Multi-threading is essential
Computing hardwares have been moving to multiple cores for quite some time. Today most phones in our pocket have 2~8 cores, a cluster in a HPC setting can have a few hundreds cores, and a typical GPU has thousands of cores and is capable of running tens of thousands threads simultaneously. To take advantage of these hardwares, most software programs already use multi-threading, especially those care about performance. Simply using the "Activity Monitor" or "Task Manager" on your personal computer to get a sense of how prevalent popular programs use multi-threading.
Multi-threading is prone to errors
One big challenge in writing multi-threaded software is to ensure threads working with each other correctly, otherwise one can end up with unexplained crashes, poor performance, incorrect results and security vulnerabilities. This is because without correct synchronization multiple threads can update shared data at the same time and the order of their execution is unpredictable. Exponential possibilities of interlacing between multiple threads quickly go beyond what a human brain can handle.
Multi-threading errors are difficult to detect and debug
Multi-threaded bugs are notoriously difficult to detect and debug because they depend on specific timings and sequences to manifest, and test cases are not reliable in covering these specific timings and sequences. To make things even worse, trying to debug can change the timing and sequence, and prevent these issues from occurring.
Existing tools are INADEQUATE
A common practice to deal with multi-threaded bugs is stress testing, but because interlacing space is astronomical, stress tests usually can cover only a fraction of the space. Another group of tools commonly used is dynamic debugging tools, but detection can depend on the specific thread and input configurations, often practically infeasible. In addition, such method maybe able to show the existence of an issue, but usually can't pinpoint the cause.
THE STATE OF MULTITHREADING SOFTWARE
Large number of vulnerabilities continue to be discovered in production software, and are likely only the tip of the iceberg. Multithreaded bugs have caused significant damages in the past, and are expected to, unfortunately, continue to lead to losses and security breaches.
how Coderrect can help
We make sophisticated tools to provide peace of mind and ease of development
Automatically find multi-threaded issues, including security ones e.g. TOCTOU. Shift-Left your development of multi-threaded software, enable quick and low cost development iterations.
A slow detector is of little practical use, so we built Coderrect Scanner to be super fast
Sophisticated and cutting edge algorithms find the most critical concurrency bugs
Designed for large and complex software, and scalable for very large code bases
Easy to Use
Very easy to install and use, much like a "build" command
Provides stack traces and other information to verify and correct the issues identified
Easily integrated into CI pipelines including Jenkins, Github, etc.
The Highest Overall Score
in Both C/C++ and Fortran
as evaluated by
Coderrect Scanner is now admitted to DataRaceBench ("DRB") by Lawrence Livermore National Laboratory. Powered by a groundbreaking static analysis technique, Coderrect Scanner achieves the highest overall score in both C/C++ and Fortran, advancing other tools including Intel Inspector & Google ThreadSanitizer.
It is worth noting that Coderrect Scanner is the only static analyzer in the group of tools evaluated by DRB. Unlike dynamic tools, Coderrect covers all code bases and code paths, without the need to execute the program being tested and does not rely on the coverage of test inputs, which is a significant challenge in real world testing.