research-article

aComment: mining annotations from comments and code to detect interrupt related concurrency bugs

Authors:
Lin Tan

University of Waterloo, Waterloo, ON, Canada

University of Waterloo, Waterloo, ON, Canada
View Profile

,
Yuanyuan Zhou

University of California, San Diego, La Jolla, CA, USA

University of California, San Diego, La Jolla, CA, USA
View Profile

,
Yoann Padioleau

Facebook, Inc., Palo Alto, CA, USA

Facebook, Inc., Palo Alto, CA, USA
View Profile

ICSE '11: Proceedings of the 33rd International Conference on Software EngineeringMay 2011Pages 11–20https://doi.org/10.1145/1985793.1985796

Published:21 May 2011Publication History

ICSE '11: Proceedings of the 33rd International Conference on Software Engineering

Pages 11–20

ABSTRACT

Concurrency bugs in an operating system (OS) are detrimental as they can cause the OS to fail and affect all applications running on top of the OS. Detecting OS concurrency bugs is challenging due to the complexity of the OS synchronization, particularly with the presence of the OS specific interrupt context. Existing dynamic concurrency bug detection techniques are designed for user level applications and cannot be applied to operating systems.

To detect OS concurrency bugs, we proposed a new type of annotations - interrupt related annotations - and generated 96,821 such annotations for the Linux kernel with little manual effort. These annotations have been used to automatically detect 9 real OS concurrency bugs (7 of which were previously unknown). Two of the key techniques that make the above contributions possible are: (1) using a hybrid approach to extract annotations from both code and comments written in natural language to achieve better coverage and accuracy in annotation extraction and bug detection; and (2) automatically propagating annotations to caller functions to improve annotating and bug detection. These two techniques are general and can be applied to non-OS code, code written in other programming languages such as Java, and for extracting other types of specifications.

