Presentation is loading. Please wait.

Presentation is loading. Please wait.

Taming Win32 Threads with Static Analysis Jason Yang Program Analysis Group Center for Software Excellence (CSE) Microsoft Corporation.

Published byEustace Goodman Modified over 9 years ago

Similar presentations

Presentation on theme: "Taming Win32 Threads with Static Analysis Jason Yang Program Analysis Group Center for Software Excellence (CSE) Microsoft Corporation."— Presentation transcript:

1 Taming Win32 Threads with Static Analysis Jason Yang Program Analysis Group Center for Software Excellence (CSE) Microsoft Corporation

2 CSE Program Analysis Group Technologies – PREfix, SAL, ESP, EspX, EspC, … Defect detection tools – Buffer overrun, Null deref, SQL injection, programmable specification checker, concurrency, … http://www.microsoft.com/windows/cse/pa_home.mspx

3 The Esp Analysis Platform Analysis Engine and Libraries (Path Refutation, Alias Analysis …) CFG; Error Reporting and Suppression; Pattern Matching (OPAL) IR Analysis Clients/Specs C/C++/SAL Front End MSIL TSQL JavaScript SecurityConcurrencyTypestate

4 Locking Problems Insufficient lock protection Lock order violation Forgetting to release Ownership violation No-suspend guarantee violation UI thread blocking due to SendMessage And more …

5 Win32 Multithreading: Plenty of Challenges Rich set of lock primitives – Critical Section, Mutex, Event, Semaphore, … “Free-style” acquire/release – Not syntactically scoped Implicit blocking semantics – SendMessage, LoaderLock, … How to ensure the intended locking discipline? – Who guards what, who needs to acquire, lock order, …

6 Central Issue: Locking Disciplines Essential for avoiding threading errors Surprisingly hard to enforce in practice – “We have a set of locking conventions to follow” – “They are informally documented” – “We don’t have a way to check against the violations”

7 Checking Concurrency Properties via Sequential Analysis Insight: Developers mostly reason about concurrent code “sequentially” following locking disciplines Approach: Mimic developer’s reasoning – Track locking behavior via sequential analysis – Simulate interleaving effects afterwards

8 EspC Concurrency Toolset Global lock analysis – Global EspC Concurrency annotation – Concurrency SAL Local lock analysis – EspC Lock annotation inference – CSALInfer

9 Global EspC Global lock analyzer – Deadlock detection – Code mining Based on ESP – Inter-procedural analysis with function summaries – Path-sensitive, context-sensitive – Selective merge on dataflow facts – Symbolic simulation for path feasibility “Understands” Win32 threading semantics – Use OPAL specification to capture Win32 locking APIs

10 10 Phase 1: Lock Sequence Computation Start from root functions Track lock sequences at each program point Do not merge if lock sequences are different Identify locks syntactically based on their types

11 Phase 2: Defect Detection Deadlock detection – Cyclic locking  deadlock! Race detection – Insufficient locking  race condition! Lock misuse patterns – E.g., exit while holding a lock  orphaned lock!

12 Concurrency SAL Extension to SAL – Covers concurrency properties Example lock annotations – Lock/data protection relation: __guarded_by(cs) int balance; – Caller/callee locking responsibility: __requires_lock_held(cs) void Deposit (int amount); – Locking side effect: __acquires_lock(cs) void Enter();__releases_lock(cs) void Leave(); – Lock acquisition order: __lock_level_order(TunnelLockLevel, ChannelLockLevel); – Threading context: __no_competing_thread void Init();

13 CSALInfer Concurrency SAL inference engine Statistics-based inference for in-scope locks – Tracks lock statistics for accessing shared variables – Computes “dominant lock” for shared variable Constraint-based inference for out-of-scope locks – Generates constraints based on locking events – Translates constraints to propositional formula – Solves constraints via SAT solving Heuristics-based inference – Looks for strong evidence along a path

14 EspC Local static lock analyzer – Understands lock annotations – Check violations of Concurrency SAL Runs on developer’s desktop – PREfast plugin

15 Subset of EspC Warnings 26100: EspC: race condition. Variable ‘VarExpr’ should be protected by ‘LockExpr’. 26110: EspC: caller failing to hold ‘LockExpr’ before calling ‘FunctionName’. 26111: EspC: caller failing to release ‘LockExpr’ before calling ‘FunctionName’. 26112: EspC: caller cannot hold any lock before calling ‘FuncName’. 26115: EspC: failing to release ‘LockExpr’ in ‘FunctionName’. 26116: EspC: failing to acquire or to hold ‘LockExpr’ in ‘FunctionName’. 26117: EspC: releasing unheld lock ‘LockExpr’ in ‘FunctionName’. 26140: EspC: error in Concurrency SAL annotation. 15

16 Summary Covers a variety of concurrency issues – Deadlocks – Race conditions – Win32 locking errors – Atomicity violations Tackles from different angles – Global analysis: Global EspC – Annotations: Concurrency SAL – Local analysis: EspC – Annotation inference: CSALInfer

Download ppt "Taming Win32 Threads with Static Analysis Jason Yang Program Analysis Group Center for Software Excellence (CSE) Microsoft Corporation."

