Shixiong Zhao,Rui Gu,Haoran Qiu,Tsz On Li,Yuexuan Wang,Heming Cui,Junfeng Yang

DOI: https://doi.org/10.1109/DSN.2018.00033

2018-01-01

Abstract:Just like bugs in single-threaded programs can lead to vulnerabilities, bugs in multithreaded programs can also lead to concurrency attacks. We studied 31 real-world concurrency attacks, including privilege escalations, hijacking code executions, and bypassing security checks. We found that compared to concurrency bugs' traditional consequences (e.g., program crashes), concurrency attacks' consequences are often implicit, extremely hard to be observed and diagnosed by program developers. Moreover, in addition to bug-inducing inputs, extra subtle inputs are often needed to trigger the attacks. These subtle features make existing tools ineffective to detect concurrency attacks. To tackle this problem, we present OWL, the first practical tool that models general concurrency attacks' implicit consequences and automatically detects them. We implemented OWL in Linux and successfully detected five new concurrency attacks, including three confirmed and fixed by developers, and two exploited from previously known and well-studied concurrency bugs. OWL has also detected seven known concurrency attacks. Our evaluation shows that OWL eliminates 94.1% of the reports generated by existing concurrency bug detectors as false positive, greatly reducing developers' efforts on diagnosis. All OWL source code, concurrency attack exploit scripts, and results are available on github.com/hku-systems/owl.

Yan Cai,Biyun Zhu,Ruijie Meng,Hao Yun,Liang He,Purui Su,Bin Liang

DOI: https://doi.org/10.1145/3338906.3338927

2019-01-01

Abstract:Memory corruption vulnerabilities can occur in multithreaded executions, known as concurrency vulnerabilities in this paper. Due to non-deterministic multithreaded executions, they are extremely difficult to detect. Recently, researchers tried to apply data race detectors to detect concurrency vulnerabilities. Unfortunately, these detectors are ineffective on detecting concurrency vulnerabilities. For example, most (90%) of data races are benign. However, concurrency vulnerabilities are harmful and can usually be exploited to launch attacks. Techniques based on maximal causal model rely on constraints solvers to predict scheduling; they can miss concurrency vulnerabilities in practice. Our insight is, a concurrency vulnerability is more related to the orders of events that can be reversed in different executions, no matter whether the corresponding accesses can form data races. We then define exchangeable events to identify pairs of events such that their execution orders can be probably reversed in different executions. We further propose algorithms to detect three major kinds of concurrency vulnerabilities. To overcome potential imprecision of exchangeable events, we also adopt a validation to isolate real vulnerabilities. We implemented our algorithms as a tool ConVul and applied it on 10 known concurrency vulnerabilities and the MySQL database server. Compared with three widely-used race detectors and one detector based on maximal causal model, ConVul was significantly more effective by detecting 9 of 10 known vulnerabilities and 6 zero-day vulnerabilities on MySQL (four have been confirmed). However, other detectors only detected at most 3 out of the 16 known and zero-day vulnerabilities.

Rulin Xu,Xiaoguang Mao,Luohui Chen,Yue Yu

DOI: https://doi.org/10.1109/jcc59055.2023.00014

2023-01-01

Abstract:Memory vulnerability detection aims to identify software defects that can compromise memory safety. However, existing methods often struggle to achieve both high precision and efficiency. This paper presents a high-precision memory vulnerability detection approach based on value flow analysis and parallel computing. We first construct a static semantic representation called SVFG to enable precise detection of memory vulnerabilities such as null pointer dereference and use-after-free. We then perform dependency-aware path feasibility analysis using an SMT solver to reduce false positives. Finally, we develop a task-level parallel framework to accelerate the constraint solving process and improve efficiency.We evaluate our approach on the Juliet test set of over 2,000 test cases and 7 open-source projects. Experimental results show that our dependency-aware analysis can achieve 0.5%-2.05% false positive rates, outperforming traditional approaches and existing tools. Our task-level parallel framework can achieve up to 3.25x speedup with 4 computing nodes.Our study demonstrates that combining value flow analysis and parallel computing is a promising way to enable highly precise and efficient detection of memory vulnerabilities. For future work, we plan to integrate pointer analysis to support more complex codes, and optimize the granularity of parallelism to improve scalability. Overall, this paper presents a static analysis based method to address the inherent trade-off between precision and efficiency in memory vulnerability detection.

