Mastering Variability Challenges in Linux and Related Highly-Configurable System Software

The compile-time configuration mechanisms of modern system software allow the adaptation to a broad range of supported hardware architectures and application domains. Linux is hereby a both prominent and good example: In version 3.2, Linux provides more than 12.000 user-configurable configuration options, growing rapidly. This high amount of configurability imposes big challenges for developers. First, the declared variability in the configuration tooling, and what is actually implemented in the code, have to be kept in sync. If performed manually, this is a tedious and error-prone task. Second, alternatives implemented in the code make the use of tools for static analysis challenging. Finally, the overwhelming amount of configuration options make finding the best configuration for a given use-case hard for system integrators and developers. In this thesis, I analyze the variability mechanisms in Linux and related system software, in which I reveal many inconsistencies between the variability declaration and implementation. Many of these inconsistencies are hereby provably actual programming errors. It turns out that the extracted variability model is useful for additional applications. The formalized model helps developers with employing existing tools for static analysis more effectively. This allows the systematic revelation of bugs that are hidden under seldom tested configurations. Moreover, my approach enables the construction of a minimal Linux configuration with the extracted variability model and a run-time analysis of the system. This enables system administrators to compile and operate a Linux kernel with significantly reduced attack-surface, which makes the system more secure. In the end, my approach allows the holistic mastering of compile-time variability across the language barriers of the employed tools Kconfig, make and CPP.

[1]  David Lorge Parnas,et al.  Review of David L. Parnas' "Designing Software for Ease of Extension and Contraction" , 2004 .

[2]  Leonid Ryzhyk,et al.  Dingo: taming device drivers , 2009, EuroSys '09.

[3]  Yuanyuan Zhou,et al.  /*icomment: bugs or bad comments?*/ , 2007, SOSP.

[4]  Armin Biere,et al.  A comparison of strategies for tolerating inconsistencies during decision-making , 2012, SPLC '12.

[5]  Richard C. Holt,et al.  Linux variability anomalies: What causes them and how do they get fixed? , 2013, 2013 10th Working Conference on Mining Software Repositories (MSR).

[6]  Martin Erwig,et al.  #ifdef confirmed harmful: Promoting understandable software variation , 2011, 2011 IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC).

[7]  Sarah Nadi,et al.  Make it or Break it: Mining Anomalies from Linux Kbuild , 2011, 2011 18th Working Conference on Reverse Engineering.

[8]  Wolfgang Schröder-Preikschat,et al.  Attack Surface Metrics and Automated Compile-Time OS Kernel Tailoring , 2013, NDSS.

[9]  David Lorge Parnas,et al.  On the Design and Development of Program Families , 2001, IEEE Transactions on Software Engineering.

[10]  Paul Clements,et al.  Software product lines - practices and patterns , 2001, SEI series in software engineering.

[11]  Klaus Schmid,et al.  A comparison of decision modeling approaches in product lines , 2011, VaMoS.

[12]  Richard C. Holt,et al.  Mining Kbuild to Detect Variability Anomalies in Linux , 2012, 2012 16th European Conference on Software Maintenance and Reengineering.

[13]  Shane McIntosh,et al.  An empirical study of build maintenance effort , 2011, 2011 33rd International Conference on Software Engineering (ICSE).

[14]  Zhenmin Li,et al.  PR-Miner: automatically extracting implicit programming rules and detecting violations in large software code , 2005, ESEC/FSE-13.

[15]  Eelco Visser,et al.  Product Line Engineering Using Domain-Specific Languages , 2011, 2011 15th International Software Product Line Conference.

[16]  Hung Viet Nguyen,et al.  Build code analysis with symbolic evaluation , 2012, 2012 34th International Conference on Software Engineering (ICSE).

[17]  Charles W. Krueger BigLever software gears and the 3-tiered SPL methodology , 2007, OOPSLA '07.

[18]  Krzysztof Czarnecki,et al.  Reverse engineering feature models , 2011, 2011 33rd International Conference on Software Engineering (ICSE).

[19]  Sebastian Oster,et al.  Automated Incremental Pairwise Testing of Software Product Lines , 2010, SPLC.

