Hector: Detecting resource-release omission faults in error-handling code for systems software

Suman Saha, Jean Pierre Lozi, Gael Thomas, Julia L. Lawall, Gilles Muller

Research output: Chapter in Book/Report/Conference proceedingConference contribution

67 Scopus citations

Abstract

Omitting resource-release operations in systems error handling code can lead to memory leaks, crashes, and deadlocks. Finding omission faults is challenging due to the difficulty of reproducing system errors, the diversity of system resources, and the lack of appropriate abstractions in the C language. To address these issues, numerous approaches have been proposed that globally scan a code base for common resource-release operations. Such macroscopic approaches are notorious for their many false positives, while also leaving many faults undetected. We propose a novel microscopic approach to finding resource-release omission faults in systems software. Rather than generalizing from the entire source code, our approach focuses on the error-handling code of each function. Using our tool, Hector, we have found over 370 faults in six systems software projects, including Linux, with a 23% false positive rate. Some of these faults allow an unprivileged malicious user to crash the entire system.

Original languageEnglish (US)
Title of host publication2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2013
DOIs
StatePublished - 2013
Event2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2013 - Budapest, Hungary
Duration: Jun 24 2013Jun 27 2013

Publication series

NameProceedings of the International Conference on Dependable Systems and Networks

Other

Other2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2013
Country/TerritoryHungary
CityBudapest
Period6/24/136/27/13

All Science Journal Classification (ASJC) codes

  • Software
  • Hardware and Architecture
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Hector: Detecting resource-release omission faults in error-handling code for systems software'. Together they form a unique fingerprint.

Cite this