A Deep Study of the Effects and Fixes of Server-Side Request Races in Web Applications
Nowadays, websites commonly run web applications on the server side to handle HTTP requests and generate responses dynamically. These server-side web applications handle a large number of concurrent requests and are thus highly vulnerable to request races, i.e., races while handling concurrent requests. To better handle such request races in server-side web applications, we need a deep understanding of their characteristics. While some previous studies of real-world request races exist, they primarily focus on the root cause of these bugs. In this paper, we provide a complementary focus on their effects and fixes. We study the external and internal effects of request races, and we relate request-race fixes with concurrency control mechanisms in languages and frameworks for developing server-side web applications. Our study reveals several interesting findings, and we expect our results can help developers better understand request races and guide the design and development of tools for combating request races.
Fri 20 MayDisplayed time zone: Eastern Time (US & Canada) change
14:00 - 15:00 | Session 16: Non-functional Properties (Availability, Security, Legal Aspects)Industry Track / Technical Papers / Registered Reports / Data and Tool Showcase Track at MSR Main room - even hours Chair(s): Maxime Lamothe Polytechnique Montreal, Montreal, Canada, Jin L.C. Guo McGill University | ||
14:00 7mTalk | A Deep Study of the Effects and Fixes of Server-Side Request Races in Web Applications Technical Papers Zhengyi Qiu North Carolina State University, Shudi Shao North Carolina State University, Qi Zhao North Carolina State University, Hassan Ali Khan North Carolina State University, Xinning Hui North Carolina State University, Guoliang Jin North Carolina State University Media Attached | ||
14:07 4mTalk | A Large-scale Dataset of (Open Source) License Text VariantsData and Tool Showcase Award Data and Tool Showcase Track Stefano Zacchiroli Télécom Paris, Polytechnic Institute of Paris DOI Pre-print | ||
14:11 7mTalk | SECOM: Towards a convention for security commit messagesFOSS Impact Paper Award Industry Track Sofia Reis Instituto Superior Técnico, U. Lisboa & INESC-ID, Rui Abreu Faculty of Engineering, University of Porto, Portugal, Hakan Erdogmus Carnegie Mellon University, Corina S. Păsăreanu Carnegie Mellon University Pre-print | ||
14:18 7mTalk | Varangian: A Git Bot for Augmented Static Analysis Industry Track Saurabh Pujar IBM Research, Yunhui Zheng IBM Research, Luca Buratti IBM Research, Burn Lewis IBM Research, Alessandro Morari IBM Research, Jim A. Laredo IBM Research, Kevin Postlethwait Red Hat, Christoph Görn Red Hat | ||
14:25 7mTalk | Detecting Privacy-Sensitive Code Changes with Language Modeling Industry Track Gökalp Demirci Meta Platforms, Inc., Vijayaraghavan Murali Meta Platforms, Inc., Imad Ahmad Meta Platforms, Inc., Rajeev Rao Meta Platforms, Inc., Gareth Ari Aye Meta Platforms, Inc. | ||
14:32 4mTalk | Is GitHub's Copilot as Bad As Humans at Introducing Vulnerabilities in Code? Registered Reports Owura Asare University of Waterloo, Mei Nagappan University of Waterloo, N. Asokan University of Waterloo Pre-print | ||
14:36 7mTalk | Finding the Fun in Fundraising: Public Issues and Pull Requests in VC-backed Open-Core Companies Industry Track Kevin Xu GitHub | ||
14:43 17mLive Q&A | Discussions and Q&A Technical Papers | ||