MagicDetector: A Precise and Scalable Static Deadlock Detector for C/C++ Programs

Abstract

Existing static deadlock detectors suffer from either lack of precise interprocedural path- and context-sensitive analysis or lack of scalability. In addition, they only take a few of synchronous events into account and suffer from the lack of a united method to handle different synchronization events. To address these problems, we first present a static interprocedural analysis algorithm, named mixed procedure inlining and summary-based analysis (MPISBA), to produce feasible execution traces in C/C++ programs. The functions which call function pointers or virtual functions are considered as inlining functions to figure out callees in different context. Path-sensitive symbolic execution is also used by MPISBA to track synchronization events in different program paths guarded by path conditions. In order to do interprocedural context-sensitive analysis and avoid function re-analysis, the proposed algorithm generates a summary for each function and applies the summary at the function’s call sites. Based on feasible execution traces in program, a translation algorithm called generic synchronization event translation is proposed to translate different synchronization events into unified Petri nets. A prototype detector named MagicDetector is implemented for these procedures. A suite of open-source and large-scale softwares are used to validate MagicDetector, and comparisons are made among JDAE, Magiclock, DADCP and MagicDetector. Experimental results demonstrate that MagicDetector scales well to programs with 2M lines of codes and is more precise than previous detectors, finding more real deadlocks and reporting less false positives.