ABSTRACT
Software defects significantly reduce system dependability. Among various types of software bugs, semantic and concurrency bugs are two of the most difficult to detect. This paper proposes a novel method, called MUVI, that detects an important class of semantic and concurrency bugs. MUVI automatically infers commonly existing multi-variable access correlations through code analysis and then detects two types of related bugs: (1) inconsistent updates--correlated variables are not updated in a consistent way, and (2) multi-variable concurrency bugs--correlated accesses are not protected in the same atomic sections in concurrent programs.We evaluate MUVI on four large applications: Linux, Mozilla,MySQL, and PostgreSQL. MUVI automatically infers more than 6000 variable access correlations with high accuracy (83%).Based on the inferred correlations, MUVI detects 39 new inconsistent update semantic bugs from the latest versions of these applications, with 17 of them recently confirmed by the developers based on our reports.We also implemented MUVI multi-variable extensions to tworepresentative data race bug detection methods (lock-set and happens-before). Our evaluation on five real-world multi-variable concurrency bugs from Mozilla and MySQL shows that the MUVI-extension correctly identifies the root causes of four out of the five multi-variable concurrency bugs with 14% additional overhead on average. Interestingly, MUVI also helps detect four new multi-variable concurrency bugs in Mozilla that have never been reported before. None of the nine bugs can be identified correctly by the original race detectors without our MUVI extensions.
Supplemental Material
Available for Download
Supplemental material for MUVI: automatically inferring multi-variable access correlations and detecting related semantic and concurrency bugs
- R. Alur, P. Cerny, P. Madhusudan, and W. Nam. Synthesis of interface specifications for java classes. In POPL, 2005. Google Scholar
Digital Library
- G. Ammons, R. Bodik, J. R. Larus. Mining specifications. In POPL, 2002. Google Scholar
Digital Library
- C. Artho, K. Havelund, and A. Bierre. High--level data races. The First International Workshop on Verification and Validation of Enterprise Information Systems, 2003.Google Scholar
Cross Ref
- L. Ceze, P. Montesinos, C. von Praun, and J. Torrellas. Colorama: Architectural support for data--centric synchronization. In HPCA, 2007. Google Scholar
Digital Library
- J.-D. Choi et al. Efficient and precise datarace detection for multithreaded object-oriented programs. In PLDI, 2002. Google Scholar
Digital Library
- A. Dinning and E. Schonberg. An empirical comparison of monitoring algorithms for access anomaly detection. In PPoPP, 1990. Google Scholar
Digital Library
- A. Dinning and E. Schonberg. Detecting access anomalies in programs with critical sections. In ACM/ONR Workshop on Parallel and Distributed Debugging (AOWPDD), 1991. Google Scholar
Digital Library
- D. Engler and K. Ashcraft. RacerX: Effective, static detection of race conditions and deadlocks. In SOSP, 2003. Google Scholar
Digital Library
- D. Engler, D. Y. Chen, S. Hallem, A. Chou, and B. Chelf. Bugs as deviant behavior: A general approach to inferring errors in systems code. In SOSP, pages 5772, 2001. Google Scholar
Digital Library
- M. Ernst, A. Czeisler, W. G. Griswold, and D. Notkin. Quickly detecting relevant program invariants. In ICSE, 2000. Google Scholar
Digital Library
- C. Flanagan and S. N. Freund. Atomizer: a dynamic atomicity checker for multithreaded programs. In POPL, 2004. Google Scholar
Digital Library
- P. Godefroid. Model checking for programming languages using verisoft. In POPL, 1997. Google Scholar
Digital Library
- G. Grahne and J. Zhu. Efficiently using prefix-trees in mining frequent itemsets. In Proceeding of the First IEEE ICDM Workshop on Frequent Itemset Mining Implementations (FIMI'03), Nov 2003.Google Scholar
- E. D. Group. EDG C/C++ front end.Google Scholar
- S. Hangal and M. S. Lam. Tracking down software bugs using automatic anomaly detection. In ICSE, 2002. Google Scholar
Digital Library
- T. Harris and K. Fraser. Language support for lightweight transactions. In OOPSLA, 2003. Google Scholar
Digital Library
- T. A. Henzinger, R. Jhala, and R. Majumdar. Race checking by context inference. In PLDI '04, 2004. Google Scholar
Digital Library
- M. Herlihy and J. E. B. Moss. Transactional memory: architectural support for lock-free data structures. In ISCA, 1993. Google Scholar
Digital Library
- S. T. King, G. W. Dunlap, and P. M. Chen. Operating systems with time-traveling virtual machines. In Usenix Annual Technical Conference, 2005. Google Scholar
Digital Library
- T. Kremenek, P. Twohey, G. Back, A. Ng, and D. Engler. From uncertainty to belief: Inferring the specification within. In OSDI, Nov 2006. Google Scholar
