Tracking Load-Time Configuration Options

Many software systems are highly configurable, despite the fact that configuration options and their interactions make those systems significantly harder to understand and maintain. In this work, we consider load-time configuration options, such as parameters from the command-line or from configuration files. They are particularly hard to reason about: tracking configuration options from the point at which they are loaded to the point at which they influence control-flow decisions is tedious and error-prone, if done manually. We design and implement Lotrack, an extended static taint analysis to track configuration options automatically. Lotrack derives a configuration map that explains for each code fragment under which configurations it may be executed. An evaluation on Android apps and Java applications from different domains shows that Lotrack yields high accuracy with reasonable performance. We use Lotrack to empirically characterize how much of the implementation of Android apps depends on the platform's configuration options or interactions of these options.

[1]  Martin C. Rinard,et al.  Taint-based directed whitebox fuzzing , 2009, 2009 IEEE 31st International Conference on Software Engineering.

[2]  Adam A. Porter,et al.  Using symbolic evaluation to understand behavior in configurable software systems , 2010, 2010 ACM/IEEE 32nd International Conference on Software Engineering.

[3]  Long Jin,et al.  Hey, you have given me too many knobs!: understanding and dealing with over-designed configuration in system software , 2015, ESEC/SIGSOFT FSE.

[4]  David W. Binkley,et al.  Program slicing , 2008, 2008 Frontiers of Software Maintenance.

[5]  Hung Viet Nguyen,et al.  Exploring variability-aware execution for testing plugin-based web applications , 2014, ICSE.

[6]  Wolfgang Schröder-Preikschat,et al.  Feature consistency in compile-time-configurable system software: facing the linux 10,000 feature problem , 2011, EuroSys '11.

[7]  Márcio Ribeiro,et al.  Feature maintenance with emergent interfaces , 2014, ICSE.

[8]  Michael D. Ernst,et al.  Which configuration option should I change? , 2014, ICSE.

[9]  Myra B. Cohen,et al.  Configurations everywhere: implications for testing and debugging in practice , 2014, ICSE Companion.

[10]  Wolfgang Schröder-Preikschat,et al.  A quantitative analysis of aspects in the eCos kernel , 2006, EuroSys.

[11]  Gunter Saake,et al.  Feature-Oriented Software Product Lines , 2013, Springer Berlin Heidelberg.

[12]  Andreas Grimmer,et al.  Configuration-Aware Change Impact Analysis (T) , 2015, 2015 30th IEEE/ACM International Conference on Automated Software Engineering (ASE).

[13]  Manu Sridharan,et al.  Thin slicing , 2007, PLDI '07.

[14]  Audris Mockus,et al.  Using Version Control Data to Evaluate the Impact of Software Tools: A Case Study of the Version Editor , 2002, IEEE Trans. Software Eng..

[15]  Laurie Hendren,et al.  Soot: a Java bytecode optimization framework , 2010, CASCON.

[16]  Sarfraz Khurshid,et al.  SPLat: lightweight dynamic analysis for reducing combinatorics in testing configurable systems , 2013, ESEC/FSE 2013.

[17]  Xiangyu Zhang,et al.  Z3-str: a z3-based string solver for web application analysis , 2013, ESEC/FSE 2013.

[18]  Bruno C. d. S. Oliveira,et al.  Regression tests to expose change interaction errors , 2013, ESEC/FSE 2013.

[19]  Henry Spencer,et al.  #ifdef Considered Harmful, or Portability Experience with C News , 1992, USENIX Summer.

[20]  Adam A. Porter,et al.  iGen: dynamic interaction inference for configurable software , 2016, SIGSOFT FSE.

[21]  Randy H. Katz,et al.  Precomputing possible configuration error diagnoses , 2011, 2011 26th IEEE/ACM International Conference on Automated Software Engineering (ASE 2011).

[22]  Artur Andrzejak,et al.  Practical and accurate pinpointing of configuration errors using static analysis , 2015, 2015 IEEE International Conference on Software Maintenance and Evolution (ICSME).

[23]  Gunter Saake,et al.  On essential configuration complexity: Measuring interactions in highly-configurable systems , 2016, 2016 31st IEEE/ACM International Conference on Automated Software Engineering (ASE).

[24]  Jürgen Graf,et al.  JoDroid: Adding Android Support to a Static Information Flow Control Tool , 2015, Software Engineering.

