Gathering and checking framework rules by static investigation.


49 views
Uploaded on:
Category: Business / Finance
Description
CS 297: Security and Programming Languages. 6. How to check framework wide principles? ... The programming group has effectively utilized their insight into the framework and as much ...
Transcripts
Slide 1

Construing and checking framework rules by static examination William R Wright

Slide 2

Material surveyed… Checking System Rules Using System-Specific, Programmer-Written Compiler Extensions. Dawson Engler, et al. OSDI 2000. RacerX: Effective, Static Detection of Race Conditions and Deadlocks. Dawson Engler, et al. SOSP 2003. Bugs as Deviant Behavior: A General Approach to Inferring Errors in Systems Code. OSDI 2000. CS 297: Security and Programming Languages

Slide 3

System Rules Systems take after their own particular novel arrangement of outline based "rightness" guidelines Such standards go past "no dereferencing of NULL pointers CS 297: Security and Programming Languages

Slide 4

Example – System principle Temporal requesting: b should dependably take after a CS 297: Security and Programming Languages

Slide 5

Checking of such guidelines These tenets are regularly unchecked. For instance, assume I am required to issue conn.close() yet neglect to do as such. Code gathers despite the fact that I broke a framework "standard". CS 297: Security and Programming Languages

Slide 6

How to check framework wide principles? Despite the fact that compilers watch general dialect semantics, they are insensible of the standards one of a kind to frameworks. Static investigation can apply frameworks rules. CS 297: Security and Programming Languages

Slide 7

Checking frameworks Rules ESC empowers some checking by means of comments (notwithstanding computerizing explanations by means of Houdini). Vault – exceptionally manual. Pummel – marked "promising" - next presentation! CS 297: Security and Programming Languages

Slide 8

Proposed strategy The proposed technique supplements those endeavors. Objective is to concentrate specially appointed tenets from source code, requiring negligible exertion. Additionally, to give an extensible structure to characterize and check frameworks rules. CS 297: Security and Programming Languages

Slide 9

Meta-Level arrangement (MC) One may characterize a frameworks guideline by means of metal , an "abnormal state, state-machine" dialect. CS 297: Security and Programming Languages

Slide 10

Details about metal A tenet characterized in metal is known as a State Machine (SM). When so characterized, we accumulate the rule(s) with mcc, a metal compiler, and progressively connect the outcome into xgcc (in light of GNU gcc). CS 297: Security and Programming Languages

Slide 11

Details about metal (cont\'d) When arranging the code be examined, xgcc yields mistakes taking into account deviations from the metal tenets. Notice that alterations to source are pointless. On the off chance that one there is a bug fix, one can undoubtedly recompile with the compiler of decision. CS 297: Security and Programming Languages

Slide 12

Sample Metal principle layouts With metal one may characterize frameworks guidelines, for example, "Never/dependably do X" "Dependably do X before/after Y" "In circumstance X, do (not do) Y" "In circumstance X, do Y as opposed to Z" CS 297: Security and Programming Languages

Slide 13

Example – metal standard (from Deviant paper) CS 297: Security and Programming Languages

Slide 14

Example: … more issue code ( Extensions paper) CS 297: Security and Programming Languages

Slide 15

Example (cont\'d) metal tenet can discover the bug - 6 lines of code (Extensions, Fig. 1, Section 3.1) Finds deviations by looking fo Functions to search for Disable interrupts: cli() Re-empower interrupts: sti() or restore_flags(flags) [restores to unique intrude on status when combined with save_flags(flags)] CS 297: Security and Programming Languages

Slide 16

Inferring freak conduct Suppose you were simply procured to get uptime from 98% to 99.999% on a carrier reservation framework with 5,000,000 lines of code. You know minimal about the framework. The individuals who do request that you help with the troubleshooting. The daily paper reports that "Product issues" brought on your manager\'s most recent fiasco. CS 297: Security and Programming Languages

Slide 17

Inferring freak conduct (cont\'d) The programming group has officially utilized their insight into the framework and as much static investigation as they could think of. Imagine a scenario in which you could mechanize an examination of the source that outcomes in an arrangement of Metal decides that mirror the specially appointed (undocumented) conduct that the framework ought to take after. CS 297: Security and Programming Languages

Slide 18

Inference Method Assume that move made by code is there to achieve something. Separate activities into deductions about software engineer "convictions". CS 297: Security and Programming Languages

Slide 19

MUST convictions Beliefs then go in two classifications: MUST convictions: if (p==null){ System.out.println( "The pointer is" + p + "."); } Programmer communicates conviction that p is invalid inside the piece, then repudiates the conviction. CS 297: Security and Programming Languages

Slide 20

MAY convictions MAY convictions: back to unique case Since we see stmt.close after stmt.executeQuery, possibly this is a framework guideline. CS 297: Security and Programming Languages

Slide 21

Beliefs – finding One may determine conceivable MAY convictions by: Traversing the project, watching all activities that happen couple. Expecting that they MUST happen in that way. In a brief moment pass, applying those suspicions. Start a measurable investigation of the outcomes (blunders). CS 297: Security and Programming Languages

Slide 22

Statistical investigation One may rapidly preclude numerous MAY convictions when finding that they are once in a while or occasionally taken after. These are "occurrences", not MUST convictions. CS 297: Security and Programming Languages

Slide 23

Statistical examination - subtle element Sort the blunders by the z measurement: Which basically measures the extent to which a MAY conviction is upheld by its rate (inconsistencies represented) in the code test. One looks at blunders from the well on the way to the minimum, ceasing when the exertion gets to be counterproductive. CS 297: Security and Programming Languages

Slide 24

Results Coverity, popularized these techniques Look at http://scan.coverity.com/"Number of deformities Fixed (since 3/6/2006): 6131. Focused on gcc, Samba, Linux-2.6, Perl, PHP, OpenSSL, and clearly a lot of "private" code. CS 297: Security and Programming Languages

Recommended
View more...