Similar presentations

Advanced programming tools at Microsoft

Advanced programming tools at Microsoft
Chapter 6: Process Synchronization

Chapter 6: Process Synchronization
© 2009 Matthew J. Sottile, Timothy G. Mattson, and Craig E Rasmussen 1 Concurrency in Programming Languages Matthew J. Sottile Timothy G. Mattson Craig.

© 2009 Matthew J. Sottile, Timothy G. Mattson, and Craig E Rasmussen 1 Concurrency in Programming Languages Matthew J. Sottile Timothy G. Mattson Craig.
The Path to Multi-core Tools Paul Petersen. Multi-coreToolsThePathTo 2 Outline Motivation Where are we now What is easy to do next What is missing.

The Path to Multi-core Tools Paul Petersen. Multi-coreToolsThePathTo 2 Outline Motivation Where are we now What is easy to do next What is missing.
1/25 Concurrency and asynchronous computing How do we deal with evaluation when we have a bunch of processors involved?

1/25 Concurrency and asynchronous computing How do we deal with evaluation when we have a bunch of processors involved?
Operating Systems ECE344 Ding Yuan Synchronization (I) -- Critical region and lock Lecture 5: Synchronization (I) -- Critical region and lock.

Operating Systems ECE344 Ding Yuan Synchronization (I) -- Critical region and lock Lecture 5: Synchronization (I) -- Critical region and lock.
/ PSWLAB RacerX: Effective, Static Detection of Race Conditions and Deadlocks by Dawson Engler & Ken Ashcraft (published in SOSP03) Hong,Shin.

/ PSWLAB RacerX: Effective, Static Detection of Race Conditions and Deadlocks by Dawson Engler & Ken Ashcraft (published in SOSP03) Hong,Shin.
Atomicity in Multi-Threaded Programs Prachi Tiwari University of California, Santa Cruz CMPS 203 Programming Languages, Fall 2004.

Atomicity in Multi-Threaded Programs Prachi Tiwari University of California, Santa Cruz CMPS 203 Programming Languages, Fall 2004.
/ PSWLAB Atomizer: A Dynamic Atomicity Checker For Multithreaded Programs By Cormac Flanagan, Stephen N. Freund 24 th April, 2008 Hong,Shin.

/ PSWLAB Atomizer: A Dynamic Atomicity Checker For Multithreaded Programs By Cormac Flanagan, Stephen N. Freund 24 th April, 2008 Hong,Shin.
CS 263 Course Project1 Survey: Type Systems for Race Detection and Atomicity Feng Zhou, 12/3/2003.

CS 263 Course Project1 Survey: Type Systems for Race Detection and Atomicity Feng Zhou, 12/3/2003.
Summarizing Procedures in Concurrent Programs Shaz Qadeer Sriram K. Rajamani Jakob Rehof Microsoft Research.

Summarizing Procedures in Concurrent Programs Shaz Qadeer Sriram K. Rajamani Jakob Rehof Microsoft Research.
Transaction Processing Lecture 2005 09 22 ACID 2 phase commit.

Transaction Processing Lecture ACID 2 phase commit.
C. FlanaganSAS’04: Type Inference Against Races1 Type Inference Against Races Cormac Flanagan UC Santa Cruz Stephen N. Freund Williams College.

C. FlanaganSAS’04: Type Inference Against Races1 Type Inference Against Races Cormac Flanagan UC Santa Cruz Stephen N. Freund Williams College.
Modular Verification of Multithreaded Software Shaz Qadeer Compaq Systems Research Center Shaz Qadeer Compaq Systems Research Center Joint work with Cormac.

Modular Verification of Multithreaded Software Shaz Qadeer Compaq Systems Research Center Shaz Qadeer Compaq Systems Research Center Joint work with Cormac.
CS444/CS544 Operating Systems Synchronization 2/21/2007 Prof. Searleman

CS444/CS544 Operating Systems Synchronization 2/21/2007 Prof. Searleman
Lock Inference for Systems Software John Regehr Alastair Reid University of Utah March 17, 2003.

Lock Inference for Systems Software John Regehr Alastair Reid University of Utah March 17, 2003.
Houdini: An Annotation Assistant for ESC/Java Cormac Flanagan and K. Rustan M. Leino Compaq Systems Research Center.

Houdini: An Annotation Assistant for ESC/Java Cormac Flanagan and K. Rustan M. Leino Compaq Systems Research Center.
Synchronization in Java Fawzi Emad Chau-Wen Tseng Department of Computer Science University of Maryland, College Park.

Synchronization in Java Fawzi Emad Chau-Wen Tseng Department of Computer Science University of Maryland, College Park.
Software Excellence via Program Verification at Microsoft Manuvir Das Center for Software Excellence Microsoft Corporation.

Software Excellence via Program Verification at Microsoft Manuvir Das Center for Software Excellence Microsoft Corporation.
CS533 Concepts of Operating Systems Class 3 Monitors.

CS533 Concepts of Operating Systems Class 3 Monitors.

Similar presentations

Ads by Google