Abstract
Software bugs, such as concurrency, memory and semantic bugs, can significantly affect system reliability. Although much effort has been made to address this problem, there are still many bugs that cannot be detected, especially concurrency bugs due to the complexity of concurrent programs. Effective approaches for detecting these common bugs are therefore highly desired.
This paper presents an invariant-based bug detection tool, DefUse, which can detect not only concurrency bugs (including the previously under-studied order violation bugs), but also memory and semantic bugs. Based on the observation that many bugs appear as violations to programmers' data flow intentions, we introduce three different types of definition-use invariants that commonly exist in both sequential and concurrent programs. We also design an algorithm to automatically extract such invariants from programs, which are then used to detect bugs. Moreover, DefUse uses various techniques to prune false positives and rank error reports.
We evaluated DefUse using sixteen real-world applications with twenty real-world concurrency and sequential bugs. Our results show that DefUse can effectively detect 19 of these bugs, including 2 new bugs that were never reported before, with only a few false positives. Our training sensitivity results show that, with the benefit of the pruning and ranking algorithms, DefUse is accurate even with insufficient training.
- }}A. V. Aho, R. Sethi, and J. D. Ullman. Compilers: Principles,Techniques, and Tools. Addison Wesley, 1986. Google Scholar
Digital Library
- }}P. Barford and M. Crovella. Generating representative web workloads for network and server performance evaluation. In ACM SIGMETRICS, June 1998. Google Scholar
Digital Library
- }}M. Burrows and K. R. M. Leino. Finding stale-value errors in concurrent programs. Concurrency and Computation: Practice & Experience, 16(12):1161--1172, 2004. Google Scholar
Digital Library
- }}M. Castro, M. Costa, and T. Harris. Securing software by enforcing data-flow integrity. In OSDI, 2006. Google Scholar
Digital Library
- }}S. Cherem, L. Princehouse, and R. Rugina. Practical memory leak detection using guarded value-flow analysis. In PLDI, 2007. Google Scholar
Digital Library
- }}T. Chilimbi and V. Ganapathy. HeapMD: Identifying heapbased bugs using anomaly detection. In ASPLOS, 2006. Google Scholar
Digital Library
- }}J.-D. Choi, K. Lee, A. Loginov, R. O'Callahan, V. Sarkar, and M. Sridharan. Efficient and precise datarace detection for multithreaded object-oriented programs. In PLDI, 2002. Google Scholar
Digital Library
- }}M. D. Ernst, J. H. Perkins, P. J. Guo, S. McCamant, C. Pacheco, M. S. Tschantz, and C. Xiao. The Daikon system for dynamic detection of likely invariants. Science of Computer Programming, 69(1-3):35--45, Dec. 2007. Google Scholar
Digital Library
- }}C. Flanagan and S. N. Freund. Atomizer: a dynamic atomicity checker for multithreaded programs. In POPL, 2004. Google Scholar
Digital Library
- }}C. Flanagan and S. N. Freund. FastTrack: efficient and precise dynamic race detection. In PLDI, 2009. Google Scholar
Digital Library
- }}C. Flanagan and S. Qadeer. A type and effect system for atomicity. In PLDI, pages 338--349, 2003. Google Scholar
Digital Library
- }}H. S. Gunawi, C. Rubio-Gonzaiz, A. C. Arpaci-Dusseau, R. H. Arpaci-Dusseau, and B. Liblit. EIO: Error handling is occasionally correct. In FAST, 2008. Google Scholar
Digital Library
- }}S. Hangal and M. S. Lam. Tracking down software bugs using automatic anomaly detection. In ICSE, 2002. Google Scholar
Digital Library
- }}M. J. Harrold and B. A. Malloy. Data flow testing of parallelized code. In ICSM, 1992.Google Scholar
Cross Ref
- }}R. Hastings and B. Joyce. Purify: Fast detection of memory leaks and access errors. In Usenix Winter Technical Conference, 1992.Google Scholar
- }}S. Lu,W. Jiang, and Y. Zhou. A study of interleaving coverage criteria. In FSE, 2007. Google Scholar
Digital Library
- }}S. Lu, S. Park, C. Hu, X. Ma, W. Jiang, Z. Li, R. A. Popa, and Y. Zhou. MUVI: Automatically inferring multi-variable access correlations and detecting related semantic and concurrency bugs. In SOSP, 2007. Google Scholar
Digital Library
- }}S. Lu, S. Park, E. Seo, and Y. Zhou. Learning from mistakes - a comprehensive study of real world concurrency bug characteristics. In ASPLOS, 2008. Google Scholar
Digital Library
- }}S. Lu, J. Tucek, F. Qin, and Y. Zhou. AVIO: Detecting atomicity violations via access interleaving invariants. In ASPLOS, 2006. Google Scholar
Digital Library
- }}B. Lucia and L. Ceze. Finding concurrency bugs with contextaware communication graphs. In MICRO, 2009. Google Scholar
Digital Library
- }}C.-K. Luk, R. Cohn, R. Muth, H. Patil, A. Klauser, G. Lowney, S. Wallace, V. J. Reddi, and K. Hazelwood. Pin: building customized program analysis tools with dynamic instrumentation. In PLDI, 2005. Google Scholar
Digital Library
