Qiuyuan Chen,Lingfeng Bao,Li Li,Xin Xia,Liang Cai

DOI: https://doi.org/10.1109/APSEC.2018.00049

2018-01-01

Abstract:To share vulnerability information across separate databases, tools, and services, newly identified vulnerabilities are recurrently reported to Common Vulnerabilities and Exposures (CVE) database.Unfortunately, not all vulnerability reports will be accepted. Some of them might get rejected or be accepted with disputations.In this work, we refer to those rejected or disputed CVEs as invalid vulnerability reports. Invalid vulnerability reports not only cause unnecessary efforts to confirm the vulnerability but also impact the reputation of the software vendors. In this paper, we aim to understand the root causes of invalid vulnerability reports and build a prediction model to automatically identify them.To this end, we first leverage card sorting to categorize invalid vulnerability reports, from which six main reasons are observed for rejected and disputed CVEs, respectively.Then, we propose a text mining approach to predict the invalid vulnerability reports. Our experiments reveal that the proposed text mining approach can achieve an AUC score of 0.87 for predicting invalid vulnerabilities. We also discuss the implications of our study: our categorization can be used to guide new committer to avoid these traps; some root causes of invalid CVEs can be avoided by using automatic techniques or optimizing reviewing mechanism; invalid vulnerability reports data should not be neglected.

Xin Xia,Yang Feng,David Lo,Zhenyu Chen,Xinyu Wang

DOI: https://doi.org/10.1109/CSMR-WCRE.2014.6747163

2014-01-01

Abstract:In a modern software system, when a program fails, a crash report which contains an execution trace would be sent to the software vendor for diagnosis. A crash report which corresponds to a failure could be caused by multiple types of faults simultaneously. Many large companies such as Baidu organize a team to analyze these failures, and classify them into multiple labels (i.e., multiple types of faults). However, it would be time-consuming and difficult for developers to manually analyze these failures and come out with appropriate fault labels. In this paper, we automatically classify a failure into multiple types of faults, using a composite algorithm named MLL-GA, which combines various multi-label learning algorithms by leveraging genetic algorithm (GA). To evaluate the effectiveness of MLL-GA, we perform experiments on 6 open source programs and show that MLL-GA could achieve average F-measures of 0.6078 to 0.8665. We also compare our algorithm with Ml.KNN and show that on average across the 6 datasets, MLL-GA improves the average F-measure of MI.KNN by 14.43%.

Pengfei Wang,Jens Krinke,Xu Zhou,Kai Lu

DOI: https://doi.org/10.1002/cpe.5160

2019-01-01

Abstract:SummaryConcurrency bugs, such as atomicity‐violation bugs, are difficult to detect due to the uncertainty of thread‐scheduling. It is particularly difficult to conduct a thorough bug fix when an atomicity‐violation bug can be triggered by different buggy interleavings. This paper proposes a prediction‐based approach to comprehensively detect atomicity‐violation bugs. A bug fix can be incomplete when the developer cannot have all the buggy interleavings. Based on the candidate interleavings, this approach can predict unmanifested atomicity‐violation bugs from a non‐buggy execution and comprehensively display all the buggy interleavings for the same bug to assist a thorough fix. We use a monitored execution to record execution traces and predict potential buggy interleavings based on the candidate interleavings identified from the trace. Then, we use controlled executions to verify the predicted buggy interleavings by controlling the thread‐scheduling. We implemented a prototype tool called AVPredictor and evaluated it with real‐world tests. Experiments show that AVPredictor can effectively find all the known atomicity‐violation bugs as well as a previously unknown bug together with all the buggy interleavings for each bug. The runtime overhead is 13x for the monitored execution and 18x for the controlled execution.

