Data Races are Bad Race: two threads access memory without - - PowerPoint PPT Presentation

data races are bad
SMART_READER_LITE
LIVE PREVIEW

Data Races are Bad Race: two threads access memory without - - PowerPoint PPT Presentation

Oct 18, 2022 508 likes •1.29k views

C ONTEXT - SENSITIVE C ORRELATION A NALYSIS FOR D ETECTING R ACES Polyvios Pratikakis Jeff Foster Michael Hicks University of Maryland, College Park Context-sensitive Correlation Analysis for Detecting Races p.1/ ?? Data Races are Bad

slide-1
SLIDE 1

CONTEXT-SENSITIVE CORRELATION ANALYSIS FOR DETECTING RACES

Polyvios Pratikakis Jeff Foster Michael Hicks University of Maryland, College Park

Context-sensitive Correlation Analysis for Detecting Races – p.1/??

slide-2
SLIDE 2

Data Races are Bad

Race: two threads access memory without synchronization and at least one is a write Races are bad: August 14th 2004, Northeastern Blackout 1985-1987, Therac-25 medical accelerator Programs with races are difficult to understand

Context-sensitive Correlation Analysis for Detecting Races – p.2/??

slide-3
SLIDE 3

A way to prevent races

Shared locations ρ Locks ℓ Correlation ρ ⊲ℓ: Lock ℓ is correlated with pointer ρ if-f ℓ is held while ρ is accessed Consistent correlation: A given pointer ρ is only correlated with one lock ℓ Assert that every shared location ρ is consistently correlated with a single lock ℓ

Context-sensitive Correlation Analysis for Detecting Races – p.3/??

slide-4
SLIDE 4

Contribution

Inference of correlation between locks and pointers for C: Universal and Existential context sensitivity in correlation propagation Sound race detection using assertion of consistent correlation It works: we found races!

Context-sensitive Correlation Analysis for Detecting Races – p.4/??

slide-5
SLIDE 5

This presentation

Correlation Inference Universal and Existential context sensitivity Linearity of locks Lock State (which locks are held at every program point?) Experimental Results

Context-sensitive Correlation Analysis for Detecting Races – p.5/??

slide-6
SLIDE 6

Type Based Analysis

Annotate types with labels:

pthread_mutex_t → pthread_mutex_tℓ

τ* → τ*ρ

Create constraints among labels to capture data flow and correlation Dereferencing ρ while ℓ is held: ρ ⊲ℓ Aliasing ρ to ρ′: ρ ≤ ρ′ Aliasing ℓ to ℓ′: ℓ = ℓ′ Solve constraints to close the relation ρ ⊲ℓ Verify consistent correlation of every shared ρ with a single lock ℓ for all dereferences of ρ

Context-sensitive Correlation Analysis for Detecting Races – p.6/??

slide-7
SLIDE 7

Correlation

pthread mutex t L1 = ...; int x; // &x: int* void munge(pthread mutex t *l, int * p) { pthread mutex lock(l); *p = 3; pthread mutex unlock(l);

}

... munge(&L1, &x);

Context-sensitive Correlation Analysis for Detecting Races – p.7/??

slide-8
SLIDE 8

Correlation

pthread mutex tℓ1 L1 = ...; int x; // &x: int*ρx void munge(pthread mutex tℓ *l, int *ρ p) { pthread mutex lock(l); *p = 3; pthread mutex unlock(l);

}

... munge(&L1, &x);

ρx ℓ1 ρ ℓ

munge

Context-sensitive Correlation Analysis for Detecting Races – p.8/??

slide-9
SLIDE 9

Correlation

pthread mutex tℓ1 L1 = ...; int x; // &x: int*ρx void munge(pthread mutex tℓ *l, int *ρ p) { pthread mutex lock(l); *p = 3; pthread mutex unlock(l);

}

... munge(&L1, &x);

ρx ℓ1 ρ ℓ

munge

Context-sensitive Correlation Analysis for Detecting Races – p.8/??

slide-10
SLIDE 10

Correlation

pthread mutex tℓ1 L1 = ...; int x; // &x: int*ρx void munge(pthread mutex tℓ *l, int *ρ p) { pthread mutex lock(l); *p = 3; pthread mutex unlock(l);

}

... munge(&L1, &x);

ρx ℓ1 ρ ℓ

munge

Context-sensitive Correlation Analysis for Detecting Races – p.8/??

slide-11
SLIDE 11

Correlation

pthread mutex tℓ1 L1 = ...; int x; // &x: int*ρx void munge(pthread mutex tℓ *l, int *ρ p) { pthread mutex lock(l); *p = 3; pthread mutex unlock(l);

}

... munge(&L1, &x);

ρx ℓ1 ρ ℓ

munge ⊲

Context-sensitive Correlation Analysis for Detecting Races – p.8/??

