1,492 research outputs found
Sound Static Deadlock Analysis for C/Pthreads (Extended Version)
We present a static deadlock analysis approach for C/pthreads. The design of
our method has been guided by the requirement to analyse real-world code. Our
approach is sound (i.e., misses no deadlocks) for programs that have defined
behaviour according to the C standard, and precise enough to prove
deadlock-freedom for a large number of programs. The method consists of a
pipeline of several analyses that build on a new context- and thread-sensitive
abstract interpretation framework. We further present a lightweight dependency
analysis to identify statements relevant to deadlock analysis and thus speed up
the overall analysis. In our experimental evaluation, we succeeded to prove
deadlock-freedom for 262 programs from the Debian GNU/Linux distribution with
in total 2.6 MLOC in less than 11 hours
A Study of Concurrency Bugs and Advanced Development Support for Actor-based Programs
The actor model is an attractive foundation for developing concurrent
applications because actors are isolated concurrent entities that communicate
through asynchronous messages and do not share state. Thereby, they avoid
concurrency bugs such as data races, but are not immune to concurrency bugs in
general. This study taxonomizes concurrency bugs in actor-based programs
reported in literature. Furthermore, it analyzes the bugs to identify the
patterns causing them as well as their observable behavior. Based on this
taxonomy, we further analyze the literature and find that current approaches to
static analysis and testing focus on communication deadlocks and message
protocol violations. However, they do not provide solutions to identify
livelocks and behavioral deadlocks. The insights obtained in this study can be
used to improve debugging support for actor-based programs with new debugging
techniques to identify the root cause of complex concurrency bugs.Comment: - Submitted for review - Removed section 6 "Research Roadmap for
Debuggers", its content was summarized in the Future Work section - Added
references for section 1, section 3, section 4.3 and section 5.1 - Updated
citation
Type Inference for Deadlock Detection in a Multithreaded Polymorphic Typed Assembly Language
We previously developed a polymorphic type system and a type checker for a
multithreaded lock-based polymorphic typed assembly language (MIL) that ensures
that well-typed programs do not encounter race conditions. This paper extends
such work by taking into consideration deadlocks. The extended type system
verifies that locks are acquired in the proper order. Towards this end we
require a language with annotations that specify the locking order. Rather than
asking the programmer (or the compiler's backend) to specifically annotate each
newly introduced lock, we present an algorithm to infer the annotations. The
result is a type checker whose input language is non-decorated as before, but
that further checks that programs are exempt from deadlocks
Testing of Concurrent Programs
Testing concurrent systems requires exploring all possible non-deterministic interleavings that the concurrent execution may have, as any of the interleavings may reveal erroneous behaviour. This introduces a new problem: the well-known state space problem, which is often computationally intractable. In the present thesis, this issue will be addressed through: (1) the development of new Partial-Order Reduction Techniques and (2) the combination of static analysis and testing (property-based testing) in order to reduce the combinatorial explosion. As a preliminary result, we have performed an experimental evaluation on the SYCO tool, a CLP-based testing framework for actor-based concurrency, where these techniques have been implemented. Finally, our experiments prove the effectiveness and applicability of the proposed techniques
Unveiling and Vanquishing Goroutine Leaks in Enterprise Microservices: A Dynamic Analysis Approach
Go is a modern programming language gaining popularity in enterprise
microservice systems. Concurrency is a first-class citizen in Go with
lightweight ``goroutines'' as the building blocks of concurrent execution. Go
advocates message-passing to communicate and synchronize among goroutines.
Improper use of message passing in Go can result in ``partial deadlocks'' , a
subtle concurrency bug where a blocked sender (receiver) never finds a
corresponding receiver (sender), causing the blocked goroutine to leak memory,
via its call stack and objects reachable from the stack.
