ABSTRACT
Software bugs, such as concurrency, memory and semantic bugs, can significantly affect system reliability. Although much effort has been made to address this problem, there are still many bugs that cannot be detected, especially concurrency bugs due to the complexity of concurrent programs. Effective approaches for detecting these common bugs are therefore highly desired.
This paper presents an invariant-based bug detection tool, DefUse, which can detect not only concurrency bugs (including the previously under-studied order violation bugs), but also memory and semantic bugs. Based on the observation that many bugs appear as violations to programmers' data flow intentions, we introduce three different types of definition-use invariants that commonly exist in both sequential and concurrent programs. We also design an algorithm to automatically extract such invariants from programs, which are then used to detect bugs. Moreover, DefUse uses various techniques to prune false positives and rank error reports.
We evaluated DefUse using sixteen real-world applications with twenty real-world concurrency and sequential bugs. Our results show that DefUse can effectively detect 19 of these bugs, including 2 new bugs that were never reported before, with only a few false positives. Our training sensitivity results show that, with the benefit of the pruning and ranking algorithms, DefUse is accurate even with insufficient training.
- }}A. V. Aho, R. Sethi, and J. D. Ullman. Compilers: Principles,Techniques, and Tools. Addison Wesley, 1986. Google ScholarDigital Library
- }}P. Barford and M. Crovella. Generating representative web workloads for network and server performance evaluation. In ACM SIGMETRICS, June 1998. Google ScholarDigital Library
- }}M. Burrows and K. R. M. Leino. Finding stale-value errors in concurrent programs. Concurrency and Computation: Practice & Experience, 16(12):1161--1172, 2004. Google ScholarDigital Library
- }}M. Castro, M. Costa, and T. Harris. Securing software by enforcing data-flow integrity. In OSDI, 2006. Google ScholarDigital Library
- }}S. Cherem, L. Princehouse, and R. Rugina. Practical memory leak detection using guarded value-flow analysis. In PLDI, 2007. Google ScholarDigital Library
- }}T. Chilimbi and V. Ganapathy. HeapMD: Identifying heapbased bugs using anomaly detection. In ASPLOS, 2006. Google ScholarDigital Library
- }}J.-D. Choi, K. Lee, A. Loginov, R. O'Callahan, V. Sarkar, and M. Sridharan. Efficient and precise datarace detection for multithreaded object-oriented programs. In PLDI, 2002. Google ScholarDigital Library
- }}M. D. Ernst, J. H. Perkins, P. J. Guo, S. McCamant, C. Pacheco, M. S. Tschantz, and C. Xiao. The Daikon system for dynamic detection of likely invariants. Science of Computer Programming, 69(1-3):35--45, Dec. 2007. Google ScholarDigital Library
- }}C. Flanagan and S. N. Freund. Atomizer: a dynamic atomicity checker for multithreaded programs. In POPL, 2004. Google ScholarDigital Library
- }}C. Flanagan and S. N. Freund. FastTrack: efficient and precise dynamic race detection. In PLDI, 2009. Google ScholarDigital Library
- }}C. Flanagan and S. Qadeer. A type and effect system for atomicity. In PLDI, pages 338--349, 2003. Google ScholarDigital Library
- }}H. S. Gunawi, C. Rubio-Gonzaiz, A. C. Arpaci-Dusseau, R. H. Arpaci-Dusseau, and B. Liblit. EIO: Error handling is occasionally correct. In FAST, 2008. Google ScholarDigital Library
- }}S. Hangal and M. S. Lam. Tracking down software bugs using automatic anomaly detection. In ICSE, 2002. Google ScholarDigital Library
- }}M. J. Harrold and B. A. Malloy. Data flow testing of parallelized code. In ICSM, 1992.Google ScholarCross Ref
- }}R. Hastings and B. Joyce. Purify: Fast detection of memory leaks and access errors. In Usenix Winter Technical Conference, 1992.Google Scholar
- }}S. Lu,W. Jiang, and Y. Zhou. A study of interleaving coverage criteria. In FSE, 2007. Google ScholarDigital Library
- }}S. Lu, S. Park, C. Hu, X. Ma, W. Jiang, Z. Li, R. A. Popa, and Y. Zhou. MUVI: Automatically inferring multi-variable access correlations and detecting related semantic and concurrency bugs. In SOSP, 2007. Google ScholarDigital Library
- }}S. Lu, S. Park, E. Seo, and Y. Zhou. Learning from mistakes - a comprehensive study of real world concurrency bug characteristics. In ASPLOS, 2008. Google ScholarDigital Library
- }}S. Lu, J. Tucek, F. Qin, and Y. Zhou. AVIO: Detecting atomicity violations via access interleaving invariants. In ASPLOS, 2006. Google ScholarDigital Library
- }}B. Lucia and L. Ceze. Finding concurrency bugs with contextaware communication graphs. In MICRO, 2009. Google ScholarDigital Library
- }}C.-K. Luk, R. Cohn, R. Muth, H. Patil, A. Klauser, G. Lowney, S. Wallace, V. J. Reddi, and K. Hazelwood. Pin: building customized program analysis tools with dynamic instrumentation. In PLDI, 2005. Google ScholarDigital Library
