WYSIWIB: A declarative approach to finding API protocols and bugs in Linux code

Eliminating OS bugs is essential to ensuring the reliability of infrastructures ranging from embedded systems to servers. Several tools based on static analysis have been proposed for finding bugs in OS code. They have, however, emphasized scalability over usability, making it difficult to focus the tools on specific kinds of bugs and to relate the results to patterns in the source code. We propose a declarative approach to bug finding in Linux OS code using a control-flow based program search engine. Our approach is WYSIWIB (What You See Is Where It Bugs), since the programmer expresses specifications for bug finding using a syntax close to that of ordinary C code. The key advantage of our approach is that search specifications can be easily tailored, to eliminate false positives or catch more bugs. We present three case studies that have allowed us to find hundreds of potential bugs.

[1]  George C. Necula,et al.  Mining Temporal Specifications for Error Detection , 2005, TACAS.

[2]  Dawson R. Engler,et al.  From uncertainty to belief: inferring the specification within , 2006, OSDI '06.

[3]  Suresh Jagannathan,et al.  Path-Sensitive Inference of Function Precedence Protocols , 2007, 29th International Conference on Software Engineering (ICSE'07).

[4]  Dawson R. Engler,et al.  Bugs as deviant behavior: a general approach to inferring errors in systems code , 2001, SOSP.

[5]  Julia L. Lawall,et al.  Understanding collateral evolution in Linux device drivers , 2006, EuroSys '06.

[6]  Damien Doligez,et al.  A foundation for flow-based program matching: using temporal logic and model checking , 2009, POPL '09.

[7]  Julia L. Lawall,et al.  Towards easing the diagnosis of bugs in OS code , 2007, PLOS '07.

[8]  Henrik Stuart,et al.  Hunting bugs with Coccinelle , 2008 .

[9]  Julia L. Lawall,et al.  Documenting and automating collateral evolutions in linux device drivers , 2008, Eurosys '08.

[10]  Dawson R. Engler,et al.  Checking system rules using system-specific, programmer-written compiler extensions , 2000, OSDI.

[11]  Yuanyuan Zhou,et al.  /*icomment: bugs or bad comments?*/ , 2007, SOSP.

[12]  Zhenmin Li,et al.  PR-Miner: automatically extracting implicit programming rules and detecting violations in large software code , 2005, ESEC/FSE-13.

[13]  Sriram K. Rajamani,et al.  Thorough static analysis of device drivers , 2006, EuroSys.