Detecting Data Races in Binaries Using Software Static Analysis

Abstract

In our modern computer systems, more and more programs are using concurrency to improve performance. These programs are vulnerable to unique concurrency issues such as when multiple threads fail to synchronize access. Because these mistakes depend on specific thread timings and are therefore difficult to identify, we present in this thesis a novel static analyzer to detect data races in binary programs.

To help in the identification of data races, we choose to build a program analysis tool. Our analyzer uses a lockset-based analysis inspired by the static analysis RacerX by Engler and Ashcraft. The Racerx analyzer requires source code and most of the tools currently used to detect data races require dynamic instrumentation. We propose in this thesis a new static data race detector with new binary analysis techniques that can successfully identify possible data races in programs without the need for the source code.

Our thesis describes the design of our binary analyzer built on the Ghidra reverse engineering framework. We also tested an implementation of our analyzer on a set of real-world data races previously found in the Linux kernel. Finally, we explore areas where this research can be expanded such as in automated security testing or coupled with surgical dynamic instrumentation.