A Heuristic Framework to Detect Concurrency Vulnerabilities

Liu, Changming; Zou, Deqing; Luo, Peng; Zhu, Bin; Jin, Hai

doi:10.1145/3274694.3274718

Cited by 26 publications

(18 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Several fuzzing techniques have been designed to effectively detect concurrency bugs by prioritizing seed inputs that can trigger more concurrent code or particular interleavings [5,33,41]. Although useful, these techniques target concurrency bugs due to misuse of shared memory and are thus unlikely to detect channelrelated bugs.…”

Section: Related Workmentioning

confidence: 99%

Who goes first? detecting go concurrency bugs via message reordering

Liu

Xia

Liang

et al. 2022

Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems

View full text Add to dashboard Cite

Go is a young programming language invented to build safe and efficient concurrent programs. It provides goroutines as lightweight threads and channels for inter-goroutine communication. Programmers are encouraged to explicitly pass messages through channels to connect goroutines, with the purpose of reducing the chance of making programming mistakes and introducing concurrency bugs. Go is one of the most beloved programming languages and has already been used to build many critical infrastructure software systems in the data-center environment. However, a recent study shows that channel-related concurrency bugs are still common in Go programs, severely hurting the reliability of the programs.This paper presents GFuzz, a dynamic detector that can effectively pinpoint channel-related concurrency bugs by mutating the processing orders of concurrent messages. We build GFuzz in three steps. We first adopt an effective approach to identify concurrent messages and transform a program to process those messages in any given order. We then take a fuzzing approach to generate new processing orders by mutating exercised ones and rely on execution feedback to prioritize orders close to triggering bugs. Finally, we design a runtime sanitizer to capture triggered bugs that are missed by the Go runtime. We evaluate GFuzz on seven popular Go software systems, including Docker, Kubernetes, and gRPC. GFuzz finds 184 previously unknown bugs and reports a negligible number of false positives. Programmers have already confirmed 124 reports as real bugs and fixed 67 of them based on our reporting. A careful inspection of the detected concurrency bugs from gRPC shows the effectiveness of each component of GFuzz and confirms the components' rationality. CCS CONCEPTS• Software and its engineering → Software testing and debugging; Software reliability.

show abstract

Section: Related Workmentioning

confidence: 99%

Who goes first? detecting go concurrency bugs via message reordering

Liu

Xia

Liang

et al. 2022

Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems

View full text Add to dashboard Cite

show abstract

“…Existing methods mostly are based on monitoring memory access and find concurrency errors, or through static analyze of the code fragments. DCtest [13] proposes a framework that also combines static analysis and fuzzing, with static analysis to locate and analyze sensitive concurrent parts in a program based on previously categorized features of several potential concurrency errors types, with the results fed into the fuzzers in order to trigger the suspected concurrency vulnerabilities. Others like [2][3] focus on feature customization and thus remove such potential bugs and errors.…”

Section: Related Workmentioning

confidence: 99%

“…Existing research on this topic mainly pay attention on data race condition or data hazards. For example, [12] [14] and [10]mainly combined static analysis and fuzz testing to find such concurrency vulnerabilities, using the results of static analysis of potential concurrency vulnerability to guide a coverage-based fuzzer, AFL for example, trying to trigger the suspicious vulnerabilities.…”

mentioning

confidence: 99%

Hunting Garbage Collection Related Concurrency Bugs through Critical Condition Restoration

Zhou

Lan

Venkataramani

2020

Proceedings of the 2020 ACM Workshop on Forming an Ecosystem Around Software Transformation

View full text Add to dashboard Cite

With the increasing popularity of multi-core processors and multithread languages/frameworks, race conditions-which are nondeterministic by nature-are becoming a main root cause for concurrency bugs. It opens doors to malicious attacks such as remote code execution and denial of service attacks, potentially putting millions of users in danger. Yet, such non-deterministic racing conditions are often difficult to identify or reproduce in standard program testing. In this paper, we focus on the Garbage-Collection (GC) feature, which is known to be a frequent victim of concurrency bugs in many software systems. We develop a new approach to facilitate the testing of GC-related bugs through critical condition restoration. In particular, we propose a risk-score mechanism to quantify the risk of GC-related bugs in target functions and leverage the score to select appropriate testing parameters and garbage generation strategy, with a higher chance of producing the critical condition. Our experimental results show that the proposed approach could significantly improve the probability of finding GC-related bugs (from 0 in condition-oblivious testing to 14.8 bugs identified in our experiment) while incurring only around 26% execution overhead. CCS CONCEPTS • Software and its engineering → Software testing and debugging; Garbage collection; Software reliability.

show abstract

“…• Use non-GNN model: Generally, the output in the first stage is in the form of a graph, so the graph needs to be encoded, converted into a vector, and then fed to the model. A series of work similar to SySeVR [94],Vuldeelocator [95]- [98], the code is segmented at the token level, the semantic information inside the slice is relatively strong, and then Word2Vec [52] is used for the slice code mikolov2013efficient Vectorized representation, which converts the slice code into a vector representation. In the modeling phase, these algorithms use LSTM or GRU and their variants Bi-LSTM, Bi-GRU and other models for modeling training, and the final results perform well on their respective artificialy synthesized data sets.…”

Section: A Vulnerability Introductionmentioning

confidence: 99%

Literature review on vulnerability detection using NLP technology

2021

Preprint

View full text Add to dashboard Cite

Vulnerability detection has always been the most important task in the field of software security. With the development of technology, in the face of massive source code, automated analysis and detection of vulnerabilities has become a current research hotspot. For special text files such as source code, using some of the hottest NLP technologies to build models and realize the automatic analysis and detection of source code has become one of the most anticipated studies in the field of vulnerability detection. This article does a brief survey of some recent new documents and technologies, such as CodeBERT, and summarizes the previous technologies.

show abstract

A Heuristic Framework to Detect Concurrency Vulnerabilities

Cited by 26 publications

References 25 publications

Who goes first? detecting go concurrency bugs via message reordering

Who goes first? detecting go concurrency bugs via message reordering

Hunting Garbage Collection Related Concurrency Bugs through Critical Condition Restoration

Literature review on vulnerability detection using NLP technology

Contact Info

Product

Resources

About