Boqin Qin,Yilun Chen,Haopeng Liu,Hua Zhang,Qiaoyan Wen,Linhai Song,Yiying Zhang

DOI: https://doi.org/10.1109/tse.2024.3380393

IF: 7.4

2024-01-01

IEEE Transactions on Software Engineering

Abstract:Rust is a relatively new programming language designed for systems software development. Its objective is to combine the safety guarantees typically associated with high-level languages with the performance efficiency often found in executable programs implemented in low-level languages. The core design of Rust is a set of strict safety rules enforced through compile-time checks. However, to support more low-level controls, Rust also allows programmers to bypass its compiler checks by writing unsafe code. As the adoption of Rust grows in the development of safety-critical software, it becomes increasingly important to understand what safety issues may elude Rust’s compiler checks and manifest in real Rust programs.In this paper, we conduct a comprehensive, empirical study of Rust safety issues by close, manual inspection of 70 memory bugs, 100 concurrency bugs, and 110 programming errors leading to unexpected execution panics from five open-source Rust projects, five widely-used Rust libraries, and two online security databases. Our study answers three important questions: what memory-safety issues real Rust programs have, what concurrency bugs Rust programmers make, and how unexpected panics in Rust programs are caused. Our study reveals interesting real-world Rust program behaviors and highlights new issues made by Rust programmers. Building upon the findings of our study, we design and implement five static detectors. After being applied to the studied Rust programs and another 12 selected Rust projects, our checkers pinpoint 96 previously unknown bugs and report a negligible number of false positives, confirming their effectiveness and the value of our empirical study.

Kaiwen Zhang,Guanjun Liu

DOI: https://doi.org/10.48550/arxiv.2212.02754

2022-01-01

Abstract:This paper presents a method of automatically converting source codes (Rust programs) into Petri nets, focusing on the detection of deadlocks caused by the double locks and lock conflicts in the parallel Rust programs. We construct the transformation rules and develop a tool. Our method can omit those Rust codes without relations to locks when scanning the input codes, and thus tool can handle a large-scale code. We do a number of experiments to show the advantages of our method compared with the state-of-the-art ones.

Yu Zhen,Su Xiaohong,Qiu Jing

DOI: https://doi.org/10.7544/issn1000-1239.2017.20160369

2017-01-01

Abstract:Deadlock bugs are hard to expose, reproduce and diagnose.Once happening, they will cause increasing response time, decreasing throughput, or even crash to the target multithreaded programs.However, current deadlock detection techniques can detect only one mutex-caused deadlock at a time.In order to detect all possible deadlocks one time caused by multiple threads and multiple mutexes or rwlocks, this paper proposes the concept of multiple-type lock allocation graph (MLAG) and its construction method.Then a MLAG-based dynamic detection algorithm to detect multiple types of deadlocks is proposed.By instrumenting all lock/unlock operations on mutexes and rwlocks, our method dynamically constructs and real-time updates a MLAG which reflects the synchronization state of the target program.Our method detects deadlock bugs by detecting cycles on the MALG and checking whether or not a cycle is a deadlock cycle.When a deadlock is detected, the method outputs information about that bug to assist debugging.The experimental results on benchmarks show that our method is strong in deadlock detection for successfully detecting all 13 deadlock bugs with 5 types, and has a slight impact on target programs for incurring at most 10.15% slowdown to openldap-2.2.20's performance, and is scalable because the overhead increase gently along with an exponentially increasing number of threads.

毛澄映,卢炎生,张金隆,卢超

2008-01-01

Abstract:Deadlock is one type of errors in most multi-threaded programs, and it hasn't been well settled until today. In this paper, a dynamic detection algorithm for finding resource deadlocks in concurrent Java programs has been proposed. Based on the execution trace information of a concurrent program, it produces locking control dependency relations firstly. Subsequently, the potential deadlocks can be worked out through imposing some relation calculations on the achieved locking control dependency relations. Furthermore, some static information of inter-thread control flow graph (ITCFG) is introduced to increase the precision of results. The presented algorithm is so simple that it can be easily implemented; on the other hand, it doesn't need to construct graphical representation such as lock tree and lock graph in the existing methods.

Kaiwen Zhang,Guanjun Liu

DOI: https://doi.org/10.1109/codit62066.2024.10708563

2024-01-01

Abstract:This paper introduces an innovative method for converting Rust source code to Petri nets while checking deadlock detection caused by synchronization primitives such as Mutex, RwLock, and CandVar in concurrent Rust programs. We establish conversion rules and develop tools to facilitate this process. During the scanning process, this method can exclude functions unrelated to locks, thus reducing the size of the Petri net. The experiment proves that our method is superior to the most advanced one.