slide-12
SLIDE 12

Correlation

pthread mutex tℓ1 L1 = ...; int x; // &x: int*ρx void munge(pthread mutex tℓ *l, int *ρ p) { pthread mutex lock(l); *p = 3; pthread mutex unlock(l);

}

... munge(&L1, &x);

ρx ℓ1 ρ ℓ

munge ⊲ ⊲

Context-sensitive Correlation Analysis for Detecting Races – p.8/??

slide-13
SLIDE 13

Context Sensitivity

pthread mutex tℓ1 L1 = ..., ℓ2 L2 = ...; int x, y, z; // ρx,

  • ρy
  • , ρz

void munge(pthread mutex tℓ *l, int *ρ p) { pthread mutex lock(l); *p = 3; pthread mutex unlock(l);

}

... munge(&L1, &x); munge(&L2, &y); munge(&L2, &z);

ρx ρy ρz ℓ1 ℓ2 ρ ℓ

munge ⊲

Context-sensitive Correlation Analysis for Detecting Races – p.9/??

slide-14
SLIDE 14

Context Sensitivity

pthread mutex tℓ1 L1 = ..., ℓ2 L2 = ...; int x, y, z; // ρx,

  • ρy
  • , ρz

void munge(pthread mutex tℓ *l, int *ρ p) { pthread mutex lock(l); *p = 3; pthread mutex unlock(l);

}

... munge(&L1, &x); munge(&L2, &y); munge(&L2, &z);

ρx ρy ρz ℓ1 ℓ2 ρ ℓ

munge ⊲

Context-sensitive Correlation Analysis for Detecting Races – p.9/??

slide-15
SLIDE 15

Context Sensitivity

pthread mutex tℓ1 L1 = ..., ℓ2 L2 = ...; int x, y, z; // ρx,

  • ρy
  • , ρz

void munge(pthread mutex tℓ *l, int *ρ p) { pthread mutex lock(l); *p = 3; pthread mutex unlock(l);

}

... munge(&L1, &x); munge(&L2, &y); munge(&L2, &z);

ρx ρy ρz ℓ1 ℓ2 ρ ℓ

munge ⊲

Context-sensitive Correlation Analysis for Detecting Races – p.9/??

slide-16
SLIDE 16

Context Sensitivity

pthread mutex tℓ1 L1 = ..., ℓ2 L2 = ...; int x, y, z; // ρx,

  • ρy
  • , ρz

void munge(pthread mutex tℓ *l, int *ρ p) { pthread mutex lock(l); *p = 3; pthread mutex unlock(l);

}

... munge(&L1, &x); munge(&L2, &y); munge(&L2, &z);

ρx ρy ρz ℓ1 ℓ2 ρ ℓ

munge ⊲ ⊲ ⊲

Context-sensitive Correlation Analysis for Detecting Races – p.9/??

slide-17
SLIDE 17

Context Sensitivity

pthread mutex tℓ1 L1 = ..., ℓ2 L2 = ...; int x, y, z; // ρx,

  • ρy
  • , ρz

void munge(pthread mutex tℓ *l, int *ρ p) { pthread mutex lock(l); *p = 3; pthread mutex unlock(l);

}

... munge1(&L1, &x); munge2(&L2, &y); munge3(&L2, &z);

ρx ρy ρz ℓ1 ℓ2 ρ ℓ

munge ⊲ (1 (1)1 (1 (1)1

Context-sensitive Correlation Analysis for Detecting Races – p.9/??

slide-18
SLIDE 18

Context Sensitivity

pthread mutex tℓ1 L1 = ..., ℓ2 L2 = ...; int x, y, z; // ρx,

  • ρy
  • , ρz

void munge(pthread mutex tℓ *l, int *ρ p) { pthread mutex lock(l); *p = 3; pthread mutex unlock(l);

}

... munge1(&L1, &x); munge2(&L2, &y); munge3(&L2, &z);

ρx ρy ρz ℓ1 ℓ2 ρ ℓ

munge ⊲ (1 (1)1 ⊲

Context-sensitive Correlation Analysis for Detecting Races – p.9/??

slide-19
SLIDE 19

Context Sensitivity

pthread mutex tℓ1 L1 = ..., ℓ2 L2 = ...; int x, y, z; // ρx,

  • ρy
  • , ρz

void munge(pthread mutex tℓ *l, int *ρ p) { pthread mutex lock(l); *p = 3; pthread mutex unlock(l);

}

... munge1(&L1, &x); munge2(&L2, &y); munge3(&L2, &z);

ρx ρy ρz ℓ1 ℓ2 ρ ℓ

munge ⊲ (2 (2)2 (2 (2)2

Context-sensitive Correlation Analysis for Detecting Races – p.9/??

