Dawson Engler
Abstract
This paper describes RacerX, a static tool that uses flow-sensitive, interprocedural analysis to detect both race conditions and deadlocks. It is explicitly designed to find errors in large, complex multithreaded systems. It aggressively infers checking information such as which locks protect which operations, which code contexts are multithreaded, and which shared accesses are dangerous. It tracks a set of code features which it uses to sort errors both from most to least severe. It uses novel techniques to counter the impact of analysis mistakes. The tool is fast, requiring between 2-14 minutes to analyze a 1.8 million line system. We have applied it to Linux, FreeBSD, and a large commercial code base, finding serious errors in all of them. RacerX is a static tool that uses flow-sensitive, interprocedural analysis to detect both race conditions and deadlocks. It uses novel strategies to infer checking information such as which locks protect which operations, which code contexts are multithreaded, and which shared accesses are dangerous. We applied it to FreeBSD, Linux and a large commercial code base and found serious errors in all of them.
- C. Boyapati, R. Lee, and M. Rinard. Ownership types for safe programming: Preventing data races and deadlocks. In Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), November 2002.]] Google Scholar
Digital Library
- G. Brat, K. Havelund, S. Park, and W. Visser. Model checking programs. In IEEE International Conference on Automated Software Engineering (ASE), 2000.]] Google ScholarDigital Library
- M. Burrows and K. Leino. Finding stale-value errors in concurrent programs. Technical Report SRC-TN-2002-004, Compaq Systems Research Center, May 2002.]]Google Scholar
- W. Bush, J. Pincus, and D. Sielaff. A static analyzer for finding dynamic programming errors. Software: Practice and Experience, 30(7):775--802, 2000.]] Google ScholarDigital Library
- S. Chandra, B. Richards, and J. Larus. Teapot: a domain-specific language for writing cache coherence protocols. IEEE Transactions on Software Engineering, 25(3):317--33, May-June 1999.]] Google ScholarDigital Library
- Cheng, Feng, Leiserson, Randall, and Stark. Detecting data races in cilk programs that use locks. In SPAA: Annual ACM Symposium on Parallel Algorithms and Architectures, 1998.]] Google ScholarDigital Library
- J. Choi, K. Lee, A. Loginov, R. O'Callahan, V. Sarkar, and M. Sridharan. Efficient and precise datarace detection for multithreaded object-oriented programs. In Proceedings of the ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation, 2002.]] Google ScholarDigital Library
- E. Clarke, O. Grumberg, and D. Peled. Model Checking. MIT Press, 1999.]] Google ScholarDigital Library
- J. Corbett. Evaluating deadlock detection methods for concurrent software. IEEE Transactions on Software Engineering, 22(3), 1996.]] Google ScholarDigital Library
- J. Corbett, M. Dwyer, J. Hatcliff, S. Laubach, C. Pasareanu, Robby, and H. Zheng. Bandera: Extracting finite-state models from java source code. In ICSE 2000, 2000.]] Google ScholarDigital Library
- M. Das, S. Lerner, and M. Seigle. Path-sensitive program verification in polynomial time. In Proceedings of the ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation, Berlin, Germany, June 2002.]] Google ScholarDigital Library
- D. Detlefs, K. R. M. Leino, G. Nelson, and J. Saxe. Extended static checking. TR SRC-159, COMPAQ SRC, Dec. 1998.]]Google Scholar
- A. Dinning and E. Schonberg. An empirical comparision of monitoring algorithms for access anomaly detection. In Proceedings of the 2nd ACM SIGPLAN Symposium on the Principles and Practice of Parallel Programming, 1990.]] Google ScholarDigital Library
- D. Engler, D. Chen, S. Hallem, A. Chou, and B. Chelf. Bugs as deviant behavior: A general approach to inferring errors in systems code. In Proceedings of the Eighteenth ACM Symposium on Operating Systems Principles, 2001.]] Google ScholarDigital Library
