1 \section{Dynamic Analysis Tools}
2 \label{sec:dynamicanalysis}
4 Data races and invalid memory accesses are some of the most common and
5 difficult to debug errors that may occur in concurrent C code.
6 We developed dynamic analysis tools that run on top of the QEMU
7 system emulator~\cite{Bellard2005QEMU} to help detect these mistakes.
8 Since these tools do not require additional support from the Pintos kernel,
9 students can use them without complicating their code.
11 Data races are found by using a semaphore-aware modification of the RaceTrack algorithm~\cite{Yu2005RaceTrack}.
12 Calls to Pintos's synchronization primitives are instrumented at runtime to track every thread's data
13 sharing pattern. Meanwhile, every memory access records synchronization information to shadow memory
14 maintained by the analysis tool. When the synchronization information for a memory address
15 indicates that a data race occurred, a report including heap information for the data location and the
16 call stacks for the racing threads is generated.
18 Invalid memory accesses, such as a read from newly allocated but uninitialized data, are detected by
19 tracking all memory accesses. Heap allocation calls are instrumented to map a range of addresses as
20 uninitialized. When data is written to a memory address, it is marked as initialized. If an address
21 marked as uninitialized is read from, an error is reported.
22 %cfl: and the address is marked as uninitialized to mask spurious reports.
23 % More sophisticated analysis may be implemented in the future.
25 Each of our tools presents students with one or more concrete backtraces that
26 show where the error occurred, which not only helps students debug their code,
27 but makes the concept of race conditions more concrete.
projects / pintos-anon / blob