Richard Mancusi - CSCI 297 Static Analysis and Modeling Tools which allows further checking of software systems.

Slides:



Advertisements
Similar presentations
System Integration and Performance
Advertisements

Symbol Table.
Javascript Code Quality Check Tools Javascript Code Quality Check Tools JavaScript was originally intended to do small tasks in webpages, but now JavaScript.
Openflow App Testing Chao SHI, Stephen Duraski. Motivation Network is still a complex stuff ! o Distributed mechanism o Complex protocol o Large state.
Introduction to Memory Management. 2 General Structure of Run-Time Memory.
1 Chapter 5 Concurrency: Mutual Exclusion and Synchronization Principals of Concurrency Mutual Exclusion: Hardware Support Semaphores Readers/Writers Problem.
R4 Dynamically loading processes. Overview R4 is closely related to R3, much of what you have written for R3 applies to R4 In R3, we executed procedures.
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
Input and Output CS 215 Lecture #20.
Operating Systems Lecture 10 Issues in Paging and Virtual Memory Adapted from Operating Systems Lecture Notes, Copyright 1997 Martin C. Rinard. Zhiqing.
Lecture 10: Heap Management CS 540 GMU Spring 2009.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development.
1 Concurrency Specification. 2 Outline 4 Issues in concurrent systems 4 Programming language support for concurrency 4 Concurrency analysis - A specification.
Using Programmer-Written Compiler Extensions to Catch Security Holes Authors: Ken Ashcraft and Dawson Engler Presented by : Hong Chen CS590F 2/7/2007.
CS 326 Programming Languages, Concepts and Implementation Instructor: Mircea Nicolescu Lecture 18.
CPSC 388 – Compiler Design and Construction
Chapter 8 Runtime Support. How program structures are implemented in a computer memory? The evolution of programming language design has led to the creation.
Vertically Integrated Analysis and Transformation for Embedded Software John Regehr University of Utah.
Aliases in a bug finding tool Benjamin Chelf Seth Hallem June 5 th, 2002.
I/O Hardware n Incredible variety of I/O devices n Common concepts: – Port – connection point to the computer – Bus (daisy chain or shared direct access)
More on protocol implementation Packet parsing Memory management Data structures for lookup.
Home: Phones OFF Please Unix Kernel Parminder Singh Kang Home:
Memory Management 2010.
Checking System Rules Using System-Specific, Programmer- Written Compiler Extensions Dawson Engler, Benjamin Chelf, Andy Chow, Seth Hallem Computer Systems.
Translation Buffers (TLB’s)
CS533 Concepts of Operating Systems Class 3 Integrated Task and Stack Management.
MULTIVIE W Checking System Rules Using System-Specific, Program-Written Compiler Extensions Paper: Dawson Engler, Benjamin Chelf, Andy Chou, and Seth Hallem.
“A System and Language for Building System-Specific, Static Analyses” CMSC 631 – Fall 2003 Seth Hallem, Benjamin Chelf, Yichen Xie, and Dawson Engler (presented.
1 ES 314 Advanced Programming Lec 2 Sept 3 Goals: Complete the discussion of problem Review of C++ Object-oriented design Arrays and pointers.
Applying Dynamic Analysis to Test Corner Cases First Penka Vassileva Markova Madanlal Musuvathi.
REFACTORING Lecture 4. Definition Refactoring is a process of changing the internal structure of the program, not affecting its external behavior and.
A Portable Virtual Machine for Program Debugging and Directing Camil Demetrescu University of Rome “La Sapienza” Irene Finocchi University of Rome “Tor.
A Simple Method for Extracting Models from Protocol Code David Lie, Andy Chou, Dawson Engler and David Dill Computer Systems Laboratory Stanford University.
Ioana BurceaWon-Ho Park Electrical and Computer Engineering Department University of Toronto Algorithms for Implementation of Tuple Space Expert Topic.
Hardware Definitions –Port: Point of connection –Bus: Interface Daisy Chain (A=>B=>…=>X) Shared Direct Device Access –Controller: Device Electronics –Registers:
Computer Security and Penetration Testing
Copyright 2001 Oxford Consulting, Ltd1 January Storage Classes, Scope and Linkage Overview Focus is on the structure of a C++ program with –Multiple.
© Janice Regan, CMPT 300, May CMPT 300 Introduction to Operating Systems Principles of I/0 hardware.
Inferring and checking system rules by static analysis William R Wright.
Lecture 2 Foundations and Definitions Processes/Threads.
Static Code Checking: Security and Concurrency Ben Watson The George Washington University CS 297 Security and Programming Languages June 9, 2005.
Using Model Checking to Find Serious File System Errors StanFord Computer Systems Laboratory and Microsft Research. Published in 2004 Presented by Chervet.
By Teacher Asma Aleisa Year 1433 H.   Goals of memory management  To provide a convenient abstraction for programming.  To allocate scarce memory.
1 Checking System Rules Using System-Specific, Programmer-Written Compiler Extensions Dawson Engler Benjamin Chelf Andy Chou Seth Hallem Stanford University.
CSV 889: Concurrent Software Verification Subodh Sharma Indian Institute of Technology Delhi Scalable Symbolic Execution: KLEE.
Lecture 4 Mechanisms & Kernel for NOSs. Mechanisms for Network Operating Systems  Network operating systems provide three basic mechanisms that support.
1 Software Reliability in Wireless Sensor Networks (WSN) -Xiong Junjie
Security Attacks Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
“ A Simple Method for Extracting Models From Protocol Code ” David Lie, Andy Chou, Dawson Engler and David D. Dill Presented by Anna Zamansky.
Efficient Software-Based Fault Isolation Authors: Robert Wahbe Steven Lucco Thomas E. Anderson Susan L. Graham Presenter: Gregory Netland.
for Event Driven Servers
Operating Systems Unit 2: – Process Context switch Interrupt Interprocess communication – Thread Thread models Operating Systems.
MINIX Presented by: Clinton Morse, Joseph Paetz, Theresa Sullivan, and Angela Volk.
/ PSWLAB Checking System Rules Using System-Specific, Programmer-Written Compiler Extensions by D. Engler, B. Chelf, A. Chou, S. Hallem published.
Checking System Rules Using System-Specific Programmer Written Compiler Extensions Dawson Engler, Benjamin Chelf, Andy Chou and Seth Hallem Presented by:
Where Testing Fails …. Problem Areas Stack Overflow Race Conditions Deadlock Timing Reentrancy.
Module 12: I/O Systems I/O hardware Application I/O Interface
Presented by: Daniel Taylor
YAHMD - Yet Another Heap Memory Debugger
Types for Programs and Proofs
Memory Caches & TLB Virtual Memory
Dynamic Memory Allocation
Operating System Concepts
CS703 - Advanced Operating Systems
Chapter 13: I/O Systems I/O Hardware Application I/O Interface
CS703 - Advanced Operating Systems
Foundations and Definitions
CSE 451 Section 1/27/2000.
Chapter 13: I/O Systems.
Module 12: I/O Systems I/O hardwared Application I/O Interface
Presentation transcript:

