Learning-based controlled concurrency testing

Mukherjee, Suvam; Deligiannis, Pantazis; Biswas, Arpita; Lal, Akash

doi:10.1145/3428298

Cited by 13 publications

(7 citation statements)

References 61 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The second experiment is on buggy protocol implementations from prior work [48,40], shown in Table 2. This experiment evaluates a wider range of strategies.…”

Section: Discussionmentioning

confidence: 99%

“…The P# system has since then evolved into an actor framework that is still supported by Coyote, however Coyote itself has generalized to focus on TAP, making it a very different tool compared to P#. Prior work with Coyote has either focused on exploration strategies [48,40,39] or on applications [12,11,13], but not on the tool itself.…”

Section: Historical Journeymentioning

confidence: 99%

“…Other strategies Coyote also implements a strategy based on reinforcementlearning (QL) [40]. QL requires a partial hash (or fingerprint) of the program state and then learns a model that maximize the number of unique fingerprints seen during a test run.…”

Section: Exploration Strategiesmentioning

confidence: 99%

“…It requires understanding the language runtime and building solutions that are efficient, robust and usable. The latter (i.e., searching over the space of interleavings) requires algorithmic and empirical insights on finding bugs, and it has been the main topic of many research publications (e.g., [43,42,55,32,54,10,40,13,53,16,41,48,19,56]). Both these aspects are essential for industrial adoption.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Industrial-Strength Controlled Concurrency Testing for $$\textsc {C}{} \texttt {\#} $$ Programs with $$\textsc {Coyote} $$

Deligiannis

Senthilnathan

Nayyar

et al. 2023

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

This paper describes the design and implementation of the open-source tool $$\textsc {Coyote} $$ C O Y O T E for testing concurrent programs written in the $$\textsc {C}{} \texttt {\#} $$ C # language. $$\textsc {Coyote} $$ C O Y O T E provides algorithmic capabilities to explore the state-space of interleavings of a concurrent program, with deterministic repro for any bug that it finds. $$\textsc {Coyote} $$ C O Y O T E encapsulates multiple ideas from the research community to offer state-of-the-art testing for $$\textsc {C}{} \texttt {\#} $$ C # programs, as well as an efficiently engineered implementation that has been shown robust enough to support industrial use.

show abstract

“…The second experiment is on buggy protocol implementations from prior work [48,40], shown in Table 2. This experiment evaluates a wider range of strategies.…”

Section: Discussionmentioning

confidence: 99%

Section: Historical Journeymentioning

confidence: 99%

Section: Exploration Strategiesmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Industrial-Strength Controlled Concurrency Testing for $$\textsc {C}{} \texttt {\#} $$ Programs with $$\textsc {Coyote} $$

Deligiannis

Senthilnathan

Nayyar

et al. 2023

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

show abstract

“…Afterward, a context-sensitive approach is used to validate the vulnerability. Finally, QL [71] is a tool that employs reinforcement learning to guide the exploration of interleavings. This tool uses an explicit scheduler.…”

Section: Other Techniquesmentioning

confidence: 99%

Combining BMC and Fuzzing Techniques for Finding Software Vulnerabilities in Concurrent Programs

et al. 2022

View full text Add to dashboard Cite

Finding software vulnerabilities in concurrent programs is a challenging task due to the size of the state-space exploration, as the number of interleavings grows exponentially with the number of program threads and statements. We propose and evaluate EBF (Ensembles of Bounded Model Checking with Fuzzing) -a technique that combines Bounded Model Checking (BMC) and Gray-Box Fuzzing (GBF) to find software vulnerabilities in concurrent programs. Since there are no publicly-available GBF tools for concurrent code, we first propose OpenGBF -a new open-source concurrency-aware gray-box fuzzer that explores different thread schedules by instrumenting the code under test with random delays. Then, we build an ensemble of a BMC tool and OpenGBF in the following way. On the one hand, when the BMC tool in the ensemble returns a counterexample, we use it as a seed for OpenGBF, thus increasing the likelihood of executing paths guarded by complex mathematical expressions. On the other hand, we aggregate the outcomes of the BMC and GBF tools in the ensemble using a decision matrix, thus improving the accuracy of EBF. We evaluate EBF against state-of-the-art pure BMC tools and show that it can generate up to 14.9% more correct verification witnesses than the corresponding BMC tools alone. Furthermore, we demonstrate the efficacy of OpenGBF, by showing that it can find 24.2% of the vulnerabilities in our evaluation suite, while non-concurrency-aware GBF tools can only find 0.55%. Finally, thanks to our concurrency-aware OpenGBF, EBF detects a data race in the open-source wolfMqtt library and reproduces known bugs in several other real-world programs, which demonstrates its effectiveness in finding vulnerabilities in realworld software.

show abstract

Efficient linearizability checking for actor‐based systems

Al‐Mahfoudh,

Stutsman,

Gopalakrishnan

2023

Softw Pract Exp

View full text Add to dashboard Cite

Recent demand for distributed software had led to a surge in popularity in actor‐based frameworks. However, even with the stylized message passing model of actors, writing correct distributed software is still difficult. We present our work on linearizability checking in DS2, an integrated framework for specifying, synthesizing, and testing distributed actor systems. The key insight of our approach is that often subcomponents of distributed actor systems represent common algorithms or data structures (e.g., a distributed hash table or tree) that can be validated against a simple sequential model of the system. This makes it easy for developers to validate their concurrent actor systems without complex specifications. DS2 automatically explores the concurrent schedules that system could arrive at, and it compares observed output of the system to ensure it is equivalent to what the sequential implementation could have produced. We describe DS2's linearizability checking and test it on several concurrent replication algorithms from the literature. We explore in detail how different algorithms for enumerating the model schedule space fare in finding bugs in actor systems, and we present our own refinements on algorithms for exploring actor system schedules that we show are effective in finding bugs.

show abstract

Learning-based controlled concurrency testing

Cited by 13 publications

References 61 publications

Industrial-Strength Controlled Concurrency Testing for $$\textsc {C}{} \texttt {\#} $$ Programs with $$\textsc {Coyote} $$

Industrial-Strength Controlled Concurrency Testing for $$\textsc {C}{} \texttt {\#} $$ Programs with $$\textsc {Coyote} $$

Combining BMC and Fuzzing Techniques for Finding Software Vulnerabilities in Concurrent Programs

Efficient linearizability checking for actor‐based systems

Contact Info

Product

Resources

About