Abstract
Modern programming languages support concurrent programming based on channels and processes. Channels enable synchronous and asynchronous message-passing between independent light-weight processes making it easy to express common concurrency patterns. The implementation of channels and processes in compilers and language runtimes is a difficult task that relies heavily on traditional and error-prone low-level concurrency primitives, raising concerns about correctness and reliability. In this paper, we present an automatic program generation technique to test such programming language implementations. We define a type and effect system for programs that communicate over channels and where every execution is guaranteed to eventually terminate. We can generate and run such programs, and if a program fails to terminate, we have found a bug in the programming language implementation. We implement such an automatic program generator and apply it to Go, Kotlin, Crystal, and Flix. We find two new bugs in Flix, and reproduce two bugs; one in Crystal and one in Kotlin.
Supplemental Material
Available for Download
Supplementary material containing the proofs for the theorems in the paper.
- Marcel Böhme, Van-Thuan Pham, and Abhik Roychoudhury. 2016. Coverage-based Greybox Fuzzing as Markov Chain. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, October 24-28, 2016. 1032-1043. https://doi.org/10.1145/2976749.2978428 Google Scholar
Digital Library
- Chris Cummins, Pavlos Petoumenos, Alastair Murray, and Hugh Leather. 2018. Compiler fuzzing through deep learning. In Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2018, Amsterdam, The Netherlands, July 16-21, 2018. 95-105. https://doi.org/10.1145/3213846.3213848 Google Scholar
Digital Library
- Kyle Dewey, Jared Roesch, and Ben Hardekopf. 2014. Language fuzzing using constraint logic programming. In ACM/IEEE International Conference on Automated Software Engineering, ASE '14, Vasteras, Sweden-September 15-19, 2014. 725-730. https://doi.org/10.1145/2642937.2642963 Google Scholar
Digital Library
- Kyle Dewey, Jared Roesch, and Ben Hardekopf. 2015. Fuzzing the Rust Typechecker Using CLP (T). In 30th IEEE/ACM International Conference on Automated Software Engineering, ASE 2015, Lincoln, NE, USA, November 9-13, 2015. 482-493. https://doi.org/10.1109/ASE. 2015.65 Google Scholar
Digital Library
- Matthias Felleisen, Robert Bruce Findler, and Matthew Flatt. 2009. Semantics engineering with PLT Redex. Mit Press.Google Scholar
Digital Library
- Burke Fetscher, Koen Claessen, Michal H. Palka, John Hughes, and Robert Bruce Findler. 2015. Making Random Judgments: Automatically Generating Well-Typed Terms from the Definition of a Type-System. In Programming Languages and Systems-24th European Symposium on Programming, ESOP 2015, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2015, London, UK, April 11-18, 2015. Proceedings. 383-405. https://doi.org/10.1007/978-3-662-46669-8_16 Google Scholar
Cross Ref
- Patrice Godefroid, Adam Kiezun, and Michael Y. Levin. 2008. Grammar-based whitebox fuzzing. In Proceedings of the ACM SIGPLAN 2008 Conference on Programming Language Design and Implementation, Tucson, AZ, USA, June 7-13, 2008. 206-215. https://doi.org/10.1145/1375581.1375607 Google Scholar
Digital Library
- Charles Antony Richard Hoare. 1978. Communicating sequential processes. Commun. ACM 21, 8 ( 1978 ), 666-677.Google Scholar
- Christian Holler, Kim Herzig, and Andreas Zeller. 2012. Fuzzing with Code Fragments. In Proceedings of the 21th USENIX Security Symposium, Bellevue, WA, USA, August 8-10, 2012. 445-458.Google Scholar
- Yavuz Köroglu and Franz Wotawa. 2019. Fully automated compiler testing of a reasoning engine via mutated grammar fuzzing. In Proceedings of the 14th International Workshop on Automation of Software Test, [email protected] 2019, May 27, 2019, Montreal, QC, Canada. 28-34. https://doi.org/10.1109/AST. 2019.00010 Google Scholar
Digital Library
