|
 ABSTRACT
A major obstacle to finding program errors in a real system is knowing what correctness rules the system must obey. These rules are often undocumented or specified in an ad hoc manner. This paper demonstrates techniques that automatically extract such checking information from the source code itself, rather than the programmer, thereby avoiding the need for a priori knowledge of system rules.The cornerstone of our approach is inferring programmer "beliefs" that we then cross-check for contradictions. Beliefs are facts implied by code: a dereference of a pointer, p, implies a belief that p is non-null, a call to "unlock(1)" implies that 1 was locked, etc. For beliefs we know the programmer must hold, such as the pointer dereference above, we immediately flag contradictions as errors. For beliefs that the programmer may hold, we can assume these beliefs hold and use a statistical analysis to rank the resulting errors from most to least likely. For example, a call to "spin_lock" followed once by a call to "spin_unlock" implies that the programmer may have paired these calls by coincidence. If the pairing happens 999 out of 1000 times, though, then it is probably a valid belief and the sole deviation a probable error. The key feature of this approach is that it requires no a priori knowledge of truth: if two beliefs contradict, we know that one is an error without knowing what the correct belief is.Conceptually, our checkers extract beliefs by tailoring rule "templates" to a system --- for example, finding all functions that fit the rule template "a must be paired with b." We have developed six checkers that follow this conceptual framework. They find hundreds of bugs in real systems such as Linux and OpenBSD. From our experience, they give a dramatic reduction in the manual effort needed to check a large system. Compared to our previous work [9], these template checkers find ten to one hundred times more rule instances and derive properties we found impractical to specify manually.
REFERENCES
Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.
| |
1
|
|
| |
2
|
|
| |
3
|
M. Bishop and M. Dilger. Checking for race conditions in file accesses. Computing systems, pages 131-152, Spring 1996.
|
| |
4
|
|
 |
5
|
James C. Corbett , Matthew B. Dwyer , John Hatcliff , Shawn Laubach , Corina S. Păsăreanu , Robby , Hongjun Zheng, Bandera: extracting finite-state models from Java source code, Proceedings of the 22nd international conference on Software engineering, p.439-448, June 04-11, 2000, Limerick, Ireland
[doi> 10.1145/337180.337234]
|
| |
6
|
|
| |
7
|
D.L. Detlefs, R.M. Leino, G. Nelson, and J.B. Saxe. Extended static checking. TR SRC-159, COMPAQ SRC, December 1998.
|
| |
8
|
Peter Harry Eidorff , Fritz Henglein , Christian Mossin , Henning Niss , Morten Heine Sørensen , Mads Tofte, AnnoDomini: from type theory to Year 2000 conversion tool, Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, p.1-14, January 20-22, 1999, San Antonio, Texas, United States
[doi> 10.1145/292540.292543]
|
| |
9
|
D. Engler, B. Chelf, A. Chou, and S. Hallem. Checking system rules using system-specific, programmer-written compiler extensions. In Proceedings of Operating Systems Design and Implementation (OSDI), September 2000.
|
| |
10
|
|
| |
11
|
David Evans , John Guttag , James Horning , Yang Meng Tan, LCLint: a tool for using specifications to check code, Proceedings of the 2nd ACM SIGSOFT symposium on Foundations of software engineering, p.87-96, December 06-09, 1994, New Orleans, Louisiana, United States
|
| |
12
|
|
| |
13
|
R. W. Floyd. Assigning meanings to programs, pages 19- 32. J.T. Schwartz, Ed. American Mathematical Society, 1967.
|
| |
14
|
D. Freedman, R. Pisani, and R. Purves. Statistics. W.W. Norton, third edition edition, 1998.
|
| |
15
|
|
| |
16
|
G. Humpreys. Personal communication. Wasted days configuring a graphics card because of a missing error check in the driver., September 2000.
|
| |
17
|
G. Kiczales, J. Lamping, A. Mendhekar, C. Maeda, C.V. Lopes, J. Loingtier, and J. Irwin. Aspect-oriented programming. In European Conference on Object-Oriented Programming (ECOOP), June 1997.
