pervasive detection of thread process races in deployed
play

Pervasive Detection of Thread Process Races In Deployed Systems - PowerPoint PPT Presentation

Aug 30, 2022 •107 likes •768 views

Pervasive Detection of Thread Process Races In Deployed Systems Columbia University Oren Laadan Nicolas Viennot Chia-Che Tsai Chris Blinn Junfeng Yang Jason Nieh ps aux | grep pizza ps aux | grep pizza outputs how many lines: A) 0 B)

  1. Pervasive Detection of Thread Process Races In Deployed Systems Columbia University Oren Laadan Nicolas Viennot Chia-Che Tsai Chris Blinn Junfeng Yang Jason Nieh

  2. ps aux | grep pizza

  3. ps aux | grep pizza outputs how many lines: A) 0 B) 1 C) it depends D) I can't think, you made me hungry with the pizza thing

  4. ps aux | grep pizza outputs how many lines: A) 0 B) 1 C) it depends D) I can't think, you made me hungry with the pizza thing

  5. ps aux | grep pizza shell $

  6. ps aux | grep pizza shell $ ps aux | grep pizza

  7. ps aux | grep pizza fork shell ps $ ps aux | grep pizza

  8. ps aux | grep pizza fork fork shell ps grep $ ps aux | grep pizza

  9. ps aux | grep pizza fork fork shell read(/proc/3/cmdline) ps execve(grep) grep $ ps aux | grep pizza

  10. ps aux | grep pizza fork fork shell read(/proc/3/cmdline) ps execve(grep) grep $ ps aux | grep pizza nviennot 3 ... S+ 13:30 0:00 grep pizza $

  11. ps aux | grep pizza fork fork shell read(/proc/3/cmdline) ps execve(grep) grep $ ps aux | grep pizza $

  12. That's a process race

  13. Process Races ● Process races occur when multiple processes access shared resources (such as files) without proper synchronization ● Examples: ● parallel make ( make -j ) failure ● ps aux | grep pizza

  14. ps aux | grep xxx

  15. Process Races Are Numerous ● Searched for “race” in the distro bug trackers (Ubuntu, Redhat/Fedora, Gentoo, Debian, CentOS ) ● 9000+ results ● Sampled 500+ of them ● 109 unique bugs due to process races

  16. Process Races Are Dangerous Source: samples from Ubuntu, Redhat, Fedora, Gentoo, Debian, CentOS bug trackers

  17. Process Races Are Hard To Detect Thread Races Process Races 27% 73% TOCTTOU Races 23% Thread races may be underrepresented in linux distributions bug trackers

  18. General process races cannot be detected using existing race detectors

  19. Not so surprising ● Different programs, written in different languages ● Access many different resources ● Syscalls semantics are a bit obscure ● Depends on user configuration, specific environment

  20. Racepro The first generic process race detection framework “It's Amazing” Nicolas Viennot

  21. Racepro ● Detect generic process races ● Check deployed systems in-vivo ● Low overhead ● Transparent to applications ● Detected previously known and unknown bugs

  22. Racepro Workflow

  23. Racepro Workflow

  24. Racepro Workflow

  25. Racepro Workflow

  26. Recorder ● Builds on Scribe (Sigmetrics 2010) ● Lightweight kernel-level recorder ● Rendez-vous points: ● Partial ordering of system calls ● Sync points: ● Convert asynchronous events to synchronous events to track signals and shared memory

  27. Benefits ● Tracks kernel object accesses ● Allows deterministic replay ● Enables transition to live execution ● Runs on commodity hardware, SMP friendly ● Low overhead ● Transparent to applications

  28. ps aux | grep pizza fork fork shell read(/proc/3/cmdline) ps execve(grep) grep

  29. Log File Content [2] read() = 11 [2] read files_struct, id = 41, serial = 157 [2] write file, id = 152, serial = 0 [2] read pid, id = 40, serial = 17 [3] execve() = 0 [3] write pid, id = 40, serial = 8 [3] read inode, id = 1, serial = 0 [3] read inode, id = 11, serial = 0 [3] read inode, id = 1, serial = 0 [3] read inode, id = 6, serial = 0 [3] read inode, id = 13, serial = 0 [3] read inode, id = 6, serial = 0 [3] write futex, id = 51, serial = 0

