12 research outputs found
Regression-free Synthesis for Concurrency
While fixing concurrency bugs, program repair algorithms may introduce new
concurrency bugs. We present an algorithm that avoids such regressions. The
solution space is given by a set of program transformations we consider in for
repair process. These include reordering of instructions within a thread and
inserting atomic sections. The new algorithm learns a constraint on the space
of candidate solutions, from both positive examples (error-free traces) and
counterexamples (error traces). From each counterexample, the algorithm learns
a constraint necessary to remove the errors. From each positive examples, it
learns a constraint that is necessary in order to prevent the repair from
turning the trace into an error trace. We implemented the algorithm and
evaluated it on simplified Linux device drivers with known bugs.Comment: for source code see https://github.com/thorstent/ConRepai
Partial Orders for Efficient BMC of Concurrent Software
This version previously deposited at arXiv:1301.1629v1 [cs.LO]The vast number of interleavings that a concurrent program can have is typically identified as the root cause of the difficulty of automatic analysis of concurrent software. Weak memory is generally believed to make this problem even harder. We address both issues by modelling programs' executions with partial orders rather than the interleaving semantics (SC). We implemented a software analysis tool based on these ideas. It scales to programs of sufficient size to achieve first-time formal verification of non-trivial concurrent systems code over a wide range of models, including SC, Intel x86 and IBM Power
Checking Data-Flow Errors Based on The Guard-Driven Reachability Graph of WFD-Net
In order to guarantee the correctness of workflow systems, it is necessary to check their data-flow errors, e.g., missing data, inconsistent data, lost data and redundant data. The traditional Petri-net-based methods are usually based on the reachability graph. However, these methods have two flaws, i.e., the state space explosion and pseudo states. In order to solve these problems, we use WFD-nets to model workflow systems, and propose an algorithm for checking data-flow errors based on the guard-driven reachability graph (GRG) of WFD-net. Furthermore, a case study and some experiments are given to show the effectiveness and advantage of our method
Understanding Concurrency Vulnerabilities in Linux Kernel
While there is a large body of work on analyzing concurrency related software
bugs and developing techniques for detecting and patching them, little
attention has been given to concurrency related security vulnerabilities. The
two are different in that not all bugs are vulnerabilities: for a bug to be
exploitable, there needs be a way for attackers to trigger its execution and
cause damage, e.g., by revealing sensitive data or running malicious code. To
fill the gap, we conduct the first empirical study of concurrency
vulnerabilities reported in the Linux operating system in the past ten years.
We focus on analyzing the confirmed vulnerabilities archived in the Common
Vulnerabilities and Exposures (CVE) database, which are then categorized into
different groups based on bug types, exploit patterns, and patch strategies
adopted by developers. We use code snippets to illustrate individual
vulnerability types and patch strategies. We also use statistics to illustrate
the entire landscape, including the percentage of each vulnerability type. We
hope to shed some light on the problem, e.g., concurrency vulnerabilities
continue to pose a serious threat to system security, and it is difficult even
for kernel developers to analyze and patch them. Therefore, more efforts are
needed to develop tools and techniques for analyzing and patching these
vulnerabilities.Comment: It was finished in Oct 201
Analyzing Android applications for specifications and bugs
Android has become one of the leader operating systems for smartphones. Moreover, Android has a big community of developers with over 696500 applications on its market. However, given the complexity of the system, bugs are very common on Android applications--such as security vulnerabilities and energy bugs. Normally Android applications are written using the Java programming language. In contrast to most Java applications, Android applications does not have a single entry point (main function). In addition, these applications can use some system calls and receive events from external entities (such as the user) that affect how their control flows. Therefore, a model of the Android system must be defined in order to understand the behavior of Android applications and define how their control flows. In this thesis, two approaches to define the behavior of Android applications are studied. The first approach is an intra-component analysis that take take in account just the lifecycle of the main components in Android to define control flow of the applications. This approach is evaluated applying a specification miner for energy related specifications on 12 applications from the Android market. We were able to mine 91 specifications on all the applications and 41 of them were validated. For 50% of the applications analyzed, the analysis had less than 40% of false positives specifications. However, for the rest of the applications, the interaction between components was a important factor that increased the false positives. Therefore, the second approach is an inter-component approach that takes in account both, the lifecycle of components and interaction between components to define the control flow of Android applications. We evaluate the approach checking the percentage of code coverage on 8 applications from the Google market. The results are promising with an average coverage of 67%. In addition, we were able to identify bugs related to violations of constraints regarding intecomponent interactions