Mohan Cui,Chengjun Chen,Hui Xu,Yangfan Zhou

DOI: https://doi.org/10.1145/3542948

IF: 3.685

2022-06-21

ACM Transactions on Software Engineering and Methodology

Abstract:Rust is an emerging programming language that aims to prevent memory-safety bugs. However, the current design of Rust also brings side effects, which may increase the risk of memory-safety issues. In particular, it employs OBRM (ownership-based resource management) and enforces automatic deallocation of unused resources without using the garbage collector. It may therefore falsely deallocate reclaimed memory and lead to use-after-free or double-free issues. In this paper, we study the problem of invalid memory deallocation and propose SafeDrop , a static path-sensitive data-flow analysis approach to detect such bugs. Our approach analyzes each function of a Rust crate iteratively in a flow-sensitive and field-sensitive way. It leverages a modified Tarjan algorithm to achieve scalable path-sensitive analysis and a cache-based strategy for efficient inter-procedural analysis. We have implemented our approach and integrated it into the Rust compiler. Experiment results show that the approach can successfully detect all such bugs in our experiments with a limited number of false positives and incurs a very small overhead compared to the original compilation time.

computer science, software engineering

Boqin Qin,Yilun Chen,Zeming Yu,Linhai Song,Yiying Zhang

DOI: https://doi.org/10.1145/3385412.3386036

2020-01-01

Abstract:Rust is a young programming language designed for systems software development. It aims to provide safety guarantees like high-level languages and performance efficiency like low-level languages. The core design of Rust is a set of strict safety rules enforced by compile-time checking. To support more low-level controls, Rust allows programmers to bypass these compiler checks to write unsafe code. It is important to understand what safety issues exist in real Rust programs and how Rust safety mechanisms impact programming practices. We performed the first empirical study of Rust by close, manual inspection of 850 unsafe code usages and 170 bugs in five open-source Rust projects, five widely-used Rust libraries, two online security databases, and the Rust standard library. Our study answers three important questions: how and why do programmers write unsafe code, what memory-safety issues real Rust programs have, and what concurrency bugs Rust programmers make. Our study reveals interesting real-world Rust program behaviors and new issues Rust programmers make. Based on our study results, we propose several directions of building Rust bug detectors and built two static bug detectors, both of which revealed previously unknown bugs.

Lei Xia,Yufei Wu,Baojian Hua

DOI: https://doi.org/10.1109/qrs-c60940.2023.00102

2023-01-01

Abstract:Rust is a modern system-level programming language providing strong security guarantees, which has been widely applied in building software infrastructures. However, unsafe Rust, a language feature introduced for programming flexibility and efficiency, can be prone to memory vulnerabilities due to the lack of compile-time and run-time checks. Worse yet, it is challenging to diagnose such memory vulnerabilities in Rust programs, due to the subtle interactions between the safe and unsafe code. This paper presents Rustcheck, the first memory safety enhancement framework for dynamic program analysis of Rust programs. The key idea of Rustcheck is to dynamically detect memory safety issues caused by the improper use of unsafe Rust through static instrumentations. We have implemented a software prototype for Rustcheck and conducted experiments to evaluate the effectiveness and performance of it by applying Rustcheck to 56 CVES from real-world Rust projects. And experimental results showed that Rustcheck can successfully detect all of 65 memory vulnerabilities in CVEs, with low runtime overhead (3.30% on average) to the Rust projects being checked.

Baowen Xu,Bei Chu,Hongcheng Fan,Yang Feng 0003

DOI: https://doi.org/10.1007/978-981-99-6222-8_37

2023-01-01

Abstract:Memory safety is a critical concern in software development, as related issues often lead to program crashes, vulnerabilities, and security breaches, leading to severe consequences for applications and systems. This paper provides a detailed analysis of how Rust effectively addresses memory safety concerns. The paper first introduces the concepts of ownership, reference and lifetime in Rust, highlighting how they contribute to ensuring memory safety. It then delves into an examination of common memory safety issues and how they manifest in popular programming languages. Rust’s solutions to these issues are compared to those of other languages, emphasizing the benefits of using Rust for enhanced memory safety. In conclusion, this paper offers a comprehensive exploration of prevalent memory safety issues in programming and demonstrates how Rust effectively addresses them. With its encompassing mechanisms and strict rules, Rust proves to be a reliable choice for developers aiming to achieve enhanced memory safety in their programming endeavors.

Zhijian Huang,Yong Jun Wang,Jing Liu

DOI: https://doi.org/10.1587/transinf.2018edl8040

2018-01-01

IEICE Transactions on Information and Systems

Abstract:The rising systems programming language Rust is fast, efficient and memory safe. However, improperly dereferencing raw pointers in Rust causes new safety problems. In this paper, we present a detailed analysis into these problems and propose a practical hybrid approach to detecting unsafe raw pointer dereferencing behaviors. Our approach employs pattern matching to identify functions that can be used to generate illegal multiple mutable references (We define them as thief function) and instruments the dereferencing operation in order to perform dynamic checking at runtime. We implement a tool named UnsafeFencer and has successfully identified 52 thief functions in 28 real-world crates*, of which 13 public functions are verified to generate multiple mutable references.

