Finding Error-Handling Bugs in Systems Code Using Static Analysis
نویسندگان
چکیده
Run-time errors are unavoidable whenever software interacts with the physical world. Unchecked errors are especially pernicious in operating system file management code. Transient or permanent hardware failures are inevitable, and errormanagement bugs at the file system layer can cause silent, unrecoverable data corruption. Furthermore, even when developers have the best of intentions, inaccurate documentation can mislead programmers and cause software to fail in unexpected ways. We use static program analysis to understand and make error handling in large systems more reliable. We apply our analyses to numerous Linux file systems and drivers, finding hundreds of confirmed error-handling bugs that could lead to serious problems such as system crashes, silent data loss and corruption.
منابع مشابه
Turning Eclipse Against Itself: Finding Bugs in Eclipse Code Using Lightweight Static Analysis
While some commonly occurring error patterns in Java are addressed by static tools such as FindBugs[5], complex software systems are full of rules that developers must follow. These application-specific rules are often not expressed in any way other than code comments and often are not enforced, leading to hard-to-detect bugs later in the program execution. Eclipse represents one of the biggest...
متن کاملAutomatically Detecting Error Handling Bugs Using Error Specifications
Incorrect error handling in security-sensitive code often leads to severe security vulnerabilities. Implementing correct error handling is repetitive and tedious especially in languages like C that do not support any exception handling primitives. This makes it very easy for the developers to unwittingly introduce error handling bugs. Moreover, error handling bugs are hard to detect and locate ...
متن کاملStatic Detection of API Error-Handling Bugs via Mining Source Code
Incorrect handling of errors incurred after API invocations (in short, API errors) can lead to security and robustness problems, two primary threats to software reliability. Correct handling of API errors can be specified as formal specifications, verifiable by static checkers, to ensure dependable computing. But API error specifications are often unavailable or imprecise, and cannot be inferre...
متن کاملCQE - An Approach to Automatically Estimate the Code Quality using an Objective Metric From an Empirical Study
Bugs in a project, at any stage of Software life cycle development are costly and difficult to find and fix. Moreover, the later a bug is found, the more expensive it is to fix. There are static analysis tools to ease the process of finding bugs, but their results are not easy to filter out critical errors and is time consuming to analyze. To solve this problem we used two steps: first to enhan...
متن کاملFinding Bugs in Source Code Using Commonly Available Development Metadata
Developers and security analysts have been using static analysis for a long time to analyze programs for defects and vulnerabilities. Generally a static analysis tool is run on the source code for a given program, flagging areas of code that need to be further inspected by a human analyst. These tools tend to work fairly well – every year they find many important bugs. These tools are more impr...
متن کامل