- Vu Le, Mehrdad Afshari, and Zhendong Su. 2014. Compiler validation via equivalence modulo inputs. In ACM SIGPLAN Notices, Vol. 49. ACM, 216-226.Google Scholar
Digital Library
- Caroline Lemieux, Rohan Padhye, Koushik Sen, and Dawn Song. 2018. PerfFuzz: automatically generating pathological inputs. In Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2018, Amsterdam, The Netherlands, July 16-21, 2018. 254-265. https://doi.org/10.1145/3213846.3213874 Google Scholar
Digital Library
- Christopher Lidbury, Andrei Lascu, Nathan Chong, and Alastair F. Donaldson. 2015. Many-core compiler fuzzing. In Proceedings of the 36th ACM SIGPLAN Conference on Programming Language Design and Implementation, Portland, OR, USA, June 15-17, 2015. 65-76. https://doi.org/10.1145/2737924.2737986 Google Scholar
Digital Library
- Björn Mathis, Rahul Gopinath, Michaël Mera, Alexander Kampmann, Matthias Höschele, and Andreas Zeller. 2019. Parserdirected fuzzing. In Proceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2019, Phoenix, AZ, USA, June 22-26, 2019. 548-560. https://doi.org/10.1145/3314221.3314651 Google Scholar
Digital Library
- Jan Midtgaard, Mathias Nygaard Justesen, Patrick Kasting, Flemming Nielson, and Hanne Riis Nielson. 2017. Efect-driven quickchecking of compilers. Proceedings of the ACM on Programming Languages 1, ICFP ( 2017 ), 15.Google Scholar
- Barton P. Miller, Lars Fredriksen, and Bryan So. 1990. An Empirical Study of the Reliability of UNIX Utilities. Commun. ACM 33, 12 ( 1990 ), 32-44. https://doi.org/10.1145/96267.96279 Google Scholar
Digital Library
- Flemming Nielson and Hanne Riis Nielson. 1999. Type and Efect Systems. In Correct System Design, Recent Insight and Advances, (to Hans Langmaack on the occasion of his retirement from his professorship at the University of Kiel) (Lecture Notes in Computer Science), Ernst-Rüdiger Olderog and Bernhard Stefen (Eds.), Vol. 1710. Springer, 114-136. https://doi.org/10.1007/3-540-48092-7_6 Google Scholar
Cross Ref
- Flemming Nielson, Hanne R Nielson, and Chris Hankin. 2015. Principles of program analysis. Springer.Google Scholar
Digital Library
- Michał H Pałka, Koen Claessen, Alejandro Russo, and John Hughes. 2011. Testing an optimising compiler by generating random lambda terms. In Proceedings of the 6th International Workshop on Automation of Software Test. ACM, 91-97.Google Scholar
Digital Library
- Nick Stephens, John Grosen, Christopher Salls, Andrew Dutcher, Ruoyu Wang, Jacopo Corbetta, Yan Shoshitaishvili, Christopher Kruegel, and Giovanni Vigna. 2016. Driller: Augmenting Fuzzing Through Selective Symbolic Execution. In 23rd Annual Network and Distributed System Security Symposium, NDSS 2016, San Diego, California, USA, February 21-24, 2016.Google Scholar
- TIOBE. 2020. TIOBE Index for August 2020. https://www.tiobe.com/tiobe-index//.Google Scholar
- Xuejun Yang, Yang Chen, Eric Eide, and John Regehr. 2011. Finding and understanding bugs in C compilers. In ACM SIGPLAN Notices, Vol. 46. ACM, 283-294.Google Scholar
Digital Library
Index Terms
Fuzzing channel-based concurrency runtimes using types and effects
Recommendations
Adaptable concurrency control for atomic data types
In many distributed systems concurrent access is required to a shared object, where abstract object servers may incorporate type-specific properties to define consistency requirements. Each operation and its outcome is treated as an event, and conflicts ...
Semantics-based concurrency control: beyond commutativity
The concurrency of transactions executing on atomic data types can be enhanced through the use of semantic information about operations defined on these types. Hitherto, commutativity of operations has been exploited to provide enchanced concurrency ...
Commutativity-Based Concurrency Control for Abstract Data Types
Two novel concurrency algorithms for abstract data types are presented that ensure serializability of transactions. It is proved that both algorithms ensure a local atomicity property called dynamic atomicity. The algorithms are quite general, ...






Comments