Changming Liu,Deqing Zou,Peng Luo,Bin B. Zhu,Hai Jin

DOI: https://doi.org/10.1145/3274694.3274718

2018-01-01

Abstract:With a growing demand of concurrent software to exploit multi-core hardware capability, concurrency vulnerabilities have become an inevitable threat to the security of today's IT industry. Existing concurrent program detection schemes focus mainly on detecting concurrency errors such as data races, atomicity violation, etc., with little attention paid to detect concurrency vulnerabilities that may be exploited to infringe security. In this paper, we propose a heuristic framework that combines both static analysis and fuzz testing to detect targeted concurrency vulnerabilities such as concurrency buffer overflow, double free, and use-after-free. The static analysis locates sensitive concurrent operations in a concurrent program, categorizes each finding into a potential type of concurrency vulnerability, and determines the execution order of the sensitive operations in each finding that would trigger the suspected concurrency vulnerability. The results are then plugged into the fuzzer with the execution order fixed by the static analysis in order to trigger the suspected concurrency vulnerabilities. In order to introduce more variance which increases possibility that the concurrency errors can be triggered, we also propose manipulation of thread scheduling priority to enable a fuzzer such as AFL to effectively explore thread interleavings in testing a concurrent program. To the best of our knowledge, this is the first fuzzer that is capable of effectively exploring concurrency errors. In evaluating the proposed heuristic framework with a benchmark suit of six real-world concurrent C programs, the framework detected two concurrency vulnerabilities for the proposed concurrency vulnerability detection, both being confirmed to be true positives, and produced three new crashes for the proposed interleaving exploring fuzzer that existing fuzzers could not produce. These results demonstrate the power and effectiveness of the proposed heuristic framework in detecting concurrency errors and vulnerabilities.

Zunchen Huang,Shengjian Guo,Meng Wu,Chao Wang

DOI: https://doi.org/10.48550/arXiv.2212.05438

2022-12-11

Abstract:While there is a large body of work on analyzing concurrency related software bugs and developing techniques for detecting and patching them, little attention has been given to concurrency related security vulnerabilities. The two are different in that not all bugs are vulnerabilities: for a bug to be exploitable, there needs be a way for attackers to trigger its execution and cause damage, e.g., by revealing sensitive data or running malicious code. To fill the gap, we conduct the first empirical study of concurrency vulnerabilities reported in the Linux operating system in the past ten years. We focus on analyzing the confirmed vulnerabilities archived in the Common Vulnerabilities and Exposures (CVE) database, which are then categorized into different groups based on bug types, exploit patterns, and patch strategies adopted by developers. We use code snippets to illustrate individual vulnerability types and patch strategies. We also use statistics to illustrate the entire landscape, including the percentage of each vulnerability type. We hope to shed some light on the problem, e.g., concurrency vulnerabilities continue to pose a serious threat to system security, and it is difficult even for kernel developers to analyze and patch them. Therefore, more efforts are needed to develop tools and techniques for analyzing and patching these vulnerabilities.

Cryptography and Security,Software Engineering

Xiao-Hong SU,Zhen YU,Tian-Tian WANG,Pei-Jun MA

DOI: https://doi.org/10.11897/SP.J.1016.2015.02215

2015-01-01

Abstract:The prevalent multi-core architecture today makes real concurrency come true.In order to benefit from the concurrency power of hardware,concurrent programming is becoming more and more popular.However,out of inherent concurrency and non-determinism,concurrent programs are more likely to suffer from concurrency bugs,which are hard to detect,debug and repair.In this paper,we point out the trend that software development is turning toward concurrent model from sequential model.We reveal three characteristics respectively for concurrent programs and concurrency bugs and explore three challenges confronted by concurrency bug analysis.We then divide concurrency bugs into four categories,i.e.deadlock,data race,atomicity violation and order violation and investigate relations among them.For each category of concurrency bugs, we make analyses,comparisons and summarizations on previous researches about how to quickly expose,in time detect and efficiently avoid them.At last,we look into the research priorities in future from the following five aspects:smart and quick concurrency bugs exposure,common and accurate concurrency bug detection,deterministic replay support,collaborative design involving software and hardware and new concurrent programming model.

