UC Irvine

Concurrent software is difficult to debug. C++ uses a relaxed memory model, so concurrent software written in C++ using atomics is extra difficult to debug. We built a smart fuzzer for concurrent C++ programs that implemented the relaxed memory model for C++ atomics. This paper presents an informal operational semantics of the C++20 memory model, along with a description of the work done to implement it in the fuzzer. Code is instrumented using a compiler pass to replace operations with calls into the fuzzer library which is preloaded into the program. The fuzzer intercepts the main function to take control of the program. We show that the fuzzer can find bugs in small demo programs created as unit tests for other tools. Unfortunately, our approach to program instrumentation is defeated by programming practices that are common to real-world code using C++ atomics. Additional limitations of our instrumentation approach are discussed, as well as other challenges we ran into when working with real-world code. We then propose an alternate instrumentation strategy that could be used to overcome all observed challenges for future work.