ABSTRACT
Kernel concurrency bugs are challenging to find because they depend on very specific thread interleavings and test inputs. While separately exploring kernel thread interleavings or test inputs has been closely examined, jointly exploring interleavings and test inputs has received little attention, in part due to the resulting vast search space. Using precious, limited testing resources to explore this search space and execute just the right concurrent tests in the proper order is critical.
This paper proposes Snowboard a testing framework that generates and executes concurrent tests by intelligently exploring thread interleavings and test inputs jointly. The design of Snowboard is based on a concept called potential memory communication (PMC), a guess about pairs of tests that, when executed concurrently, are likely to perform memory accesses to shared addresses, which in turn may trigger concurrency bugs. To identify PMCs, Snowboard runs tests sequentially from a fixed initial kernel state, collecting their memory accesses. It then pairs up tests that write and read the same region into candidate concurrent tests. It executes those tests using the associated PMC as a scheduling hint to focus interleaving search only on those schedules that directly affect the relevant memory accesses. By clustering candidate tests on various features of their PMCs, Snowboard avoids testing similar behaviors, which would be inefficient. Finally, by executing tests from small clusters first, it prioritizes uncommon suspicious behaviors that may have received less scrutiny.
Snowboard discovered 14 new concurrency bugs in Linux kernels 5.3.10 and 5.12-rc3, of which 12 have been confirmed by developers. Six of these bugs cause kernel panics and filesystem errors, and at least two have existed in the kernel for many years, showing that this approach can uncover hard-to-find, critical bugs. Furthermore, we show that covering as many distinct pairs of uncommon read/write instructions as possible is the test-prioritization strategy with the highest bug yield for a given test-time budget.
- Adil Ahmad, Sangho Lee, Pedro Fonseca, and Byoungyoung Lee. 2021. Kard: Lightweight Data Race Detection with per-Thread Memory Protection. In Proceedings of the 26th ACM International Conference on Architectural Support for Programming Languages and Operating Systems (Virtual, USA) (ASPLOS 2021). Association for Computing Machinery, New York, NY, USA, 647--660. https://doi.org/10.1145/3445814.3446727Google ScholarDigital Library
- Jade Alglave, Luc Maranget, Paul E. McKenney, Andrea Parri, and Alan Stern. 2018. Frightening Small Children and Disconcerting Grown-Ups: Concurrency in the Linux Kernel. In Proceedings of the Twenty-Third International Conference on Architectural Support for Programming Languages and Operating Systems (Williamsburg, VA, USA) (ASPLOS '18). Association for Computing Machinery, New York, NY, USA, 405--418. https://doi.org/10.1145/3173162.3177156Google ScholarDigital Library
- Darrell Anderson. 2002. Fstress: A Flexible Network File Service Benchmark. Technical Report.Google Scholar
- Linux Kernel Archives. [n.d.]. Linux Kernel Selftests. https://www.kernel.org/doc/Documentation/kselftest.txt Accessed: 7 May 2021.Google Scholar
- Jia-Ju Bai, Julia Lawall, Qiu-Liang Chen, and Shi-Min Hu. 2019. Effective Static Analysis of Concurrency Use-After-Free Bugs in Linux Device Drivers. In 2019 USENIX Annual Technical Conference (USENIX ATC 19). USENIX Association, Renton, WA, 255--268. https://www.usenix.org/conference/atc19/presentation/baiGoogle Scholar
- Fabrice Bellard. 2005. QEMU, a Fast and Portable Dynamic Translator. In 2005 USENIX Annual Technical Conference (USENIX ATC 05). USENIX Association, Anaheim, CA, 41. https://www.usenix.org/conference/2005-usenix-annual-technical-conference/qemu-fast-and-portable-dynamic-translatorGoogle Scholar
