[concurrency-interest] Concurrency and security
Yao Qi
qiyaoltc at gmail.com
Thu May 20 01:47:57 EDT 2010
On Thu, May 20, 2010 at 1:04 PM, David Holmes <davidcholmes at aapt.net.au> wrote:
> James Gan writes:
>> Yes, data race tool can detect this problem. On the other hand, even
>> if we fixed the data race problem by adding synchronization, it's
>> still a security problem.
>
> Oops! Indeed. Even with sync the API is fatally flawed.
>
> I don't know if the tools will be able to detect the inherent check-then-act
> sequence.
David, this kind of error is regarded as "atomic violation". I don't
know either if tools can detect such errors *accurately* and
*efficiently*, even there are a lot of papers on this topic.
>
> David
>
--
Yao Qi <qiyaoltc AT gmail DOT com> GNU/Linux Developer
http://duewayqi.googlepages.com/
More information about the Concurrency-interest
mailing list