skip to main content
research-article

2ndStrike: toward manifesting hidden concurrency typestate bugs

Authors Info & Claims
Published:05 March 2011Publication History
Skip Abstract Section

Abstract

Concurrency bugs are becoming increasingly prevalent in the multi-core era. Recently, much research has focused on data races and atomicity violation bugs, which are related to low-level memory accesses. However, a large number of concurrency typestate bugs such as "invalid reads to a closed file from a different thread" are under-studied. These concurrency typestate bugs are important yet challenging to study since they are mostly relevant to high-level program semantics.

This paper presents 2ndStrike, a method to manifest hidden concurrency typestate bugs in software testing. Given a state machine describing correct program behavior on certain object typestates, 2ndStrike profiles runtime events related to the typestates and thread synchronization. Based on the profiling results, 2ndStrike then identifies bug candidates, each of which is a pair of runtime events that would cause typestate violation if the event order is reversed. Finally, 2ndStrike re-executes the program with controlled thread interleaving to manifest bug candidates.

We have implemented a prototype of 2ndStrike on Linux and have illustrated our idea using three types of concurrency typestate bugs, including invalid file operation, invalid pointer dereference, and invalid lock operation. We have evaluated 2ndStrike with six real world bugs (including one previously unknown bug) from three open-source server and desktop programs (i.e., MySQL, Mozilla, pbzip2). Our experimental results show that 2ndStrike can effectively and efficiently manifest all six software bugs, most of which are difficult or impossible to manifest using stress testing or active testing techniques that are based on data race/atomicity violation. Additionally, 2ndStrike reports no false positives, provides detailed bug reports for each manifested bug, and can consistently reproduce the bug after manifesting it once.