- Sebastian Burckhardt, Chris Dern, Madanlal Musuvathi, and Roy Tan. 2010. Line-up: A Complete and Automatic Linearizability Checker. In Proceedings of the 31st ACM SIGPLAN Conference on Programming Language Design and Implementation (Toronto, Ontario, Canada) (PLDI '10). Association for Computing Machinery, New York, NY, USA, 330--340. https://doi.org/10.1145/1806596.1806634Google ScholarDigital Library
- Sebastian Burckhardt, Pravesh Kothari, Madanlal Musuvathi, and Santosh Nagarakatte. 2010. A Randomized Scheduler with Probabilistic Guarantees of Finding Bugs. SIGARCH Comput. Archit. News 38, 1 (March 2010), 167--178. https://doi.org/10.1145/1735970.1736040Google ScholarDigital Library
- Jacob Burnim, Koushik Sen, and Christos Stergiou. 2011. Testing Concurrent Programs on Relaxed Memory Models. In Proceedings of the 2011 International Symposium on Software Testing and Analysis (Toronto, Ontario, Canada) (ISSTA '11). Association for Computing Machinery, New York, NY, USA, 122--132. https://doi.org/10.1145/2001420.2001436Google ScholarDigital Library
- Pablo Carvalho, Rommel Cruz, Lucia M A Drummond, Cristiana Bentes, Esteban Clua, Edson Cataldo, and Leandro A J Marzulo. 2020. Kernel concurrency opportunities based on GPU benchmarks characterization. Cluster Computing 23, 1 (2020), 177--188. https://doi.org/10.1007/s10586-018-02901-1Google ScholarDigital Library
- David Cerdeira, Nuno Santos, Pedro Fonseca, and Sandro Pinto. 2020. SoK: Understanding the Prevailing Security Vulnerabilities in TrustZone-assisted TEE Systems. In 2020 IEEE Symposium on Security and Privacy (SP). 1416--1432. https://doi.org/10.1109/SP40000.2020.00061Google Scholar
- Feng Chen, Traian Florin Serbanuta, and Grigore Rosu. 2008. JPredictor: A Predictive Runtime Analysis Tool for Java. In Proceedings of the 30th International Conference on Software Engineering (Leipzig, Germany) (ICSE '08). Association for Computing Machinery, New York, NY, USA, 221--230. https://doi.org/10.1145/1368088.1368119Google ScholarDigital Library
- Jong-Deok Choi, Keunwoo Lee, Alexey Loginov, Robert O'Callahan, Vivek Sarkar, and Manu Sridharan. 2002. Efficient and Precise Datarace Detection for Multithreaded Object-Oriented Programs. In Proceedings of the ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation (Berlin, Germany) (PLDI '02). Association for Computing Machinery, New York, NY, USA, 258--269. https://doi.org/10.1145/512529.512560Google ScholarDigital Library
- The Kernel Development Community. 2020. Linux Rcu Documentation. http://blog.foool.net/wp-content/uploads/linuxdocs/RCU.pdfGoogle Scholar
- Jake Corina, Aravind Machiry, Christopher Salls, Yan Shoshitaishvili, Shuang Hao, Christopher Kruegel, and Giovanni Vigna. 2017. DIFUZE: Interface Aware Fuzzing for Kernel Drivers. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (Dallas, Texas, USA) (CCS '17). Association for Computing Machinery, New York, NY, USA, 2123--2138. https://doi.org/10.1145/3133956.3134069Google ScholarDigital Library
- James Darvell. 2015. urgent-kernel-patch-ubuntu. https://www.linuxjournal com/content/urgent-kernel-patch-ubuntuGoogle Scholar
- Pantazis Deligiannis, Alastair F. Donaldson, and Zvonimir Rakamarić. 2015. Fast and Precise Symbolic Analysis of Concurrency Bugs in Device Drivers. In Proceedings of the 30th IEEE/ACM International Conference on Automated Software Engineering (Lincoln, Nebraska) (ASE '15). IEEE Press, 166--177. https://doi.org/10.1109/ASE.2015.30Google ScholarDigital Library
- Vincent Driessen. [n.d.]. Redis queue. https://python-rq.org Accessed: 7 May 2021.Google Scholar
- Eric Dumazet. 2021. net/packet: remove data races in fanout operations. https://github.com/torvalds/linux/commit/94f633ea8ade8418634d152ad0931133338226f6Google Scholar
- Dawson Engler and Ken Ashcraft. 2003. RacerX: Effective, Static Detection of Race Conditions and Deadlocks. In Proceedings of the Nineteenth ACM Symposium on Operating Systems Principles (Bolton Landing, NY, USA) (SOSP '03). Association for Computing Machinery, New York, NY, USA, 237--252. https://doi.org/10.1145/945445.945468Google ScholarDigital Library
