Abstract
Software projects tend to suffer from conceptually simple resource manipulation bugs, such as accessing a de-allocated memory region, or acquiring a non-reentrant lock twice. Static code scanners are used extensively to remove these bugs from projects like the Linux kernel. Yet, when the manipulation of the resource spans multiple functions, efficiently finding these bugs is a challenge. We present a shape-and-effect inference system for C, that enables efficient and scalable inter-procedural reasoning about resource manipulation. The inference system is used to build a program abstraction: a control-flow graph decorated with alias relationships and observable effects. Bugs are found by model checking this control-flow graph, matching undesirable sequences of operations. We evaluate a prototype implementation of our approach (EBA) and run it on a collection of historical double-lock bugs from the Linux kernel. Our results show that our tool is more effective at finding bugs than similar code-scanning tools. EBA analyzes the drivers/ directory of Linux (nine thousand files) in less than thirty minutes, and uncovers a handful previously unknown double-lock bugs in various drivers.
Originalsprog | Engelsk |
---|---|
Titel | Verification, Model Checking, and Abstract Interpretation : 18th International Conference, VMCAI 2017, Paris, France, January 15–17, 2017, Proceedings |
Forlag | Springer |
Publikationsdato | 2017 |
Sider | 34-54 |
ISBN (Trykt) | 978-3-319-52233-3 |
ISBN (Elektronisk) | 978-3-319-52234-0 |
DOI | |
Status | Udgivet - 2017 |
Begivenhed | 18th International Conference on Verification, Model Checking, and Abstract Interpretation - The Jussieu campus of Université Pierre et Marie Curie, Paris, Frankrig Varighed: 15 jan. 2017 → 17 jan. 2017 Konferencens nummer: 18 http://conf.researchr.org/home/VMCAI-2017 |
Konference
Konference | 18th International Conference on Verification, Model Checking, and Abstract Interpretation |
---|---|
Nummer | 18 |
Lokation | The Jussieu campus of Université Pierre et Marie Curie |
Land/Område | Frankrig |
By | Paris |
Periode | 15/01/2017 → 17/01/2017 |
Internetadresse |
Navn | Lecture Notes in Computer Science |
---|---|
Vol/bind | 10145 |
ISSN | 0302-9743 |
Emneord
- Type and effects
- Bug finding
- C
- Type inference
- Model checking
- Linux
- Double lock