|
| |
18
|
David Lie , Andy Chou , Dawson Engler , David L. Dill, A simple method for extracting models for protocol code, Proceedings of the 28th annual international symposium on Computer architecture, p.192-203, June 30-July 04, 2001, Göteborg, Sweden
|
| |
19
|
K.L. McMillan and J. Schwalbe. Formal verification of the gigamax cache consistency protocol. In Proceedings of the International Symposium on Shared Memory Multiprocessing, pages 242-51. Tokyo, Japan InL Process. Soc., 1991.
|
| |
20
|
G. Nelson. Techniques for program verification. Available as Xerox PARC Research Report CSL-81-10, June, 1981, Stanford University, 1981.
|
| |
21
|
|
| |
22
|
|
| |
23
|
|
| |
24
|
D. Wagner, J. Foster, E. Brewer, and A. Aiken. A first step towards automated detection of buffer overrun ruinerabilities. In The 2000 Network and Distributed Systems Security Conference. San Diego, CA, February 2000.
|
CITED BY 113
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Brian White , Jay Lepreau , Leigh Stoller , Robert Ricci , Shashi Guruprasad , Mac Newbold , Mike Hibler , Chad Barb , Abhijeet Joglekar, An integrated experimental environment for distributed systems and networks, ACM SIGOPS Operating Systems Review, v.36 n.SI, Winter 2002
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Yi-Min Wang , Chad Verbowski , John Dunagan , Yu Chen , Helen J. Wang , Chun Yuan , Zheng Zhang, STRIDER: A Black-box, State-based Approach to Change and Configuration Management and Support, Proceedings of the 17th USENIX conference on System administration, October 26-31, 2003, San Diego, CA
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Brian White , Jay Lepreau , Leigh Stoller , Robert Ricci , Shashi Guruprasad , Mac Newbold , Mike Hibler , Chad Barb , Abhijeet Joglekar, An integrated experimental environment for distributed systems and networks, Proceedings of the 5th symposium on Operating systems design and implementation Due to copyright restrictions we are not able to make the PDFs for this conference available for downloading, December 09-11, 2002, Boston, Massachusetts
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Radu Grosu , Erez Zadok , Scott A. Smolka , Rance Cleaveland , Yanhong A. Liu, High-confidence operating systems, Proceedings of the 10th workshop on ACM SIGOPS European workshop: beyond the PC, July 01-01, 2002, Saint-Emilion, France
|
|
|
Jinlin Yang , David Evans , Deepali Bhardwaj , Thirumalesh Bhat , Manuvir Das, Perracotta: mining temporal API rules from imperfect traces, Proceeding of the 28th international conference on Software engineering, May 20-28, 2006, Shanghai, China
|
|
|
|
|
|
Junfeng Yang , Ted Kremenek , Yichen Xie , Dawson Engler, MECA: an extensible, expressive system and language for statically checking security properties, Proceedings of the 10th ACM conference on Computer and communications security, October 27-30, 2003, Washington D.C., USA
|
|
|
|
|
|
|
|
|
Dan Tsafrir , Tomer Hertz , David Wagner , Dilma Da Silva, Portably solving file TOCTTOU races with hardness amplification, Proceedings of the 6th USENIX Conference on File and Storage Technologies, p.1-18, February 26-29, 2008, San Jose, California
|
|
|
Haryadi S. Gunawi , Cindy Rubio-González , Andrea C. Arpaci-Dusseau , Remzi H. Arpaci-Dussea , Ben Liblit, EIO: error handling is occasionally correct, Proceedings of the 6th USENIX Conference on File and Storage Technologies, p.1-16, February 26-29, 2008, San Jose, California
|
|
|
|
|
|
Pin Zhou , Wei Liu , Long Fei , Shan Lu , Feng Qin , Yuanyuan Zhou , Samuel Midkiff , Josep Torrellas, AccMon: Automatically Detecting Memory-Related Bugs via Program Counter-Based Invariants, Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture, p.269-280, December 04-08, 2004, Portland, Oregon
|
|
|
Joseph R. Ruthruff , John Penix , J. David Morgenthaler , Sebastian Elbaum , Gregg Rothermel, Predicting accurate and actionable static analysis warnings: an experimental approach, Proceedings of the 30th international conference on Software engineering, May 10-18, 2008, Leipzig, Germany
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
