Conversation

You guys definitely want to know how to find more data race bugs using a fuzzer. Please check the talk from my labmate Meng Xu. He found 9 harmful race bugs in Linux using Krace. Krace: Data Race Fuzzing for Kernel File Systems #SP20 #IEEESP Video:

youtube.com

Krace: Data Race Fuzzing for Kernel File Systems

Meng Xu (Georgia Institute of Technology), Sanidhya Kashyap (Georgia Institute of Technology), Hanqing Zhao (Georgia Institute of Technology), Taesoo Kim (Ge...

191

Hanqing Zhao

@hankein95

May 20, 2020

The paper is here: cc.gatech.edu/~mxu80/pubs/xu BTW, the leader of this project, Meng Xu(cc.gatech.edu/~mxu80/), will be joining the University of Waterloo as an assistant professor in 2021. You can contact him for research opportunities in security, system, and program analysis.

Replying to

Interesting paper. A few questions/comments:

Replying to

and

Do you deal with disjoined atomics and memory barriers? (E.g. wmb() + WRITE_ONCE() forms a happens-before relation with the matching READ_ONCE() + rmb().) We had some troubles with those in KTSAN.

Replying to

and

No, we do not. I am curious to know how did you deal with those in KTSAN.

Replying to

and

You can find some details here:

docs.google.com

2015, ИСП РАН: KernelThreadSanitizer (KTSAN)

KernelThreadSanitizer (KTSAN) a data race detector for the Linux kernel Andrey Konovalov November 23rd 2015

Replying to

and

(KTSAN is based on vector-clocks for happens-before tracking. All sync primitives and threads have clocks that are updated accordingly when synchronization happens. To deal with atomics and barriers we use additional "barrier" clocks.)

1:45 PM · May 22, 2020Twitter Web App