Static analysis for concurrent programs with applications to data race detection

We propose a general framework for static analysis of concurrent multi-threaded programs in the presence of various types of synchronization primitives such as locks and pairwise rendezvous. In order to capture interference between threads, we use the notion of a transaction , i.e., a sequence of st...

Full description

Saved in:
Bibliographic Details
Published in:International journal on software tools for technology transfer Vol. 15; no. 4; pp. 321 - 336
Main Authors: Kahlon, Vineet, Sankaranarayanan, Sriram, Gupta, Aarti
Format: Journal Article
Language:English
Published: Berlin/Heidelberg Springer Berlin Heidelberg 01.08.2013
Springer Nature B.V
Subjects:
Computer programs
Computer Science
Concurrent engineering
Data analysis
Graphs
Invariants
Mathematical models
Race
Software
Software Engineering
Software Engineering/Programming and Operating Systems
Static code analysis
Synchronism
Tacas 2009
Theory of Computation
Warning
Transaction graphs
Abstract interpretation
Data race detection
Multi-threaded programs
Static analysis
ISSN:1433-2779, 1433-2787
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:We propose a general framework for static analysis of concurrent multi-threaded programs in the presence of various types of synchronization primitives such as locks and pairwise rendezvous. In order to capture interference between threads, we use the notion of a transaction , i.e., a sequence of statements in a thread that can be executed atomically, without sacrificing the soundness of the analysis while yielding precise results. These transactions are delineated automatically, and are captured in the form of a transaction graph over the global control state space of the program. Starting from a coarse transaction graph, constructed by exploiting scheduling constraints related to synchronizations and partial order reduction, we iteratively refine the graph by removing statically unreachable nodes using the results of various analyses. Specifically, we use abstract interpretation to automatically derive program invariants, based on abstract domains of increasing precision. Progressive refinement of the transaction graph enhances scalability of the static analyses, yielding more precise invariants. We demonstrate the benefits of this framework in an application to find data race bugs in concurrent programs, where our static analyses serve to reduce the number of false warnings captured by an initial lockset analysis. This framework also facilitates use of model checking on the remaining warnings to generate concrete error traces, where we leverage the preceding static analyses to generate small program slices and the derived invariants to improve performance. We describe our experimental results on a suite of Linux device drivers.
Bibliography:SourceType-Scholarly Journals-1
ObjectType-Feature-1
content type line 14
ObjectType-Article-2
content type line 23
ISSN:1433-2779
1433-2787
DOI:10.1007/s10009-013-0274-1