholar
  3. Aho, A. V. and Ullman, J. D. 1977. Principles of Compiler Design (Addison-Wesley Series in Computer Science and Information Processing). Addison-Wesley Longman Publishing Co., Inc., Boston, MA. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Aiken, A., Foster, J. S., Kodumal, J., and Terauchi, T. 2003. Checking and inferring local non-aliasing. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI'03). ACM Press, New York, NY, 129--140. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Alexandrescu, A., Boehm, H., Henney, K., Hutchings, B., Lea, D., and Pugh, B. 2005. Memory model for multithreaded c++: Issues. http://en.scientificcommons.org/42366732.Google ScholarGoogle Scholar
  6. Boyapati, C. and Rinard, M. 2001. A parameterized type system for race-free java programs. In Proceedings of the 16th ACM SIGPLAN Conference on Object Oriented Programming, Systems, Languages, and Applications. (OOPSLA'01). ACM Press, New York, NY, 56--69. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Choi, J.-D., Lee, K., Loginov, A., O'Callahan, R., Sarkar, V., and Sridharan, M. 2002. Efficient and precise datarace detection for multithreaded object-oriented programs. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI'02). ACM Press, New York, NY, 258--269. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Cooper, K. D., Harvey, T. J., and Kennedy, K. 2004. Iterative data-flow analysis, revisited. Tech. rep. TR04-100, Department of Computer Science, Rice University.Google ScholarGoogle Scholar
  9. Crary, K., Walker, D., and Morrisett, G. 1999. Typed memory management in a calculus of capabilities. In Proceedings of the 26th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. (POPL'99). ACM Press, New York, NY, 262--275. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Engler, D. and Ashcraft, K. 2003. Racerx: effective, static detection of race conditions and deadlocks. In Proceedings of the 19th ACM Symposium on Operating Systems Principles (SOSP'03). ACM Press, New York, NY, 237--252. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Fahndrich, M. and DeLine, R. 2002. Adoption and focus: practical linear types for imperative programming. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI'02). ACM Press, New York, NY, 13--24. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Fähndrich, M., Rehof, J., and Das, M. 2000. Scalable context-sensitive flow analysis using instantiation constraints. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI'00). ACM, New York, NY, 253--263. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Flanagan, C. and Abadi, M. 1999. Types for safe locking. In Proceedings of the 8th European Symposium on Programming Languages and Systems (ESOP'99). Springer-Verlag, 91--108. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Flanagan, C. and Freund, S. N. 2000. Type-based race detection for java. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI'00). ACM Press, New York, NY, 219--232. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Flanagan, C. and Freund, S. N. 2001. Detecting race conditions in large programs. In Proceedings of the ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering (PASTE'01). ACM Press, New York, NY, 90--96. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Flanagan, C. and Freund, S. N. 2004. Atomizer: a dynamic atomicity checker for multithreaded programs. In Proceedings of the 31st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL'04). ACM Press, New York, NY, 256--267. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Flanagan, C. and Freund, S. N. 2007. Type inference against races. Sci. Comput. Program. 64, 1, 140--165. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Flanagan, C., Freund, S. N., and Lifshin, M. 2005. Type inference for atomicity. In Proceedings of the ACM SIGPLAN International Workshop on Types in Languages Design and Implementation (TLDI'05). ACM Press, New York, NY, 47--58. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Flanagan, C., Leino, K. R. M., Lillibridge, M., Nelson, G., Saxe, J. B., and Stata, R. 2002. Extended static checking for java. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI'02). ACM Press, New York, NY, 234--245. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Flanagan, C. and Qadeer, S. 2003. A type and effect system for atomicity. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI'03). ACM Press, New York, NY, 338--349. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Foster, J. S., Johnson, R., Kodumal, J., and Aiken, A. 2006. Flow-insensitive type qualifiers. ACM Trans. Program. Lang. Syst. 28, 6, 1035--1087. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Foster, J. S., Terauchi, T., and Aiken, A. 2002. Flow-sensitive type qualifiers. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI'02). ACM Press, New York, NY, 1--12. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Grossman, D. 2003. Type-safe multithreading in cyclone. In Proceedings of the ACM SIGPLAN International Workshop on Types in Languages Design and Implementation (TLDI'03). ACM Press, New York, NY, 13--25. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Heintze, N. and Tardieu, O. 2001. Ultra-fast aliasing analysis using cla: a million lines of c code in a second. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI'01). ACM, New York, NY, 254--263. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Henglein, F. 1993. Type inference with polymorphic recursion. ACM Trans. Program. Lang. Syst. 15, 2, 253--289. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Henglein, F., Makholm, H., and Niss, H. 2001. A direct approach to control-flow sensitive region-based memory management. In Proceedings of the 3rd ACM SIGPLAN International Conference on Principles and Practice of Declarative Programming (PPDP'01). ACM Press, New York, NY, 175--186. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Henzinger, T. A., Jhala, R., and Majumdar, R. 2004. Race checking by context inference. SIGPLAN No. 39, 6, 1--13. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Hote, C. 2004. Runtime error detection through semantic analysis. http//nesl.ee.ucla.edu/courses/ee202a/2005f/papers/Semantic_Analysis.pdf.Google ScholarGoogle Scholar
  29. Intel. 2007. Teraflops research chip. http//techresearch.intel.com/ProjectDetails.aspx?Id=151.Google ScholarGoogle Scholar
