Visible to the public CONVUL: An Effective Tool for Detecting Concurrency Vulnerabilities

TitleCONVUL: An Effective Tool for Detecting Concurrency Vulnerabilities
Publication TypeConference Paper
Year of Publication2019
AuthorsMeng, Ruijie, Zhu, Biyun, Yun, Hao, Li, Haicheng, Cai, Yan, Yang, Zijiang
Conference Name2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE)
Date PublishedNov. 2019
ISBN Number978-1-7281-2508-4
KeywordsClocks, composability, Concurrency, concurrency control, concurrency vulnerability detection, Concurrent computing, CONVUL, CPS, cyber physical systems, Instruction sets, Instruments, Metrics, multi-threading, multithreaded execution nondeterminism, program diagnostics, pubcrawl, resilience, Resiliency, Runtime, security, security of data, Synchronization, Tools, vulnerabilities

Concurrency vulnerabilities are extremely harmful and can be frequently exploited to launch severe attacks. Due to the non-determinism of multithreaded executions, it is very difficult to detect them. Recently, data race detectors and techniques based on maximal casual model have been applied to detect concurrency vulnerabilities. However, the former are ineffective and the latter report many false negatives. In this paper, we present CONVUL, an effective tool for concurrency vulnerability detection. CONVUL is based on exchangeable events, and adopts novel algorithms to detect three major kinds of concurrency vulnerabilities. In our experiments, CONVUL detected 9 of 10 known vulnerabilities, while other tools only detected at most 2 out of these 10 vulnerabilities. The 10 vulnerabilities are available at

Citation Keymeng_convul_2019