ABSTRACT
Device drivers rely on fine-grained locking to ensure safe access to shared data structures. For human testers, concurrency makes such code notoriously hard to debug; for automated reasoning, dynamically allocated memory and low-level pointer manipulation poses significant challenges. We present a flexible approach to data race analysis, implemented in the open source Goblint static analysis framework, that combines different pointer and value analyses in order to handle a wide range of locking idioms, including locks allocated dynamically as well as locks stored in arrays. To the best of our knowledge, this is the most ambitious effort, having lasted well over ten years, to create a fully automated static race detection tool that can deal with most of the intricate locking schemes found in Linux device drivers. Our evaluation shows that these analyses are sufficiently precise, but practical use of these techniques requires inferring environmental and domain-specific assumptions.
- S. Apel, D. Beyer, K. Friedberger, F. Raimondi, and A. v. Rhein. Domain Types: Abstract-Domain Selection Based on Variable Usage. In Hardware and Software: Verification and Testing, pages 262–278. LNCS 8244, Springer, 2013.Google Scholar
- K. Apinis. Frameworks for analyzing multi-threaded C. PhD thesis, Institut für Informatik, Technische Universität München, June 2014.Google Scholar
- K. Apinis, H. Seidl, and V. Vojdani. Side-Effecting Constraint Systems: A Swiss Army Knife for Program Analysis. In APLAS’12, pages 157–172. LNCS 7705, Springer, 2012.Google Scholar
- H. Attiya, G. Ramalingam, and N. Rinetzky. Sequential verification of serializability. In POPL’10, pages 31–42. ACM Press, 2010. Google ScholarDigital Library
- G. Balakrishnan and T. Reps. Recency-abstraction for heapallocated storage. In SAS’06, volume 4134 of LNCS, pages 221–239. Springer, 2006. Google ScholarDigital Library
- T. Ball and S. K. Rajamani. The SLAM Project: Debugging System Software via Static Analysis. In POPL’02, pages 1–3. ACM Press, 2002. Google ScholarDigital Library
- D. Beyer, T. A. Henzinger, R. Jhala, and R. Majumdar. The software model checker Blast. International Journal on Software Tools for Technology Transfer, 9(5-6):505–525, 2007. Google ScholarDigital Library
- D. Beyer, T. A. Henzinger, and G. Theoduloz. Program Analysis with Dynamic Precision Adjustment. In ASE’08, pages 29–38, 2008.. Google ScholarDigital Library
- C. Calcagno, D. Distefano, and V. Vafeiadis. Bi-abductive resource invariant synthesis. In APLAS’09, volume 5904 of LNCS, pages 259–274. Springer, 2009. Google ScholarDigital Library
- B.-Y. E. Chang and X. Rival. Relational inductive shape analysis. In POPL’08, pages 247–260. ACM Press, 2008. Google ScholarDigital Library
- P. Cousot, R. Cousot, J. Feret, L. Mauborgne, A. Miné, D. Monniaux, and X. Rival. The ASTRÉE analyzer. In ESOP’05, LNCS 3444, pages 21–30. Springer, 2005.Google Scholar
- M. Das, S. Lerner, and M. Seigle. ESP: path-sensitive program verification in polynomial time. In PLDI’02, pages 57– 68. ACM Press, 2002. Google ScholarDigital Library
- P. Deligiannis, A. F. Donaldson, and Z. Rakamarić. Fast and Precise Symbolic Analysis of Concurrency Bugs in Device Drivers. In ASE’15, pages 166–177, Washington, DC, USA, 2015. IEEE Computer Society.Google ScholarDigital Library
- D. Engler and K. Ashcraft. RacerX: effective, static detection of race conditions and deadlocks. In SOSP’03, pages 237–252. ACM Press, 2003. Google ScholarDigital Library