- John Erickson, Madan Musuvathi, Sebastian Burckhardt, and Kirk Olynyk. 2010. Effective Data-Race Detection for the Kernel. In Operating System Design and Implementation (OSDI'10) (operating system design and implementation (osdi'10) ed.). USENIX. https://www.microsoft.com/en-us/research/publication/effective-data-race-detection-for-the-kernel/Google Scholar
- Cormac Flanagan and Stephen N Freund. 2004. Atomizer: A Dynamic Atomicity Checker for Multithreaded Programs. In Proceedings of the 31st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (Venice, Italy) (POPL '04). Association for Computing Machinery, New York, NY, USA, 256--267. https://doi.org/10.1145/964001.964023Google ScholarDigital Library
- Cormac Flanagan and Stephen N. Freund. 2009. FastTrack: Efficient and Precise Dynamic Race Detection. In Proceedings of the 30th ACM SIGPLAN Conference on Programming Language Design and Implementation (Dublin, Ireland) (PLDI '09). Association for Computing Machinery, New York, NY, USA, 121--133. https://doi.org/10.1145/1542476.1542490Google ScholarDigital Library
- Pedro Fonseca, Cheng Li, and Rodrigo Rodrigues. 2011. Finding Complex Concurrency Bugs in Large Multi-Threaded Applications. In Proceedings of the Sixth Conference on Computer Systems (Salzburg, Austria) (EuroSys '11). Association for Computing Machinery, New York, NY, USA, 215--228. https://doi.org/10.1145/1966445.1966465Google ScholarDigital Library
- Pedro Fonseca, Cheng Li, and Rodrigo Rodrigues. 2011. Finding Complex Concurrency Bugs in Large Multi-Threaded Applications. In Proceedings of the Sixth Conference on Computer Systems (Salzburg, Austria) (EuroSys '11). Association for Computing Machinery, New York, NY, USA, 215--228. https://doi.org/10.1145/1966445.1966465Google ScholarDigital Library
- Pedro Fonseca, Cheng Li, Vishal Singhal, and Rodrigo Rodrigues. 2010. A study of the internal and external effects of concurrency bugs. In 2010 IEEE/IFIP International Conference on Dependable Systems Networks (DSN). 221--230. https://doi.org/10.1109/DSN.2010.5544315Google ScholarCross Ref
- Pedro Fonseca, Rodrigo Rodrigues, and Björn B. Brandenburg. 2014. SKI: Exposing Kernel Concurrency Bugs through Systematic Schedule Exploration. In 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI 14). USENIX Association, Broomfield, CO, 415--431. https://www.usenix.org/conference/osdi14/technical-sessions/presentation/fonsecaGoogle Scholar
- GNU. [n.d.]. Conditionals with Omitted Operands. https://gcc.gnu.org/onlinedocs/gcc/Conditionals.html Accessed: 7 May 2021.Google Scholar
- Sishuai Gong. 2021. configfs: fix a race in configfs_-lookup(). https://github.com/torvalds/linux/commit/c42dd069be8dfc9b2239a5c89e73bbd08ab35de0Google Scholar
- Sishuai Gong. 2021. net: fix a concurrency bug in l2tp_-tunnel_register(). https://github.com/torvalds/linux/commit/69e16d01d1de4f1249869de342915f608feb55d5Google Scholar
- Google. 2015. Syzkaller-kernel fuzzer. https://github.com/google/syzkallerGoogle Scholar
- Google. 2019. Introducing E2, new cost-optimized general purpose VMs for Google Compute Engine. https://cloud.google.com/blog/products/compute/google-compute-engine-gets-new-e2-vm-machine-typesGoogle Scholar
- gregkh. 2012. Patch "ext4: fix crash when accessing /proc/mounts concurrently" has been added to the 3.6-stable tree. https://www.mail-archive.com/[email protected]/msg19380.htmlGoogle Scholar
- Ronghui Gu, Zhong Shao, Hao Chen, Xiongnan (Newman) Wu, Jieung Kim, Vilhelm Sjöberg, and David Costanzo. 2016. CertiKOS: An Extensible Architecture for Building Certified Concurrent OS Kernels. In 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI 16). USENIX Association, Savannah, GA, 653--669. https://www.usenix.org/conference/osdi16/technical-sessions/presentation/guGoogle ScholarDigital Library
- HyungSeok Han and Sang Kil Cha. 2017. IMF: Inferred Model-Based Fuzzer. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (Dallas, Texas, USA) (CCS '17). Association for Computing Machinery, New York, NY, USA, 2345--2358. https://doi.org/10.1145/3133956.3134103Google ScholarDigital Library