Jingwen Zhao,Yanxia Wu,Yun Feng,Jibin Dong,Changting Shi

DOI: https://doi.org/10.1002/smr.2725

2024-01-01

Abstract:Atomicity violation bugs are a frequent problem in concurrency. Because of the unpredictable nature of thread interleaving, most current methods are unable to differentiate between harmful and benign atomicity violations. This makes it challenging to determine the existence of an actual bug. This paper presents a method for detecting atomicity violation bugs in programs based on user interaction. First, UserTrack matches access interleaving patterns to identify all potential violations. We then verify the programmer's atomicity intent between two logical access operations on the same thread and filter out some candidates. Finally, a user interaction mechanism checks the paths that do not produce atomicity violations when threads are interleaved. Our method focuses on a small number of interesting states and interleavings, while allowing the programmer to impose constraints on thread interleavings and explore all executions that satisfy these constraints. We continuously gather information through user feedback results and detect atomicity violation bugs that truly go against the programmer's intent. We evaluated the method using benchmark tests, which demonstrated the effectiveness of UserTrack in detecting atomicity violations. This method verifies the atomicity intent between nonserializable interleaving and logical access operations, allows programmers to impose constraints on thread interleaving, and explores all executions that satisfy these constraints and continuously gain information through user feedback to identify atomicity violation bugs that truly violate the programmer's intent. image

Ruixue Li,Bin Yu,Xu Lu,Lei Ke,Jiawei Chen,Zixuan Yuan,Jingxian Wang,Cong Tian,Yansong Dong

DOI: https://doi.org/10.1145/3691620.3695325

2024-01-01

Abstract:Interrupt-driven programs are widely used in safety-critical fields like aerospace and embedded systems. However, the unpredictable interleaving of Interrupt Service Routines (ISRs) can lead to concurrency bugs, particularly atomicity violations when ISRs preempt atomic sequences of instructions. To address this, we propose a dynamic approach for detecting atomicity violations in interrupt-driven programs. Extensive experiments demonstrate that our method is more precise and efficient than related approaches.

HU Min,CHEN Yu-ting

DOI: https://doi.org/10.3969/j.issn.1000-3428.2012.13.017

2012-01-01

Abstract:This paper proposes a novel dynamic detection algorithm to detect multi-variable atomicity violation without consulting atomicity specification or annotation.It defines different dimensions of distances among shared memory,and uses the associated variable relationship to detect the atoms violation mistakes,then infers the correlations through them to get the atomic regions.Experimental results show that this algorithm can get the related variables,and test the procedure which involves atomic violations mistakes of multi-variable.

Bin Yu,Cong Tian,Hengrui Xing,Zuchao Yang,Jie Su,Xu Lu,Jiyu Yang,Liang Zhao,Xiaofeng Li,Zhenhua Duan

DOI: https://doi.org/10.1145/3611643.3616276

2023-01-01

Abstract:Interrupt-driven programs have been widely used in safety-critical areas such as aerospace and embedded systems. However, uncertain interleaving execution of interrupt service routines (ISRs) usually causes concurrency bugs. Specifically, when one or more ISRs attempt to preempt a sequence of instructions which are expected to be atomic, a kind of concurrency bugs namely atomicity violation may occur, and it is challenging to find this kind of bugs precisely and efficiently. In this paper, we propose a static approach for detecting atomicity violations in interrupt-driven programs. First, the program model is constructed with interruption points being selected to determine the possibly influenced ISRs. After that, reachability computation is conducted to build up a whole abstract reachability tree, and a delayed ISR-triggering strategy is employed to reduce the state space. Meanwhile, unserializable interleaving patterns are recognized to achieve the goal of atomicity violation detection. The approach has been implemented as a configurable tool namely CPA4AV. Extensive experiments show that CPA4AV is much more precise than the relative tools available with little extra time overhead. In addition, more complex situations can be dealt with CPA4AV.

