Hindawi Publishing Corporation International Journal of Distributed Sensor Networks Volume 2013, Article ID 953593, 14 pages http://dx.doi.org/10.1155/2013/953593 Research Article Verification of Data Races in Concurrent Interrupt Handlers Guy Martin Tchamgoue, Kyong Hoon Kim, and Yong-Kee Jun Department of Informatics, Gyeongsang National University, 660-701 Jinju, Republic of Korea Correspondence should be addressed to Yong-Kee Jun; jun@gnu.ac.kr Received 22 May 2013; Accepted 11 September 2013 Academic Editor: Tai-hoon Kim Copyright © 2013 Guy Martin Tchamgoue et al. Tis is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. Data races are common in interrupt-driven programs and have already led to well-known real-world problems. Unfortunately, existing dynamic tools for reporting data races in interrupt-driven programs are not only unsound, but they also fail to verify the existence of data races in such programs. Tis paper presents an efcient and scalable on-the-fy technique that precisely detects, without false positives, apparent data races in interrupt-driven programs. Te technique combines a tailored lightweight labeling scheme to maintain logical concurrency between the main program and every instance of its interrupt handlers with a precise detection protocol that analyzes conficting shared memory accesses by storing at most two accesses for each shared variable. We implemented a prototype of this technique, called iRace, on top of the Avrora simulation framework. An empirical evaluation of iRace revealed the presence of data races in some existing TinyOS components and applications with a worst-case slowdown of only about 6 times on average and an increased average memory consumption of only about 20% in comparison with the original program execution. Te evaluation also proved that the labeling scheme alone generates an average runtime overhead of only about 0.4x while consuming only about 12% more memory than the original program execution. 1. Introduction Asynchronous interrupt handling is a common mechanism in various cyber-physical systems including sensor networks, avionics, and automotive systems, or various medical devices. However, such interrupt-driven applications are hard to be thoroughly tested and debugged since they have to deal with external asynchronous interrupts that exponentially increase the number of their execution paths at runtime. Moreover, asynchronous interrupts introduce fne-grained concurrency into interrupt-driven programs making them prone to data races [1, 2] which occur when two threads access a shared memory location without proper synchronization, and at least one of the accesses is a write. Data races in interrupt-driven programs have already led to real-world problems like the well-known accident of the Terac-25 [3] where, as the result of a data race caused by the keyboard interrupt handler, many people received fatal radiation doses. Another example of data race is certainly the GE XA/21 bug [4] that, in August 2003, caused a total blackout for about 50 million people in the Northeast United States and Canada. It becomes therefore crucial to precisely detect data races ahead of the exploitation phase. Data races are ofen classifed into feasible data races that are data races based on the possible behavior of a program and apparent data races, which are defned in the context of a specifc program execution [2]. Apparent data races which are only based on the behavior of the explicit synchronization in a program, represent an approximation of the feasible data races that are the real data races that might happen in any specifc execution of the program. Apparent data races are less accurate but easier to detect than feasible data races, whose detection has been proven NP-hard [2]. Few dynamic race detectors [5, 6] have recently been pro- posed for detecting data races in interrupt-driven programs. However, legacy race detectors for multithreaded programs [7–9] are very intrusive and cannot directly be applied to interrupt-driven due not only to diferences between the programming models, but also to the high overhead they incur. Tus, Lee et al. [6] proposed to convert an interrupt- driven program into a corresponding multithreaded program and to use an existing dynamic race detection tool to detect data races into the newly generated program. Tis technique fails to capture the semantics of interrupts and incurs high space and time overheads due to the use of tools basically