Static Data Race detection for Concurrent Programs with
Asynchronous Calls
Presenter:
M. Amin Alipour
Software Design Laboratory
http://asd.cs.mtu.edu
Outline
• Introduction• Problem Statement• Main Contribution• Solution• Experimental Results
Introduction
• Data Race:– When there is multiple threads
access a shared data and at least one of them write.
Static Data Race Detection
• Given source code of a program determine the possible places that race may occur.
Detection Criteria
– Soundness• Preserving every real data race
– Accuracy• Keeping the bogus warning low
– Scalability• Being efficient in large programs
Subtleties with Static Detection
• Asynchronous Function Call
• Recursion• Accuracy
int h1 (int x) {return x * x;} int h2 (int y) { return y + y;}struct funcType {int (*func) (int);}void f (int x, funcType *g, int *z) {l2: if ( x > 0) { *z = *(g->func) (x); }l3: else { *z = *(g->func) (-x); }}int main () {struct funcType ft;int a, b, p1, p2, z;struct thread t1, t2;....if (p1) {ft.func = &h1;l0: fork (t1, f, a, ft, &z);join (t1);}...if (p2) {ft.func = &h2;l1: fork (t2, f, b, ft, &z);join (t2);
Main Contribution
• An improvement to – Emami, M., Ghiya, R., and Hendren, L. J.
Context-sensitive interprocedural points-to analysis in the presence of function pointers. In Proceedings of the ACM SIGPLAN 1994 Conference on Programming Language Design and Implementation.
Classical Approach
1- Identify shared variables2- Enumerate control location3- Determine lockset (set of locks held on
all accesses to data at the location)4- Determine possible race locations,
by lockset analysis (Empty lockset
indicates possible data races)5- Prune results in Step 4
Concurrent Control Flow Graph
Example
• Emami and et al’s CCFG
• Unrolled CCFG
Strategy to explore CCFG
• Unroll CCFG until no new data flow tuple D=(A,L) visited.– A is set of aliases– L is Lockset
• Would CCFG be finite?– Yes, the worst case is O(|F||P|2|P| 2|
L| )• |F| number of functions• |P| number of functions cardinality of
Steensgaard’s pointers set• |L| set of locks
Assumptions
• The algorithm uses Steensgard’s algorithm for points-to analysis, which results possible pointers that may point to same objects (variable or function)
• The algorithm assumes that number of statements affecting locks,functions and threads are small.
Pruning the result
• It uses a thread order analysis to remove any warning wherein the program location pairs that do not occur.
Pruning algorithm
Concurrent call graph
int h1 (int x) {return x * x;} int h2 (int y) { return y + y;}struct funcType {int (*func) (int);}void f (int x, funcType *g, int *z) {l2: if ( x > 0) { *z = *(g->func) (x); }l3: else { *z = *(g->func) (-x); }}int main () {struct funcType ft;int a, b, p1, p2, z;struct thread t1, t2;....if (p1) {ft.func = &h1;l0: fork (t1, f, a, ft, &z);join (t1);}...if (p2) {ft.func = &h2;l1: fork (t2, f, b, ft, &z);join (t2);
Experimental Results
References . V. Kahlon, N, Sinha, Y. Zhang and E. Kruus. “Static Data Race
Detection for Concurrent Programs Asynchronous Calls” The 7th joint meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (FSE), Amsterdam, The Netherlands. August 2009.