As of now, the fuzzer accumulates a memory model graph for the entire duration of an execution. This ultimately limits the size of an execution, since an execution that runs for too long will end up consuming all of the available memory. In order to run the fuzzer on truly long-running programs, the memory model implementation will need to be modified to keep the amount of memory used bounded somehow.
There are challenges to doing this. Variables that were last touched a long time ago might be touched again in the future, and the fuzzer needs to know what values are available to be read from by future reads. Essentially, any bounding of the memory model graph needs to be aware of what information might be required in the future. If it is unreasonable to simply prune off any graph structure that might not be needed anymore and a more aggressive approach becomes required, some accommodations or approximations need to be made for future reads.
These modifications will likely be necessary if one wants to run this tool on applications like web browsers.
Bibliography
[1] http://libcds.sourceforge.net/doc/cds-api/index.html. Accessed: 2019-11-20.
[2] https://www.freedesktop.org/wiki/Software/PulseAudio. Accessed: 2019-11-20.
[3] https://www.boost.org/. Accessed: 2019-11-20.
[4] P. Abdulla, M. F. Atig, B. Jonsson, and P. Ngo. Optimal stateless model checking under the release-acquire semantics. Proceedings of the ACM on Programming Languages, 2:1–
29, 10 2018.
[5] F. E. Aumson. https://github.com/feuGeneA/gdax-orderbook-hpp. Accessed:
2019-11-04.
[6] J. Barnat, L. Brim, V. Havel, J. Havl´ıˇcek, J. Kriho, M. Lenˇco, P. Roˇckai, and V. ˇStill.
Divine 3.0 – an explicit-state model checker for multithreaded c & c++ programs. In N. Sharygina and H. Veith, editors, Computer Aided Verification, pages 863–868, Berlin, Heidelberg, 2013. Springer Berlin Heidelberg.
[7] M. Batty, S. Owens, S. Sarkar, P. Sewell, and T. Weber. Mathematizing c++ con-currency. In Proceedings of the 38th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL ’11, pages 55–66, New York, NY, USA, 2011. ACM.
[8] S. Burckhardt, P. Kothari, M. Musuvathi, and S. Nagarakatte. A randomized scheduler with probabilistic guarantees of finding bugs. In Proceedings of the Fifteenth Interna-tional Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS XV, pages 167–178, New York, NY, USA, 2010. ACM.
[9] cbloom:blogger.com. http://cbloomrants.blogspot.com/2011/07/
07-18-11-mcs-list-based-lock_18.html. Accessed: 2019-11-18.
[10] @chill:stackoverflow.com. https://stackoverflow.com/questions/8115267/
writing-a-spinning-thread-barrier-using-c11-atomics. Accessed: 2019-11-18.
[11] @chxdeng:github.com. https://github.com/chxdeng/mabain. Accessed: 2019-11-04.
[12] T. Elmas, J. Burnim, G. Necula, and K. Sen. Concurrit: A domain specific language for reproducing concurrency bugs. ACM SIGPLAN Notices, 48, 06 2013.
[13] Facebook. https://github.com/facebook/folly. Accessed: 2019-11-20.
[14] E. Farchi, Y. Nir, and S. Ur. Concurrent bug patterns and how to test them. In Proceedings of the 17th International Symposium on Parallel and Distributed Processing, IPDPS ’03, pages 286.2–, Washington, DC, USA, 2003. IEEE Computer Society.
[15] C. Flanagan and S. N. Freund. Adversarial memory for detecting destructive races. In Proceedings of the 31st ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI ’10, pages 244–254, New York, NY, USA, 2010. ACM.
[16] C. Flanagan and P. Godefroid. Dynamic partial-order reduction for model checking software. In Proceedings of the 32Nd ACM SIGPLAN-SIGACT Symposium on Princi-ples of Programming Languages, POPL ’05, pages 110–121, New York, NY, USA, 2005.
ACM.
[17] D. Goldblatt, D. Watson, Q. Wang, J. Evans, and Y. Zhang. http://jemalloc.net/.
Accessed: 2019-11-04.
[18] G. J. Holzmann. The model checker spin. IEEE Trans. Softw. Eng., 23(5):279–295, May 1997.