  30. Log File Content [2] read() = 11 [2] read files_struct, id = 41, serial = 157 [2] write file, id = 152, serial = 0 [2] read pid, id = 40, serial = 17 [3] execve() = 0 [3] write pid, id = 40, serial = 8 [3] read inode, id = 1, serial = 0 [3] read inode, id = 11, serial = 0 [3] read inode, id = 1, serial = 0 [3] read inode, id = 6, serial = 0 [3] read inode, id = 13, serial = 0 [3] read inode, id = 6, serial = 0 [3] write futex, id = 51, serial = 0

  31. Log File Content [2] read() = 11 [2] read files_struct, id = 41, serial = 157 [2] write file, id = 152, serial = 0 [2] read pid, id = 40, serial = 17 [3] execve() = 0 [3] write pid, id = 40, serial = 8 [3] read inode, id = 1, serial = 0 [3] read inode, id = 11, serial = 0 [3] read inode, id = 1, serial = 0 [3] read inode, id = 6, serial = 0 [3] read inode, id = 13, serial = 0 [3] read inode, id = 6, serial = 0 [3] write futex, id = 51, serial = 0

  32. Log File Content [2] read() = 11 [2] read files_struct, id = 41, serial = 157 [2] write file, id = 152, serial = 0 [2] read pid, id = 40, serial = 17 [3] execve() = 0 [3] write pid, id = 40, serial = 8 [3] read inode, id = 1, serial = 0 [3] read inode, id = 11, serial = 0 [3] read inode, id = 1, serial = 0 [3] read inode, id = 6, serial = 0 [3] read inode, id = 13, serial = 0 [3] read inode, id = 6, serial = 0 [3] write futex, id = 51, serial = 0

  33. Log File Content [2] read() = 11 [2] read files_struct, id = 41, serial = 157 [2] write file, id = 152, serial = 0 [2] read pid, id = 40, serial = 17 [3] execve() = 0 [3] write pid, id = 40, serial = 8 [3] read inode, id = 1, serial = 0 [3] read inode, id = 11, serial = 0 [3] read inode, id = 1, serial = 0 [3] read inode, id = 6, serial = 0 [3] read inode, id = 13, serial = 0 [3] read inode, id = 6, serial = 0 [3] write futex, id = 51, serial = 0

  34. Step 2: Detection Log file Races

  35. Model System calls are translated to load/store micro-operations

  36. Micro-operations [2] read() = 11 [2] read files_struct, id = 41, serial = 157 [2] write file, id = 152, serial = 0 [2] read pid, id = 40, serial = 17 [3] execve() = 0 [3] write pid, id = 40, serial = 8 [3] read inode, id = 1, serial = 0 [3] read inode, id = 11, serial = 0 [3] read inode, id = 1, serial = 0 [3] read inode, id = 6, serial = 0 [3] read inode, id = 13, serial = 0 [3] read inode, id = 6, serial = 0 [3] write futex, id = 51, serial = 0

  37. Micro-operations [2] read files_struct, id = 41, serial = 157 [2] write file, id = 152, serial = 0 [2] read pid, id = 40, serial = 17 [3] write pid, id = 40, serial = 8 [3] read inode, id = 1, serial = 0 [3] read inode, id = 11, serial = 0 [3] read inode, id = 1, serial = 0 [3] read inode, id = 6, serial = 0 [3] read inode, id = 13, serial = 0 [3] read inode, id = 6, serial = 0 [3] write futex, id = 51, serial = 0

  38. Micro-operations [2] read files_struct, id = 41, serial = 157 [2] write file, id = 152, serial = 0 [3] write pid, id = 40, serial = 8 [3] read inode, id = 1, serial = 0 [3] read inode, id = 11, serial = 0 [3] read inode, id = 1, serial = 0 [3] read inode, id = 6, serial = 0 [3] read inode, id = 13, serial = 0 [3] read inode, id = 6, serial = 0 [3] write futex, id = 51, serial = 0 [2] read pid, id = 40, serial = 17

  39. Micro-operations [2] load 41 [2] store 152 [3] store 40 [3] load 1 [3] load 11 [3] load 1 [3] load 6 [3] load 13 [3] load 6 [3] store 51 [2] load 40

  40. Micro-operations [2] load 41 [2] store 152 [3] store 40 [3] load 1 [3] load 11 [3] load 1 [3] load 6 [3] load 13 [3] load 6 [3] store 51 [2] load 40 You can now run your favorite thread race algorithm !

