Abstract
Concurrency bugs are becoming increasingly prevalent in the multi-core era. Recently, much research has focused on data races and atomicity violation bugs, which are related to low-level memory accesses. However, a large number of concurrency typestate bugs such as "invalid reads to a closed file from a different thread" are under-studied. These concurrency typestate bugs are important yet challenging to study since they are mostly relevant to high-level program semantics.
This paper presents 2ndStrike, a method to manifest hidden concurrency typestate bugs in software testing. Given a state machine describing correct program behavior on certain object typestates, 2ndStrike profiles runtime events related to the typestates and thread synchronization. Based on the profiling results, 2ndStrike then identifies bug candidates, each of which is a pair of runtime events that would cause typestate violation if the event order is reversed. Finally, 2ndStrike re-executes the program with controlled thread interleaving to manifest bug candidates.
We have implemented a prototype of 2ndStrike on Linux and have illustrated our idea using three types of concurrency typestate bugs, including invalid file operation, invalid pointer dereference, and invalid lock operation. We have evaluated 2ndStrike with six real world bugs (including one previously unknown bug) from three open-source server and desktop programs (i.e., MySQL, Mozilla, pbzip2). Our experimental results show that 2ndStrike can effectively and efficiently manifest all six software bugs, most of which are difficult or impossible to manifest using stress testing or active testing techniques that are based on data race/atomicity violation. Additionally, 2ndStrike reports no false positives, provides detailed bug reports for each manifested bug, and can consistently reproduce the bug after manifesting it once.
- Mysql. http://www.mysql.com/.Google Scholar
- Mozilla. http://www.mozilla.org/.Google Scholar
- Parallel bzip2. http://compression.ca/pbzip2/.Google Scholar
- H. Agrawal, R. A. DeMillo, and E. H. Spafford. An execution-backtracking approach to debugging. IEEE Software, 8 (3): 21--26, 1991. Google Scholar
Digital Library
- G. Ammons, R. Bodík, and J. R. Larus. Mining specifications. In POPL '02: Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of Programming Languages, 2002. Google Scholar
Digital Library
- M. Arnold, M. Vechev, and E. Yahav. Qvm: an efficient runtime for detecting defects in deployed systems. In OOPSLA '08: Proceedings of the 23rd ACM SIGPLAN conference on Object-Oriented Programming Systems Languages and Applications, 2008. Google Scholar
Digital Library
- P. Avgustinov, J. Tibble, and O. de Moor. Making trace monitors feasible. In OOPSLA '07: Proceedings of the 22nd ACM SIGPLAN conference on Object-Oriented Programming Systems and Applications, 2007. Google Scholar
Digital Library
- A. Bron, E. Farchi, Y. Magid, Y. Nir, and S. Ur. Applications of synchronization coverage. In PPoPP '05: Proceedings of the tenth ACM SIGPLAN symposium on Principles and Practice of Parallel Programming, 2005. Google Scholar
Digital Library
- S. Burckhardt, P. Kothari, M. Musuvathi, and S. Nagarakatte. A randomized scheduler with probabilistic guarantees of finding bugs. In ASPLOS '10: Proceedings of the 15th International Conference on Architectural Support for Programming Languages and Operating Systems, 2010. Google Scholar
Digital Library
- C. Cadar, D. Dunbar, and D. Engler. Klee: Unassisted and automatic generation of high-coverage tests for complex systems programs. In OSDI '08: Proceedings of Operating System Design and Implementation, 2008. Google Scholar
Digital Library
- P. Centonze, G. Naumovich, S. J. Fink, and M. Pistoia. Role-based access control consistency validation. In ISSTA '06: Proceedings of the 2006 International Symposium on Software Testing and Analysis, 2006. Google Scholar
Digital Library