Teodor Rares Begu

DOI: https://doi.org/10.48550/arXiv.2305.05531

2023-05-09

Abstract:Artificial Intelligence has gained a lot of traction in the recent years, with machine learning notably starting to see more applications across a varied range of fields. One specific machine learning application that is of interest to us is that of software safety and security, especially in the context of parallel programs. The issue of being able to detect concurrency bugs automatically has intrigued programmers for a long time, as the added layer of complexity makes concurrent programs more prone to failure. The development of such automatic detection tools provides considerable benefits to programmers in terms of saving time while debugging, as well as reducing the number of unexpected bugs. We believe machine learning may help achieve this goal by providing additional advantages over current approaches, in terms of both overall tool accuracy as well as programming language flexibility. However, due to the presence of numerous challenges specific to the machine learning approach (correctly labelling a sufficiently large dataset, finding the best model types/architectures and so forth), we have to approach each issue of developing such a tool separately. Therefore, the focus of this project is on comparing both common and recent machine learning approaches. We abstract away the complexity of procuring a labelled dataset of concurrent programs under the form of a synthetic dataset that we define and generate with the scope of simulating real-life (concurrent) programs. We formulate hypotheses about fundamental limits of various machine learning model types which we then validate by running extensive tests on our synthetic dataset. We hope that our findings provide more insight in the advantages and disadvantages of various model types when modelling programs using machine learning, as well as any other related field (e.g. NLP).

Software Engineering,Machine Learning,Programming Languages

Qingkai Shi,Jeff Huang,Zhenyu Chen,Baowen Xu

DOI: https://doi.org/10.1109/tse.2015.2477820

IF: 7.4

2016-01-01

IEEE Transactions on Software Engineering

Abstract:Atomicity is a fundamental property to guarantee the isolation of a work unit (i.e., a sequence of related events in a thread) from concurrent threads. However, ensuring atomicity is often very challenging due to complex thread interactions. We present an approach to help developers verify whether such work units, which have triggered bugs due to certain violations of atomicity, are sufficiently synchronized or not by locks introduced for fixing the bugs. A key feature of our approach is that it combines the fortes of both bug-driven and change-aware techniques, which enables it to effectively verify synchronizations by testing only a minimal set of suspicious atomicity violations without any knowledge on the to-be-isolated work units, thus being more efficient and practical than other approaches. Besides, unlike existing approaches, our approach effectively utilizes all the inferred execution traces even they may not be completely feasible, such that the verification algorithm can converge much faster. We demonstrate via extensive evaluation that our approach is much more effective and efficient than the state-of-the-arts. Besides, we show that although there have existed sound automatic fixing techniques for atomicity violations, our approach is still necessary and useful for quality assurance of concurrent programs, because the assumption behind our approach is much weaker. We have also investigated one of the largest bug databases and found that insufficient synchronizations are common and difficult to be found in software development.

Yin Wang,Peng Liu,Terence Kelly,Stéphane Lafortune,Spyros A. Reveliotis,Charles Zhang

DOI: https://doi.org/10.1109/CDC.2012.6426112

2012-01-01

Abstract:Atomicity violations are among the most severe and prevalent defects in concurrent software. Numerous algorithms and tools have been developed to detect atomicity bugs, but few solutions exist to automatically fix such bugs. Some existing solutions add locks to enforce atomicity, which can introduce deadlocks into programs. Our recent work avoids deadlock bugs in concurrent programs by adding control logic synthesized using Discrete Event Systems theory. In this paper, we extend this control framework to address single-variable atomicity violation bugs. We use the same class of Petri net models as in our prior work to capture program semantics, and handle atomicity violations by control specifications in the form of linear inequalities. We propose two methodologies for synthesizing control logic that enforces these linear inequalities without causing deadlocks; the resulting control logic is embedded into the program's source code by program instrumentation. These results extend the scope of concurrency bugs in software systems that can be handled by techniques from control engineering. Case studies involving two real Java programs demonstrate our solution procedure.