- Red Hat. 2015. Panic due to race condition between iput() and invali-date_inodes(), kernel BUG at fs/inode.c. https://access.redhat.com/solutions/1593553Google Scholar
- Red Hat. 2017. CVE-2017-17712 kernel: Race condition in raw_sendmsg function allows denial-of-service or kernel addresses leak. https://bugzilla.redhat.com/show_bug.cgi?id=1526427Google Scholar
- Chun-Hung Hsiao, Jie Yu, Satish Narayanasamy, Ziyun Kong, Cristiano L. Pereira, Gilles A. Pokam, Peter M. Chen, and Jason Flinn. 2014. Race Detection for Event-Driven Mobile Applications. In Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation (Edinburgh, United Kingdom) (PLDI '14). Association for Computing Machinery, New York, NY, USA, 326--336. https://doi.org/10.1145/2594291.2594330Google ScholarDigital Library
- Jian Huang, Moinuddin K. Qureshi, and Karsten Schwan. 2016. An Evolutionary Study of Linux Memory Management for Fun and Profit. In 2016 USENIX Annual Technical Conference (USENIX ATC 16). USENIX Association, Denver, CO, 465--478. https://www.usenix.org/conference/atc16/technical-sessions/presentation/huangGoogle Scholar
- Mohammad Majharul Islam and Abdullah Muzahid. 2013. Characterizing Real World Bugs Causing Sequential Consistency Violations. In 5th USENIX Workshop on Hot Topics in Parallelism (HotPar 13). USENIX Association, San Jose, CA. https://www.usenix.org/conference/hotpar13/workshop-program/presentation/islamGoogle Scholar
- Takashi Iwai. 2021. ALSA: control: Fix racy management of user ctl memory size account. https://patches.linaro.org/patch/421808/Google Scholar
- Joab Jackson. 2012. Nasdaq's Facebook glitch came from 'race conditions'. https://www.computerworld.com/article/2504676/nasdaq-s-facebook-glitch-came-from--race-conditions-.htmlGoogle Scholar
- Dae R. Jeong, Kyungtae Kim, Basavesh Shivakumar, Byoungyoung Lee, and Insik Shin. 2019. Razzer: Finding kernel race bugs through fuzzing. Proceedings - IEEE Symposium on Security and Privacy 2019-May (2019), 754--768. https://doi.org/10.1109/SP.2019.00017Google ScholarCross Ref
- Dave Jones. 2012. Trinity: Linux system call fuzzer. https://github.com/kernelslacker/trinityGoogle Scholar
- Daniel Jordan. 2018. ktask: multithread CPU-intensive kernel work. http://lkml.iu.edu/hypermail/linux/kernel/1811.0/03370.htmlGoogle Scholar
- Sanidhya Kashyap, Changwoo Min, and Taesoo Kim. 2017. Scalable NUMA-aware Blocking Synchronization Primitives. In 2017 USENIX Annual Technical Conference (USENIX ATC 17). USENIX Association, Santa Clara, CA, 603--615. https://www.usenix.org/conference/atc17/technical-sessions/presentation/kashyapGoogle ScholarDigital Library
- Baris Kasikci, Cristian Zamfir, and George Candea. 2013. RaceMob: Crowdsourced Data Race Detection. In Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles (Farminton, Pennsylvania) (SOSP '13). Association for Computing Machinery, New York, NY, USA, 406--422. https://doi.org/10.1145/2517349.2522736Google ScholarDigital Library
- Linux Kernel. [n.d.]. Sequence counters and sequential locks. https://www.kernel.org/doc/html/latest/locking/seqlock.html Accessed: 7 May 2021.Google Scholar
- Michael Kerrisk. [n.d.]. syscalls(2) --- Linux manual page. https://man7.org/linux/man-pages/man2/syscalls.2.html Accessed: 7 May 2021.Google Scholar
- Kyungtae Kim, Dae R. Jeong, Chung Hwan Kim, Yeongjin Jang, Insik Shin, and Byoungyoung Lee. 2020. HFL: Hybrid Fuzzing on the Linux Kernel. In 27th Annual Network and Distributed System Security Symposium, NDSS 2020, San Diego, California, USA, February 23-26, 2020. The Internet Society. https://www.ndss-symposium.org/ndss-paper/hflhybrid-fuzzing-on-the-linux-kernel/Google Scholar
- KUnit. [n.d.]. KUnit - Unit Testing for the Linux Kernel. https://kunit.dev/third_party/kernel/docs/ Accessed: 7 May 2021.Google Scholar