slide-20
SLIDE 20

Context Sensitivity

pthread mutex tℓ1 L1 = ..., ℓ2 L2 = ...; int x, y, z; // ρx,

  • ρy
  • , ρz

void munge(pthread mutex tℓ *l, int *ρ p) { pthread mutex lock(l); *p = 3; pthread mutex unlock(l);

}

... munge1(&L1, &x); munge2(&L2, &y); munge3(&L2, &z);

ρx ρy ρz ℓ1 ℓ2 ρ ℓ

munge ⊲ (2 (2)2 ⊲

Context-sensitive Correlation Analysis for Detecting Races – p.9/??

slide-21
SLIDE 21

Context Sensitivity

pthread mutex tℓ1 L1 = ..., ℓ2 L2 = ...; int x, y, z; // ρx,

  • ρy
  • , ρz

void munge(pthread mutex tℓ *l, int *ρ p) { pthread mutex lock(l); *p = 3; pthread mutex unlock(l);

}

... munge1(&L1, &x); munge2(&L2, &y); munge3(&L2, &z);

ρx ρy ρz ℓ1 ℓ2 ρ ℓ

munge ⊲ (3 (3)3 (3 (3)3

Context-sensitive Correlation Analysis for Detecting Races – p.9/??

slide-22
SLIDE 22

Context Sensitivity

pthread mutex tℓ1 L1 = ..., ℓ2 L2 = ...; int x, y, z; // ρx,

  • ρy
  • , ρz

void munge(pthread mutex tℓ *l, int *ρ p) { pthread mutex lock(l); *p = 3; pthread mutex unlock(l);

}

... munge1(&L1, &x); munge2(&L2, &y); munge3(&L2, &z);

ρx ρy ρz ℓ1 ℓ2 ρ ℓ

munge ⊲ (3 (3)3 ⊲

Context-sensitive Correlation Analysis for Detecting Races – p.9/??

slide-23
SLIDE 23

Context Sensitivity

pthread mutex tℓ1 L1 = ..., ℓ2 L2 = ...; int x, y, z; // ρx,

  • ρy
  • , ρz

void munge(pthread mutex tℓ *l, int *ρ p) { pthread mutex lock(l); *p = 3; pthread mutex unlock(l);

}

... munge1(&L1, &x); munge2(&L2, &y); munge3(&L2, &z);

ρx ρy ρz ℓ1 ℓ2 ρ ℓ

munge ⊲ ⊲ ⊲ ⊲

Context-sensitive Correlation Analysis for Detecting Races – p.9/??

slide-24
SLIDE 24

Existential Context Sensitivity

Often, locks exist in data structures:

struct foo { pthread mutex tℓ lock; int*ρ data; };

Impossible to track locks precisely

Context-sensitive Correlation Analysis for Detecting Races – p.10/??

slide-25
SLIDE 25

Existential Context Sensitivity

struct fooℓ,ρ s; if(...)

{

s.lock = &L1; s.data = &x;

} else {

s.lock = &L2; s.data = &y;

}

pthread mutex lock(s.lock); *(s.data) = 3; pthread mutex unlock(s.lock);

ℓ1 ρx ℓ2 ρy ℓ ρ

Context-sensitive Correlation Analysis for Detecting Races – p.11/??

slide-26
SLIDE 26

Existential Context Sensitivity

struct fooℓ,ρ s; if(...)

{

s.lock = &L1; s.data = &x;

} else {

s.lock = &L2; s.data = &y;

}

pthread mutex lock(s.lock); *(s.data) = 3; pthread mutex unlock(s.lock);

ℓ1 ρx ℓ2 ρy ℓ ρ

Context-sensitive Correlation Analysis for Detecting Races – p.11/??

slide-27
SLIDE 27

Existential Context Sensitivity

struct fooℓ,ρ s; if(...)

{

s.lock = &L1; s.data = &x;

} else {

s.lock = &L2; s.data = &y;

}

pthread mutex lock(s.lock); *(s.data) = 3; pthread mutex unlock(s.lock);

ℓ1 ρx ℓ2 ρy ℓ ρ

Context-sensitive Correlation Analysis for Detecting Races – p.11/??

slide-28
SLIDE 28

Existential Context Sensitivity

struct fooℓ,ρ s; if(...)

