A Case for Static Analysis of Linux to Find Faults in Interrupt Request Handlers

Bugs in operating system kernels threaten system reliability and availability. Static analysis of device drivers is one of the most useful methods to find and fix bugs in operating systems. Unfortunately, existing tools focus on bug patterns that come from developers’ ad hoc beliefs and experiences, although the developers have a chance to utilize many past bug reports. The objective of this paper is to uncover particular types of real bugs in a widely used operating system. Specifically, this paper presents a case for finding six real bugs in Linux when obtaining 160 bug reports about interrupt request line (IRQ) handlers in past Linux. The 160 bug reports enable us to recognize nine patterns of mishandling IRQ handlers, and our analyzer, which is based on the recognized patterns, successfully detects the uncovered bugs.

[1]  Asim Kadav,et al.  Tolerating hardware device failures in software , 2009, SOSP '09.

[2]  Dawson R. Engler,et al.  Checking system rules using system-specific, programmer-written compiler extensions , 2000, OSDI.

[3]  Rodrigo Rodrigues,et al.  SKI: Exposing Kernel Concurrency Bugs through Systematic Schedule Exploration , 2014, OSDI.

[4]  Sriram K. Rajamani,et al.  Thorough static analysis of device drivers , 2006, EuroSys.

[5]  Thomas Witkowski,et al.  Formal Verification of Linux Device Drivers , 2007 .

[6]  Suman Saha,et al.  Hector: Detecting Resource-Release Omission Faults in error-handling code for systems software , 2013, 2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[7]  Thomas Ball,et al.  The Static Driver Verifier Research Platform , 2010, CAV.

[8]  Armando Solar-Lezama,et al.  Towards optimization-safe systems: analyzing the impact of undefined behavior , 2013, SOSP.

[9]  Dawson R. Engler,et al.  Bugs as deviant behavior: a general approach to inferring errors in systems code , 2001, SOSP.

[10]  Junfeng Yang,et al.  Using model checking to find serious file system errors , 2004, TOCS.

[11]  Thomas Ball,et al.  SLAM2: Static driver verification with under 4% false alarms , 2010, Formal Methods in Computer Aided Design.

[12]  Dawson R. Engler,et al.  KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs , 2008, OSDI.

[13]  Yuanyuan Zhou,et al.  CTrigger: exposing atomicity violation bugs from their hiding places , 2009, ASPLOS.

[14]  Leonid Ryzhyk,et al.  Automatic device driver synthesis with termite , 2009, SOSP '09.

[15]  George Candea,et al.  S2E: a platform for in-vivo multi-path analysis of software systems , 2011, ASPLOS XVI.

[16]  Takeshi Yoshimura,et al.  Who Writes What Checkers? - Learning from Bug Repositories , 2014, HotDep.

[17]  Michael Norrish,et al.  seL4: formal verification of an OS kernel , 2009, SOSP '09.

[18]  Julia L. Lawall,et al.  WYSIWIB: A declarative approach to finding API protocols and bugs in Linux code , 2009, DSN.

[19]  Zhenmin Li,et al.  PR-Miner: automatically extracting implicit programming rules and detecting violations in large software code , 2005, ESEC/FSE-13.

[20]  Asim Kadav,et al.  SymDrive: Testing Drivers without Devices , 2012, OSDI.

[21]  Xi Wang,et al.  Jitk: A Trustworthy In-Kernel Interpreter Infrastructure , 2014, OSDI.

[22]  Andrea C. Arpaci-Dusseau,et al.  A Study of Linux File System Evolution , 2013, FAST.

[23]  Daniel Kroening,et al.  Model checking concurrent linux device drivers , 2007, ASE.