| In order to improve the utilization of CPU and software's interaction performance,software developers make heavy use of multithread programming.Multithread programs are susceptible to concurrency bugs,so many research efforts focus on how to detect concurrency bugs in programs.With the development of concurrency vulnerability detection technologies and tools,researchers are facing a key problem.The lack of enough real concurrency vulnerabilities makes it difficult for researchers to evaluate and verify these technologies and tools and to accurately measure their false negative and false positive rates.Data race bug is one of the most common concurrency vulnerabilities and is the hardest one to detect,therefore,this article focuses on data race bugs,proposes a concurrent vulnerability injection method and implements the method in a tool called DRInject.DRInject injects data race vulnerabilities by constructing two threads accessing the same global variable concurrently.DRInject not only guarantees the depth of competition for injected data,but also guarantees that every data race vulnerability injected is triggered by real inputs.We injected more than 600 data races into 10 open source programs,including water-nsquared,x264,and libvips,and evaluated four data race detection tools with these programs containing bugs.We find that these tools have much room for improvement.Experimental results show that DRInject can inject data race vulnerabilities into programs with large code size,and be used to evaluate some basic indicators of data race detection tools,such as the false negative rate and false positive rate.Therefore,DRInject can generate a sufficient corpus for the future research on detection of data race vulnerabilities. |
PDF Full Text Request