Confuzz—a concurrency fuzzer

Nischai Vinesh, Sanjay Rawat, Herbert Bos, Cristiano Giuffrida, M. Sethumadhavan

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review

Abstract

Concurrency bugs are as equally vulnerable as the bugs found in the single-threaded programs and these bugs can be exploited using concurrency attacks. Unfortunately, there is not much literature available in detecting various kinds of concurrency issues in a multi-threaded program due to its complexity and uncertainty. In this paper, we aim at detecting concurrency bugs by using directed evolutionary fuzzing with the help of static analysis of the source code. Concurrency bug detection involves two main entities: an input and a particular thread execution order. The evolutionary part of fuzzing will prefer inputs that involve memory access patterns across threads (data flow interleaving) and thread ordering that disturb the data dependence more and direct them to trigger concurrency bugs. This paper suggests the idea of a concurrency fuzzer, which is first of its kind. We use a combination of LLVM, Thread Sanitizer and fuzzing techniques to detect various concurrency issues in an application. The source code of the application is statically analyzed for various paths, from the different thread related function calls to the main function. Every basic block in these paths are assigned a unique ID and a weight based on the distance of the basic block from the thread function calls. These basic blocks are instrumented to print their ID and weight upon execution. The knowledge about the basic blocks in the sliced paths are used to generate new sets of inputs from the old ones, thus covering even more basic blocks in the path and thereby increasing the chances of hitting a concurrency warning. We use Thread Sanitizer present in the LLVM compiler infrastructure to detect the concurrency bug warnings while executing each input. The inputs are directed to discover even new address locations with possible concurrency issues. The system was tested on three simple multi-threaded applications pigz, pbzip2, and pixz. The results show a quicker detection of unique addresses in the application with possible concurrency issues.

Concurrency fuzzing, Concurrency bugs, LLVM, Fuzzing, Static analysis, Source code analysis

Original languageEnglish
Title of host publication1st International Conference on Sustainable Technologies for Computational Intelligence- Proceedings of ICTSCI 2019
EditorsAshish Kumar Luhach, Janos Arpad Kosa, Ramesh Chandra Poonia, Xiao-Zhi Gao, Dharm Singh
PublisherSpringer
Pages667-691
Number of pages25
ISBN (Print)9789811500282
DOIs
Publication statusPublished - 1 Jan 2020
Event1st International Conference on Sustainable Technologies for Computational Intelligence, ICTSCI 2019 - Jaipur, India
Duration: 29 Mar 201930 Mar 2019

Publication series

NameAdvances in Intelligent Systems and Computing
Volume1045
ISSN (Print)2194-5357
ISSN (Electronic)2194-5365

Conference

Conference1st International Conference on Sustainable Technologies for Computational Intelligence, ICTSCI 2019
CountryIndia
CityJaipur
Period29/03/1930/03/19

