RClassify: classifying race conditions in web applications via deterministic replay

Author email: zhanglu623@gmail.com
Tool name: Rclassify
Description: Race conditions are common in web applications but are difficult to diagnose and repair. Although there exist tools for detecting races in web applications, they all report a large number of false positives. That is, the races they report are either bogus, meaning they can never occur in practice, or benign, meaning they do not lead to erroneous behaviors. Since manually diagnosing them is tedious and error prone, reporting these race warnings to developers would be counter-productive. We propose a platform-agnostic, deterministic replay-based method for identifying not only the real but also the truly harmful race conditions. It relies on executing each pair of racing events in two different orders and assessing their impact on the program state: we say a race is harmful only if (1) both of the two executions are feasible and (2) they lead to different program states. We have evaluated our evidence-based classification method on a large set of real websites from Fortune-500 companies and demonstrated that it significantly outperforms all state-of-the-art techniques.
Bibtex: @inproceedings{10.1109/ICSE.2017.33, author = {Zhang, Lu and Wang, Chao}, title = {RClassify: Classifying Race Conditions in Web Applications via Deterministic Replay}, year = {2017}, isbn = {9781538638682}, publisher = {IEEE Press}, url = {https://doi.org/10.1109/ICSE.2017.33}, doi = {10.1109/ICSE.2017.33}, booktitle = {Proceedings of the 39th International Conference on Software Engineering}, pages = {278–288}, numpages = {11}, location = {Buenos Aires, Argentina}, series = {ICSE ’17} }
Link to public pdf: https://dl.acm.org/doi/abs/10.1109/ICSE.2017.33
Link to tool webpage: https://bitbucket.org/zhuifengkuchong/rclassify
Link to demo: Not provided by authors
Category: None
Year and Conference: 2017, ICSE
Terms of use