- 2007)}MopF. Chen and G. Roşu. Mop: an efficient and generic runtime verification framework. In OOPSLA '07: Proceedings of the 22nd ACM SIGPLAN conference on Object-Oriented Programming Systems and Applications, 2007. Google Scholar
Digital Library
- J.-D. Choi and A. Zeller. Isolating failure-inducing thread schedules. In ISSTA '02: Proceedigns of the International Symposium on Software Testing and Analysis, 2002. Google Scholar
Digital Library
- J.-D. Choi, K. Lee, A. Loginov, R. O'Callahan, V. Sarkar, and M. Sridharan. Efficient and precise datarace detection for multithreaded object-oriented programs. In PLDI '02: Proceedings of the ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation, 2002. Google Scholar
Digital Library
- J. Chow, D. Lucchetti, T. Garfinkel, G. Lefebvre, R. Gardner, J. Mason, S. Small, and P. M. Chen. Multi-stage replay with crosscut. In VEE '10: Proceedings of the 2010 ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, 2010. Google Scholar
Digital Library
- H. Cleve and A. Zeller. Finding failure causes through automated testing. In Proceedings of the Fourth International Workshop on Automated Debugging, 2000.Google Scholar
- M. Das, S. Lerner, and M. Seigle. ESP: path-sensitive program verification in polynomial time. In PLDI '02: Proceedings of the ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation, 2002. Google Scholar
Digital Library
- R. DeLine and M. Fahndrich. Typestates for objects. In ECOOP '04: Proceedings of the 18th European Conference on Object-Oriented Programming, 2004.Google Scholar
Cross Ref
- D. L. Detlefs, K. R. M. Leino, K. Rustan, M. Leino, G. Nelson, and J. B. Saxe. Extended static checking. Technical report, TR SRC-159, COMPAQ SRC, 1998.Google Scholar
- A. Dinning and E. Schonberg. An empirical comparison of monitoring algorithms for access anomaly detection. In PPoPP '90: Proceedings of the second ACM SIGPLAN symposium on Principles and Practice of Parallel Programming, 1990. Google Scholar
Digital Library
- G. W. Dunlap, S. T. King, S. Cinar, M. A. Basrai, and P. M. Chen. Revirt: enabling intrusion analysis through virtual-machine logging and replay. In OSDI '02: Proceedings of the 5th symposium on Operating Systems Design and Implementation, 2002. Google Scholar
Digital Library
- G. W. Dunlap, D. G. Lucchetti, M. A. Fetterman, and P. M. Chen. Execution replay of multiprocessor virtual machines. In VEE '08: Proceedings of the fourth ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, 2008. Google Scholar
Digital Library
- D. Engler and K. Ashcraft. Racerx: effective, static detection of race conditions and deadlocks. In SOSP '03: Proceedings of the nineteenth ACM Symposium on Operating Systems Principles, 2003. Google Scholar
Digital Library
- C. Flanagan and S. N. Freund. Atomizer: a dynamic atomicity checker for multithreaded programs. In POPL '04: Proceedings of the 31st ACM SIGPLAN-SIGACT symposium on Principles of Programming Languages, 2004. Google Scholar
Digital Library
- J. S. Foster, T. Terauchi, and A. Aiken. Flow-sensitive type qualifiers. In PLDI '02: Proceedings of the ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation, 2002. Google Scholar
Digital Library
- P. Godefroid, M. Y. Levin, and D. Molnar. Automated whitebox fuzz testing. In NDSS '08: Proceedings of the 16th Annual Network and Distributed System Security Symposium, 2008.Google Scholar
- M. Harrold and B. Malloy. Data flow testing of parallelized code. In ICSM '92: Proceedings of International Conference on Software Maintenance, 1992.Google Scholar
Cross Ref
- P. Joshi and K. Sen. Predictive typestate checking of multithreaded jave programs. In ASE '08: Proceedings of the 23rd IEEE/ACM International Conference on Automated Software Engineering, 2008. Google Scholar
Digital Library
- H. Jula, D. Tralamazza, C. Zamfir, and G. Candea. Deadlock immunity: Enabling systems to defend against deadlocks. In OSDI '08: Proceedings of the 8th USENIX Symposium on Operating Systems Design and Implementation, 2008. Google Scholar
Digital Library
- P. V. Koppol and K.-C. Tai. An incremental approach to structural testing of concurrent software. In ISSTA '96: Proceedings of the 1996 ACM SIGSOFT International Symposium on Software Testing and Analysis, 1996. Google Scholar