Yan Cai,Biyun Zhu,Ruijie Meng,Hao Yun,Liang He,Purui Su,Bin Liang

DOI: https://doi.org/10.1145/3338906.3338927

2019-01-01

Abstract:Memory corruption vulnerabilities can occur in multithreaded executions, known as concurrency vulnerabilities in this paper. Due to non-deterministic multithreaded executions, they are extremely difficult to detect. Recently, researchers tried to apply data race detectors to detect concurrency vulnerabilities. Unfortunately, these detectors are ineffective on detecting concurrency vulnerabilities. For example, most (90%) of data races are benign. However, concurrency vulnerabilities are harmful and can usually be exploited to launch attacks. Techniques based on maximal causal model rely on constraints solvers to predict scheduling; they can miss concurrency vulnerabilities in practice. Our insight is, a concurrency vulnerability is more related to the orders of events that can be reversed in different executions, no matter whether the corresponding accesses can form data races. We then define exchangeable events to identify pairs of events such that their execution orders can be probably reversed in different executions. We further propose algorithms to detect three major kinds of concurrency vulnerabilities. To overcome potential imprecision of exchangeable events, we also adopt a validation to isolate real vulnerabilities. We implemented our algorithms as a tool ConVul and applied it on 10 known concurrency vulnerabilities and the MySQL database server. Compared with three widely-used race detectors and one detector based on maximal causal model, ConVul was significantly more effective by detecting 9 of 10 known vulnerabilities and 6 zero-day vulnerabilities on MySQL (four have been confirmed). However, other detectors only detected at most 3 out of the 16 known and zero-day vulnerabilities.

Sanjana Singh,Divyanjali Sharma,Subodh Sharma

DOI: https://doi.org/10.48550/arXiv.2103.01553

2021-03-02

Programming Languages

Abstract:We investigate the problem of runtime analysis of C11 programs under Multi-Copy-Atomic semantics (MCA). Under MCA, one can analyze program outcomes solely through interleaving and reordering of thread events. As a result, obtaining intuitive explanations of program outcomes becomes straightforward. Newer versions of ARM (ARMv8 and later), Alpha, and Intel's x-86 support MCA. Our tests reveal that state-of-the-art dynamic verification techniques that analyze program executions under the C11 memory model generate safety property violations that can be interpreted as false alarms under MCA semantics. Sorting the true from false violations puts an undesirable burden on the user. In this work, we provide a dynamic verification technique (MoCA) to analyze C11 program executions which are permitted under the MCA model. We design a happens-before relation and introduce coherence rules to capture precisely those C11 program executions which are allowed under the MCA model. MoCA's exploration of the state-space is based on the state-of-the-art dynamic verification algorithm, source-DPOR. Our experiments validate that MoCA captures all coherent C11 program executions, and is precise for the MCA model.

Sicong Cao,Xiaobing Sun,Lili Bo,Rongxin Wu,Bin Li,Xiaoxue Wu,Chuanqi Tao,Tao Zhang,Wei Liu

DOI: https://doi.org/10.1145/3624744

IF: 3.685

2024-01-01

ACM Transactions on Software Engineering and Methodology

Abstract:Memory-related vulnerabilities can result in performance degradation or even program crashes, constituting severe threats to the security of modern software. Despite the promising results of deep learning (DL)-based vulnerability detectors, there exist three main limitations: (1) rich contextual program semantics related to vulnerabilities have not yet been fully modeled; (2) multi-granularity vulnerability features in hierarchical code structure are still hard to be captured; and (3) heterogeneous flow information is not well utilized. To address these limitations, in this article, we propose a novel DL-based approach, called MVD+ , to detect memory-related vulnerabilities at the statement-level. Specifically, it conducts both intraprocedural and interprocedural analysis to model vulnerability features, and adopts a hierarchical representation learning strategy, which performs syntax-aware neural embedding within statements and captures structured context information across statements based on a novel Flow-Sensitive Graph Neural Networks, to learn both syntactic and semantic features of vulnerable code. To demonstrate the performance, we conducted extensive experiments against eight state-of-the-art DL-based approaches as well as five well-known static analyzers on our constructed dataset with 6,879 vulnerabilities in 12 popular C/C++ applications. The experimental results confirmed that MVD+ can significantly outperform current state-of-the-art baselines and make a great trade-off between effectiveness and efficiency.

