Static code analysis in multi-threaded environments

Who can understand his errors? Cleanse thou me from secret faults. Preface The notion that software might contain errors dates back to the famous annotations of Lady Ada Lovelace to the description of the Analytical Engine designed by Charles Babbage[36] where she states: " Granted that the actual mechanism [of the Analytic Engine] is unerring in its processes, the cards may give it wrong orders. This is unquestionably the case; but there is much less chance of error, and likewise far less expenditure of time and labour, where operations only, and the distribution of these operations, have to be made out, than where explicit numerical results are to be attained. " Despite Lady Lovelace's assessment, errors in software (i.e. today's equivalent of cards that give wrong orders) have become a predominant concern in software development and software engineering. Nowadays, the vast majority of software engineers and hackers alike believes that all sufficiently complex software has bugs. Solutions that have been proposed to uncover bugs reach from testing on the one hand to rigorous formal proofs of correctness on the other hand. In this work we follow an intermediate approach that tries to use sound and conservative static code analysis techniques to avoid certain classes of bugs without having to conduct a full blown formal proof of correctness. The methods developed in this work are tailored to concurrent systems where global data is shared between all threads. While this requirement is not strictly necessary for the soundness of the analysis we shall see that it greatly increases the accuracy. In this context accuracy refers to the likelihood that a problem reported by the analysis is caused by an actual bug in the software and not by an inadequacy of the analysis methods. The usefulness of the methods presented will be supported by several case studies conducted on real life software systems of significant size. Nevertheless, I am convinced that in software engineering there is no Holy Grail that software can gain eternal bug free life from. As a corollary this Holy Grail cannot be expected to be found in this work. Thus, readers are encouraged to use the methods described in this work to supplement but not to replace existing bug prevention and software quality techniques. 1 2 Acknowledgments This work has been developed at the Institute of Applied Information Processing at the University of Ulm. I would like to express …

[1]  Mark N. Wegman,et al.  Efficiently computing static single assignment form and the control dependence graph , 1991, TOPL.

[2]  Ken Kennedy,et al.  Constructing the Procedure Call Multigraph , 1990, IEEE Trans. Software Eng..

[3]  David S. Johnson,et al.  Some simplified NP-complete problems , 1974, STOC '74.

[4]  Elizabeth N. Fong,et al.  Proceedings of the Static Analysis Summit , 2006 .

[5]  Wolfgang Reif,et al.  Interactive correctness proofs for software modules using KIV , 1995, COMPASS '95 Proceedings of the Tenth Annual Conference on Computer Assurance Systems Integrity, Software Safety and Process Security'.

[6]  Junfeng Yang,et al.  Correlation exploitation in error ranking , 2004, SIGSOFT '04/FSE-12.

[7]  John D. Musa,et al.  Software reliability - measurement, prediction, application , 1987, McGraw-Hill series in software engineering and technology.

[8]  Jan Tretmans,et al.  Testing Concurrent Systems: A Formal Approach , 1999, CONCUR.

[9]  Martin Middendorf More on the Complexity of Common Superstring and Supersequence Problems , 1994, Theor. Comput. Sci..

[10]  Andy Chou,et al.  Bugs as Inconsistent Behavior: A General Approach to Inferring Errors in Systems Code. , 2001, SOSP 2001.

[11]  Sorin Lerner,et al.  ESP: path-sensitive program verification in polynomial time , 2002, PLDI '02.

[12]  H. Seidl,et al.  Global invariants for analysing multi-threaded applications , 2003, Proceedings of the Estonian Academy of Sciences. Physics. Mathematics.

[13]  Takao Asano,et al.  Edge-deletion and edge-contraction problems , 1982, STOC '82.

[14]  Paul E. McKenney,et al.  Scaling dcache with RCU , 2004 .

[15]  M. Petró‐Turza,et al.  The International Organization for Standardization. , 2003 .

[16]  John M. Lewis,et al.  The Node-Deletion Problem for Hereditary Properties is NP-Complete , 1980, J. Comput. Syst. Sci..

[17]  Dawson R. Engler,et al.  Checking system rules using system-specific, programmer-written compiler extensions , 2000, OSDI.

[18]  Barbara G. Ryder,et al.  Constructing the Call Graph of a Program , 1979, IEEE Transactions on Software Engineering.

[19]  Edsger W. Dijkstra,et al.  The humble programmer , 1972, CACM.

[20]  Gregory J. Chaitin,et al.  Register allocation & spilling via graph coloring , 1982, SIGPLAN '82.

[21]  Bowen Alpern,et al.  Detecting equality of variables in programs , 1988, POPL '88.

[22]  A. Turing On Computable Numbers, with an Application to the Entscheidungsproblem. , 1937 .

[23]  John Cocke,et al.  Register allocation via graph coloring , 1981 .

[24]  Bjarne Steensgaard Points-to Analysis by Type Inference of Programs with Structures and Unions , 1996, CC.

[25]  J. Strother Moore,et al.  An Industrial Strength Theorem Prover for a Logic Based on Common Lisp , 1997, IEEE Trans. Software Eng..

[26]  Edsger W. Dijkstra,et al.  Guarded commands, nondeterminacy and formal derivation of programs , 1975, Commun. ACM.

[27]  David Maier,et al.  The Complexity of Some Problems on Subsequences and Supersequences , 1978, JACM.

[28]  Esko Ukkonen,et al.  The Shortest Common Supersequence Problem over Binary Alphabet is NP-Complete , 1981, Theor. Comput. Sci..

[29]  Jonathan Walpole,et al.  Exploiting deferred destruction: an analysis of read-copy-update techniques in operating system kernels , 2004 .

[30]  Arrow Buttons Frequently asked questions , 2009 .

[31]  T. H. Tse,et al.  A strategy for selecting synchronization sequences to test concurrent object-oriented software , 2003, Proceedings 27th Annual International Computer Software and Applications Conference. COMPAC 2003.

[32]  Guang R. Gao,et al.  Designing the McCAT Compiler Based on a Family of Structured Intermediate Representations , 1992, LCPC.

[33]  Murray Hill,et al.  Lint, a C Program Checker , 1978 .

[34]  Alfred V. Aho,et al.  Compilers: Principles, Techniques, and Tools , 1986, Addison-Wesley series in computer science / World student series edition.

[35]  Jason Merrill Generic and gimple: A new tree represen-tation for entire functions , 2003 .

[36]  Fred Kröger,et al.  Temporal Logic of Programs , 1987, EATCS Monographs on Theoretical Computer Science.

[37]  Kenneth L. McMillan,et al.  Symbolic model checking: an approach to the state explosion problem , 1992 .

[38]  Frances E. Allen,et al.  Control-flow analysis , 2022 .

[39]  Lars Ole Andersen,et al.  Program Analysis and Specialization for the C Programming Language , 2005 .

[40]  D. Engler,et al.  Using meta-level compilation to check FLASH protocol code , 2000, ASPLOS IX.