Keshmesh: A Tool for Detecting and Fixing Java Concurrency Bug Patterns

Researchers have been looking for patterns of concurrency bugs.

We have implemented detectors and fixers for some of the top bug patterns.

The CERT catalog has rated its bug patterns.

The CERT catalog contains 33 concurrency bug patterns.

There are a few static analysis tools for finding concurrency bugs.

Keshmesh: A Tool for Detecting and Fixing Java Concurrency Bug Patterns

Remaining Work

LCK06-J: Do not use an instance lock to protect shared static data.

Keshmesh finds and fixes complex concurrency bug patterns.

VNA00-J: Ensure visibility when accessing shared primitive variables.

LCK01-J: Do not synchronize on objects that may be reused.

LCK03-J: Do not synchronize on the intrinsic locks of high-level concurrency objects.

LCK02-J: Do not synchronize on the class object returned by getClass().

Keshmesh supports complex forms of the CERT bug patterns.

TPS04-J

TSM01-J

F. Long, D. Mohindra, R. C. Seacord, D. F. Sutherland, and D. Svoboda. The CERT® Oracle® Secure Coding Standard for Java. Addison-Wesley Professional.

VNA00-J

How serious are the consequences of the rule being ignored?

Number of Bug Patterns

Category

VNA02-J

VNA06-J

higher severity, likelihood, and remediation cost

How likely is it that a flaw introduced by violating the rule could lead to an exploitable vulnerability?

• We need to configure WALA to run Keshmesh on large projects.
• Our preliminary experiments have shown that it is possible to tune Keshmesh for large programs.

Severity

Likelihood

Remediation Cost

https://www.securecoding.cert.org

Mohsen Vakilian, Stas Negara, Samira Tasharofi, and Ralph E. Johnson

Keshmesh offers an automated fixer for LCK03-J.

Keshmesh offers an automated fixer for LCK02-J.

http://keshmesh.cs.illinois.edu

Keshmesh generalizes VNA00-J in two ways:

How expensive is it to remediate existing code to comply with the rule?

Keshmesh analyses the aliasing of objects and

finds the bug patterns that span multiple methods.

{mvakili2, snegara2, tasharo1, rjohnson}@illinois.edu

[1] D. Hovemeyer and W. Pugh. Finding Concurrency Bugs in Java. In Proc. of the PODC Workshop on Concurrency and Synchronization in Java Programs, 2004.

[2] M. Naik, A. Aiken, and J. Whaley. Effective Static Race Detection for Java. In Proc. of PLDI'06.

[3] Z. D. Luo, L. Hillis, R. Das, and Y. Qi. Effective Static Analysis to Find Concurrency Bugs in Java. In 2010 10th IEEE Working Conference on Source Code Analysis and Manipulation.

Visibility and Atomicity

Locking

Thread APIs

Thread Pools

Thread-Safety Miscellaneous

VNA

LCK

THI

TPS

TSM

6

12

6

5

4

LCK01-J

LCK02-J

LCK03-J

LCK06-J

Keshmesh generalizes LCK06-J by considering modifications of objects reachable from static fields.

• It supports accesses to nonprimitive variables.
• It supports accesses to parts of shared objects.

Legend

TSM03-J

has detector

has detector and fixer

Concurrency Mistakes That Matter (discussion topic) by W. Pugh in CAP 2010, SPLASH.

University of Illinois at Urbana-Champaign

SPLASH Demonstration 2011