{

s.lock = &L1; s.data = &x;

} else {

s.lock = &L2; s.data = &y;

}

pthread mutex lock(s.lock); *(s.data) = 3; pthread mutex unlock(s.lock);

ℓ1 ρx ℓ2 ρy ℓ ρ

⊲ ⊲ ⊲

Context-sensitive Correlation Analysis for Detecting Races – p.11/??

slide-29
SLIDE 29

Existential Context Sensitivity

struct fooℓ,ρ s; if(...) pack1(s)

{

s.lock = &L1; s.data = &x;

} else {

s.lock = &L2; s.data = &y;

}

pthread mutex lock(s.lock); *(s.data) = 3; pthread mutex unlock(s.lock);

ℓ1 ρx ℓ2 ρy ℓ ρ

⊲ (1)1 (1

Context-sensitive Correlation Analysis for Detecting Races – p.11/??

slide-30
SLIDE 30

Existential Context Sensitivity

struct fooℓ,ρ s; if(...) pack1(s)

{

s.lock = &L1; s.data = &x;

} else {

s.lock = &L2; s.data = &y;

}

pthread mutex lock(s.lock); *(s.data) = 3; pthread mutex unlock(s.lock);

ℓ1 ρx ℓ2 ρy ℓ ρ

⊲ (1)1 (1 ⊲

Context-sensitive Correlation Analysis for Detecting Races – p.11/??

slide-31
SLIDE 31

Existential Context Sensitivity

struct fooℓ,ρ s; if(...) pack1(s)

{

s.lock = &L1; s.data = &x;

} else

pack2(s)

{

s.lock = &L2; s.data = &y;

}

pthread mutex lock(s.lock); *(s.data) = 3; pthread mutex unlock(s.lock);

ℓ1 ρx ℓ2 ρy ℓ ρ

⊲ (2)2 (2

Context-sensitive Correlation Analysis for Detecting Races – p.11/??

slide-32
SLIDE 32

Existential Context Sensitivity

struct fooℓ,ρ s; if(...) pack1(s)

{

s.lock = &L1; s.data = &x;

} else

pack2(s)

{

s.lock = &L2; s.data = &y;

}

pthread mutex lock(s.lock); *(s.data) = 3; pthread mutex unlock(s.lock);

ℓ1 ρx ℓ2 ρy ℓ ρ

⊲ (2)2 (2 ⊲

Context-sensitive Correlation Analysis for Detecting Races – p.11/??

slide-33
SLIDE 33

Existential Context Sensitivity

struct fooℓ,ρ s; if(...) pack1(s)

{

s.lock = &L1; s.data = &x;

} else

pack2(s)

{

s.lock = &L2; s.data = &y;

}

pthread mutex lock(s.lock); *(s.data) = 3; pthread mutex unlock(s.lock);

ℓ1 ρx ℓ2 ρy ℓ ρ

⊲ ⊲ ⊲

Context-sensitive Correlation Analysis for Detecting Races – p.11/??

slide-34
SLIDE 34

Linearity of locks

Each lock label ℓ represents one or more run-time locks Locks ℓ have to be linear to check consistent correlation If ℓ can represent more than one run-time lock and is acquired, which run-time lock is acquired? Locks ℓ have to be linear to track their state precisely Challenges: dynamic allocation of locks want to avoid being overly conservative in loops

Context-sensitive Correlation Analysis for Detecting Races – p.12/??

slide-35
SLIDE 35

Linearity Effects

Prevent simply unifying every ℓ - assert linearity Each expression has a linearity effect ε Allocating a fresh lock has a fresh singleton effect {ℓ} Effect of composite expressions is disjoint union (⊎) of effects Filter effects to remove any ℓ that does not escape

Context-sensitive Correlation Analysis for Detecting Races – p.13/??

slide-36
SLIDE 36

Linearity Example

pthread mutex t L1ℓ1, L2ℓ2, *lℓ; int x; // &x: int*ρx pthread mutex init(&L1); pthread mutex init(&L2); if(...) l = &L1; else l = &L2; pthread mutex lock(&l); x = 3; pthread mutex unlock(&l);

ℓ1 ℓ2 ρ ℓ

Context-sensitive Correlation Analysis for Detecting Races – p.14/??

slide-37
SLIDE 37

Linearity Example

pthread mutex t L1ℓ1, L2ℓ2, *lℓ; int x; // &x: int*ρx pthread mutex init(&L1); pthread mutex init(&L2); if(...) l = &L1; else l = &L2; pthread mutex lock(&l); x = 3; pthread mutex unlock(&l);

ℓ1 ℓ2 ρ ℓ

Context-sensitive Correlation Analysis for Detecting Races – p.14/??

slide-38
SLIDE 38

Linearity Example

pthread mutex t L1ℓ1, L2ℓ2, *lℓ; int x; // &x: int*ρx pthread mutex init(&L1); pthread mutex init(&L2); if(...) l = &L1; else l = &L2; pthread mutex lock(&l); x = 3; pthread mutex unlock(&l);

ℓ1 ℓ2 ρ ℓ

Context-sensitive Correlation Analysis for Detecting Races – p.14/??

slide-39
SLIDE 39

Linearity Example

pthread mutex t L1ℓ1, L2ℓ2, *lℓ; int x; // &x: int*ρx pthread mutex init(&L1); {ℓ1} pthread mutex init(&L2); {ℓ2} if(...) l = &L1; / else l = &L2; / pthread mutex lock(&l); / x = 3; pthread mutex unlock(&l); /

