Taming Win32 Threads with Static Analysis Jason Yang Program Analysis Group Center for Software Excellence (CSE) Microsoft Corporation.

Slides:



Advertisements
Similar presentations
Advanced programming tools at Microsoft
Advertisements

Chapter 6: Process Synchronization
© 2009 Matthew J. Sottile, Timothy G. Mattson, and Craig E Rasmussen 1 Concurrency in Programming Languages Matthew J. Sottile Timothy G. Mattson Craig.
The Path to Multi-core Tools Paul Petersen. Multi-coreToolsThePathTo 2 Outline Motivation Where are we now What is easy to do next What is missing.
1/25 Concurrency and asynchronous computing How do we deal with evaluation when we have a bunch of processors involved?
Operating Systems ECE344 Ding Yuan Synchronization (I) -- Critical region and lock Lecture 5: Synchronization (I) -- Critical region and lock.
/ PSWLAB RacerX: Effective, Static Detection of Race Conditions and Deadlocks by Dawson Engler & Ken Ashcraft (published in SOSP03) Hong,Shin.
Atomicity in Multi-Threaded Programs Prachi Tiwari University of California, Santa Cruz CMPS 203 Programming Languages, Fall 2004.
/ PSWLAB Atomizer: A Dynamic Atomicity Checker For Multithreaded Programs By Cormac Flanagan, Stephen N. Freund 24 th April, 2008 Hong,Shin.
CS 263 Course Project1 Survey: Type Systems for Race Detection and Atomicity Feng Zhou, 12/3/2003.
Summarizing Procedures in Concurrent Programs Shaz Qadeer Sriram K. Rajamani Jakob Rehof Microsoft Research.
Transaction Processing Lecture ACID 2 phase commit.
C. FlanaganSAS’04: Type Inference Against Races1 Type Inference Against Races Cormac Flanagan UC Santa Cruz Stephen N. Freund Williams College.
Modular Verification of Multithreaded Software Shaz Qadeer Compaq Systems Research Center Shaz Qadeer Compaq Systems Research Center Joint work with Cormac.
CS444/CS544 Operating Systems Synchronization 2/21/2007 Prof. Searleman
Lock Inference for Systems Software John Regehr Alastair Reid University of Utah March 17, 2003.
Houdini: An Annotation Assistant for ESC/Java Cormac Flanagan and K. Rustan M. Leino Compaq Systems Research Center.
Synchronization in Java Fawzi Emad Chau-Wen Tseng Department of Computer Science University of Maryland, College Park.
Software Excellence via Program Verification at Microsoft Manuvir Das Center for Software Excellence Microsoft Corporation.
CS533 Concepts of Operating Systems Class 3 Monitors.
PASTE at Microsoft Manuvir Das Center for Software Excellence Microsoft Corporation.
Defect Detection at Microsoft – Where the Rubber Meets the Road Manuvir Das (and too many others to list) Program Analysis Group Center for Software Excellence.
Synchronization CSCI 444/544 Operating Systems Fall 2008.
Symbolic Path Simulation in Path-Sensitive Dataflow Analysis Hari Hampapuram Jason Yue Yang Manuvir Das Center for Software Excellence (CSE) Microsoft.
Discussion Week 3 TA: Kyle Dewey. Overview Concurrency overview Synchronization primitives Semaphores Locks Conditions Project #1.
Exceptions and Mistakes CSE788 John Eisenlohr. Big Question How can we improve the quality of concurrent software?
Thread-modular Abstraction Refinement Thomas A. Henzinger, et al. CAV 2003 Seonggun Kim KAIST CS750b.
C. FlanaganType Systems for Multithreaded Software1 Cormac Flanagan UC Santa Cruz Stephen N. Freund Williams College Shaz Qadeer Microsoft Research.