Digital Library
- J. R. Larus and R. Rajwar. Transactional memory. Morgan & Claypool, 1 (1): 1--226, 2006.Google Scholar
- C. Lattner and V. Adve. Llvm: A compilation framework for lifelong program analysis & transformation. In CGO '04: Proceedings of the International Symposium on Code Generation and Optimization, 2004. Google Scholar
Digital Library
- S. Lu, J. Tucek, F. Qin, and Y. Zhou. Avio: detecting atomicity violations via access interleaving invariants. In ASPLOS '06: Proceedings of the 12th International Conference on Architectural Support for Programming Languages and Operating Systems, 2006. Google Scholar
Digital Library
- Lu, Jiang, and Zhou}Zhou_companion07S. Lu, W. Jiang, and Y. Zhou. A study of interleaving coverage criteria. In ESEC-FSE companion '07: The 6th Joint Meeting on European software engineering conference and the ACM SIGSOFT symposium on the Foundations of Software Engineering, 2007. Google Scholar
Digital Library
- Lu, Park, Hu, Ma, Jiang, Li, Popa, and Zhou}MUVIS. Lu, S. Park, C. Hu, X. Ma, W. Jiang, Z. Li, R. A. Popa, and Y. Zhou. Muvi: automatically inferring multi-variable access correlations and detecting related semantic and concurrency bugs. In SOSP '07: Proceedings of twenty-first ACM SIGOPS Symposium on Operating Systems Principles, 2007. Google Scholar
Digital Library
- S. Lu, S. Park, E. Seo, and Y. Zhou. Learning from mistakes: a comprehensive study on real world concurrency bug characteristics. In ASPLOS '08: Proceedings of the 13th International Conference on Architectural Support for Programming Languages and Operating Systems, 2008. Google Scholar
Digital Library
- B. Lucia and L. Ceze. Finding concurrency bugs with context-aware communication graphs. In Micro'09: Proceedings of the 42nd Annual IEEE/ACM International Symposium on Microarchitecture, 2009. Google Scholar
Digital Library
- B. Lucia, J. Devietti, K. Strauss, and L. Ceze. Atom-aid: Detecting and surviving atomicity violations. In ISCA '08: Proceedings of the 35th International Symposium on Computer Architecture, 2008. Google Scholar
Digital Library
- M. Musuvathi and S. Qadeer. Iterative context bounding for systematic testing of multithreaded programs. In PLDI '07: Proceedings of the 2007 ACM SIGPLAN conference on Programming Language Design and Implementation, 2007. Google Scholar
Digital Library
- M. Musuvathi, S. Qadeer, T. Ball, and G. Basler. Finding and reproducing heisenbugs in concurrent programs. In OSDI '08: Proceedings of the 8th USENIX Symposium on Operating Systems Design and Implementation, 2008. Google Scholar
Digital Library
- S. Narayanasamy, G. Pokam, and B. Calder. Bugnet: Continuously recording program execution for deterministic replay debugging. In ISCA '05: Proceedings of the 32nd annual International Symposium on Computer Architecture, 2005. Google Scholar
Digital Library
- S. Narayanasamy, C. Pereira, and B. Calder. Recording shared memory dependencies using strata. In ASPLOS '06: Proceedings of the 12th International Conference on Architectural Support for Programming Languages and Operating Systems, 2006. Google Scholar
Digital Library
- R. H. B. Netzer and B. P. Miller. Improving the accuracy of data race detection. In PPoPP '91: Proceedings of the third ACM SIGPLAN symposium on Principles and Practice of Parallel Programming, 1991. Google Scholar
Digital Library
- R. O'Callahan and J.-D. Choi. Hybrid dynamic data race detection. In PPoPP '03: Proceedings of the ninth ACM SIGPLAN symposium on Principles and Practice of Parallel Programming, 2003. Google Scholar
Digital Library
- R. O'Callahan and J.-D. Choi. Hybrid dynamic data race detection. In PPoPP '03: Proceedings of the ninth ACM SIGPLAN symposium on Principles and Practice of Parallel Programming, 2003. Google Scholar
Digital Library
- C.-S. Park and K. Sen. Randomized active atomicity violation detection in concurrent programs. In FSE '08: Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of Software Engineering, 2008. Google Scholar
