segunda-feira, 8 de janeiro de 2018

Static Analysis: FB Infer static analyzer now ships with RacerD for detecting race conditions (which are multi-threading issues)

Ah well, it feels good when big companies give back?... Maybe. Could be better. But this is better than nothing. :)

Facebook open-sourced Infer, a static analysis tool it uses for itself and now it ships with RacerD for detecting race conditions (as a code review bot). Sample code for detectable situations can be found here:
About the FB Infer static analysis tool:

Quoting (the first link):
"Facebook’s open-source static analysis tool, Infer, now ships with support for detecting race conditions in Java code via RacerD. RacerD identifies race conditions between methods in classes that use locks or the @ThreadSafe annotation.

Facebook has used RacerD in its own production code for the last year identifying more than 1,000 multi-threading issues, all before code ever reached production. This concurrency checking capability is now available to Java developers who use Infer to detect bugs in Java code.

A race condition is a type of concurrency error or bug that occurs when two threads operate on the same object without proper synchronization, causing their executions to overlap each other, and at least one of the accesses is a write. Concurrency issues are hard to debug and even harder to reproduce after encountered.

RacerD performs fast, useful concurrency analysis at scale. RacerD is fast because it doesn't try to check an entire code base for concurrency issues; it only examines the code that it believes can be run concurrently.

RacerD identifies code that can run concurrently by looking for classes, methods, and interfaces that have been explicitly annotated with the @ThreadSafe annotation or that create a lock via the synchronized keyword. When a class or interface is annotated with @ThreadSafe, all subclasses of the class/implementation are also evaluated. To increase code coverage with RacerD, additional optional annotations may be useful: @ThreadConfined, @Functional, @ReturnsOwnership, or @VisibleForTesting."
(...)

Situations not detected (quoting): 
"RacerD is currently limited to checking for data races only;
  • it doesn't check for other concurrency issues like deadlock and atomicity
RacerD also misses data races that are due to:
  • aliasing
  • locally declared objects escaping its scope
  • accesses protected by different locks
  • local objects containing non-owned objects
  • weak memory and Java’s volatile keyword"