Effective Verification for Low-Level Software with Competing Interrupts
Interrupt-driven software is difficult to test and debug, especially when interrupts can be nested and subject
to priorities. Interrupts can arrive at arbitrary times, leading to an exponential blow-up in the number of
cases to consider. We present a new formal approach to verifying interrupt-driven software based on symbolic
execution. The approach leverages recent advances in the encoding of the execution traces of interacting,
concurrent threads. We assess the performance of our method on benchmarks drawn from embedded systems
code and device drivers, and experimentally compare it to conventional approaches that use source-to-source
transformations. Our results show that our method significantly outperforms these techniques. To the best
of our knowledge, our work is the first to demonstrate effective verification of low-level embedded software
with nested interrupt
On Detecting Concurrency Defects Automatically at the Design Level
We describe an automated approach for detecting concurrency defects from design diagrams of a software, in particular, sequence diagrams. From a given sequence diagram, we automatically infer a formal, parallel specification that generalizes the communication behavior that is designed informally and incompletely in the diagram. We model-check the parallel specification against generic concurrency defect patterns. No additional specification of the software is needed. We present several case-studies to evaluate our approach. The results show that our approach is technically feasible, and effective in detecting nasty concurrency defects at the design level
IST Austria Thesis
In this thesis we present a computer-aided programming approach to concurrency. Our approach helps the programmer by automatically fixing concurrency-related bugs, i.e. bugs that occur when the program is executed using an aggressive preemptive scheduler, but not when using a non-preemptive (cooperative) scheduler. Bugs are program behaviours that are incorrect w.r.t. a specification. We consider both user-provided explicit specifications in the form of assertion
statements in the code as well as an implicit specification. The implicit specification is inferred from the non-preemptive behaviour. Let us consider sequences of calls that the program makes to an external interface. The implicit specification requires that any such sequence produced under a preemptive scheduler should be included in the set of sequences produced under a non-preemptive scheduler. We consider several semantics-preserving fixes that go beyond atomic sections typically explored in the synchronisation synthesis literature. Our synthesis is able to place locks, barriers and wait-signal statements and last, but not least reorder independent statements. The latter may be useful if a thread is released to early, e.g., before some initialisation is completed. We guarantee that our synthesis does not introduce deadlocks and that the synchronisation inserted is optimal w.r.t. a given objective function. We dub our solution trace-based synchronisation synthesis and it is loosely based on counterexample-guided inductive synthesis (CEGIS). The synthesis works by discovering a trace that is incorrect w.r.t. the specification and identifying ordering constraints crucial to trigger the specification violation. Synchronisation may be placed immediately (greedy approach) or delayed until all incorrect traces are found (non-greedy approach). For the non-greedy approach we construct a set of global constraints over synchronisation placements. Each model of the global constraints set corresponds to a correctness-ensuring synchronisation placement. The placement that is optimal w.r.t. the given objective function is chosen as the synchronisation solution. We evaluate our approach on a number of realistic (albeit simplified) Linux device-driver
benchmarks. The benchmarks are versions of the drivers with known concurrency-related bugs. For the experiments with an explicit specification we added assertions that would detect the bugs in the experiments. Device drivers lend themselves to implicit specification, where the device and the operating system are the external interfaces. Our experiments demonstrate that our synthesis method is precise and efficient. We implemented objective functions for coarse-grained and fine-grained locking and observed that different synchronisation placements are produced for our experiments, favouring e.g. a minimal number of synchronisation operations or maximum concurrency
Mathematics in Software Reliability and Quality Assurance
This monograph concerns the mathematical aspects of software reliability and quality assurance and consists of 11 technical papers in this emerging area. Included are the latest research results related to formal methods and design, automatic software testing, software verification and validation, coalgebra theory, automata theory, hybrid system and software reliability modeling and assessment