PF-Miner: A New Paired Functions Mining Method for Android Kernel in Error Paths

Drivers are significant components of the operating systems(OSs), and they run in kernel mode. Generally, drivers have many errors to handle, and the functions called in the normal execution paths and error handling paths are in pairs, which are named as paired functions. However, some developers do not handle the errors completely as they forget about or are unaware of releasing the acquired resources, thus memory leaks and other potential problems can be easily introduced. Therefore, it is highly valuable to automatically extract paired functions for these problems and detect violations for the programmers. This paper proposes an efficient tool named PF-Miner, which can automatically extract paired functions and detect violations between normal execution paths and error handling paths from the source code of C program with the data mining and statistical methods. We have evaluated PF-Miner on different versions of Android kernel 2.6.39 and 3.10.0, and 81 bugs reported by PF-Miner in 2.6.39 have been fixed before the latest version 3.10.0. PF-Miner only needs about 150 seconds to analyze the source code of 3.10.0, and 983 violations have been detected from 546 paired functions that have been extracted. We have reported the top 51 violations as potential bugs to the developers, and 15 bugs have been confirmed.

[1]  Suman Saha,et al.  An approach to improving the structure of error-handling code in the linux kernel , 2011, LCTES '11.

[2]  Julia L. Lawall,et al.  WYSIWIB: exploiting fine‐grained program structure in a scriptable API‐usage protocol‐finding process , 2013, Softw. Pract. Exp..

[3]  Andreas Zeller,et al.  Generating test cases for specification mining , 2010, ISSTA '10.

[4]  Asim Kadav,et al.  Understanding modern device drivers , 2012, ASPLOS XVII.

[5]  George C. Necula,et al.  SafeDrive: safe and recoverable extensions using language-based techniques , 2006, OSDI '06.

[6]  Paulo Marques,et al.  A transactional model for automatic exception handling , 2011, Comput. Lang. Syst. Struct..

[7]  Pascal Felber,et al.  Atomic Boxes: Coordinated Exception Handling with Transactional Memory , 2011, ECOOP.

[8]  Dawson R. Engler,et al.  Bugs as deviant behavior: a general approach to inferring errors in systems code , 2001, SOSP.

[9]  Julia L. Lawall,et al.  Finding Error Handling Bugs in OpenSSL Using Coccinelle , 2010, 2010 European Dependable Computing Conference.

[10]  Junfeng Yang,et al.  An empirical study of operating systems errors , 2001, SOSP.

[11]  Jia-Ju Bai,et al.  Automatically Inserting Log System for Driver Configuration: Automatically Inserting Log System for Driver Configuration , 2014 .

[12]  Zhenmin Li,et al.  PR-Miner: automatically extracting implicit programming rules and detecting violations in large software code , 2005, ESEC/FSE-13.

[13]  Suresh Jagannathan,et al.  Static specification inference using predicate mining , 2007, PLDI '07.

[14]  Archana Ganapathi,et al.  Windows XP Kernel Crash Analysis , 2006, LISA.

[15]  Asim Kadav,et al.  SymDrive: Testing Drivers without Devices , 2012, OSDI.

[16]  Tao Xie,et al.  Mining exception-handling rules as sequence association rules , 2009, 2009 IEEE 31st International Conference on Software Engineering.

[17]  Michael M. Swift,et al.  Nooks: an architecture for reliable device drivers , 2002, EW 10.

[18]  George C. Necula,et al.  Exceptional situations and program reliability , 2008, TOPL.

[19]  Xingshe Zhou,et al.  A Software Fault-Tolerant Method Based on Exception Handling in RT/E System , 2011, 2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications.

[20]  George Candea,et al.  S2E: a platform for in-vivo multi-path analysis of software systems , 2011, ASPLOS XVI.

[21]  Yuanyuan Zhou,et al.  /*icomment: bugs or bad comments?*/ , 2007, SOSP.

[22]  Asim Kadav,et al.  Fine-grained fault tolerance using device checkpoints , 2013, ASPLOS '13.

[23]  Brian N. Bershad,et al.  Recovering device drivers , 2004, TOCS.

[24]  Wei Zhang,et al.  Automated Concurrency-Bug Fixing , 2012, OSDI.

[25]  George C. Necula,et al.  Mining Temporal Specifications for Error Detection , 2005, TACAS.

[26]  Yuanyuan Zhou,et al.  aComment: mining annotations from comments and code to detect interrupt related concurrency bugs , 2011, 2011 33rd International Conference on Software Engineering (ICSE).