Elena Giachino,Cosimo Laneve,Michael Lienhardt

DOI: https://doi.org/10.1007/s10270-014-0444-y

2015-11-16

Abstract:We present a framework for statically detecting deadlocks in a concurrent object-oriented language with asynchronous method calls and cooperative scheduling of method activations. Since this language features recursion and dynamic resource creation, deadlock detection is extremely complex and state-of-the-art solutions either give imprecise answers or do not scale. In order to augment precision and scalability we propose a modular framework that allows several techniques to be combined. The basic component of the framework is a front-end inference algorithm that extracts abstract behavioural descriptions of methods, called contracts, which retain resource dependency information. This component is integrated with a number of possible different back-ends that analyse contracts and derive deadlock information. As a proof-of-concept, we discuss two such back-ends: (i) an evaluator that computes a fixpoint semantics and (ii) an evaluator using abstract model checking.

Programming Languages

Elena Giachino,Cosimo Laneve

DOI: https://doi.org/10.1007/978-3-319-07317-0_2

2014-01-01

Abstract:Deadlock detection in recursive programs that admit dynamic resource creation is extremely complex and solutions either give imprecise answers or do not scale.We define an algorithm for detecting deadlocks of linear recursive programs of a basic model. The theory that underpins the algorithm is a generalization of the theory of permutations of names to so-called mutations, which transform tuples by introducing duplicates and fresh names.Our algorithm realizes the back-end of deadlock analyzers for object-oriented programming languages, once the association programs/basic-model-programs has been defined as front-end.

Faming Lu,Fenghua Lv,Minghao Cui,Yunxia Bao,Qingtian Zeng

DOI: https://doi.org/10.1109/access.2024.3384489

IF: 3.9

2024-04-20

IEEE Access

Abstract:Program deadlock detection plays an important role in ensuring the stability of software systems. In view of the high efficiency and low false alarm rate, dynamic deadlock analysis methods are widely studied. However, existing dynamic analysis methods use lock graph or its extended variants to model program behavior. Since there are information loss in existing lock graphs, deadlock false positives still exist. To solve the problem, a novel 2-stage dynamic deadlock analysis method is proposed. In the first stage, a Petri net model of the program is constructed by analyzing program running traces. Then, unfolding-based Petri net dead marking detection methods are used to identify potential program deadlocks. In the second stage, based on Petri net unfolding techniques, a deterministic program scheduling scheme that can be used for deadlock replay is derived for each potential deadlock. Each successfully replayed program deadlock is a real deadlock. It is shown that the proposed deadlock detection and replay method can eliminate more false positives compared to general dynamic methods, and the deadlock replay scheme is deterministic and easy to understand compared with existing random scheduling strategies.

computer science, information systems,telecommunications,engineering, electrical & electronic

Kai Stadtmüller,Martin Sulzmann,Peter Thiemann

DOI: https://doi.org/10.48550/arXiv.1608.08330

2016-08-30

Programming Languages

Abstract:We consider the problem of static deadlock detection for programs in the Go programming language which make use of synchronous channel communications. In our analysis, regular expressions extended with a fork operator capture the communication behavior of a program. Starting from a simple criterion that characterizes traces of deadlock-free programs, we develop automata-based methods to check for deadlock-freedom. The approach is implemented and evaluated with a series of examples.

Chengquan Zhang,Yang Feng,Yaokun Zhang,Yuxuan Dai,Baowen Xu

DOI: https://doi.org/10.1109/qrs62785.2024.00035

2024-01-01

Abstract:Rust is a nascent programming language designed to improve memory safety for system programming while maintaining high performance. The Rust language ensures memory safety through its ownership mechanism and by performing compile-time checks on safe code. However, for low-level controls, developers are allowed to bypass these checks by marking their code as unsafe, which in turn introduces memory vulnerabilities. Beyond these memory-related concerns, the existence and nature of other common bugs such as run-time panics have not been thoroughly explored. In this paper, we conduct a comprehensive empirical study to characterize bugs and their fixes beyond memory safety concerns by manually inspecting bug patches in Rust programs. We identify 790 bug fixes from 1100 commits in six widely-used Rust projects and the Rust standard library, and then investigate their root causes and symptoms. Furthermore, we analyze the relationships between these bugs and unsafe code (i.e., whether they are caused by the use of unsafe code and to what extent it impacts them). Our bug study introduces a classification of 15 root causes and 6 symptoms, and categorizes bugs into different groups according to their relationships with safe/unsafe code. We identify 19 major findings and draw broader lessons from them to guide the research community towards future directions in program testing, analysis, fault localization, and repair for Rust language.