- K. Gharachorloo, D. Lenoski, J. Laudon, P. Gibbons, A. Gupta, and J. Hennessy. Memory Consistency and Event Ordering in Scalable Shared-memory Multiprocessors. In ISCA’90, pages 15–26. ACM, 1990. Google ScholarDigital Library
- D. Gopan, T. Reps, and M. Sagiv. A framework for numeric analysis of array operations. In POPL’05, pages 338–350. ACM Press, 2005. Google ScholarDigital Library
- A. Gotsman, J. Berdine, B. Cook, and M. Sagiv. Threadmodular shape analysis. In PLDI’07, pages 266–277. ACM Press, 2007. Google ScholarDigital Library
- S. Gulwani, T. Lev-Ami, and M. Sagiv. A combination framework for tracking partition sizes. In POPL’09, pages 239–251. ACM Press, 2009. Google ScholarDigital Library
- B. Hackett and R. Rugina. Region-based shape analysis with tracked locations. In POPL’05, pages 310–323. ACM Press, 2005. Google ScholarDigital Library
- T. A. Henzinger, R. Jhala, and R. Majumdar. Race Checking by Context Inference. In POPL’04, pages 1–13. ACM Press, 2004. Google ScholarDigital Library
- O. Inverso, T. L. Nguyen, B. Fischer, S. L. Torre, and G. Parlato. Lazy-CSeq: A Context-Bounded Model Checking Tool for Multi-threaded C-Programs. In ASE’15, pages 807–812, 2015.Google ScholarDigital Library
- V. Kahlon. Bootstrapping: a technique for scalable flow and context-sensitive pointer alias analysis. In PLDI’08, pages 249–259. ACM Press, 2008. Google ScholarDigital Library
- V. Kahlon, Y. Yang, S. Sankaranarayanan, and A. Gupta. Fast and accurate static data-race detection for concurrent programs. In CAV’07, volume 4590 of LNCS, pages 226–239. Springer, 2007. Google ScholarDigital Library
- V. Kahlon, N. Sinha, E. Kruus, and Y. Zhang. Static data race detection for concurrent programs with asynchronous calls. In ESEC/FSE’09, pages 13–22. ACM Press, 2009. Google ScholarDigital Library
- J. Kreiker, H. Seidl, and V. Vojdani. Shape analysis of lowlevel C with overlapping structures. In VMCAI’10, volume 5944 of LNCS, pages 214–230. Springer, 2010. Google ScholarDigital Library
- O. Lee, H. Yang, and R. Petersen. A divide-and-conquer approach for analysing overlaid data structures. Formal Methods in System Design, 41(1):4–24, Apr. 2012. ISSN 0925- 9856, 1572-8102. Google ScholarDigital Library
- F. Logozzo, S. K. Lahiri, M. Fähndrich, and S. Blackshear. Verification modulo versions: Towards usable verification. In PLDI ’14, pages 294–304. ACM Press, 2014. Google ScholarDigital Library
- R. Manevich, T. Lev-Ami, M. Sagiv, G. Ramalingam, and J. Berdine. Heap decomposition for concurrent shape analysis. In SAS’08, volume 5079 of LNCS, pages 363–377, 2008. Google ScholarDigital Library
- A. Miné. Static analysis of run-time errors in embedded critical parallel C programs. In ESOP’11, pages 398–418. Springer, 2011.Google Scholar
- A. Miné. Relational thread-modular static value analysis by abstract interpretation. In VMCAI’14, volume 8318 of LNCS, pages 39–58. Springer, 2014. Google ScholarDigital Library
- A. Miné, L. Mauborgne, X. Rival, J. Feret, P. Cousot, D. Kästner, S. Wilhelm, and C. Ferdinand. Taking Static Analysis to the Next Level: Proving the Absence of Run-Time Errors and Data Races with Astrée. In ERTS’16, 2016.Google Scholar
- M. Naik and A. Aiken. Conditional must not aliasing for static race detection. In POPL’07, pages 327–338. ACM Press, 2007. Google ScholarDigital Library
- G. C. Necula, S. McPeak, S. P. Rahul, and W. Weimer. Cil: An infrastructure for C program analysis and transformation. In CC’02, volume 2304 of LNCS, pages 213–228. Springer, 2002.Google Scholar
