Details
| Originalsprache | Englisch |
|---|---|
| Titel des Sammelwerks | Proceedings of USENIX ATC ’14: 2014 USENIX Annual Technical Conference |
| Seiten | 421-432 |
| Seitenumfang | 12 |
| ISBN (elektronisch) | 9781931971102 |
| Publikationsstatus | Veröffentlicht - 1 Jan. 2019 |
| Extern publiziert | Ja |
| Veranstaltung | 2014 USENIX Annual Technical Conference, USENIX ATC 2014 - Philadelphia, USA / Vereinigte Staaten Dauer: 19 Juni 2014 → 20 Juni 2014 |
Abstract
System software can be configured at compile time to tailor it with respect to a broad range of supported hardware architectures and application domains. The Linux v3.2 kernel, for instance, provides more than 12,000 configurable features, which control the configuration-dependent inclusion of 31,000 source files with 89,000 #ifdef blocks. Tools for static analyses can greatly assist with ensuring the quality of code-bases of this size. Unfortunately, static configurability limits the success of automated software testing and bug hunting. For proper type checking, the tools need to be invoked on a concrete configuration, so programmers have to manually derive many configurations to ensure that the configuration-conditional parts of their code are checked. This tedious and error-prone process leaves many easy to find bugs undetected. We propose an approach and tooling to systematically increase the configuration coverage (CC) in compile-time configurable system software. Our VAMPYR tool derives the required configurations and can be combined with existing static checkers to improve their results. With GCC as static checker, we thereby have found hundreds of issues in Linux v3.2, BUSYBOX, and L4/FIASCO, many of which went unnoticed for several years and have to be classified as serious bugs. Our resulting patches were accepted by the respective upstream developers.
ASJC Scopus Sachgebiete
- Informatik (insg.)
- Allgemeine Computerwissenschaft
Zitieren
- Standard
- Harvard
- Apa
- Vancouver
- BibTex
- RIS
Proceedings of USENIX ATC ’14: 2014 USENIX Annual Technical Conference. 2019. S. 421-432.
Publikation: Beitrag in Buch/Bericht/Sammelwerk/Konferenzband › Aufsatz in Konferenzband › Forschung › Peer-Review
}
TY - GEN
T1 - Static Analysis of Variability in System Software: The 90,000 #ifdefs Issue
AU - Tartler, Reinhard
AU - Dietrich, Christian
AU - Sincero, Julio
AU - Schröder-Preikschat, Wolfgang
AU - Lohmann, Daniel
N1 - Funding information: ?This work was partly supprted by the German Research Council (DFG) under grant no. LO 1719/3-1 ?This work was partly supprted by the German Research Council (DFG) under grant no. LO 1719/3-1
PY - 2019/1/1
Y1 - 2019/1/1
N2 - System software can be configured at compile time to tailor it with respect to a broad range of supported hardware architectures and application domains. The Linux v3.2 kernel, for instance, provides more than 12,000 configurable features, which control the configuration-dependent inclusion of 31,000 source files with 89,000 #ifdef blocks. Tools for static analyses can greatly assist with ensuring the quality of code-bases of this size. Unfortunately, static configurability limits the success of automated software testing and bug hunting. For proper type checking, the tools need to be invoked on a concrete configuration, so programmers have to manually derive many configurations to ensure that the configuration-conditional parts of their code are checked. This tedious and error-prone process leaves many easy to find bugs undetected. We propose an approach and tooling to systematically increase the configuration coverage (CC) in compile-time configurable system software. Our VAMPYR tool derives the required configurations and can be combined with existing static checkers to improve their results. With GCC as static checker, we thereby have found hundreds of issues in Linux v3.2, BUSYBOX, and L4/FIASCO, many of which went unnoticed for several years and have to be classified as serious bugs. Our resulting patches were accepted by the respective upstream developers.
AB - System software can be configured at compile time to tailor it with respect to a broad range of supported hardware architectures and application domains. The Linux v3.2 kernel, for instance, provides more than 12,000 configurable features, which control the configuration-dependent inclusion of 31,000 source files with 89,000 #ifdef blocks. Tools for static analyses can greatly assist with ensuring the quality of code-bases of this size. Unfortunately, static configurability limits the success of automated software testing and bug hunting. For proper type checking, the tools need to be invoked on a concrete configuration, so programmers have to manually derive many configurations to ensure that the configuration-conditional parts of their code are checked. This tedious and error-prone process leaves many easy to find bugs undetected. We propose an approach and tooling to systematically increase the configuration coverage (CC) in compile-time configurable system software. Our VAMPYR tool derives the required configurations and can be combined with existing static checkers to improve their results. With GCC as static checker, we thereby have found hundreds of issues in Linux v3.2, BUSYBOX, and L4/FIASCO, many of which went unnoticed for several years and have to be classified as serious bugs. Our resulting patches were accepted by the respective upstream developers.
UR - http://www.scopus.com/inward/record.url?scp=84908652115&partnerID=8YFLogxK
M3 - Conference contribution
SP - 421
EP - 432
BT - Proceedings of USENIX ATC ’14: 2014 USENIX Annual Technical Conference
T2 - 2014 USENIX Annual Technical Conference, USENIX ATC 2014
Y2 - 19 June 2014 through 20 June 2014
ER -