References

Ghostdoc. http://submain.com/products/ghostdoc.aspx.Google Scholar
Runtime locking correctness validator. http://www.mjmwired.net/kernel/Documentation/lockdep-design.txt.Google Scholar
Z. Anderson, D. Gay, R. Ennals, and E. Brewer. SharC: Checking data sharing strategies for multithreaded C. In PLDI, 2008. Google ScholarDigital Library
T. Ball, B. Hackett, S. Lahiri, and S. Qadeer. Annotation-based property checking for systems software. Research report MSR-TR-2008-82, Microsoft Research, May 2008.Google Scholar
M. D. Bond, K. E. Coons, and K. S. McKinley. PACER: Proportional detection of data races. In PLDI, 2010. Google ScholarDigital Library
L. C. Briand, Y. Labiche, and X. Liu. Using machine learning to support debugging with Tarantula. In ISSRE, 2007. Google ScholarDigital Library
J. Burnim and K. Sen. DETERMIN: Inferring likely deterministic specifications of multithreaded programs. In ICSE, 2010. Google ScholarDigital Library
J.-D. Choi, K. Lee, A. Loginov, R. O'Callahan, V. Sarkar, and M. Sridharan. Efficient and precise datarace detection for multithreaded object-oriented programs. In PLDI, 2002. Google ScholarDigital Library
J. Condit, M. Harren, Z. R. Anderson, D. Gay, and G. C. Necula. Dependent types for low-level programming. In ESOP, 2007. Google ScholarDigital Library
J. Corbet, A. Rubini, and G. Kroah-Hartman. Linux Device Drivers, Third Edition. Reilly, 2005. Google ScholarDigital Library
E. W. Dijkstra. The structure of the "THE"-multiprogramming system. In SOSP, 1967. Google ScholarDigital Library
D. R. Engler and K. Ashcraft. RacerX: Effective, static detection of race conditions and deadlocks. In SOSP, 2003. Google ScholarDigital Library
D. R. Engler, D. Y. Chen, S. Hallem, A. Chou, and B. Chelf. Bugs as deviant behavior: A general approach to inferring errors in systems code. In SOSP, 2001. Google ScholarDigital Library
M. D. Ernst, A. Czeisler, W. G. Griswold, and D. Notkin. Quickly detecting relevant program invariants. In ICSE, 2000. Google ScholarDigital Library
D. Evans. Static detection of dynamic memory errors. In PLDI, 1996. Google ScholarDigital Library
D. Evans and D. Larochelle. Improving security using extensible lightweight static analysis. IEEE Software, 2002. Google ScholarDigital Library
C. Flanagan and S. N. Freund. Atomizer: A dynamic atomicity checker for multithreaded programs. In POPL, 2004. Google ScholarDigital Library
Z. P. Fry, D. Shepherd, E. Hill, L. Pollock, and K. Vijay-Shanker. Analysing source code: Looking for useful verb-direct object pairs in all the right places. IET Software Special Issue on Natural Language in Software Development, 2008.Google ScholarCross Ref
O. Glickman and I. Dagan. Acquiring lexical paraphrases from a single corpus. In RANLP, 2003.Google Scholar
C. Hammer, J. Dolby, M. Vaziri, and F. Tip. Dynamic detection of atomic-set-serializability violations. In ICSE, 2008. Google ScholarDigital Library
T. Harris and K. Fraser. Language support for lightweight transactions. SIGPLAN Not., 2003. Google ScholarDigital Library
J. Hatcliff, Robby, and M. B. Dwyer. Verifying atomicity specifications for concurrent object-oriented software using model-checking. In VMCAI, 2004.Google ScholarCross Ref
M. Herlihy and J. E. B. Moss. Transactional memory: Architectural support for lock-free data structures. SIGARCH Comput. Archit. News, 1993. Google ScholarDigital Library
P. Inverardi and S. Uchitel. Proving deadlock freedom in component-based programming. In FASE, 2001. Google ScholarDigital Library
H. Jula, D. Tralamazza, C. Zamfir, and G. Candea. Deadlock immunity: Enabling systems to defend against deadlocks. In OSDI, 2008. Google ScholarDigital Library
D. E. Knuth. Literate programming. Computer Journal, 27(2), 1984. Google ScholarDigital Library
D. Kramer. API documentation from source code comments: A case study of javadoc. In SIGDOC, 1999. Google ScholarDigital Library
V. Kuznetsov, V. Chipounov, and G. Candea. Testing closed-source binary device drivers with DDT. In USENIX ATC, 2010. Google ScholarDigital Library
Z. Lai, S.-C. Cheung, and W. K. Chan. Detecting atomic-set serializability violations in multithreaded programs through active randomized testing. In ICSE, 2010. Google ScholarDigital Library
N. Leveson. The Therac-25 accidents.Google Scholar
Z. Li and Y. Zhou. PR-Miner: Automatically extracting implicit programming rules and detecting violations in large software code. In FSE, 2005. Google ScholarDigital Library
D. Lin and P. Pantel. Discovery of inference rules for question-answering. Natural Language Engineering, 2001. Google ScholarDigital Library
B. Livshits and T. Zimmermann. DynaMine: Finding common error patterns by mining software revision histories. In FSE, 2005. Google ScholarDigital Library
D. Lorenzoli, L. Mariani, and M. Pezzè. Automatic generation of software behavioral models. In ICSE, 2008. Google ScholarDigital Library
S. Lu, S. Park, C. Hu, X. Ma, W. Jiang, Z. Li, R. A. Popa, and Y. Zhou. MUVI: Automatically inferring multi-variable access correlations and detecting related semantic and concurrency bugs. In SOSP, October 2007. Google ScholarDigital Library
