Cuzz Verification Layer |
The Concurrency Fuzzing (Cuzz) verification layer detects concurrency bugs and data race conditions. Cuzz adjusts thread scheduling by injecting random delays at key points in an application's code. The following scenario illustrates the type of concurrency bug that could be detected by the Cuzz verification layer.
An application has a parent thread and a child thread. The parent thread starts the child thread and then allocates memory for a structure.
� | Copy Code |
---|---|
// Parent Thread StartChildThread(...); g_pointer = ... malloc(...); |
The child thread dereferences the pointer.
� | Copy Code |
---|---|
//Child Thread LONG value = g_pointer->someMember; |
The preceding code has a concurrency bug. If the child thread attempts to dereference the pointer before the parent thread allocates the memory, the pointer will be invalid. The bug is very unlikely to manifest itself, because in most cases, the parent thread will allocate the memory before the child thread gets started. But in rare cases, the child thread could get started and attempt to dereference the pointer before the parent thread has allocated the memory.
The Cuzz verification layer increases the likelihood of finding concurrency bugs like the one illustrated in the preceding example. Cuzz does not perform any additional checks apart from inserting delays. As such, there are no verification stops directly associated with Cuzz. However, if enabling Cuzz results in a concurrency bug manifesting itself, other verification layers will benefit. For instance, if a race condition results in a heap overflow, the Heaps verification layer will not find the error unless the race condition manifests itself at run time. By increasing the probability of the race condition occurring, Cuzz improves the effectiveness of the Heaps layer in identifying the error.
To get the maximum benefit of Cuzz, enable Cuzz on as many tests as possible, and repeat the same test many times. Cuzz can be enabled on all tests, including manual tests, functional tests, and stress tests. Also, enable as many Application Verifier verification layers as possible.
You can increase the probability of reproducing a bug by providing Cuzz with the same random seed (see Properties).
The current version of Cuzz inserts delays only on Win32 synchronization API calls.
Properties
The following properties are available for the Cuzz verification layer. To set the properties, select the Cuzz layer in the Application Verifier user interface, and open the Property Window.
Property | Description |
---|---|
FuzzingLevel | Controls the fuzzing level for Cuzz. Set this to 1 for time-critical applications and 4 for regular applications. |
RandomSeed | The random seed used by Cuzz at start. If you set this to 0, Cuzz generates a time-based random seed. |