- Oren Laadan, Nicolas Viennot, Chia-Che Tsai, Chris Blinn, Junfeng Yang, and Jason Nieh. 2011. Pervasive Detection of Process Races in Deployed Systems. In Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles (Cascais, Portugal) (SOSP '11). Association for Computing Machinery, New York, NY, USA, 353--367. https://doi.org/10.1145/2043556.2043589Google ScholarDigital Library
- Michael Larabel. 2019. The Linux Kernel Enters 2020 At 27.8 Million Lines In Git But With Less Developers For 2019. https://www.phoronix.com/scan.php?page=news_item&px=Linux-Git-Stats-EOY2019Google Scholar
- Yoochan Lee, Changwoo Min, and Byoungyoung Lee. 2021. ExpRace: Exploiting Kernel Races through Raising Interrupts. In 30th USENIX Security Symposium (USENIX Security 21). USENIX Association, 2363--2380. https://www.usenix.org/conference/usenixsecurity21/presentation/lee-yoochanGoogle Scholar
- Michel Lespinasse. 2020. Fine grained MM locking. https://patchwork.kernel.org/project/linux-mm/cover/[email protected]/Google Scholar
- Hongliang Liang, Yixiu Chen, Zhuosi Xie, and Zhiyi Liang. 2020. X-AFL: A Kernel Fuzzer Combining Passive and Active Fuzzing. In Proceedings of the 13th European Workshop on Systems Security (Heraklion, Greece) (EuroSec '20). Association for Computing Machinery, New York, NY, USA, 13--18. https://doi.org/10.1145/3380786.3391400Google ScholarDigital Library
- Qianyu Liu, Naijie Gu, and Junjie Su. 2019. Method for Reducing Overhead of Shared Memory Access Instrumentation. In Proceedings of the 3rd International Conference on Computer Science and Application Engineering (Sanya, China) (CSAE 2019). Association for Computing Machinery, New York, NY, USA, Article 9, 6 pages. https://doi.org/10.1145/3331453.3361323Google ScholarDigital Library
- LTP. 2012. Linux test project. https://linux-test-project.github.ioGoogle Scholar
- Lanyue Lu, Andrea C. Arpaci-Dusseau, Remzi H. Arpaci-Dusseau, and Shan Lu. 2013. A Study of Linux File System Evolution. In 11th USENIX Conference on File and Storage Technologies (FAST 13). USENIX Association, San Jose, CA, 31--44. https://www.usenix.org/conference/fast13/technical-sessions/presentation/luGoogle ScholarDigital Library
- Shan Lu, Weihang Jiang, and Yuanyuan Zhou. 2007. A Study of Interleaving Coverage Criteria. In The 6th Joint Meeting on European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering: Companion Papers (Dubrovnik, Croatia) (ESEC-FSE companion '07). Association for Computing Machinery, New York, NY, USA, 533--536. https://doi.org/10.1145/1295014.1295034Google ScholarDigital Library
- Shan Lu, Soyeon Park, Chongfeng Hu, Xiao Ma, Weihang Jiang, Zhenmin Li, Raluca A. Popa, and Yuanyuan Zhou. 2007. MUVI: Automatically Inferring Multi-Variable Access Correlations and Detecting Related Semantic and Concurrency Bugs. In Proceedings of Twenty-First ACM SIGOPS Symposium on Operating Systems Principles (Stevenson, Washington, USA) (SOSP '07). Association for Computing Machinery, New York, NY, USA, 103--116. https://doi.org/10.1145/1294261.1294272Google ScholarDigital Library
- Shan Lu, Soyeon Park, Eunsoo Seo, and Yuanyuan Zhou. 2008. Learning from Mistakes: A Comprehensive Study on Real World Concurrency Bug Characteristics. In Proceedings of the 13th International Conference on Architectural Support for Programming Languages and Operating Systems (Seattle, WA, USA) (ASPLOS XIII). Association for Computing Machinery, New York, NY, USA, 329--339. https://doi.org/10.1145/1346281.1346323Google ScholarDigital Library
- Shan Lu, Joseph Tucek, Feng Qin, and Yuanyuan Zhou. 2006. AVIO: Detecting Atomicity Violations via Access Interleaving Invariants. In Proceedings of the 12th International Conference on Architectural Support for Programming Languages and Operating Systems (San Jose, California, USA) (ASPLOS XII). Association for Computing Machinery, New York, NY, USA, 37--48. https://doi.org/10.1145/1168857.1168864Google ScholarDigital Library
- Brandon Lucia and Luis Ceze. 2009. Finding concurrency bugs with context-aware communication graphs. In 42st Annual IEEE/ACM International Symposium on Microarchitecture MICRO-42 2009, December 12-16, 2009, New York, New York, USA, David H. Albonesi, Margaret Martonosi, David I. August, and José F. Martínez (Eds.). ACM, 553--563. https://doi.org/10.1145/1669112.1669181Google ScholarDigital Library
