TY - CONF T1 - Dynamically checking ownership policies in concurrent c/c++ programs T2 - Proceedings of the 37th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages Y1 - 2010 A1 - Martin,Jean-Phillipe A1 - Hicks, Michael W. A1 - Costa,Manuel A1 - Akritidis,Periklis A1 - Castro,Miguel KW - concurrency KW - Debugging KW - Dynamic analysis KW - Security KW - Testing KW - tools AB - Concurrent programming errors arise when threads share data incorrectly. Programmers often avoid these errors by using synchronization to enforce a simple ownership policy: data is either owned exclusively by a thread that can read or write the data, or it is read owned by a set of threads that can read but not write the data. Unfortunately, incorrect synchronization often fails to enforce these policies and memory errors in languages like C and C++ can violate these policies even when synchronization is correct. In this paper, we present a dynamic analysis for checking ownership policies in concurrent C and C++ programs despite memory errors. The analysis can be used to find errors in commodity multi-threaded programs and to prevent attacks that exploit these errors. We require programmers to write ownership assertions that describe the sharing policies used by different parts of the program. These policies may change over time, as may the policies' means of enforcement, whether it be locks, barriers, thread joins, etc. Our compiler inserts checks in the program that signal an error if these policies are violated at runtime. We evaluated our tool on several benchmark programs. The run-time overhead was reasonable: between 0 and 49% with an average of 26%. We also found the tool easy to use: the total number of ownership assertions is small, and the asserted specification and implementation can be debugged together by running the instrumented program and addressing the errors that arise. Our approach enjoys a pleasing modular soundness property: if a thread executes a sequence of statements on variables it owns, the statements are serializable within a valid execution, and thus their effects can be reasoned about in isolation from other threads in the program. JA - Proceedings of the 37th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages T3 - POPL '10 PB - ACM CY - New York, NY, USA SN - 978-1-60558-479-9 UR - http://doi.acm.org/10.1145/1706299.1706351 M3 - 10.1145/1706299.1706351 ER -