Beyond bug-finding: sound program analysis for Linux

Authors:
Zachary Anderson;Eric Brewer;Jeremy Condit;Robert Ennals;David Gay;Matthew Harren;George C. Necula;Feng Zhou
Affiliations:
University of California, Berkeley;University of California, Berkeley;University of California, Berkeley;Intel Research Berkeley;Intel Research Berkeley;University of California, Berkeley;University of California, Berkeley;University of California, Berkeley
Venue:
HOTOS'07 Proceedings of the 11th USENIX workshop on Hot topics in operating systems
Year:
2007

Citing 14
Cited 3

Efficient detection of all pointer and array access errors

PLDI '94 Proceedings of the ACM SIGPLAN 1994 conference on Programming language design and implementation
JavaOS: back to the future

OSDI '96 Proceedings of the second USENIX symposium on Operating systems design and implementation
Operating system benchmarking in the wake of lmbench: a case study of the performance of NetBSD on the Intel x86 architecture

SIGMETRICS '97 Proceedings of the 1997 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
A sound polymorphic type system for a dialect of C

Science of Computer Programming - Special issue on the 6th European symposium on programming
A system and language for building system-specific, static analyses

PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Cyclone: A Safe Dialect of C

ATEC '02 Proceedings of the General Track of the annual conference on USENIX Annual Technical Conference
CSSV: towards a realistic tool for statically detecting all buffer overflows in C

PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
Improving Computer Security Using Extended Static Checking

SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Capriccio: scalable threads for internet services

SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
MECA: an extensible, expressive system and language for statically checking security properties

Proceedings of the 10th ACM conference on Computer and communications security
CCured: type-safe retrofitting of legacy software

ACM Transactions on Programming Languages and Systems (TOPLAS)
SafeDrive: safe and recoverable extensions using language-based techniques

OSDI '06 Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation - Volume 7
Melange: creating a "functional" internet

Proceedings of the 2nd ACM SIGOPS/EuroSys European Conference on Computer Systems 2007
Dependent types for low-level programming

ESOP'07 Proceedings of the 16th European conference on Programming

Safe manual memory management

Proceedings of the 6th international symposium on Memory management
Hang analysis: fighting responsiveness bugs

Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
A case for secure and scalable hypervisor using safe language

Proceedings of the 2012 International Workshop on Programming Models and Applications for Multicores and Manycores

Quantified Score

Hi-index	0.00

Visualization

Abstract

It is time for us to focus on sound analyses for our critical systems software--that is, we must focus on analyses that ensure the absence of defects of particular known types, rather than best-effort bug-finding tools. This paper presents three sample analyses for Linux that are aimed at eliminating bugs relating to type safety, deallocation, and blocking. These analyses rely on lightweight programmer annotations and run-time checks in order to make them practical and scalable. Sound analyses of this sort can check a wide variety of properties and will ultimately yield more reliable code than bug-finding alone.