Wenwen Wang,Chenggang Wu,Pen-Chung Yew,Xiang Yuan,Zhenjiang Wang,Jianjun Li,Xiaobing Feng

DOI: https://doi.org/10.1145/2555243.2555276

2014-01-01

Abstract:Non-determinism in concurrent programs makes their debugging much more challenging than that in sequential programs. To mitigate such difficulties, we propose a new technique to automatically locate buggy shared memory accesses that triggered concurrency bugs. Compared to existing fault localization techniques that are based on empirical statistical approaches, this technique has two advantages. First, as long as enough successful runs of a concurrent program are collected, the proposed technique can locate buggy memory accesses to the shared data even with only one single failed run captured, as opposed to the need of capturing multiple failed runs in other statistical approaches. Second, the proposed technique is more precise because it considers memory accesses in those failed runs that terminate prematurely.

Yan-Yan JIANG,Chang XU,Xiao-Xing MA,Jian L(U)

DOI: https://doi.org/10.13328/j.cnki.jos.005193

2017-01-01

Abstract:Concurrent bugs are difficult to trigger,debug,and detect.Dynamic program analysis techniques have been proven useful in addressing such challenges.Due to non-deterministic nature of concurrent programs in which the major source of non-determinism is the shared memory,obtaining the order of shared memory accesses,i.e.,shared memory dependences,is the basis of such dynamic analyses.This work proposes a survey framework to demonstrate the key issues in obtaining the shared memory dependences.The framework includes four performance metrics (immediacy,accuracy,efficiency and simplicity),two categories of approaches (online tracing and offline synthesis),and two categories of applications (trace analysis and concurrency control).Existing techniques as well as potential future work are studied in the paper.

Yuqi Guo,Shihao Zhu,Yan Cai,Liang He,Jian Zhang

DOI: https://doi.org/10.1145/3597503.3623300

2024-01-01

Abstract:Due to the non-determinism of thread interleaving, predicting con-currency bugs has long been an extremely difficult task. Recently, several sound bug-detecting approaches were proposed. These approaches are based on local search, i.e., mutating the sequential order of the observed trace and predicting whether the mutated sequential order can trigger a bug. Surprisingly, during this process, they never consider reordering the data flow of the pointers, which can be the key point to detecting many complex bugs. To alleviate this weakness, we propose a new flow-sensitive point-to analysis technique Conpta to help actively reorder the pointer flow during the sequential order mutation process. Based on Conpta, we further propose a new sound predictive bug-detecting approach Eagle to predict four types of concurrency bugs. They are null pointer dereference (NPD), uninitialized pointer use (UPU), use after free (UAF), and double free (DF). By actively reordering the pointer flow, Eagle can explore a larger search space of the thread interleaving during the mutation and thus detect more concurrency bugs. Our evaluation of Eagle on 10 real-world multi-threaded programs shows that Eagle significantly outperforms four state-of-the-art bug-detecting approaches UFO, Convul, Convulpoe and Period in both effectiveness and efficiency.

Dennis Jeffrey,Yan Wang,Chen Tian,Rajiv Gupta

DOI: https://doi.org/10.1002/spe.1040

2011-01-01

Software Practice and Experience

Abstract:Memory-related program failures in multithreaded programs can be caused by a variety of bugs. Concurrency bugs can occur due to unexpected or incorrect thread interleavings during execution. Other kinds of memory bugs, such as buffer overflows and uninitialized reads, may also occur in multithreaded as well as single-threaded programs. Most prior techniques for isolating these bugs are specialized, addressing only one type of concurrency bug or certain types of other memory bugs. The memory corruption caused by these bugs can also undergo significant propagation during program execution. When a program failure finally occurs due to memory corruption, the true root cause of the failure may be effectively concealed as significant portions of memory may have become corrupted. We propose a general framework that can isolate the root cause of any failure in a multithreaded program that involves memory corruption and reveals at least a subset of this memory corruption. This includes three important types of concurrency bugs—data races, atomicity violations, and order violations—as well as other kinds of memory bugs. To account for propagation of memory corruption, our approach uses a dynamic technique called ‘execution suppression’ that iteratively reveals memory corruption in a failing execution to isolate the true root cause of the failure. Copyright © 2011 John Wiley & Sons, Ltd.

