Cuzz – A Tool for Concurrency Fuzzing
Imagine a situation in which you have a test which doesn’t always pass or an unpredictable behavior which occurs only sometimes. What do you usually do? Stress tests. What else can you possibly do? Use Cuzz.
How do you use Cuzz? You inject the Cuzz DLL into your application binary with a simple command line tool, and what it does is take control of the application threads and their scheduling. By using statistical randomization, Cuzz manipulates the scheduling of your threads to traverse as many scheduling possibilities and find a bug in every one of them. On the demo presented, Cuzz was able to reproduce the bug with a probability 7,800 (!) times bigger.
For example, consider a situation in which one thread performs the code “p = NULL” and the other thread performs the code “if (p != NULL) p->GetSomething()” – one thread ordering might work well but another ordering might obviously cause a bug. On every iteration, Cuzz systematically tries a different Thread schedules and thus help you reproduce your bug faster.
Note that this tool is still a prototype and Microsoft Research is working hard on a release.
FeatherLite: Lightweight Data-Race Detection
Data races are good indicators of concurrency bugs, however current tools are inherently expansive performance wise. The purpose of FeatherLite is to allow detection of these data race conditions in a relatively light-weight manner (less than 50% overhead of other tools).
The idea is to instrument your application, and during runtime sample the application data accesses with a smart algorithm – as a code area is less frequently accessed (or is “colder”), more frequent sampling needs to be performed since less samples from that code area are generally available (really “rare” code data accesses are sampled 100% of the time). These samples are fed into a data race detection algorithm along with synchronizations attempts, and this algorithm, in term, tries to detect your data races.
Again, this tool is a prototype and Microsoft Research is working hard on a release.
The Bottom Line
When these tools are released they can surely help detect concurrency related bugs in a much easier and faster manner than your regular stress tests. I sure would like to give these tools a try already…