Path-Sensitive and Alias-Aware Typestate Analysis for Detecting OS Bugs

Li, T; Bai, JJ; Sui, Y; Hu, SM

Path-Sensitive and Alias-Aware Typestate Analysis for Detecting OS Bugs

Li, T Bai, JJ Sui, Y

Hu, SM

Permalink

Publisher:: Association for Computing Machinery (ACM)
Publication Type:: Conference Proceeding
Citation:: International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS, 2022, pp. 859-872
Issue Date:: 2022-02-28

Closed Access

	Filename	Description	Size
	Path-sensitive and alias-aware typestate analysis for detecting OS bugs_published.pdf	Published version	4.64 MB	Adobe PDF	View/Open

Copyright Clearance Process

Recently Added
In Progress
Closed Access

This item is closed access and not available.

Full metadata record

Field	Value	Language
dc.contributor.author	Li, T
dc.contributor.author	Bai, JJ
dc.contributor.author	Sui, Y https://orcid.org/0000-0002-9510-6574
dc.contributor.author	Hu, SM
dc.date.accessioned	2023-02-24T06:05:06Z
dc.date.available	2023-02-24T06:05:06Z
dc.date.issued	2022-02-28
dc.identifier.citation	International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS, 2022, pp. 859-872
dc.identifier.isbn	9781450392051
dc.identifier.uri	http://hdl.handle.net/10453/166418
dc.description.abstract	Operating system (OS) is the cornerstone for modern computer systems. It manages devices and provides fundamental service for user-level applications. Thus, detecting bugs in OSes is important to improve reliability and security of computer systems. Static typestate analysis is a common technique for detecting different types of bugs, but it is often inaccurate or unscalable for large-size OS code, due to imprecision of identifying alias relationships as well as high costs of typestate tracking and path-feasibility validation. In this paper, we present PATA, a novel path-sensitive and aliasaware typestate analysis framework to detect OS bugs. To improve the precision of identifying alias relationships in OS code, PATA performs a path-based alias analysis based on control-flow paths and access paths. With these alias relationships, PATA reduces the costs of typestate tracking and path-feasibility validation, to boost the efficiency of path-sensitive typestate analysis for bug detection. We have evaluated PATA on the Linux kernel and three popular IoT OSes (Zephyr, RIOT and TencentOS-Tiny) to detect three common types of bugs (null-pointer dereferences, uninitialized variable accesses and memory leaks). PATA finds 574 real bugs with a false positive rate of 28%. 206 of these bugs have been confirmed by the developers of the four OSes.We also compare PATA to seven state-of-The-Art static approaches (Cppcheck, Coccinelle, Smatch,CSA, Infer, Saber and SVF). PATA finds many real bugs missed by them, with a lower false positive rate.
dc.language	en
dc.publisher	Association for Computing Machinery (ACM)
dc.relation.ispartof	International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS
dc.relation.ispartof	Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems
dc.relation.isbasedon	10.1145/3503222.3507770
dc.rights	info:eu-repo/semantics/closedAccess
dc.title	Path-Sensitive and Alias-Aware Typestate Analysis for Detecting OS Bugs
dc.type	Conference Proceeding
pubs.organisational-group	/University of Technology Sydney
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology
pubs.organisational-group	/University of Technology Sydney/Strength - AAII - Australian Artificial Intelligence Institute
utslib.copyright.status	closed_access	*
dc.date.updated	2023-02-24T06:04:59Z
pubs.publication-status	Published

Abstract:

Operating system (OS) is the cornerstone for modern computer systems. It manages devices and provides fundamental service for user-level applications. Thus, detecting bugs in OSes is important to improve reliability and security of computer systems. Static typestate analysis is a common technique for detecting different types of bugs, but it is often inaccurate or unscalable for large-size OS code, due to imprecision of identifying alias relationships as well as high costs of typestate tracking and path-feasibility validation. In this paper, we present PATA, a novel path-sensitive and aliasaware typestate analysis framework to detect OS bugs. To improve the precision of identifying alias relationships in OS code, PATA performs a path-based alias analysis based on control-flow paths and access paths. With these alias relationships, PATA reduces the costs of typestate tracking and path-feasibility validation, to boost the efficiency of path-sensitive typestate analysis for bug detection. We have evaluated PATA on the Linux kernel and three popular IoT OSes (Zephyr, RIOT and TencentOS-Tiny) to detect three common types of bugs (null-pointer dereferences, uninitialized variable accesses and memory leaks). PATA finds 574 real bugs with a false positive rate of 28%. 206 of these bugs have been confirmed by the developers of the four OSes.We also compare PATA to seven state-of-The-Art static approaches (Cppcheck, Coccinelle, Smatch,CSA, Infer, Saber and SVF). PATA finds many real bugs missed by them, with a lower false positive rate.

Please use this identifier to cite or link to this item:

http://hdl.handle.net/10453/166418