In this paper, we systematically study the prevalence of message passing and
the resulting partial deadlocks in 75 million lines of Uber's Go monorepo
hosting over 2500 microservices. We develop two lightweight, dynamic analysis
tools: Goleak and LeakProf, designed to identify partial deadlocks. Goleak
detects partial deadlocks during unit testing and prevents the introduction of
new bugs. Conversely, LeakProf uses goroutine profiles obtained from services
deployed in production to pinpoint intricate bugs arising from complex control
flow, unexplored interleavings, or the absence of test coverage. We share our
experience and insights deploying these tools in developer workflows in a large
industrial setting. Using Goleak we unearthed 857 pre-existing goroutine leaks
in the legacy code and prevented the introduction of around 260 new leaks over
one year period. Using LeakProf we found 24 and fixed 21 goroutine leaks, which
resulted in up to 34% speedup and 9.2x memory reduction in some of our
production services.Comment: 11 pages, 6 figures, to be published in CGO 202
A Compositional Deadlock Detector for Android Java
We develop a static deadlock analysis for commercial Android Java applications, of sizes in the tens of millions of
LoC, under active development at Facebook. The analysis runs
primarily at code-review time, on only the modified code and
its dependents; we aim at reporting to developers in under 15
minutes.
To detect deadlocks in this setting, we first model the real
language as an abstract language with balanced re-entrant locks,
nondeterministic iteration and branching, and non-recursive
procedure calls. We show that the existence of a deadlock in this
abstract language is equivalent to a certain condition over the
sets of critical pairs of each program thread; these record, for all
possible executions of the thread, which locks are currently held
at the point when a fresh lock is acquired. Since the critical pairs
of any program thread is finite and computable, the deadlock
detection problem for our language is decidable, and in NP.
We then leverage these results to develop an open-source
implementation of our analysis adapted to deal with real Java
code. The core of the implementation is an algorithm which
computes critical pairs in a compositional, abstract interpretation
style, running in quasi-exponential time. Our analyser is built in
the INFER verification framework and has been in industrial
deployment for over two years; it has seen over two hundred
fixed deadlock reports with a report fix rate of ∼54%
Deadlock checking by a behavioral effect system for lock handling
AbstractDeadlocks are a common error in programs with lock-based concurrency and are hard to avoid or even to detect. One way for deadlock prevention is to statically analyze the program code to spot sources of potential deadlocks. Often static approaches try to confirm that the lock-taking adheres to a given order, or, better, to infer that such an order exists. Such an order precludes situations of cyclic waiting for each other’s resources, which constitute a deadlock.In contrast, we do not enforce or infer an explicit order on locks. Instead we use a behavioral type and effect system that, in a first stage, checks the behavior of each thread or process against the declared behavior, which captures potential interaction of the thread with the locks. In a second step on a global level, the state space of the behavior is explored to detect potential deadlocks. We define a notion of deadlock-sensitive simulation to prove the soundness of the abstraction inherent in the behavioral description. Soundness of the effect system is proven by subject reduction, formulated such that it captures deadlock-sensitive simulation.To render the state-space finite, we show two further abstractions of the behavior sound, namely restricting the upper bound on re-entrant lock counters, and similarly by abstracting the (in general context-free) behavioral effect into a coarser, tail-recursive description. We prove our analysis sound using a simple, concurrent calculus with re-entrant locks
Application of Deadlock Risk Evaluation of Architectural Models
Software architectural evaluation is a key discipline used to identify, at early stages of a real-time system (RTS) development, the problems that may arise during its operation. Typical mechanisms supporting concurrency, such as semaphores, mutexes or monitors, usually lead to concurrency problems in execution time that are difficult to be identified, reproduced and solved. For this reason, it is crucial to understand the root causes of these problems and to provide support to identify and mitigate them at early stages of the system lifecycle. This paper aims to present the results of a research work oriented to the development of the tool called ‘Deadlock Risk Evaluation of Architectural Models’ (DREAM) to assess deadlock risk in architectural models of an RTS. A particular architectural style, Pipelines of Processes in Object-Oriented Architectures–UML (PPOOA) was used to represent platform-independent models of an RTS architecture supported by the PPOOA –Visio tool. We validated the technique presented here by using several case studies related to RTS development and comparing our results with those from other deadlock detection approaches, supported by different tools. Here we present two of these case studies, one related to avionics and the other to planetary exploration robotics. Copyright © 2011 John Wiley & Sons, Ltd
- …