• ThreadSafetyAnnotation

Thread Safety Annotations and Analysis

Background

Multi-threading is an increasingly important technique to boost performance on multi-core/multiprocessor systems. Unfortunately, multi-threaded programming is hard: timing-dependent bugs, such as data races and deadlocks, are very difficult to expose in testing and hard to reproduce and isolate once discovered. Proper documentation of synchronization policies and thread safety guarantees is probably one of the most useful techniques to manage multi-threaded code and avoid concurrency bugs. In practice, programmers' intended synchronization policies, such as lock acquisition order and lock requirement for shared variables and functions, are often documented in comments. Comments help maintainers avoid introducing errors, but it is hard for program analysis tools to use the information to tell programmers when they have violated their synchronization policies and identify potential thread safety issues. Therefore this project creates program annotations for C/C++ to help developers document locks and how they need to be used to safely read and write shared variables. We design and implement a new GCC pass that uses the annotations to identify and warn about the issues that could potentially result in race conditions and deadlocks.

Design Doc

This document describes the proposed design. All the work is being done on the SVN branch thread-annotations.

We are also working on emitting the annotations in DWARF format in the binary files so that other dynamic/static analysis tools can make use of the information. The design doc of the new DWARF extension is located here.

Branch Status (updated 2009-03-09)

• Sync'ed up with mainline at revision 144727 and committed at revision 144735 on 2009-03-09.
• Enhanced the attribute support to allow multiple lock attributes of the same type to be applied to a declaration (submitted at revision 144721) on 2009-03-08.
• Fixed issues in handling locks defined in base classes and the base object of a method call at revision 144657 on 2009-03-05.
• Fixed an issue in handling annotations on template member functions in non-template classes at revision 143528 on 2009-01-20.
• Fixed an issue where the analysis would mistakenly consider the same lock field of two different objects identical and emit bogus warnings (or omit necessary warnings) at revision 143179 on 2009-01-07.

• Fix for an issue in handling lockable objects wrapped in smart pointers after merging from the trunk (on which a call to an overloaded 'operator->' is now represented as an 'operator.' in tree IR) was committed at revision 142824.

• Committed major enhancements and bug fixes on 2008-12-17 at revision 142800.
• Migrated the support for thread-safety analysis to the new GIMPLE tuple IR and fixed an issue in the analysis of "point_to_guarded_by" attribute when it is applied to class members. The patch was committed on 2008-09-02 at revision r139925.
• Fixes for two thread safety analysis issues (along with new tests) were committed on 2008-08-05 at revision r138754.
• Fixes for the compilation warnings due to the use of "-Wcast-qual -Wc++-compat" flags were commited on 2008-07-02 at revision r137398.
• A set of new test cases were committed to the branch on 2008-06-18 at revision r136900.
• Initial implementation was committed to the branch on 2008-06-17 at revision r136875.

• The branch thread-annotations was created on 2008-06-16 out of trunk at revision r136849.

To run the thread safety annotation specific test cases, do the following

$ make check-gcc RUNTESTFLAGS="dg.exp=thread_annot*"

When submitting patches to this branch, use the tag [thread-annotations] in the subject line.

Contact

The thread-annotations branch is currently maintained by Le-Chun Wu.