S. Lu, J. Tucek, F. Qin, and Y. Zhou. AVIO: Detecting atomicity violations via access interleaving invariants. In ASPLOS, 2006. Google ScholarDigital Library
H. Malik, I. Chowdhury, H.-M. Tsou, Z. M. Jiang, and A. E. Hassan. Understanding the rationale for updating a function's comment. In ICSM, 2008.Google Scholar
Microsoft. MSDN run-time library reference - SAL annotations. http://msdn2.microsoft.com/en-us/library/ms235402.aspx.Google Scholar
S. Microsystems. Lock_Lint - Static data race and deadlock detection tool for C. http://developers.sun.com/sunstudio/articles/locklint.html.Google Scholar
B. Murphy. Automating software failure reporting. Queue, 2004. Google ScholarDigital Library
M. Musuvathi and S. Qadeer. Iterative context bounding for systematic testing of multithreaded programs. In PLDI, 2007. Google ScholarDigital Library
M. Naik, C.-S. Park, K. Sen, and D. Gay. Effective static deadlock detection. In ICSE, 2009. Google ScholarDigital Library
S. Narayanasamy, Z. Wang, J. Tigani, A. Edwards, and B. Calder. Automatically classifying benign and harmful data races all using replay analysis. In PLDI, 2007. Google ScholarDigital Library
R. H. B. Netzer and B. P. Miller. Improving the accuracy of data race detection. In PPoPP, 1991. Google ScholarDigital Library
R. O'Callahan and J.-D. Choi. Hybrid dynamic data race detection. In PPoPP, 2003. Google ScholarDigital Library
Y. Padioleau, L. Tan, and Y. Zhou. Listening to programmers - Taxonomies and characteristics of comments in operating system code. In ICSE, May 2009. Google ScholarDigital Library
D. Perkovic and P. J. Keleher. Online data-race detection via coherency guarantees. In OSDI, 1996. Google ScholarDigital Library
D. Posnett, C. Bird, and P. T. Devanbu. THEX: Mining metapatterns from java. In MSR, 2010.Google ScholarCross Ref
Z. Rakamaric. STORM: Static unit checking of concurrent programs. In ICSE Student Research Competition, 2010. Google ScholarDigital Library
D. S. Rosenblum. Design and verification of distributed tasking supervisors for concurrent programming languages. 1988.Google Scholar
N. Rungta, E. Mercer, and W. Visser. Efficient testing of concurrent programs with abstraction-guided symbolic execution. In SPIN, 2009. Google ScholarDigital Library
L. Ryzhyk, P. Chubb, I. Kuz, and G. Heiser. Dingo: Taming device drivers. In EuroSys, 2009. Google ScholarDigital Library
A. Sasturkar, R. Agarwal, L. Wang, and S. D. Stoller. Automated type-based analysis of data races and atomicity. In PPoPP, 2005. Google ScholarDigital Library
S. Savage, M. Burrows, G. Nelson, P. Sobalvarro, and T. Anderson. Eraser: A dynamic data race detector for multithreaded programs. ACM Transactions on Computer Systems, 1997. Google ScholarDigital Library
SecurityFocus. Software bug contributed to blackout.Google Scholar
E. Sherman, M. B. Dwyer, and S. Elbaum. Saturation-based testing of concurrent programs. In FSE, 2009. Google ScholarDigital Library
N. Sterling. WARLOCK - A static data race analysis tool. In USENIX Winter Technical Conference, 1993.Google Scholar
M.-A. Storey, J. Ryall, R. I. Bull, D. Myers, and J. Singer. To do or to bug: Exploring how task annotations play a role in the work practices of software developers. In ICSE '08, 2008. Google ScholarDigital Library
L. Tan, C. Liu, Z. Li, X. Wang, S. Lu, Y. Zhou, and C. Zhai. Bug characteristics in modern open source software. In University of Waterloo Technical Report, 2011.Google Scholar
L. Tan, D. Yuan, G. Krishna, and Y. Zhou. /* iComment: Bugs or bad comments? */. In Proceedings of the 21st ACM Symposium on Operating Systems Principles (SOSP), 2007. Google ScholarDigital Library
S. Thummalapenta and T. Xie. Mining exception-handling rules as sequence association rules. In ICSE, 2009. Google ScholarDigital Library
L. Torvalds. Sparse - A semantic parser for C. http://www.kernel.org/pub/software/devel/sparse/.Google Scholar
Y. Wang, T. Kelly, M. Kudlur, S. Lafortune, and S. Mahlke. Gadara: Dynamic deadlock avoidance for mult-threaded programs. In OSDI, 2008. Google ScholarDigital Library
A. Wasylkowski, A. Zeller, and C. Lindig. Detecting object usage anomalies. In FSE, 2007. Google ScholarDigital Library
M. Xu, R. Bodk, and M. D. Hill. A serializability violation detector for shared-memory server programs. In PLDI, 2005. Google ScholarDigital Library
J. Yang, T. Kremenek, Y. Xie, and D. Engler. MECA: An extensible, expressive system and language for statically checking security properties. In CCS, 2003. Google ScholarDigital Library
Y. Yu, T. Rodeheffer, and W. Chen. RaceTrack: Efficient detection of data race conditions via adaptive tracking. In SOSP, 2005. Google ScholarDigital Library
W. Zhang, C. Sun, and S. Lu. ConMem: Detecting severe concurrency bugs through an effect-oriented approach. In ASPLOS, 2010. Google ScholarDigital Library
J. Zheng, L. Williams, N. Nagappan, W. Snipes, J. P. Hudepohl, and M. A. Vouk. On the value of static analysis for fault detection in software. IEEE Trans. Softw. Eng., 32(4), 2006. Google ScholarDigital Library
H. Zhong, L. Zhang, T. Xie, and H. Mei. Inferring resource specifications from natural language API documentation. In ASE, 2009. Google ScholarDigital Library