Digital Library
- Z. Li, S. Lu, S. Myagmar, and Y. Zhou. CP-Miner: A Tool for Finding Copy-paste and Related Bugs in Operating System Code. In OSDI, 2004. Google Scholar
Digital Library
- Z. Li and Y. Zhou. PR--Miner: Automatically extracting implicit programming rules and detecting violations in large software code. In FSE, Sept 2005. Google Scholar
Digital Library
- B. Liblit, A. Aiken, A. X. Zheng, and M. I. Jordan. Bug isolation via remote program sampling. In PLDI, 2003. Google Scholar
Digital Library
- V. B. Livshits and T. Zimmermann. Dynamine: Finding common error patterns by mining software revision histories. In FSE, 2005. Google Scholar
Digital Library
- S. Lu, J. Tucek, F. Qin, and Y. Zhou. AVIO: detecting atomicity violations via access interleaving invariants. In ASPLOS, 2006. Google Scholar
Digital Library
- C.-K. Luk, R. Cohn, R. Muth, H. Patil, A. Klauser, G. Lowney, S. Wallace, V. J. Reddi, and K. Hazelwood. Pin: building customized program analysis tools with dynamic instrumentation. In PLDI, 2005. Google Scholar
Digital Library
- B. McCloskey, F. Zhou, D. Gay, and E. Brewer. Autolocker: synchronization inference for atomic sections. In POPL, 2006. Google Scholar
Digital Library
- M. Naik, A. Aiken, and J. Whaley. Effective static race detection for java. In PLDI, 2006. Google Scholar
Digital Library
- N. Nethercote and J. Seward. Valgrind: A program supervision framework. ENTCS, 2003.Google Scholar
- R. H. B. Netzer and B. P. Miller. Improving the accuracy of data race detection. In PPoPP, 1991. Google Scholar
Digital Library
- R. O'Callahan and J.-D. Choi. Hybrid dynamic data race detection. In PPoPP, 2003. Google Scholar
Digital Library
- D. Perkovic and P. J. Keleher. Online data-race detection via coherency guarantees. In OSDI, 1996. Google Scholar
Digital Library
- S. Qadeer and D. Wu. Kiss: keep it simple and sequential. In PLDI, 2004. Google Scholar
Digital Library
- A. Sasturkar, R. Agarwal, L. Wang, and S. D. Stoller. Automated type-based analysis of data races and atomicity. In PPoPP, 2005. Google Scholar
Digital Library
- S. Savage, M. Burrows, G. Nelson, P. Sobalvarro, and T. Anderson. Eraser: A dynamic data race detector for multithreaded programs. ACM TOCS, 1997. Google Scholar
Digital Library
- M. Vaziri, F. Tip, and J. Dolby. Associating synchronization constraints with data in an object-oriented language. In POPL, 2006. Google Scholar
Digital Library
- C. von Praun and T. R. Gross. Object race detection. In OOPSLA, 2001. Google Scholar
Digital Library
- W. Weimer and G. Necula. Mining temporal specifications for error detection. In TACAS, 2005. Google Scholar
Digital Library
- J. Whaley, M. C. Martin, and M. S. Lam. Automatic extraction of object-oriented component interfaces. In ISSTA, 2002. Google Scholar
Digital Library
- M. Xu, R. Bodik, and M. D. Hill. A serializability violation detector for shared--memory server programs. In PLDI, 2005. Google Scholar
Digital Library
- W. Xu, S. Bhatkar, and R. Sekar. Taint-enhanced policy enforcement: A practical approach to defeat a wide range of attacks. In USENIX Security Symposium, 2006. Google Scholar
Digital Library
- J. Yang, D. Evans, D. Bhardwaj, T. Bhat, and M. Das. Perracotta: mining temporal API rules from imperfect traces. In ICSE, 2006. Google Scholar
Digital Library
- Y. Yu, T. Rodehffer, and W. Chen. Racetrack: Efficient detection of data race conditions via adaptive tracking. In SOSP, 2005. Google Scholar
Digital Library
Index Terms
MUVI: automatically inferring multi-variable access correlations and detecting related semantic and concurrency bugs
Recommendations
MUVI: automatically inferring multi-variable access correlations and detecting related semantic and concurrency bugs
SOSP '07Software defects significantly reduce system dependability. Among various types of software bugs, semantic and concurrency bugs are two of the most difficult to detect. This paper proposes a novel method, called MUVI, that detects an important class of ...
AVIO: detecting atomicity violations via access interleaving invariants
Proceedings of the 2006 ASPLOS ConferenceConcurrency bugs are among the most difficult to test and diagnose of all software bugs. The multicore technology trend worsens this problem. Most previous concurrency bug detection work focuses on one bug subclass, data races, and neglects many other ...
AVIO: detecting atomicity violations via access interleaving invariants
Proceedings of the 2006 ASPLOS ConferenceConcurrency bugs are among the most difficult to test and diagnose of all software bugs. The multicore technology trend worsens this problem. Most previous concurrency bug detection work focuses on one bug subclass, data races, and neglects many other ...







Comments