  41. Micro-operations [2] load 41 [2] store 152 [3] store 40 [3] load 1 [3] load 11 Racy Instructions ! [3] load 1 [3] load 6 [3] load 13 [3] load 6 [3] store 51 [2] load 40 You can now run your favorite thread race algorithm !

  42. Other kinds of races...

  43. Wait-Wakeups Race ● A waiting syscall can be woken up by many matching wakeup syscalls ● Only Racepro detect such races ● Example: ● read() on pipe can be woken by any writers ● waitpid() can be woken by any children

  44. Wait-Wakeups Race Example fork fork wait wait wait shell read(/proc/3/cmdline) ps exit execve(grep) grep exit

  45. Wait-Wakeups Race Example fork fork wait wait wait shell read(/proc/3/cmdline) ps exit execve(grep) grep exit

  46. Step 3: Validation Races Harmful Races

  47. Validation Overview ● Create execution branch: Modified version of the original execution that makes the race occur by changing the order of system calls ● Problem: change in the middle of the recording can make the replay diverge ● Solution: truncate the log file after the modification and transition to live execution

  48. Validation Steps ● Deterministic replay until race occurs, including replaying internal kernel state ● Replay the reordered racy system calls ● Transition to live execution ● Run built-in or custom checkers

  49. Validation fork fork wait wait wait shell read(/proc/3/cmdline) ps exit execve(grep) grep exit Is this race harmful or not ?

  50. Validation fork fork wait wait wait shell read(/proc/3/cmdline) ps exit execve(grep) grep exit

  51. Validation fork fork wait wait wait shell read(/proc/3/cmdline) ps exit execve(grep) grep exit

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Exploiting Kernel Races Through Taming Thread Interleaving Yoochan Lee, Byoungyoung Lee, Chanwoo

Exploiting Kernel Races Through Taming Thread Interleaving Yoochan Lee, Byoungyoung Lee, Chanwoo

Exploiting Kernel Races Through Taming Thread Interleaving Yoochan Lee, Byoungyoung Lee, Chanwoo Min Seoul National University, Virginia Tech #BHUSA @BLACKHATEVENTS Summary New technique turning Background on races

530 views • 37 slides
What is a Thread? A thread lives within a process; A process can have several threads.

What is a Thread? A thread lives within a process; A process can have several threads.

What is a Thread? A thread lives within a process; A process can have several threads. A thread possesses an independent flow of control, Threads and can be scheduled to run separately from other threads, because it maintains its

330 views • 4 slides
Java Threads 2020/5/16 What is Thread? Process vs. Thread Process: Any computer

Java Threads 2020/5/16 What is Thread? Process vs. Thread Process: Any computer

Poly- mor- phism Abstra ction Class OOP Inheri -tance En- capsu- lation Kuan-Ting Lai Java Threads 2020/5/16 What is Thread? Process vs. Thread Process: Any computer program in execution Has independent resources such

715 views • 38 slides
Roadmap for Section 4.3. Windows Process and Thread Internals Thread Block, Process Block Flow

Roadmap for Section 4.3. Windows Process and Thread Internals Thread Block, Process Block Flow

Unit OS4: Scheduling and Dispatch 4.3. Windows Process and Thread Internals Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze Roadmap for Section 4.3. Windows Process and Thread Internals Thread

438 views • 15 slides
Chapter 2 Process, Thread and Chapter 2 Process, Thread and Scheduling Scheduling

Chapter 2 Process, Thread and Chapter 2 Process, Thread and Scheduling Scheduling

Chapter 2 Process, Thread and Chapter 2 Process, Thread and Scheduling Scheduling Soloris IPC 1 Outline Generic System V IPC Support Shared Memory Shared Memory System V Semaphores System V Message Queues POSIX

830 views • 43 slides
Data-Race Detection for Interrupt-Driven Data-Races and Happens- Kernels Before Analyzing

Data-Race Detection for Interrupt-Driven Data-Races and Happens- Kernels Before Analyzing