References

  1. Mysql. http://www.mysql.com/.Google ScholarGoogle Scholar
  2. Mozilla. http://www.mozilla.org/.Google ScholarGoogle Scholar
  3. Parallel bzip2. http://compression.ca/pbzip2/.Google ScholarGoogle Scholar
  4. H. Agrawal, R. A. DeMillo, and E. H. Spafford. An execution-backtracking approach to debugging. IEEE Software, 8 (3): 21--26, 1991. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. G. Ammons, R. Bodík, and J. R. Larus. Mining specifications. In POPL '02: Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of Programming Languages, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. M. Arnold, M. Vechev, and E. Yahav. Qvm: an efficient runtime for detecting defects in deployed systems. In OOPSLA '08: Proceedings of the 23rd ACM SIGPLAN conference on Object-Oriented Programming Systems Languages and Applications, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. P. Avgustinov, J. Tibble, and O. de Moor. Making trace monitors feasible. In OOPSLA '07: Proceedings of the 22nd ACM SIGPLAN conference on Object-Oriented Programming Systems and Applications, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. A. Bron, E. Farchi, Y. Magid, Y. Nir, and S. Ur. Applications of synchronization coverage. In PPoPP '05: Proceedings of the tenth ACM SIGPLAN symposium on Principles and Practice of Parallel Programming, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. S. Burckhardt, P. Kothari, M. Musuvathi, and S. Nagarakatte. A randomized scheduler with probabilistic guarantees of finding bugs. In ASPLOS '10: Proceedings of the 15th International Conference on Architectural Support for Programming Languages and Operating Systems, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. C. Cadar, D. Dunbar, and D. Engler. Klee: Unassisted and automatic generation of high-coverage tests for complex systems programs. In OSDI '08: Proceedings of Operating System Design and Implementation, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. P. Centonze, G. Naumovich, S. J. Fink, and M. Pistoia. Role-based access control consistency validation. In ISSTA '06: Proceedings of the 2006 International Symposium on Software Testing and Analysis, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. 2007)}MopF. Chen and G. Roşu. Mop: an efficient and generic runtime verification framework. In OOPSLA '07: Proceedings of the 22nd ACM SIGPLAN conference on Object-Oriented Programming Systems and Applications, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. J.-D. Choi and A. Zeller. Isolating failure-inducing thread schedules. In ISSTA '02: Proceedigns of the International Symposium on Software Testing and Analysis, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. J.-D. Choi, K. Lee, A. Loginov, R. O'Callahan, V. Sarkar, and M. Sridharan. Efficient and precise datarace detection for multithreaded object-oriented programs. In PLDI '02: Proceedings of the ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. J. Chow, D. Lucchetti, T. Garfinkel, G. Lefebvre, R. Gardner, J. Mason, S. Small, and P. M. Chen. Multi-stage replay with crosscut. In VEE '10: Proceedings of the 2010 ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. H. Cleve and A. Zeller. Finding failure causes through automated testing. In Proceedings of the Fourth International Workshop on Automated Debugging, 2000.Google ScholarGoogle Scholar
  17. M. Das, S. Lerner, and M. Seigle. ESP: path-sensitive program verification in polynomial time. In PLDI '02: Proceedings of the ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. R. DeLine and M. Fahndrich. Typestates for objects. In ECOOP '04: Proceedings of the 18th European Conference on Object-Oriented Programming, 2004.Google ScholarGoogle ScholarCross RefCross Ref
  19. D. L. Detlefs, K. R. M. Leino, K. Rustan, M. Leino, G. Nelson, and J. B. Saxe. Extended static checking. Technical report, TR SRC-159, COMPAQ SRC, 1998.Google ScholarGoogle Scholar
  20. A. Dinning and E. Schonberg. An empirical comparison of monitoring algorithms for access anomaly detection. In PPoPP '90: Proceedings of the second ACM SIGPLAN symposium on Principles and Practice of Parallel Programming, 1990. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. G. W. Dunlap, S. T. King, S. Cinar, M. A. Basrai, and P. M. Chen. Revirt: enabling intrusion analysis through virtual-machine logging and replay. In OSDI '02: Proceedings of the 5th symposium on Operating Systems Design and Implementation, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. G. W. Dunlap, D. G. Lucchetti, M. A. Fetterman, and P. M. Chen. Execution replay of multiprocessor virtual machines. In VEE '08: Proceedings of the fourth ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. D. Engler and K. Ashcraft. Racerx: effective, static detection of race conditions and deadlocks. In SOSP '03: Proceedings of the nineteenth ACM Symposium on Operating Systems Principles, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. C. Flanagan and S. N. Freund. Atomizer: a dynamic atomicity checker for multithreaded programs. In POPL '04: Proceedings of the 31st ACM SIGPLAN-SIGACT symposium on Principles of Programming Languages, 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. J. S. Foster, T. Terauchi, and A. Aiken. Flow-sensitive type qualifiers. In PLDI '02: Proceedings of the ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. P. Godefroid, M. Y. Levin, and D. Molnar. Automated whitebox fuzz testing. In NDSS '08: Proceedings of the 16th Annual Network and Distributed System Security Symposium, 2008.Google ScholarGoogle Scholar
  27. M. Harrold and B. Malloy. Data flow testing of parallelized code. In ICSM '92: Proceedings of International Conference on Software Maintenance, 1992.Google ScholarGoogle ScholarCross RefCross Ref
  28. P. Joshi and K. Sen. Predictive typestate checking of multithreaded jave programs. In ASE '08: Proceedings of the 23rd IEEE/ACM International Conference on Automated Software Engineering, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. H. Jula, D. Tralamazza, C. Zamfir, and G. Candea. Deadlock immunity: Enabling systems to defend against deadlocks. In OSDI '08: Proceedings of the 8th USENIX Symposium on Operating Systems Design and Implementation, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. P. V. Koppol and K.-C. Tai. An incremental approach to structural testing of concurrent software. In ISSTA '96: Proceedings of the 1996 ACM SIGSOFT International Symposium on Software Testing and Analysis, 1996. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. J. R. Larus and R. Rajwar. Transactional memory. Morgan & Claypool, 1 (1): 1--226, 2006.Google ScholarGoogle Scholar
  32. C. Lattner and V. Adve. Llvm: A compilation framework for lifelong program analysis & transformation. In CGO '04: Proceedings of the International Symposium on Code Generation and Optimization, 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. S. Lu, J. Tucek, F. Qin, and Y. Zhou. Avio: detecting atomicity violations via access interleaving invariants. In ASPLOS '06: Proceedings of the 12th International Conference on Architectural Support for Programming Languages and Operating Systems, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. Lu, Jiang, and Zhou}Zhou_companion07S. Lu, W. Jiang, and Y. Zhou. A study of interleaving coverage criteria. In ESEC-FSE companion '07: The 6th Joint Meeting on European software engineering conference and the ACM SIGSOFT symposium on the Foundations of Software Engineering, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. Lu, Park, Hu, Ma, Jiang, Li, Popa, and Zhou}MUVIS. Lu, S. Park, C. Hu, X. Ma, W. Jiang, Z. Li, R. A. Popa, and Y. Zhou. Muvi: automatically inferring multi-variable access correlations and detecting related semantic and concurrency bugs. In SOSP '07: Proceedings of twenty-first ACM SIGOPS Symposium on Operating Systems Principles, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. S. Lu, S. Park, E. Seo, and Y. Zhou. Learning from mistakes: a comprehensive study on real world concurrency bug characteristics. In ASPLOS '08: Proceedings of the 13th International Conference on Architectural Support for Programming Languages and Operating Systems, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. B. Lucia and L. Ceze. Finding concurrency bugs with context-aware communication graphs. In Micro'09: Proceedings of the 42nd Annual IEEE/ACM International Symposium on Microarchitecture, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. B. Lucia, J. Devietti, K. Strauss, and L. Ceze. Atom-aid: Detecting and surviving atomicity violations. In ISCA '08: Proceedings of the 35th International Symposium on Computer Architecture, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. M. Musuvathi and S. Qadeer. Iterative context bounding for systematic testing of multithreaded programs. In PLDI '07: Proceedings of the 2007 ACM SIGPLAN conference on Programming Language Design and Implementation, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. M. Musuvathi, S. Qadeer, T. Ball, and G. Basler. Finding and reproducing heisenbugs in concurrent programs. In OSDI '08: Proceedings of the 8th USENIX Symposium on Operating Systems Design and Implementation, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. S. Narayanasamy, G. Pokam, and B. Calder. Bugnet: Continuously recording program execution for deterministic replay debugging. In ISCA '05: Proceedings of the 32nd annual International Symposium on Computer Architecture, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. S. Narayanasamy, C. Pereira, and B. Calder. Recording shared memory dependencies using strata. In ASPLOS '06: Proceedings of the 12th International Conference on Architectural Support for Programming Languages and Operating Systems, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. R. H. B. Netzer and B. P. Miller. Improving the accuracy of data race detection. In PPoPP '91: Proceedings of the third ACM SIGPLAN symposium on Principles and Practice of Parallel Programming, 1991. Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. R. O'Callahan and J.-D. Choi. Hybrid dynamic data race detection. In PPoPP '03: Proceedings of the ninth ACM SIGPLAN symposium on Principles and Practice of Parallel Programming, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. R. O'Callahan and J.-D. Choi. Hybrid dynamic data race detection. In PPoPP '03: Proceedings of the ninth ACM SIGPLAN symposium on Principles and Practice of Parallel Programming, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. C.-S. Park and K. Sen. Randomized active atomicity violation detection in concurrent programs. In FSE '08: Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of Software Engineering, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  47. Park, Lu, and Zhou}CTriggerS. Park, S. Lu, and Y. Zhou. CTrigger: exposing atomicity violation bugs from their hiding places. In ASPLOS '09: Proceeding of the 14th International Conference on Architectural Support for Programming Languages and Operating Systems, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  48. Park, Zhou, Xiong, Yin, Kaushik, Lee, and Lu}PRESS. Park, Y. Zhou, W. Xiong, Z. Yin, R. Kaushik, K. H. Lee, and S. Lu. Pres: probabilistic replay with execution sketching on multiprocessors. In SOSP '09: Proceedings of the ACM SIGOPS 22nd Symposium on Operating Systems Principles, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  49. S. Park, R. W. Vuduc, and M. J. Harrold. Falcon: Fault localization in concurrent programs. In ICSE'10: Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  50. D. Perkovi¡äc and P. J. Keleher. Online data-race detection via coherency guarantees. In OSDI '96: Proceedings of the Second Symposium on Operating Systems Design and Implementation, 1996. Google ScholarGoogle ScholarDigital LibraryDigital Library
  51. E. Pozniansky and A. Schuster. Efficient on-the-fly data race detection in multithreaded c++ programs. In PPoPP '03: Proceedings of the ninth ACM SIGPLAN symposium on Principles and Practice of Parallel Programming, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  52. S. Rajamani, G. Ramalingam, V. P. Ranganath, and K. Vaswani. Isolator: dynamically ensuring isolation in comcurrent programs. In ASPLOS '09: Proceeding of the 14th International Conference on Architectural Support for Programming Languages and Operating Systems, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  53. P. Ratanaworabhan, M. Burtscher, D. Kirovski, B. Zorn, R. Nagpal, and K. Pattabiraman. Detecting and tolerating asymmetric races. In PPoPP '09: Proceedings of the 14th ACM SIGPLAN symposium on Principles and Practice of Parallel Programming, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  54. K. Rustan, M. Leino, G. Nelson, and J. B. Saxe. Esc/java user's manual. Technical report, Compaq Systems Research Center, 2001.Google ScholarGoogle Scholar
  55. Y. Saito. Jockey: a user-space library for record-replay debugging. In AADEBUG'05: Proceedings of the sixth International Symposium on Automated Analysis-driven Debugging, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  56. S. Savage, M. Burrows, G. Nelson, P. Sobalvarro, and T. Anderson. Eraser: a dynamic data race detector for multithreaded programs. ACM Trans. Comput. Syst., 15 (4): 391--411, 1997. Google ScholarGoogle ScholarDigital LibraryDigital Library
  57. K. Sen. Race directed random testing of concurrent programs. In PLDI '08: Proceedings of the 2008 ACM SIGPLAN conference on Programming Language Design and Implementation, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  58. K. Sen and G. Agha. Automated systematic testing of open distributed programs. In FASE '06: Proceedings of Fundamental Approaches to Software Engineering, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  59. S. Shoham, E. Yahav, S. Fink, and M. Pistoia. Static specification mining using automata-based abstractions. In ISSTA '07: Proceedings of the 2007 International Symposium on Software Testing and Analysis, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  60. S. M. Srinivasan, S. Kandula, C. R. Andrews, and Y. Zhou. Flashback: A lightweight extension for rollback and deterministic replay for software debugging. In Proceedings of the 2004 USENIX Technical Conference, 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  61. N. Sterling. Warlock: A static data race analysis tool. In Proceedings of the 1993 USENIX Winter Technical Conference, 1993.Google ScholarGoogle Scholar
