Pairminer: mining for paired functions in Kernel extensions

Drivers use kernel extension functions to manage devices, and there are often many rules on how they should be used. Among the rules, utilization of paired functions, which means that the functions must be called in pairs between two different functions, is extremely complex and important. However, such pairing rules are not well documented, and these rules can be easily violated by programmers when they unconsciously ignore or forget about them. Therefore it is useful to develop a tool to automatically extract paired functions in the kernel source and detect incorrect usages. We put forward a method called PairMiner in this paper. Heuristic and statistical mechanisms are adopted to associate with the special structure of drivers' source code, to find out paired functions between relative operations, and then to detect violations with extracted paired functions. In the experiment evaluation, we have successfully found 1023 paired functions in Linux 3.10.10. The utility of PairMiner was evaluated by analyzing the source code of Linux 2.6.38 and 3.10.10. PairMiner located 265 bugs about paired function violations in 2.6.38 which have been fixed in 3.10.10. We also have identified 1994 paired function violations which have not yet been fixed in 3.10.10. We have reported some violations as potential bugs with emails to the developers, 27 developers have replied the emails and 20 bugs have been confirmed so far, 2 violations are confirmed as false positive.

[1]  Qing Wang,et al.  Mining API mapping for language migration , 2010, 2010 ACM/IEEE 32nd International Conference on Software Engineering.

[2]  Asim Kadav,et al.  Understanding modern device drivers , 2012, ASPLOS XVII.

[3]  Julia L. Lawall,et al.  Finding Error Handling Bugs in OpenSSL Using Coccinelle , 2010, 2010 European Dependable Computing Conference.

[4]  Yuping Wang,et al.  PF-Miner: A New Paired Functions Mining Method for Android Kernel in Error Paths , 2014, 2014 IEEE 38th Annual Computer Software and Applications Conference.

[5]  Jingling Xue,et al.  Static memory leak detection using full-sparse value-flow analysis , 2012, ISSTA 2012.

[6]  Zhenmin Li,et al.  PR-Miner: automatically extracting implicit programming rules and detecting violations in large software code , 2005, ESEC/FSE-13.

[7]  Hamid Pirahesh,et al.  Extensions to Starburst: objects, types, functions, and rules , 1991, CACM.

[8]  Asim Kadav,et al.  SymDrive: Testing Drivers without Devices , 2012, OSDI.

[9]  Tao Xie,et al.  Mining exception-handling rules as sequence association rules , 2009, 2009 IEEE 31st International Conference on Software Engineering.

[10]  Qian Wu,et al.  Mining Effective Temporal Specifications from Heterogeneous API Data , 2011, Journal of Computer Science and Technology.

[11]  Isil Dillig,et al.  Static error detection using semantic inconsistency inference , 2007, PLDI '07.

[12]  Suman Saha,et al.  Hector: Detecting Resource-Release Omission Faults in error-handling code for systems software , 2013, 2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[13]  Xi Wang,et al.  Improving Integer Security for Systems with KINT , 2012, OSDI.

[14]  Martín Abadi,et al.  XFI: software guards for system address spaces , 2006, OSDI '06.

[15]  Archana Ganapathi,et al.  Windows XP Kernel Crash Analysis , 2006, LISA.

[16]  George Candea,et al.  Efficient Testing of Recovery Code Using Fault Injection , 2011, TOCS.

[17]  Xi Wang,et al.  Software fault isolation with API integrity and multi-principal modules , 2011, SOSP.

[18]  Jian Pei,et al.  MAPO: mining API usages from open source repositories , 2006, MSR '06.

[19]  Junfeng Yang,et al.  An empirical study of operating systems errors , 2001, SOSP.

[20]  Jia-Ju Bai,et al.  Automatically Inserting Log System for Driver Configuration: Automatically Inserting Log System for Driver Configuration , 2014 .

[21]  Sriram K. Rajamani,et al.  Thorough static analysis of device drivers , 2006, EuroSys.

[22]  Suman Saha,et al.  An approach to improving the structure of error-handling code in the linux kernel , 2011, LCTES '11.

[23]  Dawson R. Engler,et al.  Bugs as deviant behavior: a general approach to inferring errors in systems code , 2001, SOSP.

[24]  Asim Kadav,et al.  Fine-grained fault tolerance using device checkpoints , 2013, ASPLOS '13.

[25]  Julia L. Lawall,et al.  WYSIWIB: exploiting fine‐grained program structure in a scriptable API‐usage protocol‐finding process , 2013, Softw. Pract. Exp..