Index Terms

aComment: mining annotations from comments and code to detect interrupt related concurrency bugs
1. Software and its engineering
  1. Software creation and management
    1. Software verification and validation
      1. Software defect analysis
        Software testing and debugging
  2. Software organization and properties
    1. Contextual software domains
      1. Operating systems
        Process management
        Concurrency control
        Deadlocks

Recommendations

Implementation and experimental performance evaluation of a hybrid interrupt-handling scheme

The performance of network hosts can be severely degraded when subjected to heavy traffic of today's Gigabit networks. This degradation occurs as a result of the interrupt overhead associated with the high rate of packet arrivals. NAPI, a packet ...
Read More
TxRace: Efficient Data Race Detection Using Commodity Hardware Transactional Memory
ASPLOS '16

Detecting data races is important for debugging shared-memory multithreaded programs, but the high runtime overhead prevents the wide use of dynamic data race detectors. This paper presents TxRace, a new software data race detector that leverages ...
Read More
The Kaya OS project and the μMPS hardware emulator

Ideally, the most meaningful learning experience for students in an undergraduate OS course would be to develop fully-functional OS's on their own. This can be accomplished using μmps, a hardware emulator for a pedagogically undergraduate-appropriate ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
ICSE '11: Proceedings of the 33rd International Conference on Software Engineering
May 2011
1258 pages
ISBN:9781450304450
DOI:10.1145/1985793
General Chair:
Richard N. Taylor
UC Irvine, USA
,
Program Chairs:
Harald Gall
University of Zurich, Switzerland
,
Nenad Medvidović
University of Southern California, USA
Copyright © 2011 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 21 May 2011
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
annotation languages
concurrency bug detection
interrupts
operating systems
static analysis
Qualifiers
- research-article
Conference

Acceptance Rates
Overall Acceptance Rate276of1,856submissions,15%

Upcoming Conference

ICSE 2025

2025 IEEE/ACM 46th International Conference on Software Engineering

April 26 - May 3, 2025

Ottawa , ON , Canada
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 72
  Total Citations
  View Citations
- 551
  Total Downloads
- Downloads (Last 12 months)23
- Downloads (Last 6 weeks)7
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

aComment: mining annotations from comments and code to detect interrupt related concurrency bugs

ICSE '11: Proceedings of the 33rd International Conference on Software Engineering

ABSTRACT

References

Cited By

Index Terms

Recommendations

Implementation and experimental performance evaluation of a hybrid interrupt-handling scheme

TxRace: Efficient Data Race Detection Using Commodity Hardware Transactional Memory

The Kaya OS project and the μMPS hardware emulator