[25]  Gunter Saake,et al.  Code generation to support static and dynamic composition of software product lines , 2008, GPCE '08.

[26]  Martin Erwig,et al.  #ifdef confirmed harmful: Promoting understandable software variation , 2011, 2011 IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC).

[27]  Wolfgang De Meuter,et al.  Can we refactor conditional compilation into aspects? , 2009, AOSD '09.

[28]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[29]  Aarti Gupta,et al.  DTAM: dynamic taint analysis of multi-threaded programs for relevancy , 2012, SIGSOFT FSE.

[30]  Eric Bodden,et al.  Tracking Load-Time Configuration Options , 2018, IEEE Trans. Software Eng..

[31]  Mira Mezini,et al.  SPLLIFT: statically analyzing software product lines in minutes instead of years , 2013, Software Engineering.

[32]  Jacques Klein,et al.  FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps , 2014, PLDI.

[33]  Wolfgang Schröder-Preikschat,et al.  Efficient extraction and analysis of preprocessor-based variability , 2010, GPCE '10.

[34]  Michael Franz,et al.  Dynamic taint propagation for Java , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[35]  Wolfgang Schröder-Preikschat,et al.  Static Analysis of Variability in System Software: The 90, 000 #ifdefs Issue , 2014, USENIX Annual Technical Conference.

[36]  Sarfraz Khurshid,et al.  Reducing combinatorics in testing product lines , 2011, AOSD '11.

[37]  Andreas Zeller,et al.  Mining input grammars from dynamic taints , 2016, 2016 31st IEEE/ACM International Conference on Automated Software Engineering (ASE).

[38]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[39]  Sebastian Erdweg,et al.  Variability-aware parsing in the presence of lexical macros and conditional compilation , 2011, OOPSLA '11.

[40]  Myra B. Cohen,et al.  Integration Testing of Software Product Lines Using Compositional Symbolic Execution , 2012, FASE.

[41]  Sven Apel,et al.  An analysis of the variability in forty preprocessor-based software product lines , 2010, 2010 ACM/IEEE 32nd International Conference on Software Engineering.

[42]  Ira D. Baxter,et al.  Preprocessor conditional removal by simple partial evaluation , 2001, Proceedings Eighth Working Conference on Reverse Engineering.

[43]  Dan Grossman,et al.  Staccato: A Bug Finder for Dynamic Configuration Updates , 2016, ECOOP.

[44]  Alessandro Orso,et al.  Precisely Detecting Runtime Change Interactions for Evolving Software , 2010, 2010 Third International Conference on Software Testing, Verification and Validation.

[45]  Sven Apel,et al.  Granularity in software product lines , 2008, 2008 ACM/IEEE 30th International Conference on Software Engineering.

[46]  Frank Tip,et al.  A survey of program slicing techniques , 1994, J. Program. Lang..

[47]  Thomas Leich,et al.  Do background colors improve program comprehension in the #ifdef hell? , 2012, Empirical Software Engineering.

[48]  H. Rice Classes of recursively enumerable sets and their decision problems , 1953 .

[49]  Jean-Marie Favre Understanding-in-the-large , 1997, Proceedings Fifth International Workshop on Program Comprehension. IWPC'97.

[50]  Ettore Merlo,et al.  Locating features in dynamically configured avionics software , 2012, 2012 34th International Conference on Software Engineering (ICSE).

[51]  Mona Attariyan,et al.  Automating Configuration Troubleshooting with Dynamic Information Flow Analysis , 2010, OSDI.

[52]  Sriram K. Rajamani,et al.  Bebop: a path-sensitive interprocedural dataflow engine , 2001, PASTE '01.

[53]  Sven Apel,et al.  A model of refactoring physically and virtually separated features , 2009, GPCE '09.

[54]  David A. Wagner,et al.  This copyright notice must be included in the reproduced paper. USENIX acknowledges all trademarks herein. Detecting Format String Vulnerabilities with Type Qualifiers , 2001 .

[55]  Jürgen Graf,et al.  Using JOANA for Information Flow Control in Java Programs - A Practical Guide , 2013, Software Engineering.

[56]  Randy H. Katz,et al.  Static extraction of program configuration options , 2011, 2011 33rd International Conference on Software Engineering (ICSE).