EHCtor: Detecting Resource-Release Omission Faults in Error-Handling Code for Systems Software

Suman Saha 1 Jean-Pierre Lozi 1
1 Regal - Large-Scale Distributed Systems and Applications
LIP6 - Laboratoire d'Informatique de Paris 6, Inria Paris-Rocquencourt
Abstract : Adequate error-handling code is essential to the reliability of any system. On an error, such code is responsible for releasing acquired resources to restore the system to a viable state. Missing resource-release operations can lead to system crashes, memory leaks and deadlocks. A number of approaches have been proposed to detect such problems, but they mainly target frequently occurring resource-release operations. In this paper, we propose a novel approach to finding resource-release omission faults, focusing on error-handling code. Our approach achieves precision and scalability by exploiting information available within each function definition itself. Using a tool, EHCtor, that we have developed based on this approach, we have found over 370 faults in six different C infrastructure software projects, with a false positive rate well below the 30% that has been reported to be acceptable to developers. Some of these faults are exploitable by an unprivileged malicious user, making it possible to crash the entire system.
Document type :
Conference papers
Complete list of metadatas

https://hal.archives-ouvertes.fr/hal-01302679
Contributor : Jean-Pierre Lozi <>
Submitted on : Thursday, April 14, 2016 - 6:05:16 PM
Last modification on : Thursday, March 21, 2019 - 1:10:15 PM
Long-term archiving on : Friday, July 15, 2016 - 2:40:13 PM

File

cfse9.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : hal-01302679, version 1

Citation

Suman Saha, Jean-Pierre Lozi. EHCtor: Detecting Resource-Release Omission Faults in Error-Handling Code for Systems Software. 9ème Conférence Française en Systèmes d'Exploitation, Jan 2013, Grenoble, France. ⟨hal-01302679⟩

Share

Metrics

Record views

309

Files downloads

212