A Deep Study of the Effects and Fixes of Server-Side Request Races in Web Applications
Nowadays, websites commonly run web applications on the server side to handle HTTP requests and generate responses dynamically. These server-side web applications handle a large number of concurrent requests and are thus highly vulnerable to request races, i.e., races while handling concurrent requests. To better handle such request races in server-side web applications, we need a deep understanding of their characteristics. While some previous studies of real-world request races exist, they primarily focus on the root cause of these bugs. In this paper, we provide a complementary focus on their effects and fixes. We study the external and internal effects of request races, and we relate request-race fixes with concurrency control mechanisms in languages and frameworks for developing server-side web applications. Our study reveals several interesting findings, and we expect our results can help developers better understand request races and guide the design and development of tools for combating request races.