ℓ1 ℓ2 ρ ℓ

Context-sensitive Correlation Analysis for Detecting Races – p.14/??

slide-40
SLIDE 40

Linearity Example

pthread mutex t L1ℓ1, L2ℓ2, *lℓ; int x; // &x: int*ρx pthread mutex init(&L1); {ℓ1} pthread mutex init(&L2); {ℓ2} if(...) l = &L1; / else l = &L2; / pthread mutex lock(&l); / x = 3; pthread mutex unlock(&l); /

{ℓ1}⊎{ℓ2} ℓ1 ℓ2 ρ ℓ

Context-sensitive Correlation Analysis for Detecting Races – p.14/??

slide-41
SLIDE 41

Linearity Example

pthread mutex t L1ℓ1, L2ℓ2, *lℓ; int x; // &x: int*ρx pthread mutex init(&L1); {ℓ1} pthread mutex init(&L2); {ℓ2} if(...) l = &L1; / else l = &L2; / pthread mutex lock(&l); / x = 3; pthread mutex unlock(&l); /

ℓ1 = ℓ2 ℓ1 ℓ2 ρ ℓ

Context-sensitive Correlation Analysis for Detecting Races – p.14/??

slide-42
SLIDE 42

Lock State

Create context sensitive control-flow graph: For every program point create a state variable ψ

ψ nodes have kinds (Acquire, Release, Newlock, Deref, etc.) ψ − → ψ′: control flow ψ

(i

− → ψ′: control enters function at the context of call site i ψ

)i

− → ψ′: function returns control at context of call site i

Context-sensitive Correlation Analysis for Detecting Races – p.15/??

slide-43
SLIDE 43

Lock State

Data-flow analysis solving on the ψ control-flow graph Transfer function for every ψ depends on its kind Acquired set propagation across contexts uses

(i

− → and

)i

− →

edges

Context-sensitive Correlation Analysis for Detecting Races – p.16/??

slide-44
SLIDE 44

Lock State Example

ψin ψ1 ψ2 ψ3 ψout ψcall ψret

pthread mutex tℓ1 L1 = ...; int x; // &x: int*ρx void munge(pthread mutex tℓ *l, int *ρ p) { pthread mutex lock(l); *p = 3; pthread mutex unlock(l);

}

... mungei(&L1, &x);

ρx ℓ1 ρ ℓ

munge (i)i (i

Context-sensitive Correlation Analysis for Detecting Races – p.17/??

slide-45
SLIDE 45

Lock State Example

ψin ψ1 ψ2 ψ3 ψout ψcall ψret

pthread mutex tℓ1 L1 = ...; int x; // &x: int*ρx void munge(pthread mutex tℓ *l, int *ρ p) { pthread mutex lock(l); *p = 3; pthread mutex unlock(l);

}

... mungei(&L1, &x);

ρx ℓ1 ρ ℓ

munge (i)i (i

Context-sensitive Correlation Analysis for Detecting Races – p.17/??

slide-46
SLIDE 46

Lock State Example

ψin ψ1 ψ2 ψ3 ψout ψcall ψret

(i )i

pthread mutex tℓ1 L1 = ...; int x; // &x: int*ρx void munge(pthread mutex tℓ *l, int *ρ p) { pthread mutex lock(l); *p = 3; pthread mutex unlock(l);

}

... mungei(&L1, &x);

ρx ℓ1 ρ ℓ

munge (i)i (i

Context-sensitive Correlation Analysis for Detecting Races – p.17/??

slide-47
SLIDE 47

Lock State Example

ψin ψ1 ψ2 ψ3 ψout ψcall ψret

(i )i

pthread mutex tℓ1 L1 = ...; int x; // &x: int*ρx void munge(pthread mutex tℓ *l, int *ρ p) { pthread mutex lock(l); *p = 3; pthread mutex unlock(l);

}

... mungei(&L1, &x);

ρx ℓ1 ρ ℓ

munge (i)i (i

Context-sensitive Correlation Analysis for Detecting Races – p.17/??

slide-48
SLIDE 48

Lock State Example

ψin ψ1 ψ2 ψ3 ψout ψcall ψret

(i )i

pthread mutex tℓ1 L1 = ...; int x; // &x: int*ρx void munge(pthread mutex tℓ *l, int *ρ p) { pthread mutex lock(l); *p = 3; pthread mutex unlock(l);

}

... mungei(&L1, &x);

ρx ℓ1 ρ ℓ

munge (i)i (i

A c q u i r e d

Context-sensitive Correlation Analysis for Detecting Races – p.17/??

slide-49
SLIDE 49

Lock State Example

ψin ψ1 ψ2 ψ3 ψout ψcall ψret

(i )i

pthread mutex tℓ1 L1 = ...; int x; // &x: int*ρx void munge(pthread mutex tℓ *l, int *ρ p) { pthread mutex lock(l); *p = 3; pthread mutex unlock(l);