Fingerprint

Static analysis
Data storage equipment
Uncertainty

Cite this

Vinesh, N., Rawat, S., Bos, H., Giuffrida, C., & Sethumadhavan, M. (2020). Confuzz—a concurrency fuzzer. In A. K. Luhach, J. A. Kosa, R. C. Poonia, X-Z. Gao, & D. Singh (Eds.), 1st International Conference on Sustainable Technologies for Computational Intelligence- Proceedings of ICTSCI 2019 (pp. 667-691). (Advances in Intelligent Systems and Computing; Vol. 1045). Springer. https://doi.org/10.1007/978-981-15-0029-9_53
Vinesh, Nischai ; Rawat, Sanjay ; Bos, Herbert ; Giuffrida, Cristiano ; Sethumadhavan, M. / Confuzz—a concurrency fuzzer. 1st International Conference on Sustainable Technologies for Computational Intelligence- Proceedings of ICTSCI 2019. editor / Ashish Kumar Luhach ; Janos Arpad Kosa ; Ramesh Chandra Poonia ; Xiao-Zhi Gao ; Dharm Singh. Springer, 2020. pp. 667-691 (Advances in Intelligent Systems and Computing).
@inproceedings{80084eafa4c94c1a892647ea46a93d72,
title = "Confuzz—a concurrency fuzzer",
abstract = "Concurrency bugs are as equally vulnerable as the bugs found in the single-threaded programs and these bugs can be exploited using concurrency attacks. Unfortunately, there is not much literature available in detecting various kinds of concurrency issues in a multi-threaded program due to its complexity and uncertainty. In this paper, we aim at detecting concurrency bugs by using directed evolutionary fuzzing with the help of static analysis of the source code. Concurrency bug detection involves two main entities: an input and a particular thread execution order. The evolutionary part of fuzzing will prefer inputs that involve memory access patterns across threads (data flow interleaving) and thread ordering that disturb the data dependence more and direct them to trigger concurrency bugs. This paper suggests the idea of a concurrency fuzzer, which is first of its kind. We use a combination of LLVM, Thread Sanitizer and fuzzing techniques to detect various concurrency issues in an application. The source code of the application is statically analyzed for various paths, from the different thread related function calls to the main function. Every basic block in these paths are assigned a unique ID and a weight based on the distance of the basic block from the thread function calls. These basic blocks are instrumented to print their ID and weight upon execution. The knowledge about the basic blocks in the sliced paths are used to generate new sets of inputs from the old ones, thus covering even more basic blocks in the path and thereby increasing the chances of hitting a concurrency warning. We use Thread Sanitizer present in the LLVM compiler infrastructure to detect the concurrency bug warnings while executing each input. The inputs are directed to discover even new address locations with possible concurrency issues. The system was tested on three simple multi-threaded applications pigz, pbzip2, and pixz. The results show a quicker detection of unique addresses in the application with possible concurrency issues.Concurrency fuzzing, Concurrency bugs, LLVM, Fuzzing, Static analysis, Source code analysis",
author = "Nischai Vinesh and Sanjay Rawat and Herbert Bos and Cristiano Giuffrida and M. Sethumadhavan",
year = "2020",
month = "1",
day = "1",
doi = "10.1007/978-981-15-0029-9_53",
language = "English",
isbn = "9789811500282",
series = "Advances in Intelligent Systems and Computing",
publisher = "Springer",
pages = "667--691",
editor = "Luhach, {Ashish Kumar} and Kosa, {Janos Arpad} and Poonia, {Ramesh Chandra} and Xiao-Zhi Gao and Dharm Singh",
booktitle = "1st International Conference on Sustainable Technologies for Computational Intelligence- Proceedings of ICTSCI 2019",

}

Vinesh, N, Rawat, S, Bos, H, Giuffrida, C & Sethumadhavan, M 2020, Confuzz—a concurrency fuzzer. in AK Luhach, JA Kosa, RC Poonia, X-Z Gao & D Singh (eds), 1st International Conference on Sustainable Technologies for Computational Intelligence- Proceedings of ICTSCI 2019. Advances in Intelligent Systems and Computing, vol. 1045, Springer, pp. 667-691, 1st International Conference on Sustainable Technologies for Computational Intelligence, ICTSCI 2019, Jaipur, India, 29/03/19. https://doi.org/10.1007/978-981-15-0029-9_53

Confuzz—a concurrency fuzzer. / Vinesh, Nischai; Rawat, Sanjay; Bos, Herbert; Giuffrida, Cristiano; Sethumadhavan, M.

1st International Conference on Sustainable Technologies for Computational Intelligence- Proceedings of ICTSCI 2019. ed. / Ashish Kumar Luhach; Janos Arpad Kosa; Ramesh Chandra Poonia; Xiao-Zhi Gao; Dharm Singh. Springer, 2020. p. 667-691 (Advances in Intelligent Systems and Computing; Vol. 1045).

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review

TY - GEN

T1 - Confuzz—a concurrency fuzzer

AU - Vinesh, Nischai

AU - Rawat, Sanjay

AU - Bos, Herbert

AU - Giuffrida, Cristiano

AU - Sethumadhavan, M.