Richard Mancusi - CSCI 297 Static Analysis and Modeling Tools which allows further checking of software systems

Richard Mancusi - CSCI 297 Dawson Engler, Benjamin Chelf, Andy Chou, and Seth Hallem. Checking System Rules Using System-Specific, Programmer- Written Compiler Extensions. OSDI 2000Checking System Rules Using System-Specific, Programmer- Written Compiler Extensions. Madanlal Musuvathi, David Y.W. Park, Andy Chou, Dawson R. Engler, David L. Dill. CMC: A pragmatic approach to model checking real code. ISCA 2001.CMC: A pragmatic approach to model checking real code.

Richard Mancusi - CSCI 297 Issues Programming tools find (simple) static errors; not useful for semantic errors. Brunt force testing methodologies are not effective nor thorough when considering larger, more complex software systems. The amount of effort towards identifying issues increases (exponentially?) as time moves onward.

Richard Mancusi - CSCI 297 More Issues We really are not good at programming. The psychology of the “master” programmer Etc. (There are as many excuses for the incorrect as there are programmers.) Software cannot be “verified”. The best we can hope for are sophisticate checks to unfold (more of) the errors in our code.

Richard Mancusi - CSCI 297 Meta Compilation System implementers understand the semantics of the system better. Compilers are better enforcers of rules that map well to the source code. Therefore: MC involves integrating user provided systemic (semantic) rules to the compilation process.