}

... mungei(&L1, &x);

ρx ℓ1 ρ ℓ

munge (i)i (i

Dereferenced

Context-sensitive Correlation Analysis for Detecting Races – p.17/??

slide-50
SLIDE 50

Lock State Example

ψin ψ1 ψ2 ψ3 ψout ψcall ψret

(i )i

pthread mutex tℓ1 L1 = ...; int x; // &x: int*ρx void munge(pthread mutex tℓ *l, int *ρ p) { pthread mutex lock(l); *p = 3; pthread mutex unlock(l);

}

... mungei(&L1, &x);

ρx ℓ1 ρ ℓ

munge (i)i (i

Released

Context-sensitive Correlation Analysis for Detecting Races – p.17/??

slide-51
SLIDE 51

Lock State Example

ψin ψ1 ψ2 ρ ℓ ψ3 ψout

ψcall ψret ρx ℓ1

(i )i (i)i (i Acq Rel Dere f

Context-sensitive Correlation Analysis for Detecting Races – p.18/??

slide-52
SLIDE 52

Lock State Example

ψin ψ1 ψ2 ρ ℓ ψ3 ψout

ψcall ψret ρx ℓ1

(i )i (i)i (i Acq Rel Dere f Rel

Context-sensitive Correlation Analysis for Detecting Races – p.18/??

slide-53
SLIDE 53

Lock State Example

ψin ψ1 ψ2 ρ ℓ ψ3 ψout

ψcall ψret ρx ℓ1

(i )i (i)i (i Acq Rel Dere f Rel

Context-sensitive Correlation Analysis for Detecting Races – p.18/??

slide-54
SLIDE 54

Lock State Example

ψin ψ1 ψ2 ρ ℓ ψ3 ψout

ψcall ψret ρx ℓ1

(i )i (i)i (i Acq Rel Dere f Rel Rel (i)i )i

Context-sensitive Correlation Analysis for Detecting Races – p.18/??

slide-55
SLIDE 55

Lock State Example

ψin ψ1 ψ2 ρ ℓ ψ3 ψout

ψcall ψret ρx ℓ1

(i )i (i)i (i Acq Rel Dere f Rel Rel

Context-sensitive Correlation Analysis for Detecting Races – p.18/??

slide-56
SLIDE 56

Implementation

LOCKSMITH: implementation for C

Increase precision of the analysis using void * inference Reduce memory footprint with lazy struct field expansion Liveness/uniqueness analysis reduce false positives when an (eventually) shared location variable is provably still thread-local Continuation read/write effects used to precisely find shared locations at fork points

Context-sensitive Correlation Analysis for Detecting Races – p.19/??

slide-57
SLIDE 57

void *

Each occurence of a void * pointer is annotated with a type list Any time a type τ is cast to or from a void *, we add τ to the list Track flow and instantiations of void * types Simple worklist algorithm: For every list with > 2 elements, conflate all labels Unify type lists if there is flow between void * types For void * instantiation, unify with an instance of the type list For every singleton type void *, treat it as τ

Context-sensitive Correlation Analysis for Detecting Races – p.20/??

slide-58
SLIDE 58

Lazy struct fields

Annotate every struct type with an empty list of fields Whenever a field is used, add it to the list Worklist solving algorithm: Unify field lists if there is flow between struct types Track instantiations of struct types and instantiate field lists

Context-sensitive Correlation Analysis for Detecting Races – p.21/??

slide-59
SLIDE 59

Uniqueness

int* shared; /* shared global pointer */ f() { int* x = (int *) malloc(sizeof(int)); *x = 2; /* x is not yet shared */ shared = x; /* x becomes shared */

}

Very simple uniqueness analysis “filters” some unnecessary checks Reduced number of false positives Still sound

Context-sensitive Correlation Analysis for Detecting Races – p.22/??

slide-60
SLIDE 60

Experiments

Benchmark Size Time Warn. Unguarded Races (KLOC) aget 1.6 2s 7 2 2 knot 1.4 5s 8 8 8 ctrace 1.4 6s 3 3 1 freshclam 55 51m 11 esp 16.2 91s 19 1 1 plip 18.2 60s 1 synclink 23.6 16m 2 consolemap 14.1 1s 1 serial_core 15.2 26s ide-disk 18.9 7s

Context-sensitive Correlation Analysis for Detecting Races – p.23/??

slide-61
SLIDE 61

Experiments

Benchmark All off Unique

void*

Exists aget 9 9 7 — knot 31 26 22 8 ctrace 4 4 3 — freshclam 37 21 19 11 esp 37 21 19 — plip 1 1 1 — synclink 2 2 2 — consolemap 1 1 1 — serial_core — ide-disk —

Context-sensitive Correlation Analysis for Detecting Races – p.24/??