Digital Library
- Park, Lu, and Zhou}CTriggerS. Park, S. Lu, and Y. Zhou. CTrigger: exposing atomicity violation bugs from their hiding places. In ASPLOS '09: Proceeding of the 14th International Conference on Architectural Support for Programming Languages and Operating Systems, 2009. Google Scholar
Digital Library
- Park, Zhou, Xiong, Yin, Kaushik, Lee, and Lu}PRESS. Park, Y. Zhou, W. Xiong, Z. Yin, R. Kaushik, K. H. Lee, and S. Lu. Pres: probabilistic replay with execution sketching on multiprocessors. In SOSP '09: Proceedings of the ACM SIGOPS 22nd Symposium on Operating Systems Principles, 2009. Google Scholar
Digital Library
- S. Park, R. W. Vuduc, and M. J. Harrold. Falcon: Fault localization in concurrent programs. In ICSE'10: Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering, 2010. Google Scholar
Digital Library
- D. Perkovi¡äc and P. J. Keleher. Online data-race detection via coherency guarantees. In OSDI '96: Proceedings of the Second Symposium on Operating Systems Design and Implementation, 1996. Google Scholar
Digital Library
- E. Pozniansky and A. Schuster. Efficient on-the-fly data race detection in multithreaded c++ programs. In PPoPP '03: Proceedings of the ninth ACM SIGPLAN symposium on Principles and Practice of Parallel Programming, 2003. Google Scholar
Digital Library
- S. Rajamani, G. Ramalingam, V. P. Ranganath, and K. Vaswani. Isolator: dynamically ensuring isolation in comcurrent programs. In ASPLOS '09: Proceeding of the 14th International Conference on Architectural Support for Programming Languages and Operating Systems, 2009. Google Scholar
Digital Library
- P. Ratanaworabhan, M. Burtscher, D. Kirovski, B. Zorn, R. Nagpal, and K. Pattabiraman. Detecting and tolerating asymmetric races. In PPoPP '09: Proceedings of the 14th ACM SIGPLAN symposium on Principles and Practice of Parallel Programming, 2009. Google Scholar
Digital Library
- K. Rustan, M. Leino, G. Nelson, and J. B. Saxe. Esc/java user's manual. Technical report, Compaq Systems Research Center, 2001.Google Scholar
- Y. Saito. Jockey: a user-space library for record-replay debugging. In AADEBUG'05: Proceedings of the sixth International Symposium on Automated Analysis-driven Debugging, 2005. Google Scholar
Digital Library
- S. Savage, M. Burrows, G. Nelson, P. Sobalvarro, and T. Anderson. Eraser: a dynamic data race detector for multithreaded programs. ACM Trans. Comput. Syst., 15 (4): 391--411, 1997. Google Scholar
Digital Library
- K. Sen. Race directed random testing of concurrent programs. In PLDI '08: Proceedings of the 2008 ACM SIGPLAN conference on Programming Language Design and Implementation, 2008. Google Scholar
Digital Library
- K. Sen and G. Agha. Automated systematic testing of open distributed programs. In FASE '06: Proceedings of Fundamental Approaches to Software Engineering, 2006. Google Scholar
Digital Library
- S. Shoham, E. Yahav, S. Fink, and M. Pistoia. Static specification mining using automata-based abstractions. In ISSTA '07: Proceedings of the 2007 International Symposium on Software Testing and Analysis, 2007. Google Scholar
Digital Library
- S. M. Srinivasan, S. Kandula, C. R. Andrews, and Y. Zhou. Flashback: A lightweight extension for rollback and deterministic replay for software debugging. In Proceedings of the 2004 USENIX Technical Conference, 2004. Google Scholar
Digital Library
- N. Sterling. Warlock: A static data race analysis tool. In Proceedings of the 1993 USENIX Winter Technical Conference, 1993.Google Scholar
- R. E. Strom and S. Yemini. Typestate: A programming language concept for enhancing software reliability. IEEE Trans. Softw. Eng., 12 (1): 157--171, 1986. Google Scholar
Digital Library
- R. Taylor, D. Levine, and C. Kelly. Structural testing of concurrent programs. IEEE Transactions on Software Engineering, 18: 206--215, 1992. Google Scholar
Digital Library
- M. Weiser. Programmers use slices when debugging. Commun. ACM, 25 (7): 446--452, 1982. Google Scholar
Digital Library