- Brandon Lucia, Joseph Devietti, Luis Ceze, and Karin Strauss. 2009. Atom-Aid: Detecting and Surviving Atomicity Violations. IEEE Micro 29, 1 (2009), 73--83. https://doi.org/10.1109/MM.2009.1Google ScholarDigital Library
- LWN. 2018. Introducing the syzbot dashboard. https://lwn.net/Articles/749910/Google Scholar
- Aravind Machiry, Chad Spensky, Jake Corina, Nick Stephens, Christopher Kruegel, and Giovanni Vigna. 2017. DR. CHECKER: A Soundy Analysis for Linux Kernel Drivers. In 26th USENIX Security Symposium (USENIX Security 17). USENIX Association, Vancouver, BC, 1007--1024. https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/machiryGoogle ScholarDigital Library
- Paul McKenney. 2019. The RCU API, 2019 edition. https://lwn.net/Articles/777036/Google Scholar
- Madanlal Musuvathi, Shaz Qadeer, Thomas Ball, Gerard Basler, Piramanayagam Arumuga Nainar, and Iulian Neamtiu. 2008. Finding and Reproducing Heisenbugs in Concurrent Programs. In Proceedings of the 8th USENIX Conference on Operating Systems Design and Implementation (San Diego, California) (OSDI'08). USENIX Association, USA, 267--280. https://dl.acm.org/doi/10.5555/1855741.1855760Google ScholarDigital Library
- Shankara Pailoor, Andrew Aday, and Suman Jana. 2018. MoonShine: Optimizing OS Fuzzer Seed Selection with Trace Distillation. In 27th USENIX Security Symposium (USENIX Security 18). USENIX Association, Baltimore, MD, 729--743. https://www.usenix.org/conference/usenixsecurity18/presentation/pailoorGoogle ScholarDigital Library
- Soyeon Park, Shan Lu, and Yuanyuan Zhou. 2009. CTrigger: Exposing Atomicity Violation Bugs from Their Hiding Places. In Proceedings of the 14th International Conference on Architectural Support for Programming Languages and Operating Systems (Washington, DC, USA) (ASPLOS XIV). Association for Computing Machinery, New York, NY, USA, 25--36. https://doi.org/10.1145/1508244.1508249Google ScholarDigital Library
- Hui Peng and Mathias Payer. 2020. USBFuzz: A Framework for Fuzzing USB Drivers by Device Emulation. In 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, 2559--2575. https://www.usenix.org/conference/usenixsecurity20/presentation/pengGoogle Scholar
- Bo Qiao, Oliver Reiche, Jürgen Teich, and Frank Hannig. 2020. Unveiling Kernel Concurrency in Multiresolution Filters on GPUs with an Image Processing DSL. In Proceedings of the 13th Annual Workshop on General Purpose Processing Using Graphics Processing Unit (San Diego, California) (GPGPU '20). Association for Computing Machinery, New York, NY, USA, 11--20. https://doi.org/10.1145/3366428.3380773Google ScholarDigital Library
- Rapid7. 2011. Linux PolicyKit Race Condition Privilege Escalation. https://www.rapid7.com/db/modules/exploit/linux/local/pkexec/Google Scholar
- Malavika Samak and Murali Krishna Ramanathan. 2014. Multithreaded Test Synthesis for Deadlock Detection. In Proceedings of the 2014 ACM International Conference on Object Oriented Programming Systems Languages & Applications (Portland, Oregon, USA) (OOPSLA '14). Association for Computing Machinery, New York, NY, USA, 473--489. https://doi.org/10.1145/2660193.2660238Google ScholarDigital Library
- Malavika Samak and Murali Krishna Ramanathan. 2015. Synthesizing Tests for Detecting Atomicity Violations. In Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering (Bergamo, Italy) (ESEC/FSE 2015). Association for Computing Machinery, New York, NY, USA, 131--142. https://doi.org/10.1145/2786805.2786874Google ScholarDigital Library
- Malavika Samak, Murali Krishna Ramanathan, and Suresh Jagannathan. 2015. Synthesizing Racy Tests. In Proceedings of the 36th ACM SIGPLAN Conference on Programming Language Design and Implementation (Portland, OR, USA) (PLDI '15). Association for Computing Machinery, New York, NY, USA, 175--185. https://doi.org/10.1145/2737924.2737998Google ScholarDigital Library