David Hovemeyer , William Pugh, Finding more null pointer bugs, but not too many, Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering, p.9-14, June 13-14, 2007, San Diego, California, USA
|
|
|
Nathaniel Ayewah , William Pugh , J. David Morgenthaler , John Penix , YuQian Zhou, Evaluating static analysis defect warnings on production software, Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering, p.1-8, June 13-14, 2007, San Diego, California, USA
|
|
|
Paul Barham , Rebecca Isaacs , Richard Mortier , Dushyanth Narayanan, Magpie: online modelling and performance-aware systems, Proceedings of the 9th conference on Hot Topics in Operating Systems, p.15-15, May 18-21, 2003, Lihue, Hawaii
|
|
|
|
|
|
Jim Chow , Ben Pfaff , Tal Garfinkel , Mendel Rosenblum, Shredding your garbage: reducing data lifetime through secure deallocation, Proceedings of the 14th conference on USENIX Security Symposium, p.22-22, July 31-August 05, 2005, Baltimore, MD
|
|
|
Helen J. Wang , John C. Platt , Yu Chen , Ruyun Zhang , Yi-Min Wang, Automatic misconfiguration troubleshooting with peerpressure, Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation, p.17-17, December 06-08, 2004, San Francisco, CA
|
|
|
Zhenmin Li , Shan Lu , Suvda Myagmar , Yuanyuan Zhou, CP-Miner: a tool for finding copy-paste and related bugs in operating system code, Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation, p.20-20, December 06-08, 2004, San Francisco, CA
|
|
|
|
|
|
Sudarshan M. Srinivasan , Srikanth Kandula , Christopher R. Andrews , Yuanyuan Zhou, Flashback: a lightweight extension for rollback and deterministic replay for software debugging, Proceedings of the USENIX Annual Technical Conference 2004 on USENIX Annual Technical Conference, p.3-3, June 27-July 02, 2004, Boston, MA
|
|
|
|
|
|
Trevor Jim , J. Greg Morrisett , Dan Grossman , Michael W. Hicks , James Cheney , Yanling Wang, Cyclone: A Safe Dialect of C, Proceedings of the General Track: 2002 USENIX Annual Technical Conference, p.275-288, June 10-15, 2002
|
|
|
Ted Kremenek , Paul Twohey , Godmar Back , Andrew Ng , Dawson Engler, From uncertainty to belief: inferring the specification within, Proceedings of the 7th symposium on Operating systems design and implementation, November 06-08, 2006, Seattle, Washington
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Sriram Sankaranarayanan , Swarat Chaudhuri , Franjo Ivančić , Aarti Gupta, Dynamic inference of likely data preconditions over predicates by tree learning, Proceedings of the 2008 international symposium on Software testing and analysis, July 20-24, 2008, Seattle, WA, USA
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Lin Tan , Xiaolan Zhang , Xiao Ma , Weiwei Xiong , Yuanyuan Zhou, AutoISES: automatically inferring security specifications and detecting violations, Proceedings of the 17th conference on Security symposium, p.379-394, July 28-August 01, 2008, San Jose, CA
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Shan Lu , Soyeon Park , Chongfeng Hu , Xiao Ma , Weihang Jiang , Zhenmin Li , Raluca A. Popa , Yuanyuan Zhou, MUVI: automatically inferring multi-variable access correlations and detecting related semantic and concurrency bugs, ACM SIGOPS Operating Systems Review, v.41 n.6, December 2007
|
|
|
Xi Wang , Zhenyu Guo , Xuezheng Liu , Zhilei Xu , Haoxiang Lin , Xiaoge Wang , Zheng Zhang, Hang analysis: fighting responsiveness bugs, ACM SIGOPS Operating Systems Review, v.42 n.4, May 2008
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Manuel Costa , Jon Crowcroft , Miguel Castro , Antony Rowstron , Lidong Zhou , Lintao Zhang , Paul Barham, Vigilante: End-to-end containment of Internet worm epidemics, ACM Transactions on Computer Systems (TOCS), v.26 n.4, p.1-68, December 2008
|
|
|
Julia L. Lawall , Gilles Muller , Nicolas Palix, Enforcing the use of API functions in linux code, Proceedings of the 8th workshop on Aspects, components, and patterns for infrastructure software, March 02-02, 2009, Charlottesville, Virginia, USA
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Adobe Acrobat
QuickTime
Windows Media Player
Real Player
Pdf
D.4