RacerF: Data Race Detection with Frama-C (Competition Contribution)

TL;DR

RacerF addresses data race detection in multithreaded C by performing sequential analyses of per-thread behavior within Frama-C EVA and generalizing results to a multithreaded setting via under- and over-approximations of interleavings. It blends a linear analysis pipeline (Lockset, Active-threads, Memory access analyses) with may/must race detection and a verdict-reduction step to achieve scalable results without formal guarantees. In SV-COMP'25 NoDataRace-Main, RacerF ranked second with many correct results and few false positives, while remaining fast and resource-efficient. Limitations include lack of formal guarantees, some false alarms, limited path-sensitivity, and minimal witness generation, highlighting directions for future improvements and witness support. RacerF is implemented as an OCaml plugin for Frama-C and is publicly available under MIT license.

Abstract

RacerF is a static analyser for detection of data races in multithreaded C programs implemented as a plugin of the Frama-C platform. The approach behind RacerF is mostly heuristic and relies on analysis of the sequential behaviour of particular threads whose results are generalised using a combination of under- and over-approximating techniques to allow analysis of the multithreading behaviour. In particular, in SV-COMP'25, RacerF relies on the Frama-C's abstract interpreter EVA to perform the analysis of the sequential behaviour. Although RacerF does not provide any formal guarantees, it ranked second in the NoDataRace-Main sub-category, providing the largest number of correct results (when excluding metaverifiers) and just 4 false positives.