Z. Yu,Y. Zuo,W. C. Xiong

DOI: https://doi.org/10.1155/2019/9404323

2019-01-01

Scientific Programming

Abstract:Software transactional memory is an effective mechanism to avoid concurrency bugs in multithreaded programs. However, two problems hinder the adoption of such traditional systems in the wild world: high human cost for equipping programs with transaction functionality and low compatibility with I/O calls and conditional variables. This paper presents Convoider to solve these problems. By intercepting interthread operations and designating code among them as transactions in each thread, Convoider automatically transactionalizes target programs without any source code modification and recompiling. By saving/restoring stack frames and CPU registers on beginning/aborting a transaction, Convoider makes execution flow revocable. By turning threads into processes, leveraging virtual memory protection and customizing memory allocation/deallocation, Convoider makes memory manipulations revocable. By maintaining virtual file systems and redirecting I/O operations onto them, Convoider makes I/O effects revocable. By converting lock/unlock operations to no-ops, customizing signal/wait operations on condition variables, and committing memory changes transactionally, Convoider makes deadlocks, data races, and atomicity violations impossible. Experimental results show that Convoider succeeds in transparently transactionalizing twelve real-world applications with averagely incurring only 28% runtime overhead and perfectly avoid 94% of thirty-one concurrency bugs used in our experiments. This study can help efficiently transactionalize legacy multithreaded applications and effectively improve the runtime reliability of them.

Zhendong Wu,Kai Lu,Xiaoping Wang,Xu Zhou

DOI: https://doi.org/10.1109/QSIC.2013.67

2013-01-01

Abstract:Many concurrency bugs are extremely difficult to be detected by random test due to huge input space and huge interleaving space. The multicore technology trend worsens this problem. We propose an innovative, collaborative approach called ColFinder to detect concurrency bugs effectively and efficiently. ColFinder uses static analysis to identify potential buggy statements. With respect to these statements, ColFinder uses program slicing to cut the original programs into smaller programs. Finally, it uses dynamic active test to verify whether the potential buggy statements will trigger real bugs. We implement a prototype of ColFinder, and evaluate it with several real-world programs. It significantly improves the probability of bug manifestation, from 0.75% to 89%. Additionally, ColFinder makes the time of bug manifestation obviously reduced by program slicing, with an average of 33%.

Ziyi Lin,Yilei Zhou,Hao Zhong,Yuting Chen,Haibo Yu,Jianjun Zhao

DOI: https://doi.org/10.1587/transinf.2016edp7388

2017-01-01

IEICE Transactions on Information and Systems

Abstract:When debugging bugs, programmers often prepare test cases to reproduce buggy behaviours. However, for concurrent programs, test cases alone are typically insufficient to reproduce buggy behaviours, due to the nondeterminism of multi-threaded executions. In literature, various approaches have been proposed to reproduce buggy behaviours for concurrency bugs deterministically, but to the best of our knowledge, they are still limited. In particular, we have recognized three debugging scenarios from programming practice, but existing approaches can handle only one of the scenarios. In this paper, we propose a novel approach, called SPDebugger, that provides finer-grained thread controlling over test cases, programs under test, and even third party library code, to reproduce the pre-designed thread execution schedule. The evaluation shows that SPDebugger handles more debugging scenarios than the state-of-the-art tool, called IMUnit, with similar human effort.

Zhiyuan Shao,Jian Peng,Hai Jin

DOI: https://doi.org/10.1109/PDP.2017.49

2017-01-01

Abstract:Detecting data races among the threads of a concurrent program is one of the most important debugging issues. However, the data races are never be easily detected due to the inherent concurrency and indeterministic execution of the participating threads. The widely employed dynamic data race detecting methods generally scrutinize one of sampled execution paths of the program, and may thus miss some data races. With improved coverage, static methods detect the data races by analyzing the source code. However, such static methods result in lots of false alarming, and are not of practical use. In this paper, we propose a method that detects the data races by understanding the synchronization relationships among the segments of participating threads. This method can improve the coverage by enumerating all the possible execution paths of the thread phases, and at the same time, reserve the existing merits of dynamic data race detecting methods. The experiment data shows that our prototype detector is comparable in accuracy with the commercial detector Intel Inspector, and other open source detector, such as ThreadSanitizer. At the same time, our detector has less memory consumption for memory intensive benchmarks in NPB suite, which other software tools fail to analyze.

