A true positives theorem for a static race detector

Gorogiannis, Nikos; O’Hearn, Peter W.; Sergey, Ilya

doi:10.1145/3290370

Cited by 17 publications

(10 citation statements)

References 33 publications

(42 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Instead, we established a 'completeness' theorem saying that, under certain assumptions, a theoretical variant of the analyzer reports only true positives. 10 The analysis checks for data races in Java programs-two concurrent memory accesses, one of which is a write. The example in Figure 2 (top) illustrates: If we run the Infer on this code it doesn't find a problem.…”

Section: = Revtm->length + 1;mentioning

confidence: 99%

See 1 more Smart Citation

Scaling static analyses at Facebook

et al. 2019

Self Cite

View full text Add to dashboard Cite

key insights ˽ Advanced static analysis techniques performing deep reasoning about source code can scale to large industrial codebases, for example, with 100-million LOC. ˽ Static analyses should strike a balance between missed bugs (false negatives) and un-actioned reports (false positives). ˽ A "diff time" deployment, where issues are given to developers promptly as part of code review, is important to catching bugs early and getting high fix rates.

show abstract

Section: = Revtm->length + 1;mentioning

confidence: 99%

“…5 Another Infer analysis involves recently published research results on concurrency analysis. 2,10 Zoncolan implements a new modular parallel taint analysis algorithm.…”

mentioning

confidence: 99%

Scaling static analyses at Facebook

et al. 2019

Self Cite

View full text Add to dashboard Cite

show abstract

“…Our convention for this nomenclature ensures that no false positives are reported by a sound algorithm [Sergey 2019] and is consistent with prior work on data race prediction [Genç et al 2019;Kini et al 2017;Pavlogiannis 2019;Roemer et al 2018;Smaragdakis et al 2012]. Soundness is often a desirable property for dynamic race predictors for widespread adoption [Gorogiannis et al 2019].…”

Section: Optimal Prediction Of Synchronization-preserving Racesmentioning

confidence: 81%

Optimal prediction of synchronization-preserving races

Mathur

Pavlogiannis

Viswanathan

2021

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

Concurrent programs are notoriously hard to write correctly, as scheduling nondeterminism introduces subtle errors that are both hard to detect and to reproduce. The most common concurrency errors are (data) races, which occur when memory-conflicting actions are executed concurrently. Consequently, considerable effort has been made towards developing efficient techniques for race detection. The most common approach is dynamic race prediction: given an observed, race-free trace σ of a concurrent program, the task is to decide whether events of σ can be correctly reordered to a trace σ * that witnesses a race hidden in σ. In this work we introduce the notion of sync(hronization)-preserving races. A sync-preserving race occurs in σ when there is a witness σ * in which synchronization operations (e.g., acquisition and release of locks) appear in the same order as in σ. This is a broad definition that strictly subsumes the famous notion of happens-before races. Our main results are as follows. First, we develop a sound and complete algorithm for predicting sync-preserving races. For moderate values of parameters like the number of threads, the algorithm runs in Õ( N ) time and space, where N is the length of the trace σ. Second, we show that the problem has a Ω( N /log 2 N ) space lower bound, and thus our algorithm is essentially time and space optimal. Third, we show that predicting races with even just a single reversal of two sync operations is NP-complete and even W1-hard when parameterized by the number of threads. Thus, sync-preservation characterizes exactly the tractability boundary of race prediction, and our algorithm is nearly optimal for the tractable side. Our experiments show that our algorithm is fast in practice, while sync-preservation characterizes races often missed by state-of-the-art methods.

show abstract

“…It is natural to consider how the ideas of ISL extend to concurrency. The RacerD analyzer [ 25 ] provided a static analysis for data races in concurrent programs; this analysis was provably under-approximate under certain assumptions. RacerD was intuitively inspired by concurrent separation logic (CSL [ 6 ]), but did not match the over-approximate CSL theory (just as Infer did not match SL).…”

Section: Context Related Work and Conclusionmentioning

confidence: 99%

Local Reasoning About the Presence of Bugs: Incorrectness Separation Logic

Raad

Berdine

Dang

et al. 2020

Computer Aided Verification

View full text Add to dashboard Cite

There has been a large body of work on local reasoning for proving the absence of bugs, but none for proving their presence . We present a new formal framework for local reasoning about the presence of bugs, building on two complementary foundations: 1) separation logic and 2) incorrectness logic. We explore the theory of this new incorrectness separation logic (ISL), and use it to derive a begin-anywhere, intra-procedural symbolic execution analysis that has no false positives by construction . In so doing, we take a step towards transferring modular, scalable techniques from the world of program verification to bug catching.

show abstract

A true positives theorem for a static race detector

Cited by 17 publications

References 33 publications

Scaling static analyses at Facebook

Scaling static analyses at Facebook

Optimal prediction of synchronization-preserving races

Local Reasoning About the Presence of Bugs: Incorrectness Separation Logic

Contact Info

Product

Resources

About