[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to main content
Springer Nature Link
Log in

ConFuzz—A Concurrency Fuzzer

  • Conference paper
  • First Online:
First International Conference on Sustainable Technologies for Computational Intelligence

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 1045))

Abstract

Concurrency bugs are as equally vulnerable as the bugs found in the single-threaded programs and these bugs can be exploited using concurrency attacks. Unfortunately, there is not much literature available in detecting various kinds of concurrency issues in a multi-threaded program due to its complexity and uncertainty. In this paper, we aim at detecting concurrency bugs by using directed evolutionary fuzzing with the help of static analysis of the source code. Concurrency bug detection involves two main entities: an input and a particular thread execution order. The evolutionary part of fuzzing will prefer inputs that involve memory access patterns across threads (data flow interleaving) and thread ordering that disturb the data dependence more and direct them to trigger concurrency bugs. This paper suggests the idea of a concurrency fuzzer, which is first of its kind. We use a combination of LLVM, Thread Sanitizer and fuzzing techniques to detect various concurrency issues in an application. The source code of the application is statically analyzed for various paths, from the different thread related function calls to the main function. Every basic block in these paths are assigned a unique ID and a weight based on the distance of the basic block from the thread function calls. These basic blocks are instrumented to print their ID and weight upon execution. The knowledge about the basic blocks in the sliced paths are used to generate new sets of inputs from the old ones, thus covering even more basic blocks in the path and thereby increasing the chances of hitting a concurrency warning. We use Thread Sanitizer present in the LLVM compiler infrastructure to detect the concurrency bug warnings while executing each input. The inputs are directed to discover even new address locations with possible concurrency issues. The system was tested on three simple multi-threaded applications pigz, pbzip2, and pixz. The results show a quicker detection of unique addresses in the application with possible concurrency issues.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
£29.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
GBP 19.95
Price includes VAT (United Kingdom)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
GBP 143.50
Price includes VAT (United Kingdom)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
GBP 179.99
Price includes VAT (United Kingdom)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Change history

  • 20 May 2020

    Concurrency bugs are as equally vulnerable as the bugs found in the single-threaded programs and these bugs can be exploited using concurrency attacks.

References

  1. Llvm. https://llvm.org/

  2. Thread sanitizer. url. http://clang.llvm.org/docs/threadsanitizer.html

  3. Musuvathi, M., Qadeer, S.: Iterative context bounding for systematic testing of multithreaded programs. In: pldi (2007)

    Google Scholar 

  4. Seo, E., Zhou, Y., Lu, S., Park, S.: Learning from mistakes a comprehensive study on real world concurrency bug characteristics. ACM Trans. Comput. Syst. 2(4), 277–288 (2008). ISSN 0734-2071

    Google Scholar 

  5. Common vulnerabilities and exposures database. http://cvedetails.com

  6. Stolfo, S., Sethumadhavan, S., Yang, J., Cui, A.: Concurrency attacks. In: Fourth USENIX Workshop on Hot Topics in Parallelism (HOTPAR 12) (2012)

    Google Scholar 

  7. Fredriksen, L., Miller, B.P., So, B.: An empirical study of the reliability of unix utilities. Commun. ACM 33(12), 3244 (1990)

    Google Scholar 

  8. Kumar, A., Cojocar, L., Giuffrida, C., Rawat, S., Jain, V., Bos, H.: Vuzzer: application-aware evolutionary fuzzing. In: Proceedings of the Network and Distributed System Security Symposium (NDSS) (2017)