- P. Pratikakis, J. S. Foster, and M. Hicks. Locksmith: Contextsensitive correlation analysis for detecting races. In PLDI’06, pages 320–331. ACM Press, 2006. Google ScholarDigital Library
- P. Pratikakis, J. S. Foster, and M. Hicks. Existential label flow inference via CFL reachability. In SAS’06, volume 4134 of LNCS, pages 88–106. Springer, 2006. Google ScholarDigital Library
- R. Rugina and M. C. Rinard. Symbolic bounds analysis of pointers, array indices, and accessed memory regions. ACM Trans. Prog. Lang. Syst., 27(2):185–235, 2005. Google ScholarDigital Library
- M. D. Schwarz, H. Seidl, V. Vojdani, and K. Apinis. Precise analysis of value-dependent synchronization in priority scheduled programs. In VMCAI’14, volume 8318 of LNCS, pages 21–38. Springer, 2014. Google ScholarDigital Library
- H. Seidl and V. Vojdani. Region analysis for race detection. In SAS’09, volume 5673 of LNCS, pages 171–187. Springer, 2009. Google ScholarDigital Library
- H. Seidl, V. Vene, and M. Müller-Olm. Global invariants for analyzing multithreaded applications. Proc. of the Estonian Academy of Sciences: Phys., Math., 52(4):413–436, 2003.Google Scholar
- H. Seidl, V. Vojdani, and V. Vene. A smooth combination of linear and Herbrand equalities for polynomial time must-alias analysis. In FM’09, volume 5850 of LNCS, pages 644–659. Springer, 2009. Google ScholarDigital Library
- M. Sharir and A. Pnueli. Two approaches to interprocedural data flow analysis. In N. Jones and S. Muchnick, editors, Program Flow Analysis: Theory and Applications, pages 189– 234. Prentice Hall, 1981.Google Scholar
- P. E. Shved, V. S. Mutilin, and M. U. Mandrykin. Experience of improving the blast static verification tool. Programming and Computer Software, 38(3):134–142, May 2012. Google ScholarDigital Library
- E. Tomasco, O. Inverso, B. Fischer, S. L. Torre, and G. Parlato. Verifying Concurrent Programs by Memory Unwinding. In Tools and Algorithms for the Construction and Analysis of Systems, pages 551–565. LNCSS 9035, Springer Berlin Heidelberg, 2015. Google ScholarDigital Library
- V. Vafeiadis. RGSep action inference. In VMCAI’10, volume 5944 of LNCS, pages 345–361. Springer, 2010. Google ScholarDigital Library
- V. Vojdani and V. Vene. Goblint: Path-sensitive data race analysis. Annales Univ. Sci. Budapest., Sect. Comp., 30:141–155, 2009.Google Scholar
- J. W. Voung, R. Jhala, and S. Lerner. RELAY: static race detection on millions of lines of code. In ESEC/FSE’07, pages 205–214. ACM Press, 2007. Google ScholarDigital Library
Index Terms
- Static race detection for device drivers: the Goblint approach
Recommendations
RacerD: compositional static race detection
Automatic static detection of data races is one of the most basic problems in reasoning about concurrency. We present RacerD—a static program analysis for detecting data races in Java programs which is fast, can scale to large code, and has proven ...
Static analysis for concurrent programs with applications to data race detection
We propose a general framework for static analysis of concurrent multi-threaded programs in the presence of various types of synchronization primitives such as locks and pairwise rendezvous. In order to capture interference between threads, we use the ...
Static lock capabilities for deadlock freedom
TLDI '12: Proceedings of the 8th ACM SIGPLAN workshop on Types in language design and implementationWe present a technique --- lock capabilities --- for statically verifying that multithreaded programs with locks will not deadlock. Most previous work on deadlock prevention requires a strict total order on all locks held simultaneously by a thread, but ...
Comments