Schfuzz: Detecting Concurrency Bugs with Feedback-Guided Fuzzing

It is challenging to detect concurrency bugs with fuzzing. There are two main reasons for this. First, manifesting them by exploring input space is inefficient because they only occur under specific interleavings. Second, re-giving an input detected a bug in a fuzzing campaign does not necessarily reproduce the bug because typical runtimes do not schedule threads deterministically. This research proposes Schfuzz, a novel approach for detecting concurrency bugs with feedback-guided fuzzing. This approach executes programs under test deterministically based on test cases generated by fuzzers. In addition, it feeds back dynamic memory-access orders to aid fuzzers in detecting concurrency bugs more efficiently and effectively. We evaluate Schfuzz with a hand-made motivating example and four benchmark programs from SCTBench (Thomson et al., 2016). The result shows that it can detect concurrency bugs more efficiently and effectively than traditional feedback-guided fuzzing.