One million (LOC) and counting: static analysis for errors and vulnerabilities in the linux kernel source code

Authors:
Peter T. Breuer;Simon Pickin
Affiliations:
Universidad Carlos III de Madrid, Leganes, Madrid, Spain;Universidad Carlos III de Madrid, Leganes, Madrid, Spain
Venue:
Ada-Europe'06 Proceedings of the 11th Ada-Europe international conference on Reliable Software Technologies
Year:
2006

Citing 4
Cited 1

A theory of type qualifiers

Proceedings of the ACM SIGPLAN 1999 conference on Programming language design and implementation
Flow-sensitive type qualifiers

PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints

POPL '77 Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Finding user/kernel pointer bugs with type inference

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13

A formal nethod (a networked formal method)

Innovations in Systems and Software Engineering

Quantified Score

Hi-index	0.00

Visualization

Abstract

This article describes an analysis tool aimed at the C code of the Linux kernel, having been first described as a prototype (in this forum) in 2004. Its continuing maturation means that it is now capable of treating millions of lines of code in a few hours on very modest platforms. It detects about two uncorrected deadlock situations per thousand C source files or million lines of source code in the Linux kernel, and three accesses to freed memory. In distinction to model-checking techniques, the tool uses a configurable “3-phase” programming logic to perform its analysis. It carries out several different analyses simultaneously.