• Corpus ID: 59606257

Fearless Concurrency? Understanding Concurrent Programming Safety in Real-World Rust Software

@article{Yu2019FearlessCU,
  title={Fearless Concurrency? Understanding Concurrent Programming Safety in Real-World Rust Software},
  author={Zeming Yu and Linhai Song and Yiying Zhang},
  journal={ArXiv},
  year={2019},
  volume={abs/1902.01906}
}
Rust is a popular programming language in building various low-level software in recent years. It aims to provide safe concurrency when implementing multi-threaded software through a suite of compiler checking rules. Unfortunately, there is limited understanding of how the checking rules influence the safety of concurrent programming in Rust applications. In this paper, we perform a preliminary study on Rust's concurrency safety from two aspects: concurrency usage and concurrency bugs. Our… 

Figures and Tables from this paper

MirChecker: Detecting Bugs in Rust Programs via Static Analysis

MirChecker is presented and evaluated, a fully automated bug detection framework for Rust programs by performing static analysis on Rust's Mid-level Intermediate Representation (MIR), which detects potential runtime crashes and memory-safety errors by using constraint solving techniques and outputs informative diagnostics to users.

Detection of Concurrency Errors in Multithreaded Applications Based on Static Source Code Analysis

The paper presents the author's model, which was then used to detect the above-mentioned occurrences, and a tool supporting the detection of errors in multithreaded applications was developed and the results of this tool were presented.

Memory-Safety Challenge Considered Solved? An Empirical Study with All Rust CVEs

Two directions to improve the resilience of Rust against dangling pointers are suggested, including recommending the best practice of some APIs to program developers, as well as approaches to enhancing the borrow checker and lifetime checker.

Towards Rust for Critical Systems

An initial understanding of the potential benefits of Rust is presented to enable clearer evaluation of the value proposition of using Rust in safety critical domains.

Memory-Safety Challenge Considered Solved? An In-Depth Study with All Rust CVEs

This article surveys 186 real-world bug reports collected from several origins, which contain all existing Rust common vulnerability and exposures of memory-safety issues by 2020-12-31 and proposes two promising directions toward improving the security of Rust development.

Atomicity Violation in Multithreaded Applications and Its Detection in Static Code Analysis Process

A new definition of atomicity violation based on previously defined relationships between operations, that can be used to atomicity violations detection was developed using the source code model of multithreaded applications that predicts errors in the software.

Rupair: Towards Automatic Buffer Overflow Detection and Rectification for Rust

This paper presents Rupair, an automated rectification system, to detect and fix one sort of the most severe Rust vulnerabilities—buffer overflows, and to help developers release secure Rust projects.

References

SHOWING 1-10 OF 26 REFERENCES

Learning from mistakes: a comprehensive study on real world concurrency bug characteristics

This study carefully examined concurrency bug patterns, manifestation, and fix strategies of 105 randomly selected real world concurrency bugs from 4 representative server and client open-source applications and reveals several interesting findings that provide useful guidance for concurrency Bug detection, testing, and concurrent programming language design.

Understanding Real-World Concurrency Bugs in Go

This study performs the first systematic study on concurrency bugs in real Go programs and provides a better understanding on Go's concurrency models and can guide future researchers and practitioners in writing better, more reliable Go software and in developing debugging and diagnosis tools for Go.

JaConTeBe: A Benchmark Suite of Real-World Java Concurrency Bugs (T)

To improve representativeness, JaConTeBe is prepared, a benchmark suite of 47 confirmed concurrency bugs from 8 popular open-source projects, supplemented with test cases for reproducing buggy behaviors and shows that some limitations of the three approaches are confirmed.

Understanding and generating high quality patches for concurrency bugs

An in-depth study of manual patches for 77 real-world concurrency bugs is conducted, which provides both assessments for existing techniques and actionable suggestions for future research.

What change history tells us about thread synchronization

In-depth study of the code repositories of open-source multi-threaded software projects shows that tool support is needed to help developers tackle over-synchronization problems and shows that bug avoidance, detection, and testing can be improved through better awareness of code revision history.

Gadara: Dynamic Deadlock Avoidance for Multithreaded Programs

Gadara automates dynamic deadlock avoidance for conventional multithreaded programs and employs whole-program static analysis to model programs, and Discrete Control Theory to synthesize lightweight, decentralized, highly concurrent logic that controls them at runtime.

Have things changed now?: an empirical study of bug characteristics in modern open source software

This study analyzes bug characteristics by first sampling hundreds of real world bugs in two large, representative open-source projects and finds several new interesting characteristics, including memory-related bugs have decreased and security bugs are increasing.

Understanding and detecting real-world performance bugs

Developers frequently use inefficient code sequences that could be fixed by simple patches. These inefficient code sequences can cause significant performance degradation and resource waste, referred

The theory of deadlock avoidance via discrete control

This paper presents a theoretical foundation for dynamic deadlock avoidance in concurrent programs that employ conventional mutual exclusion and synchronization primitives and guarantees that the control logic is maximally permissive, and therefore permits maximal runtime concurrency.

How not to Structure Your Database-Backed Web Applications: A Study of Performance Bugs in the Wild

This paper generalizes 9 ORM performance anti-patterns from more than 200 performance issues that are obtained by studying their bug-tracking systems and profiling their latest versions and obtains a median speedup of 2× with fewer than 5 lines of code change in most cases.