- W. Xiong, S. Park, J. Zhang, Y. Zhou, and Z. Ma. Ad hoc synchronization considered harmful. In OSDI '10: Proceedings of the 9th USENIX Symposium on Operating Systems Design and Implementation, 2010. Google Scholar
Digital Library
- M. Xu, R. Bodik, and M. D. Hill. A "flight data recorder" for enabling full-system multiprocessor deterministic replay. In ISCA '03: Proceedings of the 30th Annual International Symposium on Computer Architecture, 2003. Google Scholar
Digital Library
- M. Xu, R. Bodík, and M. D. Hill. A serializability violation detector for shared-memory server programs. In PLDI '05: Proceedings of the 2005 ACM SIGPLAN conference on Programming Language Design and Implementation, 2005. Google Scholar
Digital Library
- M. Xu, M. D. Hill, and R. Bodik. A regulated transitive reduction (rtr) for longer memory race recording. In ASPLOS '06: Proceedings of the 12th International Conference on Architectural Support for Programming Languages and Operating Systems, 2006. Google Scholar
Digital Library
- C.-S. D. Yang, A. L. Souter, and L. L. Pollock. All-du-path coverage for parallel programs. In ISSTA '98: Proceedings of the 1998 ACM SIGSOFT International Symposium on Software Testing and Analysis, 1998. Google Scholar
Digital Library
- Y. Yang, A. Gringauze, D. Wu, and H. Rohde. Detecting data race and atomicity violation via typestate-guided static analysis. Technical report, Microsoft Research, 2008.Google Scholar
- J. Yu and S. Narayanasamy. A case for an interleaving constrained shared-memory multi-processor. In ISCA '09: Proceedings of the 36th annual International Symposium on Computer architecture, 2009. Google Scholar
Digital Library
- Y. Yu, T. Rodeheffer, and W. Chen. Racetrack: efficient detection of data race conditions via adaptive tracking. In SOSP '05: Proceedings of the twentieth ACM Symposium on Operating Systems Principles, 2005. Google Scholar
Digital Library
- C. Zamfir and G. Candea. Execution synthesis: a technique for automated software debugging. In EuroSys '10: Proceedings of the 5th European Conference on Computer Systems, 2010. Google Scholar
Digital Library
- A. Zeller. Yesterday, my program worked. today, it does not. why? In ESEC-FSE '99: The Joint Meeting on European software engineering conference and the ACM SIGSOFT symposium on the Foundations of Software Engineering, 1999. Google Scholar
Digital Library
- W. Zhang, C. Sun, and S. Lu. Conmem: detecting severe concurrency bugs through an effect-oriented approach. In ASPLOS '10: Proceedings of the fifteenth edition of ASPLOS on Architectural Support for Programming Languages and Operating Systems, 2010. Google Scholar
Digital Library
- X. Zhang, R. Gupta, and Y. Zhang. Precise dynamic slicing algorithms. In ICSE '03: Proceedings of the 25th International Conference on Software Engineering, 2003. Google Scholar
Digital Library
Index Terms
2ndStrike: toward manifesting hidden concurrency typestate bugs
Recommendations
ConSeq: detecting concurrency bugs through sequential errors
ASPLOS '11Concurrency bugs are caused by non-deterministic interleavings between shared memory accesses. Their effects propagate through data and control dependences until they cause software to crash, hang, produce incorrect output, etc. The lifecycle of a bug ...
2ndStrike: toward manifesting hidden concurrency typestate bugs
ASPLOS XVI: Proceedings of the sixteenth international conference on Architectural support for programming languages and operating systemsConcurrency bugs are becoming increasingly prevalent in the multi-core era. Recently, much research has focused on data races and atomicity violation bugs, which are related to low-level memory accesses. However, a large number of concurrency typestate ...
2ndStrike: toward manifesting hidden concurrency typestate bugs
ASPLOS '11Concurrency bugs are becoming increasingly prevalent in the multi-core era. Recently, much research has focused on data races and atomicity violation bugs, which are related to low-level memory accesses. However, a large number of concurrency typestate ...







Comments