[concurrency-interest] Concurrency and security

Yao Qi qiyaoltc at gmail.com
Thu May 20 01:47:57 EDT 2010


On Thu, May 20, 2010 at 1:04 PM, David Holmes <davidcholmes at aapt.net.au> wrote:
> James Gan writes:
>> Yes, data race tool can detect this problem. On the other hand, even
>> if we fixed the data race problem by adding synchronization, it's
>> still a security problem.
>
> Oops! Indeed. Even with sync the API is fatally flawed.
>
> I don't know if the tools will be able to detect the inherent check-then-act
> sequence.

David, this kind of error is regarded as "atomic violation".  I don't
know either if tools can detect such errors *accurately* and
*efficiently*, even there are a lot of papers on this topic.

>
> David
>
-- 
Yao Qi <qiyaoltc AT gmail DOT com>    GNU/Linux Developer
http://duewayqi.googlepages.com/


More information about the Concurrency-interest mailing list