- }}E. Marcus and H. Stern. Blueprints for high availability (2nd edition). John Wiley and Sons, 2003.Google Scholar
- }}D. Marino, M. Musuvathi, and S. Narayanasamy. LiteRace: effective sampling for lightweight data-race detection. In PLDI, 2009. Google Scholar
Digital Library
- }}D. Mosberger and T. Jin. httperf - a tool for measuring web server performance. Performance Evaluation Review, 26(3):31--37, 1998. Google Scholar
Digital Library
- }}M. Musuvathi and S. Qadeer. Iterative context bounding for systematic testing of multithreaded programs. In PLDI, 2007. Google Scholar
Digital Library
- }}M. Musuvathi, S. Qadeer, T. Ball, and G. Basler. Finding and reproducing heisenbugs in concurrent programs. In OSDI, 2008. Google Scholar
Digital Library
- }}S. Narayanasamy, C. Pereira, and B. Calder. Recording shared memory dependencies using strata. In ASPLOS, 2006. Google Scholar
Digital Library
- }}N. Nethercote and J. Seward. Valgrind: A framework for heavyweight dynamic binary instrumentation. In PLDI, 2007. Google Scholar
Digital Library
- }}R. O'Callahan and J.-D. Choi. Hybrid dynamic data race detection. In PPoPP, 2003. Google Scholar
Digital Library
- }}S. Park, S. Lu, and Y. Zhou. CTrigger: Exposing atomicity violation bugs from their hiding places. In ASPLOS, 2009. Google Scholar
Digital Library
- }}D. Perkovic and P. J. Keleher. Online data-race detection via coherency guarantees. In OSDI, 1996. Google Scholar
Digital Library
- }}E. Pozniansky and A. Schuster. Efficient on-the-fly data race detection in multithreaded C++ programs. In PPoPP, 2003. Google Scholar
Digital Library
- }}A. Sasturkar, R. Agarwal, L. Wang, and S. D. Stoller. Automated type-based analysis of data races and atomicity. In PPoPP, pages 83--94, 2005. Google Scholar
Digital Library
- }}S. Savage, M. Burrows, G. Nelson, P. Sobalvarro, and T. Anderson. Eraser: A dynamic data race detector for multithreaded programs. ACM TOCS, 1997. Google Scholar
Digital Library
- }}SecurityFocus. Software bug contributed to blackout. http://www.securityfocus.com/news/8016.Google Scholar
- }}K. Sen. Race directed random testing of concurrent programs. In PLDI, 2008. Google Scholar
Digital Library
- }}A. Shankar and R. Bodik. DITTO: Automatic incrementalization of data structure invariant checks (in Java). In PLDI, 2007. Google Scholar
Digital Library
- }}C. von Praun and T. R. Gross. Object race detection. In OOPSLA, 2001. Google Scholar
Digital Library
- }}C. von Praun and T. R. Gross. Static conflict analysis for multi-threaded object oriented programs. In PLDI, 2003. Google Scholar
Digital Library
- }}M. Xu, R. Bodik, and M. Hill. A regulated transitive reduction for longer memory race recording. In ASPLOS, 2006. Google Scholar
Digital Library
- }}M. Xu, R. Bodik, and M. D. Hill. A "flight data recorder" for enabling full-system multiprocessor deterministic replay. In ISCA, 2003. Google Scholar
Digital Library
- }}M. Xu, R. Bodik, and M. D. Hill. A serializability violation detector for shared-memory server programs. In PLDI, pages 1--14, 2005. Google Scholar
Digital Library
- }}C.-S. D. Yang, A. L. Souter, and L. L. Pollock. All-du-path coverage for parallel programs. In ISSTA, 1998. Google Scholar
Digital Library
- }}J. Yu and S. Narayanasamy. A case for an interleaving constrained shared-memory multi-processor. In ISCA, 2009. Google Scholar
Digital Library
- }}P. Zhou, W. Liu, F. Long, S. Lu, F. Qin, Y. Zhou, S. Midkiff, and J. Torrellas. AccMon: Automatically Detecting Memory-Related Bugs via Program Counter-based Invariants. In MICRO, 2004. Google Scholar
Digital Library
Index Terms
Do I use the wrong definition?: DeFuse: definition-use invariants for detecting concurrency and sequential bugs
Recommendations
Do I use the wrong definition?: DeFuse: definition-use invariants for detecting concurrency and sequential bugs
OOPSLA '10: Proceedings of the ACM international conference on Object oriented programming systems languages and applicationsSoftware bugs, such as concurrency, memory and semantic bugs, can significantly affect system reliability. Although much effort has been made to address this problem, there are still many bugs that cannot be detected, especially concurrency bugs due to ...
Applying transactional memory to concurrency bugs
ASPLOS XVII: Proceedings of the seventeenth international conference on Architectural Support for Programming Languages and Operating SystemsMultithreaded programs often suffer from synchronization bugs such as atomicity violations and deadlocks. These bugs arise from complicated locking strategies and ad hoc synchronization methods to avoid the use of locks. A survey of the bug databases of ...
Applying transactional memory to concurrency bugs
ASPLOS '12Multithreaded programs often suffer from synchronization bugs such as atomicity violations and deadlocks. These bugs arise from complicated locking strategies and ad hoc synchronization methods to avoid the use of locks. A survey of the bug databases of ...







Comments