  30. Johnson, R. and Wagner, D. 2004. Finding user/kernel pointer bugs with type inference. In Proceedings of the 13th Conference on USENIX Security Symposium (SSYM'04). USENIX Association, Berkeley, CA, 9--9. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. Kodumal, J. and Aiken, A. 2004. The set constraint/cfl reachability connection in practice. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI'04). ACM, New York, NY, 207--218. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Kodumal, J. and Aiken, A. 2005. Banshee: A scalable constraint-based analysis toolkit. In Proceedings of the 12th International Static Analaysis Symposium. C. Hankin and I. Siveroni, Eds. Lecture Notes in Computer Science, vol. 3672. Springer, 218--234. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Lamport, L. 1978. Time, clocks, and the ordering of events in a distributed system. Comm. ACM 21, 7, 558--565. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. Leveson, N. G. and Turner, C. S. 1993. An investigation of the therac-25 accidents. Computer 26, 7, 18--41. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. Manson, J., Pugh, W., and Adve, S. V. 2005. The java memory model. In Proceedings of the 32nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL'05). ACM Press, New York, NY, 378--391. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. Mossin, C. 1996. Flow Analysis of Typed Higher-Order Programs. Ph.D. thesis, DIKU, Department of Computer Science, University of Copenhagen.Google ScholarGoogle Scholar
  37. Naik, M. and Aiken, A. 2007. Conditional must not aliasing for static race detection. SIGPLAN No. 42, 1, 327--338. Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. Naik, M., Aiken, A., and Whaley, J. 2006. Effective static race detection for java. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI'06). ACM Press, New York, NY, 308--319. Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. Neamtiu, I., Hicks, M., Foster, J. S., and Pratikakis, P. 2008. Contextual effects for version-consistent dynamic software updating and safe concurrent programming. In Proceedings of the ACM Conference on Principles of Programming Languages (POPL). ACM, New York, NY, 37--50. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. Necula, G. C., McPeak, S., Rahul, S. P., and Weimer, W. 2002. Cil: Intermediate language and tools for analysis and transformation of c programs. In Proceedings of the 11th International Conference on Compiler Construction (CC'02). Springer-Verlag, 213--228. Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. News.com. 2007. Designer puts 96 cores on single chip. http//news.com.com/Designer+puts+96+cores+on+single+chip/2100-1006_3-5399128.html.Google ScholarGoogle Scholar
  42. O'Callahan, R. and Choi, J.-D. 2003. Hybrid dynamic data race detection. In Proceedings of the 9th ACM SIGPLAN Symposium on Principles and Practice of Parallel Programming (PPoPP'03). ACM Press, New York, NY, 167--178. Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. Pierce, B. C. 2002. Types and Programming Languages. MIT Press, Cambridge, MA. Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. Poulsen, K. 2004. Tracking the blackout bug. http://www.securityfocus.com/news/8412.Google ScholarGoogle Scholar
  45. Pratikakis, P., Foster, J. S., and Hicks, M. 2006a. Existential label flow inference via CFL reachability. In Proceedings of the Static Analysis Symposium (SAS). Springer, 88--106. Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. Pratikakis, P., Foster, J. S., and Hicks, M. 2006b. Locksmith: context-sensitive correlation analysis for race detection. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI'06). ACM Press, New York, NY, 320--331. Google ScholarGoogle ScholarDigital LibraryDigital Library
  47. Qadeer, S. and Wu, D. 2004. Kiss: keep it simple and sequential. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI'04). ACM Press, New York, NY, 14--24. Google ScholarGoogle ScholarDigital LibraryDigital Library
  48. Rehof, J. and Fähndrich, M. 2001. Type-base flow analysis: from polymorphic subtyping to cfl-reachability. In Proceedings of the 28th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL'01). ACM Press, New York, NY, 54--66. Google ScholarGoogle ScholarDigital LibraryDigital Library
  49. Reps, T., Horwitz, S., and Sagiv, M. 1995. Precise interprocedural dataflow analysis via graph reachability. In Proceedings of the 22nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL'95). ACM Press, New York, NY, 49--61. Google ScholarGoogle ScholarDigital LibraryDigital Library
  50. Reynolds, J. C. 2004. Toward a grainless semantics for shared-variable concurrency. In Proceedings of the Conference on Foundations of Software Technology and Theoretical Computer Science, K. Lodaya and M. Mahajan, Eds. Lecture Notes in Computer Science, vol. 3328. Springer, 35--48. Google ScholarGoogle ScholarDigital LibraryDigital Library
  51. Rose, J., Swamy, N., and Hicks, M. 2005. Dynamic inference of polymorphic lock types. Sci. Comput. Program. 58, 3, 366--383. Google ScholarGoogle ScholarDigital LibraryDigital Library
  52. Savage, S., Burrows, M., Nelson, G., Sobalvarro, P., and Anderson, T. 1997. Eraser: A dynamic data race detector for multithreaded programs. ACM Trans. Comput. Syst. 15, 4, 391--411. Google ScholarGoogle ScholarDigital LibraryDigital Library
  53. Seidl, H., Vene, V., and Müller-Olm, M. 2003. Global invariants for analyzing multi-threaded applications. Proc. Estonian Acad. Sci. Phys. Math, 413-436.Google ScholarGoogle Scholar
  54. Siff, M., Chandra, S., Ball, T., Kunchithapadam, K., and Reps, T. 1999. Coping with type casts in c. In Proceedings of the 7th European Software Engineering Conference Held Jointly with the 7th ACM SIGSOFT International Symposium on Foundations of Software Engineering. Springer-Verlag, 180--198. Google ScholarGoogle ScholarDigital LibraryDigital Library
  55. Smith, F., Walker, D., and Morrisett, J. G. 2000. Alias types. In Proceedings of the 9th European Symposium on Programming Languages and Systems (ESOP'00). Springer-Verlag, 366--381. Google ScholarGoogle ScholarDigital LibraryDigital Library
  56. Talpin, J.-P. and Jouvelot, P. 1994. The type and effect discipline. Inform. Comput. 111, 2, 245--296. Google ScholarGoogle ScholarDigital LibraryDigital Library
  57. Terauchi, T. 2008. Checking race freedom via linear programming. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI'08). ACM, New York, NY, 1--10. Google ScholarGoogle ScholarDigital LibraryDigital Library
  58. Tofte, M. and Birkedal, L. 1998. A region inference algorithm. ACM Trans. Program. Lang. Syst. 20, 4, 724--767. Google ScholarGoogle ScholarDigital LibraryDigital Library
  59. von Praun, C. and Gross, T. R. 2003. Static conflict analysis for multi-threaded object-oriented programs. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI'03). ACM, New York, NY, 115--128. Google ScholarGoogle ScholarDigital LibraryDigital Library
  60. Voung, J. W., Jhala, R., and Lerner, S. 2007. Relay: static race detection on millions of lines of code. In Proceedings of the 6th joint meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC-FSE'07). ACM, New York, NY, 205--214. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. LOCKSMITH: Practical static race detection for C