Multi-core Programming Thread Profiler. 2 Tuning Threaded Code: Intel® Thread Profiler for Explicit Threads Topics Look at Intel® Thread Profiler features.
Unleashing the Power of Static Analysis Manuvir Das Principal Researcher Center for Software Excellence Microsoft Corporation.
Scalable Defect Detection Manuvir Das, Zhe Yang, Daniel Wang Center for Software Excellence Microsoft Corporation.
/ PSWLAB Type-Based Race Detection for J AVA by Cormac Flanagan, Stephen N. Freund 22 nd Feb 2008 presented by Hong,Shin Type-Based.
COMP 111 Threads and concurrency Sept 28, Tufts University Computer Science2 Who is this guy? I am not Prof. Couch Obvious? Sam Guyer New assistant.
Operating Systems ECE344 Ashvin Goel ECE University of Toronto Mutual Exclusion.
Synchronizing Threads with Semaphores
Discussion Week 2 TA: Kyle Dewey. Overview Concurrency Process level Thread level MIPS - switch.s Project #1.
U NIVERSITY OF M ASSACHUSETTS A MHERST Department of Computer Science Computer Systems Principles Synchronization Emery Berger and Mark Corner University.
CSE 153 Design of Operating Systems Winter 2015 Midterm Review.
CSE 153 Design of Operating Systems Winter 2015 Lecture 5: Synchronization.
Software Systems Verification and Validation Laboratory Assignment 4 Model checking Assignment date: Lab 4 Delivery date: Lab 4, 5.
Specifying Multithreaded Java semantics for Program Verification Abhik Roychoudhury National University of Singapore (Joint work with Tulika Mitra)
CS 153 Design of Operating Systems Winter 2016 Lecture 7: Synchronization.
Agenda  Quick Review  Finish Introduction  Java Threads.
Testing Concurrent Programs Sri Teja Basava Arpit Sud CSCI 5535: Fundamentals of Programming Languages University of Colorado at Boulder Spring 2010.
Tuning Threaded Code with Intel® Parallel Amplifier.
Jeremy Nimmer, page 1 Automatic Generation of Program Specifications Jeremy Nimmer MIT Lab for Computer Science Joint work with.
CSE 120 Principles of Operating
Background on the need for Synchronization
CS533 Concepts of Operating Systems Class 3
CS703 - Advanced Operating Systems
runtime verification Brief Overview Grigore Rosu
Specifying Multithreaded Java semantics for Program Verification
Threads and Memory Models Hal Perkins Autumn 2011
Changing thread semantics
Atomicity in Multithreaded Software
Threads and Memory Models Hal Perkins Autumn 2009
CS533 Concepts of Operating Systems Class 3
CSE 451: Operating Systems Winter 2007 Module 6 Synchronization
CSE 451: Operating Systems Autumn 2004 Module 6 Synchronization
CSE 451: Operating Systems Autumn 2003 Lecture 7 Synchronization
CSE 451: Operating Systems Autumn 2005 Lecture 7 Synchronization
CSE 451: Operating Systems Winter 2004 Module 6 Synchronization
CSE 451: Operating Systems Winter 2003 Lecture 7 Synchronization
CSE 153 Design of Operating Systems Winter 19
CSE 153 Design of Operating Systems Winter 2019
CSE 451: Operating Systems Spring 2008 Module 7 Synchronization
CSE 451: Operating Systems Winter 2007 Module 6 Synchronization
CSE 451: Operating Systems Autumn 2009 Module 7 Synchronization
CSE 153 Design of Operating Systems Winter 2019
CSE 451: Operating Systems Spring 2007 Module 7 Synchronization
Presentation transcript:

Taming Win32 Threads with Static Analysis Jason Yang Program Analysis Group Center for Software Excellence (CSE) Microsoft Corporation

CSE Program Analysis Group Technologies – PREfix, SAL, ESP, EspX, EspC, … Defect detection tools – Buffer overrun, Null deref, SQL injection, programmable specification checker, concurrency, …

The Esp Analysis Platform Analysis Engine and Libraries (Path Refutation, Alias Analysis …) CFG; Error Reporting and Suppression; Pattern Matching (OPAL) IR Analysis Clients/Specs C/C++/SAL Front End MSIL TSQL JavaScript SecurityConcurrencyTypestate

Locking Problems Insufficient lock protection Lock order violation Forgetting to release Ownership violation No-suspend guarantee violation UI thread blocking due to SendMessage And more …

Win32 Multithreading: Plenty of Challenges Rich set of lock primitives – Critical Section, Mutex, Event, Semaphore, … “Free-style” acquire/release – Not syntactically scoped Implicit blocking semantics – SendMessage, LoaderLock, … How to ensure the intended locking discipline? – Who guards what, who needs to acquire, lock order, …

Central Issue: Locking Disciplines Essential for avoiding threading errors Surprisingly hard to enforce in practice – “We have a set of locking conventions to follow” – “They are informally documented” – “We don’t have a way to check against the violations”

Checking Concurrency Properties via Sequential Analysis Insight: Developers mostly reason about concurrent code “sequentially” following locking disciplines Approach: Mimic developer’s reasoning – Track locking behavior via sequential analysis – Simulate interleaving effects afterwards

EspC Concurrency Toolset Global lock analysis – Global EspC Concurrency annotation – Concurrency SAL Local lock analysis – EspC Lock annotation inference – CSALInfer

Global EspC Global lock analyzer – Deadlock detection – Code mining Based on ESP – Inter-procedural analysis with function summaries – Path-sensitive, context-sensitive – Selective merge on dataflow facts – Symbolic simulation for path feasibility “Understands” Win32 threading semantics – Use OPAL specification to capture Win32 locking APIs

10 Phase 1: Lock Sequence Computation Start from root functions Track lock sequences at each program point Do not merge if lock sequences are different Identify locks syntactically based on their types

Phase 2: Defect Detection Deadlock detection – Cyclic locking  deadlock! Race detection – Insufficient locking  race condition! Lock misuse patterns – E.g., exit while holding a lock  orphaned lock!

Concurrency SAL Extension to SAL – Covers concurrency properties Example lock annotations – Lock/data protection relation: __guarded_by(cs) int balance; – Caller/callee locking responsibility: __requires_lock_held(cs) void Deposit (int amount); – Locking side effect: __acquires_lock(cs) void Enter();__releases_lock(cs) void Leave(); – Lock acquisition order: __lock_level_order(TunnelLockLevel, ChannelLockLevel); – Threading context: __no_competing_thread void Init();

CSALInfer Concurrency SAL inference engine Statistics-based inference for in-scope locks – Tracks lock statistics for accessing shared variables – Computes “dominant lock” for shared variable Constraint-based inference for out-of-scope locks – Generates constraints based on locking events – Translates constraints to propositional formula – Solves constraints via SAT solving Heuristics-based inference – Looks for strong evidence along a path

EspC Local static lock analyzer – Understands lock annotations – Check violations of Concurrency SAL Runs on developer’s desktop – PREfast plugin

Subset of EspC Warnings 26100: EspC: race condition. Variable ‘VarExpr’ should be protected by ‘LockExpr’ : EspC: caller failing to hold ‘LockExpr’ before calling ‘FunctionName’ : EspC: caller failing to release ‘LockExpr’ before calling ‘FunctionName’ : EspC: caller cannot hold any lock before calling ‘FuncName’ : EspC: failing to release ‘LockExpr’ in ‘FunctionName’ : EspC: failing to acquire or to hold ‘LockExpr’ in ‘FunctionName’ : EspC: releasing unheld lock ‘LockExpr’ in ‘FunctionName’ : EspC: error in Concurrency SAL annotation. 15

Summary Covers a variety of concurrency issues – Deadlocks – Race conditions – Win32 locking errors – Atomicity violations Tackles from different angles – Global analysis: Global EspC – Annotations: Concurrency SAL – Local analysis: EspC – Annotation inference: CSALInfer

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.