Efficient and Safe Multithreaded C Programming with the Ivy Compiler

Due to the high degree of control and performance that it affords, programmers use the C language for writing low-level systems software. That it is difficult to write programs in C is not a problem in and of itself; modern languages deal with its safety issues through carefully designed language features, programming interfaces, and runtime environments. However, due to the amount and complexity of existing C code, rewriting all of it in modern languages is likely infeasible. Further, the absence of a modern replacement for C having all of its advantages entails that it will continue to be used to create new software for the foreseeable future.

The goal of the Ivy compiler is to provide an evolutionary pathway from C to a language with stronger safety guarantees. Because rewriting software all-at-once is not an option, the design philosophy of Ivy is to provide ways for the programmer to transition software in a modular fashion from C to a language with the desired safety guarantees. Given these requirements, Ivy provides memory- and type-safety to sequential programs with two components, one called Deputy, and the other called Heapsafe. However, Deputy and Heapsafe are unsound when faced with multithreaded programs.

In this talk I will present SharC, an extension to Ivy that provides for safe concurrent programming in C. SharC allows programmers to declare how objects in multi-threaded programs are shared among threads. It then uses a combination of static and dynamic analysis to enforce these “sharing modes.” Additionally, since objects in programs can go through several phases, SharC allows programmers to declare where the sharing mode of an object changes, and it checks that these operations are safe. We have evaluated our implementation of SharC on over 1.5 million lines of application and benchmark code, and observed manageable overheads both in terms of performance and programmer effort.