Strengthening Induction-Based Race Checking with Lightweight Static Analysis

Direct Memory Access (DMA) is key to achieving high performance in system-level software for multicore processors such as the Cell Broadband Engine. Incorrectly orchestrated DMAs cause DMA races, leading to subtle bugs that are hard to reproduce and fix. In previous work, we have shown that k- induction yields an effective method for proving absence of a restricted class of DMA races. We extend this work to handle a larger class of DMA races. We show that the applicability of k-induction can be significantly improved when combined with three inexpensive static analyses: 1) abstract-interpretation-based static analysis; 2) chunking, a domain-specific invariant generation technique; and 3) code transformations based on statement independence. Our techniques are implemented in the SCRATCH tool. We evaluate our work on industrial benchmarks.

[1]  Dawson R. Engler,et al.  RacerX: effective, static detection of race conditions and deadlocks , 2003, SOSP '03.

[2]  Xavier Rival,et al.  The trace partitioning abstract domain , 2007, TOPL.

[3]  Alexander Aiken,et al.  Effective static race detection for Java , 2006, PLDI '06.

[4]  Frank Tip,et al.  A survey of program slicing techniques , 1994, J. Program. Lang..

[5]  Daniel Kroening,et al.  SCRATCH: a tool for automatic analysis of dma races , 2011, PPoPP '11.

[6]  Mary Sheeran,et al.  Checking Safety Properties Using Induction and a SAT-Solver , 2000, FMCAD.

[7]  Daniel Kroening,et al.  A Tool for Checking ANSI-C Programs , 2004, TACAS.

[8]  Daniel Kroening,et al.  Automatic Analysis of Scratch-Pad Memory Code for Heterogeneous Multicore Processors , 2010, TACAS.

[9]  Alfred V. Aho,et al.  Compilers: Principles, Techniques, and Tools , 1986, Addison-Wesley series in computer science / World student series edition.

[10]  Armin Biere,et al.  Bounded model checking , 2003, Adv. Comput..

[11]  Niklas Sörensson,et al.  Temporal induction by incremental SAT solving , 2003, BMC@CAV.

[12]  Michael Burrows,et al.  Eraser: a dynamic data race detector for multithreaded programs , 1997, TOCS.

[13]  Zohar Manna,et al.  Property-directed incremental invariant generation , 2008, Formal Aspects of Computing.

[14]  Stephen N. Freund,et al.  Type-based race detection for Java , 2000, PLDI '00.

[15]  Cesare Tinelli,et al.  Scaling Up the Formal Verification of Lustre Programs with SMT-Based Techniques , 2008, 2008 Formal Methods in Computer-Aided Design.

[16]  Robert W. Floyd,et al.  Assigning Meanings to Programs , 1993 .

[17]  Rajeev Alur,et al.  A Temporal Logic of Nested Calls and Returns , 2004, TACAS.

[18]  J. Schwartz Mathematical Aspects of Computer Science , 1967 .

[19]  Patrick Cousot,et al.  Systematic design of program analysis frameworks , 1979, POPL.