- }}E. Marcus and H. Stern. Blueprints for high availability (2nd edition). John Wiley and Sons, 2003.Google Scholar
- }}D. Marino, M. Musuvathi, and S. Narayanasamy. LiteRace: effective sampling for lightweight data-race detection. In PLDI, 2009. Google ScholarDigital Library
- }}D. Mosberger and T. Jin. httperf - a tool for measuring web server performance. Performance Evaluation Review, 26(3):31--37, 1998. Google ScholarDigital Library
- }}M. Musuvathi and S. Qadeer. Iterative context bounding for systematic testing of multithreaded programs. In PLDI, 2007. Google ScholarDigital Library
- }}M. Musuvathi, S. Qadeer, T. Ball, and G. Basler. Finding and reproducing heisenbugs in concurrent programs. In OSDI, 2008. Google ScholarDigital Library
- }}S. Narayanasamy, C. Pereira, and B. Calder. Recording shared memory dependencies using strata. In ASPLOS, 2006. Google ScholarDigital Library
- }}N. Nethercote and J. Seward. Valgrind: A framework for heavyweight dynamic binary instrumentation. In PLDI, 2007. Google ScholarDigital Library
- }}R. O'Callahan and J.-D. Choi. Hybrid dynamic data race detection. In PPoPP, 2003. Google ScholarDigital Library
- }}S. Park, S. Lu, and Y. Zhou. CTrigger: Exposing atomicity violation bugs from their hiding places. In ASPLOS, 2009. Google ScholarDigital Library
- }}D. Perkovic and P. J. Keleher. Online data-race detection via coherency guarantees. In OSDI, 1996. Google ScholarDigital Library
- }}E. Pozniansky and A. Schuster. Efficient on-the-fly data race detection in multithreaded C++ programs. In PPoPP, 2003. Google ScholarDigital Library
- }}A. Sasturkar, R. Agarwal, L. Wang, and S. D. Stoller. Automated type-based analysis of data races and atomicity. In PPoPP, pages 83--94, 2005. Google ScholarDigital Library
- }}S. Savage, M. Burrows, G. Nelson, P. Sobalvarro, and T. Anderson. Eraser: A dynamic data race detector for multithreaded programs. ACM TOCS, 1997. Google ScholarDigital Library
- }}SecurityFocus. Software bug contributed to blackout. http://www.securityfocus.com/news/8016.Google Scholar
- }}K. Sen. Race directed random testing of concurrent programs. In PLDI, 2008. Google ScholarDigital Library
- }}A. Shankar and R. Bodik. DITTO: Automatic incrementalization of data structure invariant checks (in Java). In PLDI, 2007. Google ScholarDigital Library
- }}C. von Praun and T. R. Gross. Object race detection. In OOPSLA, 2001. Google ScholarDigital Library
- }}C. von Praun and T. R. Gross. Static conflict analysis for multi-threaded object oriented programs. In PLDI, 2003. Google ScholarDigital Library
- }}M. Xu, R. Bodik, and M. Hill. A regulated transitive reduction for longer memory race recording. In ASPLOS, 2006. Google ScholarDigital Library
- }}M. Xu, R. Bodik, and M. D. Hill. A "flight data recorder" for enabling full-system multiprocessor deterministic replay. In ISCA, 2003. Google ScholarDigital Library
- }}M. Xu, R. Bodik, and M. D. Hill. A serializability violation detector for shared-memory server programs. In PLDI, pages 1--14, 2005. Google ScholarDigital Library
- }}C.-S. D. Yang, A. L. Souter, and L. L. Pollock. All-du-path coverage for parallel programs. In ISSTA, 1998. Google ScholarDigital Library
- }}J. Yu and S. Narayanasamy. A case for an interleaving constrained shared-memory multi-processor. In ISCA, 2009. Google ScholarDigital Library
- }}P. Zhou, W. Liu, F. Long, S. Lu, F. Qin, Y. Zhou, S. Midkiff, and J. Torrellas. AccMon: Automatically Detecting Memory-Related Bugs via Program Counter-based Invariants. In MICRO, 2004. Google ScholarDigital Library
Index Terms
- Do I use the wrong definition?: DeFuse: definition-use invariants for detecting concurrency and sequential bugs
Recommendations
Do I use the wrong definition?: DeFuse: definition-use invariants for detecting concurrency and sequential bugs
OOPSLA '10Software bugs, such as concurrency, memory and semantic bugs, can significantly affect system reliability. Although much effort has been made to address this problem, there are still many bugs that cannot be detected, especially concurrency bugs due to ...
Applying transactional memory to concurrency bugs
ASPLOS XVII: Proceedings of the seventeenth international conference on Architectural Support for Programming Languages and Operating SystemsMultithreaded programs often suffer from synchronization bugs such as atomicity violations and deadlocks. These bugs arise from complicated locking strategies and ad hoc synchronization methods to avoid the use of locks. A survey of the bug databases of ...
Applying transactional memory to concurrency bugs
ASPLOS '12Multithreaded programs often suffer from synchronization bugs such as atomicity violations and deadlocks. These bugs arise from complicated locking strategies and ad hoc synchronization methods to avoid the use of locks. A survey of the bug databases of ...
Comments