Jian Fu,Qiang Yang,Raphael Poss,Chris R. Jesshope,Chunyuan Zhang

DOI: https://doi.org/10.1109/samos.2013.6621132

2013-01-01

Abstract:The vulnerability of multi-core processors is increasing due to tighter design margins and greater susceptibility to interference. Moreover, concurrent programming environments are the norm in the exploitation of multi-core systems. In this paper, we present an on-demand thread-level fault detection mechanism for multi-cores. The main contribution is on-demand redundancy, which allows users to set the redundancy scope in the concurrent code. To achieve this we introduce intelligent redundant thread creation and synchronization, which manages concurrency and synchronization between the redundant threads via the master. This framework was implemented in an emulation of a multi-threaded, many-core processor with single, in-order issue cores. It was evaluated by a range of programs in image and signal processing, and encryption. The performance overhead of redundancy is less than 11% for single core execution and is always less than 100% for all scenarios. This efficiency derives from the platform's hardware concurrency management and latency tolerance.

Xu Zhou,Gen Li,Kai Lu,Shuangxi Wang

DOI: https://doi.org/10.1109/DASC.2014.33

2014-01-01

Abstract:Parallel programs face a new security problem -- concurrency vulnerability, which is caused by a special thread scheduling instead of inputs. In this paper, we propose to automatically fix concurrency vulnerabilities by reducing thread scheduling space. Our method is based on two observations. First, most concurrency vulnerabilities are caused by atomicity violation errors. Second, reducing thread scheduling space does not harm the correctness of the original program. We designed a prototype runtime system shield using deterministic multithreading techniques. Shield is designed to transparently run parallel programs and schedule threads in large instruction blocks to prevent atomicity violation at best effort. In case some concurrency vulnerabilities cannot be fixed by shield's scheduling reducing scheme, we also provide a remedy strategy by integrating shield with record&replay function, so that it can help programmers to analyze attacker's behavior for manually fixing.

zhendong wu,kai lu,xiaoping wang,xu zhou,chen chen

DOI: https://doi.org/10.1109/ICCES.2014.7030948

2014-01-01

Abstract:Races hidden in concurrent programs can lead to harmful bugs. These bugs are difficult to detect due to their non-deterministic characteristics. Previous work has tried to dynamically verify races in actual executions to check whether they would lead to failures. However, it is inefficient to verify all the races to find the harmful bugs if there are a large number of races. To improve the efficiency, PFinder is the first technique that uses a parallel method to verify multiple races on multiple machines simultaneously. We have implemented PFinder as a prototype tool and have experimented on a number of real-world concurrent programs. All the known bugs in known benchmarks are detected. Also, PFinder could scale well as the number of machines increases. Additionally, the speedup of PFinder can be increased linearly with the number of machines.

Yan Hu,Jun Yan,Kim-Kwang Raymond Choo

DOI: https://doi.org/10.1007/s10586-016-0537-1

2016-01-01

Cluster Computing

Abstract:Concurrency bugs usually manifest under very rare conditions, and reproducing such bugs can be a challenging task. To reproduce concurrency bugs with a given input, one would have to explore the vast interleaving space, searching for erroneous schedules. The challenges are compounded in a big data environment. This paper explores the topic of concurrency bug reproduction using runtime data. We approach the concurrency testing and bug reproduction problem differently from existing literature, by emphasizing on the preemptable synchronization points. In our approach, a light-weight profiler is implemented to monitor program runs, and collect synchronization points where thread scheduler could intervene and make scheduling decisions. Traces containing important synchronization API calls and shared memory accesses are recorded and analyzed. Based on the preemptable synchronization points, we build a reduced preemption set (RPS) to narrow down the search space for erroneous schedules. We implement an optimized preemption-bounded schedule search algorithm and an RPS directed search algorithm, in order to reproduce concurrency bugs more efficiently. Those schedule exploration algorithms are integrated into our prototype, Profile directed Event driven Dynamic AnaLysis (PEDAL). The runtime data consisting of synchronization points is used as a source of feedback for PEDAL. To demonstrate utility, we evaluate the performance of PEDAL against those of two systematic concurrency testing tools. The findings demonstrate that PEDAL can detect concurrency bugs more quickly with given inputs, and consuming less memory. To prove its scalability in a big data environment, we use PEDAL to analyze several real concurrency bugs in large scale multithread programs, namely: Apache, and MySQL.