[19] B. Jonsson. State-space exploration for concurrent algorithms under weak memory orderings: (preliminary version). SIGARCH Computer Architecture News, 36:65–71, 01 2008.
[20] O. Lahav, V. Vafeiadis, J. Kang, C.-K. Hur, and D. Dreyer. Repairing sequential consistency in c/c++11. In Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2017, pages 618–632, New York, NY, USA, 2017. ACM.
[21] N. M. Lˆe, A. Pop, A. Cohen, and F. Zappa Nardelli. Correct and efficient work-stealing for weak memory models. In Proceedings of the 18th ACM SIGPLAN Symposium on Principles and Practice of Parallel Programming, PPoPP ’13, pages 69–80, New York, NY, USA, 2013. ACM.
[22] C. Lidbury and A. F. Donaldson. Dynamic race detection for c++11. In Proceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming Languages, POPL 2017, pages 443–457, New York, NY, USA, 2017. ACM.
[23] Y. Mao, E. Kohler, and R. T. Morris. Cache craftiness for fast multicore key-value storage. In Proceedings of the 7th ACM European Conference on Computer Systems, EuroSys ’12, pages 183–196, New York, NY, USA, 2012. ACM.
[24] F. Mattern. Virtual time and global states of distributed systems. In Proceedings of the International Workshop on Parallel and Distributed Algorithms. Elsevier Science Publishers, 10 1988.
[25] J. M. Mellor-Crummey and M. L. Scott. Synchronization without contention. In Pro-ceedings of the Fourth International Conference on Architectural Support for Program-ming Languages and Operating Systems, ASPLOS IV, pages 269–278. ACM, 1991.
[26] K. Nienhuis, K. Memarian, and P. Sewell. An operational semantics for c/c++11 con-currency. In Proceedings of the 2016 ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and Applications, OOPSLA 2016, pages 111–128, New York, NY, USA, 2016. ACM.
[27] B. Norris and B. Demsky. Cdschecker: Checking concurrent data structures written with c/c++ atomics. In Proceedings of the 2013 ACM SIGPLAN International Conference on Object Oriented Programming Systems Languages and Applications, OOPSLA ’13, pages 131–150, New York, NY, USA, 2013. ACM.
[28] B. Norris and B. Demsky. A practical approach for model checking c/c++11 code.
ACM Trans. Program. Lang. Syst., 38(3):10:1–10:51, May 2016.
[29] L. Otten. LaTeX template for thesis and dissertation documents at UC Irvine. https://
github.com/lotten/uci-thesis-latex/, 2012.
[30] P. Ou and B. Demsky. Checking concurrent data structures under the c/c++11 memory model. In Proceedings of the 22Nd ACM SIGPLAN Symposium on Principles and Practice of Parallel Programming, PPoPP ’17, pages 45–59, New York, NY, USA, 2017.
ACM.
[31] K. Sen. Effective random testing of concurrent programs. In Proceedings of the Twenty-second IEEE/ACM International Conference on Automated Software Engineering, ASE
’07, pages 323–332, New York, NY, USA, 2007. ACM.
[32] K. Serebryany and T. Iskhodzhanov. Threadsanitizer: Data race detection in practice.
In Proceedings of the Workshop on Binary Instrumentation and Applications, WBIA
’09, pages 62–71, New York, NY, USA, 2009. ACM.
[33] V. ˇStill and J. Barnat. Model checking of c++ programs under the x86-tso memory model. In J. Sun and M. Sun, editors, Formal Methods and Software Engineering, pages 124–140, Cham, 2018. Springer International Publishing.
[34] S. Tu, W. Zheng, E. Kohler, B. Liskov, and S. Madden. Speedy transactions in mul-ticore in-memory databases. In Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles, SOSP ’13, pages 18–32, New York, NY, USA, 2013.
ACM.
[35] D. Vyukov. http://www.1024cores.net/home/relacy-race-detector. Accessed:
2019-11-20.
[36] N. Zhang, M. Kusano, and C. Wang. Dynamic partial order reduction for relaxed mem-ory models. In Proceedings of the 36th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI ’15, pages 250–259, New York, NY, USA, 2015. ACM.
[37] X. Zhou. https://github.com/zxjcarrot/iris. Accessed: 2019-11-04.