Hector: Detecting resource-release omission faults in error-handling code for systems software

Suman Saha 1 Jean-Pierre Lozi 1 Gaël Thomas 1 Julia Lawall 1 Gilles Muller 1
1 Regal - Large-Scale Distributed Systems and Applications
LIP6 - Laboratoire d'Informatique de Paris 6, Inria Paris-Rocquencourt
Abstract : Omitting resource-release operations in systems error handling code can lead to memory leaks, crashes, and deadlocks. Finding omission faults is challenging due to the difficulty of reproducing system errors, the diversity of system resources, and the lack of appropriate abstractions in the C language. To address these issues, numerous approaches have been proposed that globally scan a code base for common resource-release operations. Such macroscopic approaches are notorious for their many false positives, while also leaving many faults undetected. We propose a novel microscopic approach to finding resource-release omission faults in systems software. Rather than generalizing from the entire source code, our approach focuses on the error-handling code of each function. Using our tool, Hector, we have found over 370 faults in six systems software projects, including Linux, with a 23% false positive rate. Some of these faults allow an unprivileged malicious user to crash the entire system.
Type de document :
Communication dans un congrès
DSN 2013 - 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Jun 2013, Budapest, Hungary. IEEE Computer Society, pp.1-12, 2013, 〈10.1109/DSN.2013.6575307〉
Liste complète des métadonnées

Littérature citée [32 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-00918079
Contributeur : Julia Lawall <>
Soumis le : jeudi 19 mai 2016 - 10:08:17
Dernière modification le : vendredi 31 août 2018 - 09:25:54

Fichier

dsn2013.pdf
Fichiers produits par l'(les) auteur(s)

Licence


Copyright (Tous droits réservés)

Identifiants

Collections

Citation

Suman Saha, Jean-Pierre Lozi, Gaël Thomas, Julia Lawall, Gilles Muller. Hector: Detecting resource-release omission faults in error-handling code for systems software. DSN 2013 - 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Jun 2013, Budapest, Hungary. IEEE Computer Society, pp.1-12, 2013, 〈10.1109/DSN.2013.6575307〉. 〈hal-00918079〉

Partager

Métriques

Consultations de la notice

283

Téléchargements de fichiers

86