- Stefan Savage, Michael Burrows, Greg Nelson, Patrick Sobalvarro, and Thomas Anderson. 1997. Eraser: A dynamic data race detector for multi-threaded programs. SIGOPS Oper. Syst. Rev. 31, 5 (1997), 27--37. https://doi.org/10.1145/269005.266641Google ScholarDigital Library
- Justin Seyster, Prabakar Radhakrishnan, Samriti Katoch, Abhinav Duggal, Scott D. Stoller, and Erez Zadok. 2011. Redflag: A Framework for Analysis of Kernel-Level Concurrency. In Proceedings of the 11th International Conference on Algorithms and Architectures for Parallel Processing - Volume Part I (Melbourne, Australia) (ICA3PP'11). Springer-Verlag, Berlin, Heidelberg, 66--79. https://dl.acm.org/doi/10.5555/2075416.2075425Google ScholarCross Ref
- Yao Shi, Soyeon Park, Zuoning Yin, Shan Lu, Yuanyuan Zhou, Wenguang Chen, and Weimin Zheng. 2010. Do I Use the Wrong Definition? DeFuse: Definition-Use Invariants for Detecting Concurrency and Sequential Bugs. In Proceedings of the ACM International Conference on Object Oriented Programming Systems Languages and Applications (Reno/Tahoe, Nevada, USA) (OOPSLA '10). Association for Computing Machinery, New York, NY, USA, 160--174. https://doi.org/10.1145/1869459.1869474Google ScholarDigital Library
- Armando Solar-Lezama, Christopher Grant Jones, and Rastislav Bodik. 2008. Sketching Concurrent Data Structures. In Proceedings of the 29th ACM SIGPLAN Conference on Programming Language Design and Implementation (Tucson, AZ, USA) (PLDI '08). Association for Computing Machinery, New York, NY, USA, 136--148. https://doi.org/10.1145/1375581.1375599Google ScholarDigital Library
- Viktor Vafeiadis. 2010. Automatically Proving Linearizability. In Proceedings of the 22nd International Conference on Computer Aided Verification (Edinburgh, UK) (CAV'10). Springer-Verlag, Berlin, Heidelberg, 450--464. https://doi.org/10.1007/978-3-642-14295-6_40Google ScholarDigital Library
- Martin Vechev, Eran Yahav, and Greta Yorsh. 2009. Experience with Model Checking Linearizability. In Proceedings of the 16th International SPIN Workshop on Model Checking Software (Grenoble, France). Springer-Verlag, Berlin, Heidelberg, 261--278. https://doi.org/10.1007/978-3-642-02652-2_21Google ScholarDigital Library
- Kaushik Veeraraghavan, Peter M. Chen, Jason Flinn, and Satish Narayanasamy. 2011. Detecting and Surviving Data Races Using Complementary Schedules. In Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles (Cascais, Portugal) (SOSP '11). Association for Computing Machinery, New York, NY, USA, 369--384. https://doi.org/10.1145/2043556.2043590Google ScholarDigital Library
- Jan Wen Voung, Ranjit Jhala, and Sorin Lerner. 2007. RELAY: Static Race Detection on Millions of Lines of Code. In Proceedings of the the 6th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on The Foundations of Software Engineering (Dubrovnik, Croatia) (ESEC-FSE '07). Association for Computing Machinery, New York, NY, USA, 205--214. https://doi.org/10.1145/1287624.1287654Google ScholarDigital Library
- Cong Wang. 2021. net: fix dev_ifsioc_locked() race condition. https://github.com/torvalds/linux/commit/3b23a32a63219f51a5298bc55a65ecee866e79d0Google Scholar
- Pengfei Wang, Jens Krinke, Kai Lu, Gen Li, and Steve Dodier-Lazaro. 2017. How Double-Fetch Situations turn into Double-Fetch Vulnerabilities: A Study of Double Fetches in the Linux Kernel. In 26th USENIX Security Symposium (USENIX Security 17). USENIX Association, Vancouver, BC, 1--16. https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/wang-pengfeiGoogle ScholarDigital Library
- Robert Watson. 2007. Before & After Under The Giant Lock. https://lists.freebsd.org/pipermail/freebsd-hackers/2007-November/022368.htmlGoogle Scholar
- Wikipedia contributors. 2020. Therac-25 --- Wikipedia, The Free Encyclopedia. https://en.wikipedia.org/w/index.php?title=Therac-25&oldid=992942654.Google Scholar
- Herbert Xu. 2020. rhashtable: Fix unprotected RCU dereference in ___rht_ptr. https://github.com/torvalds/linux/commit/1748f6a2cbc4694523f16da1c892b59861045b9dGoogle Scholar