  62. R. E. Strom and S. Yemini. Typestate: A programming language concept for enhancing software reliability. IEEE Trans. Softw. Eng., 12 (1): 157--171, 1986. Google ScholarGoogle ScholarDigital LibraryDigital Library
  63. R. Taylor, D. Levine, and C. Kelly. Structural testing of concurrent programs. IEEE Transactions on Software Engineering, 18: 206--215, 1992. Google ScholarGoogle ScholarDigital LibraryDigital Library
  64. M. Weiser. Programmers use slices when debugging. Commun. ACM, 25 (7): 446--452, 1982. Google ScholarGoogle ScholarDigital LibraryDigital Library
  65. W. Xiong, S. Park, J. Zhang, Y. Zhou, and Z. Ma. Ad hoc synchronization considered harmful. In OSDI '10: Proceedings of the 9th USENIX Symposium on Operating Systems Design and Implementation, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  66. M. Xu, R. Bodik, and M. D. Hill. A "flight data recorder" for enabling full-system multiprocessor deterministic replay. In ISCA '03: Proceedings of the 30th Annual International Symposium on Computer Architecture, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  67. M. Xu, R. Bodík, and M. D. Hill. A serializability violation detector for shared-memory server programs. In PLDI '05: Proceedings of the 2005 ACM SIGPLAN conference on Programming Language Design and Implementation, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  68. M. Xu, M. D. Hill, and R. Bodik. A regulated transitive reduction (rtr) for longer memory race recording. In ASPLOS '06: Proceedings of the 12th International Conference on Architectural Support for Programming Languages and Operating Systems, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  69. C.-S. D. Yang, A. L. Souter, and L. L. Pollock. All-du-path coverage for parallel programs. In ISSTA '98: Proceedings of the 1998 ACM SIGSOFT International Symposium on Software Testing and Analysis, 1998. Google ScholarGoogle ScholarDigital LibraryDigital Library
  70. Y. Yang, A. Gringauze, D. Wu, and H. Rohde. Detecting data race and atomicity violation via typestate-guided static analysis. Technical report, Microsoft Research, 2008.Google ScholarGoogle Scholar
  71. J. Yu and S. Narayanasamy. A case for an interleaving constrained shared-memory multi-processor. In ISCA '09: Proceedings of the 36th annual International Symposium on Computer architecture, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  72. Y. Yu, T. Rodeheffer, and W. Chen. Racetrack: efficient detection of data race conditions via adaptive tracking. In SOSP '05: Proceedings of the twentieth ACM Symposium on Operating Systems Principles, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  73. C. Zamfir and G. Candea. Execution synthesis: a technique for automated software debugging. In EuroSys '10: Proceedings of the 5th European Conference on Computer Systems, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  74. A. Zeller. Yesterday, my program worked. today, it does not. why? In ESEC-FSE '99: The Joint Meeting on European software engineering conference and the ACM SIGSOFT symposium on the Foundations of Software Engineering, 1999. Google ScholarGoogle ScholarDigital LibraryDigital Library
  75. W. Zhang, C. Sun, and S. Lu. Conmem: detecting severe concurrency bugs through an effect-oriented approach. In ASPLOS '10: Proceedings of the fifteenth edition of ASPLOS on Architectural Support for Programming Languages and Operating Systems, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  76. X. Zhang, R. Gupta, and Y. Zhang. Precise dynamic slicing algorithms. In ICSE '03: Proceedings of the 25th International Conference on Software Engineering, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. 2ndStrike: toward manifesting hidden concurrency typestate bugs

    Recommendations

    Comments

    Login options

    Check if you have access through your login credentials or your institution to get full access on this article.

    Sign in

    Full Access

    • Published in

      cover image ACM SIGPLAN Notices
      ACM SIGPLAN Notices  Volume 46, Issue 3
      ASPLOS '11
      March 2011
      407 pages
      ISSN:0362-1340
      EISSN:1558-1160
      DOI:10.1145/1961296
      Issue’s Table of Contents
      • cover image ACM Conferences
        ASPLOS XVI: Proceedings of the sixteenth international conference on Architectural support for programming languages and operating systems
        March 2011
        432 pages
        ISBN:9781450302661
        DOI:10.1145/1950365

      Copyright © 2011 ACM

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      • Published: 5 March 2011

      Check for updates

      Qualifiers

      • research-article

    PDF Format

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader
    About Cookies On This Site

    We use cookies to ensure that we give you the best experience on our website.

    Learn more

    Got it!