    Google Scholar 

  9. Apple developer page for llvm thread sanitizer

    Google Scholar 

  10. Clang. http://clang.llvm.org/index.html

  11. Pbzip2. http://compression.ca/pbzip2/

  12. Pigz. https://zlib.net/pigz/

  13. Pixz. https://github.com/vasi/pixz

  14. Bzip. http://www.bzip.org/

  15. Pixz man page. https://www.mankier.com/1/pixz

  16. Libavi. https://libav.org/

  17. Vlc. https://www.videolan.org/vlc/download-sources.html

  18. Ffmpeg. https://www.ffmpeg.org/download.html

  19. Imagemagick. https://www.imagemagick.org/script/download.php

  20. Linux kernel bug on uselib(). http://osvdb.org/show/osvdb/12791

  21. Mysql bug 24988. https://bugs.mysql.com/bug.php?id=24988

  22. Msie javaprxy.dll com object exploit. http:// www.exploit-db.com/exploits/1079/

  23. Cve-2010-0923. http://www.cvedetails.com/cve/cve-2010-0923

  24. Cve-2008-0034. http://www.cvedetails.com/cve/cve-2008-0034/

  25. Cve-2010-1754. http://www.cvedetails.com/cve/cve-2010-1754/

  26. Nelson, G., Sobalvarro, P., Anderson, T., Savage, S., Burrows, M.: Eraser: a dynamic data race detector for multithreaded programs. ACM Trans. Comput. Syst. 15(4), 391–411 (1997)

    Article  Google Scholar 

  27. Chen, W., Yu, Y., Rodeheffer, T.: Racetrack: efficient detection of data race conditions via adaptive tracking. In: Proceedings of the 20th ACM Symposium on Operating Systems Principles (SOSP 05), pp. 221–234 (2005)

    Google Scholar 

  28. Ashcraft, K., Engler, D.: Racerx: effective, static detection of race conditions and deadlocks. In: Proceedings of the 19th ACM Symposium on Operating Systems Principles (SOSP 03), pp. 237–252 (2003)

    Google Scholar 

  29. Hu, C., Ma, X., Jiang, W., Li, Z., Popa, R.A., Lu, S., Park, S., Zhou, Y.: Muvi: automatically inferring multivariable access correlations and detecting related semantic and concurrency bugs. In: Proceedings of the 21st ACM Symposium on Operating Systems Principles (SOSP 07), pp. 103–116 (2007)

    Google Scholar 

  30. Qin, F., Lu, S., Tucek, J., Zhou, Y.: Avio: detecting atomicity violations via access interleaving invariants. In: Twelfth International Conference on Architecture Support for Programming Languages and Operating Systems (ASPLOS 06), pp. 37–48 (2006)

    Google Scholar 

  31. Olichandran, R., Scherpelz, J., Jin, G., Lu, S., Zhang, W., Lim, J., Reps, T.: Conseq: detecting concurrency bugs through sequential errors. In: Sixteenth International Conference on Architecture Support for Program- ming Languages and Operating Systems (ASPLOS 11), pp. 251–264 (2011)

    Google Scholar 

  32. Sun, C., Zhang, W., Lu, S.: Conmem: detecting severe concurrency bugs through an effect-oriented approach. In: Fifteenth International Conference on Architecture Support for Programming Languages and Operating Systems (ASPLOS 10), pp. 179–192 (2010)

    Google Scholar 

  33. Chen, P.M., Flinn, J., Wester, B., Devecsery, D., Narayanasamy, S.: Parallelizing data race detection. In: Eighteenth International Conference on Architecture Support for Programming Languages and Operating Systems (ASPLOS 13), pp. 27–38 (2013)

    Google Scholar 

  34. Zamfir, C., Kasikci. B., Candea, G.: Racemob: crowdsourced data race detection. In: Proceedings of the 24th ACM Symposium on Operating Systems Principles (SOSP 13) (2013)

    Google Scholar 

  35. Martin, M.M.K., Nagarakatte, S., Burckhardt, S., Musuvathi, M.: Multicore acceleration of priority-based schedulers for concurrency bug detection. In: Proceedings of the 33rd ACM SIGPLAN Conference on Programming Language Design and Implementation(PLDI ’12) (2012)

    Google Scholar 

  36. Lu, S., Park, S., Zhou, Y.: Ctrigger: exposing atomicity violation bugs from their hiding places. In: Fourteenth International Conference on Architecture Support for Programming Languages and Operating Systems (ASPLOS 09), pp. 25–36 (2009)