Overview Problem Definition Interrupt- Driven Programs Data-Race Detection for Interrupt-Driven Data-Races and Happens- Kernels Before Analyzing FreeRTOS Kernel Library Nikita Chopra, Deepak DSouza and Rekha Pai Conclusion Indian

512 views • 21 slides
Chapter 2 Process, Thread and Process, Thread and Chapter 2 Scheduling Scheduling

Chapter 2 Process, Thread and Process, Thread and Chapter 2 Scheduling Scheduling

Chapter 2 Process, Thread and Process, Thread and Chapter 2 Scheduling Scheduling Scheduler Class and Priority XIANG Yong xyong@tsinghua.edu.cn Outline Scheduling Class and Priority Scheduling Class and Priority Dispatch

663 views • 34 slides
Threads Thread: an execution within a process A multithreaded process consists of many

Threads Thread: an execution within a process A multithreaded process consists of many

Threads Thread: an execution within a process A multithreaded process consists of many Pthreads co-existing executions Separate: CPU state, stack Operating Systems Shared: Hebrew University of Jerusalem Everything

416 views • 4 slides
IPC, Threads, Races, Critical Sections 7A. Threads 7B. Inter-Process Communication Operating

IPC, Threads, Races, Critical Sections 7A. Threads 7B. Inter-Process Communication Operating

4/18/2016 IPC, Threads, Races, Critical Sections 7A. Threads 7B. Inter-Process Communication Operating Systems Principles 7C. Critical Sections IPC, Threads, Races, Critical Sections 7D. Asynchronous Event Completions Mark Kampe

245 views • 8 slides
IPC, Threads, Races, Critical Sections Inter-Process Communication 7A. Inter-Process

IPC, Threads, Races, Critical Sections Inter-Process Communication 7A. Inter-Process

4/14/2017 IPC, Threads, Races, Critical Sections Inter-Process Communication 7A. Inter-Process Communication the exchange of data between processes 3T. Threads Goals simplicity 7B. The Critical Section Problem convenience

205 views • 8 slides
IPC, Threads, Races, Critical Sections Inter-Process Communication 7A. Inter-Process

IPC, Threads, Races, Critical Sections Inter-Process Communication 7A. Inter-Process

4/23/2018 IPC, Threads, Races, Critical Sections Inter-Process Communication 7A. Inter-Process Communication the exchange of data between processes 3T. Threads Goals simplicity 7B. The Critical Section Problem convenience

355 views • 8 slides
Chapter 2 Process, thread, and Process, thread, and Chapter 2 scheduling scheduling

Chapter 2 Process, thread, and Process, thread, and Chapter 2 scheduling scheduling

Chapter 2 Process, thread, and Process, thread, and Chapter 2 scheduling scheduling Solaris Multithreaded Process Zhao Xia zhaoxia@os.pku.edu.cn Outline Introduction to Solaris Processes Introduction to Solaris Processes

530 views • 24 slides
Global Network Interference Detection over the RIPE Atlas Network Adventures in Pervasive

Global Network Interference Detection over the RIPE Atlas Network Adventures in Pervasive

Global Network Interference Detection over the RIPE Atlas Network Adventures in Pervasive Measurement Collin Anderson, Philipp Winter and Roya USENIX FOCI, August 2014 Once Upon a Time Starting from the Dark Ages For Now We See Through

488 views • 31 slides
Processes and Threads What is a process? What is a thread? What types? A program has one

Processes and Threads What is a process? What is a thread? What types? A program has one

Processes and Threads What is a process? What is a thread? What types? A program has one or more locus of execution. Each execution is called a thread of execution. The set of threads comprise a process . Not an object or executable

607 views • 13 slides
Looking Inside a Race Detector kavya @kavya719 data race detection data races when two+

Looking Inside a Race Detector kavya @kavya719 data race detection data races when two+

Looking Inside a Race Detector kavya @kavya719 data race detection data races when two+ threads concurrently access a shared memory location, at least one access is a write. data race // Shared variable R R R var count = 0 W R

691 views • 57 slides
Beta Presentation ERP Air Force: Conservation Thread Detection The Capstone Experience Team

Beta Presentation ERP Air Force: Conservation Thread Detection The Capstone Experience Team