Long Pang,Xiaohong Su,Peijun Ma,Lingling Zhao

DOI: https://doi.org/10.5121/ijsea.2013.4605

2013-01-01

Abstract:The atomicity of correlated variables isquite tedious and error prone for programmers to explicitly infer and specify in the multi-threaded program. Researchers have studied the automatic discovery of atomic set programmers intended, such as by frequent itemsetmining and rules-based filter. However, due to thelack of inspection of inner structure, some implicit sematics independent variables intended by user are mistakenly classified to be correlated. In this paper, we present anovel simplification method forprogram dependency graph and the corresponding graphmining approach to detect the set of variables correlated by logical structures in the source code. This approach formulates the automatic inference of the correlated variables as mining frequent subgra ph of the simplified data and control flow dependency graph. The presented simplified graph representation of program dependency is not only robust for coding style’s varieties, but also essential to recognize the logical correlation. We implemented our me thod and compared it with previous methods on the open source programs’ repositories. The experiment results show that our method has less false positive rate than previous methods in the development initial stage. It is concluded that our presented methodcan provide programmers in the development with the sufficient precise correlated variable set for checking atomicity .

Xiao-Hong SU,Zhen YU,Tian-Tian WANG,Pei-Jun MA

DOI: https://doi.org/10.11897/SP.J.1016.2015.02215

2015-01-01

Abstract:The prevalent multi-core architecture today makes real concurrency come true.In order to benefit from the concurrency power of hardware,concurrent programming is becoming more and more popular.However,out of inherent concurrency and non-determinism,concurrent programs are more likely to suffer from concurrency bugs,which are hard to detect,debug and repair.In this paper,we point out the trend that software development is turning toward concurrent model from sequential model.We reveal three characteristics respectively for concurrent programs and concurrency bugs and explore three challenges confronted by concurrency bug analysis.We then divide concurrency bugs into four categories,i.e.deadlock,data race,atomicity violation and order violation and investigate relations among them.For each category of concurrency bugs, we make analyses,comparisons and summarizations on previous researches about how to quickly expose,in time detect and efficiently avoid them.At last,we look into the research priorities in future from the following five aspects:smart and quick concurrency bugs exposure,common and accurate concurrency bug detection,deterministic replay support,collaborative design involving software and hardware and new concurrent programming model.

Qinchen Liu,Jianwen Xiang,Bin Xu,Dongdong Zhao,Wenhua Hu,Jian Wang

DOI: https://doi.org/10.1109/dsa51864.2020.00020

2020-01-01

Abstract:Software aging refers to the phenomenon of system performance degradation or system crash in long-term running systems, which is mainly caused by Aging-Related Bugs (ARBs). To predict Aging-Related Bugs, previous studies usually focused on manually designing features, which extracted from the programs, and utilized different machine learning algorithms to detect those buggy codes. However, these traditional features often failed to distinguish programs’ semantic differences.To explore deeply programs’ semantics and make full use of these information, in this paper, we proposed a method, which based on deep learning method to automatically learn programs’ semantic features of source codes. Specifically, we utilized Convolutional Neural Network (CNN) to automatically generate more distinguished features which based on the Abstract Syntax Trees (ASTs) of programs. Meanwhile, we combined these features with conventional aging-related metrics for more accurate ARB prediction. Finally, we evaluated our model on Linux and MySQL datasets, the experiment results showed that our approach was better than the baselines. The improvement can be achieved up to 6.9% on Linux, and 24.1% on MySQL in terms of balance, compared to traditional Naive Bayes method. And compared to Naive Bayes with logarithmic transformation, the improvement is 1% and 4.7% respectively.