Yang Liu,Zisen Xu,Ming Fan,Yu Hao,Kai Chen,Hao Chen,Yan Cai,Zijiang Yang,Ting Liu

DOI: https://doi.org/10.1109/tr.2022.3162694

IF: 5.883

2022-01-01

IEEE Transactions on Reliability

Abstract:Concurrent programs with multiple threads executing in parallel are widely used to unleash the power of multicore computing systems. Owing to their complexity, a lot of research focuses on testing and debugging concurrent programs. Besides correctness, we find that security can also be compromised by concurrency. In this article, we present concurrent program spectre (ConcSpectre), a new security threat that hides malware in nondeterministic thread interleavings. To demonstrate such threat, we have developed a stealth malware technique called concurrent logic bomb by partitioning a piece of malicious code and injecting its components separately into a concurrent program. The malicious behavior can be triggered by certain thread interleavings that rarely happen (e.g., <span class="mjpage"><svg xmlns:xlink="http://www.w3.org/1999/xlink" width="1.808ex" height="1.843ex" style="vertical-align: -0.338ex;" viewBox="0 -647.8 778.5 793.3" role="img" focusable="false" xmlns="http://www.w3.org/2000/svg"><g stroke="currentColor" fill="currentColor" stroke-width="0" transform="matrix(1 0 0 -1 0 0)"> <use xlink:href="#MJMAIN-3C" x="0" y="0"></use></g></svg></span>1%) under a normal execution environment. However, with a new technique called controllable probabilistic activation, we can activate such ConcSpectre malware with a very high probability (e.g., <span class="mjpage"><svg xmlns:xlink="http://www.w3.org/1999/xlink" width="1.808ex" height="1.843ex" style="vertical-align: -0.338ex;" viewBox="0 -647.8 778.5 793.3" role="img" focusable="false" xmlns="http://www.w3.org/2000/svg"><g stroke="currentColor" fill="currentColor" stroke-width="0" transform="matrix(1 0 0 -1 0 0)"> <use xlink:href="#MJMAIN-3E" x="0" y="0"></use></g></svg></span>90%) by remotely disturbing thread scheduling. In the evaluation, more than 1000 ConcSpectre samples are generated, which bypassed most of the antivirus engines in VirusTotal and four well-known online dynamic malware analysis systems. We also demonstrate how to remotely trigger a ConcSpectre sample on a web server and control its activation probability. Our work shows an urgent need for new malware analysis methods for concurrent programs.<svg xmlns="http://www.w3.org/2000/svg" style="display: none;"><defs id="MathJax_SVG_glyphs"><path stroke-width="1" id="MJMAIN-3C" d="M694 -11T694 -19T688 -33T678 -40Q671 -40 524 29T234 166L90 235Q83 240 83 250Q83 261 91 266Q664 540 678 540Q681 540 687 534T694 519T687 505Q686 504 417 376L151 250L417 124Q686 -4 687 -5Q694 -11 694 -19Z"></path><path stroke-width="1" id="MJMAIN-3E" d="M84 520Q84 528 88 533T96 539L99 540Q106 540 253 471T544 334L687 265Q694 260 694 250T687 235Q685 233 395 96L107 -40H101Q83 -38 83 -20Q83 -19 83 -17Q82 -10 98 -1Q117 9 248 71Q326 108 378 132L626 250L378 368Q90 504 86 509Q84 513 84 520Z"></path></defs></svg>

engineering, electrical & electronic,computer science, software engineering, hardware & architecture

Zhen Yu,Yu Zuo,Yong Zhao

DOI: https://doi.org/10.1007/s10766-019-00642-1

2019-01-01

International Journal of Parallel Programming

Abstract:Software transactional memory is an effective mechanism to avoid concurrency bugs in multi-threaded programs. However, two problems hinder the adoption of traditional such systems in wild world: high human cost for equipping programs with transaction functionality and low compatibility with I/O calls and conditional variables. This paper presents Convoider to try to solve these problems. By intercepting inter-thread operations and designating code among them as transactions in each thread, Convoider automatically transactionalizes target programs without any source code modification and recompiling. By saving/restoring stack frames and CPU registers on beginning/aborting a transaction, Convoider makes execution flow revocable. By turning threads into processes, leveraging virtual memory protection and customizing memory allocation/deallocation, Convoider makes memory manipulations revocable. By maintaining virtual file systems and redirecting I/O operations onto them, Convoider makes I/O effects revocable. By converting lock/unlock operations to no-ops, customizing signal/wait operations on condition variables and committing memory changes transactionally, Convoider makes deadlocks, data races and atomicity violations impossible. Experimental results show that Convoider succeeds in transparently transactionalizing twelve real-world applications and perfectly avoid 94% of thirty-one concurrency bugs used in our experiments. This study can help efficiently transactionalize legacy multi-threaded applications and effectively improve the runtime reliability of them.