SHM Racer : dynamic race condition detection using shared memory traps
This project investigated different types of data races that can exist within C code, and then incrementally built a race condition detector, SHM Racer, using an assortment of thread safety violation/data race violation detection methods. The objective of this report was to demonstrate the tradeoffs/benefits of certain race condition finding tools, and construct a tool that could minimize false positive race errors while maximizing the number of found data races. Race condition detection using static analysis can log false positives/false negatives due to a missed understanding of complex synchronization patterns. Dynamic analysis can often minimize false positives, but its ability to slow runtime performance can make this type of analysis impractical. The decided approach was to develop SHM Racer: a shared memory library that provides a shared memory access interface to multiple threads. SHM Racer would also use its knowledge of thread contexts and near-miss analysis data to dynamically modify its shared memory response performance with the intent of expanding critical sections. The aim of this approach was to increase the likelihood of race condition occurrence without significantly altering runtime performance. Test observations demonstrated that while expanding critical sections does increase the probability of detecting data races without producing false positives, there are significant performance/race condition detection impacts if the critical sections are expanded without accommodating for happens-before and already found race errors. Using a combination of near miss analysis and dangerous pair pruning, there was an observable performance improvement in analyzed code performance. However, while there were no false positives detected by SHM Racer, there were still missed race violations due to the tool’s effects on thread synchronization patterns. Even though SHM Racer did miss finding race violations, its false positive minimization and configurable delay thresholds make it very effective at catching basic data races without having to learn synchronization patterns.