A Qualitative Analysis of Variability Weaknesses in Configurable Systems with #ifdefs

A number of critical configurable systems are implemented using #ifdefs, such as Linux. Some tools and strategies are proposed to avoid these directives. However, these systems still have weaknesses, leading to vulnerable code, and may impact millions of users. There is a lack of studies regarding the perception of developers of configurable systems with #ifdefs related to weaknesses, and the strategies and tools they use to identify and remove them. Moreover, few works study the characteristics of weaknesses. To better understand the problem, we conduct two studies. In the first one, we qualitatively analyze 27 variability weaknesses of Apache HTTPD, Linux and OpenSSL reported on their bug trackers. In the second study, we conduct a survey with 110 developers of the previous configurable systems. Overall, our results show evidences that, although developers care about weaknesses, they may not detect some weaknesses reported in the bug trackers, and do not use proper tools to deal with them. They take on median 15 days and 4 discussion messages to solve them. Some weaknesses occur due to two feature interactions, and most of them can be detected by the all macros enabled sampling approach.

[1]  Sven Apel,et al.  A Comparison of 10 Sampling Algorithms for Configurable Systems , 2016, 2016 IEEE/ACM 38th International Conference on Software Engineering (ICSE).

[2]  Dave Aitel,et al.  The Shellcoder's Handbook: Discovering and Exploiting Security Holes , 2004 .

[3]  John Viega,et al.  19 deadly sins of software security : programming flaws and how to fix them , 2005 .

[4]  Iago Abal,et al.  Variability Bugs in Highly Configurable Systems , 2018, ACM Trans. Softw. Eng. Methodol..

[5]  Sebastian Erdweg,et al.  Variability-aware parsing in the presence of lexical macros and conditional compilation , 2011, OOPSLA '11.

[6]  David A. Wagner,et al.  An Empirical Study of Vulnerability Rewards Programs , 2013, USENIX Security Symposium.

[7]  D. Richard Kuhn,et al.  Software fault interactions and implications for software testing , 2004, IEEE Transactions on Software Engineering.

[8]  Øystein Haugen,et al.  An algorithm for generating t-wise covering arrays from large feature models , 2012, SPLC '12.

[9]  Márcio Ribeiro,et al.  A change-centric approach to compile configurable systems with #ifdefs , 2016, GPCE.

[10]  Sven Apel,et al.  Do #ifdefs influence the occurrence of vulnerabilities? an empirical study of the linux kernel , 2016, SPLC.

[11]  Márcio Ribeiro,et al.  The Love/Hate Relationship with the C Preprocessor: An Interview Study , 2015, ECOOP.

[12]  Henry Spencer,et al.  #ifdef Considered Harmful, or Portability Experience with C News , 1992, USENIX Summer.

[13]  Sven Apel,et al.  Discipline Matters: Refactoring of Preprocessor Directives in the #ifdef Hell , 2018, IEEE Transactions on Software Engineering.

[14]  Gunter Saake,et al.  Type checking annotation-based product lines , 2012, TSEM.

[15]  Bernhard Plattner,et al.  Modelling the Security Ecosystem- The Dynamics of (In)Security , 2009, WEIS.

[16]  Andreas Zeller,et al.  Predicting vulnerable software components , 2007, CCS '07.

[17]  Mohammad Zulkernine,et al.  Can complexity, coupling, and cohesion metrics be used as early indicators of vulnerabilities? , 2010, SAC '10.

[18]  Iago Abal,et al.  42 variability bugs in the linux kernel: a qualitative analysis , 2014, ASE.

[19]  Myra B. Cohen,et al.  Feature Interaction Faults Revisited: An Exploratory Study , 2011, 2011 IEEE 22nd International Symposium on Software Reliability Engineering.

[20]  Christian Dietrich,et al.  Configuration coverage in the analysis of large-scale system software , 2011, PLOS '11.

[21]  Vern Paxson,et al.  A Large-Scale Empirical Study of Security Patches , 2017, CCS.

[22]  Charles P. Pfleeger,et al.  Security in computing , 1988 .