              Recommendations

              Reviews

              Prahladavaradan Sampath

              We can judge the maturity of a field of scientific inquiry by the nature of the papers published in peer-reviewed journals. This paper indicates that the field of program analysis is reaching a level of maturity-it does not simply focus on novelty and theory, but is also concerned with the practical application of the theory, with some thought given to the repeatability of the results. This paper describes the implementation of a data race analysis for C programs. The authors describe their design decisions and back up these decisions with experimental data from the analysis of a benchmark suite of programs. The data race analysis is composed of a number of smaller analyses that are each specified as constraint satisfaction problems implemented using a dataflow framework. The design of the analyses is motivated by data collected from different experiments. In some cases, the data reinforces folklore, such as the fact that context sensitivity can improve both precision and efficiency. In Sections 4 and 5, the authors dwell in detail on many forms of context sensitivity that improve precision and efficiency. In other cases, the data is surprising: take, for example, the fact that a no-worklist strategy is apparently better than a worklist strategy. The most technically complex part of the paper is Section 6, on universal and existential context sensitivity. Here, however, the authors could have made more of an effort to explain these concepts and their application, as they did in earlier sections. Overall, this paper is an important contribution to the literature. Due to the availability of the full implementation on the authors' Web site (http://www.cs.umd.edu/projects/PL/locksmith/) and the easy availability of the benchmark suite, this paper should encourage more experimental and application-oriented work in program analysis. Online Computing Reviews Service

              Access critical reviews of Computing literature here

              Become a reviewer for Computing Reviews.

              Comments

              Login options

              Check if you have access through your login credentials or your institution to get full access on this article.

              Sign in

              Full Access

              PDF Format

              View or Download as a PDF file.

              PDF

              eReader

              View online with eReader.

              eReader
              About Cookies On This Site

              We use cookies to ensure that we give you the best experience on our website.

              Learn more

              Got it!