github.com/system-pclub/GCatch
This is the code repository of our ASPLOS paper [1]. GCatch is a suite of static detectors that can analyze large, real Go software. GFix is an automated fixing tool that can synthesize patches for blocking misuse-of-channel (BMOC) bugs detected by GCatch. We evaluated GCatch and GFix in 21 open-source Go projects (e.g., Docker, Kubernetes, gRPC). In total, GCatch detects 149 BMOC bugs and 119 traditional concurrency bugs and GFix successfully generates patches for 124 BMOC bugs. The detailed experimental data can be found here.
We extended GCatch to GCatch+ as a verification tool, as well as supporting detecting more misuse of concurrency primitives. The tool is in branch verification.
[1] Ziheng Liu, Shuofei Zhu, Boqin Qin, Hao Chen, and Linhai Song. “Automatically Detecting and Fixing Concurrency Bugs in Go Software Systems.” In ASPLOS’2021.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
OpenSSF has published OSPS Baseline, an initiative designed to establish a minimum set of security-related best practices for open source software projects.
Security News
Michigan TypeScript founder Dimitri Mitropoulos implements WebAssembly runtime in TypeScript types, enabling Doom to run after processing 177 terabytes of type definitions.
Security News
vlt's new "reproduce" tool verifies npm packages against their source code, outperforming traditional provenance adoption in the JavaScript ecosystem.