PY - 2020/1/1

Y1 - 2020/1/1

N2 - Concurrency bugs are as equally vulnerable as the bugs found in the single-threaded programs and these bugs can be exploited using concurrency attacks. Unfortunately, there is not much literature available in detecting various kinds of concurrency issues in a multi-threaded program due to its complexity and uncertainty. In this paper, we aim at detecting concurrency bugs by using directed evolutionary fuzzing with the help of static analysis of the source code. Concurrency bug detection involves two main entities: an input and a particular thread execution order. The evolutionary part of fuzzing will prefer inputs that involve memory access patterns across threads (data flow interleaving) and thread ordering that disturb the data dependence more and direct them to trigger concurrency bugs. This paper suggests the idea of a concurrency fuzzer, which is first of its kind. We use a combination of LLVM, Thread Sanitizer and fuzzing techniques to detect various concurrency issues in an application. The source code of the application is statically analyzed for various paths, from the different thread related function calls to the main function. Every basic block in these paths are assigned a unique ID and a weight based on the distance of the basic block from the thread function calls. These basic blocks are instrumented to print their ID and weight upon execution. The knowledge about the basic blocks in the sliced paths are used to generate new sets of inputs from the old ones, thus covering even more basic blocks in the path and thereby increasing the chances of hitting a concurrency warning. We use Thread Sanitizer present in the LLVM compiler infrastructure to detect the concurrency bug warnings while executing each input. The inputs are directed to discover even new address locations with possible concurrency issues. The system was tested on three simple multi-threaded applications pigz, pbzip2, and pixz. The results show a quicker detection of unique addresses in the application with possible concurrency issues.Concurrency fuzzing, Concurrency bugs, LLVM, Fuzzing, Static analysis, Source code analysis

AB - Concurrency bugs are as equally vulnerable as the bugs found in the single-threaded programs and these bugs can be exploited using concurrency attacks. Unfortunately, there is not much literature available in detecting various kinds of concurrency issues in a multi-threaded program due to its complexity and uncertainty. In this paper, we aim at detecting concurrency bugs by using directed evolutionary fuzzing with the help of static analysis of the source code. Concurrency bug detection involves two main entities: an input and a particular thread execution order. The evolutionary part of fuzzing will prefer inputs that involve memory access patterns across threads (data flow interleaving) and thread ordering that disturb the data dependence more and direct them to trigger concurrency bugs. This paper suggests the idea of a concurrency fuzzer, which is first of its kind. We use a combination of LLVM, Thread Sanitizer and fuzzing techniques to detect various concurrency issues in an application. The source code of the application is statically analyzed for various paths, from the different thread related function calls to the main function. Every basic block in these paths are assigned a unique ID and a weight based on the distance of the basic block from the thread function calls. These basic blocks are instrumented to print their ID and weight upon execution. The knowledge about the basic blocks in the sliced paths are used to generate new sets of inputs from the old ones, thus covering even more basic blocks in the path and thereby increasing the chances of hitting a concurrency warning. We use Thread Sanitizer present in the LLVM compiler infrastructure to detect the concurrency bug warnings while executing each input. The inputs are directed to discover even new address locations with possible concurrency issues. The system was tested on three simple multi-threaded applications pigz, pbzip2, and pixz. The results show a quicker detection of unique addresses in the application with possible concurrency issues.Concurrency fuzzing, Concurrency bugs, LLVM, Fuzzing, Static analysis, Source code analysis

UR - http://www.scopus.com/inward/record.url?scp=85076866598&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85076866598&partnerID=8YFLogxK

U2 - 10.1007/978-981-15-0029-9_53

DO - 10.1007/978-981-15-0029-9_53

M3 - Conference contribution

SN - 9789811500282

T3 - Advances in Intelligent Systems and Computing

SP - 667

EP - 691

BT - 1st International Conference on Sustainable Technologies for Computational Intelligence- Proceedings of ICTSCI 2019

A2 - Luhach, Ashish Kumar

A2 - Kosa, Janos Arpad

A2 - Poonia, Ramesh Chandra

A2 - Gao, Xiao-Zhi

A2 - Singh, Dharm

PB - Springer

ER -

Vinesh N, Rawat S, Bos H, Giuffrida C, Sethumadhavan M. Confuzz—a concurrency fuzzer. In Luhach AK, Kosa JA, Poonia RC, Gao X-Z, Singh D, editors, 1st International Conference on Sustainable Technologies for Computational Intelligence- Proceedings of ICTSCI 2019. Springer. 2020. p. 667-691. (Advances in Intelligent Systems and Computing). https://doi.org/10.1007/978-981-15-0029-9_53