Beta Presentation ERP Air Force: Conservation Thread Detection The Capstone Experience Team Evolutio Maddie Jones Jason Kirsch Qingyang Li Logan McDonald Drew Schnieller Department of Computer Science and Engineering Michigan State

266 views • 9 slides
A self-consistent constrained path auxiliary field Quantum Monte Carlo method Mingpu Qin (

A self-consistent constrained path auxiliary field Quantum Monte Carlo method Mingpu Qin (

A self-consistent constrained path auxiliary field Quantum Monte Carlo method Mingpu Qin ( ) Shanghai Jiao Tong university July 22, 2019, CAQMP 2019 ISSP, Kashiwa, Japan In collaboration with Shiwei Zhang (William & Mary, CCQ of

639 views • 35 slides
Computing with Geometry as an Undergraduate Course: A ThreeYear Experience John L. Lowther

Computing with Geometry as an Undergraduate Course: A ThreeYear Experience John L. Lowther

Computing with Geometry as an Undergraduate Course: A ThreeYear Experience John L. Lowther and ChingKuang Shene Department of Computer Science Michigan Technological University Houghton, MI 499311295 Partially supported by National

686 views • 44 slides
EFTs from the soft limits of scattering amplitudes Jaroslav Trnka Center for Quantum

EFTs from the soft limits of scattering amplitudes Jaroslav Trnka Center for Quantum

EFTs from the soft limits of scattering amplitudes Jaroslav Trnka Center for Quantum Mathematics and Physics (QMAP) University of California, Davis with Clifford Cheung, Karol Kampf, Jiri Novotny, Chia-Hsien Shen, Congkao Wen Amplitudes in

601 views • 49 slides
A Collaborative Approach to Anti-Spam Chia-Mei Chen National Sun Yat-Sen University TWCERT/CC

A Collaborative Approach to Anti-Spam Chia-Mei Chen National Sun Yat-Sen University TWCERT/CC

A Collaborative Approach to Anti-Spam Chia-Mei Chen National Sun Yat-Sen University TWCERT/CC Taiwan TWCERT/CC, Taiwan Taiwan Taiwan Computer Emergency Response Team / Coordination Center Computer Emergency Response Team / Coordination

428 views • 13 slides
A comparison of estimators for regression models with change points Cathy WS Chen 1 , Jennifer SK

A comparison of estimators for regression models with change points Cathy WS Chen 1 , Jennifer SK

Aim Change-points Bayesian Julious Segmented Grid search Simulation Return prediction model Applications Conclusions A comparison of estimators for regression models with change points Cathy WS Chen 1 , Jennifer SK Chan 2 , Richard

1.44k views • 42 slides
Racket for Everyone (Else) Morgan Lemmer-Webber email: mlemmer@wisc.edu twitter: @mlemweb

Racket for Everyone (Else) Morgan Lemmer-Webber email: mlemmer@wisc.edu twitter: @mlemweb

Racket for Everyone (Else) Morgan Lemmer-Webber email: mlemmer@wisc.edu twitter: @mlemweb fediverse: https://octodon.social/@mlemweb Christopher Lemmer Webber website: https://dustycloud.org/ email: cwebber@dustycloud.org twitter: @dustyweb

401 views • 23 slides
Lattice QCD: 2020 and beyond Andreas Kronfeld with input from Ruth Van de Water and Mike Wagman

Lattice QCD: 2020 and beyond Andreas Kronfeld with input from Ruth Van de Water and Mike Wagman

Lattice QCD: 2020 and beyond Andreas Kronfeld with input from Ruth Van de Water and Mike Wagman Scientists, Research Associates, and Students Ruth Van de Water Yin Lin Ciaran Hughes 2012???? 2017present 20172019 also RA 20052008

297 views • 25 slides
Proof Systems for Sustainable Blockchains: How to Prove you Waste Space and Time Krzysztof

Proof Systems for Sustainable Blockchains: How to Prove you Waste Space and Time Krzysztof

Proof Systems for Sustainable Blockchains: How to Prove you Waste Space and Time Krzysztof Pietrzak 1st International Summer School on Security & Privacy for Blockchains and Distributed Ledger Technologies. September 5th 2019. Proof Systems

1.44k views • 142 slides

More recommend