Class 19: Synchronization

Posted: Tue 08 April 2014

PS4 Assessment due after your demo (by Friday at the latest)
Project Idea due by 11:59pm Thursday.

PS4 Postmortem

Yesterday's SSL Bug

SSL Heartbeat Bug
Diagnosis of the OpenSSL Heartbleed Bug

This is the buggy version of the code (excerpted):

dtls1_process_heartbeat(SSL *s)
         unsigned char *p = &s->s3->[0], *pl;
         unsigned short hbtype;
         unsigned int payload;
         unsigned int padding = 16; /* Use minimum padding */

         /* Read type and payload length first */
         hbtype = *p++;
         n2s(p, payload);
         pl = p;


         if (hbtype == TLS1_HB_REQUEST)
                 unsigned char *buffer, *bp;
                 int r;

                 /* Allocate memory for the response, size is 1 byte
                  * message type, plus 2 bytes payload length, plus
                  * payload, plus padding
                 buffer = OPENSSL_malloc(1 + 2 + payload + padding);
                 bp = buffer;

                 /* Enter response type, length and copy payload */
                 *bp++ = TLS1_HB_RESPONSE;
                 s2n(payload, bp);
                 memcpy(bp, pl, payload);
                 bp += payload;
                 /* Random padding */
                 RAND_pseudo_bytes(bp, padding);

                 r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding);

                 if (r >= 0 && s->msg_callback)
                         s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
                                 buffer, 3 + payload + padding,
                                 s, s->msg_callback_arg);


                 if (r < 0)
                         return r;

How many serious security bugs remain in OpenSSL? (Hint: if you answer 0 will most likely be proved wrong within a month or two!)


Thursday, 11:59pm (10 April): Project Idea
16-21 April: Project Reviews
24 and 29 April: Project Presentations (in class)

Do something that is fun (for you to do, and others to see), relevant (to the class), technically interesting (to you and me), and useful (at least to you, hopefully to many). You probably can’t maximize all of these! It is okay to sacrifice one or two of them to increase others. A good project should be strong on at least 2 of these, which is much better than being mediocre of all four.

You may use the projects from last semester for inspiration, but do not feel limited by the kinds of projects students did last semester, and you also have PS4 to build on.


E. W. Dijkstra, Solution to a Problem in Concurrent Program Control, Communications of the ACM, 1965. (1 page)


  1. Only one thread may be in the critical section at any time.
  2. Each must eventually be able to enter its critical section.
  3. Must be symmetrical (all run same program).
  4. Cannot make any assumptions about speed of threads.
   loop {         
         b[i] := false
L1:  if k != i 
               c[i] := true
                     if b[k]:
                        k := i
                  goto L1
               c[i] := false
               for j in [1, ..., N]:
                    if j != i and not c[j]:
                         goto L1  
               critical section;   
               c[i] := true
               b[i] := true    

How can you prove Dijkstra's solution is safe?

How can you prove Dijkstra's solution provides liveness?

How does Collab solve the mutual exclusion problem?

Leslie Lamport, A New Solution of Dijkstra's Concurrent Programming Problem, Communications of the ACM, 1972. (2 pages)

What are the advantages of Lamport's solution over Dijkstra's?

comments powered by Disqus