slide-62
SLIDE 62

Conclusions - Future Work

Contribution: Formalized correlation inference system with universal and existential context sensitivity Proof of soundness Implementation for C Future work: Apply correlation inference to other relations: pointers correlated with allocation regions arrays correlated with integer lengths Infer synchronization for programs with atomic regions

Context-sensitive Correlation Analysis for Detecting Races – p.25/??

slide-63
SLIDE 63

Formal language

e ::= x | v | e1 e2 | if0 e0 then e1 else e2 | (e1,e2) | e.j | let f = v in e2 | fix f.v | f i |

newlock | ref e | !e2 e1 | e1 :=e3 e2

v ::= n | λx.e | (v1,v2)

Context-sensitive Correlation Analysis for Detecting Races – p.26/??

slide-64
SLIDE 64

Types

τ ::= int | τ×τ | τ →ε τ′ |

lock ℓ | ref ρ τ

l ::= ℓ | ρ ε ::= / 0 | {ℓ} | χ | ε⊎ε′ | ε∪ε′ σ ::= (∀.τ, l) C ::= / 0 | {c} | C ∪C c ::= ℓ = ℓ′ | ρ ≤ ρ′ | ρ ⊲ℓ | ε ≤ χ | ε ≤

  • l χ | effect(τ) = /

| ℓ i ℓ′ | ρ i

p ρ′ | ε i χ

Context-sensitive Correlation Analysis for Detecting Races – p.27/??

slide-65
SLIDE 65

Type rules

[Lam] C;Γ,x : τ ⊢ e : τ′;ε

C ⊢ ε ≤ χ χ fresh C;Γ ⊢ λx.e : τ →χ τ′; /

[App]

C;Γ ⊢ e1 : τ →ε τ′;ε1 C;Γ ⊢ e2 : τ;ε2 C;Γ ⊢ e1 e2 : τ′;ε1 ⊎ε2 ⊎ε

[Newlock]

ℓ fresh C;Γ ⊢ newlock : lock ℓ;{ℓ}

Context-sensitive Correlation Analysis for Detecting Races – p.28/??

slide-66
SLIDE 66

Type rules

[Ref] C;Γ ⊢ e : τ;ε

ρ fresh C;Γ ⊢ ref e : ref ρ τ;ε

[Deref]

C;Γ ⊢ e1 : ref ρ τ;ε1 C;Γ ⊢ e2 : lock ℓ;ε2 C ⊢ ρ ⊲ℓ C;Γ ⊢ !e2 e1 : τ;ε1 ⊎ε2

[Assign]

C;Γ ⊢ e1 : ref ρ τ;ε1 C;Γ ⊢ e2 : τ;ε2 C;Γ ⊢ e3 : lock ℓ;ε3 C ⊢ ρ ⊲ℓ C;Γ ⊢ e1 :=e3 e2 : τ;ε1 ⊎ε2 ⊎ε3

Context-sensitive Correlation Analysis for Detecting Races – p.29/??

slide-67
SLIDE 67

Polymorphic Type Rules

[Let]

C;Γ ⊢ v1 : τ1; /

  • l = fl(Γ)

C;Γ, f : (∀.τ1, l) ⊢ e2 : τ2;ε C;Γ ⊢ let f = v1 in e2 : τ2;ε

[Inst] C ⊢ τ i

+ τ′

C ⊢ l i

±

l C;Γ, f : (∀.τ, l) ⊢ f i : τ′; /

Context-sensitive Correlation Analysis for Detecting Races – p.30/??

slide-68
SLIDE 68

Polymorphic Type Rules

[Fix]

C;Γ, f : (∀.τ, l) ⊢ v : τ′; /

  • l = fl(Γ)

C ⊢ τ′ ≤ τ C ⊢ τ i

+ τ′′

C ⊢ l i

±

l C ⊢ effect(τ) = / C;Γ ⊢ fix f.v : τ′′; /

[Down]

C;Γ ⊢ e : τ;ε

  • l = fl(Γ)∪fl(τ)

C ⊢ ε ≤

  • l χ

χ fresh C;Γ ⊢ e : τ;χ

Context-sensitive Correlation Analysis for Detecting Races – p.31/??

slide-69
SLIDE 69

Inst

[Inst-Ref]

C ⊢ ρ i

p ρ′

C ⊢ τ i

± τ′

C ⊢ ref ρ τ i

p ref ρ′ τ′

[Inst-Fun]

C ⊢ τ1 i

¯ p τ2

C ⊢ τ′

1 i p τ′ 2

C ⊢ ε1 i ε2 C ⊢ τ1 →ε1 τ′

1 i p τ2 →ε2 τ′ 2

Context-sensitive Correlation Analysis for Detecting Races – p.32/??

slide-70
SLIDE 70

Sub

[Sub-Lock]

