LOCKSMITH: context-sensitive correlation analysis for race detection

One common technique for preventing data races in multi-threaded programs is to ensure that all accesses to shared locations are consistently protected by a lock. We present a tool called LOCKSMITH for detecting data races in C programs by looking for violations of this pattern. We call the relationship between locks and the locations they protect consistent correlation, and the core of our technique is a novel constraint-based analysis that infers consistent correlation context-sensitively, using the results to check that locations are properly guarded by locks. We present the core of our algorithm for a simple formal language λ> which we have proven sound, and discuss how we scale it up to an algorithm that aims to be sound for all of C. We develop several techniques to improve the precision and performance of the analysis, including a sharing analysis for inferring thread locality; existential quantification for modeling locks in data structures; and heuristics for modeling unsafe features of C such as type casts. When applied to several benchmarks, including multi-threaded servers and Linux device drivers, LOCKSMITH found several races while producing a modest number of false alarm.

[1]  David K. Gifford,et al.  Polymorphic effect systems , 1988, POPL '88.

[2]  Fritz Henglein,et al.  Type inference with polymorphic recursion , 1993, TOPL.

[3]  Nancy G. Leveson,et al.  An investigation of the Therac-25 accidents , 1993, Computer.

[4]  Matthias Felleisen,et al.  A Syntactic Approach to Type Soundness , 1994, Inf. Comput..

[5]  Thomas W. Reps,et al.  Precise interprocedural dataflow analysis via graph reachability , 1995, POPL '95.

[6]  Robert Harper,et al.  Typed closure conversion , 1996, POPL '96.

[7]  Christian Mossin,et al.  Flow analysis of typed higher-order programs , 1996, Technical report / University of Copenhagen / Datalogisk institut.

[8]  Michael Burrows,et al.  Eraser: a dynamic data race detector for multi-threaded programs , 1997, TOCS.

[9]  Lars Birkedal,et al.  A region inference algorithm , 1998, TOPL.

[10]  David Walker,et al.  Typed memory management in a calculus of capabilities , 1999, POPL '99.

[11]  Frank Pfenning,et al.  Dependent types in practical programming , 1999, POPL '99.

[12]  Martín Abadi,et al.  Types for Safe Locking , 1999, ESOP.

[13]  David Walker,et al.  Alias Types , 2000, ESOP.

[14]  David Walker,et al.  Alias Types for Recursive Data Structures , 2000, Types in Compilation.

[15]  Stephen N. Freund,et al.  Type-based race detection for Java , 2000, PLDI '00.

[16]  From Polymorphic Subtyping to CFL Reachability: Context-Sensitive Flow Analysis Using Instantiation Constraints , 2000 .

[17]  Stephen N. Freund,et al.  Detecting race conditions in large programs , 2001, PASTE '01.

[18]  Cristiano Calcagno Stratified operational semantics for safety and correctness of the region calculus , 2001, POPL '01.

[19]  Martin C. Rinard,et al.  A parameterized type system for race-free Java programs , 2001, OOPSLA '01.

[20]  Jakob Rehof,et al.  Type-base flow analysis: from polymorphic subtyping to CFL-reachability , 2001, POPL '01.

[21]  Jakob Rehof,et al.  Estimating the Impact of Scalable Pointer Analysis on Optimization , 2001, SAS.

[22]  Fritz Henglein,et al.  A direct approach to control-flow sensitive region-based memory management , 2001, PPDP '01.

[23]  Jong-Deok Choi,et al.  Efficient and precise datarace detection for multithreaded object-oriented programs , 2002, PLDI '02.

[24]  Martin C. Rinard,et al.  ACM Conference on Object-Oriented Programming, Systems, Languages and Applications (OOPSLA), November 2002 Ownership Types for Safe Programming: Preventing Data Races and Deadlocks , 2022 .

[25]  J. Saxe,et al.  Extended static checking for Java , 2002, PLDI '02.

[26]  Alexander Aiken,et al.  Flow-sensitive type qualifiers , 2002, PLDI '02.

[27]  James Cheney,et al.  Region-based memory management in cyclone , 2002, PLDI '02.

[28]  George C. Necula,et al.  CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs , 2002, CC.

[29]  Robert DeLine,et al.  Adoption and focus: practical linear types for imperative programming , 2002, PLDI '02.

[30]  Jong-Deok Choi,et al.  Hybrid dynamic data race detection , 2003, PPoPP '03.

[31]  H. Seidl,et al.  Global invariants for analysing multi-threaded applications , 2003, Proceedings of the Estonian Academy of Sciences. Physics. Mathematics.

[32]  Cormac Flanagan,et al.  A type and effect system for atomicity , 2003, PLDI.

[33]  Dawson R. Engler,et al.  RacerX: effective, static detection of race conditions and deadlocks , 2003, SOSP '03.

[34]  Dan Grossman,et al.  Type-safe multithreading in cyclone , 2003, TLDI '03.

[35]  Alexander Aiken,et al.  Checking and inferring local non-aliasing , 2003, PLDI '03.

[36]  George C. Necula,et al.  Capriccio: scalable threads for internet services , 2003, SOSP '03.

[37]  David A. Wagner,et al.  Finding User/Kernel Pointer Bugs with Type Inference , 2004, USENIX Security Symposium.

[38]  Thomas A. Henzinger,et al.  Race checking by context inference , 2004, PLDI '04.

[39]  W. Pugh,et al.  Finding bugs is easy , 2004, SIGP.

[40]  John C. Reynolds Toward a Grainless Semantics for Shared-Variable Concurrency , 2004, FSTTCS.

[41]  Rahul Agarwal,et al.  Type Inference for Parameterized Race-Free Java , 2004, VMCAI.

[42]  Stephen N. Freund,et al.  Type inference against races , 2004, Sci. Comput. Program..

[43]  Dinghao Wu,et al.  KISS: keep it simple and sequential , 2004, PLDI '04.

[44]  Rahul Agarwal,et al.  Optimized run-time race detection and atomicity checking using partial discovered types , 2005, ASE.

[45]  Stephen N. Freund,et al.  Type inference for atomicity , 2005, TLDI '05.

[46]  Michael Hicks,et al.  Dynamic inference of polymorphic lock types , 2005, Sci. Comput. Program..

[47]  Alexander Aiken,et al.  Banshee: A Scalable Constraint-Based Analysis Toolkit , 2005, SAS.

[48]  Andrei Alexandrescu,et al.  Memory model for multithreaded C + + : Issues , 2005 .

[49]  Michael Hicks,et al.  Existential Label Flow Inference Via CFL Reachability , 2006, SAS.

[50]  Alexander Aiken,et al.  Effective static race detection for Java , 2006, PLDI '06.

[51]  Stephen N. Freund,et al.  Atomizer: A dynamic atomicity checker for multithreaded programs , 2008, Sci. Comput. Program..

[52]  Aaas News,et al.  Book Reviews , 1893, Buffalo Medical and Surgical Journal.