Confuzz—a concurrency fuzzer

Nischai Vinesh*, Sanjay Rawat, Herbert Bos, Cristiano Giuffrida, M. Sethumadhavan

*Corresponding author for this work

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review

Abstract

Concurrency bugs are as equally vulnerable as the bugs found in the single-threaded programs and these bugs can be exploited using concurrency attacks. Unfortunately, there is not much literature available in detecting various kinds of concurrency issues in a multi-threaded program due to its complexity and uncertainty. In this paper, we aim at detecting concurrency bugs by using directed evolutionary fuzzing with the help of static analysis of the source code. Concurrency bug detection involves two main entities: an input and a particular thread execution order. The evolutionary part of fuzzing will prefer inputs that involve memory access patterns across threads (data flow interleaving) and thread ordering that disturb the data dependence more and direct them to trigger concurrency bugs. This paper suggests the idea of a concurrency fuzzer, which is first of its kind. We use a combination of LLVM, Thread Sanitizer and fuzzing techniques to detect various concurrency issues in an application. The source code of the application is statically analyzed for various paths, from the different thread related function calls to the main function. Every basic block in these paths are assigned a unique ID and a weight based on the distance of the basic block from the thread function calls. These basic blocks are instrumented to print their ID and weight upon execution. The knowledge about the basic blocks in the sliced paths are used to generate new sets of inputs from the old ones, thus covering even more basic blocks in the path and thereby increasing the chances of hitting a concurrency warning. We use Thread Sanitizer present in the LLVM compiler infrastructure to detect the concurrency bug warnings while executing each input. The inputs are directed to discover even new address locations with possible concurrency issues. The system was tested on three simple multi-threaded applications pigz, pbzip2, and pixz. The results show a quicker detection of unique addresses in the application with possible concurrency issues.

Concurrency fuzzing, Concurrency bugs, LLVM, Fuzzing, Static analysis, Source code analysis

Original languageEnglish
Title of host publication1st International Conference on Sustainable Technologies for Computational Intelligence- Proceedings of ICTSCI 2019
EditorsAshish Kumar Luhach, Janos Arpad Kosa, Ramesh Chandra Poonia, Xiao-Zhi Gao, Dharm Singh
PublisherSpringer
Pages667-691
Number of pages25
ISBN (Print)9789811500282
DOIs
Publication statusPublished - 1 Jan 2020
Event1st International Conference on Sustainable Technologies for Computational Intelligence, ICTSCI 2019 - Jaipur, India
Duration: 29 Mar 201930 Mar 2019

Publication series

NameAdvances in Intelligent Systems and Computing
Volume1045
ISSN (Print)2194-5357
ISSN (Electronic)2194-5365

Conference

Conference1st International Conference on Sustainable Technologies for Computational Intelligence, ICTSCI 2019
CountryIndia
CityJaipur
Period29/03/1930/03/19

Fingerprint Dive into the research topics of 'Confuzz—a concurrency fuzzer'. Together they form a unique fingerprint.

Cite this