C ⊢ ℓ = ℓ′ C ⊢ lock ℓ ≤ lock ℓ′

[Sub-Ref]

C ⊢ ρ ≤ ρ′ C ⊢ τ ≤ τ′ C ⊢ τ′ ≤ τ C ⊢ ref ρ τ ≤ ref ρ′ τ′

[Sub-Fun]

C ⊢ τ2 ≤ τ1 C ⊢ τ′

1 ≤ τ′ 2

C ⊢ ε1 ≤ ε2 C ⊢ τ1 →ε1 τ′

1 ≤ τ2 →ε2 τ′ 2

Context-sensitive Correlation Analysis for Detecting Races – p.33/??

slide-71
SLIDE 71

Constraint Resolution

C ∪{ℓ = ℓ′} ⇒ C[ℓ → ℓ′] C ∪{ρ0 ≤ ρ1}∪{ρ1 ≤ ρ2} ∪ ⇒ {ρ0 ≤ ρ2} C ∪{ℓ0 i ℓ1}∪{ℓ0 i ℓ2} ⇒ C[ℓ2 → ℓ1]∪{ℓ0 i ℓ1} C ∪{ρ1 i

− ρ0}∪{ρ1 ≤ ρ2}∪{ρ2 i + ρ3}

∪ ⇒ {ρ0 ≤ ρ3} C ∪{ρ ≤ ρ′}∪{ρ′ ⊲ℓ} ∪ ⇒ {ρ⊲ℓ} C ∪{ρ i

p ρ′}∪{ρ⊲ℓ}∪{ℓ i ℓ′}

∪ ⇒ {ρ′ ⊲ℓ′}

Context-sensitive Correlation Analysis for Detecting Races – p.34/??

slide-72
SLIDE 72

Constraint Resolution

C ∪{/ 0 ≤ χ} ⇒ C C ∪{ε∪ε′ ≤ χ} ⇒ C ∪{ε ≤ χ}∪{ε′ ≤ χ} C ∪{ε ≤ χ}∪{χ ≤ χ′} ∪ ⇒ {ε ≤ χ′} C ∪{ε ≤ χ}∪{χ ≤

  • l χ′}

∪ ⇒ {ε ≤

  • l χ′}

C ∪{ε ≤ χ}∪{χ i χ′} ∪ ⇒ {ε i χ′}

Context-sensitive Correlation Analysis for Detecting Races – p.35/??

slide-73
SLIDE 73

Constraint Resolution

C ∪{/ 0 i χ} ⇒ C C ∪{{ℓ} i χ} ⇒ C ∪{ℓ i ℓ′}∪{ℓ′ ≤ χ} ℓ′ fresh C ∪{ε⊎ε′ i χ0} ⇒ C ∪{ε i χ}∪{ε′ i χ′} ∪ {χ⊎χ′ ≤ χ0} χ,χ′ fresh C ∪{ε∪ε′ i χ} ⇒ C ∪{ε i χ}∪{ε′ i χ} C ∪{χ i χ′}∪{χ i χ′′} ⇒ C[χ′ → χ′′]∪{χ i χ′}

Context-sensitive Correlation Analysis for Detecting Races – p.36/??

slide-74
SLIDE 74

Constraint Resolution

C ∪{/ 0 ≤

  • l χ}

⇒ C C ∪{{ℓ} ≤

  • l χ}

⇒ C ∪{{ℓ} ≤ χ}

if C ⊢ escapes(ℓ,

l) C ∪{ε⊎ε′ ≤

  • l χ0}

⇒ C ∪{ε ≤

  • l χ}∪{ε′ ≤
  • l χ′}

∪{χ⊎χ′ ≤ χ0} C ∪{ε∪ε′ ≤

  • l χ}

⇒ C ∪{ε ≤

  • l χ}∪{ε′ ≤
  • l χ}

Context-sensitive Correlation Analysis for Detecting Races – p.37/??

slide-75
SLIDE 75

void * results

Benchmark Total Empty Single Type Multiple Types aget 148 56 78 14 knot 181 87 80 14 ctrace 115 57 58 freshclam 5745 1025 2365 2355 esp 754 476 188 90 plip 1310 1187 106 17 synclink 1100 701 151 248 consolemap 110 18 37 55 serial_core 1206 1001 77 128 ide-disk 447 252 97 98

Context-sensitive Correlation Analysis for Detecting Races – p.38/??

slide-76
SLIDE 76

Lazy struct fields results

Benchmark Total Structs Total Fields Used Fields aget 159 1955 252 knot 210 1418 619 ctrace 162 1113 389 freshclam 6982 65582 32822 esp 2439 37286 16462 plip 4119 89343 17706 synclink 7721 197872 111368 consolemap 145 3819 301 serial_core 7463 114149 29238 ide-disk 2352 72923 11011

Context-sensitive Correlation Analysis for Detecting Races – p.39/??