Abstract:RacerD is a static race detector that has been proven to be effective in engineering practice: it has seen thousands of data races fixed by developers before reaching production, and has supported the migration of Facebook's Android app rendering infrastructure from a single-threaded to a multi-threaded architecture. We prove a True Positives Theorem stating that, under certain assumptions, an idealized theoretical version of the analysis never reports a false positive. We also provide an empirical evaluation … Show more
“…Instead, we established a 'completeness' theorem saying that, under certain assumptions, a theoretical variant of the analyzer reports only true positives. 10 The analysis checks for data races in Java programs-two concurrent memory accesses, one of which is a write. The example in Figure 2 (top) illustrates: If we run the Infer on this code it doesn't find a problem.…”
Section: = Revtm->length + 1;mentioning
confidence: 99%
“…5 Another Infer analysis involves recently published research results on concurrency analysis. 2,10 Zoncolan implements a new modular parallel taint analysis algorithm.…”
key insights ˽ Advanced static analysis techniques performing deep reasoning about source code can scale to large industrial codebases, for example, with 100-million LOC. ˽ Static analyses should strike a balance between missed bugs (false negatives) and un-actioned reports (false positives). ˽ A "diff time" deployment, where issues are given to developers promptly as part of code review, is important to catching bugs early and getting high fix rates.
“…Instead, we established a 'completeness' theorem saying that, under certain assumptions, a theoretical variant of the analyzer reports only true positives. 10 The analysis checks for data races in Java programs-two concurrent memory accesses, one of which is a write. The example in Figure 2 (top) illustrates: If we run the Infer on this code it doesn't find a problem.…”
Section: = Revtm->length + 1;mentioning
confidence: 99%
“…5 Another Infer analysis involves recently published research results on concurrency analysis. 2,10 Zoncolan implements a new modular parallel taint analysis algorithm.…”
key insights ˽ Advanced static analysis techniques performing deep reasoning about source code can scale to large industrial codebases, for example, with 100-million LOC. ˽ Static analyses should strike a balance between missed bugs (false negatives) and un-actioned reports (false positives). ˽ A "diff time" deployment, where issues are given to developers promptly as part of code review, is important to catching bugs early and getting high fix rates.
“…Our convention for this nomenclature ensures that no false positives are reported by a sound algorithm [Sergey 2019] and is consistent with prior work on data race prediction [Genç et al 2019;Kini et al 2017;Pavlogiannis 2019;Roemer et al 2018;Smaragdakis et al 2012]. Soundness is often a desirable property for dynamic race predictors for widespread adoption [Gorogiannis et al 2019].…”
Section: Optimal Prediction Of Synchronization-preserving Racesmentioning
Concurrent programs are notoriously hard to write correctly, as scheduling nondeterminism introduces subtle errors that are both hard to detect and to reproduce. The most common concurrency errors are (data) races, which occur when memory-conflicting actions are executed concurrently. Consequently, considerable effort has been made towards developing efficient techniques for race detection. The most common approach is dynamic race prediction: given an observed, race-free trace σ of a concurrent program, the task is to decide whether events of σ can be correctly reordered to a trace σ
*
that witnesses a race hidden in σ.
In this work we introduce the notion of sync(hronization)-preserving races. A sync-preserving race occurs in σ when there is a witness σ
*
in which synchronization operations (e.g., acquisition and release of locks) appear in the same order as in σ. This is a broad definition that strictly subsumes the famous notion of happens-before races. Our main results are as follows. First, we develop a sound and complete algorithm for predicting sync-preserving races. For moderate values of parameters like the number of threads, the algorithm runs in Õ(
N
) time and space, where
N
is the length of the trace σ. Second, we show that the problem has a Ω(
N
/log
2
N
) space lower bound, and thus our algorithm is essentially time and space optimal. Third, we show that predicting races with even just a single reversal of two sync operations is NP-complete and even W1-hard when parameterized by the number of threads. Thus, sync-preservation characterizes exactly the tractability boundary of race prediction, and our algorithm is nearly optimal for the tractable side. Our experiments show that our algorithm is fast in practice, while sync-preservation characterizes races often missed by state-of-the-art methods.
“…It is natural to consider how the ideas of ISL extend to concurrency. The RacerD analyzer [ 25 ] provided a static analysis for data races in concurrent programs; this analysis was provably under-approximate under certain assumptions. RacerD was intuitively inspired by concurrent separation logic (CSL [ 6 ]), but did not match the over-approximate CSL theory (just as Infer did not match SL).…”
Section: Context Related Work and Conclusionmentioning
There has been a large body of work on local reasoning for proving the
absence
of bugs, but none for proving their
presence
. We present a new formal framework for local reasoning about the presence of bugs, building on two complementary foundations: 1) separation logic and 2) incorrectness logic. We explore the theory of this new
incorrectness separation logic
(ISL), and use it to derive a begin-anywhere, intra-procedural symbolic execution analysis that has no false positives
by construction
. In so doing, we take a step towards transferring modular, scalable techniques from the world of program verification to bug catching.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.