[20]  Wolfgang Schröder-Preikschat,et al.  Aspect-aware operating system development , 2011, AOSD '11.

[21]  Wolfgang Schröder-Preikschat,et al.  Feature consistency in compile-time-configurable system software: facing the linux 10,000 feature problem , 2011, EuroSys '11.

[22]  Julio Sincero,et al.  Variability bugs in system software , 2013 .

[23]  Wei-Tsong Lee,et al.  An Application-Oriented Linux Kernel Customization for Embedded Systems , 2004, J. Inf. Sci. Eng..

[24]  Christian Dietrich,et al.  Configuration coverage in the analysis of large-scale system software , 2011, PLOS '11.

[25]  Wolfgang Schröder-Preikschat,et al.  The Aspect-Aware Design and Implementation of the CiAO Operating-System Family , 2012, LNCS Trans. Aspect Oriented Softw. Dev..

[26]  Dawson R. Engler,et al.  From uncertainty to belief: inferring the specification within , 2006, OSDI '06.

[27]  Vikram S. Adve,et al.  LLVM: a compilation framework for lifelong program analysis & transformation , 2004, International Symposium on Code Generation and Optimization, 2004. CGO 2004..

[28]  Pierre-Yves Schobbens,et al.  Disambiguating the Documentation of Variability in Software Product Lines: A Separation of Concerns, Formalization and Automated Analysis , 2007, 15th IEEE International Requirements Engineering Conference (RE 2007).

[29]  Julia L. Lawall,et al.  Tracking code patterns over multiple software versions with Herodotos , 2010, AOSD.

[30]  Wolfgang Schröder-Preikschat,et al.  CiAO: An Aspect-Oriented Operating-System Family for Resource-Constrained Embedded Systems , 2009, USENIX Annual Technical Conference.

[31]  Klaus Pohl,et al.  Software Product Line Engineering - Foundations, Principles, and Techniques , 2005 .

[32]  Kyo Chul Kang,et al.  Feature-Oriented Domain Analysis (FODA) Feasibility Study , 1990 .

[33]  Wolfgang Schröder-Preikschat,et al.  A quantitative analysis of aspects in the eCos kernel , 2006, EuroSys.

[34]  Douglas C. Schmidt,et al.  Automated Diagnosis of Product-Line Configuration Errors in Feature Models , 2008, 2008 12th International Software Product Line Conference.

[35]  William R. Cook,et al.  Safe composition of product lines , 2007, GPCE '07.

[36]  Mira Mezini,et al.  Variability management with feature-oriented programming and aspects , 2004, SIGSOFT '04/FSE-12.

[37]  Rüdiger Kapitza,et al.  Attack surface reduction for commodity OS kernels: trimmed garden plants may attract less bugs , 2011, EUROSEC '11.

[38]  Mario Latendresse Rewrite systems for symbolic evaluation of C-like preprocessing , 2004, Eighth European Conference on Software Maintenance and Reengineering, 2004. CSMR 2004. Proceedings..

[39]  Julia L. Lawall,et al.  Documenting and automating collateral evolutions in linux device drivers , 2008, Eurosys '08.

[40]  Krzysztof Czarnecki,et al.  Evolution of the Linux Kernel Variability Model , 2010, SPLC.

[41]  Henry Spencer,et al.  #ifdef Considered Harmful, or Portability Experience with C News , 1992, USENIX Summer.

[42]  Christophe Calvès,et al.  Faults in linux: ten years later , 2011, ASPLOS XVI.

[43]  Sven Apel,et al.  Analyzing the discipline of preprocessor annotations in 30 million lines of C code , 2011, AOSD '11.

[44]  Sebastian Erdweg,et al.  Variability-aware parsing in the presence of lexical macros and conditional compilation , 2011, OOPSLA '11.

[45]  Eric Eide,et al.  Knit: component composition for systems software , 2000, OSDI.

[46]  Sven Apel,et al.  An analysis of the variability in forty preprocessor-based software product lines , 2010, 2010 ACM/IEEE 32nd International Conference on Software Engineering.

[47]  Jean-Charles Tournier,et al.  A Survey of Configurable Operating Systems , 2005 .

[48]  Daniel Lohmann,et al.  Aspect-awareness in the development of configurable system software , 2008 .