- Min Xu, Rastislav Bodík, and Mark D. Hill. 2005. A Serializability Violation Detector for Shared-Memory Server Programs. In Proceedings of the 2005 ACM SIGPLAN Conference on Programming Language Design and Implementation (Chicago, IL, USA) (PLDI '05). Association for Computing Machinery, New York, NY, USA, 1--14. https://doi.org/10.1145/1065010.1065013Google ScholarDigital Library
- Meng Xu, Sanidhya Kashyap, Hanqing Zhao, and Taesoo Kim. 2020. Krace: Data Race Fuzzing for Kernel File Systems. In 2020 IEEE Symposium on Security and Privacy (SP). 1643--1660. https://doi.org/10.1109/SP40000.2020.00078Google Scholar
- Meng Xu, Chenxiong Qian, Kangjie Lu, Michael Backes, and Taesoo Kim. 2018. Precise and Scalable Detection of Double-Fetch Bugs in OS Kernels. In 2018 IEEE Symposium on Security and Privacy (SP). 661--678. https://doi.org/10.1109/SP.2018.00017Google Scholar
- Cheer-Sun D. Yang, Amie L. Souter, and Lori L. Pollock. 1998. All-Du-Path Coverage for Parallel Programs. SIGSOFT Softw. Eng. Notes 23, 2 (March 1998), 153--162. https://doi.org/10.1145/271775.271804Google ScholarDigital Library
- Jie Yu, Satish Narayanasamy, Cristiano Pereira, and Gilles Pokam. 2012. Maple: A Coverage-Driven Testing Tool for Multithreaded Programs. In Proceedings of the ACM International Conference on Object Oriented Programming Systems Languages and Applications (Tucson, Arizona, USA) (OOPSLA '12). Association for Computing Machinery, New York, NY, USA, 485--502. https://doi.org/10.1145/2384616.2384651Google ScholarDigital Library
- Yuan Yu, Tom Rodeheffer, and Wei Chen. 2005. RaceTrack: Efficient Detection of Data Race Conditions via Adaptive Tracking. In Proceedings of the Twentieth ACM Symposium on Operating Systems Principles (Brighton, United Kingdom) (SOSP '05). Association for Computing Machinery, New York, NY, USA, 221--234. https://doi.org/10.1145/1095810.1095832Google ScholarDigital Library
- Wei Zhang, Junghee Lim, Ramya Olichandran, Joel Scherpelz, Guoliang Jin, Shan Lu, and Thomas Reps. 2011. ConSeq: Detecting Concurrency Bugs through Sequential Errors. In Proceedings of the Sixteenth International Conference on Architectural Support for Programming Languages and Operating Systems (Newport Beach, California, USA) (ASPLOS XVI). Association for Computing Machinery, New York, NY, USA, 251--264. https://doi.org/10.1145/1950365.1950395Google ScholarDigital Library
- Kaiyang Zhao, Sishuai Gong, and Pedro Fonseca. 2021. On-Demand-Fork: A Microsecond Fork for Memory-Intensive and Latency-Sensitive Applications. Association for Computing Machinery, New York, NY, USA, 540--555. https://doi.org/10.1145/3447786.3456258Google ScholarDigital Library
Index Terms
- Snowboard: Finding Kernel Concurrency Bugs through Systematic Inter-thread Communication Analysis
Recommendations
Snowcat: Efficient Kernel Concurrency Testing using a Learned Coverage Predictor
SOSP '23: Proceedings of the 29th Symposium on Operating Systems PrinciplesRandom-based approaches and heuristics are commonly used in kernel concurrency testing due to the massive scale of modern kernels and corresponding interleaving space. The lack of accurate and scalable approaches to analyze concurrent kernel ...
Pinso: Precise Isolation of Concurrency Bugs via Delta Triaging
ICSME '14: Proceedings of the 2014 IEEE International Conference on Software Maintenance and EvolutionConcurrent programs are known to be difficult to test and maintain. These programs often fail because of concurrency bugs caused by non-deterministic interleavings among shared memory accesses. Even though a concurrency bug can be detected, it is still ...
Debugging Flaky Tests on Web Applications
WEBIST 2019: Proceedings of the 15th International Conference on Web Information Systems and TechnologiesTesting web applications is a challenging practice because it involves managing asynchronous requests between clients and servers, the integration of heterogeneous technologies, and concurrent accesses to the resources. Therefore, rerunning the test ...
Comments