TY - GEN
T1 - Hector
T2 - 2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2013
AU - Saha, Suman
AU - Lozi, Jean Pierre
AU - Thomas, Gael
AU - Lawall, Julia L.
AU - Muller, Gilles
PY - 2013
Y1 - 2013
N2 - Omitting resource-release operations in systems error handling code can lead to memory leaks, crashes, and deadlocks. Finding omission faults is challenging due to the difficulty of reproducing system errors, the diversity of system resources, and the lack of appropriate abstractions in the C language. To address these issues, numerous approaches have been proposed that globally scan a code base for common resource-release operations. Such macroscopic approaches are notorious for their many false positives, while also leaving many faults undetected. We propose a novel microscopic approach to finding resource-release omission faults in systems software. Rather than generalizing from the entire source code, our approach focuses on the error-handling code of each function. Using our tool, Hector, we have found over 370 faults in six systems software projects, including Linux, with a 23% false positive rate. Some of these faults allow an unprivileged malicious user to crash the entire system.
AB - Omitting resource-release operations in systems error handling code can lead to memory leaks, crashes, and deadlocks. Finding omission faults is challenging due to the difficulty of reproducing system errors, the diversity of system resources, and the lack of appropriate abstractions in the C language. To address these issues, numerous approaches have been proposed that globally scan a code base for common resource-release operations. Such macroscopic approaches are notorious for their many false positives, while also leaving many faults undetected. We propose a novel microscopic approach to finding resource-release omission faults in systems software. Rather than generalizing from the entire source code, our approach focuses on the error-handling code of each function. Using our tool, Hector, we have found over 370 faults in six systems software projects, including Linux, with a 23% false positive rate. Some of these faults allow an unprivileged malicious user to crash the entire system.
UR - http://www.scopus.com/inward/record.url?scp=84883422022&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84883422022&partnerID=8YFLogxK
U2 - 10.1109/DSN.2013.6575307
DO - 10.1109/DSN.2013.6575307
M3 - Conference contribution
AN - SCOPUS:84883422022
SN - 9781467364713
T3 - Proceedings of the International Conference on Dependable Systems and Networks
BT - 2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2013
Y2 - 24 June 2013 through 27 June 2013
ER -