Richard Mancusi - CSCI 297 MC Extensions Uses “Metal”, a language for expressing a broad class of customized, static, bug-finding analyses. xgcc, the analysis engine searches all execution path and applies extensions Local analysis XG++ C code Analysis Results Extensions

Richard Mancusi - CSCI 297 Example sm free_checker { state decl { any_ptr } p; start: { free(p) } ==> p.freed ; p.freed: { *p } ==> p.stop, { err(“using %s after free!”, mc_identifier(p)); } | { free(p) } ==> p.stop, { err(“double free of %s!”, mc_identifier(p)); } ; } From: Seth Hallem, Benjamin Chelf, Yichen Xie, and Dawson Engler. A System and Language for Building System-Specific Static Analyses. A System and Language for Building System-Specific Static Analyses. PLDI 2002

Richard Mancusi - CSCI 297 Rule Templates “Never/always do X”Always initialize variables “Do X rather than Y”Avoid globally disabling interrupts “Always do X before/after Y”Release locks after using them “In situation X, do (do not) Y”Protect all shared variables with locks “In situation X do Y rather than Z”To save an instruction in bit mask use XOR instead of assignment.

Richard Mancusi - CSCI 297 Memory Management Check against null pointers Unreclaimed memory checks “Double free” instances checks Use after deallocation checks

Richard Mancusi - CSCI 297 Global Checks Extension The authors suggest useful checks performed on the whole code input:  Kernel code should not call blocking functions when holding a spin lock. (42/4)  Library modules should not call blocking functions until after the reference count is set properly. (53/2)

Richard Mancusi - CSCI 297 Other uses Detection of race conditions and deadlocks: RacerX: effective, static detection of race conditions and deadlocksRacerX: effective, static detection of race conditions and deadlocks, Dawson Engler and Ken Ashcraft, In Proceedings of the Symposium on Operating Systems Principles, pages , October 2003

Richard Mancusi - CSCI 297 Transitioning… Any questions? (yawns?)

Richard Mancusi - CSCI 297 “Conventional” Model Checking Modeling software is difficult at best, requiring abstract definition of software system. Abstraction tends to minimize details of implementation. Time consuming, manual process. Memory intensive, usually exhausting system resources.

Richard Mancusi - CSCI 297 CMC – “C Model Checker” Integrates with the code implementation Process state includes global and local variables, heap, stack, and registers as well as shared memory Optimizations to avoid unnecessary “state explosion problem” Non-deterministic modeling supported Can benefit on successive systems

Richard Mancusi - CSCI 297 CMC Steps Correctness properties Environment specification Identify Initialization code and event handlers  Initial state generated using init functions  State generation  Correctness checks during model execution

Richard Mancusi - CSCI 297 State Space Explosion Key to prolonging model execution State caching to prevent reintroductions Hash compaction (store small signature to represent each state) Balance missing few errors in exchange to reducing state space  Down-scale model parameterizations  Heuristics to remove uninteresting states

Richard Mancusi - CSCI 297 The AODV Model Use of interrupt driven event handlers fits well into the CMC modeling paradigm 3 different implementations of routing protocol modeled 34 distinct errors discovered, including one specification bug (Mostly) shared modeling code

Richard Mancusi - CSCI 297 AODV Correctness Properties General assertions (segmentation faults, memory leaks, dangling pointers) All routing tables contain no loops Routing table entries (a) one per node, (b) no route to self, valid hop count Messages have valid hop counts (can’t be infinity), and reserved fields are zeroed.

Richard Mancusi - CSCI 297 AODV Environment Uses unordered message queue Message loss modeled with random queue deletions Alternate wrapper function provide to send network packets Stubs for 22 kernel functions and user- spaced socket buffer library

Richard Mancusi - CSCI 297 AODV: Initialization and Event Handling The initialization code is clearly identified Every signal handler mapped to a CMC “transition”

Richard Mancusi - CSCI 297 Example 1: int c; 2: mutex_t m; 3: 4: void Odd() { lock(m); if ((c%2) == 1) printf(“odd: %d\n”, c++); unlock(m); } 5: void Even() { lock(m); if ((c%2) == 0) printf(“even: %d\n”, c++); unlock(m); } 6: 7: int main() 8: { 9: c = 0; 10:init_mutex(m); 11:schedule(Odd); 12:schedule(Even); 13: 14:wait(5); 15:}

Richard Mancusi - CSCI 297 Conclusions Static analysis tools are available which provide rules-based checking of code Modeling can be used to identify more bugs under controlled executions with programs which “fit” the framework well. “Finding bugs is easy, given the right approach” The search for better means to “validate” software should continue; more lessons to come

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.