    Google Scholar 

  37. Park, C.-S., Sen K.: Randomized active atomicity violation detection in concurrent programs. In: Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of Software Engineering (SIG- SOFT 08/FSE-16), pp. 135–145 (2008)

    Google Scholar 

  38. Sen, K.: Race directed random testing of concurrent programs. In: Proceedings of the ACM SIGPLAN 2008 Conference on Programming Language Design and Implementation (PLDI 08), pp. 11–21 (2008)

    Google Scholar 

  39. Pereira, C., Pokam, G., Kasikci, B., Schubert, B., Candea, G.: Failure sketching: a technique for automated root cause diagnosis of inproduction failures. In: Proceedings of the 25th ACM Symposium on Operating Systems Principles (SOSP 15) (2015)

    Google Scholar 

  40. Chow, M., Attariyan, M., Flinn, J.: X-ray: automat- ing root-cause diagnosis of performance anomalies in production software. In: OSDI (2012)

    Google Scholar 

  41. Deng, D., Liblit, B., Jin, G., Zhang, W., Lu, S.: Automated concurrency bug fixing. In: Proceedings of the Tenth Symposium on Operating Systems Design and Implementation (OSDI 12), pp. 221–236 (2012)

    Google Scholar 

  42. Cristian, Z., Jula, H., Tralamazza, D., George, C.: Deadlock immunity: enabling systems to defend against deadlocks. In: Proceedings of the Eighth Symposium on Operating Systems Design and Implementation (OSDI 08), pp. 295–308 (2008)

    Google Scholar 

  43. Kudlur, M., Lafortune, S., Wang, Y., Kelly, T., Mahlke, S.: Gadara: dynamic deadlock avoidance for multithreaded programs. In: Proceedings of the Eighth Symposium on Operating Systems Design and Implementation (OSDI 08), pp. 281–294 (2008)

    Google Scholar 

  44. Cui, H., Wu, J., Yang, J.: Bypassing races in live applications with execution filters. In: Proceedings of the Ninth Symposium on Operating Systems Design and Implementation (OSDI 10) (2010)

    Google Scholar 

  45. Whaley, J., Naik, M., Aiken, A.: Effective static race detection for java. In: Proceedings of the 27th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI 06), pp. 308–319 (2006)

    Google Scholar 

  46. Valgrind. http://valgrind.org/docs/manual/hg-manual.html

  47. Zhang, Weihua, Yu, Shiqiang, Wang, Haojun, Dai, Zhuofang, Chen, Haibo: Hardware support for concurrent detection of multiple concurrency bugs on fused cpu-gpu architectures. IEEE Trans. Comput. 65, 3083–3095 (2016)

    Article  MathSciNet  Google Scholar 

  48. Alam, M.U., Begam, R., Rahman, S., Muzahid, A.: Concurrency bug detection and avoidance through continuous learning of invariants using neural networks in hardware (2013)

    Google Scholar 

  49. Gotovos, A., Christakis, M., Sagonas, K.: Systematic testing for detecting concurrency errors in erlang programs. In: Proceedings of the 2013 IEEE Sixth International Conference on Software Testing, Verification and Validation (ICST ’13), pp. 154–163 (2013)

    Google Scholar 

  50. Fredriksen, L., Miller, B.P., So, B.: An empirical study of the reliability of unix utilities. Commun. ACM 33(12), 32–44 (1990)

    Article  Google Scholar 

  51. Aitel, D.: An introduction to spike, the fuzzer creation kit. (presentation slides) (2002)

    Google Scholar 

  52. Sutton, M., Greene, A.: The art of file format fuzzing. In: Blackhat USA Conference (2005)

    Google Scholar 

  53. Leek, T., Ganesh, V., Rinard, M.: Taint-based directed whitebox fuzzing. In: Proceedings of the 31st International Conference on Software Engineering, pp. 474–484. IEEE Computer Society (2009)

    Google Scholar 

  54. Rebert, A., Cha, S.K., Avgerinos, T., Brumley, D.: Unleashing mayhem on binary code. In: 2012 IEEE Symposium on Security and Privacy (SP), pp. 380–394 (2012)