潘敏学,李倩,李宣东

DOI: https://doi.org/10.3778/j.issn.1673-9418.2010.02.007

2010-01-01

Abstract:The non-determinism in concurrent software obstructs the detection of deadlocks.Previous work focuses on detecting deadlocks by only using a single approach or a single tool.This paper evaluates the capabilities of contemporary deadlock detection tools.Based on the comparison results,an integrated application of deadlock detection tools is proposed,which incorporates all detection approaches from analysis,verification to testing.Moreover a set of metrics is presented to assess the detection results of these tools based on the different nature of analysis,verification and testing.The empirical results show the effectiveness of this method.

ZHANG Hai-Peng,LI Xi

DOI: https://doi.org/10.3969/j.issn.1003-3254.2013.10.003

2013-01-01

Abstract:This paper introduces a method to detect operating system deadlock.The method consists of three stages:(1) finding the lock-holders by detecting whether the locks and unlocks are paired.(2) finding the lock-waiters by filtering the abnormal process.(3) the method will occur deadlock warning if there is a cycle in the waits-for graph.The results show that the method has only 1% influence to the performance,and does not need to modify Linux kernel and detected program source code.

DING Zuo-Hua,JIANG Ming-Yue,Jing Liu

DOI: https://doi.org/10.3724/SP.J.1016.2009.01736

2009-01-01

Jisuanji Xuebao/Chinese Journal of Computers

Abstract:Detection of deadlock of concurrent programs by static analysis is in general difficult because of state-space explosion. This paper gives the feasibility test of a deadlock detection method avoiding explosion of state space entirely, which method was proposed by author, by conducting more experiments. The frame of this method is as following: Firstly a Petri net, which represents a concurrent system, is continued to a new continuous Petri net. Then based on this continuous Petri net model, a concurrent system can be modeled by a family of ordinary differential equations. Finally the system deadlocks can be checked by analyzing the solution of this family of ordinary differential equations. Thus instead of exploring reachable states as in traditional methods, the solution of a family of ordinary differential equations is analyzed. Some strategies are developed in order to optimize the method. Dining philosopher problem has been employed to illustrate the method. More experiments have been conducted, and the experimental data shows that the method has strong ability in static analysis. As a byproduct, the method can also been used to check the boundedness of a system.

Zeming Yu,Linhai Song,Yiying Zhang

DOI: https://doi.org/10.48550/arXiv.1902.01906

2019-02-05

Programming Languages

Abstract:Rust is a popular programming language in building various low-level software in recent years. It aims to provide safe concurrency when implementing multi-threaded software through a suite of compiler checking rules. Unfortunately, there is limited understanding of how the checking rules influence the safety of concurrent programming in Rust applications. In this paper, we perform a preliminary study on Rust's concurrency safety from two aspects: concurrency usage and concurrency bugs. Our study can provide better understanding on Rust's concurrency and can guide future researchers and practitioners in writing better, more reliable Rust software and in developing debugging and bug detection tools for Rust.

Hui Xu,Zhuangbin Chen,Mingshen Sun,Yangfan Zhou,Michael R. Lyu

DOI: https://doi.org/10.1145/3466642

IF: 3.685

2022-01-31

ACM Transactions on Software Engineering and Methodology

Abstract:Rust is an emerging programming language that aims at preventing memory-safety bugs without sacrificing much efficiency. The claimed property is very attractive to developers, and many projects start using the language. However, can Rust achieve the memory-safety promise? This article studies the question by surveying 186 real-world bug reports collected from several origins, which contain all existing Rust common vulnerability and exposures (CVEs) of memory-safety issues by 2020-12-31. We manually analyze each bug and extract their culprit patterns. Our analysis result shows that Rust can keep its promise that all memory-safety bugs require unsafe code, and many memory-safety bugs in our dataset are mild soundness issues that only leave a possibility to write memory-safety bugs without unsafe code. Furthermore, we summarize three typical categories of memory-safety bugs, including automatic memory reclaim, unsound function, and unsound generic or trait. While automatic memory claim bugs are related to the side effect of Rust newly-adopted ownership-based resource management scheme, unsound function reveals the essential challenge of Rust development for avoiding unsound code, and unsound generic or trait intensifies the risk of introducing unsoundness. Based on these findings, we propose two promising directions toward improving the security of Rust development, including several best practices of using specific APIs and methods to detect particular bugs involving unsafe code. Our work intends to raise more discussions regarding the memory-safety issues of Rust and facilitate the maturity of the language.

computer science, software engineering