- C. Flanagan and S. N. Freund. Type-based race detection for Java. In SIGPLAN Conference on Programming Language Design and Implementation, pages 219--232, 2000.]] Google ScholarDigital Library
- C. Flanagan and K. Leino. Houdini, an annotation assistant for ESC/Java. In Symposium of Formal Methods Europe, pages 500--517, Mar. 2001.]] Google ScholarDigital Library
- D. Freedman, R. Pisani, and R. Purves. Statistics. W.W. Norton, third edition edition, 1998.]]Google Scholar
- J. Gosling, B. Joy, G. Steele, and G. Bracha. The Java Language Specification (2nd Edition). Addison-Wesley, 2000.]] Google ScholarDigital Library
- D. Grossman. Type-safe multithreading in cyclone. In Workshop on Types in Language Design and Implementation (TLDI), Jan. 2003.]] Google ScholarDigital Library
- S. Hallem, B. Chelf, Y. Xie, and D. Engler. A system and language for building system-specific, static analyses. In Proceedings of the ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation, Berlin, Germany, June 2002.]] Google ScholarDigital Library
- D. P. Helmbold and C. E. McDowell. A taxonomy of race detection algorithms. Technical Report UCSC-CRL-94-35, 1994.]] Google ScholarDigital Library
- L. Lamport. Time, clocks, and the ordering of events in a distributed system. Comm. of the ACM, 21(7):558--565, July 1978.]] Google ScholarDigital Library
- B. W. Lampson and D. D. Redell. Experience with processes and monitors in mesa. Commun. ACM, 23(2):105--116, Feb. 1980.]] Google ScholarDigital Library
- K. M. Leino, G. Nelson, and J. Saxe. ESC/Java user's manual. Technical note 2000-002, Compaq Systems Research Center, Oct. 2001.]]Google Scholar
- J. Mellor-Crummey. On-the-fly detection of data races for programs with nested fork-join parallelism. In Proceedings of the 1991 Supercomputer Debugging Workshop, 1991.]] Google ScholarDigital Library
- A. Morton. Personal communication. Semantics and deadlock implications of the Linux BKL, Feb. 2003.]]Google Scholar
- D. Perkovic and P. Keleher. Online data-race detection via coherency guarantees. In Proceedings of the 2nd USENIX Symposium on Operating System Design and Implementation, 1996.]] Google ScholarDigital Library
- T. Reps, S. Horowitz, and M. Sagiv. Precise interprocedural dataflow analysis via graph reachability. In Proceedings of the 22th Annual Symposium on Principles of Programming Languages, pages 49--61, 1995.]] Google ScholarDigital Library
- S. Savage, M. Burrows, G. Nelson, P. Sobalvarro, and T. Anderson. Eraser: A dynamic data race detector for multithreaded programming. ACM Transactions on Computer Systems, 15(4):391--411, 1997.]] Google ScholarDigital Library
- N. Sterling. Warlock: A static data race analysis tool. In Proceedings of the 1993 USENIX Winter Technical Conference, pages 97--106, 1993.]]Google Scholar
Index Terms
- RacerX: effective, static detection of race conditions and deadlocks
Recommendations
RacerX: effective, static detection of race conditions and deadlocks
SOSP '03: Proceedings of the nineteenth ACM symposium on Operating systems principlesThis paper describes RacerX, a static tool that uses flow-sensitive, interprocedural analysis to detect both race conditions and deadlocks. It is explicitly designed to find errors in large, complex multithreaded systems. It aggressively infers checking ...
Correctness of Partial Escape Analysis for Multithreading Optimization
FTFJP'17: Proceedings of the 19th Workshop on Formal Techniques for Java-like ProgramsCompilers often use escape analysis to elide locking operations on thread-local data. Similarly, dynamic race detectors may use escape analysis to elide race checks on thread-local data. In this paper, we study the correctness of these two related ...
TRADE: Precise Dynamic Race Detection for Scalable Transactional Memory Systems
As other multithreaded programs, transactional memory (TM) programs are prone to race conditions. Previous work focuses on extending existing definitions of data race for lock-based applications to TM applications, which requires all transactions to be ...
Comments