Xiang Du,Liangze Yin,Haining Feng,Wei Dong

DOI: https://doi.org/10.1109/apsec53868.2021.00033

2021-01-01

Abstract:Due to the non-deterministic occurring of interrupt service routines, vulnerabilities of interrupt-driven programs, such as data race and atomicity violation, are usually hard to discover. Static analysis is an effective method for vulnerability analysis of interrupt-driven programs. However, existing techniques usually produce a large number of false alarms, which limits the application of static analysis in practice. To achieve high precision in vulnerability analysis of interrupt-driven programs, this paper proposes a program verification enhanced precise analysis method. For each potential vulnerability detected by static analysis, we propose a vulnerability validation approach which employs program verification to further automatically verify its feasibility. We have implemented a prototype of our method on top of CBMC. Experimental results on both an academic benchmark and 24 real-world programs show that our method can successfully identify true vulnerabilities and achieve a high precise analysis.

Baojun Ma,Huaping Zhang,Guoqing Chen,Yanping Zhao,Bart Baesens

DOI: https://doi.org/10.1142/s021819401450003x

IF: 1.007

2014-01-01

International Journal of Software Engineering and Knowledge Engineering

Abstract:It is a recurrent finding that software development is often troubled by considerable delays as well as budget overruns and several solutions have been proposed in answer to this observation, software fault prediction being a prime example. Drawing upon machine learning techniques, software fault prediction tries to identify upfront software modules that are most likely to contain faults, thereby streamlining testing efforts and improving overall software quality. When deploying fault prediction models in a production environment, both prediction performance and model comprehensibility are typically taken into consideration, although the latter is commonly overlooked in the academic literature. Many classification methods have been suggested to conduct fault prediction; yet associative classification methods remain uninvestigated in this context. This paper proposes an associative classification (AC)-based fault prediction method, building upon the CBA2 algorithm. In an empirical comparison on 12 real-world datasets, the AC-based classifier is shown to achieve a predictive performance competitive to those of models induced by five other tree/rule-based classification techniques. In addition, our findings also highlight the comprehensibility of the AC-based models, while achieving similar prediction performance. Furthermore, the possibilities of cross project prediction are investigated, strengthening earlier findings on the feasibility of such approach when insufficient data on the target project is available.

Chunyang Ye,S. C. Cheung,W. K. Chan,Chang Xu

DOI: https://doi.org/10.1145/1287624.1287658

2007-01-01

Abstract:Atomicity is a desirable property that safeguards application consistency for service compositions. A service composition exhibiting this property could either complete or cancel itself without any side effects. It is possible to achieve this property for a service composition by selecting suitable web services to form an atomicity sphere. However, this property might still be breached at runtime due to the interference between various service compositions caused by implicit interactions. Existing approaches to addressing this problem by restricting concurrent execution of services to avoid all implicit interactions however compromise the performance of service compositions due to the long running nature of web services. In this paper, we propose a novel static approach to analyzing the implicit interactions a web service may incur and their impacts on the atomicity property in each of its service compositions. By locating afflicted implicit interactions in a service composition, behavior constraints based on property propagation are formulated as local safety properties, which can then be enforced by the affected web services at runtime to suppress the impacts of the afflicted implicit interactions. We show that the satisfaction of these safety properties exempts the atomicity property of this service composition from being interfered by other services at runtime. The approach is illustrated using two service applications.

Dezhi Wang,Lei Xu,Baowen Xu,Weifeng Zhang

DOI: https://doi.org/10.1109/sate.2016.14

2016-01-01

Abstract:In Web applications, atomicity violations caused by AJAX (Asynchronous JavaScript and XML) generate non-determinism and inconsistency. This paper introduces a dynamical detecting approach for atomicity violations in AJAX. Implemented based on Jalangi, an existing instrumentation framework, our technique monitors the execution of a Web application and tracks the Function Callback Flow to find atomic regions by taint analysis. Next, we build a dynamic event model, so as to precisely record the related DOM elements in call and callback steps with low overhead. Then we develop an event-based algorithm to acquire the results, which are classified into different severity levels (benign or harmful). Finally, we conduct an empirical experiment on a subset of Alexa top-ranked websites. Our tool detects 175 DOM related atomicity violations in which 48.6% of violations are identified as harmful after manual inspection.