Efficient Data-Race Detection with Dynamic Symbolic Execution

This paper presents data race detection using dy-namic symbolic execution and hybrid lockset / happens-beforeanalysis. Symbolic execution is used to explore the execution treeof multi-threaded software for FIFO scheduling on a single CPUcore. Compared to exploring the joint scheduling and executiontree, the combinatorial explosion is drastically reduced.An SMTsolver is used to control a debugger’s machine interface foradap-tive dynamic instrumentation to drive program execution intodesired paths. Data races are detected in concrete execution withavailable static binary instrumentation using hybrid analysis.State interpolation using unsatisfiable cores is employed for pathpruning, to avoid exploration of paths that do not contribute toincreasing branch coverage. An implementation in Eclipse CDTis described and evaluated with data race test cases from theJuliet C/C++ test suite for program analyzers.Index Terms—race detection; symbolic execution; interpola-tion; branch coverage.