    Google Scholar 

  55. Neugschwandtner, M., Haller, I., Slowinska, A., Bos, H.: Dowsing for overflows: a guided fuzzer to find buffer boundary violations. In: USENIX Security Symposium, pp. 49–64 (2013)

    Google Scholar 

  56. American fuzzy loop (afl-fuzz). https://github.com/rc0r/afl-fuzz

  57. Salls, C., Dutcher, A., Wang, R., Corbetta, J., Shoshitaishvili, Y., Kruegel, C., Stephens, N., Grosen, J., Vigna, G.: Driller: augmenting fuzzing through selective symbolic execution. In: NDSS, vol. 16, pp. 1–16 (2016)

    Google Scholar 

  58. Livshits, V.B., Lam, M.S.: Finding security errors in java programs with static analysis. In: Proceedings of the 14th Usenix Security Symposium, pp. 271–286 (2005)

    Google Scholar 

  59. Arp, D., Yamaguchi, F., Golde, N., Rieck, K.: Modeling and discovering vulnerabilities with code property graphs. In: Proceedings of the 2014 IEEE Symposium on Security and Privacy (SP 14), pp. 590–604 (2014)

    Google Scholar 

  60. Kruegel, C., Felmetsger, V., Cavedon, L., Vigna, G.: Toward automated detection of logic vulnerabilities in web applications. In: Proceedings of the 19th USENIX Conference on Security (USENIX Security 10), pp. 1010 (2010)

    Google Scholar 

  61. Fritz, C., Bodden, E., Bartel, A., Klein, J., Le Traon, Y., Octeau, D., Arzt, S., Rasthofer, S., McDaniel, P.: Flowdroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In: Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI14), pp. 259–269 (2014)

    Google Scholar 

  62. McKinley, K.S., Srivastava, V., Bond, M.D., Shmatikov, V.: A security policy oracle: detecting security holes using multiple api implementations. In: Proceedings of the 32nd ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI 11), pp. 343–354 (2011)

    Google Scholar 

  63. Edwards, A., Zhang, X., Jaeger, T.: Using cqual for static analysis of authorization hook placement. In: Proceedings of the 11th USENIX Security Symposium, page p. 33–48 (2002)

    Google Scholar 

  64. Zhao, J., Ning, Y., Cui, H., Yang, J., Gu, R., Gan, B.: Understanding and Detecting Concurrency Attacks

    Google Scholar 

  65. Data flow sanitizer. http://clang.llvm.org/docs/dataflowsanitizer.html

Download references

Author information

Authors and Affiliations

  1. TIFAC-CORE in Cyber Security, Amrita School of Engineering, Amrita Vishwa Vidyapeetham, Coimbatore, India

    Nischai Vinesh & M. Sethumadhavan

Authors
  1. Nischai Vinesh
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. M. Sethumadhavan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nischai Vinesh .

Editor information

Editors and Affiliations

  1. Department of Electrical and Communication Engineering, The Papua New Guinea University of Technology, Lae, Papua New Guinea

    Ashish Kumar Luhach

  2. Neumann János University, Kecskemét, Bács-Kiskun, Hungary

    Janos Arpad Kosa

  3. Amity University, Jaipur, Rajasthan, India

    Ramesh Chandra Poonia

  4. School of Computing, University of Eastern Finland, Kuopio, Finland

    Xiao-Zhi Gao

  5. Department of Computer Science, Namibia University of Science and Technology, Windhoek, Namibia

    Dharm Singh

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Vinesh, N., Sethumadhavan, M. (2020). ConFuzz—A Concurrency Fuzzer. In: Luhach, A., Kosa, J., Poonia, R., Gao, XZ., Singh, D. (eds) First International Conference on Sustainable Technologies for Computational Intelligence. Advances in Intelligent Systems and Computing, vol 1045. Springer, Singapore. https://doi.org/10.1007/978-981-15-0029-9_53

Download citation

Publish with us

Policies and ethics

Search

Navigation