2012
By Dean Sutherland
Senior Member of the Technical Staff
The CERT Program
Many
modern software systems employ shared-memory multi- threading and are
built using software components, such as libraries and frameworks.
Software developers must carefully control the interactions between
multiple threads as they execute within those components. To manage this
complexity, developers use information hiding to treat components as
“black boxes” with known interfaces that explicitly specify all
necessary preconditions and postconditions of the design contract, while
using an appropriate level of abstraction to hide unnecessary detail.
Many software component interfaces, however, lack explicit specification
of thread-related preconditions. Without these specifications,
developers must assume what the missing preconditions might be, but such
assumptions are often incorrect. Failure to comply with the actual
thread-related preconditions can yield subtle and pernicious errors
(such as state corruption, deadlock, and security vulnerabilities) that
are intermittent and hard to diagnose. This blog post, the first in a
series, describes our ongoing research towards solving this problem for a
variety of languages, including Java and C11.
As noted in the National Research Council’s report 
Recent Comments