Eraser: a dynamic data race detector for multithreaded programs
ACM Transactions on Computer Systems (TOCS)
Architecture recovery of web applications
Proceedings of the 24th International Conference on Software Engineering
Behavioral consistency of C and verilog programs using bounded model checking
Proceedings of the 40th annual Design Automation Conference
Hybrid dynamic data race detection
Proceedings of the ninth ACM SIGPLAN symposium on Principles and practice of parallel programming
Atomizer: a dynamic atomicity checker for multithreaded programs
Proceedings of the 31st ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Scalable error detection using boolean satisfiability
Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Integrating Static and Dynamic Analysis to improve the Comprehension of Existing Web Applications
WSE '05 Proceedings of the Seventh IEEE International Symposium on Web Site Evolution
Associating synchronization constraints with data in an object-oriented language
Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Effective static race detection for Java
Proceedings of the 2006 ACM SIGPLAN conference on Programming language design and implementation
AVIO: detecting atomicity violations via access interleaving invariants
Proceedings of the 12th international conference on Architectural support for programming languages and operating systems
Compilers: Principles, Techniques, and Tools (2nd Edition)
Compilers: Principles, Techniques, and Tools (2nd Edition)
Static detection of security vulnerabilities in scripting languages
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Automated Session Data Repair for Web Application Regression Testing
ICST '08 Proceedings of the 2008 International Conference on Software Testing, Verification, and Validation
Dynamic test input generation for web applications
ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
On Race Vulnerabilities in Web Applications
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Randomized active atomicity violation detection in concurrent programs
Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of software engineering
Precise interface identification to improve testing and analysis of web applications
Proceedings of the eighteenth international symposium on Software testing and analysis
Proceedings of the 42nd Annual IEEE/ACM International Symposium on Microarchitecture
Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 1
Practical fault localization for dynamic web applications
Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 1
Automatic workarounds for web applications
Proceedings of the eighteenth ACM SIGSOFT international symposium on Foundations of software engineering
Efficient processor support for DRFx, a memory model with exceptions
Proceedings of the sixteenth international conference on Architectural support for programming languages and operating systems
Statically locating web application bugs caused by asynchronous calls
Proceedings of the 20th international conference on World wide web
Crawlability metrics for automated web testing
International Journal on Software Tools for Technology Transfer (STTT) - WSE 2009
ICST '11 Proceedings of the 2011 Fourth IEEE International Conference on Software Testing, Verification and Validation
A Study of Usage-Based Navigation Models and Generated Abstract Test Cases for Web Applications
ICST '11 Proceedings of the 2011 Fourth IEEE International Conference on Software Testing, Verification and Validation
Static detection of access control vulnerabilities in web applications
SEC'11 Proceedings of the 20th USENIX conference on Security
Accentuating the positive: atomicity inference and enforcement using correct executions
Proceedings of the 2011 ACM international conference on Object oriented programming systems languages and applications
Model checking database applications
TACAS'13 Proceedings of the 19th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Path sensitive static analysis of web applications for remote code execution vulnerability detection
Proceedings of the 2013 International Conference on Software Engineering
Z3-str: a z3-based string solver for web application analysis
Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering
| Hi-index | 0.00 |
With modern multi-core architectures, web applications are usually configured to serve multiple requests simultaneously by spawning multiple instances. These instances may access the same external resources such as database tables and files. Such contentions may become severe during peak time, leading to violations of atomicity business logic. In this paper, we propose a novel static analysis that detects atomicity violations of external operations for server side scripts. The analysis differs from traditional atomicity violation detection techniques by focusing on external resources instead of shared memory. It consists of three components. The first one is an interprocedural and path-sensitive resource identity analysis that determines whether multiple operations access the same external resource, which is critical to identifying contentions. The second component infers pairs of external operations that should be executed atomically. Finally, violations are detected by reasoning about serializability of interleaved atomic pairs. Experimental results show that the analysis is highly effective in detecting atomicity violations in real-world web apps.